#ubuntu-server 2006-04-10
<nictuku> if anyone has time to test nwu, it seems stable enough for testing: https://dev.ubuntubrasil.org/trac/nwu/wiki/DownloadNwu
<Toadstool> hey o/
<Toadstool> I knew I was missing an important ubuntu channel ;)
<Kolan> Hi, Im about to setup a Dual Xenon EM64t server serving Apache/PHP/PostgreSQL on 4GB Ram. should I choose the AMD64 version of ubuntu?
<Kolan> or would it be the same to use the regular?
<infinity> Kolan: Yes, you want the amd64 version.
<Kolan> infinity: thanks for the response, I was looking on the server wiki which is linking and talking about that Drapper is the build to use. Should I be safe to install that even though its not a stable release?
<infinity> Safe?  I suppose.  But it's not released and not supported.
<infinity> Where does it say to use dapper in production?
<Kolan> its not saying anything about to use it in production
<Kolan> but it describes it as it was a production release.. would you recommend me to install Breezy?
<infinity> Well, if you want stability in production, you want breezy.
<Kolan> as this server is to be in production
<Kolan> ok
<infinity> If you don't mind upgrading occasionally for the next couple of months and helping us find and fix bugs, dapper's cool.
<infinity> I certainly don't mind people testing dapper and filing bugs for me to fix, just as long as you're aware that it's an unstable release, and you don't scream to loudly if we occasionally goof it up.
<infinity> If it's a production box, please install breezy. :)
<infinity> And after you install it, you'll want to install "linux-amd64-xeon" to get the Xeon-tuned kernel for your CPUs.
<Kolan> ok.. is that even though I install the AMD64 version?
<infinity> Yes, the amd64 installer will install "linux-amd64-generic" which is a very generic amd64 kernel that runs okay on Athlon64, Opteron, and Xeon systems.
<infinity> The tuned kernels (-k8, -xeon, etc) run better on their target platforms.
<infinity> This is no different from the i386 install, which installs a -386 kernel by default, but you may want -686, -k7, etc.
<Kolan> okay.. is there any special kernel for smp aswell?
<infinity> The xeon kernel is SMP-enabled.
<Kolan> ok
<infinity> (based on the argument that none of us have ever seen a useful Xeon system that wasn't SMP)
<Kolan> I've been struggeling to get Debian up an running on this server for a week, but as their kernels are to old it dosn't work with the configuration I've
<infinity> breezy should be okay...
<Kolan> ok :) we'll see
<infinity> If the system really does have a lot of incredibly shiny new hardware, you may be stuck having to try a dapper install CD.
<Kolan> mm.. it shouldn't, it runs well on xBSD
<infinity> Hey, the BSDs beat us to new hardware support sometimes. :)
<infinity> (Though, not often)
<Kolan> well according to the company that deliverd the server it has runned on FreeBSD for almost 1.5 years
<Kolan> with this hardware
<infinity> Oh, then yeah, it's crusty, old, and will happily run Ubuntu. :)
<infinity> Probably even Warty or Hoary, if you feel like going back in time.
<infinity> (warty not recommended, we just dropped support for it)
<Kolan> I'm burning out the Breezy AMD64 CD right now
<Kolan> so no worries about older version are needed
<Kolan> what about when the Drapper's going stable, is it possible to upgrade than? how is that working..?
<infinity> Dapper, not Drapper. :)
<Kolan> sorry
<infinity> And yes, dist-upgrading between releases is generally painless.
<Kolan> ahhh... Ubuntu seems to be a dream :)
<Kolan> how big should the SWAP partition be if I've 4GB of Ram
<infinity> As big as you like.
<Kolan> so theres no general rule about 2xRam-size
<infinity> If it's not going to be a massively loaded machine, it may never swap anyway, but if you have plenty of disk, it doesn't hurt to have swap.
<Kolan> ok
<infinity> I usually do RAM*1.5, but that's just force of habit, no hard rule.
<Kolan> ok
<Kolan> I've also been recommended to use JFS as filesystem on /var since databases works better on those. is this something known? I've never heard about it before
<infinity> I wouldn't recommend it, personally.
<Kolan> any special arguments for that?
<infinity> Stability, peace of mind.
<infinity> The two most stable filesystems on Linux currently are ext3 and xfs.
<infinity> I generally use the former, unless I have a wonderfully good reason to use the latter.
<infinity> (because the latter still has a few really weird corner-case bugs that confuse people sometimes)
<Kolan> okay
<Kolan> than I'll go for EXT3 on all my partitions
<jurjenst> I had some real problems deleting 200k files from a ReiserFS once... I don't recommand that FS to anyone
<jurjenst> it could be better with the newest version of it but it was a pain.. took several hours to delete the files
<jurjenst> What is the experience here with checks of EXT3 when the server is reset 20 times? Do you disable the check or just let all the users wait till it is finished?
<Kolan> where can I find documentation on the server version? I'm thnikn of installation..
<Kolan> or when I get to boot:
<Kolan> shall I run: server
<jurjenst> Kolan: server installs only the minimal software...
<jurjenst> no X, Gnome or KDE
<jurjenst> so you login on the prompt and install whatever you like to run
<jurjenst> something like: apt-get install mysql-server phpmyadmin
<Kolan> hmm.. I was thnikin of when booting a server iso CD and get to the installation "boot:" prompt
<Kolan> I was just hitting enter
<infinity> jurjenst: I tend to tune2fs and remove the "maximum mount count", but leave the "maximum mount age", so 30 reboots won't cause a fsck, but rebooting after a long time up will.
<jurjenst> infinity: thanks... I'm not totally sure what to install on servers... downtime is allways annoing ubuntu drake boots up fast... that is really nice...
#ubuntu-server 2006-04-11
<Dre> hello. I have been using windows and just windows. I would like to know if ubuntu is suitable for a newbie like me to learn the ropes of making a webserver, nameserver and other hosting services. In need of help thank you..
<hunger> Keybuk: That works after the system is up.
<hunger> Keybuk: But the kernel expects /dev/mapper/$VG-$LV.
<hunger> Damn... wrong channel again!
<dereks> hello. have you guys seen freenas? Is the goal of ubuntu-server to make a distro like freenas (obviously linux not bsd) in terms of how well everything is integrated and ease of use?
<spike> hi guys
<infinity> dereks: Not really, no.  (Well, Ubuntu in general is well integrated anyway, but ubuntu-server is targetted currently at the datacentre and hosting provider types, more than "all in one appliances")
<infinity> Though, people could easily use ubuntu-server as a base to create a greate distro for appliances.
<dereks> infinity: ok
<dereks> i really like that project, just wish i knew bsd enough to truely use it :)
<dereks> maybe there will be an ubuntu-nas offshoot
#ubuntu-server 2006-04-12
<ToadZzZztool> before I go to bed I'd like to join Ubuntu Server Team 'cause I'm a sys&net admin in a little network (only 500 hosts and 12 servers) and a student in network engineering... are there any requirements?
<ToadZzZztool> anyhow, good night here too ;)
<allee> Hi, I had a look at ServerTestingTeam.  Looks like no ServerTestingTeamTemplate yet. :(
<allee> Is it okay to add something like ServerHardware/SunGalaxy ServerHardware/SunGalaxy/X4100  ServerHardware/SunGalaxy/X4200  ditto for DellPowerEdge  that are more like a linux on laptop pages? I.e. a page that contain known issue.  tools, tips links to other links pages in Web?
<spike> 'lo ubijtsa
<ubijtsa> lo spike
<spike> how do you do man?
<ubijtsa> not bad.. WFH today, and trying to do some of the stuff remotely is a pain
<spike> ubijtsa: like?
<ubijtsa> running mozilla over a reverse ssh tunnel
<spike> no vpn/vnc?
<ubijtsa> nope
<ubijtsa> not to the network I need to access
<thefish> ubijtsa: reverse ssh tunnel?
<ubijtsa> thefish: yeah, you ssh from box1 to box2 with something like "while true; do ssh box2 -R 2222:localhost:22 'while true; do echo -n . ; sleep 60; done'; done"
<ubijtsa> on box2 you can then do 'ssh -p 2222 localhost' and connect back through the ssh tunnel to box1's ssh port
<ubijtsa> poor mans vpn like :)
<spike> speaking of, what's going on with openssh vpn?
<thefish> what benefit does it give over just normal ssh?
<thefish> to run moz, i would just ssh -X box2
<spike> there's been much rumor about it, but I've never seen anybody actually doing it
<spike> thefish: firewall filtering on port 22?
<ubijtsa> thefish: if box1 is masqueraded, you can't get to it directly
<spike> ;)
<thefish> ssh -X -p2222 box2
<thefish> mkay
<ubijtsa> in my case, box1 is at work, and box2 is at home.
<spike> apparently with openssh 4.x you can do real vpns, but I couldnt find much about it :/
<ubijtsa> I can't ssh into box1 from the net, as it is behind firewalls and NAT, but I can ssh from box1 to box2 :)
<morrow> one more reason to block outgoing/incoming ssh connections. :/
<ubijtsa> morrow: hence why my sshd don't run on standard port
<morrow> ubijtsa: if you have the money you can also check port 80/443 connects and break the ssl stream. :)
<spike> uh?
<ubijtsa> morrow: that's the type product I do QA on
<spike> how would you do that without mouting a MITM attack?
<morrow> ubijtsa: which one? tommy ssl?
<morrow> spike: it is a MITM attack, your clients need the CA of your SSL Proxy
<ubijtsa> spike: transparent proxying/routing/bridging
<morrow> some companies are willing to go this way
<ubijtsa> morrow: McAfee SCM
<morrow> ubijtsa: Ahh
<spike> morrow: that was the point, if client isnt cluesless it'll spot the MITM
<spike> ubijtsa: uh, how? I dont see how that's gonna prevent that
<ubijtsa> spike: when you as an employee get told that all traffic is intercepted, what choice you have?
<spike> and I think this has been debated beyond the flame limits on any sec list :)
<morrow> spike: well.. if your clients are not within your adminstration you shouldn't do such bad things. :)
<spike> as in, you either enforce it with policies or nothing, technically u cant stop it
<ubijtsa> one way of preventing IM on a corporate lan is to forbid CONNECT through proxies on http traffic
<spike> ubijtsa: yes, but then employers wont be able to use any https, and that's not reasonable for quite a few places
<spike> even for work purposes, as in they need to access customers' stuff and so on
<ubijtsa> spike: that is where URL filtering comes in
<ubijtsa> spike: trust me, there has been *loads* of work gone in to these products, and they mostly work so well you don't know they are in the way
<spike> ubijtsa: ok, so you basically restrict connect to a few websites
<ubijtsa> spike: or allow and log
<spike> ubijtsa: I do believe you, I'm just curious :)
<ubijtsa> then when you have stats, you start blocking or coaching
<spike> sure sure, again, I thought you could "technically" stop it, which is something I was pretty sure you couldnt do
<morrow> not without breaking the ssl streams...
<spike> without stuff like the aforementioned MITM like setup, which a smart employer would detect
<spike> as a non smart one isnt gonna ssh tunnel home imho
<ubijtsa> one way to detect if your traffic is filtered is for downloads..
<ubijtsa> the larger the download, the longer it takes before you get any data at all, as the AV scanners need big blocks (or whole file) to work with
<morrow> ubijtsa: if you work for mcafee, how about asking some developers to relase a daemon version of uvscan? :)
<ubijtsa> hehe.. I could ask.. :)
<ubijtsa> I sit not far from the guys that wrote LinuxScan
<ubijtsa> but that project been idle/dead for ages
<morrow> hmm :/
<ubijtsa> there is *some* scanner available for linux, but I have to check who is writing it, so I direct feature requests to the right people
<ubijtsa> I can do that on monday
<morrow> well currently its uvscan. but this is only a command line scanner without daemon option
<morrow> ubijtsa: that would be great, please keep me posted. :)
<ubijtsa> morrow: I'll have a chat with them. I can see the usefullness of it (clamav/ clamsmtpd) so I'll see what I can do.
<morrow> it could be a political thing... because the uvscan is licensed based on servers, smtp scanning usualy is per user
<morrow> had this issue this week with sophos and kaspersky... even if you use the filescanber you have to licence it as SMTP gateway. :/
<morrow> filescanner..
<ubijtsa> aye..
<ubijtsa> right, have to change a nappy now
<spike> ubijtsa: hey, you around?
<ubijtsa> spike: in a fashion
<ubijtsa> why?
<spike> ubijtsa: I'm trying to work out a way to get to birmingham that wont cost me a fortune...
<ubijtsa> where from?
<spike> tmoz I wanted to go to some place.. took it easy... it turned out that sing was gonna cost me 100 pound... couldnt believe it
<spike> brighton
<spike> I'm not gonna go of course... I cant affor 200 pound for a 2 days thingie...
<ubijtsa> brighton to brum, cheapest way ought to be train..
<spike> I'm fskcing astonished... it's not even a long route... damn, by car it's something shouldnt take u more than 4 hrs and, uhm, 70 quid roundtrip?
<ubijtsa> spike: I can do it for about that round trip yeah
<ubijtsa> but that pre-supposes you have a car :)
<spike> so wtf it's gonna take 6 hrs and 200 quid round trip!? grrrr
<spike> 6hrs one way, tho, so was for 4 above
<spike> damn
<ubijtsa> public transport in UK is a joke.. everyone knows that :)
<spike> do u know liftshare.com?
<spike> hitchhiking a ride might be the only solution... I really cant spend that amount of money...
<spike> from liverpool it's "only" 30 quid... was looking if there was any way to fly cheaply from gatwick, but apparently there isnt :/
<ubijtsa> nah.. car-share, hiking with lorries etc is cheaper, but not as safe
<ubijtsa> right, I have a few things to test.. so will be offline for a while..
<spike> k, ta, c ya
<neuralis> Toadstool: the requirements for joining the team are a reasonably consistent history of contribution to the project.
<neuralis> Toadstool: things like help with bugs, release testing, or helping out here and on the ML.
<Toadstool> neuralis: ok no prob', i'll try to do my best :)
<neuralis> Toadstool: great, look forward to having you join soon!
#ubuntu-server 2006-04-13
<FoxHound01> is there someone who knows how to setup access control and authentication on the cgi-bin directory in apache2?
<Kolan> the same way as setting up a access control for every webfolder in apache..
<Kolan> Fox: this might help you out: https://wiki.ubuntu.com/ApacheMySQLPHP#head-c353cd3c0a06dae032ab869150ffab7911ede57e
<FoxHound01> where would ubuntu keep an Apache2 config file for SSL servers?
<FoxHound01> because my htaccess works on http but not on https
<infinity> Are you sure you're using apache2 for SSL, and not, say, a completely different webserver (like apache-ssl)?
<infinity> That seems to be a common mistake.
<infinity> If you never set up apache2 for SSL, you're probably not using it, since it's not configured for SSL out of the box (currently)
<FoxHound01> i set it up for apache2
<FoxHound01> wait
<FoxHound01> i think so
<FoxHound01> how would i set it up for apache2?
<FoxHound01> because i only have apache2 installed, and can connect to my server using SSL
<FoxHound01> hmm
<FoxHound01> i have...
<FoxHound01> wow
<FoxHound01> im confuzed
<FoxHound01> apache2-common, apache-common, apache-perl, apache-ssl
<FoxHound01> packages installed
<FoxHound01> but NOT "apache"
<FoxHound01> so am i running apache 2 or apache 1.3?
<infinity> Both.
<infinity> Or, wait.
<infinity> You don't have any "apache2-mpm-*" package installed at all?
<infinity> Then you have two versoins of apache1.3 installed (apache-perl and apache-ssl)
<infinity> And no apache2 at all.
<FoxHound01> i got it all figured out
<FoxHound01> apache1.3 was doing the ssl, while apache2 was doing the port 80 http
<FoxHound01> lol, night
<spike> I thought apache1.3 wasnt even available on dapper...
<spike> maybe he was running breezy
<infinity> It's still in universe.
<spike> ah, I see
<infinity> It'll take a long time to kill every apache1.3 installation in the world.
* infinity is reminded that he needs to do some apache uploads soon.
<spike> speaking of, I while ago I sent an email, with patch attached, about some comments on apache2 defaults...
<spike> never got a reply :/
<spike> at least some comment like "you sux" would been appreciated :)
<Toadstool> hi here
<infinity> spike: Sent it to whom?
<spike> because that's what I'm doing, so if the ideas are wrong I'd benefited from confrontation anyway
<spike> infinity: to the server ml
<infinity> Must have been before I got around to subscribing.
<spike> benefit*
* infinity reads.
<infinity> Erm, you seem confused.
<spike> ok :)
<infinity> mod_vhost has nothing to do with being able to see /doc/ ...
<Toadstool> i'm trying to improve my wide-dhcpv6 package... what do you think the default configuration for the client should be? stateful conf or stateless one (only dns info for example), assuming the address is obtained using stateless autoconf?
<infinity> In fact, mod_vhost really has nothing to do with anything except mass virtual hosting.
<infinity> spike: Your first two points (about the misplacement of configuration for "/" and "NameVirtualHost") are well taken, though, and I'll probably move those around a bit for the 2.2.x package, but won't touch the established settings in the 2.0.x series.
<infinity> spike: But, mod_vhost_alias has NOTHING to do with NameVirtualHost. :)
<infinity> spike: Simple Name and IP virtual hosting works without any modules loaded.
<spike> ah, doh!
* spike wonders how he got that so wrong...
<infinity> Well, I'll admit that after adminstering apache sites for over a decade, and hacking directly on apache for about half that, I don't tend to really know where it may be "hard" or "confusing", because I know it inside out and backwards.
<infinity> So suggestions (filed as wishlist bugs in either Debian or Ubuntu) on how to make things make more sense to first time users will be considered (though not always implemented, I'll admit)
<Toadstool> no opinion about my question? too bad, i'll toss a coin ;)
<spike> infinity: maybe I misunderstood you, but would you say that's the case for "/" and "NameVirtualHost" comments too? exepecially "/" imho looks more like a config design error than "things made easier for first time user". So I'd rather file / and NameVirtualhost as bugs, and /doc and default vhost as wishlist for "first time user". what do you think about that?
<infinity> Toadstool: Not really, no.
* spike didnt read Toadstool question
<spike> 's*
<infinity> spike: The default vhost's DocumentRoot is set the way it is on purpose (including not having the RedirectMatch enabled by default, because it confused a lot of first time users), so please don't file that one again. :)
<Toadstool> well i'll try to find an IPv6 guru ^^
<Toadstool> thanks anyhow
<infinity> spike: /doc/ works here, so I'd like to see why it's not workign for you.
<infinity> spike: The misplacement of "/" and "NameVirtualHost" are on my TODO, and will be fixed in the 2.2.x SVN repo, so no point in filing them (no, I won't fix them the 2.0.x, because I don't feel the urge to upend people's expectations of hor the config works on a minor version bump)
<infinity> ie: If people upgrade from 2.0.54 in breezy to 2.0.56 in dapper, I'd prefer not to surprise them too much with config changes.
<spike> infinity: fine for me, tnx.
<infinity> But when they go to 2.2.x in dapper+1, they should be expecting some major changes anyway, so that's the time to fix the more annoying oopses.
#ubuntu-server 2006-04-14
<nictuku> hmm shouldn't ubuntu-server appear in http://lists.ubuntu.com ?
<psi_force> if ubuntu-server and ubuntu share the same repositories and installer, what is the purpose other then a specialised kernel package?
<psi_force> if ubuntu-server and ubuntu share the same repositories and installer, what is the purpose other then a specialised kernel package?
<Bluekuja> hello to all
<Bluekuja> i was testing the flight 6 release
<Bluekuja> and i get an error during the installation
<Bluekuja> it tells me that kernel modules cant be found
<neuralis> Bluekuja: have you ran the 'check CD integrity' option?
<Bluekuja> yes
<Bluekuja> all ok
<Bluekuja> i continued
<Bluekuja> that point
<Bluekuja> and i went to disk partition
<Bluekuja> its loading the bar from about 10 minutes
<Bluekuja> calculating space
<Bluekuja> and then restart again
<neuralis> hmm. i haven't tested flight6 yet, so i don't know what's the story with that; it'd be good if you could post a summary of your problem (and any relevant error messages) to the ML
<Bluekuja> ok perfect
<neuralis> Bluekuja: thanks
<Bluekuja> np ;)
<spike> bah, what could cause ssh to ask me again about " authenticity of host" if I already connected to that host once? but indeed it's not in .ssh/known_host
<neuralis> spike: if you're connecting by ip or an alias, it'll still ask (until those are also in known_hosts).
<spike> only thing I can think of is, because of it being a vmware image I use sporadically, that something else got the same ip and the 2 conflicted...
<spike> neuralis: yeah, knew about that, but I've tried all of them just in case
<spike> ip, hostname, fqdn
<spike> since they added that patch to stop hostname harvesting it's not very easy to read known_hosts :/
<neuralis> more problematically, it's non-trivial to use hostnames from known_hosts in shell autocompletion.
<neuralis> grumble.
<spike> and no, no MITM or whatever, src and dst are safe pcs
<spike> and I can verify the key manually, so I'm connecting to the right host etc (both local to me)
<Bluekuja> done
<Bluekuja> aww
<Bluekuja> cant complete disk partitioning
<mon> hi
<mon> im reinstalling my server. i just finished partitioning but the installer won't continue to the base installation
<mon> how can i find out why it doesn't go on?
<Bluekuja> flight 6?
<mon> breezy
<spike> anyody familiar with hd encryption?
<Bluekuja> nope sorry :)
<spike> I cant workout if dm-crypt is still unsafe compared to loop-aes
<spike> considering the new cryptoloop stuff and LUKS
<Bluekuja> im not familiar to hd encryp maybe mon yes
<Bluekuja> but i dont think so :)
<mon> nope never got into that stuff
<mon> maybe i will if i get a new laptop sometime
<neuralis> spike: actually, loop-aes had its fair share of problems with weak keys, etc
<neuralis> spike: afaik, dm-crypt is fine nowadays.
<spike> neuralis: k, ta
<spike> neuralis: you using dm-crypt with LUKS?
<neuralis> spike: yes, i use it
<spike> neuralis: nice, how's it? any chance you've tried to compatibility with freeofte?
<spike> neuralis: and one thing more, ever reviewed truecrypt?
<neuralis> spike: freeofte should just work; i don't have windows installed, so i've never had reason to try it.
<spike> and one more thing, even if I guess it's a bit more rh centric, yet *very* interesting
<spike> neuralis: ever played with systemtap/frysk?
<neuralis> they're neat toys
<neuralis> still under very heavy development, though
<Meyer> neuralis, heard you played a trick on OgMaciel at the LinuxWorld.. ;p lol
<neuralis> Meyer: how'd you hear that? >:)
<Meyer> he told me
<Meyer> :)
<Meyer> and he put in his blog that goes to the brazilian planet :P
<spike> hi Meyer , iirc you and nictuku are behind nwu, right? would you mind a bit of chat about it?
<Meyer> spike, sure.. go ahead
<spike> Meyer: have you read this by any chance? https://lists.ubuntu.com/archives/ubuntu-server/2006-January/000022.html
<Meyer> nope.. lemme read it
<spike> Meyer: in short sw management is nice, but for anything bigger you want some sort of centralized config and system management, and that would include sw management
<spike> Meyer: so I was wondering if and which way nwu could evolve, and in that case be a sort of duplication of what's mentioned on that post
<Meyer> you should talk to yves (nictuku).. he's more into coding than i am..
<b3nw> any of you guys willing to install dhcp3-server quick to see if the install is still broken?
<Meyer> i haven't coded taht much in nwu yet.. i've done mostly packaging and testing
<neuralis> spike: centralized configuration management is (mostly) a solved problem, see e.g. cfengine
<spike> neuralis: see that post :)
<spike> neuralis: my point is cfengine solves sw updates as well, which makes nwu a sort of duplicate
<neuralis> spike: i read the list. the post is not specific enough, doesn't consider the implications (as it admits), and doesn't translate to a good spec.
<spike> neuralis: ok, so what would you like to see?
<spike> a practical implementation design?
<neuralis> spike: i want to see our server tools grow incrementally, in small chunks, and not introduce major new dependencies for supported software (e.g. ruby).
<spike> neuralis: fair enough
<neuralis> spike: this means that nwu, in its present form (just handling sw updates) is a reasonable target for edgy.
<neuralis> spike: then for edgy+1, we can start looking at the other part(s) of the problem and building on top of nwu.
<spike> neuralis: ok, I guess I'm missing something because "building on top of nwu" to me sounds like "we're gonna end up with some sort of cfengine custom made"
<spike> I'm just saying I see room for much duplicated development, but I'm for sure missing the big picture, so I take you comments and that's all
<spike> neuralis: that post is generic because it was a big topic, and the person that did it, me, is new to this sort of stuff
<neuralis> spike: right. when i say 'building on top of nwu', the bigger point is growing incrementally, rather than duplicating functionality. we'll figure out what that means when we get there.
<spike> and as a first step I think it was fine. a reply with pointers and I'd worked on something better considering implications and all
<spike> k
<neuralis> spike: it was a good post to get some thinking started.
<spike> well I'll stay tuned and see if I can help in that area
<Meyer> i seem not to be receiving all messages from the maillist
<Meyer> ohh.. these are old messages :P
<Meyer> sorry
<Meyer> didnt look at the dates
<Meyer> :P
#ubuntu-server 2006-04-15
<nictuku> spike, hi. Meyer told me you were interested in nwu
<spike> nictuku: hi there
<nictuku> spike,  can I help you?
<spike> nictuku: I'd say best thing is if I paste you the convo we had in here a few hours ago
<spike> can I do that in query or prefer pastebin?
<nictuku> your call
<nictuku> query, btw
<spike> nictuku: done
<nictuku> <nictuku> hmm
<nictuku> <nictuku> you have a point there (btw, my english is bad, so forgive me)
<nictuku> <nictuku> I confess I didn't know puppet. It seems a great idea, but neuralis mentioned something important for ubuntu, which would be the ruby dependency
<nictuku> <nictuku> better take this discussion to the channel
<spike> nictuku: I completely agree with that
<spike> cfengine wouldnt pose the ruby prob, tho
<spike> we can run it already
<nictuku> By the way, nwu really needs something like adminotaur
<nictuku> nwu is really a prototype by the way, there are no strings attached to where its future development should go. I just tried to stick the the spec
<nictuku> nwu is immensely simpler than cfengine
<nictuku> virtually no config is required
<nictuku> it's not an "autonomic system" either.
<neuralis> i think having nwu as a proof of concept system is very important. maybe we can have nictuku out at the next developer conference to sit down with the server team, and spec out where we really want to take it.
<spike> well, as I said, whatever comes up I'd like to be involved in this
<nictuku> neuralis, is there any date set? like just after dapper release?
<neuralis> yes, it's usually very shortly after the release.
<spike> what's in your opinion the quicket way to build an initrd image with ssh (dropbear maybe to reduce the size)?
<nictuku> I haven't tried dropbear, but well, it claims to be smaller. I'm not sure how much speed you'd get in the end
<spike> nictuku: more then speed I was worrying about memory consumption
<nictuku> spike, do you use puppet and cfengine for sw management daily?
<spike> but atm priority is figuring out how to do the whole thing
<spike> nictuku: nope, I did some cfengine for the last place I worked for, and followed the development of puppet. hopefully I'll start over @ new place once I've took care of some priorities
<spike> nictuku: I'm a newbie, just done my homework :)
<nictuku> yeah me too.
<nictuku> spike, I wonder how friendly puppet is for the administration if all he want is sw management/updates.
<nictuku> with nwu is all about "aptitude install nwu-agent"
<nictuku> then manage the nodes with a cli or pygtk tool
<spike> nictuku: definitely it'd be trickier ,and I wouldnt ever swap nwu with puppet if all I wanted was sw management/updates
<spike> nictuku: but nwu is just a part of what you want to admin a server farm, a config management must be there, and then you'd need puppet, which incidentally could deal with sw management as well, making nwu redundant
<nictuku> asking if sysadmins would be interested in only sw updates is a valid question, actually.
<nictuku> s/actually/indeed/
<spike> nictuku: but really, guess it's worth keeping this on hold until you talk with the guys and got some specs for the future down
<spike> nwu is nice and it's good it's there, for now that's what matters
<spike> actually, about the whole assumption we need cfengine for config management...
<spike> some of the RH guys developing their nwu solved the prob simply saying that config management is just a self-rolled pkg
<spike> which is indeed true
<spike> you could handle whole system config by simply rolling and distributing config packages, and besides true is also appealing imho
<spike> nictuku: yet stuff like cfengine do a lot more, but with that we'd have two of the biggest prob covered, sw and config management
<nictuku> cfengine is not the best config management system for an ideal world of debian/ubuntu-only server base hehe. debconf + ldap is interesting, although limited
<nictuku> spike, nwu is not about "autonomic systems" as IBM would call it.
<nictuku> I don't imagine a thousand unattended servers administration as a use case
<neuralis> nictuku: i have some concrete ideas about where i'd like nwu to go, and how it should integrate with the rest of the platform. that's why it'd be great to sit down with you at the dev conf and spec this out.
<neuralis> nictuku: where do you live? do you think you'd be able to fly out to the dev conf somewhere in europe in june?
<nictuku> that would be interesting. I live in Brazil. that would be something to think about
<nictuku> btw, the world cup in june. i believe that makes it virtually impossible
<spike> neuralis: oh, next dev cnf will be held in europe?
<spike> neuralis: any chance to attend as "visitor"?
<nictuku> neuralis, could you summarize some of these ideas?
<Meyer> our biggest airline going to bankrupcy... all brazilians flying to europe cuz of the world cup.. it will be EXPENSIVE to fly there.. lol
<Meyer> debconf should be easier to nictuku
<Overand> Hey, there *is* an #ubuntu-server, neat.
<nictuku> Overand, welcome
<Overand> I'm going to be building a server to move to a colo soon, and I'm debating betwen various options.
<Overand> Go with Breezy "ubuntu-server" and upgrade (remotely) when dapper final comes out
<Overand> go with dapper flight 6
<Overand> or go with a daily
<nictuku> wait for dapper unless you have a reason
<Overand> heh
<Overand> the reason is each month I delay costs me $170 or so
<Overand> Also, general impatience.  I have a 1U server with 2 gigs of ram and an Athlon X2 4200+ just *waiting* for an OS
<nictuku> breezy, wait, then dapper!
<Overand> yeah...
<Overand> I've been getting suggestions in both directions when it comes to that.
<Overand> THat was my original plan, go for breezy server, then upgrade to dapper
<Overand> but upgrades never *quite* seem to be 100%
<Meyer> i should gou for dapper
<Meyer> its quite stable by now
<Meyer> fair less headache than a remote dist-upgrade
<Overand> yeah
<Overand> I mean, the advantage is that I *can* get to the box pretty easily
<Overand> it'd be a ~2ish hour drive
<Overand> Meyer: would you say a flight CD or a daily?
<Overand> I'm leaning towards a flight CD
<Meyer> a daily would be basicaly flight + updates
<Meyer> maybe unstable installation
<Meyer> going down for reboot.. brb
<Overand> yeah, an unstable installation would be kinda bleh.
* Meyer back
<Overand> heya Meyer
<Overand> Hey, don't multiply, you might start making bad comedy as a group.
<ajmitch> morning fabbione
<fabbione> morning
<ajmitch> how's the niagara support now? :)
<fabbione> ajmitch: it's all in
<ajmitch> full installer images are up?
<fabbione> we lack the SSL accelerator, but that will probably not make it for dapper
* ajmitch will probably be playing with one tomorrow
<fabbione> ajmitch: since the announcment
<ajmitch> ok, I thought it was just netboot back then
* ajmitch will give it a go :)
<fabbione> oh yes
<fabbione> i forgot to announce the CD
<fabbione> but they should be working
<fabbione> i just got a report of something bad and i am checking
<ajmitch> just grabbing the daily now, will report problems when I run into them tomorrow
<fabbione> sure
<fabbione> but my suggestion is to use netboot
<fabbione> it's much easier
<ajmitch> ok
<Jeeves_> ] 
<ivoks> fabbione: ping
<ivoks> -rw-r--r-- 1 root root 11 Nov 13 17:35 /etc/ldap.secret
<ivoks> this isn't nice :(
<fabbione> ivoks: talk with pitti.. -ENOMYPROBLEM
<ivoks> ok
<infinity> ivoks: What owns /etc/ldap.secret?
<infinity> ivoks: I certainly don't have one on my system.
<ivoks> infinity: it looks like this is leftover from by old instalation
<Jeeves_> busy channel, this ubuntu-server
<spike> :)
<spike> Jeeves_: thing is we're all working very hard :P
<Jeeves_> spike: Sure! :)
<Jeeves_> I *am* actually working :)
<spike> Jeeves_: sure :)
<Jeeves_> spike: Really! I'm kicking a FreeBSD running Sunfire x4200 :)
<Jeeves_>  9:51PM  up  5:13, 3 users, load averages: 73.52, 68.37, 48.83
<Jeeves_> ./http_load -proxy 10.0.0.101 80 -parallel 100 -fetches 115000 urllist
<tarvid> started working with mirrormed and clearpath
<tarvid> either would make a significant contribution to debian-med
<tarvid> although both are GPL, there is a little of the JBOSS syndrome going on
<tarvid> ClearHealth on their "purchase" link suggest a budget of $30,000, the maintainer of MirrorMed will suggest the same
<tarvid> Patches are all in CVS, the download versions are periodic feature release
<tarvid> The ClearHealth download is at SourceForge is labeled GPL but they seem very possessive of the name
<tarvid> I can envision a forced fork just to get a name.
<tarvid> Any experience here with OSS where the developer holds things close to their chest?
<Jeeves_> tarvid: You're using it, Linux ?
<infinity> tarvid: Trademark holders releasing software under free license but restricting use of their mark is pretty common (Apache Foundation, Mozilla Foundation, Linux, PHP,...)
<tarvid> It loads on dapper apache mysql php
<tarvid> it is PHP4 dependent
<tarvid> the ClearHealth business strategy is to extract significant support fees
<tarvid> Apache, PHP etc don't seem to mind people and firms saying they support those products commercially
<tarvid> Not sure ClearHealth would be as generous
<tarvid> MirrorMed is a "friendly" fork as the maintainer suggests.
<infinity> tarvid: Trademark law doesn't allow them to stop you from saying you support the product.
<infinity> tarvid: It only allows them to stop you from having a competing/similar product with the same name.
<tarvid> I think I am just naive.
<tarvid> I have a client that would really like to try an OSS Practice Management System
<tarvid> These are the only two that look like they have a prayer of doing X12 (EDI) billing in the near future
<tarvid> I guess I am nervous about having an elephant in the closet. A high maintenance client with no clear avanue of support
<tarvid> A working demo packaged as a deb might get a lot more people going
<tarvid> Right now the community is rather thin.
<tarvid> For now I think I will run with the CVS and wait for the lion to roar.
<tarvid> Thanks.
<spike> eeer, need some help with initrd image
<spike> I thought I was supposed to gunzip it and mount it, but it turned out to be a cpio archive
<spike> once uncompressed with pax I was expecting a linuxrc script in root, but there's no one
<Jeeves_> spike: Wasn't there a script in /etc ?
<spike> Jeeves_: nope, modprobe.d and udev
<spike> but is' indeed working, cause I'm booting my laptop with it...
<Jeeves_> find / -name \*rc\* ?
<spike> breezy, latest kernel stock
<spike> Jeeves_: already done that, nothing
<spike> did ls -R | grep rc actually
<Jeeves_> Hmm
<Jeeves_> Strange
<Kolan> anyone with experience on MegaRaid controllers?
<spike> Jeeves_: indeed, I've no idea how it can be working then...
<infinity> spike: I assume you're looking for /init ?
<spike> gosh...
<spike> ehehe
<spike> infinity: indeed, ta, I was blindly insisting to look for some rc file :)
#ubuntu-server 2006-04-16
<lwizardl> hi
<lwizardl> i'm new to ubuntu servers can someone help me with static ip config (terminal)
<lwizardl> I have settings set but i'm not sure if they are correct
<lwizardl> iface eth0 inet static address 192.168.1.125 netmask 255.255.255.0 network 192.168.1.1 broadcast 192.168.1.1 gateway 192.168.1.1
<neuralis> lwizardl: that broadcast is wrong, and the 'network' is unnecessary.
<neuralis> you want broadcast to be 192.168.1.255.
<neuralis> in the future, please ask general ubuntu questions on #ubuntu.
<lwizardl> neuralis: i did a few hours ago
<joelbryan> anyone tried supplying rsync with a password?
<spike> joelbryan: eer, you mean using a rsync server?
<joelbryan> not using an rsync server, just fifo supplied password
<infinity> ...
<spike> eh?
<infinity> You would only need a password if the remote server requires one.
<infinity> In which case, "RSYNC_PASSWORD=foobar rsync ..." works fine.
<spike> joelbryan: password for what? tunnelling rsync with ssh so supplying a pwd to ssh?
<infinity> or "rsync --password-file=/path/to/file", if you don't want it in your eivnronment.
<joelbryan> mkfifo param.fifo;  rsync file.txt user@server:/dir 0< param.fifo; echo "$password" &;
<joelbryan> not using an rsync server
<infinity> If tunelling over ssh, (via "rsync -e ssh ...", then you just type a password when SSH prompts you.
<joelbryan> just plain ftp server
<infinity> rsync has nothing to do with ftp.
<spike> 'morning infinity
<joelbryan> --password-file= only works with rsync servers
<joelbryan> if the server is just plain ftp, it asks for a password, that doesn't work well with bash scripts.
<neuralis> joelbryan: you're not making sense. ftp and rsync are totally separate concepts.
<infinity> joelbryan: You can't rsync against an FTP server.
<joelbryan> yes, i've tried it.
<infinity> joelbryan: If you're doing "rsync -e ssh user@host:...", you're tunelling over SSH, and SSH will handle the password/key authenetication, not rsync.
<infinity> Oh, clever.  If you use the "user@host:/path" construct, rsync ASSUMES "-e ssh"...
<infinity> joelbryan: You're using SSH, you just don't know it.
<joelbryan> ok
<infinity> joelbryan: If you want passwordless auth, generate a keypair, and toss the public key in the remote host's ~/.ssh/authorized_keys file.
<allee> infinity: AFAIC it assumes -e rsh.  it's just that rsh defaults to ssh
<allee> + in debian/kubuntu
<infinity> Unless you have an actual rsh installed and change the alternative, right.
<infinity> joelbryan: Best to explicitely specify "-e ssh" for that reason, since your script can't guarantee that "I'm blindly using rsh" will always work as expected.
<allee> Anyone interested in commenting/testing mpich v2 pkgs (I'm working on gfortran addition) and (later) ganglia v3?  Or should I first goto #-motu?
<joelbryan> ok, I'll try it. thanks :-)
<neuralis> allee: there were some efforts to package ganglia v3, but it's tricky, so we decided not to for dapper
<fabbione> allee: if the pkgs are in universe ask -motu
<fabbione> neuralis: infinity just did a nice -server cleanup... today's images are sliiiim :)
<neuralis> fabbione: i went and checked it out when colin posted to u-d
<neuralis> infinity: awesome work
<fabbione> hehe
<neuralis> fabbione: i haven't had time to play with the 'install a LAMP server' bit; what's the extra package selection there?
<fabbione> neuralis: apache2+php5+mysql out of the box
<fabbione> it should just work
<neuralis> fabbione: nice. i'll see if i can get a couple of sentences about it added to the chapter.
<fabbione> neat
<fabbione> now i need to find a pic of myself...
* fabbione sighs
<neuralis> fabbione: hehe, for the interview?
<fabbione> a Linux Magasine is asking for one to add to an interview
<fabbione> yeah
<fabbione> they might as well play darts with it :P
<neuralis> i think there were a bunch of your pics among the various ubz pics people had posted
<fabbione> yeah that's for sure
<fabbione> but i meant to find one that will look almost normal
<neuralis> that'll be more difficult :)
<fabbione> exactly
<fabbione> and i can't even shoot a new one
<fabbione> my wife did try to cut my hairs 2 days ago
<fabbione> i look like a skinhead-nazi-whatever
<neuralis> that's pretty hilarious
<neuralis> is she an aspiring hairdresser?
<fabbione> and publishing such a photo the day after the left wing of the parlament is at the italian gov again won't work
<fabbione> no she was just pissed at me
<neuralis> she was pissed, and you let her go that close to your head with a pair of scissors?!
<neuralis> you must like living dangerously.. ;)
<fabbione> she was pissed that i didn't cut my hairs for 6 weeks :) and she did use (wrongly) the machine
<fabbione> hence the skinhead look
<neuralis> gotcha
* infinity grins.
<neuralis> so you know what i want? i want a launchpad module that uses bzr branches for writing a book. because the current process of writing a book with and mailing a word document back and forth with your editor is just stunningly inefficient. i want that, and a pony.
<fabbione> ROFL
<spike> neuralis: I was looking at something like that with latex+svn/moin+macro tex->wiki, then the editor could do corrections on the wiki and those coverted back to tex
<spike> neuralis: but of course it depends on the complexity of tex, you cant really convert complex stuff to wiki syntax
<neuralis> spike: i'm not talking about copy editing as much as the write-send-receive annotated-write cycle
<neuralis> spike: currently, 'change tracking' in word gets (ab)used to do book development, and that's just idiotic.
<spike> mmmh, do you guys know of any way to create a ram disk out of real memory and not VM?
<spike> I dont want it to swap
<hunger> spike: Use it... then it won't get swapped out.
<spike> I want something I can sure about will stay in ram, whatever happens, at worst it'll be just destroyed
<spike> I guess gpg does something like that to prevent keys being dumped to the hd,  but I'm not sure
<hunger> spike: Why?
<spike> why what?
<hunger> spike: Why do you want the data destroyed but never swapped out?
<spike> hunger: my own amusement
<hunger> spike: Oh:-) I thought something security related maybe:-)
<spike> hunger: well, that's where it originated , but it's just too pointless to be addressed like that, so I went with "my own amusement"
<spike> hunger:working on extending https://wiki.ubuntu.com/EncryptedFilesystemHowto with LUKS and stuff
<spike> hunger: and that thing just came up to my mind, but I cant really see any practical application. Yet I just remembered a couple of times me writing down pwds on files while doing stuff before moving them to the proper encrypted place, and I thought I was actually leaving traces since that file existed on the disk
<spike> hunger: and that took me to the ramdisk that never swaps :)
<spike> seems actually someone got a use of that :)
<spike> http://www.vanemery.com/Linux/Ramdisk/ramdisk.html
<spike> Why did I write this document? Because I needed to setup a 16 MB ramdisk for viewing and creating encrypted documents. I did not want the unencrypted documents to be written to any physical media on my workstation.
#ubuntu-server 2007-04-09
<fabbione> Burgundavia: for the clustering stuff we can talk tomorrow...
<Burgundavia> fabbione: sounds good
<[miles] > morning guys
<[miles] > anyone know how to get the damn apache script to create ssl certs to give more than one month?
<lionel> [miles] : you can add a -days xxx when you call the script
<lionel> Hi [miles]  btw :)
<[miles] > hi lionel
<[miles] > hows you
<[miles] > ?
<lionel> nice. It's a day off in France today :)
<lionel> and you ?
<[miles] > day off here
<[miles] > but I came in to the  office cos my g/f is working
<J_P> hi all
<shawarma> J_P: Good evening.
<ivoks> hi all ;)
<shawarma> hi, ivoks.
<shawarma> ivoks: Not going to UDS?
<ivoks> no :( no money...
<shawarma> You can hitch hike. It's not that far.
<ivoks> i've invested lots of money in business start and ubuntu conference last week
<ivoks> maybe i'll come...
<freezey> wheres the ISO for ubuntu-server? 
<ivoks> i'm still a student :)
<freezey> and does it come preinstalled with ssh apache mysql etc etc?
<ivoks> it doesn't install any service by default
<ivoks> but all asked are *on* the cd
<freezey> ok
<freezey> whats the name for the iso
<freezey> i am at distro watch right now
<ivoks> ubuntu-server
<freezey> ok
<ivoks> it's not there
<shawarma> ivoks: So am I. That's no excuse. :-)
<freezey> where is it then?
<ivoks> http://www.ubuntu.com/getubuntu/download
<ivoks> shawarma: hehe
<ivoks> shawarma: i'll try
<shawarma> freezey: Which version?
<freezey> doesnt matter
<ivoks> hm.. it does :)
<freezey> i just need to throw together a quick snort box and i wanna get this dam server edition
<freezey> quik and easy
<shawarma> http://se.releases.ubuntu.com/edgy/ubuntu-6.10-server-i386.iso
<ivoks> i would suggest 6.06.1
<ivoks> but ok :)
<ivoks> urgh... no direct flight to seville
<Nafallo> good. that mirror needs more peak! :-)
<ivoks> :)
<ivoks> http://hr.releases.ubuntu.com/edgy/ubuntu-6.10-server-i386.iso is also a good one ;)
<Nafallo> download ALL serverisos ;-)
<shawarma> ivoks: Nah, I also have to go by train for almost 5 hours to get to an airport that can take me to Seville and even then it's via Madrid.
<ivoks> shawarma: what's the cost of the flight from madrid to seville?
<maswan> http://www.acc.umu.se/technical/statistics/ftp/monitordata/ <- yeah, need more usage. :)
<shawarma> ivoks: No idea. I just bought the Copenhagen <-> Seville  ticket. I don't think it was specified how much of it was CPH -> BAR  and how much was the other bit.
<ivoks> ah... ok
<ivoks> i guess i'll have to go to sttutgart first :)
<shawarma> ivoks: I ordered via http://iberia.es/  That was the cheapest solution for me.
<ivoks> thanks
<ivoks> sevilla->barcelona 309
<ivoks> oh lol
<ivoks> not going to happen :)
<shawarma> Wow.
<shawarma> That's what I paid for my entire trip CPH->BAR->SVQ and back.
<ivoks> when is UDS anyway?
<shawarma> 5th to 12th of May.
<ivoks> right before paycheck :)
<J_P> Hey, Where is the prevision (day this month) for 7.4 release ?
<ivoks> 7.04
<ivoks> 19th of april
<J_P> ivoks: ok
<J_P> thanks
<ivoks> shawarma: i won't promisse anything :/
<shawarma> ivoks: Quite alright. I understand the workings of a tight budget. :-)
<shawarma> ivoks: I'll just taunt you on IRC from there. :-)
<shawarma> Oh, well, I've got to get some work done.
<ivoks> hehe
<ivoks> shawarma: you are taking traing from barcelona to seville?
<ivoks> both madrid and lisboa re closer :)
<shawarma> ivoks: Not Barcelona. BAR is the code for one of the airports near Madrid.
<ivoks> ah, sorry
<shawarma> Don't be. It appears I'm mistaken. Hmm..
<ivoks> hm... 200 is just one direction (without train)
<ivoks> pih...
<shawarma> I don't know where I got that BAR from. It *is* called "Madrid Barajas International Airport", but the IATA code is MAD.
<shawarma> ivoks: That's pretty steep.
<ivoks> too much for me atm
<seraphire> ali_ix: Thanks, I'll check over there, but seeing as it isn't a "server" question proper, wasn't sure if there was another channel to check.
<seraphire> sorry.
<seraphire> Hi, I installed ubuntu server and would like to run some X-clients remotely from that machine.  But when I connect to the box with ssh and an X-tunnel setup, it tells me that it cannot open the display.  Any thoughts?
<ivoks> does ssh on server forwards X?
<DustWolf> um hi
<shawarma> hello
<DustWolf> is the "ntp-server" package a ntp or sntp service?
<theacolyte> yes
<DustWolf> um
<DustWolf> which?
<theacolyte> ntp
<DustWolf> nice :)
<theacolyte> I use it myself
<theacolyte> for my org
<DustWolf> I have mine on pool.ntp.org and am wondering why the accuracy is so poor
<shawarma> Try "ntpq -p" to see what it syncs with.
<DustWolf> hm!
<DustWolf> how do I set those servers?
<DustWolf> I put my settings in ntp.conf but they don't seem to apply here
<Nafallo> wfm :-)
<DustWolf> server 127.127.1.0
<DustWolf> server ntp2.arnes.si stratum 2
<DustWolf> server ntp1.arnes.si stratum 2
<DustWolf> fudge 127.127.1.0 stratum 13
<DustWolf> is in /etc/ntp.conf
<DustWolf>  fiordland.ubunt 193.79.237.14    2 u    3   64    7   48.424  -39.973  60.699
<DustWolf>  LOCAL(0)        LOCAL(0)        13 l    3   64    7    0.000    0.000   0.002
<DustWolf> in ntpq -p
<mralphabet> http://www.1060.org/blogxter/entry?publicid=dad3987bd630eafad2d87d01d39a38de
<Nafallo> I've actually told it to sync against ntp.ubuntu.com, so for me it's fine :-)
<Nafallo> with fiordland...
<DustWolf> well
<DustWolf> it would be pointless to use a pool server to sync with to provide a server in the pool
<DustWolf> okay that seems better, thanks everybody :)
<evilkry> hey guys hows it going
<DustWolf> :>
<evilkry> was wandering if someone migh be able to assist me with a permissions issue
<evilkry> I accidentally made chown -R -v www-data:www-data web/*
<evilkry> *
<evilkry> well I want to make it to just web/new/* not the parent www folder
<evilkry> but i'm not sure how to make the web folder back to the way it was before
<shawarma> evilkry: Well, the previous permissions and ownershipts are not saved... Do you remember what they were?
<evilkry> well
<evilkry> let me look at another site directory and see what its current permissions are..
<evilkry> what the command to show the current permissios on a folder/file ?
<shawarma> ls -ld /path/to/file/or/folder
<evilkry> hmm
<evilkry> well thety are all actually showing the same permissions
<evilkry> thats weird
<evilkry> I can ftp and upload file with no problem to any of my domains
<evilkry> except one
<evilkry> and its the one that I ran the following on: chown -R -v www-data:www-data web/*
<evilkry> I had to make all the files writable so I could install joomla 
<evilkry> which is fine, but for some reason I can't upload anything without getting an error now
<shawarma> Perhaps your log files give some hints?
<ivoks> don't do that
<ivoks> of course you can't upload
<ivoks> it's because that directory is owned by www-data user, not your user
<evilkry> ohhh.... i'm such an idiot
<ivoks> and this is *bad* cause hole in app runing on apache, could very easily make your files deleted :)
<dragonriot_> I am installing Feisty Server on an IBM eServer xSeries 345, and the SCSI drivers for the machine are seemingly nowhere to be found on the installation CD... can anyone help me get the SCSI drives to be detected so I can finish the install?
<evilkry> ivoks: what do you suggest I should do?
<ivoks> what's the last line you got from me? :)
<evilkry> it's because that directory is owned by www-data user, not your user
<ivoks> yes
<dragonriot_> <ivoks> and this is *bad* cause hole in app runing on apache, could very easily make your files deleted :)
<ivoks> you should chownit back to your user
<ivoks> new word; chownit :D
<evilkry> ok.. how would I look to see what the group name is for a user?
<dragonriot_> I am installing Feisty Server on an IBM eServer xSeries 345, and the SCSI drivers for the machine are seemingly nowhere to be found on the installation CD... can anyone help me get the SCSI drives to be detected so I can finish the install?
<DustWolf> we can see it dragonriot_ Wait for somebody to answer
<ivoks> evilkry: grep [user]  /etc/passwd
<ivoks> second number is group ID of your user
<ivoks> dragonriot_: what SCSI controller is that?
<mralphabet> dragonriot_: what scsi . . . nm
<shawarma> dragonriot_: Which scsi device and which version of ubuntu?
<ivoks> 7.04 :)
<ivoks> < dragonriot_> I am installing Feisty Server...
<shawarma> Oh.
<shawarma> :-)
<evilkry> ivoks: ok.. so on web14_admin:x:10009:10014:Stephen Smith:/var/www/web14:/bin/bash  
<evilkry> the 10014 is the group name?
<ivoks> ID, not name
<dragonriot_> ivoks... IBM Ultra320 SCSI
<ivoks> evilkry: is that ispconfig? :)
<evilkry> yes sir :)
<ivoks> nice tool :/
<evilkry> i'm loving it!
<ivoks> but -R is not the thing you want
<ivoks> cause there is /var/www/web14/user dir
<ivoks> wich has couple of users in it
<dragonriot_> ivoks... it uses LSI Logic
<ivoks> lsi is supported
<ivoks> um... wait... SCSI
<ivoks> i only used sata
<dragonriot_> ivoks... yeah
<ivoks> dragonriot_: megaraid driver doesn't support it?
<dragonriot_> so I'm kinda at a loss... I have the ISO for the IBM drivers, and the SCSI controller runs just fine from BIOS, but it doesn't work in Ubuntu.
<dragonriot_> ivoks... I tried loading damn near every SCSI driver on the cd, to no avail...
<ivoks> description:    LSI Logic MegaRAID legacy driver
<dragonriot_> I'll try it...
<evilkry> ivoks: hmm.. what would you suggest?
<ivoks> evilkry: do -R on all, then go to every dir inside user/
<ivoks> and chown -R dirname:groupID dirname/
<ivoks> for every dirname in user/
<evilkry> a -R on all for the web14/user ?
<dragonriot_> megaraid doesn't work.
<ivoks> dragonriot_: do you have source for linux driver on IBM CD?
<dragonriot_> I have an OEM IBM cd, yes...
<ivoks> IBM claims that you can even install rh8 on it
<dragonriot_> ivoks... but they do not show support for Ubuntu...
<dragonriot_> or Debian for that matter
<ivoks> dragonriot_: that's irrelevant
<ivoks> dragonriot_: did you create raid field?
<dragonriot_> brb
<ivoks> thath's adaptec!
<ivoks> not LCI
<ivoks> LSI
<ivoks> at least according to:
<ivoks> http://www-304.ibm.com/jct01004c/systems/support/supportsite.wss/docdisplay?lndocid=MIGR-58861&brandind=5000008
<evilkry> ivoks: sorry - its been a long time since i've used linux much... and i've never quite understood how all the permisisons work and what not :(
<ivoks> don't be sorry, it's your problem, not mine :D
<evilkry> haha
<evilkry> when you say -r for all.. what do you mean by that?
<ivoks> i mean:
<ivoks> cd /var/www/
<ivoks> chown -
<ivoks> zblj...
<ivoks> chown -R admin_user_of_web14:web14 web14
<ivoks> cd web14/user
<ivoks> for i in `ls -d *`; do chown -R $i $i ; done
<ivoks> where admin_user_of_web14 is actully web14_admin
<ivoks> according to:
<ivoks> < evilkry> ivoks: ok.. so on web14_admin:x:10...
<evilkry> yes
<evilkry> cool, what does the line for i in `ls -d *`; do chown -R $i $i ; done do?
<ivoks> i have to get my self a Mac with keyboard that glows in dark :)
<evilkry> ivoks! I just got one this week
<evilkry> hooray
<evilkry> i've saved forever and was able to get one finally - damned expensive but worth every penny
<ivoks> evilkry: that like is self explanationary...
<evilkry> for every i then chown ownership to -R then ; done (finished)
<evilkry> ?
<ivoks> for every directory in user/ chown it to user who's name is the same as the name of directory
<evilkry> neat, thank you!
<ivoks> bye, i get up in 65 minutes :)
#ubuntu-server 2007-04-10
<foo> According to http://www-128.ibm.com/developerworks/aix/library/au-satslowsys.html?ca=dgr-lnxw01QuickUnix, vmstat's first r and b column are the number of processes in runtime, and the number of blocked processes waiting for I/O resources, respectively. However, man page on vmstat for r and b says: r) The number of processes waiting for run time. and b) The number of processes in uninterruptible sleep. ... I do think there is a difference. Which ...
<foo> ... description is more accurate?
<shawarma> b
<foo> shawarma: The man page or the web page?
<shawarma> r counts number of processes in a runnable state, not the number of processes actually running (which is severely limited by the number of processors).
<shawarma> foo: Ah, by bad. I pick door number two. 
<shawarma> foo: Also, uninterruptible sleep ~= blocked waiting for I/O resources.
<shawarma> foo: so the man page is slightly more accurate.
<foo> shawarma: oh, ok, so b = blocked processes waiting for I/O, not just blocked processes.
<foo> shawarma: What confused me was that it was blocked and just dropped and ignored, or something
<shawarma> foo: There's not much else you can wait for..
<shawarma> foo: So "blocked waiting for I/O resources" is sort of redundant.
<foo> Ah, I see
<wiikki> Hellooooooooooooooooooooooooooooow
<wiikki> I installed ubuntu server , how can i install a desktop i want fluxbuntu fluxbox
<wiikki> i used apt-get install fluxbox
<wiikki> what next
<wikkii> Hello ?
<shawarma> These are the last ~30 lines of dmesg on a server I have to deal with: http://pastebin.ca/432477    Can someone with OCFS2 experience tell me how fscked I am? 
<shawarma> Is fsck.ocfs2 likely to save the day or make it even worse?
<shawarma> The filesystem is stored on a drbd device shared between two servers.
<shawarma> fabbione: You've used ocfs2 before, no? Got a sec? ^^
<fabbione> shawarma: looking
<shawarma> fabbione: *G* Excellent.
<fabbione> shawarma: is that dapper? edgy? feisty?
<shawarma> It's an Edgy server with a custom kernel.
<fabbione> also drbd.. brrrrrrrr
<fabbione> custom kernel?
<fabbione> define custom kernel
<shawarma> 2.6.21-rc4
<fabbione> oh
<shawarma> Vanilla 2.6.21-rc4, I think.
<fabbione> you are on your own man :)
<shawarma> Heh. :-)
<shawarma> Well, the ocfs user space tools are those from Edgy. 
<fabbione> .20 is still getting a lot of bug fixes (OCFS2) that are not in .21 yet
<fabbione> makes no diff
<fabbione> the bug fixes are in kernel
<fabbione> tho you want a more recent userland for other reasons
<fabbione> you can try to fsck but i don't guarantee you anything
<shawarma> I'm not quite looking for guarantees at this point, but just a little something that would help my gut feeling about running that fsck. :-)
<shawarma> Of course I don't have enough space available there to move all the data elsewhere as a backup... and there's no proper backup..
<shawarma> Gah... clients.
<shawarma> :-)
<shawarma> And their usual admin is in the Caribbean sound asleep. Typical.
<fabbione> shawarma: blame it on you to use untested kernels on unsupported block devices
<fabbione> unmount the filesystem from all nodes
<fabbione> make sure that drdb is in sync across nodes
<fabbione> and then fsck
<shawarma> fabbione: Oh, this time, it's not my fault, actually. :-) They managed this without my help. :-)
<fabbione> shawarma: also.. upgrade the tools to the latest version to make sure fsck is new
<fabbione> i recall some bug fixing there at some point
<shawarma> fabbione: Is the feisty versions up to date?
<fabbione> shawarma: yes
<fabbione> it's one release behind, but the new release from upstream has only minor things that you really don't care about at this point
<shawarma> fabbione: Cool. I'll backport them from there then.
<fabbione> yeah it should be easy enough to rebuild
<shawarma> fabbione: Thanks for your help so far. Gotta run for about an hour.
<shawarma> fabbione: Does fsck.ocfs2 at least tell you before it eats your cat^Hdata?
<fabbione> shawarma: dunno.. i never had to use it
<shawarma> fabbione: lucky. :-)
<fabbione> shawarma: because i use sane SAN's and sane kernels
<Kamping_Kaiser> fsck has a simulation mode doesnt it?
<shawarma> Kamping_Kaiser: Depends on the fsck, I suppose.
<fabbione> as shawarma said
<ivoks> urgh... funny stuff right in the morning; a guy disconnected two disks in raid5 field (without shutting them down) :)
<fabbione> shawarma: well.. man fsck.ocfs2
<Kamping_Kaiser> i thought any fscks did
<fabbione> Kamping_Kaiser: no.. it depends from implementation to implementation
<fabbione> it's good sense to have ut
<fabbione> it
<Kamping_Kaiser> i think i'll be remembering that :)
<shawarma> fabbione: Idea: I could perhaps stop the drbd replication and try fsck on the one disk and see if all goes well. If it nukes everything, I should be able to run off the other.
<fabbione> shawarma: it's an option but i don't know how reliable is drbd.. last time i tried to use it, it did blow up badly
<fabbione> anyway lunch time
<ivoks> all fabbione's talks end with 'lunch' :)
<shawarma> fabbione: Yes, drbd is definitely the weakest link that experiment.
<shawarma> fabbione: Do you remember anything about drbd? Here's what I'm thinking about doing:
<shawarma> On server A:
<shawarma> drbdadm disconnect all (there's only that one drbd device)
<shawarma> fsck.ocfs2 /dev/drbd0
<fabbione> no i checked it only once a while ago to see if it was worth for main
<shawarma> If all goes well, I'm not sure what to do.. Log on to server B, and run "drbdadm outdate all", go back to server A, and reconnect.
<fabbione> and decided not too because it's bad
<shawarma> What would you have used? OpenAFS or something?
<fabbione> shawarma: a real shared block device
<fabbione> something like one those cheap disk arrays
<shawarma> Ah, right. And ocfs2?
<fabbione> yes or gfs
<fabbione> not gfs2
<fabbione> it's not stable enough yet
<shawarma> Ok.
<shawarma> Ah, that's just frickin' typical. I finally conjure up the balls to shut down the web servers, and unmount the ocfs2 fs, and it stops responding. It's probably in kernel panic.
<shawarma> And of course it's locked away in a hosting facility in Germany.
<shawarma> I can't say I'm looking forward to unmount the other one. This is really not my day.
<shawarma> Pheew.. 
* Starting logfile irclogs/ubuntu-server.log
* Starting logfile irclogs/ubuntu-server.log
<j1mc> woah . . . argonne national labs is running ubuntu server:  http://mirror.anl.gov/pub/centos/  (check out the note at the bottom of the page)
<dragonriot> Ahh... Finally got it right.... Debian - didn't like it... Slackware - didn't like my RAID setup... Ubuntu Feisty - Easy as pie, and what's not to love... =)
<dragonriot> lively bunch this morning
* mralphabet idles some more
<theacolyte> I'd mention that I just bought a car, but that that's OT :P
<theacolyte> or we could talk about my excessive use of the word that above
<dragonriot> when a server absolutely must have X installed on it, what is the recommended X-Manager suite?  GNOME, KDE, or XFCE?
<theacolyte> well
<theacolyte> xfce is lighter
<KurtKraut> How can I traceroute a UDP packet, like tcptraceroute does to TCP ?
<shawarma> KurtKraut: traceroute
<mralphabet> KurtKraut: I believe traceroute uses udp packets
<KurtKraut> mralphabet, yes, you're right. I've checked it here. Thanks both shawarma and mralphabet 
<shawarma> KurtKraut: any time
#ubuntu-server 2007-04-11
<wiikii> hello someone ?
<martalli|cli> I just did my first server install, and upon update, it did not update the kernel.  It says that is being kept back
<martalli|cli> Do I need to sudo aptitude dist-upgrade
<martalli|cli> Or is the standard way to upgrade different for the command line?  Maybe 2.6.20.12 is as far as the server distribution has gone?
<martalli|cli> ohhh...and what irc client should I use from cli?  Using epic now, but are people using something lese more typically?
<mralphabet> 18:52 < martalli|cli> Do I need to sudo aptitude dist-upgrade
<mralphabet> yes
<martalli|cli> When do I know to do that...from the gui, the update manager suggests it only every so often
<mralphabet> server? gui?
<martalli|cli> My understanding is that a dist-upgrade may downgrade or delete packages
<mralphabet> what version of server did you install?
<martalli|cli> mralphabet:  I have mostly used the gui for desktop use...so I am trying to picture whether updates shoudl always be dist-upgrade or upgrade and when I shoudl decide
<martalli|cli> Now I am working with a server install.  I'm pretty comfortable working with the cli, but a completely cli system is new for me (of course, there was college back in 1989, but I didn't administer those machines =)
<mralphabet> no problem
<mralphabet> personally I use update / upgrade 99% of the time until there is a package held back that I want
<mralphabet> then I use dist-upgrade and make sure it's not going to do anything untoward
<martalli|cli> mralphabet - I installed 7.04 beta (2.6.20.12 kernel)
<martalli|cli> mralphabet - that sounds reasonable...it is just a matter of watching what apt-get or aptitude is telling me
<mralphabet> martalli|cli: as you should be anyway ;)
<martalli|cli> yes indeed...i guess I'm not using the cli because I just like to watch the (windows/apple/ubuntu) gui updater do its work =)
<mralphabet> heh
<martalli|cli> Im just up to a little project - turning a p2-300 machine into an mpd jukebox for our phone server/pbx
<martalli|cli> How can I get a help dialog in vim?  I want to find out how to cut/paste or copy/paste
<martalli|cli> I figure, its time to move past nano.  Maybe I'm wrong
<mralphabet> ctrl insert / shift insert
<mralphabet> this in ssh? or something else
<mralphabet> or you can do yy
<mralphabet> or 5yy to copy 5 lines
<mralphabet> p to paste
<martalli|cli> I'm logged in directly (but eventually this will just be a headless server
<martalli|cli> with ssh)
<martalli|cli> No, I wanted to copy like two words and paste it in a few spots
<martalli|cli> I did find the online help file (thank you, links2 lol =)
<martalli|cli> FOr some reason, it isn't included on the vim-tiny/server install
<martalli|cli> I guess they expect I know how to use vi lol
<mralphabet> heh, I always do it from terminal so [ctrl|shft]  ins works for me ;)
<martalli|cli> Hey, where I can I change this from dhcp to define a specific address?
<martalli|cli> That way I won't have to log into the firewall to chase down what address it got from the dhcp server?
<mralphabet> ./etc/network/interfaces
<martalli|cli> thx
<martalli|cli> Ahah, man interfaces makes it pretty clear
<martalli|cli> mralphabet - thanks for your help.  That was pretty easy to change...compared to the gui is was like magic
<martalli|cli> Doing it on the gui (i think mdv), it took something like a minute befroe on this same machine
<martalli|cli> (changing from dhcp to static address)
<mralphabet> np
<dthacker> Hi, I'm running edgy server.  Is there curses based utility that I can run to help with network config?  
<dthacker> hmmmm, no ntp.conf file?
<dthacker> I''ll use ntpdate for now....
<Kamping_Kaiser> dthacker, afaik no UI for networking no
<Kamping_Kaiser> ntp.conf for clients, or for servers?
<Kamping_Kaiser> ntp is done by a script in /etc/network/interfaces/if-up.d iirc
<Nafallo> Kamping_Kaiser: don't you mean ntpdate? :-)
<Kamping_Kaiser> Nafallo, quite likely. :)
<Nafallo> cause ntp is still /etc/init.d/ntp :-)
<Nafallo> kewl! irssi has tabcompletion to the filesystem
<Kamping_Kaiser> neat
<dthacker> Kamping_Kaiser: I want to run ntpd on this server, sync with an outside time server, and have all internal severs hit this one
<Kamping_Kaiser> /etc/ntp.conf exists on my system, is really all i can say :|
<dthacker> Kamping_Kaiser: ok, I'll go check it out.  
<Kamping_Kaiser> dthacker, check ntp-server is installed and configured
<Nafallo> ntp-server is deprecated package name now :-)
<Nafallo> just a dummy
<Nafallo> hmm, not even a dummy it seems :-)
<Kamping_Kaiser> oh, ok. well its in dapper, which is what i'm using :|
<Nafallo> I think it was rebuilt in feisty actually. so should still hold for edgy :-)
<Nafallo> but in feisty it's "ntp" :-)
<dthacker> will it be "backported" to edgy?
<Nafallo> probably not. why? :-)
<dthacker> Nafallo: It looks to me like my stock edgy install just has ntpdate, and not ntp.  But I haven't done much digging yet..  
<Nafallo> dthacker: edgy has ntp-server and stuff. the old packagenames.
<dthacker> ah, ok. 
<Nafallo> apt-cache search --names-only ntp would show
<dthacker> Nafallo: tnx, still learning my way around stock ubuntu-server installs.  
<Nafallo> np
<\sh> guys, did anybody worked with TSO on ubuntu-server (dapper e.g.)
<\sh> ?
<dthacker> TSO?
<maswan> Theodore Ts'o?
<shawarma> tcp segment offloading?
<andel7> hi guys....
<shawarma> andel7: hello
<shawarma> \sh: ^^
<shawarma> \sh: Which is it?
<andel7> i'm trying to install ubuntu server 6.06 on my HP DL360 G5 server.....after the installation is starting and i choosing my languauge and location the screen is stuck and in the 4th console i can see some kind of loop that repeating itself 
<andel7> but i can't see error messages there...
<shawarma> Why?
<shawarma> What do you see?
<andel7> just a sec i'll write you the exact messages...
<andel7> usb disconnect adress XX...,HP virtual keyboard ...., new full speed USB device......, none of it looks like "error,fatal,panic...."
<dthacker> andel7: are you using a USB keyboard?
<shawarma> No idea. You might have better luck in #ubuntu. It's not really a server issue even though you're using the server edition.
<andel7> nope - the keyboard is ps2
<dthacker> andel7: any USB devices?
<andel7> the usb is pressent of course but i'm not using it ....
<shawarma> andel7: Is there something like ilo in it?
<andel7> yep 
<shawarma> could you login to that and see it it's acting up?
<andel7> but i'm not connected through ILO
<dthacker> andel7: understood.  I was thinking that you had a bad USB device attached. That must not be the case.
<shawarma> "HP Virtual keyboard" could be i virtual keyboard from ilo.
<andel7> ok....but i think there is no way to turn off" the ilo.....
<andel7> i feel more like a driver issue - i'll try the 6.10 
<shawarma> andel7: that my not be necessary. Try logging in to it and see if it gives you any hints.
<andel7> ok
<andel7> thanks guys....i'll update you if i have any advance ( or not ) ... :P
<shawarma> np
* dthacker does the happy email dance as his postfix install delivers mail
<\sh> shawarma: yepp, tcp segment offloading , via ethtool
<\sh> andel7: I had the same problem with DL320s from hp..
<\sh> andel7: udev is running into an infinite loop 
<\sh> andel7: http://linux.blogweb.de/archives/304-HP-DL320S-and-Ubuntu-Dapper,Edgy,Feisty.html
<andel7> thanks ....i'll check this....
<\sh> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/55495
<\sh> and upstream bug: http://www.mail-archive.com/linux-usb-devel%40lists.sourceforge.net/msg41847.html
<maswan> huh, we've hadn't have any such issues with our dl385 end dl585s though.
<\sh> andel7: did you try to boot an ubuntu dapper/edgy server from cd on your machine? at my place, the 320s is locking up after finding PS/2 keyboard port...
<\sh> maswan: older machines are not having this behaviour...we think it's ilo2 fault...see linux-usb-devel..
<maswan> \sh: ah
<\sh> all our other hp servers (dl360g4p, dl585, bl35p class) with ilo1 are working as expected.
<maswan> Ok, that's something significant to remember for us then. Is it known if dapper will get an update for this?
<\sh> maswan: funny thing...sles9 kernel works ;)
<\sh> maswan: read the comment on http://linux.blogweb.de/archives/304-HP-DL320S-and-Ubuntu-Dapper,Edgy,Feisty.html from steffen neumann
<\sh> it looks like that it's fixed in 2.6.15-50 in experimental..not knowing if he means debian or one of BenCs private p.u.c./~benc/ archives ;)
<maswan> \sh: well, the launchpad page says "Fix Committed"
<\sh> maswan: see #ubuntu-kernel
<maswan> \sh: must have missed it then
<\sh> maswan: it's in 2.6.15-26.47
<\sh> maswan: dapper-security 
<maswan> ah, so it's already fixed. good.
<\sh> but not on the install media :(
<shawarma> Does anyone know if the name of a mysql database is stored anywhere apart from the directory name?
<maswan> \sh: We use FAI for installation anyway. :)
<shawarma> I have a "backup" of a mysql db in the shape of the MYD and MYI files. A client of mine wants to access this, but I'm a bit reluctant to just put in in /var/lib/mysql under a different dirname since it's a replicated server and I wouldn't want it to mess that up..
<\sh> maswan: we, too ;) but with a special tool for hw gathering and confiuration of our networks 
<lionel> shawarma: no, it is safe to copy-paste the directory of you database
<lionel> juste be carrefull if you are changing of mysql version
<lionel> and with rights (user and privileges are stored in the mysql db)
<shawarma> lionel: Excellent. Thanks
<\sh> maswan: it's in proposed..not -security :(
<dballester> hi to all
<dballester> [OT]  any link to read about administration of raw devices in ubuntu ?
<andel7> how can i load a network interface module to the installation - can u give me some url?
<mralphabet> dballester: administration of raw devices?
<dballester> well
<dballester> commming from redhat world, I can define relations between physical partitions and raw devices ( /dev/raw/raw1 -> /dev/sda1 for example ). Then one startup script executes the bindings with raw command
<mralphabet> dballester: interesting, that's not something I've seen before
<ivoks> sda1 is a raw device :)
<dballester> ivoks, I know
<ivoks> so, you just want to create links?
<dballester> mralphabet, to get an idea http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.dc30119_1501/html/installnx/BEIGJJEI.htm
<dballester> now seems that redhat is moving to the use of udev instead of raw command
<dballester> but i was trying to look for a simple examples on how to 'do the same' under ubuntu
<mralphabet> dballester: interesting, thanks for the link
<ivoks> raw /dev/raw/raw1 /dev/sda1
<dballester> you can read more about raw partitions management ( I repeat, seems to be the 'old way' now ) in any RedHat Admin pdf. Is the way thay we used to manage raw partitions for oracle datafiles
<ivoks> ah....
<mralphabet> I'm still reading the sybase doc, but I have to wonder if there is really that much of a performance gain
<dballester> ivoks, the 'problem' is then i need to create some type of script to manage raw partitions and convert it to ubuntu init to be launched at correct time when machine boots 
<dballester> mralphabet, yes
<dballester> you bypass all OS filesystem management
<ivoks> there is gain
<ivoks> on ext3, i would say around 20%, IIRC
<mralphabet> wow
<dballester> yes
<dballester> this is why is not strange to see oracle datafiles under raw devices on the majority of unix flavors ( even with fc storage )
<ivoks> this brings some other issues, but, yes, it should be faster
<dballester> pros: speed
<ivoks> cons: no backup :D
<dballester> ivoks, false :)
<ivoks> hehe
<ivoks> you can dd it, yes...
<dballester> best way ( i'm only talking about Oracle ) : rman
<dballester> the second more 'rude' is what you say, dd
<ivoks> so, no bacula and other fancy stuff
<dballester> rman now is the best tool to backup/restore oracle database
<ivoks> but ok, this is solved on oracle level
<dballester> I REALLY love bacula
<dballester> despite tivoli, veritas... :)
<ivoks> this is something we should think about, since we wouold love to see oracle ceritified for ubuntu
<ivoks> bacula rulez.
<dballester> bacula, bacula and bacula :)
<dballester> but now we have 2 problems
<ivoks> i will take a look at it on redhat
* dthacker uses raw devices for informix on AIX, informix will run on linux raw devices as well...
<dthacker> dballester: bacula won't backup raw devices?
<dballester> 1 .- rman can 'talk' directly to storage device via propietary vendor library ( libobk provided by tivoli, veritas...)
<ivoks> dthacker: bacula client needs to read data...
<ivoks> dthacker: iirc, it can' read raw
<dballester> 2.- Oracle recently presented is own enterprise backup solution ( not only related to oracle products )
<dthacker> hmmmm. 
<dballester> And i think that oracle will not be interested on offer rman support for bacula integration :/
<ivoks> we would love to see oracle, but not do everything to get it :)
<dballester> dthacker, the 'problem' with raw partitions is that only the applications that uses this raw partition knows how the data is stored
<ivoks> right
<dthacker> informix has two utiliites, one of them is self contained, but the other writes to storage managers
<dballester> dthacker, surely, is the only way to make some type of backup of the data stored in raws :)
<dthacker> but I also doubt they are interested in writing to bacula, because IBM would rather sell TSM
<dballester> of course
<dballester> but it's an interesting scenario
<dballester> think about a company that has been doing backups with tsm ( Tivoli ) or veritas... for several years ( > 3 )
<dthacker> like mine.  Then they moved to CommVault
<dballester> buying hardware, tape libraries and tapes
<dballester> yes dthacker but is compatible a yerarly full backup made 2 years ago with tsm recoverable actually with CommValut or another product ? I think no
<dballester> this fears a lot of companies to make a movement to adopt another solution
<dballester> bacula primary target should be new backup solution implementation 
<dballester> it's the only way to go inside enterprise
<dthacker> like my little linux universe at work (about 50 machines)
<dballester> :)
<dthacker> I am just underway on a bacula implementation.
<dballester> the big difference is that using bacula you will know without a doubt how is stored every single byte of your backups
<dballester> dthacker, me too
<dballester> and will use DVD as backup volume.. ahem... don't ask me why, i'm trying to understand it too :P
<dthacker> bbl, time to beat on postfix some more
<dballester> mralphabet, if actually doesn't exist something similar to rawdevices script under ubuntu don't worry, redhat is moving to udev and rawdevices will disappear  http://kbase.redhat.com/faq/FAQ_105_9616.shtm
<ivoks> hehe
<ivoks> so, redhat follows development of new technologies :)
<dballester> yep :)
<dballester> oracle is doing the same
<dballester> moving to DIRECT_IO
<ivoks> we should just write rules for udev
<dballester> raw devices seems that will die
<ivoks> i don't think so
<ivoks> there is no reason for it to die
<dballester> ivoks, well, you will do the same with udev 
<dballester> and vendors are using new libaries
<dthacker> should "postfix" reload pick up changes to /etc/postfix/main.cf?
<dthacker> "postfix reload"
<ivoks> yes
<dthacker> added restrictions are not shown, Cyntaks Airer strikes again!
<dthacker> ah, I see it in mail.log.  pebkac
<ivoks> as always :)
<dballester> ivoks, sorry, no DIRECT_IO, O_DIRECT 
<dballester> http://kevinclosson.wordpress.com/2007/02/23/oracle-direct-io-brought-to-you-by-deranged-monkeys/
<dballester> well i will try the udev way to bind to partitions to raw devices under ubuntu
<dballester> and see if i can gain some I/O speed with vmware clients
<dballester> :)
<dballester> is a thest
<dballester> *test
<dballester> the bind will be done against logical volume :)
<dballester> I tried to do the same with ORacle ASM disks and worked :D
<dthacker> argh,  postfix reload shows ok in the mail.log but my single change to main.cf does not show. 
<ivoks> dthacker: /etc/init.d/postfix reload does postfix quiet-reload
<ivoks> and this is something that works
<dthacker> worth a shot....
<dthacker> nope, something is borked
<dthacker> I just added smtpd_helo_required = yes, but postconf -d still shows no
<fabbione> dthacker: you want to talk to lamont in #ubuntu-devel
<fabbione> he maintains postfix
<dthacker> fabbione: tnx
<fabbione> just keep the noise low because we are trying to get Release Candidate out
<ivoks> hm...
<dballester> yup! Cannot open master raw device '/dev/rawctl' :/
<ivoks> modprobe raw
<dballester> bingo :)
<ivoks> dthacker: interesting...
<ivoks> this bug is in debian
<dthacker> ivoks: I'm back to user error.
<dballester> mmhh raw devices needs more work in Ubuntu :/
<ivoks> dthacker: check this out
<ivoks> postconf -e 'smtpd_helo_required = yes'
<ivoks> postconf -d | grep helo_required
<ivoks> smtpd_helo_required = no
<ivoks> dthacker: maybe it's on purpose...
<ivoks> dthacker: i've read that 50% of MTAs don't work with postfix if that is enabled
<dthacker> ivoks: I may set it to warn for awhile.
<dthacker> bbl, being called to lunch
<FlyingSquirrel33> my server is still on hoary, and when I do a apt-get dist-upgrade it doesn't add any packages. Any ideas?
<ivoks> hoary is unsupported for 6 months already
<ivoks> breezy is also unsupported
<FlyingSquirrel33> there's no way?
<ivoks> no
<ivoks> 6.06 (dapper) is supported for 5 years
<ivoks> you should upgrade to it
<ivoks> get a breezy install CD and upgrade to breezy
<ivoks> then upgrade to dapper
<dballester> see you
<FlyingSquirrel33> ivoks:great! thanks, I think I have one around!
<FlyingSquirrel33> how do I go about upgrading to breezy with the CD?
<fabbione> FlyingSquirrel33: you can also upgrade from the net..
<fabbione> no need of a CD
<fabbione> but for sure you need to make it in 2 steps
<fabbione> hoary -> breezy -> dapper
<fabbione> and breezy will be unsupported in 2 days or so
<FlyingSquirrel33> fabbione: when I do a apt-get dist-upgrade it doesn't add any packages
<FlyingSquirrel33> what am I missing?
<fabbione> did you change sources.list ?
<fabbione> and did you do apt-get update
<fabbione> ?
<ivoks> oh, then there's still time :)
<FlyingSquirrel33> fabbione: I've heard changing the sources.list breaks things sometimes
<fabbione> FlyingSquirrel33: i beg you pardon? and how are you supposed to upgrade then?
<ivoks> you have to change it to upgrade it
<FlyingSquirrel33> well, I'm no expert, but I've been told to use gksudo "update-manager -c -d"
<FlyingSquirrel33> and that the other is not the "correct" way. I could be wrong, 
<fabbione> FlyingSquirrel33: if you are on a server there is no such thing as gksudo or update-manager in hoary
<FlyingSquirrel33> fabbione: I realize that. I assumed that dist-upgrade is more or less the same.
<ivoks> it is, more or less
<fabbione> up to dapper dist-upgrade is good enough
<fabbione> dapper -> edgy might be a bit rough
<ivoks> after you change sources.list
<fabbione> edgy -> feisty has the update-manager for server
<ivoks> fabbione: i think he would be better of with dapper than edgy for server
<ivoks> or desktop even
<fabbione> but you need to change sources.list
<fabbione> ivoks: for sure he wants dapper
<fabbione> so do i
<fabbione> my server is still on breezy
<Nafallo> feisty <3 :-)
<fabbione> i had no time to upgrade it in over a year
* fabbione feels bad about it
<fabbione> and i am sure it will exploit the only corner case for everything on lvm on raid that hasn't been tested in dapper
<FlyingSquirrel33> fabbione: ok, so I'll do it one step at a time and use dist-upgrade each time I change the sources.list.
<ivoks> you think?
<fabbione> FlyingSquirrel33: yes...
<fabbione> upgrade to breezy
<fabbione> make sure everything works
<fabbione> only after you upgrade to dapper
<FlyingSquirrel33> make sure everything works only after I upgrade to dapper... OK
<fabbione> check at each step
<fabbione> fabbione> upgrade to breezy
<fabbione> <fabbione> make sure everything works
<fabbione> then... upgrade to dapper
<fabbione> and check again
<FlyingSquirrel33> k
<FlyingSquirrel33> fabbione, ivoks: everything went fine with breezy, now almost everything's done with dapper except I get exit status 10 while unpacking lvm2. I tried deleting the deb so it would download it again, but it didn't make a difference. Is there a way to trouble-shoot this?
<fabbione> FlyingSquirrel33: that can be several reasons.. keep it as last.. 
<fabbione> keep doing dist-upgrade until lvm2 is the last one left to upgrade
#ubuntu-server 2007-04-12
<radevil> hello, is there anyone in here working for cannonical???
<lionel> radevil: fabionne and infinity are
<lionel> but they are probabily not around
<radevil> mm ok
<radevil> i'm right now doing my CV to send it to canonical
<radevil> i wanted to speak with any of them to know a little bit more about the job
<radevil> :)
<andel7> exit
<radevil> s
<radevil> ls
<mralphabet> grep
<shawarma> kill
<radevil> Hello
<shawarma> hi
<radevil> do you work for canonical?
<shawarma> Nope.
<dj-fu> lol
<dj-fu> isn't a shawarma like a kebab but with different bread?
<josh_> anyone here that can help me with me half-life server ????
<josh_> ..its runing good just cant get to it from LAN
<josh_> i can get to all other servers on teh box via my ddns exept the half-life server
<dsdg> halo i am running pureftpd-mysql on ubuntu, how can i stop users from deleteing?
<dsdg> no one knows?
<dsdg> ok, i see this, -K  --keepallfiles, but where do i add it..?
<mralphabet> dsdg: it generally takes more then 1 minute for you to get an answer, have patience
<dsdg> hehehe
<dsdg> yea i have actually given up man, sometimes ubuntu can be quite confusing...take pureftpd for instance, wtf did they try to do there? wtf is the config files...?
<dsdg> crazy devs...
<mralphabet> yes, because everybody loves being ridiculed because we don't answer your question within 30 seconds
<mralphabet> . . .
<dsdg> its not about that really,
<mralphabet> dsdg: there's a server dev job open with canonical, feel free to put an app in
<dsdg> all i want is a normal config file, like gentoo, etc etc, where i can add options, instead i must sniff it out of /etc/default/pure-ftpd
<dsdg> mralphabet, again, it;'s not about that...this seems to be the only defence a dev can come up with, "if you dont like it, do it yourself" that's getting old man,
<fabbione> dsdg: you want it in one file.. somebody else wants it splitted in multiple files.. take your pick
<fabbione> it's matemathically impossible to make everybody happy
<dsdg> fabbione, no, i said i am looking for a config file...
<fabbione> dsdg: did you check in /usr/share/doc/pure-ftpd ?
<dsdg> for instance, where will i add a simple option like -K to my startup options of pureftpd?
<fabbione> i don't have it installed
<fabbione> i don't use it.. so i can't say.. but usually a start up option is in /etc/default/ or /etc/init.d/pure...
<dsdg> fabbione, i am reading through there, thanks for that btw, trust me i just want things easier, not more difficult, 
<fabbione> dsdg: if this is your first time with Ubuntu/debian based systems, you will need to get used to some differences with other distros
<fabbione> it's normal
<fabbione> there are always differences
<fabbione> but i am being rethoric here
<fabbione> anyway what i told you before is valid for let say 99% of the packages out there
<dsdg> fabbione, i know, i have been using gentoo for years so trust me, i can work on any distro, boss-man wants this server on ubuntu...so here i am, suppose ill just give it time,
<fabbione>  /usr/share/doc/packagename 
<fabbione> i hate boss that forces people on distro foobar
<dsdg> yea :( 
<dsdg> ah good news :) but not on the ftp side, apache this time,
<dballester> hi to all
<dballester> mralphabet, what is the best way to propose a feature or enhancement for ubuntu-server ( it's about raw devices )
<fabbione> dballester: you want to create a spec in launchpad and propose it for discussion
<dballester> ok
<fabbione> the spec in LP will point to the wiki.ubuntu.com/blabla page
<fabbione> with all details about the spec
<fabbione> then once the spec is in a reasonable state you propose it
<dballester> indeed
<dballester> in fact is very simple and may be you're solving it in another way
<ivoks> dballester: easy set up of raw devices?
<dballester> at least the initial mknod c 162 0 to be done at installation time, if i'm not wrong seems that is not created ( at least I needed to create it by hand to be able to use raw command )
<andel7> hi guys
<lionel> hi andel7
<chandu_> hi
<chandu_> what services will be enabled by default in Ubuntu-server
<shawarma> None, really.
<fabbione> chandu_: none. no open ports/services. you can select at install time if yuo want DNS server and/or LAMP server
<shawarma> Unless you choose the LAMP or DNS install.
<shawarma> heh..
<chandu_> shawarma, Does it contains only these two server componets ..LAMP & DNS
<shawarma> Well, no.
<shawarma> But those are the ones you can choose at install time.
<shawarma> After installation, you can install anything you want.
<chandu_> shawarma, ok
<fabbione> as shawarma sais
<shawarma> web servers, ftp servers.. Anything in the Ubuntu archive.
<fabbione> LAMP and DNS are just common enough to be worth asking at install time
<chandu_> shawarma, So ..If I am not chosing thsoe during installation ..it means only desktop will get installed
<shawarma> No desktop.
<chandu_> shawarma, oh .only base system
<shawarma> That's pretty much what server installation means.
<chandu_> shawarma, without X
<shawarma> chandu_: All the available software is the same in the "regular" ubuntu version and the server on.e
<chandu_> shawarma, ok
<shawarma> chandu_: It's just a matter of what is installed by default.
<shawarma> chandu_: Oh, there's a different kernel for server installs, though.
<chandu_> shawarma, but in the regular ubuntu version .. U get desktop by default once U installed right
<shawarma> chandu_: Lower HZ, another io scheduler by default, iirc.. Stuff like that.
<chandu_> shawarma, different version of kernel ..of kernel with different configuration
<shawarma> chandu_: Yes.
<shawarma> chandu_: Same version, slightly different configuration.
<chandu_> shawarma, k
<chandu_> shawarma, the how abt in server version ..no desktop by default
<chandu_> shawarma, As of I know servers wont come with desktop
<shawarma> chandu_: No. Only very basic installation.
<chandu_> shawarma, ok
<shawarma> chandu_: We have a pretty strict "no open ports by default" policy.
<chandu_> shawarma, So over the basic isntallation ..whatver server components we need ..we need to instal using apt-get
<shawarma> chandu_: That's the idea, yes.
<chandu_> shawarma, 
<chandu_> no open ports by default" policy. means what
<shawarma> It means that when you're done installing any version of Ubuntu, there's no services listeing for network connections. It's a security decision made long ago.
<chandu_> shawarma,means network service wont be there by default
<shawarma> The server installation cd contains a bunch of server software, though, but it's not installed and configured by default.
<shawarma> chandu_: Yes.
<chandu_> shawarma, then if no network ..how do you connect to repo and install componetns thru apt-get
<chandu_> shawarma, you need to put the server cd ..and install locally
<shawarma> chandu_: Oh, you can connect to the network. The network cannot connect to you.
<chandu_> shawarma, ok ok ..its one way
<chandu_> shawarma, no packets from outside network coming inside
<jsgotangco> its pretty neat
<shawarma> chandu_: It's not like there's not network support. There are just no networked services installed by default.
<shawarma> chandu_: Precisely.
<chandu_> shawarma, is there any doc or website where can I get the more detail abt server and what packages do I need to install to setup a fully qualified server ..with security features like PAM, selinux and all
<chandu_> shawarma, Why server components are not installed by default during installation .. is it because of the policy as you told for some security reasons
<mralphabet> yes
<mralphabet> there are a lot of linux distributions that have many services (services meaning telnet, ssh, ftp, dns, http, https, etc etc etc) installed by default
<mralphabet> for those people out there in the world that simply install a system and never apply updates, that server with open services will soon become insecure because of exploits or whatever else
<jsgotangco> the install provides you a good base to design your own setup with very little hassle
<mralphabet> This is opposed to the debian approach where the only services that are open are the services you choose
<jsgotangco> so there is an assumption that you actually know what you are installing/using
<fabbione> we install less than Debian
<fabbione> not even openssh is installed
<mralphabet> fabbione: right, sorry
<chandu_> so in debian some services will be enabled by default
<mralphabet> ssh
<chandu_> is there any debian server cd like ubuntu server cd .. I dint get anyone
<chandu_> mralphabet,ok
<mralphabet> chandu_: to install ssh on ubuntu server -- sudo apt-get install openssh
<mralphabet> to install apache -- sudo apt-get install apache2
<Nafallo> how hard is it to do sudo apt-get install openssh-server after it's installed? :-)
<chandu_> mralphabet, yup I know this ..
<jsgotangco> like sabdfl said in his email, even a monkey can install it lol
<chandu_> mralphabet, I want to know ..how the user comes to know that he wants to install all these components t osetup a server
<Nafallo> chandu_: if he DOESN'T KNOW what ssh is he would probably not need it :-)
<mralphabet> chandu_: if you want to serve web pages in linux, what software do you need?
<chandu_> mralphabet, its httpd or apache
<mralphabet> chandu_: and how do *you* know this?
<chandu_> mralphabet, you mean the same way the user will do 
* jsgotangco thinks its there is a clear misunderstanding with english here
<Nafallo> anyway. we have a serverguide! :-D
<mralphabet> you asked "how does the user come to know what he wants to install"
<chandu_> mralphabet, yup
<Nafallo> so help.ubuntu.com ;-)
<chandu_> mralphabet, I meant the way I know abt the package ..the other users will also have to know abt pkgs needed and then install right
<ivoks> CoC, people, CoC :)
<mralphabet> The answer is "you start with what you want to accomplish, then research for the best software to use for what you want to accomplish"
<jsgotangco> chandu_: you mean "how will a user know the name of the package?"
<chandu_> mralphabet, ok fine ...I got it 
<chandu_> jsgotangco, No I got the answer from mralphabet 
<jsgotangco> cool
<chandu_> Thank you Guys 
<Nafallo> chandu_: I can really recommend help.ubuntu.com for users :-)
<ivoks> i agree
<jsgotangco> yes
<chandu_> Nafallo, ok ..let me go through that 
<Nafallo> even for me
<Nafallo> and I'm not exactly "user" anymore :-)
<chandu_> But I have a question ..I have seen Redhat Enterprise and Advanced server
<jsgotangco> chandu_: the server CD provides you a good base to customize on how you want your server to function, hence there are no default services enabled
<chandu_> where you get all services get isntalled by default
<mralphabet> chandu_: I don't mean to be difficult, sorry if I come across that way
<chandu_> jsgotangco, ok ..you mean the Ubuntu policy tells that .. User comes to know what is ther e in his server only when he himself installs the server components over the base sysettm
<ivoks> chandu_: you don't
<jsgotangco> chandu_: because RHEL caters to a different market and uses this approach while ubuntu server assumes a level of proficiency with regards to the services
<chandu_> jsgotangco, ok .. I got it ..
<ivoks> chandu_: as a RHCE, I guarantee you that RHAS and RHES don't come with all services preinstalled
<jsgotangco> yeah you got nice graphical tools though if you opt to
<chandu_> jsgotangco, ok fine
<chandu_> Thank you Guys ..
<chandu_> I got some information 
<Nafallo> jsgotangco: do they work over serial? ;-)
<chandu_> I have to leave now ..
<jsgotangco> :D
<chandu_> Will catch you with few more questions tomorrow 
<chandu_> bye
<ivoks> bye
<Nafallo> chandu_: see ya
<jsgotangco> ciao
<andel7> i'm looking for any kind of bruteforce protection - some mechanism that will block the IP that failed to authenitcate more then 6 times? is there anything like that ?
<ivoks> for ssh?
<ivoks> anyway, iptables
<ivoks> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 --rttl --name SSH -j DROP
<ivoks> or something like that...
<andel7> thanks ivoks
<andel7> and yes i need it for ssh....
<ivoks> np
<dballester> nos vemos!
<h4wk0> Im looking in getting a dedicated server and having ubuntu installed - Just wondered how stable is is proven to be
<mralphabet> h4wk0: it works for lots of people
<h4wk0> And i take it - you would advise me to use 6.06lts
<mralphabet> I would advise you to use whatever you want, LTS offers package stability and security
<Nafallo> so does 6.10 and 7.04 ;-)
<mralphabet> 7.04 offers latest greatest packages
<mralphabet> Nafallo: so LTS offers nothing over 6.10 / 7.04?
<Nafallo> yes it does. 60 months instead of 18 :-)
<Nafallo> if I calculated that correclty ;-)
<h4wk0> All i need to find is a cheap us dedicated server place :)
<h4wk0> Accpets paypal and allows irc
<theacolyte> LOL
<theacolyte> good luck
<theacolyte> no network will allow IRC for cheap
<theacolyte> if you decide to do IRC though, I'd suggest http://www.sharktech.net/
<h4wk0> Well at the min - ive found corenetworks.net
<h4wk0> But dont accept paypal, but sales team say they might be able to do it
<h4wk0> But dont like the "may be able to"
#ubuntu-server 2007-04-13
<andel7> ...
<kikidonk> Hi !
<kikidonk> is there any kind of server compatibility list for ubuntu server
<kikidonk> I couldn't  find anything on the ubuntu server website, which seem to be a single page
<kikidonk> For example the HP Proliant servers claim to be compatible with previous debian
<kikidonk> does that means it will be compatible with the ubuntu server..
<[miles] > hi kikidonk you mean like cert. hardware like SUSE do
<kikidonk> yes for example
<kikidonk> basically how do i know if i will be able to use my hardware with ubuntu server
<kikidonk> before i buy the hardware ):
<kikidonk> :)
<[miles] > I don't know if there is, I would assume so... and also I'd be amazed if a Proliant did not run Ubuntu Server
<kikidonk> well they say they run on debian sarge
<kikidonk> so i guess it's essentially the same
<kikidonk> The thing is, i don't know anything about servers :)
<kikidonk> i'm kind of learning as i go
<[miles] > ok
<[miles] > but you know linux right?
<kikidonk> yes sure
<kikidonk> we are starting a little prototype deployment
<kikidonk> for some web app in python we are developping
<kikidonk> and now we need a server, cause the company's ones are not available for us
<kikidonk> nothing fancy
<kikidonk> but we would like to be able to use the hardware fully, like hardware raid
<kikidonk> notifications from fans, cpu heat, etc
<radevil> hello
<mralphabet> hello
#ubuntu-server 2007-04-14
<foo> Hm, anyone run ubuntu on the dell 2950s with RAID5 and 6 750GB drives? Or, can anyone assure me it'll work? :) 
<lz> i think i have a server bug, anybody here?
<lz> when i start up 6.10 server only version in virtual pc 2007, the interactive portion with the teal blue background is on some crazy resolution so that i cannot see the bottom half of the screen and thus cannot install it, any help?
* lz moans
<kelsa> Does anyone here have a preference for putty (linux) vs pterm?
<dthacker> happy saturday. may your pagers be silent. 
<Nafallo> :-)
<jsgotangco> thanks for the reminder i should set my twitter account to web instead of sms
<AlexC_> hey,
<Nafallo> morning :-)
<radevil> hello
<foo> Hm, anyone run ubuntu on the dell 2950s with RAID5?
<ivoks> foo: Integrated SAS 5/i(base): 4 port SAS controller. Does not support RAID.
<ivoks> so i guess you are using perc 5/i?
<AlexC_> is it normal that I'm using 300+mb of memory on my server ... that is doing nothing, no one even knows it is there
<ivoks> cache?
<foo> ivoks: I believe so, let me check
<foo> ivoks: PERC 5/i
<foo> Yup
<ivoks> so.. what kind of problems do you have?
<foo> ivoks: Oh, just hoping that it's easier to get ubuntu working with RAID5 than on the 1435s.
<ivoks> foo: https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/55138
<foo> waitHm, I think those had the 5iR SAS raid card.
<foo> ivoks: Yeah, someone has told me that too. But, it's not too much of a problem.. as long as the RAID is utilized on, say, sdc, right? 
<ivoks> i see...
<ivoks> it should work ok
<ivoks> but you should do a net install or something
<ivoks> cause dapper installer has older kernel which could show you all disks and create problems with grub
<foo> ok, so you recommend 6.10 with the 64bit version?
<ivoks> no, i do recommend 6.06
<ivoks> but with non-default installation
<foo> Hm, what do you mean non-default? Is that the alternate cd or something?
<ivoks> no
<ivoks> it's creating your own installtion method
<ivoks> i had similar case with latest 3ware controller
<ivoks> i had to create my own kernel to do installation
<DustWolf> hell
<DustWolf> o
<DustWolf> I have a problem with setting up a ftp server correctly
<DustWolf> or actually.. I had set it up but now it claims to start but nothing really happens
<foo> ivoks: hmm, is that the only way to get the 2950 working with raid5 and that perc 5/i card?
<ivoks> foo: maybe not; that's something i would do
<ivoks> foo: http://ubuntuforums.org/showthread.php?t=226114
<foo> ivoks: I see. Interesting, hmm.
<foo> ivoks: ah, this is going to be handy, thanks. 
<foo> ivoks: Hmm, so, you basically take ubuntu and build your own installer?
<ivoks> sometimes, yes
<foo> Hm, how difficult is something like that? It might help in the long run, especially since I won't be doing this. Just need to kind of help the person that is
<ivoks> i'm wrong persion for this question, since it's not difficult for me
<ivoks> then again, i'm linux administrator for a decade :)
<foo> hehe, nice. ok
<radevil> hello
<radevil> i have some questions with LDAP backends
<radevil> i'm having problems with the database
<radevil> it corrupts sometimes
<radevil> i'm using a bdb backend
<radevil> I lost a few accounts in a power cutoff
<radevil> power cutoffs are very often, is there a way to secure the ldap database against that??
#ubuntu-server 2007-04-15
<Nafallo> LVM stripesize for 2*300GB? :-)
<Nafallo> mostly files of 14-20MB
<n-iCe> Hi
<n-iCe> I have installed the ubuntu-server
<n-iCe> How can i install a desktop ?
<mralphabet> n-iCe: sudo apt-get install gnome-desktop
<mralphabet> or ubuntu-desktop
<mralphabet> I think
<n-iCe> a lighter one ?
<mralphabet> you could do xfc
<mralphabet> e
<n-iCe> gnome is like normal ubuntu ?
<mralphabet> xubuntu-desktop
<mralphabet> sudo apt-get install xubuntu-desktop
<mralphabet> gnome is normal ubuntu
<n-iCe> ok thank you after that? what
<mralphabet> you can use ubuntu-desktop or xubuntu-desktop or both
<mralphabet> xubuntu is a bit liter
<mralphabet> lighter even
<n-iCe> sudo apt-get install ubuntu-desktop
<mralphabet> that will install gnome
<mralphabet> xubuntu-desktop will install xfce
<n-iCe> ok ok i want gnome
<mralphabet> then there you go
<n-iCe> after send sudo apt-get install ubuntu-desktop
<n-iCe> what i need to type
<n-iCe> startx ?
<mralphabet> should work
<n-iCe> ok hold on, thank you
<shawarma> n-iCe: Rather "/etc/init.d/gdm restart"
<n-iCe> shawarma first that?
<shawarma> Yes.
<n-iCe> ok
<shawarma> It should bring up a graphical login screen.
<n-iCe> ok ok ok
<n-iCe> other question
<n-iCe> why when i install the ubuntu server in my ther pc and it finished doesn't start, always reboot by itself
<n-iCe> before start
<n-iCe> what can be ?
<shawarma> It's hard to say. It can be many things.
<shawarma> Gotta run.
<n-iCe> can i do something to fix it?
<n-iCe> where is the sources list path ?
<shawarma> /etc/apt/sources.list
<n-iCe> i need to remove all the # to have the universe repositories rght?
<n-iCe> I sent apt-get update
<n-iCe> after that what i should send
<mralphabet> http://www.google.com/search?q=ubuntu+install+gnome
<mralphabet> start with the second link
<n-iCe-> Hi
<n-iCe-> the power went off can you tell me again how to restart it ?
<n-iCe-> after send ubuntu-desktop
<mralphabet> 12:46 < mralphabet> http://www.google.com/search?q=ubuntu+install+gnome
<mralphabet> second link
<n-iCe> mralphabet i did it
<n-iCe> apt-get install ubuntu-desktop
<n-iCe> but later to start with the graphical ?
<mralphabet> did you read the thread?
<n-iCe> yeah
<n-iCe> i just need to send it?
<n-iCe> but later
<n-iCe> dman
<n-iCe> is going to installl everything like ubuntu normal
<n-iCe> i don0't want that
<DustWolf> hello
<DustWolf> is there any way to set some common thing so that
<DustWolf> every program trying to access the web will use a proxy server I configure?
<lionel> DustWolf: you can use a transparent proxy for that
<shawarma> DustWolf: Most programs obey the http_proxy environment variable.
<DustWolf> okay
<shawarma> DustWolf: Ask in #ubuntu, though. It's not a server thing.
<DustWolf> shawarma: where do I put the exportso that it always applies?
<DustWolf> oh.. sorry
#ubuntu-server 2008-04-07
<faulkes-> Disk /dev/sdd: 1496.9 GB, 1496999264256 bytes
 * faulkes- whee's
<faulkes-> iscsi box is now up
<ksclarke> anyone know why ubuntu would pause on boot? it doesn't give me the login prompt until after I have hit a key on the keyboard
<netrat> hello i'm running ubuntu server 7.10 and i'm having some trouble with IET, iscsi enterprise target, hard freezing the server. no kernel panic or anything
<netrat> my targets are LVM logical volumes
<owh> netrat: The person working on iscsi is soren.
<netrat> owh: okay, is he away now?
<owh> netrat: soren never sleeps, but he may be napping :)
<netrat> HAHA okay
<owh> netrat: I suggest you leave your IRC window open and see what gives :)
<netrat> owh: okay. i'll be waiting...
<owh> netrat: Perhaps you should outline what you're doing and what issues you're having.
<netrat> well like i mentioned the iscsi targets are LVM volumes. i have one target being exported to a Win XP machine running NTFS and another target for booting CentOS with etherboot. here is my ietd.conf file http://pastebin.com/m7c0a219b
<netrat> the ubuntu server running IET will randomly lockup with iSCSI activity. i've tried upgrading to the latest 2.6.24.4 vanilla kernel, but that didn't help either
<netrat> discussion groups for IET seem to be scarce
<netrat> the server has been 100% stable before, memtest and a prime95 torture test all check out okay
<owh> netrat: FYI, activity tends to pick-up here in about 5 hours.
<netrat> owh okay, hopefully someone will be able to help. i really need my iSCS
<netrat> iSCSI*
<soren> netrat: Sorry, I haven't used iscsi at all on gutys.
<soren> gutsy, I mean.
<netrat> soren only 6.10?
<soren> Er.. No, 8.04.
<netrat> wait i'm confused, i'm running 6.10, you only have experience running IET on 8.04?
<netrat> i'm using version 0.4.16 of iscsitarget
<soren> I only started using iscsi on hardy, yes.
<netrat> soren oh okay. support is hard to find for IET! no chatrooms on freenode or anything
<owh> Hi soren, I'm responsible for sending netrat here. Any suggestions where else help might appear from?
<soren> No clue. Sorry.
 * soren wanders off for " a nap" :)
<owh> Slacker :)
 * owh gets ready to duck.
<kgoetz> owh: arvo mat3
<kgoetz> *mate
<owh> Phone...
<owh> Man o man, what a bunch of fwits on this planet.
<owh> Just had a call from a client who's machine was working fine until this morning when a "friend" installed Office for them, now their Internet doesn't work.
<owh> Not that any of you lot care :)
<omnz0r> everyday life of a sysadmin :)
<owh> omnz0r: Ah, but this particular client hasn't contacted me in three years, now they expect free support :)
<owh> Or should that bt :(
<kgoetz> owh: i'm at work too :p
<owh> kgoetz: I work for myself, I'm *always* at work :p
<kgoetz> owh: how are they still a client then?
<owh> kgoetz: It's all in *their* mind.
<kgoetz> owh: i'm trying to feel sorry for you - and i'm struggling
<owh> kgoetz: Nah, no need for feeling sorry, you can just share my angst :)
<kgoetz> owh: that i have no problem with ;)
<owh> ROTFL
<owh> Thanks, I needed a laugh.
<kgoetz> hehe
 * owh is having much more fun decoding 61 bytes of satellite tracker data :)
<kgoetz> hehe
<kraut> moin
<izzy_> hello?
<izzy_> anyone awake in here?
<Jeeves_> YES!
 * Jeeves_ :)
<izzy_> anyone in here know how to do LVM partition
<Jeeves_> Nope :)
<izzy_> dang
<izzy_> no one seems to know x.x
<blue-frog> izzy_: what do you need?
<izzy_> ok well im redoing the install of ubuntu 7.1 server edition
<izzy_> i did manual partitioning
<_ruben> 'morning' Jeeves_ ;)
<izzy_> 300 gig hd   i made  logical volumes:  home root srv  swap  and var
<izzy_> when i go to create it says
<Jeeves_> hoi _ruben
<_ruben> its 7.10 btw :) </nitpick>
<izzy_> shows the partitioned disk  LVM VG system  lv root  8.6 GB linux device mapper  #1
<izzy_> as soon as i click finish partitioning and write changes to disk
<izzy_> red Screen   NO ROOT FILE SYSTEM is DEFINED
<izzy_> x.x
<izzy_> is it a error  am i just losing my mind lol
<faulkes->  /root or /
<izzy_> 3 hours
<blue-frog> izzy_: first.. you have a /boot partition not lvm?
<izzy_> i do have a boot
<izzy_> its 100.0 mb
<izzy_> first partition is /boot  100.0 mb  primary
<_ruben> izzy_: did you tell the installer to use the root lv for / etc? or just created a lv called "root" and assumed it'd be used for / ?
<blue-frog> izzy_: the lvm logical volume, you created them but did you assgin a mount point?
<izzy_> i didnt tell the installer to use the root for anything
<_ruben> then thats the problem
<izzy_> i dont think i assigned the mount point  but it wont let me
<blue-frog> izzy_: you need to do that for all your lv
<_ruben> once you created the lv's, you need to tell the installer what to do with them
<izzy_> i cant find away to access it to mount it or anything
<_ruben> once you created the lv's .. the lv's should show up in the list of available partitions
<izzy_> hmm
<izzy_> from what i was told
<izzy_> x.x
<izzy_> i was to make 2 partitions
<izzy_> both prime
<izzy_> 2nd one was to be LVM
<izzy_> and all my var swap srv root and home go in that
<_ruben> so far so good
<izzy_> wish i could take a screen shot and somehow upload it on to my site x.x or email n show ya whats going on
<izzy_> the overview of currently configured partitions and moun points.  shows
<izzy_> LVM VG system LV home 4.3 gb  linux device mapper
<izzy_> #1 4.3 gb
<Deeps> no camera phone?
<izzy_> thats all  so it doesnt show mount points
<Deeps> or webcam?
<Deeps> or digicam?
<izzy_> lol all those got then
<izzy_> but lcd with a webcam ?
<_ruben> izzy_: because you didnt specify one, it wont do that for you (it wouldnt know how)
<izzy_> so how can i put the mount points in ?
<_ruben> izzy_: select that lv line and hit enter
<izzy_> i do it just flashes then goes back to the same screen the overview
<_ruben> then perhaps the line underneath it .. dont recall exactly on top of my head
<izzy_> ok that did something
<izzy_> use as:        Do not use
<blue-frog> it might be a bug. I remember having problems with LVM and ubuntu install
<_ruben> select that line and hit enter
<izzy_> ok
<_ruben> blue-frog: nah, its just the debian installer being not very user frienldy ;)
<izzy_> got ext 3 ext 2 and so on
<_ruben> which fs to choose is up to you
<_ruben> usualy one'd go for ext3
<izzy_> for the boot i was using ext 2
<izzy_> didnt need the journal
<_ruben> thats a fairly common decision indeed
<blue-frog> oh he's in yes ok
<izzy_> ok so for like srv for ftp server i need to do that for all of then right
<izzy_> ok so now it says  use as  ext2 file system  mount point use as root right?
<_ruben> yeah, you need to do those steps for each lv you created
<_ruben> if you selected the root lv yes, otherwise select the apropriate dir
<izzy_> wow lol talk abouta nice installer x.x
<_ruben> you mentioned lv home before, so i'd mount that under /home
<izzy_> i reinstalled over 200 times this week
<izzy_> cus of this
<_ruben> izzy_: well .. its *is* marked as expert mode or smth similar
<izzy_> lol ya
<izzy_> i spent 40 dallors on a ubuntu server book
<izzy_> cus i got tired of doing it over n over
<izzy_> and page 20 goes over this but it leaves this all out
<izzy_> doesnt tell u how to mount or anything
<_ruben> crappy book that is then
<izzy_> i was in the regular ubuntu irc room for days asking got 100 different answers lol
<blue-frog> izzy_: http://www.ibm.com/developerworks/views/linux/libraryview.jsp?topic_by=All+topics+and+related+products&sort_order=asc&lcl_sort_order=asc&search_by=lpi+exam+topic&search_flag=true&type_by=Tutorials&show_abstract=true&start_no=1&sort_by=Title&end_no=100&show_all=false&S_TACT=105AGX59&S_CMP=GR-LPI
<blue-frog> will give you all the info you need to know
<blue-frog> for free
<blue-frog> you just need to register
<izzy_> thanks
<izzy_> on that site u mean ? or on here?
<izzy_> so most people use ext2 for root as well as /boot
<izzy_> ?
<izzy_> do you suggest using ReiserFS  for /var / and home or no ?
<_ruben> izzy_: i'd go for ext3 for all (and optionally ext2 for boot)
<_ruben> xfs might be a more suited fs for large storage means
<izzy_> ok  im planing to use this as FTP and webserver
<_ruben> ext3 is probably good enough for that
<izzy_> now can i ask ya this  ftp and webservers need a /srv partition correct?
<_ruben> we have /srv on our suse based machines, not on ubuntu tho .. web resides in /var/www by default
<izzy_> ok so i should make var bigger and just get rid of /srv then ?
<izzy_> my var is only 6.4 gb and /srv is 275 gb
<izzy_> sry for all the stupid questions ive been a windows user longer then linux just got in to openbsd about 8months ago so not firmilar with it all yet
<_ruben> well, defaults are just what they are: defaults .. if you want your http/ftp stuff under /srv, then there's nothing that stop you from doing so ;) ... /srv is part of the FHS
<_ruben> /srv/ Site-specific data which is served by the system. <== sounds appropriate enough for http/ftp files ;)
<izzy_> i want to set it up the best way without having to reconfigure the system entirely
<izzy_> which would you say is the best route?
<_ruben> izzy_: thats a bit hard for me to say .. im currently in the progress of migrating from suse to ubuntu .. they both have different views (default settings and all) for certain stuff .. havent made up my mind on which routes to go yet
<izzy_> ya i know that feeling all to well
<izzy_> ive setup alot of windowsNT with linux suse stuff
<izzy_> i just want to get away from windows im tired of then lol
<_ruben> hehe
<_ruben> hmm .. brb .. smth came up here ..
<izzy_> ok
<izzy_> well now its installing the base system so Everything must be right ^^ :)
<_ruben> back
<izzy_> me to
<izzy_> wow
<izzy_> network just crashed lol
<izzy_> i hate linksys somedays x.x
<_ruben> hehe
<izzy_> it was funny cus it went to look for mirrors
<izzy_> my gf runs upstairs shes playing xbox360 live and shes like xbox just froze
<izzy_> i look over its looking for mirrors had to login to linksys router n release the ip and renew it
<spiekey> soren: do you or have you ever used some M$ Exchange replacement with syncing mails with outlook clients?
<izzy_> i have to do it every week atlease once
<spiekey> OpenXchange or Group-E or something?
<_ruben> izzy_: jikes
<izzy_> lol
<izzy_> only has happened since i went wifi
<izzy_> no clue why
<izzy_> now another question  upon installing  dns server and lamp server r the two i need for webserver and ftp correct?
<_ruben> dns server isnt really required for running web/ftp .. kinda depends on your needs though
<izzy_> i want to be able to see my webpage / site from across the globe anywhere outside the home network
<izzy_> want to be able to load ftp from outside the house along with inside the home network
<_ruben> dns server is only needed for when you want to host a nameserver for your (or other's) domain(s) .. which *usualy* isnt the case for home users
<izzy_> my domain is a .com  so would i need dns or no?
<_ruben> i doubt that, you'd know if you would ;)
<izzy_> so all i need is lamp server and i should be ok ?
<_ruben> lamp is what you need for serving html+php using apache .. ftp is a seperate install (no task for that (yet))
<izzy_> ya im gonna run pure ftp on it  but my .com is like 80 html pages
<izzy_> with some php
<izzy_> i can always install the lamp server later lol :)
<izzy_> well thanks ruben ^^ uve saved yet another new ubuntu user from sucide :)
<_ruben> that bad eh? ;)
<izzy_> i used ubuntu desktop to learn about it that was devastating lol
<izzy_> it froze up  lost my mouse and keyboard alot of times locked up
<_ruben> nasty
<izzy_> ya than i learnt about ubuntu irc lol
<izzy_> and realized it was impossible to find anyone in there at any time that wasnt super busy
<izzy_> before that i was using Openbsd  which wasnt bad but drove me somewat crazy
<izzy_> now i guess if everything works good ill change most of the laptops over to ubuntu lol
<izzy_> i want to get out of windows b4 it consumes my soul again
<_ruben> never liked the *bsd flavours .. played with freebsd ages ago .. just didnt feel "right" .. currently using windows on desktop and linux (ubuntu and some suse boxes i sttil need to migrate) on servers
<izzy_> ya id like to do a nice setup here in the future i got total of 11 computers  1 gaming 1 ftp/website based   1 Ubuntu server 7.1 lol  and 3 window laptops for remotes in to corp. stuff and 1 for truck driving
<izzy_> plus 4 that somehow got water damaged
<izzy_> in the middle of a Dry spell in the summer  -.-
<izzy_> though to tell u something i didnt know it rained mountain dew
<izzy_> cusin couldnt sit down for 3 days after i got hit lol  old branch from a tree does wonders :)
<izzy_> it*
<_ruben> heheh
<izzy_> so where are you from ruben ?
<izzy_> if u dont mind me asking
<_ruben> mountain dew .. heard a friend of mine talk about it the other day .. tho i think he had it imported or smth
<_ruben> netherlands
<izzy_> ahh
<izzy_> moutain dew its a yellow pop
<izzy_> infact have a bottle next to me
<izzy_> made by pepsi  its yellow taste good lots of sugar and will wire u for atlease 3 hours lol
<izzy_> its like a energy pop drink
<_ruben> As of 2006, Mountain Dew was the fourth-best-selling carbonated soft drink in the United States, behind only Coca-Cola Classic, Pepsi-Cola, and Diet Coke.
<_ruben> quite popular one ;)
<izzy_> oh yes ;)
<izzy_> pizza places sell the major quanities of it
<izzy_> over 11 billion pizza places in the united states sells that product
<izzy_> with over 3 billion new stores opening up each year selling it
<omnz0r> tastes nothing like dew
<izzy_> heh
<izzy_> question  about root user
<_ruben> !root
<ubotu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<izzy_> ya
<izzy_> but
<izzy_> if will ask u for a password correct ?
<izzy_> like if u do a sudo something
<izzy_> it should ask for ur user password that ur log in to right?
<_ruben> correct
<_ruben> atleast, thats the default behaviour
<izzy_> so if userone  pass is us1  and someone else is us3 and there using us1s account n they type in us3 it shouldnt go threw right?
<_ruben> izzy_: eh? not following im afraid :p
<izzy_> oh i was just wondering if two users have two different passwords lol
<izzy_> they cant be interchanged and used on other users account without that users account password
<_ruben> izzy_: sudo (by default) requires password of the user currently logged in, and doesnt care about any other users that might be present
<izzy_> ya thats what i was trying to say
<izzy_> but if i wanted to i could assign a password for sudo right?
<_ruben> you *could* assign a password to the root user (in fact, i do that on my systems), but its not recommended ;)
<_ruben> i do this because my local users dont have passwords
<_ruben> ssh key authentication
<izzy_> ahh
<izzy_> i use to have ssh key auth for the other systems like windows using putty
<izzy_> but i cant figure out how to do it on this
<izzy_> cus it has no auth_key file
<_ruben> private key goes in $HOME/.ssh/identify (default private key that is) .. and public keys goes in $HOME/.ssh/authorized_keys2
<izzy_> oh
<faulkes-> iirc isn't identity v1?
<_ruben> faulkes-: hmm .. wouldnt know really .. would have to check
<faulkes-> $HOME/.ssh/id_{rsa,rda}.pub
<_ruben> you're right
<_ruben> our use of identity probably predates the use of ssh2 ;)
<izzy_> heh
 * _ruben adds another thing to his todo list .. *sigh*
<_ruben> damn thing only increases
<izzy_> lol
<izzy_> welcome to Life ^^
<_ruben> yeah
<_ruben> i get a fair ammount of stuff on my todo list done, except that i add things to it much faster :p
<izzy_> lol
<izzy_> so what kind of servers do u run ruben?
<_ruben> infrastructure mostly: firewalls, loadbalancers, mailservers, monitoring .. and at home: fileservers
<faulkes-> yeah, the entire todo list seems to grow daily vs. the stuff I knock off it
<_ruben> faulkes-: sucks eh? ;)
<izzy_> lol i just want a simplified
<izzy_> server that can handle ftp from any computer
<izzy_> and ftp from this computer to the server in html format to appear on my web site
<izzy_> ^^ thats all i ask lol
<izzy_> but the list keeps growing x.x
<faulkes-> ruben: eh, not such a bad thing, I get to play with nice gear
<faulkes-> and drink alot
<_ruben> faulkes-: im not much of a drinker, but do get to play with nicer gear by the day
<_ruben> faulkes-: kinda like you i'll be getting a nice san to play with in a while :)
<izzy_> i cant imagine the pain in the head it must be to setup a mail server
<_ruben> izzy_: to do it right surely requires some effort ;)
<izzy_> yup agreed there
<izzy_> somedays i miss windows lol
<izzy_> so if i want to ping oh i dont know google.com to be sure i got a good ping how do i type it in so it doesnt ping it 1000 times ?
<faulkes-> ruben: speaking of which, I set it for testing yesterday
<faulkes->  /dev/sdb1             1.8T  196M  1.7T   1% /data
<faulkes-> one of the LV's ;)
<faulkes-> izzy: I would suggest reading the ping man page, which has an explicit option for the count
<izzy_> i did once lol
<izzy_> and it became bad
 * _ruben whispers: -c
<izzy_> it pinged 10000 times b4 it stoped
<_ruben> it pings until you stop it
<_ruben> it shouldnt stop at 10000 unless you told it so
<_ruben> faulkes-: i read smth about that in my backscroll the other day :)
<izzy_> i just typed in ping www.google.com lol
<_ruben> faulkes-: guess 'the other day' was today then :p
<faulkes-> I'm glad it was a relatively trivial setup once I got networking done
<izzy_> 3 packets transmitted 3 rec time 1998ms thats along time isnt it o.o
 * faulkes- notes that dell, dell docs and former consultants all need to be taken out and shot
<_ruben> 99% of our stuff is dell ;)
<faulkes-> wait till I get my hands on that label maker, HQ is gonna be less than pleased at the cartridge costs
<_ruben> desktop/server wise that is
<Jeeves_> !dell--
<ubotu> Sorry, I don't know anything about dell-- - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<faulkes-> don't get me wrong, love my dell's
<_ruben> havent had much trouble with dell so far
<faulkes-> the docs on the gear we have from dell are not as, shall we say, current as they should be
<faulkes-> and then of course add in the rebranded cisco-lite it's almost IOS but not quite switches
<_ruben> we ran on homebrew hardware for years .. then had a few hp server .. but for some reason shortly after that the decision was made (by upper management) that everything would be dell from then on
<faulkes-> simplifies infrastructure to a point
<faulkes-> but networking gear should come from a networking company ;)
<_ruben> :)
<izzy_> well ruben ^^ :) thanks for the help tonight im sure ill see you on later this afternoon for me its time to crash the sun is coming up and im a nite walker lol
<_ruben> faulkes-: which san did you happen to get your hands on btw?
<faulkes-> promise vtrak m500i
<faulkes-> is what it turned out to be
<_ruben> izzy_: i'll be here for another 2 hrs or so and then i'll head home :)
<faulkes-> I was initially told it was "only low end"
<faulkes-> and well, ok, it's not exactly a netapp
<faulkes-> but still, it's 6.5TB that's been sitting around for a good year unused
<izzy_> ill be sleeping for atlease 8 to 9 hours lol i usally wake up in 6 hours from now
<izzy_> ill take a 1.0 TB from anyone that offers it ;) :D
<_ruben> i'll be playing with a dell/equallogic box .. 14 sas disks in raid5/raid10/raid50
 * faulkes- nods
<izzy_> 300 gb >.>
<faulkes-> iirc this has 15 disks @ 456gb each
<_ruben> 456? not 400?
<faulkes-> apparently or so it reports
<izzy_> nite ruben and faulkes ^^ take care
<_ruben> izzy_: i got 2 machines at home that are both around 1TB each ;)
<_ruben> izzy_: g'nite
<faulkes-> I'm not going to argue with it about a measly 50gb ;)
<izzy_> thanks for the help ruben ^^
<izzy_> anyone that wants to send me 1 tb :-D
<izzy_> :d
<_ruben> hehe
<izzy_> ill gladly give my address lol
<_ruben> disks are cheap these days
<izzy_> i now i seen a western digital on new egg for
<_ruben> 750GB for aprox 100 euro these days
<faulkes-> sorry, we already have plans for it to be a our torren^H^H^H database server
<izzy_> 200 bucks for 1tb
<faulkes-> s/server/storage
<faulkes-> disk is cheap
<_ruben> sata that is, sas is still kinda pricey
<izzy_> this 300 i got is sata
<faulkes-> now I just need all the extra hba's to arrive for the blades
<faulkes-> although I am just using open-iscsi right now
<_ruben> hba arent all that spectacular from what i've heard
<faulkes-> probably continue to use open-iscsi as well
<faulkes-> I'll see what the tcp off-loading can do for perf. but otherwise, unless it's a huge difference
<_ruben> if your machine is powerfull enough and has enough spare cpu cycles, software initiator will outperform a hba
<faulkes-> heh, yeah, I don't think cpu usage is an issue for these machines
<_ruben> tcp offloading is smth i plan to look into .. dont think i have any hardware which supports that yet tho
<faulkes-> dual, dual core 3.0ghz xeon's
<izzy_> Dam
<izzy_> i was just ready to hit the hay
<izzy_> x.x
<izzy_> phone rang
<izzy_> grr
<_ruben> cant wait go play with the new server .. dual quad-core with 32GB ram .. 6x300GB sas .. and then the nas hooked up to it as a bonus :p
<faulkes-> that'll be nice
<faulkes-> we're going to need to upgrade the ram in these things sometime soon for what we have planned
<faulkes-> on 4gb a piece right now
<faulkes-> s/on/only
<_ruben> the ram came in the other day .. tho instead of 8 4GB modules, they shipped 8 2x2GB modules .. only 8 slots .. so sent it back
<_ruben> dell blades? we're looking into those for the slightly longer term (as a base of virtualization, as is the dual quad-core i'll be playing with)
 * faulkes- nods
<faulkes-> 1955's right now
<faulkes-> not bad
<_ruben> 1955 .. i think thats what we (me and my manager) were looking at as well
<_ruben> we currently use 860's as web servers and 2850/2950 for db
<_ruben> and an occasional 1950
<izzy_> nite catch ya all later ^^
<_ruben> the dual quad-core is a 2950 i think
<_ruben> izzy_: nite ;)
<elventear> Hello, I am trying to set up a server where the OS disks are on RAID 1 and whenever one of the disks fail, the server should be able to still boot. I've successfully setup everything except the last part. Whenever I yank out one of the drives from the server the system will fail upon reaching initramfs. I think the problem lies in the fact that the raid will fail to assemble if one of the drives is missing and requires using --run
<elventear> I just needed to edit /etc/udev/rules.d/85-mdadm.rules and remove the '--no-degraded' option to make this work. This was quite obscure, I had been looking a solution at least for the past 3 days.
<elventear> And update initramfs
<DBAmethyst> good to hear there elventear
<_ruben> hmm .. that'd be an odd "feature" .. not being able to boot a degraded array
<faulkes-> actually, that's been something plaguing raid1 for quite some time
 * faulkes- has noted it more than a number of times on the forums
<ScottK> It's by design so that you don't accidentally boot a damaged array and lose data.
<ScottK> I'm not saying it's a good design, but it's not by accident.
<faulkes-> noted
<_ruben> hmm .. sounds fair enough, more or less ;)
<_ruben> must admit its a tricky situation at best indeed
<elventear> Hello. Is it possible to configure Ubuntu to treat RAID devices as partitionables from boot?
<N6REJ> afternoon folks... I'm trying to setup a 7.1 server on my LAN.  it will be used for just about everything, including LOCAL only mail.  Its asking for the fqdn.. I have xp, *nix, and OSx systems on this networks so I need something that is network friendly.
<N6REJ> the systems name is Annabelle
<N6REJ> when I say "local" mail, I mean lan only mail.  I should clarify that.
<N6REJ> anyone know the best way to do this?
<pr0le> N6REJ: http://www.redhat.com/magazine/025nov06/features/dns/
<pr0le> you'll need to adjust for ubuntu of course, but it works well
<N6REJ> pr0le: ty
<pr0le> I think it should tell you about how to set up a domain like 'myhome.lan'
<pr0le> part 2: http://www.redhatmagazine.com/2006/12/15/dns/
<N6REJ> yeah.. i c.. ok... I told the mail server just "annabelle" but it should be able to be changed if it needs it.
<N6REJ> !server
<ubotu> Ubuntu Server Edition is a release of Ubuntu designed especially for server environments, including a server-specific !kernel and no !GUI. The install CD contains many server applications. Current !LTS version is 6.06. For more info see https://help.ubuntu.com/community/ServerFaq/ - The #ubuntu-server channel provides specific support
<N6REJ> !vnc
<ubotu> VNC is a protocol for remote desktop. https://help.ubuntu.com/community/VNCOverSSH describes how to use it securely.  It works best over fast connections, otherwise look at !FreeNX
<N6REJ> !FreeNX
<ubotu> FreeNX is advanced remote desktop technology. For more information and install instructions, see https://help.ubuntu.com/community/FreeNX
<soren> N6REJ: Er... What are you doing? :)
<N6REJ> hiya soren!! long time no see
<N6REJ> i'm hooking up a lan server... but its not going to have an accessible con, so i'm looking at how I can vkvm it
<soren> Yeah, I mean: What's up with doing all the !vnc, !freenx etc. stuff?
<N6REJ> I know I can ssh in, but there are times I prefer the desktop
<N6REJ> oh, looking at the suggestions for software to use.. .here.. tell soren about !FreeNX
<N6REJ> !FreeNX > Soren
<soren> I know about freenx.
<N6REJ> its been ages... did you get the beep?
<N6REJ> I don't :D
<soren> the beep?
<N6REJ> you got a suggestion on which protocol to use?
 * N6REJ nm its not important :D  I was just querying the bot for suggestions
<soren> Er... what?
<soren> What do you mean "beep"?
<N6REJ> oh, when I get a directed response it "beeps" me.
<N6REJ> soren like that
<soren> Ah.
<soren> I'm on the server team. I don't do beeps. :)
<N6REJ> its been ions since I setup an ubuntu server
<N6REJ> hahahah
<N6REJ> kk
<N6REJ> well basically what I want is a simple lan server, accessible from the various platforms that I have in the house, and be able to access the "desktop" if I want to, as a kvm would
<N6REJ> I'll primarily use ssh but I'd like the option.
<N6REJ> KISS is very important
<N6REJ> There used to be step-by-step on this.
<N6REJ> soren: I noticed "synergy" also.. I have no idea which is best.
<N6REJ> I think my biggest problem is going to be that all the platforms are VERY differnt.. x32, x64, OSX 32, OSX 64, *Nix 32, *Nix 64 LOL
<N6REJ> soren: you got any recommendations?
<soren> Not really. I just use ssh.
<N6REJ> soren: ok, well i'll try freenx, worst it can do is not work as I expect :D
<N6REJ> soren: oh I do have one quick question if you will please
<N6REJ> I named my server "annabelle" its going to serve mail for the LAN only... the mail will never come to/from the net.  what do I use for a fqdn if anything other then "Annabelle"?
<faulkes-> soren: we still in need of 8.04 iscsi testing?
<good_dana> N6REJ: annabelle.domain.local
<N6REJ> good_dana: ok, what do I change since i've already completed the installation?
<N6REJ> I need to tell apache, and the mail server
<N6REJ> good_dana: i checked all the boxes when I installed.
<good_dana> N6REJ: i'm not sure, i dont have much experience configuring those, i just know what your fqdn should be
<N6REJ> good_dana: good enough.. tyvm
<N6REJ> good_dana: mails the least important service on that server
<kirkland> any one here impacted by Bug #155947 ?
<ubotu> Launchpad bug 155947 in libnss-ldap "ldap config  causes Ubuntu to hang at a reboot" [Undecided,Confirmed] https://launchpad.net/bugs/155947
<nawty> guys, anyone know why daemontools-installer isn't available in hardy?
<nawty> ah, svtools.
<nawty> or not.
<nawty_> oh, i hate these fools
<nawty_> they reset the wireless randomly
<nawty_> cause obviously, that's going to solve the connection problems, right? :P
<mindframe-> nawty_: if in doubt, pres butan
<nawty_> yeah, that's about right.
<izzy_> _ruben: you still on?
#ubuntu-server 2008-04-08
<BockBilbo> hello
<BockBilbo> ive just removed the log files for postfix and courier at /var/log/ and wanted to create empty ones
<BockBilbo> anyone here knows which are the file permissions for thos files?
<BockBilbo> /var/log/mail.log, mail.info, mail.warn and mail.err y think
<BockBilbo> i also need to know the owners if its possible ... thanks
<mathiaz> BockBilbo: http://paste.ubuntu-nl.org/62474/ - on hardy
<BockBilbo> thanks mathiaz
<donspaulding> how can I tell if anacron is running my /etc/cron.daily/* jobs?
<BockBilbo> anacron = cron?
<donspaulding> sure
<BockBilbo> if so, just create a simple script to add a timestamp to a file and check the file 2 or 3 days after lol
<BockBilbo> :)
<donspaulding> BockBilbo: I was actually looking to discover where cron logged to.  just syslog?
<mathiaz> donspaulding: check in /var/log/syslog
<mathiaz> donspaulding: anacron and cron are two different things
<donspaulding> mathiaz: I thought anacron was just an alternative to cron.  anacron==cron where "cron" means the daemon that runs tasks on my system.
<mathiaz> !anacron
<ubotu> Sorry, I don't know anything about anacron - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<mathiaz> donspaulding: check the description of the anacron package
<donspaulding> mathiaz: will do
<donspaulding> is there a way for me to find the date my system was installed?
<mathiaz> donspaulding: /var/log/installer/
<donspaulding> nevermind, ls -l /bin/sh gave it to me
<n6rej> i'm having a problem I think with my samba and dhcp config.
<n6rej> I followed the directions, set network to dhcp and for somereason i can't ping the server from the server
<n6rej> nor can I reach it from its name.
<donspaulding> mathiaz: does ubuntu use anacron by default?
<mathiaz> donspaulding: ubuntu-server - no
<mathiaz> donspaulding: ubuntu-desktop yes
<donspaulding> hmm, so anacron logs to a file the last time it ran a command, does crond do something similar?
<n6rej> mathiaz: does something need to change in order for a server to recognize its ip from dhcp?
<mathiaz> donspaulding: check /var/log/syslog
<donspaulding> yeah, for some reason my /var/log/syslog hasn't changed since my install date, 5 months ago.
<mathiaz> n6rej: is your dns server setup correctly ?
<mathiaz> donspaulding: and /var/log/messages ?
<mathiaz> donspaulding: make sure that syslog is running
<n6rej> mathiaz: honestly, probably not.. its just a lan server.. I'm pulling the ip from my router..
<n6rej> mathiaz: its been several years since i've done this, I'm rusty as heck :(
<mathiaz> n6rej: then if you ping the hostname, it won't work
<n6rej> mathiaz: right, i'm thinking that somehow I've got to tell /etc/hosts how to find the ip...
 * n6rej supposes he could put it back to static, as its really no problem... just was trying to be conistent
<mathiaz> n6rej: the hosts file on the server should have an entry for itself
<mathiaz> n6rej: under 127.0.1.1
<infinity> echo -e "12.34.56.78\thost.domain\thost" >> /etc/hosts
<donspaulding> mathiaz: ouch, it's not.  And I can't seem to start it.
<n6rej> mathiaz: under 127 its localhost, but the next line is 192.168.1.69 annabelle which was the static ip...
<n6rej> :S
<infinity> (But, uh, that's silly if you're DHCP isn't static DHCP)
<donspaulding> I'm actually installing it now, even though the /etc/init.d script was in place
<n6rej> infinity: so I should just put it back to static?
<donspaulding> mathiaz: I can probably track things down from here, thanks for all your help.
<infinity> n6rej: Up to you... The only static host in my network is my DHCP server... On the other hand, all the rest are "semi-static" (assigned by MAC), and my DNS server knows about all of them.
<n6rej> infinity: well dhcp is server by the router.
 * n6rej ugh can't type what I'm thinking
<n6rej> the router is the network dhcp server
 * n6rej least its supposed to be the only dhcp server
<n6rej> and samba on my lan sever is serving as a WINS server
<n6rej> infinity: can you take the time to help me get my dns setup right?
<mathiaz> n6rej: check the Dns section in the Server Guide : https://help.ubuntu.com/7.10/server/C/dns.html
<sommer> heh, just going to recommend that :)
<sommer> n6rej: the DNS section in the for hardy is probably better though: http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<sommer> should be the same if you're running gutsy
<BockBilbo> well, thanks again mathiaz
<BockBilbo> im going to bed
<BockBilbo> bye!
<n6rej> sommer: i want a caching or secondary?
<sommer> probably just caching if you have an outside domain
<sommer> you could also setup a primary "internal" domain
<n6rej> sommer: yeah i have several.. ok, i'll look at that.. i found ..http://www.redhat.com/magazine/025nov06/features/dns/
<n6rej> sommer: which seems to be talking about what you just mentioned.
<sommer> yep, it's all bind9 just differences in installation and configuration file location
<n6rej> sommer: yeah, i'm looking at both documents to make sure i go the right places... I haven't touched this kinda stuff in 14 years :(
 * n6rej feels like a rusty hull on the bottom of the ocean :S
<sommer> heh, just take baby steps :-)
<n6rej> sommer: quick question.. right now my /etc/hosts file says
<n6rej> 127.0.0.1 localhost
<n6rej> 192.168.1.69 annabelle annabelle.lan
<n6rej> now that last entry is wrong now cause its not static anymore.
<n6rej> so what do I do there?
<sommer> you could just comment it and change 127.0.0.1 localhost to 127.0.0.1 annebell annebell.lan
<n6rej> sommer: ok great, cause i'm sure thats what the main problem was... ty
<n6rej> now to dns :D
<sommer> np
 * n6rej nose to the grindstone time
<SaschaRed> how do I add someone to the sudoers files
<SaschaRed> file
<michalski> do you have a gui?
<SaschaRed> nope
<kgoetz> SaschaRed: visudo
 * michalski forgets how
<SaschaRed> is there a way to do it in nano
<michalski> sudo nano /etc/sudoers
<michalski> wait...nope :P
<kgoetz> SaschaRed: visudo uses the default editor, which on new ubuntus is nano
<SaschaRed> well this works too
<kgoetz> strictly i supposeit uses $EDITOR
<SaschaRed> so where do I add the name
<kgoetz> ...
<kgoetz> SaschaRed: what are you trying to do?
<SaschaRed> never mind
<SaschaRed> I got it
<SaschaRed> thank you all
<kgoetz> np
<mEck0> Hi guys! I want to set up a server running Ubuntu Server, which I want to use for backup computers in the lan, version control systems (svn, mercurial...), and as a file server. I have a computer with a P2 300Mhz cpu, about 288MB SDRAM, IBM 8GB Bigfoot hdd (want to add another large disk too). Is it enough for this purpose? even as a fileserver in a small lan?
<sommer> mEck0: for that might be a little underpowered for a file server, but should do fine for the rest of the services you listed
<sommer> for me that is
<mEck0> okay, so its maybe better to build a new server? or what should I do?
<sommer> if you have another machine I'd seperate the file service from the rest
<mEck0> it would be nice if I could play music/movies from the server through the network. So it is to slow for this?
<mEck0> okay
<sommer> ya, I'd think you'd want more memory for that and a faster cpu
<mEck0> Would a Intel Dual Core E2160 1.8GHz 800MHz 1MB cache with 1 or 2GB DDR2 be good?
<sommer> heh, I'd think that would do fine... just fine :)
<mEck0> =) fine like in overkill? :D
<sommer> na, but you could probably combine all your services onto one machine with those specs
<mEck0> okay, because those components are kind of cheap here
<sommer> than I'd definitely go bigger, better, faster
<mEck0> you mean if you would build a new server, you would buy better stuff?
<sommer> heh, the best that fits the budget
<mEck0> hehe
<lamont> the mailserver for my local lan is a dual PIII-933
<lamont> which is normally very idle
<mEck0> okay
<lamont> OTOH, it just does mail and DNS
<mEck0> wouldn't even be possible to play music from my 300Mhz computer from another on the lan?
<lamont> good question...  100MB lan, or 10MB? :)
<mEck0> 100MB
<lamont> the real question is really one of disk and lan speed getting the bits to your machine, and then whether or not the CPU can process bits fast enough
<mEck0> yep
<lamont> the slow box in the house is a P2-233, which is a print server and nothing more.
<lamont> it pretty much is idle as well
<lamont> interesting... Upgraded from dapper to hardy, and the drives changed from hda to sda
<mEck0> weird :S
<mEck0> what do you think of if I use the 300Mhz server for everything I listed above except file server... I mean, would you use an so old hdd (8GB IBM Bigfoot) for backing up stuff? or do you think it's not reliable enough?
<lamont>  /dev/md2              27292844  11290200  14616244  44% /home
<lamont> that's the mail server, which has a small /home
<lamont> on raid5
<mEck0> :)
<lamont>  /dev/md1             679749632 439431120 226510636  66% /home
<lamont> that one is more to my likiung
<lamont> liking, even
<lamont> hrm... I should clean that up some
<lamont> 8GB drives tend to hit the trash or get taken apart for the shiny shower-mirrors they have inside...
<mEck0> ok, I see
<lamont> OTOH, the P2-233 has a  6GB HD.
<lamont> :-)
<lamont> but was a glorified lan-to-USB adapter when it went into service. :)
<lamont> since I couldn't get the USB cable to fit into the RJ45 connector.... :)
<lamont> it's also listed as first against the wall, esp since said USB printer died.
<mEck0> hehe =)
<lamont> which is why it was the first machine I tested the dapper->hardy upgrade on.
<owh> What's with the /topic? The https://wiki.ubuntu.com/ServerT page does not exist.
 * owh guesses that it was supposed to be: https://wiki.ubuntu.com/ServerTeam
<kgoetz> its been cutoff
<soren> Hmm... Yeah, I wonder when tat happened.
<owh> I suppose we could go through the IRC logs if you really wanted to know :)
<owh> We could even "point" the finger :)
<soren> I just did.
<soren> :)
<soren> It's been a month!
* soren changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved || Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || http://www.catb.org/~esr/faqs/smart-questions.html ||  Be patient.  Don't ask to ask, just ask.  || server guide: https://help.ubuntu.com/7.10/server/C/ || https://wiki.ubuntu.com/ServerTeam
<kgoetz> :D
<owh> So much for being observant around here :)
<kgoetz> sif read /topic :p
<SaschaRed> dammit!
<yarddog> !
<kgoetz> :'(
<SaschaRed> for some reason my server is not forwarding correctly
<SaschaRed> http://97.90.224.132/
<SaschaRed> but it's working inside the network
<SaschaRed> ideas?
<lamont> forwarding what?
<SaschaRed> i can't see it outside of the net
<SaschaRed> it's running apache
<SaschaRed> sorry
<kgoetz> so have you setup your mode/mrouter yet?
<SaschaRed> the server is set as the DMZ
<SaschaRed> web is port 80 right
<SaschaRed> we are running ubuntu 7.10 server
<SaschaRed> please help we are almost crying :(
<SaschaRed> i think our ISP may be blocking us
<soren> If htat's the case, there's not much we can do to help.
<SaschaRed> still
<SaschaRed> yea
<SaschaRed> that would piss me off
<kgoetz> tried running on a different port?
<SaschaRed> what's the point for having a ten meg connection if the don't let you run servers on it
<SaschaRed> kgoetz, I just PMed my buddy to switch the port
<soren> SaschaRed: Something's responding to ssh on that port.
<SaschaRed> but I think he may of fell asleep
<soren> The authenticity of host '97.90.224.132 (97.90.224.132)' can't be established.
<SaschaRed> yeah ssh works
<soren> Is that the fingerprint of the server?
<SaschaRed> that's how I am in
<soren> Ok.
<SaschaRed> yes
<soren> Well, then it might very well be your ISP blocking it.
<SaschaRed> fuckers
<SaschaRed> well I guess I am going to bed now
<SaschaRed> i wonder if we can set the DNS to connect to a non standard port
<soren> THat's not how DNS works :)
<soren> https might work, though (until they choose to close that, too).
<SaschaRed> is there a way to proxy it
<soren> Sure, if you have a host that's not blocked in the same way.
<kgoetz> although proxying a server will be a pita
<n6rej> i'm having a heck of a time... I've followed the directions as closely as I know how and I can't access my server by its fdqn
<kgoetz> from where, and how are you accessing it?
<n6rej> kgoetz: same network but on a windows box
<n6rej> when I ssh in via the ip and run for hname in annabelle; do host "$hname"; done it says it don't know anything about annabelle
<kgoetz> so you ssh'd to the server, then ran host?
<n6rej> kgoetz: yes'r
<n6rej> kgoetz: b4 I spent hours with dns, I could use wins to get to it, but now I can't
<n6rej> kgoetz: i also added 2 iptables rules if that matters
<kgoetz> n6rej: pastebin the contents of /etc/hosts and /etc/hostname . also /etc/nsswitch.conf
<kgoetz> n6rej: what dns server are you using?
<n6rej> kgoetz: bind9
<n6rej> ok, one moment plz
<kgoetz> n6rej: do hostname lookups work when you disable the server?
<n6rej> kgoetz: what do you mean?
<n6rej> kgoetz: turn bind off?
<kgoetz> yes
<n6rej> kgoetz: idk let me try that
<n6rej> kgoetz: no by ip only
<n6rej> kgoetz: wait
<n6rej> it took a while but it finally did
<kgoetz> so hostname works when bind is off?
<kgoetz> hm
<n6rej> kgoetz: ok, i tried in apache annabelle.lan (failed ) www.annabelle.lan ( failed ) annabelle (sucessess )
<n6rej> kgoetz: ssh, worked with annabelle also
<kgoetz> n6rej: how are you advertising the name 'annabelle'?
<n6rej> kgoetz: i'm not sure
<n6rej> kgoetz: i'm using samba as a wins server and told my xp to use 192.168.1.69 as my wins server
<kgoetz> n6rej: have you pastebinned those files?
<n6rej> kgoetz: should I tell the router the wins server ip also?
<kgoetz> bbs
<n6rej> kgoetz: no let me do that
<n6rej> kgoetz: http://pastebin.com/m2a77f605
<kgoetz> n6rej: change /etc/hostname to not have .lan on the end
<n6rej> kk
<n6rej> done
<n6rej> kgoetz: ok, that part is done
<kgoetz> n6rej: now running `hostname` `hostname -d` `hostname -f` should give the correct output.
<n6rej> kgoetz: hostname returns annabelle.lan -d returns lan and -f returns annabelle.lan
<n6rej> kgoetz: i think i need to restart something
<kgoetz> n6rej: `hostname` should only return annabelle
<n6rej> kgoetz: does the kernel reset the hostname on reboot?
<kgoetz> n6rej: i'm trying to remember
<n6rej> cause I ran a kernal name command at one point
<kgoetz> n6rej: run `sudo hostname annabelle` , that should set it
<n6rej> kgoetz: found it sysctl kernel.hostname=annabelle.lan
<kgoetz> n6rej: is that something you set?
<n6rej> yes, I ran that b4 I rebooted
 * kgoetz has never seen the hostname set there before
<n6rej> kgoetz: i found the command searching the net LOL
<kgoetz> n6rej: check in /etc/sysctl.conf and mak sure theres no entry there, then run the hostname command i just gave you
<n6rej> kgoetz: nothing that has my server name in it
<kgoetz> n6rej: cool
<n6rej>        /sbin/sysctl -n kernel.hostname
<n6rej>        /sbin/sysctl -w kernel.domainname="example.com"
<n6rej> is what the man page shows
<n6rej> ok now hostname is annabelle  -d is lan and -f is annabelle.lan
<kgoetz> cool. hats asit should be
<n6rej> kgoetz: restart bind now?
<kgoetz> *thats as it
<kgoetz> n6rej: yeap
<n6rej> kg Apr  8 00:22:29 annabelle named[4911]: /etc/bind/db.lan:1: no current owner name
<n6rej> kgoetz: still can't ping annabelle.lan
<kgoetz> n6rej: that doesnt look like bind started properly
<n6rej> kgoetz: http://pastebin.com/m17a9b756
<n6rej> kgoetz: http://pastebin.com/m8e141bf
<n6rej> kgoetz: http://pastebin.com/m668b3870 (reverse)
<kgoetz> btw. you might want to avoid using .lan, some of the mDNS systems use it
<n6rej> kgoetz: OH
<n6rej> kgoetz: what would you recommend?
<kgoetz> n6rej: and i suggest asking #bind for config help - i'm pretty useless with it
<n6rej> kgoetz: don't feel bad I am too :(
<kgoetz> n6rej: pretty much anything thats not .lan or .local
<n6rej> kgoetz: weird I thought those were reserved
<kgoetz> technically they are, just like 169.254/16 (iirc thats correct ...)
<n6rej> kgoetz: weird.. well I changed it to .home
<n6rej> that should be safe
<n6rej> kgoetz: yeah, binds not starting its complaining about no owner.. so I have to figure that out.
<kgoetz> n6rej: can you pastebin the error?
<n6rej> sure.
<n6rej> Apr  8 00:35:34 annabelle named[5074]: zone home/IN: loading from master file /etc/bind/db.home failed: no owner
<n6rej> kgoetz: thats in the syslog file
<n6rej> bind acts like its starting
<kgoetz> n6rej: is that all it tells you?
<n6rej> kgoetz: yep
<n6rej> lol
<kgoetz> :|
<kgoetz> run `ls -lh /etc/bind/db.home` and check it has the correct perms
<n6rej> kgoetz: got rid of the error
<n6rej> kk
<n6rej> 644
<godfreyhk> can anyone teach me how to partition my server?
<godfreyhk> My knowledge is a bit outdated
<n6rej> godfreyhk: what are you trying to do with it, that dictates alot of it.
<godfreyhk> I have a testing/staging web(php/RoR/MySQL) server here which has 5512MB RAM and 1 80GB hdd and a 60GB hdd.
<godfreyhk> Hmm, you no longer need a dedicated /boot right?
<n6rej> right but sometimes it runs better.. 7.1 seems to be well behaved that way
<godfreyhk> last time I assigned a 10MB /boot for my home computer and it ran out of space when I am upgrading the kernal :S
<n6rej> oh yeah, 50mb is pretty "standard"
<n6rej> you don't need it though
<n6rej> least I didn't use it this time
<n6rej> first time I haven't LOL
<n6rej> do you have an "idea" how you want to partition it?
<godfreyhk> I am not sure, I think there is way more space than I need
<n6rej> *nods*
<godfreyhk> so the thing is how to distribute them across the two hdd
<n6rej> godfreyhk: there is a system whereby you can "link" those drives so they appear as one... a psuedo raid if you will
<kgoetz> godfreyhk: 50-100mb for a seperate boot is handy
 * n6rej nods
<kgoetz> godfreyhk: if you split up partitios, /tmp should be seperate
<n6rej> kgoetz: yeah but how big for tmp? 1g?
<n6rej> same with home LOl
<godfreyhk> okay. So now a need a /, a /boot and a /tmp
<kgoetz> keeping /usr/local/ and var seperateis good too
<n6rej> godfreyhk: def need a swap.. even if its only 256M
<godfreyhk> oh right :P
<kgoetz> although you only need a /usr/local if your building stuff from source
<kgoetz> of course, if its not in a hostile environment you can ignore all that and use one partition if you want ;)
<n6rej> i think if it was me I would "guestimate" how big i needed for /home and then set that as a seperate partition too
<kgoetz> also /home seperate might help
<godfreyhk> actually should I be storing the web stuff in /var ? or should I store it in someone's home?
<n6rej> so make /root 80G /boot 100mb /swap 1G ( you go the room ) /home ???
<kgoetz> or in /srv? ;) depends what it is usualy
<n6rej> god now /var should be own baby.. so you can jail it if you need to
<n6rej> there you go give the rest after home to /var :D
<n6rej> all done
<godfreyhk> thanks for the help guys :)
<n6rej> so maybe 15G or 20G for /home incase you want to use samba for anythign or nfs
<godfreyhk> let me do the math
<n6rej> depends on the # of users
<n6rej> 5G for /home should be plenty for normal "nix" users
<n6rej> most important thing is to decide which is going to need more space www or / and let that one have the 80g
 * n6rej swears he hates bind with a passion
 * kgoetz suggests dnsmasq
<n6rej> kgoetz: yeah but how much "rework" would that require?
<godfreyhk> gee
<godfreyhk> I just realized I have a HUGE typo up there
<godfreyhk> 5512 MB RAM, lol
<kgoetz> n6rej: about a dozen lines of config
<n6rej> kgoetz: gosh... that would be nice LOL
<kgoetz> godfreyhk: i assumed it was wrong ;)
<kgoetz> n6rej: its not as classy as bind, but hey :)
<n6rej> kgoetz: the ONLY thing I need it for is the lan, i dont' need it to server dns LOL
<n6rej> s/server/serve/
<n6rej> godfreyhk: how much ram do you have?
<n6rej> 512
<n6rej> ??
<kgoetz> n6rej: i assume you mean you only need it to host dns for the lan
<n6rej> kgoetz: yeah, i'm getting tired lol
<n6rej> the clients are all dhcp'd to teh router and they work fine
<n6rej> so really all it needs to do is handle enough dns for apache and wins
<kgoetz> should work. read teh config file, you might be pleasently supprised
<n6rej> i could really hardcode hosts files lol
<godfreyhk> n6rej: yea, 512
<n6rej> everyones asleep in the bind camp
<n6rej> godfreyhk: thats not much, better make ur swap 2G then
<godfreyhk> okay.
<kgoetz> 512 is heaps (until he installs php :P)
<n6rej> lol yeah
<n6rej> i'm just as bad I've only got about 480
<kgoetz> in your server?
<n6rej> php,perl, mysql,apache, bind, dovecot lol
<n6rej> yep
<godfreyhk> actually, I need to spare like 8M for my built in display :(
<n6rej> godfreyhk: what kind of ram does it use?
<kgoetz> godfreyhk: why?
<kgoetz> give teh display 512kb and use the ram for something useful
<godfreyhk> n6rej: hmm, they didn't tell me, SD perhaps? :P
<n6rej> you know what motherboard?
<kgoetz> godfreyhk: how old is it?
<godfreyhk> kgoetz: last time I couldn't figure out where can I do that in the bios, I'll try again tmr
<pingu> Hey, anyone here know how to make nsswitch.conf look at /etc/{passwd,shadow,group} AND another file?
<godfreyhk> kgoetz: er, very, I think
<kgoetz> godfreyhk: if its less then 22 years old its not as old as my systems :p
<n6rej> thats the beauty of *nix it don't care that your using a model "A" for the engine :D
<kgoetz> *some of my systems
<godfreyhk> it used to be the production box in my faculty's student society... now they've decided to retire it so now it became my sandbox :)
 * kgoetz guesses P3
<kgoetz> 80% probablility of sdram
<n6rej> kgoetz: thats what mine is  p3 - 933
<godfreyhk> oh, actually, I could ssh in there and check
<n6rej> running pc133 ram lol
<kgoetz> n6rej: i have a couple of servers, of totally different spec ;)
<n6rej> kgoetz: i have to have a recipe box now... I have 6 domains on a hosted box, and then my lan with all its clients
<godfreyhk> surprise! a P4 1.8, DDR 333
<n6rej> and every machien is a diff platform lol
<kgoetz> godfreyhk: :o
<n6rej> godfreyhk: OH pc3200
<kgoetz> n6rej: what do you have?
<n6rej> that ram is FAIRLY inexpensive now
<godfreyhk> well, I am just playing around with this one
<n6rej> b/w g3 500 1G, xp 32 3800+, x64 2800+, xp32 Athlon 1700+ lol
<kgoetz> servers i have sparc32+64+alpha+ia32+amd64+powerpc off the top of my head
<kgoetz> (as my main arch's)
<n6rej> nice
<godfreyhk> after I gets familiar with setting up/managing the server I'll go for a VPS hosting
<godfreyhk> * get
<n6rej> i want a mac pro so bad I can taste it
<n6rej> godfreyhk: look at tiger direct for pc3200 ram.. thats what your box takes.. I think 1G is like $30 right now.. maybe less
<n6rej> scratch that.. pc2700 and nm tiger lol got o computergeeks.com
<n6rej> s/got/go to/
<n6rej> its $10 at computergeeks, I know cause I just bought a stick
<n6rej> 333=pc2700
<godfreyhk> right.
<godfreyhk> I never knew how to do that math
<godfreyhk> 333 <-> 2700 stuff
<n6rej> i just bought 1G for $10 :D with $1.99 shipping
<n6rej> me niether... I just try to memorize it.
<godfreyhk> hmm... too bad it seems like they won't ship to canada
<n6rej> wth?
<n6rej> godfreyhk: well if you buy from tiger pc2700 is pricey now :(
<n6rej> pc3200 is cheap compared to it
<godfreyhk> well.. I guess I could try it out first
<godfreyhk> I mean
<godfreyhk> try setting it up first
<godfreyhk> then go hunt for some cheap ram :)
<godfreyhk> so, [/boot: 100MB, swap: 2GB, /usr/local: 5GB, /: remaining] <- 80   [/tmp: 5GB, /home: remaining] <- 60
<godfreyhk> does that make sense to you guys?
<godfreyhk> or should I be putting the swap in the 60G?
<kgoetz> try and spread load. if you'll have lots of access to /home, put swap on the other drive. if you'll hae lots of access to /, put swap on the 2nd drive
<godfreyhk> I guess it will mostly be accessing / (all the web stuff)
<kgoetz> if the web stuff is in /var/, and /var is in /, then yes ;)
<godfreyhk> so swap on 60, okay got it :)
<godfreyhk> or should I make a separate /var partition?
<godfreyhk> is there any advantage for doing that?
<kgoetz> mainly security/splitting load
<godfreyhk> security, as in setting quotas?
<kgoetz> and setting filesystem r/w access
<godfreyhk> I see.
 * n6rej_ stupid windows is still pulling a .100 ip for annabelle
<kgoetz> n6rej_: 'pulling'?
<n6rej_> ok, this is strange..for some reason annabelle has a .100 ip according to windows
<kgoetz> how did you determine that?
<n6rej_> kgoetz: cause I pinged "annabelle"
<kgoetz> n6rej_: did you add anything to your doze hosts file?
<n6rej_> whats REALLY weird is now that I've removed bind and installed dnsmasq the host command is working perfectly
<n6rej_> yeqah, let me see minor change
<n6rej_> 127.0.0.1       localhost
<n6rej_> 192.168.1.69    annabelle
<n6rej_> /etc/hosts (END)
<n6rej_> then i told dnsmasq to NOT serve dhcp
<kgoetz> n6rej_: what about on teh *windows* box?
<n6rej_> root@annabelle:/etc/network# for hname in annabelle; do host "$hname"; done
<n6rej_> annabelle has address 192.168.1.69
<n6rej_> annabelle mail is handled by 1 annabelle.
<n6rej_> its being told to use wins
<n6rej_> and i told the router to make .69 static and to make it teh wins box
<n6rej_> wth? grrrrrrr
<n6rej_> nic thief
<n6rej_> can't remember how to ghost
<kgoetz>  /msg nickserv ghost nickname password
<kgoetz> and you still havent answered my question about th windows box
<n6rej> kgoetz: i said "ping annabelle" and it said 192.168.1.100
<kgoetz> n6rej: 15:57 < kgoetz> n6rej_: did you add anything to your doze hosts file?
<n6rej> and I already ran ipconfig /flushdns
<n6rej> OH :(
<n6rej> let me look
<n6rej> nope not recently, its bland
<n6rej> blank
<godfreyhk> hey guys I g2g
<kgoetz> n6rej: run host on teh doze box
<kgoetz> godfreyhk: later mate
<godfreyhk> thanks again for your help :)
<n6rej> later godfreyhk
<n6rej> kgoetz: kk. stupid thing
<n6rej> kgoetz: hahahahah found it
<n6rej> kgoetz: forgot to restart samba!
<n6rej> and since its serving wins it was using the cached ip
<n6rej> kgoetz: nuts now apache says it can't figure out the fqdn....looking
<kgoetz> n6rej: rerun the host commands ( -a -f -d) on th eserver and make sure your gettin the right output still
<n6rej> kgoetz: nope... hostname pulls annabelle, same with -f and -a and -d show nothing :(
<kgoetz> n6rej: so its giving ... the correct data, the wrong data?
<n6rej> BUT, annabelle does return fine.
<n6rej> well, to be honest I'm not sure... if I just want to reach the server by annabelle then its fine except apache don't like it.
<n6rej> probaby cause there's not ptr
<n6rej> kgoetz: and quite frankly i don't care if I reach it by typing BS in LOL
<kgoetz> apache doesnt care about your external dns
<kgoetz> it cares that it cant get an fqdn
<n6rej> kgoetz: i think i probably misesd a step or 2 in the dnsmasq config
<n6rej> kgoetz: yep.
<n6rej> kgoetz: ok, so, we don't have a fqdn anymore
<n6rej> cause it told me to take the .home off of /etc/hosts
<kgoetz> n6rej: 'it'?
<n6rej> kgoetz: dnsmasq instructions
 * kgoetz has a proper domain name, so doesnt need to try and make them up
<kgoetz> so i didnt face this particuar problem ;)
<kgoetz> n6rej: where in the instructions?
<n6rej> kgoetz: http://www.enterprisenetworkingplanet.com/netos/article.php/3377351
<n6rej> kgoetz: i left this as it is, cause i didn't understand the '/' #local=/localnet/
<kgoetz> n6rej: where abouts in teh article?
<n6rej> kgoetz: "easy local dns server" bottom of page 1
<kgoetz> n6rej: you dont need to worry about local=
<kgoetz> and i dont knwo what the article is saying about removing the domain names
<kgoetz> btw http://www.ietf.org/rfc/rfc2606.txt i'm sure theres a 2nd rfc about .local and .lan
<kgoetz> http://www.faqs.org/qa/rfcc-1776.html looks like thier unoffical
<n6rej> kgoetz: wow
<n6rej> i hate to do this now but I've got to crash... dr day t/m and my wife is harping on me
<n6rej> its 0200 here
<kgoetz> heh. sleep well mate, i'll catch you another day :)
<n6rej> yep thanks for your help
<kgoetz> just fix your /etc/hosts
<kgoetz> or go to sleep :| :P
<kraut> moin
<kgoetz> ello
<mckulk_>  i cant find supported tv cards by ubuntu. https://wiki.ubuntu.com/HardwareSupport for looking suported tv card. do i have to look in multimedia sections?
<_ruben> jesus ... have you even *tried* looking there?!
<_ruben> (the same question was asked and answered in #vmware, in case someone wonders)
<forensti_> i have a pci tv card, (philips alpha) but that dont work with linux i think. can any one give advice to which new tv card should i buy that will work and is easily available (welknown)?
<faulkes-> morning mathiaz
<mathiaz> hiya faulkes- !
<kraut> which kernel do i need on ubuntu/dapper to boot a galaxy 4200 with lsi-controller?
<kraut> i thought, sun galaxies are now supported by ubuntu, but the machine won't boot with the newest dapper-kernel.
<\sh> kraut, is it Sun Fire X4200?
<kraut> GAH, packages.ubuntu.com is broken
<kraut> \sh: sorry, it's a x4100
<kraut> i'm just evaluating under it, but normally we use x4200
<\sh> http://www.ubuntu.com/partners/sun ... hmm should be amd64...
<Jeeves_> kraut: It should work without a problem
<kraut> Jeeves_: which kernel?
<Jeeves_> kraut: Any
<mathiaz> kraut: what do you mean by "it won't boot" ?
<kraut> 2.6.15-51 isn't booting
<kraut> mathiaz: busybox comes up and can't find any boot-device
<kraut> and i can't find my raiddisk under /dev/sd*
<mathiaz> kraut: at install time ? on reboot ?
<kraut> reboot
<mathiaz> kraut: have you looked in dmesg to see which block device have been created ?
<kraut> it's a installed system with my custom-kernel
<mathiaz> kraut: so the install is working
<kraut> sorry, not on that way
<kraut> mostly, we are using not the normal installer, it's a selfmade one
<kraut> the system is installed and i just want to try the official ubuntu kernel
<kraut> anyone got a hint?
<kraut> doods!
<Jeeves_> kraut: Rebuild the initrd with ths LSI driver
<kraut> Jeeves_: i just thought the same
<kraut> but if i understoot it correc,t i need first install linux-backport modules
<kraut> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/37452/comments/60
<ubotu> Launchpad bug 37452 in linux-source-2.6.15 "fusion mpt sas driver does not find a RAID1 disk during installation(Sun Galaxy X4200 and X4100, Dell SASR5/i)" [High,Confirmed]
<kraut> still the same problem
<kraut> installed linux-backport modules and updated every initramfs by update-initramfs -u -k all
<Jeeves_> kraut: I have several X4100/X4200's running on Dapper
<kraut> me, too. but not with the official kernel
<kraut> do you use lvm?
<kraut> *head -> table*
<kraut> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/37452
<ubotu> Launchpad bug 37452 in linux-source-2.6.15 "fusion mpt sas driver does not find a RAID1 disk during installation(Sun Galaxy X4200 and X4100, Dell SASR5/i)" [High,Confirmed]
<wo0f> hi
<wo0f> do any of you use screen?
<sommer> yes
<wo0f> how can i stop 'users' from showing all the screens i have open as multiple logins
<wo0f> and instead only show 1 instance of a login
<wo0f> ?
<sommer> not sure that you can
<sommer> unless you disallow ps ?
<wo0f> disallow ps?
<kraut> a user could allways see his own screen
<kraut> and as root it's allways possible to see every screen of every user
<wo0f> ahhh
<wo0f> so when another user does 'users'
<wo0f> it will only display one?
<wo0f> unless its root obviously
<wo0f> ?
<wo0f> and whats ps?
<sommer> ps - report a snapshot of the current processes... I thought that's what you meant when users were able to see your logins
<kraut> Jeeves_: dude, could you give me please a initramfs of a galaxy with amd64 arch?
<Jeeves_> kraut: It's de normal default Ubuntu initrd!
<kraut> Jeeves_: i know, but i just want to see in it, please
<kraut> the issue must be their and i have an idea, what it is
<kraut> s/their/there
<Jeeves_> kraut: http://www.prevented.net/~mark/initrd.img-2.6.15-51-amd64-k8
<kraut> thanks a lot
<kraut> the related modules are completly different
<kraut> fine, i now got completly the same modules
<kraut> let's try
<kraut> strange, it's still not finding the array
<kraut> i'll give it tomorrow another try, bye
<Jeeves_> see ya
<jcastro> mathiaz: soren: feel free to add some -server sessions here: https://wiki.ubuntu.com/UbuntuOpenWeek/Prep
<elventear> Hello. I have an LVM LV on a VG on a PV that sits on a partitionable RAID1. When I created the LV I was able to mount it and everything worked. I have rebooted to test it and now I can't get the VG to show using vgscan. Is this because I have used a partitionable RAID (ie. /dev/md_d0p1)?
<blue|palm> Hi, is there any difinitive source for learning how to setup, use and manage a LAMP server (ubuntu in this case)? I've started with web development, and I would like to set up a sort of a test machine to host some of the web applications i've been working on...
<kraut> www.apache.org
<kraut> www.mysql.com
<kraut> there you will get some good docs
<blue|palm> kraut, thanks.
<Deeps> www.ubuntu.com has a lot of community docs relevant to ubuntu specifically
<Deeps> ubuntuforums.org has a lot of discussion where you'll find most of the common problems have already been adressed
<kraut> the ubuntu-wiki is also really helpfull
<warchief_ryan> does it have to be ubuntu specific? http://www.debianhelp.co.uk/debianserver.htm
<kraut> but in that case it would be also good, to read the docs from apache and mysql
<blue|palm> no it doesn't HAVE to be ubuntu specific... its just that most of my experience is in either ubuntu or gentoo, and i don't feel like going through a gentoo install right now
<Deeps> ubuntu+debian are very similar, so debian docs will often match very closely to what you'd do in ubuntu
<blue|palm> thanks all!
<blue|palm> I'm sure this is enough to get me started
<youngmusi1> Hey. I just tried to shrink a raid partition with 'mdadm --grow /dev/md10 --size=123456789...' but 'cat /proc/mdstat' shows that nothing changes. No error message either. Am i forgetting something? The raid partition was suppposed to end up about 2GB smaller than it was.
<michalski> does anyone here know how to apply multiple passworded, challenge response authentication on sshd_config
<ScottK> michalski: What problem are you trying to solve?
<michalski> in /etc/ssh/sshd_config theres a line for ChallengeResponseAuthentication:(yes/no)
<ScottK> Right.
<michalski> i want to enable it and use multiple passworded authetication with identifyers
<ScottK> My answer to your specific question is no.  I've never done it, but there may be another way I can help you accomplish your goal.
 * michalski hates asking the hard questions
<michalski> oh sorry haha read your response wrong
<michalski> what other way?
<ScottK> michalski: Depens on what you're trying to do.
<ScottK> Depens/Depends
<ScottK> What problem are you having that you think that will solve?
<michalski> when I connect to my computer remotly i want it to give me an identifyer at which point I have to supply a unique passphrase that is assigned to that identifyer
<michalski> http://en.wikipedia.org/wiki/Challenge-response_authentication
<ScottK> OK.  That defines challenge/response.  I got that.  Why do you want to do that.
<michalski> ...well to add some extra security, sometimes I have the feeling that my password is not always the most secure thing I have, so if i could set this up, and have it fairly easy to use and maintain, I would know that my computer is that much safer on the internet
<ScottK> I see.
<ScottK> For example, if you're worried about dictionary attacks guessing your password, you can use iptable to rate limit such attempts
<ScottK> ssh based on key access is a much more common solution to that kind of ptoblem.
<michalski> yes, but im more paranoid about the fact that person X knows my password, and im usually on a public computer
<michalski> when away
<michalski> keyloggers
<ScottK> Ah.
<ScottK> Yes.
<ScottK> That's probably a reasonable solution to your problem.
<ScottK> Personally, I just have a strict policy about not putting passwords into computers I don't control.
<ScottK> ssh client on my palm smartphone helps with that.
<michalski> not the easiest thing when your dragged to school every day, and absolutly refuse to use the schools server as storage space because my vice principle is....very nosesy and like watching every thing i do, just me, no one else
<michalski> and I dont have a cell phone/palm pilot/other mibile device
<ScottK> Sure.  Makes sense.
<michalski> theres nothing on the wiki on how to do it, im checking launchpad now
<ScottK> michalski: Did you look at man ssh
<michalski> yep already did
<michalski> gave very vague description
<michalski> nothing on launchpad
<ScottK> Dunno then.
<michalski> ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed.  All authentication styles from login.conf(5) are supported.  The default is âyes"
<michalski> thats what it says in man sshd_config
<ScottK> Did you read man 5 login.conf?
<michalski> i tried man login.conf....and my terminal yelled at me
<michalski> :P
<michalski> it says: No manual entry for login.conf in section 5
<ScottK> At this point I recommend Google then.
<ScottK> The answer to your question probably isn't Debian/Ubuntu specific
<michalski> looking
<michalski> google is jammed with stuff for having automatic login free sessions with challengeresponseauthentication as an rsa key
<michalski> I think im just going to send off a help ticket on launchpad
<mathiaz> jdstrand: do you clone dapper guests in kvm ?
<jdstrand> mathiaz: I have, yes
<mathiaz> jdstrand: how do you handle the mac adress update ?
<mathiaz> jdstrand: when I clone the guest, the mac address is updating - on boot, eth0 doesn't come up
<jdstrand> mathiaz: /etc/iftab
<jdstrand> mathiaz: I have this in my clone script:
<jdstrand> echo ""
<jdstrand> echo "VM cloned, be sure to (in the guest):"
<jdstrand> echo "1. update /etc/hosts to have an entry for '$fname'"
<jdstrand> echo "2. update /etc/hostname"
<jdstrand> echo "3. if applicable adjust /etc/iftab (fesity and earlier) or"
<jdstrand> echo "   /etc/udev/rules.d/70-persistent-net.rules (gutsy and later) within the"
<mathiaz> jdstrand: awesome - I have the same rules
<mathiaz> jdstrand: for hardy, nothing is needed anymore :)
<jdstrand> nice
<jdstrand> hey-- a typo!
<jdstrand> I always like to type fesity
<mathiaz> jdstrand: how many vms do you run at the same time ?
<mathiaz> jdstrand: it seems that I have problems if I have use more than 6 vnets
<jdstrand> mathiaz: I don't know that I've gone more than that
<mathiaz> jdstrand: did you encounter a similar problem ?
<jdstrand> mathiaz: usually I go 5 (one for each release)
<mathiaz> jdstrand: are you using a bridged network ?
<jdstrand> mathiaz: and then I shut those down and bring up 5 for another arch
<jdstrand> mathiaz: I haven't seen this, and I also do not use a bridged network
<jdstrand> (todo list)
<mathiaz> jdstrand: ok thanks
<mathiaz> keescook: ^^
<jdstrand> but really, in some ways I like the separate network, so I may not
<mathiaz> jdstrand: right - I'm using a different architecture
<mathiaz> jdstrand: my vms are hosted on a server and I want to be able to ssh into my guest directly from my laptop
<jdstrand> mathiaz: sure-- it would definitely make it easier then
<jdstrand> mathiaz: I just don't like them quite so accessible :)
<keescook> mathiaz: I run probably at most 4 at the same time, usually 1 or 2.  (all bridged)
<mathiaz> keescook: ok. Thanks.
#ubuntu-server 2008-04-09
<LeChacal> I am new to setting up a server and screwed up my hosts file so i cant sudo now because of the host name but i only have remote access to the server is there away to log in remotely in recovery mode so i can fix the hosts file? I dont want to wait a few days tell i have physical access to the box. thank you
<kgoetz> LeChacal: unless you have some form of ALOM no you cant
<sommer> LeChacal: do you have a console now?
<sommer> ah, kgoetz what up
<kgoetz> sommer: just got my perl workin \o/
<sommer> heh, perl's cool
<kgoetz> sommer: hows your day (evening?) going?
<kgoetz> it was a pretty serious case of pebkac :|
<sommer> was going good, then I watched the champions league
<kgoetz> whats that?
<sommer> I've recently become a football fan (soccer as we say in the states)
<kgoetz> aaah. hehe
<kgoetz> fwiw, its soccer in au too ;)
<sommer> arsenal lost!!!... noooooooooooooooooo
<mohamed_> hello all, what is the command or the script that i can control running service from  ?
<sommer> heh, its pretty awesome!
<sommer> mohamed_: /etc/init.d/*
<sommer> mohamed_: restart, start, stop, etc
<mohamed_> sommer yes, but i mean something that i see runlevel in it
<kgoetz> i stopped following soccer when i stopped playing it.
<mohamed_> i remember i had something like this before but don't know its name
<kgoetz> mohamed_: what control do you want exactly?
<sommer> heh, I played amrerican football... went soo long and never knew
<sommer> awesome sport
<mohamed_> kgoetz, e.g if i want service to run e.g in runlevel4 instead of 2
<sommer> mohamed_: check out update-rc.d
<mohamed_> something like chkconfig in redhat
<sommer> yep, update-rc.d
<sommer> not, quite as user friendly, but it works
<mohamed_> yes
<sommer> I must admit I've only used it to either stop a service at boot or stop one
<sommer> the other scenerios...
<sommer> heh, start one that is
<mohamed_> yes me too, :)
<sommer> I'd hate to rtmf ya, but if you check the man page it does the fine tuning stuff as well
<kgoetz> there is an ncurses tool for setting runlevels i think. nfi what it is though
<sommer> true true
<kgoetz> mohamed_: by the way - its considered rude to ask a question two places at once ...
<mohamed_> kgoetz, u mean that i ask on debian ?
<kgoetz> yes. and another bit of information: if #debian is aware your asking ubuntu questions they'll rightly flame you.
<mohamed_> i'm sorry , only simply i try to find  answer
<mohamed_> because i'm realy use a tool before and i remember that someone also told me about
<mohamed_> but it seem that i forget alot
<mohamed_> and for ubuntu and debian i have the two system running :)
<max_> anyone, I have 20 ubuntu workstations on my server.  How do I remove packages from all 20 at once, remotely, also apply updates?
<sommer> max_: you could look into clusterssh
<kgoetz> or a tool like puppet/cfengine
<sommer> heh, I've been meaning to look into those as well :)
<sommer> well more than the mag articles
<kgoetz> cfengine is a monster (i've used it). puppet is meant to be less of a monster :)
<kgoetz> never tried clusterssh, but i've been told about it (it was used to manage all the AP's at LCA)
<sommer> cool
<kgoetz> one think i found amusing was a bloke usin cfengine to roll out puppet - so blazingly obvious, but i still get a grin from it
<Jeeves_> !cfengine++
<ubotu> Sorry, I don't know anything about cfengine++ - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<mohamed_> kgoetz, what u do when u want some answers ?
<kgoetz> mohamed_: depends what answer i want
<mohamed_> technical of course
<mohamed_> because u consider me behave  bad
<mohamed_> at least u tell  me first the rules
<mohamed_> u said it is consider
<kgoetz> usually ask the relevent channel, search the web if i cant get an answer, read a man page (etc)
<mohamed_> yes, this is what i do
<mohamed_> my behaviour s not very bad as you see it
<ScottK> Try one place at a time so you don't take the chance of wasting other people's time if multiple people answer.  Wasting time of people you are asking for free help from is considered disrespectful.
<ScottK> mohamed_: Do you see the guide to smart questions in /topic?
<mohamed_> ScottK, i know that poeple time is important but don't expect that all people know the rules
<mohamed_> this is what i mean before you deal with people that they behave bad tell them first
<ScottK> mohamed_: He pointed it out to you in order to help you.
<ScottK> mohamed_: My advice is read https://wiki.ubuntu.com/ServerTeam/GettingInvolved from the topic.
<ScottK> Oops
<ScottK> Wrong url
<max_> sommer: thanks
<ScottK> http://www.catb.org/~esr/faqs/smart-questions.html <-- That one
<mohamed_> and again thx for all people help, i hope oneday i can help here also
<max_> that worked
<mohamed_> thx ScottK
<ScottK> mohamed_: No problem.
<mohamed_> i have to read it carfull before i ask here   again :)
<sommer> max_: np
<sommer> ScottK: hey
<ScottK> hey sommer
<sommer> on that amavisd-new bug, I don't think that $hostnanm is documented
<sommer> I can add that for the next version of the docs
<mactimes> Hello everyone.  Is there a "recipe" to install ubuntu server using RAID1 for the OS partitions, for use with hot swapping or something similar?
<ScottK> sommer: Agreed.  It should also be documented in the package.
<sommer> the amavis docs do describe it... which is why I had it in my config, so either way
<ScottK> Ah.
<ScottK> OK.  Then yes please.
<ScottK> I'd suggest add it to the docs package and close the bug to that.
<sommer> cool, I think it'll have to be for ibex though... too far past SF
<sommer>  I'll update the wiki page though
<ScottK> Right.
<ScottK> Makes sense
<sommer> I'll update the bug tomorrow :)
<sommer> it's probably a small use case
<mohamed_> at last i find it,  is  sysv-rc-conf
<mohamed_> this realy better and clear than other commands
<ScottK> mohamed_: sommer that I've been talking with is in charge of our server documentation.  Perhaps you could suggest to him how to improve our documentation to have made finding that easier for you?
<mohamed_> ScottK, if  u simplify documentation for people like me i'm lazy :)
<mohamed_> the command i find save for me to deal with rc-update ...etc
<ScottK> sommer: ^^^ Might be worth a mention on the wiki
<mohamed_> ScottK, sometimes i install the server not as real server but to use  it as a base for e.g vdr system
<mohamed_> for this i search how to delete unwanted services
<mohamed_> to make it boot fast
<ScottK> It's generally a good practice not to have stuff you don't need running.
<mohamed_> documentation is realy good because i install ubuntu-server b4 and find everything i need but this was real server
<mohamed_> if i can help in something this will be good you can consider me as ubuntu and debian user :)
 * ScottK is pretty busy with some actual work right now, but maybe sommer will have some interest in documentation.
<mohamed_> hello sommer , with documentation u can add this command only for lazy people like me :)
<mohamed_> sysv-rc-conf
<ScottK> He may have gone.
<mohamed_> ok then if u see if anyone can benifit from u tell him about, because i find it difficuly after deep search
<mohamed_> i have to leave have a good night all
<sommer> eh... yep, that's worth documenting
<JaxxMaxx> fer sure!
<pleaseandthankyo> is there a good diet softwares? like for a diabetes guy or a healthy living diet software for person who has heart d eases?
<googlah> hello. somebody here?
<n6rej> evening folks.. how do we know what packages are installed by default on 7.1 server?  Like the MTA and mail server
<n6rej> ftp etc...
<pschulz02> n6rej: Do you have one installed.. or are you looking for a list.
<n6rej> pschulz02: i just did a clean install tonight and I don't want to reinvent the wheel.. it asked me if I wanted a local mail server and I told it yes, but I don't see which it used... same with ftp
<pschulz02> n6rej: postfix
<n6rej> pschulz02: like i figured out dovecot is installed.. but thats not a mta
<pschulz02> n6rej: dpkg -l
<n6rej> pschulz02: ok.. ty
<n6rej> pschulz02: are you confortable with samba/wins?
<pschulz02> n6rej: No.
<pschulz02> A long time ago maybe.
<n6rej> pschulz02: ok.
<n6rej> i think maybe I found the problem.. we'll see
<n6rej> pschulz02: i'm trying to setup a area on the server where my mac, pc, and *nix can all share files... like a "file server"
<n6rej> pschulz02: i'm running into problems with filename length :(
<pschulz02> Anyone here using iSCSI?
<pschulz02> n6rej: filename or path?
<n6rej> pschulz02: filename... some of the songs hav elonger then 31 chars in their name
<pschulz02> What underlying filesystem are yuou using?
<pschulz02> n6rej: Is this on your ubunutu-server box?
<n6rej> pschulz02: the songs currently are on my wins box.. I want to move them to the server so everyone ( all the platforms ) can more easily share them
<n6rej> which is yes, a ubuntu 7.1 server
<n6rej> pschulz02: ext3
<pschulz02> 7.10 <-- sorry for being pedantic
<n6rej> pschulz02: its ok :D
<pschulz02> So.. you can see the Samba share from your windows box?
<n6rej> pschulz02: yep, got all that fixed... its resolving fine now... still have a minor problem with bind, its not recognizing my cnames
<pschulz02> n6rej: Did you change the serial number/restart bind?
<n6rej> pschulz02: UGH
<n6rej> lol forgot the sn
<n6rej> pschulz02: no joy.. here's the local file.. http://pastebin.com/m2cecc748
<n6rej> pschulz02: i had errors in my samba before but testparm says its all good now
<pschulz02> n6rej: What does your named.conf look like?
<n6rej> pschulz02: let me get it
<pschulz02> n6rej: That is where the '@' wildcard will get defined.
<n6rej> pschulz02: oh, I think thats in named.conf.local ?
<n6rej> http://pastebin.com/m44bfcd41
<pschulz02> n6rej: You can leave off the domain from all of your A records..
<pschulz02> ...Ahah
<n6rej> pschulz02: http://pastebin.com/m4f9d47bf ( named.conf.local )
<pschulz02> n6rej: They need to be.. 'name IN A IP.ad.dr.ess
<n6rej> pschulz02: ok.. annabelle is the servers, "name" hallhome.lan is the "domain"
<n6rej> pschulz02:  ok
<pschulz02> n6rej: Ok.. so the first file was called 'db.lan'?
<n6rej> pschulz02: yes and its reverse is db.192
<pschulz02> Ok.. from the top od db.lan..
<pschulz02> $TTL 86400
<n6rej> pschulz02: i'm with you
 * n6rej and I really appreciate what your doing
<pschulz02> Ahh .. I haven't seen the 'D' 'H' 'W' notation before.
<n6rej> pschulz02: that from about redhat 6 days
<n6rej> idk if its predicated or not
<pschulz02> n6rej: Every record should have 'IN' in it.
<pschulz02> n6rej: after the header
<n6rej> pschulz02: omg how did it even work!
<pschulz02> n6rej: Not sure :-)
<n6rej> pschulz02: but not cname right?
<pschulz02> So 'name IN CNAME anothername'
<n6rej> ok done
<pschulz02> Ok.. there is the command named-checkzone
<pschulz02> named-checkzone hallhome.lan db.lan
<n6rej> annabelle.hallhome.lan has no A records or AAA records
<n6rej> s/AAA/AAAA/
<pschulz02> Ok.. add an A record for annabell
<pschulz02> (pointing to an IP)
<n6rej> that makes sense
<n6rej> loaded serial 6 "OK"
<n6rej> pschulz02: says same thinga bout db.192 ( the reverse )
<pschulz02> n6rej: have a look at db.127
<n6rej> pschulz02: http://pastebin.com/m2a8ceac6 (db.192)
<n6rej> kk
<pschulz02> n6rej: You need the have IN PTR entries.
<n6rej> pschulz02: http://pastebin.com/m7273a004
<n6rej> ok I'll fix that
<n6rej> pschulz02: says I need one for the NS reverse also?
<pschulz02> n6rej: Notice how db.127 used 3 numbers.. db.192 should only have one.
<pschulz02> Compare trhe lines in named.conf.local (for 192.168.1) with those in named.conf (I think.. for 172.)
<n6rej> ps kk
<pschulz02> n6rej: You need an IN NS record in the reverse DNS.. it should be the same as the record in the regular DNS.
<pschulz02> n6rej: You are telling the people who are looking up the domain (be it a forward, or a reverse lookup) which nameserver is responsible.
<n6rej> pschulz02: are thse 2 lines right in the db.lan?
<n6rej>  NS      annabelle.hallhome.lan.
<n6rej>  MX      10      annabelle.hallhome.lan.
<n6rej> 69 is the ip of the server
<pschulz02> Put an 'IN' in front of them.
<pschulz02> eg. '@  IN  NS  annabelle.hallhome.lan.'
<n6rej> pschulz02: yep, fixed it
<pschulz02> n6rej: I think you might be able to leave out the '@' but I always put it in..
<n6rej> pschulz02: i dont' get it, check is still not liking the reverse http://pastebin.com/m2d661616
<n6rej> pschulz02: I could try cheating and just put @ for the ip
<n6rej> pschulz02: ugh, i know whats wrong.. "hallhome.lan" is not defined anywhere
<pschulz02> n6rej: It should nbe whatever is defined in named.conf.local
<n6rej> pschulz02: hmmmmmmmmm thats in there
<n6rej> is the @ in 127 messing us up?
<n6rej> root@annabelle:/etc/bind# named-checkzone hallhome.lan db.192
<n6rej> zone hallhome.lan/IN: NS 'annabelle.hallhome.lan' has no address records (A or AAAA)
<n6rej> zone hallhome.lan/IN: loaded serial 5
<n6rej> OK
<n6rej> weird :(
<pschulz02> Still got problems? Had to pop away..
<n6rej> pschulz02: yeah
<n6rej> still same error
<n6rej> i've tried everything.. can't get the reverse to work right :(
<n6rej> pschulz02: i swear this thing is posessed!
<pschulz02> n6rej: pastebin
<pschulz02> Error with 'named-checkzone'?
<n6rej> pschulz02: here's both forward and reverse http://pastebin.com/m4faec42b
<n6rej> pschulz02: yeah..
<n6rej> bind doesn't show anything in the syslog if I restart it
 * n6rej well nothing negaive
<n6rej> ugh negative even
<n6rej> pschulz02: from winds i can ping annabelle  or hallhome.lan but not mail. or www. or ftp.
<pschulz02> Ok.. is bind process running?
<n6rej> pschulz02: yes
<pschulz02> What does 'host annabell' tell you (on annabell)
<n6rej> http://pastebin.com/m4faec42b
<n6rej> oops
<n6rej> wait
<n6rej> annabelle.hallhome.lan has address 192.168.1.69
<pschulz02> Ok.. what about 'host mail'
<n6rej> mail.hallhome.lan is an alias for annabelle.hallhome.lan.
<n6rej> annabelle.hallhome.lan has address 192.168.1.69
<n6rej> hmmmmmmmmmm
<n6rej> pschulz02: this is my line in my /etc/hosts 192.168.1.69    annabelle annabelle.hallhome.lan hallhome.lan
<pschulz02> Ok.. what about 'host 69.1.168.192.in-addr.arpa'
<pschulz02> 'host' uses DNS (not hosts file :-)
<n6rej> host 69.1.168.192.in-addr.arpa ?
<n6rej> comes back blank
<n6rej> pschulz02: ok :D
<pschulz02> n6rej: This is the domain used for reverse lookup.
<n6rej> pschulz02: yeah... what the heck is going on with the reverse?
<pschulz02> can you please paste named.conf.local again.
<n6rej> pschulz02: sure
<n6rej> http://pastebin.com/m435ef89a
<pschulz02> Hmm..
<pschulz02> What is your 'resolv.conf' on annabell? Does it point to itself?
<pschulz02> Odd.. I can't see any obvious problem.
<n6rej> wow that was ugly!
<n6rej> pschulz02: i installed resolvconf package
<n6rej> pschulz02: here's what it says ... http://pastebin.com/d3f12df07
<pschulz02> Ok.. well, it should work then..
<pschulz02> What about the following (dot at the end is important) - host 69.1.168.192.in-addr.arpa.
<n6rej> let me triple check
<n6rej> pschulz02: added the . still no printout
<n6rej> whats really strange is nslookup works
<n6rej> root@annabelle:/etc/bind# host 192.168.1.69
<n6rej> 69.1.168.192.in-addr.arpa domain name pointer annabelle.hallhome.lan.
<n6rej> .
<n6rej> pschulz02: you must be working
<mfiers> heya. I got software RAID 1, and my mailbox is spammed with degraded array messages.. I checked the internet and it seems I have to re-synchronize my disks, but it also seems this synchronising should be done automatically
<pschulz02> n6rej: Busy trying to injest documentation on iscsi while fending off user requests.
<n6rej> pschulz02: yeah, figured you were working.. I'm thinking this is a samba problem now... cause I think dns is working properly on the server
<mfiers> ..and in my case, I don't think it's synchronsing...
<n6rej> mfiers: shouldn't there be a log entry?
<mfiers> n6rej: well.. what will that log make me any smarter? Unless saying it encountered a degraded array?
<n6rej> mfiers: depends... idk much about raid ( less its in the can :P ) but I would think you could crank up the reporting to more specifically pin point the problem
<mfiers>  /proc/mdstat gives me 5 degraded arrays out of 6 devices
<n6rej> ouch
<mfiers> so 1 is working properly :) the others arent.. The system still works (yeah, mirroring), but it's quite annoying that the system isn't really as it should be
<n6rej> mfiers: and from what I just read dangerous too.  questions is whats causing the non-sync problem
<n6rej> mfiers: seems to me there should be a tool for that
<n6rej> gotta run
<n6rej> pschulz02: thanks a million for all your help
<mfiers> ..all manuals say the syncing is done automatically..
<mfiers> I don't see it done automatically...
<_ruben> mfiers: sudo mdadm /dev/md0 -a /dev/sda1 .. just an example .. it'll hot (re)add sda1 to md0 and rebuild will be initiated .. or replace the broken drive ;)
<_ruben> "or replace the broken drive first" even .. after replacing you still would need to repartition it and add it to the array
<mfiers> hmm.. Okay, I'll try.. What I did now was unmount one of the degraded disks (umount /dev/md5), and then tried mounting again, and it says 'ext3-fs: unable to read superblock)
<_ruben> mfiers: ouch? you sure that md5 is holding an ext3 filesystem?
<mfiers> pretty sure yes
<mfiers> I only have ext3 filesystems on this system
<_ruben> (un/re)mounting has nothing to do with the array itself (its health that is) afaik
<mfiers> sudo mdadm /dev/md5 -a /dev/sdb9 says: mdadm: cannot get array info for /dev/md5
<mfiers> but.. _ruben: it works for a mounted md
<_ruben> scary .. sounds like md5 is messed up somehow
<mfiers> so it is now recovering md2
<mfiers> I think I'll reboot and then sync the md5.
<mfiers> thx for the help _ruben! One question still: how is it possible that in 2 months, I already got 4 degraded arrays?
<_ruben> and hope for the superblock not to be too messed up .. you could try using one of the copies of the superblock
<_ruben> mfiers: bad disk?
<mfiers> forced reboot or so?
<_ruben> unclean shutdown might cause it too yeah
<mfiers> _ruben: superblock... means:  putting the superblock to 0 with --zero-superblock, and then re-create the array with mdam -C ..., right?
<_ruben> if possible i'd run a disk healthtest on it (using the appropriate tools provided by the disk's manufacturer)
<_ruben> mfiers: well .. there's 2 superblocks .. the one of the disks for the md's .. and within the md's for the respective filesystems .. both seem to have problems .. i never tried zero'ing the md's superblock (never had similar problems)
<mfiers> a superblock just contains some info about the harddisk, right?
<mfiers> okay.. it seems to have worked for md2. Will do the others now. Thx for help _ruben
<kraut> moin
<_ruben> morning
<_ruben> hrm .. my installation (for documentation purposes only, read: screenshot galore) of gutsy server under vmware (2 virtual disks with s/w raid and lvm) seems to hang at "Creating device files..."
<kraut> i've a sun galaxy x4100 system with a custom kernel. now i want to check the official ubuntu kernel. when i boot the system with it, i won't find the root-device, because the array disk connected to the lsi-controller won't be found.
<kraut> any ideas what i could do?
<TrioTorus> I'm considering switching nsswitch.conf from password: ldap files to password: files ldap, but I need all users in the ldap directory to also be a member of some system groups like 'admin' or 'video'. Do I have to include those groups in the ldap directory then, or how is this usually done?
<sommer> TrioTorus: I believe so
<TrioTorus> reading up on this, I better ask my question this way: do I migrate system UID's and system GID's to ldap or not?
<sommer> when migrating my main server I didn't
<sommer> I did migrate the user uid and gid numbers though
<sommer> but none of my user's need to be in the system groups at this point
<KB3NZQ_XP> does any one know where i can download gnome for offline install with a cd
<Rayn> Hey all, I've got a process on one of my machines that occasionally spirals out of control and completely locks the system.. is there a way I can put it in some kind of jail so it can't do that? it's java fwiw
<KB3NZQ_XP> does any one know where i can download gnome for offline install with a cd
<ScottK> KB3NZQ_XP: That's radically off topic for #ubuntu-server.  Try #ubuntu.
<KB3NZQ_XP> well it is going to be installed on my server
<KB3NZQ_XP> that is why i asked here
<ScottK> Once you install Gnome, it's not a server anymore (at least by our definition).  Anything about Gnome, you really need to ask about in #ubuntu.
<KB3NZQ_XP> i need gnome because i'm not that cood w/ command line
<KB3NZQ_XP> i need gnome because i'm not that good w/ command line
<sommer> !servergui
<ubotu> Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance.  !eBox provides a GUI system management option via a web interface.  See https://help.ubuntu.com/community/ServerGUI for more background and options.
<sommer> that should get you started
<KB3NZQ_XP> ok
<KB3NZQ_XP> thank you i have to go
<sommer> welcome
<TrioTorus> any idea if ebox mail module is going to be in Hardy?
<zul> no it isnt
<_ruben> wouldnt know, but i did hear that that module most likely wont cover postfix/dovecot which are the 'prefered' tools
<TrioTorus> that's a bit sad to hear. It means I have to be missing out on a mail gui and a apache gui. Reason enough to go for webmin anyway?
<ScottK> No.  On Debian and derived systems webmin will lead to tears in the end.
<linunut> Guys, situation time: You've got a server with 1TB in a RAID-1. You dropped a LOT of dough on this endeavor. Your network has both windoze and *nux boxes. What file system do you use?
<_ruben> linunut: depends on what kind of stuff you're storing on it
<linunut> _ruben: oggs, mostly.
<_ruben> first guess would be xfs
<_ruben> that the clients are both win and lin doesnt matter, since you'll be using nfs/cifs/smth else as protocol in between
<linunut> _ruben: Good to know. I might just go ext3 then
<linunut> I was mostly worried about the cross-platform compatibility
 * ScottK is conservative about file systems and would recommend ext3.
<_ruben> earlier today i read an article on ext2/ext3/reiser/xfs/jfs and the various uses/pros/cons
<_ruben> cant find it now tho :/
<_ruben> conservative: ext3 .. else xfs is an option, tho not necesarily better/worse than ext3 afaik
<linunut> _ruben: I pretty much read all are prone to fail at some point.
<linunut> I would have guessed there was no epic difference in the end.
<linunut> I was mostly worried, as I said, about the multi-platform network
<_ruben> there might be some performance differences .. both during runtime and fsck for example
<TrioTorus> ScottK: I heared about that. What is your proposal for mail and apache gui besides 'use cli'?
<_ruben> linunut: that'd be the least of your worries i'd say ;)
<linunut> _ruben: Heh, and the most?
<_ruben> linunut: i'd say performance and reliability .. and in that subject i wouldnt know the diff between ext3 and xfs
<Deeps> apparently xfs is better with larger files than ext3
<ScottK> TrioTorus: I don't have one, but I'd rather fumble through learning cli than have an unreliable server.
<linunut> _ruben: Gotcha. And hey, http://en.wikipedia.org/wiki/Comparison_of_file_systems
<Deeps> googling xfs vs ext3 is giving that indication, at least
<linunut> Wiki to the rescue
<linunut> Deeps: Heh, yeah, when you start talkin' Exbibytes
<_ruben> :)
<Deeps> larger files, not larger file systems
<Deeps> not that ext3 can cope with ebs anyway
<linunut> Heh, luckily I don't have that large of files
<Deeps> i'd guess ext3 on linux is probably safer than xfs
<Deeps> http://wiki.novell.com/index.php/File_System_Primer#Linux_File_Systems.__Why_so_many.3F
<Rayn> linunut: ultimately you're not completely stuck with what you pick, as long as you have room you can do the resize shuffle and switch if you ever needed to
<linunut> Rayn: This'll be my first real 'server' setup
<linunut> FOr storage purposes, anyhow
<Rayn> sure, and samba will abstract the underlying system anyway, so I wouldn't worry
<TrioTorus> ScottK: I value that opinion, I really do. It is how I do it now, but boy, I'm looking forward to some universal webinterface service configuration on linux. A freedesktop.org effort for the server: freeserver.org: my wet dream.
<Rayn> TrioTorus: good luck nailing down interfaces for long enough in the open source world, heh
<ScottK> For Postfix, most of the heavy lifting is getting an initial config that meets your needs.  Once you have that, it's pretty easy to replicate to other boxes and you don't have to touch it much.
<TrioTorus> Rayn: not talking about the look and feel of an interface, but rather 'guidelines on how it should be done', just like freedesktop.
<Rayn> no, sure I understand, just most server apps have their own weird way of doing the configs, and getting them to conform would be an impressive feat
<TrioTorus> ScottK: okay, it does help now that you said that :-)
<TrioTorus> Rayn: yes, you would have thought xml would have helped, but don't want to get into that 'human readable' discussion again...
<Rayn> heh, yes see everyone has an opinion
<Deeps> hmm, wonder if anyone has any ideas
<Deeps> i'm trying to stream media over an unreliable network (ethernet over powerline)
<Deeps> sometimes i can get 10mbit, but moments later it can plummet to 100kbit and then jump back up again on its own moments later
<Deeps> this results in the video skipping
<Deeps> i'm guessing what i really need is a better media player that will just buffer more data
<Deeps> rather than trying to overcomplicate it and have a network file system that'll buffer data for me
<Rayn> mplayer -cache (something large)
<Deeps> yeah, i'm trying to do it with vlc, but if i increase the cache, it increases the delay between pressing play and pressing pause
<Rayn> mplayer stores the cache in memory and plays once it has recieved a certain threshold
<Deeps> ie, a 2sec cache in vlc will mean when i attempt to pause, i'll still get 2sec more stuff
<Deeps> there a nice gui for mplayer?
<Rayn> gmplayer
<Deeps> (i realise this is the wrong channel, heh)
<Deeps> ta
<TrioTorus> in here http://ebox-platform.com/features/ ebox DOES seem to use Postfix. Now it's only dovecot that is missing.
<zul> TrioTorus: I have talked to them about this before and its being worked on by the ebox developers
<TrioTorus> zul: great!
<zul> but not for hardy
<TrioTorus> okay, what can't be done can't be done. But I've got high hopes that ebox is going to be THE tool for linux servers (if you don't want landscape that is)
<TrioTorus> so I'm willing to invest in it if they keep heading the right direction
<jdstrand> zul: does ebox still have workarounds for apparmor? eg, there were problems before that slapcat didn't work with apparmor enabled. these are fixed now in the apparmor profile.
<TrioTorus> (too bad ebox seems to be perl)
<zul> jdstrand: yeah i think we commited a workaround for it
 * TrioTorus isn't keen on perl
 * nijaba neither
<jdstrand> zul: would it be possible to have you (or them) see if ebox works in enforcing mode?
<jdstrand> (or without the workarounds)
<zul> jdstrand: sure...
<zul> foolano: ^^^ :)
<jdstrand> zul: thanks!
<foolano> :)
<jdstrand> foolano: ^
<jdstrand> oh heh
<foolano> i had to modify the example backup script that slapd ships
<foolano> it tried to write in /var/backups/ldap
<foolano> and apparmor didn't allow that
<jdstrand> foolano: that backup script-- it uses slapcat?
<foolano> jdstrand: right
<foolano> the obvious workaround was using > instead of -f
<jdstrand> foolano: yeah-- the problem was that all the slap* utils were symlinked to slapd. apparmor normalizes the pathname of symlinks to be the absolute path of the file the links point to
<foolano> i see
<jdstrand> foolano: that would work yes
<foolano> jdstrand: the current package in hardy does that
<jdstrand> foolano: but in the general case, the slap* utils would fail anytime they tried to access stuff not in the profile (as you saw)
<foolano> have you changed that?
<jdstrand> foolano: this has been fixed in the slapd package so that we hard link to slapd rather than symlink
<jdstrand> foolano: so now all the slap* utils are unconfined (as they should be)
<foolano> alright, cool
<jdstrand> foolano: if your only change for dealing with apparmor was the aforementioned redirection, then you don't have to change anything
<jdstrand> foolano: but if there were other changes, everything should work properly now
<foolano> jdstrand: ok, cool. I only changed that. So everything should be fine
<jdstrand> foolano: great :)
<foolano> thanks :)
<foolano> TrioTorus: at the time we started eBox, I think using perl for a tool to do sys admin tasks was a right decision.
<foolano> TrioTorus: i hate OO programming in perl, it's just a hack. But we have been able to use a lot stuff from cpan
<foolano> and regarding dovecot, i think the switch to it from courier shouldn't take too log
<jdstrand> foolano: just curious-- does ebox run under taint mode?
<jdstrand> foolano: what about mod_perl?
<foolano> jdstrand: we always retrive the user passed parameters via a method that takes care of checking unsafe chars
<foolano> jdstrand: we run it under mod_perl
<TrioTorus> foolano: thanks for that info. I do think you guys did a splendid job though, so I'm all supportive :-)
<jdstrand> foolano: ok, but does that mean it doesn't run with taint mode enabled?
<jdstrand> (this is a very nice feature of perl for web apps)
<foolano> jdstrand: no, we don't run it under taint mode
<foolano> we'll look at it but you have to keep in mind too that under its normal use the only user of the webinterface is the system administrator
<jdstrand> foolano: IMO, adding taint mode checks would be a really good idea, especially if/when ebox is considered for main inclusion
<foolano> jdstrand: i'm testing it with the taint mode enabled right now
<jdstrand> foolano: cool!
<DSpair> 'lo all... I'm hoping someone might assist me with an installation issue.
<DSpair> I am installing Ubuntu 7.10 on an IBM 306m which uses an Adaptec 9406 SAS/SATA controller. Ubuntu loads the aic94xx driver and is able to access the CD-ROM, but not able to see the hard disk...
<DSpair> When I look at the dmesg, I see the following error right after the CD-ROM is detected: ERROR: Unknown device type 5
<zul> mathiaz: ping isnt #214556 more of a nautilius thing
<mathiaz> zul: hum - may be
<mathiaz> zul: I think it's more a user support request
<mathiaz> zul: I don't really know actually
<zul> mathiaz: yeah that was also a thought
<zul> also kind of snarky with the tone
<nijaba> **** Reminder: server meeting in 2h10m from now ****
<frame45> ~foo: U there?
<frame45> ?? Where can I find info? Here's what I need to do:  Client has 2 restraunts with P.O.S. systems, he wants both systems to feed to a server(ubuntu) and then be able to login via VPN from his MacBook from an internet connection.
<henkjan> hmm, no ubuntu-server meeting?
<sommer> henkjan: 21:00 utc
<henkjan> ah, forgot about dailightsavings
<sommer> :)
<henkjan> it used to be 22:00 in GMT+1 (the netherlands)
#ubuntu-server 2008-04-10
<owh> Am I correct in my understanding that the OpenDay is aimed at developers rather than users?
<nxvl> owh: there are a lot of users that don't really matter
<nxvl> yes
<nxvl> it's aimed for user that want to know more to become developers
<nxvl> i started contributing on the last OpenWeek
<nxvl> for developers we have
<nxvl> DeveloperWeek
<owh> nxvl: Well, I'm not sure if I just say a language blip when you wrote: "a lot of users that don't really matter" - are you talking about them as users, or as users becoming developers?
<nxvl> but they are quite the same
<nxvl> they should be more differenced
<owh> s/say/saw/
<nxvl> i mean
<nxvl> there are a lot of users (most of them)
<nxvl> who doesn't care
<nxvl> they just want a system that works
<nxvl> who made it, and how, that's not their problem
<owh> Sure.
<owh> But how do you get one of those to care?
<owh> How do you get one of those to tell others about Ubuntu?
<owh> How do you get one of those to lodge bug reports?
<owh> How do you help one of those users?
<owh> Do you see what I mean?
<nxvl> that's why the LoCo team exists
<nxvl> :D
<nxvl> that's what we do here in peru
<nxvl> and i think other do also
<nxvl> i need to go
<nxvl> bbl
<owh> And that's why there is an OpenWeek.
<owh> Cool, later nxvl.
<kgoetz> morning all
<owh> It's OK for some :)
<owh> afk
<kgoetz> hehe
<m1r> i am trying to setup PXE install server, but when i try instsall netkit-inetd i get this options: Package netkit-inetd is a virtual package provided by:
<m1r>   inetutils-inetd 2:1.5.dfsg.1-4
<m1r>   openbsd-inetd 0.20050402-6
<m1r> which one should i chose to install
<foo> Nothing has been deleted, and if you upgrade, they'll all come back unharmed.
<foo> whoops
<Centaur5> m1r: http://ubuntuforums.org/showthread.php?t=644256
 * faulkes- sighs
<faulkes-> croy what a long day
<kgoetz> not a happy one?
<zul> mlr: openbsd
<faulkes-> kgoetz: long, frustrating and filled with hackery of the worst kind
<faulkes-> dealing with servers which are in production, but have been unmanaged for two years
<faulkes-> so attempting to do *new* stuff on them, well, I'm sure you understand
<faulkes-> and I don't have all the gear I need to do replace them as of yet
<faulkes-> at least my routers arrived so I can bring up the customer on time
<kgoetz> faulkes-: yes, i do entirely understand
<kgoetz> like the RHEL 3/4 systems i got given before this job and told 'they dont work, but all our dev/testing/prod is hosted on them'
<kgoetz> sorry for the lag - i was being instructed on perl
<faulkes-> another part of my problem today, perl, dbi, stored procedures on a centos 4.4 box with no upgrade path and no rpm's available which fix the problem, short of rewriting the .spec file and building it from source
<faulkes-> even cpan dies building it
<kgoetz> cpan is typically ... resilient. you must be hurting it badly
<faulkes-> I will tell you our fix and you will realize the depth we had to go to
<faulkes-> system("wget https://host/path/fix.php&var1=$var&var2=$var");
<faulkes-> because php properly executed the stored procedure
<kgoetz> :| oh my owch.
<faulkes-> I work with java developers, the initial thought they had, was to write the fix, in java
<faulkes-> and as much fun as I would have incurring a 256mb startup cost to execute one line of a stored procedure
<faulkes-> it's a hack, it will go away when I get current boxes that will be maintained in there
<kgoetz> thats a hack worth treasuring
<faulkes-> still, ugly as sin and ninjaba put together
<kgoetz> just for the ability to force some work experiance kid to work with it later
<faulkes-> heh
<faulkes-> however, that was just the last part of the day, the rest of it was backups failing, having no IT person 3k miles away at the main office to support people there
<faulkes-> the network being flaky as hell, customs & fedex holding on to half the new gear because they didn't like the paperwork
<faulkes-> it's been such a fun day
<kgoetz> mmm. a day to avoid.
<faulkes-> and people wonder why I'm a bitter, single, alcoholic^H^H^H
<kgoetz> our Galaxy getting held by customs was a bit like that
<faulkes-> I mean ;)
<kgoetz> *grin*
<kgoetz> i expect most admins understand why your a gentle, understanding shepheard
<kgoetz> :p
<kgoetz> *sp
<PanzerMKZ> Galaxy?
<faulkes-> Panzer: kgoetz is a vogon
<faulkes-> you should hear some of his poetry
<kgoetz> aiui codename for an product we are working on.
<kgoetz> hehe
<PanzerMKZ> ok
<kgoetz> i think i'm allowed to use the codename .... >.<
<PanzerMKZ> nm
<PanzerMKZ> don't read the poetry to me
<PanzerMKZ> and I will not ask again
<PanzerMKZ> good thing all my projects are used servers and cheap freebie switches
<kgoetz> but its really nice... honest!
<PanzerMKZ> yea right
<PanzerMKZ> no vogalality for me
<faulkes-> oh well, tomorrow should be quieter, I'm going to go and label everything because nothing is labelled
<kgoetz> nothign to label around here, the reception/office person labeled *everything*
<PanzerMKZ> oh how horrible. tomorrow is apt-mirror day
<kgoetz> we labeled all the stuff on her desk to take the piss
<kgoetz> PanzerMKZ: hm?
<PanzerMKZ> I am starting on a local apt get mirror
<PanzerMKZ> and tomorrow I build the server for it
<kgoetz> not that hard surely $(lots of disc+a cpu+some ram)
<kgoetz> :)
<PanzerMKZ> you have not been to the shop have you.
<PanzerMKZ> cpu and ram are p1's and 32meg dimms
<PanzerMKZ> just started my own computer repair place
<kgoetz> no, i havent gone computer shopping in any serious way for years
<PanzerMKZ> Yea I got a funny collection of dual p2's and dual xeons
<PanzerMKZ> but nothing to major and very useful
<kgoetz> teh xeons shoul be ok
<PanzerMKZ> well yea
<PanzerMKZ> there is a use for them once I get that board and procs up and running
<PanzerMKZ> I compile blender daily
<PanzerMKZ> so it would be good to use that
<kgoetz> i'm going to head to itshare this arvo. wonder how many C64's they've stripped since iw as there last :(
<PanzerMKZ> oh yea I plan to add a pxe boot server there in the mix
<kgoetz> depending on how many systems you want to boot at once taht only neds a p2
<kgoetz> with an optional gige nick in it *grin*
<PanzerMKZ> yea
<LeChacal> if i want my apache server to look for my sites root not at "/var/www/" but at "/var/www/foo/" and i am not running virtual host just one site on one IP address where would i go to change something like that. the closest i have found was if i was using virtual host and had multiply sites on the same IP address it looked like i could make each site have its root in another folder inside of "/var/www"
<kgoetz> LeChacal: change apaches default vhosts root
<kgoetz> in /etc/apache[2]/sites-available/default
<LeChacal> kgoetz: that was the file i was looking at but wasnt sure if i wanted to change that thank you for confirm my thoughts
<kgoetz> LeChacal: no worries
<mactimes> Hi.  I've just set up Ubuntu Server using RAID1 for all partitions (including swap space) on a VM.  I'm running tests prior to installation on a production server.
<mactimes> I tried removing one of the discs to see if things would work fine, but it seems to get jammed.
<mactimes> Could someone, please help?
<kgoetz> mactimes: "got jammed"
<kgoetz> ?
<mactimes> kgoetz: Doesn't even show grub.
<kgoetz> mactimes: did you make sure the MBR is mirrored?
<mactimes> kgoetz: No, how do I do it?
<kgoetz> mactimes: i'm not sure, sorry
<kgoetz> dd might work
<mactimes> Well, since I've set up all partitions as mirrored, I thought this would be done for both disks...
<mactimes> Nevermind though, I removed the virtual machine and I'm installing a new one with debian to see if it has the same behavior.
<kraut> moin
 * faulkes- yawns
<Kamping_Kaiser> evening mate :)
<faulkes-> morning
<m11> hello
<m11> i have problem with PXE install server. 2nd pc is starting installer but then it ask ne for online archive. can i set it somehow to be installed from local PC ?
<\sh> m11, you need the package archive which is on the installer cd of server/desktop whatever, which means, you need to setup a webserver for this
<\sh> or an nfs server which exports this archive dir to the pxe clients...or whatever it needs to get this archive accessed and is supported by d-i
<m11> \sh , is webserver needed for this process ?
<m11> _ah, sry, NFS server
<m11> \sh , tnx, i go check what master google says on it
<sommer> mdke: is it possible for me to correct this bug #215025
<ubotu> Launchpad bug 215025 in ubuntu-doc "server guide / mail filtering error" [Undecided,New] https://launchpad.net/bugs/215025
<sommer> woops, wrong channel... and console doh
<nxvl> mathiaz: did elmo already give you the information about Bug #189616?
<ubotu> Launchpad bug 189616 in dovecot "connection problems under load with hardy dovecot" [Undecided,New] https://launchpad.net/bugs/189616
<mathiaz> nxvl: not yet - I haven't had a chance to talk to him today
<nxvl> ok i will
<Folke> Hi, Perhaps I a to late to report in results of gutsy on DL360 and DL380? Beq I don't find the templates in the list any longer?
<Folke> Ah, oh.. I found it..
<mathiaz> Folke: don't hesitate to test Hardy Beta if you can  ;)
<Folke> Hi, I planned to install it on two servers here at work tonight. And report in the result in the wiki.
<Folke> I have planned to do this earlier but work stuff came in between. :(
<pr0le> does the Debian Proliant Service Pack work just fine for ubuntu?
<Folke> Dunno really. We do use ubuntu on our virtual servers, but debian still on our physical ones. But I can try to install them tonight.
<pr0le> Folke: are you using xen?
<Folke> I used to, but are using vmware esx nowdays.
<Folke> Xen was faster with linux native. But we use alot of Windows servers here.
<pr0le> cool.  just curious.
<Folke> And one thing that made us move over from debian to ubuntu was the support from vmware on ubuntu.
<pr0le> the nonprofit I work for is considering virtualization for our small hosting server, and I'm not sure how to go about it yet
<Folke> Ah, with Xen you get power and control at your fingertips I think. But then if you hand over to someone that is used to "right click" on stuff things can be hairy :)
<pr0le> yeah, definitely.  I've played with ESX at my day job, and it's certainly easy to manage, but the nonprofit certainly doesn't have the budget for it
<Folke> But now when KVM is maintained in ubuntu kernel that might be a nice alternative.. Never tried it out thou.
<Folke> We are using almost our whole serverpark in vmware now.
<pr0le> right now I'm thinking of xen and then openvz, but openvz support for ubuntu doesn't seem great
<Folke> openvz, never heard that. Is it like xen? googling atm :)
<pr0le> it's containers, ie. VPS
<Folke> Ah, a parralells supported project.
<Folke> We have some mac's that runs parllels desktop here..
<pr0le> I'm thinking xen for live migration and then openvz for running different versions of PHP on different sites
<pr0le> yeah, I've got ubuntu installed on parallels desktop on my Mac, but I don't have enough memory to make it very usable
<Folke> Oh, so you can have many containers that runs different versions on the same server with openvz? Without "installing" multiple servers?
<pr0le> that's the way I understand it... little chroots
<pr0le> one kernel
<Folke> that sounds really like a nice feature.
<pr0le> yeah, and I know there are people with that set up, but I've got a lot to learn if I want to implement it :)
<Folke> One thing that I really would like to learn is sumfink like cfengine or another good config system. But there seem never to be enough time for that..
<zul> Folke: then you might want to look at puppet
<Folke> zul: I've read about it, do you use it?
<zul> Folke: no I dont but I have heard good things about it
<Folke> zul: That is newer than cfengine isn't it? That would be great if there was some preferred way in ubuntu to go :)
<zul> Folke: well there is landscape from canonical as well
<Folke> zul: Is that somthing that canonical hosts, and the servers are reporting to them? (knows to little..me)
<blueyed> linux-server triggers the nvidia black window bug for me. Is this a bug with package "linux" or "linux-restricted-modules-2.6.24"? The different kernel config settings should be this: http://pastebin.com/m89666bc
<zul> Folke: I dont know much about it
<blueyed> (no problems with -generic)
<zul> blueyed: you might want to talk to the kernel guys then
<blueyed> zul: woops.. I've meant to.. sry
<Folke> Well, time to in to the server-room and try out the new hardy beta :)
<n6rej> morning guys, I think 'm having a problem with postfix... I try to log onto my lan mailserver and it says plaintext not authorized
<Folke> Humm, trying to install hardy on a HP dl360g4p. And it seems like it has locked itself on cleaning up.. Can't switch console tty..
<Folke> Ah, no more numlock on the server.. doi.. I wonder if it is beq the qlogic hba installed on it?
<Folke> Humm, thats a nogo again.. Died on me again on libisccfg30.. I will try to reinstall it with 7.10.
<Folke> Is there anyway to see what repository is used when installing? I think that one here in sweden is having trouble today..
<Nafallo> Folke: cat /etc/apt/sources.list
<Folke> Nafallo: Tnx, but when installing hardy beta i get a hang on the dl360gp4. So I found that one repo here in sweden has problems. I tried an install with Debian etch on the same hw and it worked when i choose another repo.. But in hardy it selects repo autmagically.
<Folke> eh, I meant dl360g4p.. sry
<Nafallo> Folke: is this se.archive.ubuntu.com?
<Nafallo> and well. Ubuntu Hardy and Debian Etch is pretty far apart :-)
<Nafallo> could you try to force it to use gb.archive.ubuntu.com for example?
<Folke> Yes, but I should try it out for the ServerTeam and send in the result.. But I didn't get so far :)
<Folke> Nafallo: Yes, it is se.archive.ubuntu.com.. And I guess that it is the same network as ftp.se.debian.org that borked too..
<Nafallo> Folke: hmm. it is.
<Folke> When using the "standard" install it selects repo on basis on country settings?
<Nafallo> Folke: I've told the admin, but he seems to be idle at the moment.
<Folke> Nafallo: Ah, thanx! I have found another strange thing. I don't know if it is general bug or only problem with my hw. The install console F4 is only full of garble. lots of trash signs..
<peterdv> ï»¿Folke: Not general, I did a fresh (basic) install 5 hours ago based on dk.archive.ubuntu.com without problems.
<Folke> peterdv: I am now trying to install with finland country settings and see what happens.
<Folke> peterdv: Did you try to check the other consoles when you installed? Like tty4 / 5? I see only alot of trash text there. So I cannot see what goes right / wrong
<peterdv> ï»¿Folke: Sorry no. My install proceeded as usual, no custom fiddeling was needed in my case, so I just stayed in the console.
<Folke> Humm, now it stopped on "rebooting into your new system".  I'm going to try another server tomorrow.
<spmccann> i'm looking for some advice from the gurus
<spmccann> i need to backup a linux server, 20 or so windoes pcs and a couple of macs
<spmccann> i need the solituin to support an autochanger for offsiter tape storage
<spmccann> any recommendations
<sommer> spmccann: bacula should probably work for what your looking for
<_CitizenKane_> has anyone set up openvpn for a roadwarrior scenario?  was it straightforward or hard?  are there better options?
<spmccann> thanks sommer
<spmccann> have you used it yourself
<sommer> I've tested it, but haven't used it in production... there a those that do though :)
<spmccann> ok, was their a reason for not using it in production !
<sommer> don't have a tape drive, and the backup shell scipts I use work find so far
<sommer> er fine
<spmccann> ok cool
<spmccann> i'm tryingh to put somethink low maintaince in place
<spmccann> i'm doing some voleenteer work so the org I'm doing it for isn't cash rich
<sommer> I think it's pretty low maintanence... at least after you've got every thing configured... heh
<sommer> for a small number of machines it probably wouldn't be worth it, but with the number you're talking about and the multiple platforms, it probably is
<spmccann> yep the old multiuplatform support issues
<spmccann> the macs are a real kicker, but you know designers, it will be a cold day in hell b4 they give them up
<LeChacal> i am trying to set up a web and mail server on the same box that has two NICs and in /etc/network/interface i have everything set up with one IP per card. my question is when i point my browser to either of the two IPs they both go to the web site, is that a setting that I need to change or is that in the DNS and i need to contact my ISP to have them change it in their DNS? I dont have the mail part set up yet just apache.
<sommer> LeChacal: try adjusting the <VirtualHost *> at the begining of /etc/apache2/sites-available/default... change it to <VirtualHost IP_ADDRESS:80>
<LeChacal> sommer: ok i changed that now i am guess that i also want to change "NameVirtualHost" is that my domain name or is that just a name for the virtual host?
<sommer> LeChacal: I set it to the domain name of the site
<sommer> so yes :)
<LeChacal> sommer: thank you that worked
<sommer> np
<LeChacal> i am new to setting up a server but not new to Linux is there any good resources about setting up a server that would be good to read? i have read the things on the ubuntu site and parts of the apache documentation. Specifically web and mail servers.
<sommer> LeChacal: I'm kind of fond of: http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<sommer> that's the hardy guide so if you're using gutsy see: https://help.ubuntu.com/7.10/server/C/
<LeChacal> i am using dapper
<LeChacal> but i can find its
<LeChacal> add: page
<n6rej> can anyone please help me get my mail working properly?  I followed the directions but I can't access my mail from the lan and telnet doesn't work properly either.
#ubuntu-server 2008-04-11
<Kamping_Kaiser> 'doesnt work' doesnt help
<Kamping_Kaiser> afk. going to work
<n6rej> I don't know how to be more clear :(
<n6rej> if I try to access the mail from my windows box it says plain text authentication can't be used, and If I say secure it says its not setup for secure, and if I telnet it says nothing at all just blank.
<Centaur5> Could anybody that has owned or does own an Adaptec hardware raid card tell me if they have decent monitoring software that works in Ubuntu?
<J-_> what file do I have to configure to use vhosts?
<centaur5> I get access denied when trying to add windows xp to a samba domain. What would cause this when machine and user are added?
<n6rej> can anyone help me create a user that can ftp into /var/www?
<mactimes> Hi.  I've just installed Ubuntu Server in a VM, using RAID1 for all partitions, to test it's behavior in case of a disk failure.  I went through the same steps to install a debian server.  Debian could still boot after removing one of the disks, but Ubuntu isn't.  Could someone, please, help me out?
<nijaba> mactimes: could you check if your problem is similar to https://bugs.edge.launchpad.net/ubuntu/+source/mdadm/+bug/125471 and eventually add your configuration and comment about debian on it?
<ubotu> Launchpad bug 125471 in mdadm "Booting from a degraded array could be improved" [Medium,Confirmed]
<mactimes> nijaba: This is the problem.
<mactimes> nijaba: Exactly the same
<mactimes> nijaba: I was afraid I was doing something wrong, but I reinstalled both systems 3 times each, just to make sure.
<mactimes> nijaba: Debian won't fail, but Ubuntu will give me busy box shell.
<nijaba> Could you add a comment to it, please, mentioning your experience with debian?
<osmosis> if KVM is what is officially supported by Ubuntu now, how come no one has updated the doc?!  https://help.ubuntu.com/community/KVM
<nijaba> osmosis: the doc in progress is published on doc.ubuntu.com
<nijaba> osmosis: it will be moved to help.ubuntu.com at release time
<nijaba> osmosis: you will see that we have somehow done our homework
<osmosis> oh.. well..  good to hear then. cheers.
<mactimes> nijaba: Sure, I can.  But I don't see the point.  I've been talking to people at #debian a few days ago and, as per information provided by them, Ubuntu packages come from Debian unstable.  Would there be a downgrade?
<nijaba> mactimes: that is not completely true, and initramfs boot is one of the big differences
<mactimes> nijaba: Hum.  Ok.  I'll add a comment there, but I guess people will start pursuing me for the comment...
<nijaba> mactimes: nobody will force you to reply and you can unsubscribe from the bug at any time
<mactimes> nijaba: Right.
<nijaba> mactimes: thanks for your help
<mactimes> nijaba: I'm writing the comment now.
<nijaba> thanks a lot mactimes
<mactimes> nijaba: I'll let you know when I'm done.
<nxvl> does anyone has run ubuntu server on virtualbox?
<nxvl> i can't run dapper
<nxvl> i already run the installer
<nxvl> but i can't run the installed one
<mactimes> nijaba: Just posted it there.
<MatBoy> hi guys !
<MatBoy> is tehre a good tut to upgrade a debian etch box to a ubuntu-server box remotely ?
<MatBoy> *there
<henkjan> MatBoy: don't even try
<henkjan> MatBoy: do a fresh install
<henkjan> MatBoy: upgrading from debian to ubuntu is a pain
<MatBoy> henkjan, I thought the same actually, but it seems that people have done it
<ICU> That people have done it doesn't make it any better :)
<_ruben> MatBoy: remote upgrade: far from recommended, remote reinstall: possible depending on configuration :)
<MatBoy> _ruben, shut up :P no but why not ? I can try it remote, and after it I still can go to the DC :D
<MatBoy> _ruben, are you anywhere ?
 * _ruben is here
<MatBoy> _ruben, where ?
<_ruben> MatBoy: why not upgrade? dependency hell awaits you
 * _ruben points
<MatBoy> _ruben, if I need to reinstall it, I don't mind
<MatBoy> better try it than never did it... same as with... youy know :d
<_ruben> i wouldnt bother trying to upgrade .. i would give it a try using some debootstrap magic .. if you have a spare (temp root) partition available, and ideally a seperate /boot, then odds are looking good
<MatBoy> yeah I better see a reinstall too, much faster... but I don't want to go to the DC really
<_ruben> there's howto's available on how to install debian/ubuntu using debootstrap from any os for which debootstrap is avail
<_ruben> https://help.ubuntu.com/6.10/ubuntu/installation-guide/hppa/linux-upgrade.html .. first hit in google ;)
<MatBoy> _ruben, reinstall is easier ;)
<_ruben> sure, but if you dont want to go to the DC than this'd be the way to go :)
<henkjan> dist-upgrade from debian sarge to ubuntu dapper failed for me
<henkjan> did it once in an vm
<Folke> Hi, any thoughts about how to continue with a bugged out test install of hardy on dl360g4p?
<Folke> Do I fill out a bug or what do I do next?
<mok0> Folke: did you start from a CD?
<mok0> Folke: what's bugged about it?
<Folke> mok0: Yes, it hanged on me on 2 different occasions. Both on the last thing "restarting now".
<mok0> Folke: hmm, that has happened to me once... trying to remember what was wrong...
<Folke> mok0: Then I did a cold reboot and the system started as it should. But when installting I hade some strange things. On the other tty's the text was borked up really good. Alot of @ and strange signs?
<mok0> Folke: Is there enough space on the hard drive for the install?
<Folke> Yes, It is a HP dl360g4p with 32G hwraid 1.
<mok0> Folke: what's a dl360g4p?
<Folke> Yes
<mok0> Ah
<Folke> Is there something problematic with them and hardy?
<mok0> Folke: you can't have the boot partition on a raid AFAIK
<Folke> mok0: But it is an ordinary hw raid. So that it presented to the system as /dev/ccsis01. So the raid is transparent for the system?
<Folke> I will report it in the wiki, I did a test after the template in the serverteam pages.
<mok0> Folke: we have an HP G5, but I didn't install it...
<Folke> 380 g5?
<mok0> Folke: In our machine, both / and /boot are on a /dev/cciss/ device
<Folke> I planned to test on a dl380g4 and perhaps on a dl580g(?) next week.
<mok0> Folke: yes, that's the newest of HP's blades
<Folke> Ah.
<mok0> Folke: Can't remember the actual model no
<mok0> Folke: Oh, it's something with 580 too
<Folke> mok0: We have no blades here :( Too sad, I want to play with one :)
<mok0> Folke: or 380?
<mok0> Folke: What version are you trying to install?
<Folke> mok0: Just betatesting hardy. Not for production. Tried to help the serverteam with some testing on different hw.
<mok0> Folke: ah, ok. I think you should fill out a bug report at Launchpad rather than the wiki
<mok0> Folke: The good news is that it _should_ work, but hardy is in a pretty bad shape these days... (IMHO)
<mok0> Folke: It's been rock-solid for months, but I have gotten problems this last week
<Folke> mok0: When it entered beta?
<mok0> Folke: I am not sure... but there's been around 4 kernel rebuilds during the last week
<Folke> mok0: Auch. that's really what you not want when it goes stable :)
<mok0> Folke: ... and I guess it takes a while for all the drivers to catch up
<mok0> Folke: No!
<mok0> ... fortunately there
<mok0> is still a couple of weeks :-)
<Folke> mok0: Yes :)
<Folke> mok0: I cant seem to enter bugs at launchpad? Or am I looking at the wrong place? "https://bugs.launchpad.net/~ubuntu-server/"
<mok0> Folke: Yes, you need to start at the main page, then choose project "Ubuntu", then file a bug which is aimed at Ubuntu (and not a particular package)
<Folke> mok0: Ah, thanks!
<mok0> Folke: when you've done with the bug, you can subscribe the ubuntu-server team, then the bug will appear on their task list
<Folke> mok0: I am subscribing to the newslist. And asked for participation on the serverteam at launchpad. Is that the right way to go?
<mok0> Folke, no
<Folke> ack. I will never do right :D
<mok0> Folke: what is the number of your new bug?
<Folke> I filling out now.
<mok0> Folke: when you've hit save, come back here
<Folke> mok0: k.
<Folke> mok0:  #215686
<mok0> bug 215686
<ubotu> Launchpad bug 215686 in base-installer "Installation hang on dl360G4p and borked text on other consoles" [Undecided,New] https://launchpad.net/bugs/215686
<Folke> ah, k.. I understand.
<mok0> Folke: In the pink area under "Actions" find "Subscribe someone else"
<Folke> mok0: aye
<Folke> Shall I add ubuntu-server?
<mok0> Folke: That seems reasonable
<Folke> mok0: :)
<mok0> Folke: if you click on the link "Ubuntu Server Team" you can now see that your bug has appeared on their list
<Folke> mok0: Ah, then I understand how to assign bugs.
<mok0> Folke: ... and if you go to your own LP page, it is listed on your Bugs tab
<mok0> Folke: actually, it
<mok0> it's pretty nifty, but you gotta know who to subscribe :-)
<mok0> Folke: otherwise your bug gets lost among the 215685 others :-)
<Folke> mok0: Now when vmware has certified ubuntu on their esx'es I thought that I could try to give something back to the community.. So I started to test hardy on some hw that we have here.. Then I guess that JeOS is the thing that seems most interesting to us :)
<mok0> Folke: exactly
<mok0> Folke: we are actually running several servers on JeOS guest machines using kvm
<Folke> mok0: Ah, how does it do compared to "vanilla" server=
<Folke> ?
<mok0> Folke: you mean in terms of efficiency?
<_ruben> minimal install (just enough, hence the name) and special kernel (-virtual flavour)
<MagicFab> Folke, if you try JeOS beta today, be aware there is a bug in GRUB, although it's being fixed there is a workaround: https://bugs.edge.launchpad.net/ubuntu-jeos/+bug/215618
<ubotu> Launchpad bug 215618 in ubuntu-jeos "Grub installation fails on JeOS Hardy on KVM Hardy" [Undecided,Confirmed]
<mok0> Folke: It's a littlebit slower than running straight on the host. There is a bit of overhead in the internet bridge
<mok0> Folke: but it's super stable
<Folke> mok0: That sounds great! Thats what is needed. Stability is a sysadmins best dream :)
<_ruben> hmm .. reminds me, lets upgrade my hardy jeos test install :p
<Folke> _ruben: Are there alot of kernel switches that are different from vanilla?
<_ruben> Folke: dont think im the right person to ask that, am just another user, hardly playing with hardy yet
<Folke> Except from stripped and special kernel I guess JeOS is binary compatible with vanilla repo tree?
<_ruben> the repo's are identical .. just the base install differs between desktop/server/jeos
<lilsyko> guys
<lilsyko> i have an ubuntu 6.06LTS server
<lilsyko> i wanna upgrade it ver 7.10
<lilsyko> how do i go about performing the upgrade?
<_ruben> lilsyko: step by step .. 6.06 -> 6.10 -> 7.04 -> 7.10
<Folke> lilsyko: Is it a critical production server?
<_ruben> once hardy is final you'll be able to go 6.06 -> 8.04
<lilsyko> mail relay server
<lilsyko> quite critical
<lilsyko> but now in my country is 9.42pm
<_ruben> for 6.06 -> 7.10 reinstall is usually safer and faster
<lilsyko> go its a good time for an upgrade
<Folke> lilsyko: Ah, then perhaps wait to the next LTS?
<lilsyko> hmm
<lilsyko> maybe i'll do step by step
<lilsyko> as _ruben suggested
<_ruben> lilsyko: be ready for troubles tho, it *might* go cleanly, but dont assume so
<lilsyko> hmmm
<_ruben> 8.04 should be out by the end of the month .. so if you can wait, then do so ;)
<lilsyko> i mean 6.06 to 8.04
<lilsyko> is such a big ver jump
<lilsyko> wont it cause more issues?
<_ruben> but it *is* supported
<_ruben> 8.04 is also LTS
<_ruben> LTS -> LTS will be supported .. for non-LTS versions you have to go step by step
<lilsyko> ok
<mok0> _ruben: "end of the month"... does that mean that the advertised release day of April 24th has been postponed?
<lilsyko> weird
<lilsyko> i tried 'sudo do-release-upgrade --devel-release' pn my 6.06LTS server but it says
<lilsyko> No new release found
<_ruben> mok0: 24th is close enough to the end of the month for me to call it "end of month" .. didnt know the exact date by head ;)
<zul> lilsyko: did you follow the instructions in the release notes on the wiki for the beta?
<mok0> _ruben: ah ;-)
<lilsyko> yeah
<_ruben> 24th does sound awfully close though :/
<lilsyko> https://help.ubuntu.com/community/HardyUpgrades
<_ruben> with the current ammount of "problems" that is
<lilsyko> so any idea guys?
<_ruben> lilsyko: we already gave several
<lilsyko> i mean
<_ruben> and i doubt you want to upgrade a production server to hardy beta now
<Deeps> lilsyko: the page you linked suggests that the command you typed was for 7.10->8.04, rather than 6.06->8.04
<lilsyko> why isnt it showing the beta stuff? :P
<Deeps> lilsyko: see the section Upgrade from 6.06 LTS to 8.04 LTS
<lilsyko> thats for desktop
<lilsyko> i was reading the part that says
<lilsyko> Network upgrade for Ubuntu servers (recommended)
<Deeps> ah i see
<Folke> Do anyone know why there is LILO instead of GRUB in jeos?
<_ruben> Folke: you sure?
 * _ruben checks
<Folke> I looked at the bug 215618
<ubotu> Launchpad bug 215618 in ubuntu-jeos "Grub installation fails on JeOS Hardy on KVM Hardy" [Undecided,Confirmed] https://launchpad.net/bugs/215618
<_ruben> Folke: my jeos install has grub, not lilo
<_ruben> tho i aint using kvm
<Folke> _ruben: Oh, nice.. I thought that it was general in jeos.. sry
<_ruben> ah
<lilsyko> damn
<lilsyko> i tired the instructions as per the website
<lilsyko> but still no go
<lilsyko> _ruben
<lilsyko> wanna ask you
<lilsyko> it says to
<lilsyko> #
<lilsyko> enable the "dapper-proposed" repository
<lilsyko> so i enable it like this
<lilsyko> #
<lilsyko> enable the "dapper-proposed" repository
<lilsyko> deb http://us.archive.ubuntu.com/ubuntu/ dapper-proposed main restricted
<lilsyko> is it correct?
<_ruben> guess so
<_ruben> looks ok atleast
<lilsyko> hmm
<lilsyko> maybe need to include universe n multiverse also ?
<_ruben> doubt that, i'd expect the upgrade tools to be in main
<lilsyko> the weird this is u cant seem to install update-manager-core
<_ruben> i think i have a virtual 6.06 install somewhere, forgot on which server tho :/
<lilsyko> this is my sources.list file
<lilsyko> http://pastebin.com/d3343aa76
<lilsyko> is there an error somewhere?
<_ruben> looks ok at first sight, sudo apt-get update doesnt show anything odd ?
<lilsyko> nope
<_ruben> then the sources.list should be ok
<_ruben> hmm ..packages.ubuntu.com seems to be down
<_ruben> when browsing the dapper-proposed files i dont see any update related stuff either.. wouldnt know where to go from there
<peterdv> ï»¿lilsyko: as ï»¿Folke pointed out ï»¿8.04 is currently in beta test. It has not been released yet. It is not advisable to install the current version on a production server. As ï»¿_ruben pointed out, you will have troubles.
<Deeps> heh
<_ruben> wtf .. im seeing unicode stuff or smth
<Deeps> yeah me too
<Deeps> lots of \ufeff
<_ruben> hmm .. irssi on linux shows em fine, irssi on windows doesnt
<Deeps> irssi on freebsd doesn't like it
<_ruben> gotta love irssi's proxy
<_ruben> guess the windows version isnt too keen on unicode ..lets check settings
<_ruben> or perhaps its the irssi proxy that messes things up .. oh well
<henkjan> _ruben: you are using irssi on windows? or just ssh with putty to an linux machine running irssi?
<_ruben> henkjan: irssi on windows connecting to an irssi on ubuntu
<_ruben> nasty setup, i know :)
<henkjan> :)
<_ruben> linux one's running in a screen with irssi proxy enabled
<lilsyko> yeah i think i'm gonna abandon the project of goin for 8.04
<lilsyko> maybe i'll stick with 7.10
<peterdv> ï»¿lilsyko: ... or just wait untill the release planned at the end of the month.
<sommer> sweet
 * delcoyote hi
<lilsyko> guys
<lilsyko> will JeOS work on a physical system ?
<lilsyko> instead of a VMWARE server?
<zul> I dont think so but I have never tried it
<nijaba> lilsyko: no it will not
<lilsyko> hmmm k
<lilsyko> just tot it may work
<nijaba> lilsyko: it is meant to work only with vmware server, ESX (and KVM in 8.04)
<nijaba> lilsyko: we have stripped the kernel clean of all unecessary drivers, so it should not
<lilsyko> but JeOS is quite slow to install in a vmware session.
<nijaba> lilsyko: you can do a minimal iso install instead
<lilsyko> i'm installing 1 right now
<lilsyko> but it stoped at the screen 'select and install software'
<nijaba> lilsyko: try ubuntu-vm-builder on 8.04.
<lilsyko> 90%
<nijaba> lilsyko: the mini iso is stuck?
<nijaba> lilsyko: which version?
<lilsyko> JeOS
<lilsyko> jeos-8.04-beta-jeos-i386.iso
<nijaba> lilsyko: on real hw? surprised you got so far
<lilsyko> nope
<lilsyko> on VMware server 1.0.4 on gOS
<nijaba> lilsyko: plus there is a (transitinal) problem today with the repositories for hardy, so installs will fail anyway
<lilsyko> damn
<lilsyko> looks like i have to download a new iso
<lilsyko> but i didnt download the beta iso
<lilsyko> sorry
<lilsyko> i didnt download the daily iso, i downloaded the beta iso
<nijaba> lilsyko: the issue is not with the iso, but with the repository
<lilsyko> ok
<nijaba> lilsyko: so keep your iso and wait til tomorrow
<nijaba> lilsyko: https://bugs.launchpad.net/bugs/215618
<ubotu> Launchpad bug 215618 in ubuntu-jeos "Grub installation fails on JeOS Hardy on KVM Hardy" [Undecided,Fix released]
<lilsyko> hmmm so
<lilsyko> JeOS downloads the packages from the repo as it installs?
<lilsyko> intresting
<nijaba> lilsyko: no, it updates them
<nijaba> lilsyko: the ones that needs to, that is
<lilsyko> ok
<lilsyko> i mean can i do an offline intallation ?
<nijaba> lilsyko: the objective is to provide the user with a secure system at first boot, but yes, an offline install should work today
<lilsyko> ok
<lilsyko> is the kernel compiled specifically for vmware?
<lilsyko> is vmware-tools installed into jeos by default?
<nijaba> lilsyko: yes (and kvm), it is named -virtual for that reason
<nijaba> lilsyko: no, because there is one version of vm-tools per vmware type (and version)
<nijaba> and we don't need it for kvm
<lilsyko> ok
<nijaba> lilsyko: there is an open-vm-tools version in the hardy repo, but it is not supported officially by vm-ware and does not provide all functionalities yet
<lilsyko> k
<lilsyko> i wanna transission frm gentoo to JeOS
<lilsyko> thats why i'm intrested to get it working on vmware
<nijaba> lilsyko: sure, sounds like a good plan
<MatthewMetzger> Hello
<MatthewMetzger> I'm using Hardy server and I'm having a problem with RAM being cached and not released. I ran the same services on a slower machine with Dapper LTS and did not experience this problem. I can give more specifics about services running and hardware, if anyone is interested.
<nijaba> MatthewMetzger: do you have steps to reproduce your issue, or does it involve some sensitive code/data?
<kirkland> MatthewMetzger: hi, i'd like to hear more about your issue
<MatthewMetzger> nijaba: no sensitive code or data. I'm running all services off of packages installed from ubuntu's repositories.
<MatthewMetzger> The only change in services is that I'm now running webdav extension of apache.
<MatthewMetzger> I'm running squid and squidGuard, which are known to have memory issues
 * nijaba letting kirkland dive into this
<MatthewMetzger> but I didn't have memory issues on Dapper LTS
<kirkland> MatthewMetzger: i386?  amd64?  same on both?
<mathiaz> MatthewMetzger: how do you know that RAM is cached and not released ?
<MatthewMetzger> i386 (Mac mini Intel hardware)
<MatthewMetzger> mathiaz: I'm watching it with "free -m"
<MatthewMetzger> I also run "ps aux" and see that very little is actually actively being used by applications.
<lilsyko> yay~ i managed to upgrade my 6.06LTS to 8.04beta
<lilsyko> with no issues so far
<kirkland> MatthewMetzger: how much total memory?
<MatthewMetzger> 1 GB
<kirkland> MatthewMetzger: can you paste the output of "free" ?
<MatthewMetzger> sure
<MatthewMetzger>              total       used       free     shared    buffers     cached
<MatthewMetzger> Mem:           979        951         28          0         81        789
<MatthewMetzger> -/+ buffers/cache:         80        899
<MatthewMetzger> Swap:         2870         25       2845
<Deeps> lilsyko: other than all the issues you had trying to do the upgrade? what was the problem in the end?
<MatthewMetzger> I have run "sync; echo 3 > /proc/sys/vm/drop_caches" to clear the caches (I know it is not recommended)
<lilsyko> only had a few issues before the upgrade
<lilsyko> it could locate the upgrade
<lilsyko> so what i did was removed update-manager-core
<lilsyko> del /var/lib/update-manager
<lilsyko> enable update-proposed in sources.list
<kirkland> MatthewMetzger: you wouldn't happen to have a similar dump of "free" from dapper, huh?
<MatthewMetzger> After restarting the machine or clearing the RAM cache, free shows that the cache slowly builds up after a period of 8 hours or so.
<lilsyko> enable also multiverse & universe for dapper-proposed
<MatthewMetzger> kirkland: not with the same services. no.
<Deeps> heh, quite a few steps then
<lilsyko> then reinstall update-manager-core
<lilsyko> then off you go
<Deeps> hehe
<Deeps> i wont be upgrading my 6.06lts then
<Deeps> although it should be out of commission by that time
<Deeps> by the time 6.06 is no longer supported, that is
<MatthewMetzger> Deeps: I had to use Hardy instead of Dapper LTS because I was moving to Mac mini hardware
<Deeps> MatthewMetzger: um, ok?
<MatthewMetzger> sorry, crossed conversations, maybe :)
<Deeps> i think so!
<Deeps> :)
<MatthewMetzger> I think my problem may be related to squid, but I'm not sure how to isolate it to make sure.
<MatthewMetzger> And, like I said, it ran fine with the same configuration on Dapper
<MatthewMetzger> I suppose I could set up another machine with Hardy, set up squid with the same configuration and see if it has the same memory issues. That would be a lot of work, though.
<kirkland> MatthewMetzger: can you just turn off squid?
<lilsyko> hmmm so far my hardy is good
<kirkland> MatthewMetzger: /etc/init.d/squid stop
<lilsyko> will test it out a while and let u guys know k
<lilsyko> btw this is a heavyly used production email relay server
<MatthewMetzger> kirkland: I can turn it off for testing, of course, but it is a necessary service.
<lilsyko> relaying about 1000+ mails a day
<lilsyko> :P
<nijaba> lilsyko: postfix, no dovecot?
<kirkland> MatthewMetzger: sure, i just meant to isolate it
<kirkland> MatthewMetzger: perhaps turn it off for one boot, reboot
<kirkland> MatthewMetzger: give it a fixed amount of time
<kirkland> MatthewMetzger: 10 minutes?  30 minutes?  60 Minutes?
<kirkland> MatthewMetzger: do the same with a fresh boot with/without squid
<MatthewMetzger> I can't turn it off right now as people are actively using the proxy as we speak, but I can test it over the weekend perhaps. I can maybe do it this evening.
<kirkland> MatthewMetzger: measure "free" at regular intervalas
<kirkland> intervals
<MatthewMetzger> Thanks kirkland
<kirkland> MatthewMetzger: one more question....
<kirkland> MatthewMetzger: is the high cache usage causing noticeable performance problems, or are you just a memory tuning "nut"?   :-)
<lilsyko> postfix only
<nijaba> lilsyko: thanks
<MatthewMetzger> kirkland: :) It's causing problems. Squid stopped on its own because it ran out of memory. I had to restart it. Then later, the whole machine became unresponsive and had to be rebooted.
<kirkland> MatthewMetzger: arg, that is bad
<kirkland> MatthewMetzger: how much disk cache have you given Squid?
<MatthewMetzger> Very different performance than from Dapper.
<MatthewMetzger> very little, as I'm mainly using squidGuard as a proxy filter and don't really care about the cache. I think it is actually only 1 MB.
<kirkland> MatthewMetzger: i'm going to install Hardy and Dapper + squid in a pair of VM's right now
<kirkland> MatthewMetzger: will you be around a bit, such that I can duplicate your configuration reasonably?
<MatthewMetzger> kirkland: I have to do lunch and will be gone for an hour or so after. I can hover on the channel a bit later today.
<MatthewMetzger> by the way: cache_mem 1 MB
<kirkland> MatthewMetzger: in any case, could you open a bug in Launchpad against squid?
<MatthewMetzger> from the squid.conf
<kirkland> MatthewMetzger: subscribe me to it (kirkland@canonical.com)
<kirkland> MatthewMetzger: and we can communicate that way if you're not in IRC
<MatthewMetzger> kirkland: I haven't opened a bug before, but it'd be a great learning experience for me. I'll try to do it later this afternoon :)
<kirkland> MatthewMetzger: thats fine, ping me here if you need help opening the bug
<MatthewMetzger> At this point, I'm just guessing it's squid.
<nijaba> MatthewMetzger: go to https://bugs.launchpad.net/squid/ and click on 'report a bug'
<MatthewMetzger> thanks nijaba. I'll be back later.
<chimp> Hey ive just set up ubuntu server on a new system, but strangely i cant get it to connect to my local network
<chimp> it has 2, gigabit lan connectors, but neither seem to connect
<chimp> ive tried turning off one of the lan connectors in the bios, but that didnt help
<chimp> is there an automated way i can try connecting it, ive set up the /etc/network/interfaces file identical (cept for its ip) to another ubuntu server i have running, and it connects the other server fine
<dthacker-work> chimp: does 'sudo ifconfig' show a network address set?
<dthacker-work> chimp: and I have to ask this :)  If you have a dual nic, are you plugged in to the right port?
 * dthacker-work wouldn't ask if he hadn't made the mistake himself......
<chimp_> argh
<chimp_> dthacker-work: for sudo ifconfig, using both ports it shows inet addr as the one i set statically
<chimp_> if i set dhcp, then it tries a few times, then says no offers received
<chimp_> this is trying on both ports
<chimp_> Its a gigabit ethernet port, but the router its connect to is only 100mbit, could this cause the problem?
<chimp_> And is there any other config files for networking other than /etc/network/interfaces that i should worry about
<dthacker-work> chimp_: does ifconfig show packets being received and sent?  If so, can you ping the device you are connected to?
<chimp_> pinging the router does nthing, and it doesnt receive packets me things, it has many dropped packets
<dthacker-work> chimp_: can you pastebin your /etc/network/interfaces?
<chimp_> hard to do considering its not connected to the net :P
<chimp_> Any specifc part that would be interesting?
<dthacker-work> ummmm yeah
<dthacker-work> what's your server ip address and router ip address?
<chimp_> inet addr: 192.168.1.42 Bcast:192.168.1.255 Mask:255.255.255.0
<dthacker-work> that's the server, right?
<chimp_> yep
<chimp_> the router is on 192.168.254
<chimp_> Its really odd as i said, another ubuntu server is connect absolutely fine
<dthacker-work> what's your default route?
<dthacker-work> chimp_: do you have a gateway set?
<chimp_> 192.168.1.254
<dthacker-work> is it showing up in netstat -rn?
<chimp_> never done that before
<chimp_> it gives 2 sets
<dthacker-work> look for the one that starts with 0.0.0.0
<dthacker-work> 0.0.0.0         10.0.35.250     0.0.0.0         UG        0 0          0 eth0
<dthacker-work> that's mine
<chimp_> 0.0.0.0 192.168.1.254 0.0.0.0 ug 0 0 0 eth0
<chimp_> thats the second one
<dthacker-work> looks good
<chimp_> the first one has destination of 192.168.1.0
<dthacker-work> we could look at the link
<dthacker-work> 'sudo ethtool eth0' or whatever number you are working with
<chimp_> ahh
<chimp_> it says its speed is 1000Mb/s
<chimp_> it shouldnt be
<chimp_> the router cant handle gigabit
<dthacker-work> that might be it, but most newer cards auto-negotiate.
<chimp_> erm wtf
<chimp_> its working now
<dthacker-work> \o/
<chimp_> found out why
<dthacker-work> .....and?
<chimp_> my housemate just plugged it all into a gigabit swithc
<chimp_> so it really didnt like being plugged into 100mbit
<dthacker-work> hehe.  cool,  glad you found the trouble.
<chimp_> lucky we had some gigabit stuff lieing around
<chimp_> How does ubuntu server compare to other linux servers, btw?
<leonel> the differences are support  and  software updates
<leonel> is the same kernel and same  server programs
<infinity> (more or less)
<infinity> We do put some effort into integration of said applications.
<leonel> infinity: and very good integration
<leonel> infinity: and that's one of the  ubuntu features that made a big difference     JUST WORKS !
<leonel> chimp_: and another is the great community  supporting ubuntu
<chimp_> This is very true
<chimp_> This is annoying, i rebooted the server and it will no longer connect again
<chimp_> i didnt even change anything
<chimp_> :S
<chimp_> Is there a way for me to configure it to only use 100mbit
<Deeps> as in, force your link speed to be 100mbit?
<Deeps> rather than autoneg to something else like 10mbit half duplex?
<chimp_> yes
<Deeps> could do via the interfaces file
<pr0le> mii-tool, but it's probably not persistent
<Deeps> yeah, i was gonna suggest adding a post-up line to your interface configuration
<chimp_> before when i did sudo ethtool eth0  it gave me a list of possible connection speeds ie. 10/100/1000
<Deeps> post-up ethtool -s <int> autoneg off speed 100 duplex full
<chimp_> now it doesnt show them
<Deeps> sudo ethtool <interface>
<Deeps> eg, sudo ethtool eth0
<chimp_> yer, what im saying is that before i rebooted it listed possible speeds, doesnt anymore
<Deeps> is the cable plugged in?
<Deeps> what output does it give?
<chimp_> supported ports: fibre, link modes: 1000baseT/Full, auto-nego: yes Advertised link modes: not reported, advertised auto-negotiation: yes speed: 1000Mb/s, Duplex full, port fibre
<chimp_> and a few others after that
<chimp_> Its very odd that it worked then stopped working
<Deeps> advertised link modes: not reported, suggests an issue on the other side
<chimp_> It gave speeds before i rebooted tho
<chimp_> turning off router/switch etc.
<chimp_> brb
<chimp> well that didnt work
<chimp> this is driving me up the wall
<chimp> Its basically dropping all packets it receives
<chimp> what command would show me all ethernet connections possible?
<chimp> lsbvwp11
<chimp> oops
<zul> ifconfig -a
<MatthewMetzger> kirkland: the problem wasn't squid. At least, I don't think so. Did you find any differences between Dapper and Hardy concerning squid?
<MatthewMetzger> I think I have a memory leak in a perl website cgi script.
<frame45> does anyone know how I can get an ftp domain name to work? ex: ftp.mysite.com
<m11> hello
<m11> i have problem with my DHCP server not starting. i added interface to /etc/default and added all needed information to /etc/dhcp3/dhcp3-server , where can i check more why is failing to start ?
<lilsyko> guys
<leonel> frame45: take a look at :   https://help.ubuntu.com/ubuntu/serverguide/C/ftp-server.html  and  https://help.ubuntu.com/ubuntu/serverguide/C/dns.html
<lilsyko> how do i remove unused packages on a debian server?
<leonel> m11: check in /var/log/syslog
<lilsyko> i have removed a few core packages
<m11> tnx leonel
<lilsyko> now i wanna remove the additional packages that were installed with it and are no longer used
<lilsyko> hwo do i do that?
<frame45> i think it's: sudo apt-get remove (name of package)
<lilsyko> yeah i have done that
<lilsyko> i'm running this command now
<lilsyko> dpkg -P $(dpkg --list | grep ^rc | awk '{ print $2; }')
<frame45> thanks leonel
<lilsyko> is it ok ?
<m11> it says:no subnet declaration for eth0 (0.0.0.0) , but that is first setting in my config:subnet 192.168.1.0 , what i am doing wrong ?
<m11> can i add interface to dhcpd.conf somehow ?
<mathiaz> sommer: Have you seen the mentoring request on ubuntu-doc ?
<sommer> mathiaz: yep
<sommer> are you referring to the most recent one?
<mathiaz> sommer: yes - grab him !
<sommer> mathiaz: does he live in north carolina too?
<sommer> heh, yep I was plannig on responding
<sommer> got caught up with some sql stuff this afternoon
<sommer> mathiaz: he's grabbed... heh
<mathiaz> sommer: kwel - I was wondering what he could work on
<mathiaz> sommer: since the serverguide is almost done for hardy
<sommer> mathiaz: ya, I asked that myself... I pointed him toward the Server Idea Pool page with the new content ideas
<sommer> mathiaz: if he replies back I'll suggest the help wiki as well :)
 * faulkes- grumbles
<sommer> faulkes-: it'll be okay
<MatthewMetzger> mathiaz: does the serverguide for hardy include info on running virtual machines so that they're on the same local network as other real machines (not a NAT creating a virtual network)?
<MatthewMetzger> I'm interested in looking over the serverguide if there's a url for it
<sommer> MatthewMetzger: sure does: http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<MatthewMetzger> sommer: Thanks!
<sommer> np
<faulkes-> sommer: people who don't read email and wait until the last second to do things, well, they make me want to drink more than I do anyways
<sommer> heh, I know the feeling
<faulkes-> there is a terrible shortage of alcohol in the office currently, it is most distressing
<sommer> you should get a job at a brewery or distillery :)
<balzac> hello
<balzac> anyone not idling ?
<saltedlight> hi everyone. i need some advices to setup an dns auto-updater on a server with a dynamic ip... anyone have any ideas?
<balzac> helo
<saltedlight> :))
<saltedlight> hi again :D
<balzac> I'd like to help but I don't know anything about it
<balzac> saltedlight: are you using eBox?
<saltedlight> no
<balzac> it's going to become a part of ubuntu-server, I think
<saltedlight> what i realy need is a script or something to check my ip and if is changed to auto-update the ip on the dns server...
<balzac> http://digg.com/linux_unix/eBox_slated_to_be_the_official_Ubuntu_server_management_tool
<saltedlight> never used eBox 'till now...
<balzac> it gives one centralized administrative interface for lots of possible networking configurations
<balzac> not sure if it would help you though
<balzac> I'm pretty ignorant of networking. It's very complex.
<saltedlight> the only thing that i need is to have a dns instead of a ip... and my isp has the ridiculous idea to change the ip's when tey think will be 'good' to have some changes...
<saltedlight> i dont realy know how to search this on manuals or any other kind of docs related to networking...
<balzac> All the documentation I find on eBox assumes the reader knows networking already
<balzac> NAT, DHCP, all kinds of other crap I don't know much about
<balzac> it's a bloody mess of different networking protocols, none of them simple and they can interfere with each other
<saltedlight> ya right... some one said long time ago about ubuntu: "linux for human kinds? well i need linux for dummies!"
<saltedlight> ;))
<balzac> I should be a software designer because I could build applications which can be used without a PhD
<balzac> most software only gives you hints
<balzac> most writers of software documentation write from a subjective point of view
<saltedlight> i know... there are tons of scripts that do auto-update... but none is doing the job by himself... it has to be started manualy...
<balzac> can you make a cron job to call one of those scripts?
<balzac> or a cron job to call a shell script to call your update script?
<saltedlight> and will that crontab or what you may call it will do the job if the ip will be changed by the @#$%^& ISP?
<balzac> maybe have a variable which gets the current ip? easier said than done...
<saltedlight> they changed my ip twice in a half hour... and this still being connected... dont know how...
<balzac> ok, your computer is a client of their DHCP server, in order to follow their IP changes, right?
<saltedlight> yes
<saltedlight> i have to connect with pppoe
<saltedlight> and then tey give me wan ip
<balzac> is there any way for your update script to query their DHCP server or your DHCP client to get the latest IP?
<m1r> i have set eth0 as default interface in /etc/default/dhcp3-server for DHCP server, but it constanly going out on wlan0, anyone have idea what is going on ?
<balzac> it's easy to conceptualize, much more difficult to do.
<CannibalM> oh thank god, there is a server room!
<balzac> yeah, but it's very small
<CannibalM> Ok, Proliant 1600, network cards are not functioning. I am newer with linux so have yet to get a non functioning network card to work. So, any ideas?
<balzac> I think Canonical needs to sell more LTS licenses
<CannibalM> I already have 5 other boxes running server edition hosting stuff, but yet can't figure this small thing out.
<kirkland> CannibalM: what version?
<CannibalM> It's server 7.10
<kirkland> CannibalM: what kind of network card?
<CannibalM> shows up during the configurations, and shows the card type, when I go to run from there, ifconfig shows nothing.
<CannibalM> one sec, gonna pull the exact model.
<saltedlight> so will this be possible? boot > connect pppoe > update dns on no-ip.org or something > 'fill' if the ip changes > if ip change then re-update dns ??
<balzac> that question is over my head
<balzac> I was just hoping I could get some help with eBox, but their channel is only a handful of people
<balzac> I know jack-squat about networking
<saltedlight> anyone else please?
<CannibalM> So exact model not sure, it just reads "Compaq Netelligent Integrated 10/100 T"
<m1r> saltedlight: no-ip should work automaticly
<CannibalM> thats all ubuntu shows, and thats all I know. Integrated.
<CannibalM> As well, I have an expansion card with duel ports, if those would be easier I can pop the card and check the model as well.
<saltedlight> and if i get disconnected will the no-up client re-update the ip or i'l have to rerun the command manually?
<m1r> saltedlight: update on every conection
<CannibalM> Any thoughts anyone?
<saltedlight> and how exactly i have to do that? using a cron job or what?
<m1r> saltedlight: http://no-ip.org
<kirkland> CannibalM: you can check the hardware much easier than popping the box
<kirkland> CannibalM: use "lshw" and "lspci -v"
<balzac> CannibalM: http://ubuntuforums.org/showthread.php?t=698747  <-- this thread might help
<balzac> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.20/+bug/99821
<ubotu> Launchpad bug 99821 in linux "Compaq Netelligent 10/100 TX PCI TLAN driver missing" [Medium,Fix released]
<balzac> "Compaq Netelligent 10/100 TX PCI TLAN driver missing"
<CannibalM> I'm reinstalling ubuntu now.
<CannibalM> I was thiiiiiiiiiiis close to using MS server 03
<CannibalM> but sc#@$@ that.
<CannibalM> lol
<balzac> drivers is the only thing winblows has going for it
<CannibalM> exactly.
<balzac> I think M$ subsidizes hardware companies to keep drivers out of our hands.
<CannibalM> so the question is, where is that info on the missing driver in linux?
<CannibalM> the launchpad section:
<balzac> that is the question
<balzac> maybe an older kernel would help
<balzac> older ubuntu v6.1 perhaps
<balzac> but that's no fun
<balzac> the linux kernel shouldn't need to have driver compatibility built in
<balzac> it should all be modular
<CannibalM> perfect answer,
<CannibalM> hopefully you guys can explain this to me then...
<CannibalM> how can I check the kernal on my server? Like the actual kernal version?
<CannibalM> *kernel
<m1r> uname -a
<CannibalM> hmm ok cool thanks,
<CannibalM> so in theory It should install the driver automatically then
<m1r> for ?
<CannibalM> But once the install is finished and I log in, ifconfig shows nothing but a loopback
<CannibalM> as well, during install I can't get an IP.
<m1r> for ethernt card?
<CannibalM> exactly.
<CannibalM> pulls nothing it seems.
<CannibalM> Meanwhile, I have like onboard, a dual port ethernet card, and a third single card.
<CannibalM> nothing can get an IP during install. So I'm just trying to get any of them to function and install
<CannibalM> I figure, one port functioning is all I need for now to start developing on it and ssh'ing in.
<m1r> <sugests realtek
<Zylogue> hello, all...I used Ubuntu server 5.x a while back.  I recall in it was a web fronted mp3 player.  This app would be great for a multimedia server I'm looking at building.  Does anyone recall the name of this app, or similar app?  I would like the music to play locally to that machine, out the soundcard audio jack and into the stereo.  Thanks
<mathiaz> kirkland: https://bugs.launchpad.net/bugs/215998
<ubotu> Launchpad bug 215998 in squid "possible memory leak in Hardy's squid" [Undecided,New]
<mathiaz> kirkland: were you able to reproduce it ?
#ubuntu-server 2008-04-12
<Centaur5> Would anybody in here be able to tell me if Adaptec has decent raid monitoring software for their cards in Ubuntu?
<Zylogue> hello, all...I used Ubuntu server 5.x a while back.  I recall in it was a web fronted mp3 player.  This app would be great for a multimedia server I'm looking at building.  Does anyone recall the name of this app, or similar app?  I would like the music to play locally to that machine, out the soundcard audio jack and into the stereo.  Thanks
<m1r> i am trying to follow this tutorial https://help.ubuntu.com/community/PXEInstallServer , but dhcp server dont start after install, what could i do about it ?
<warchief_ryan> does anyone know what is required to use squid?
<warchief_ryan> if anything
<owh> Salutations. I'm in need of some peer comment. I have a server running rsync. A cron job checks every minute for the existence of a directory called 'current' and if it exists, it moves it into a time-stamped tree, yyyy/mm/dd/hh:mm. When a client connects, it syncs to a directory called 'current'. This works well.
<owh> The client's sync continues into the correct (now moved) directory.
<owh> All good. Now I want to add --link-dest to the client's sync command.
<owh> On the server I can add a sym-link to an appropriate directory and name it "previous". If I don't touch the sym-link, all is well. What I don't know is when and how and if the --link-desk=../previous is actually used. rsync with verbose doesn't mention the previous directory and strace does not reveal any further detail.
<owh> I've tested the above both locally and across a network. No difference in the strace results that I can determine.
<owh> So, I could create a cron-job that changes "previous" to the second-last backup, but it's far from a "known" state. I doubt that I can link-dest into the whole dated tree - the rsync server/client will likely run out of memory.
<owh> Any comments/suggestions/insights?
<owh> BTW, I'm doing this so that the client can just run a simple rsync command across any OS without the need for other applications etc.
<owh> Was my question that obtuse?
<dthacker-work> I don't know, I wasn't here when you asked it.
<owh> Fair enough :-) - rather than repeat it, I'll link to the log: http://irclogs.ubuntu.com/2008/04/12/%23ubuntu-server.html
<owh> (It's the last question :)
<dthacker-work> owh:  sorry, doing database restart.  I haven't even bent rysnc like that. sorry.
<owh> dthacker-work: Fair enough.
<AlexC_> hey
<AlexC_> My Postfix is throwing up errors such as ' warning: cannot get private key from file' however the file does it, what could be causing this?
<dthacker-work> AlexC: what was the last thing you changed?
<AlexC_> dthacker-work, that's the weird thing, I haven't touched anything at all =\
<AlexC_> the only thing that has changed is the VPS has migrated to a different datacenter last night, since then it has not been working
<dthacker-work> VPS?
<AlexC_> virtual private server
<dthacker-work> hmm.  Are you sure all your keys migrated with your virtual server?
<dthacker-work> that's where I'd look first
 * dthacker-work sees sleep on the horizon....
<AlexC_> they should have, it was just the physical location of the server that changed, the data has stayed on the same machine
<dthacker-work> did the hostname change at all?
<AlexC_> no, everything is the same
<AlexC_> anyway, thanks dthacker-work however I must be off, I'll pop back in later
<symtab> hello
<symtab> any ideas how i can fix this problem:
<symtab> Ignoring unknown interface lo=lo.
<symtab> /etc/init.d/loopback start
<robc4> Did anyone do the 2.6.24-16 kernel upgrade for Hardy Server?
<AlexC_> hey all
<AlexC_> I've got an issue with the SSL certificate for Postfix, getting this error when sending email:  "warning: cannot get private key from file"
<AlexC_> the cerficate does exist, and everything is in place. This issue only occured after my VPS host was migrated (the physical master server moved to another datacenter)
<AlexC_> a ha .... I have fixed that issue, however there is one left
<AlexC_> it seams ClamAV is playing up, here are the errors:http://paste2.org/p/20160
<MatthewMetzger> kirkland: regarding my memory cache problem, is it safe for me to run this command as root to clear the cache: "sync; echo 3 > /proc/sys/vm/drop_caches"?
<cjsstables> hello all.  I have been following rrcoumputerconsulting's howto for setting up ubuntu server as an samba-ldap server, but I always hang on reboot at the very last step.  Is there a know bug with ubuntu server?
<MatthewMetzger> cjsstables: I'm new here, so I don't know. But you could check https://bugs.launchpad.net/ubuntu
<balzac> hello
<balzac> anyone using ebox?
<hubuntu> hei everybody! I'm writing a presentation for the FLISOL (http://www.flisol.net/ LatinAmerican Installation Festival by april 26th) to be used by all spanish speaking LoCo teams around the continent. Anyone has a preentation laying somewhere which shows the advantages of Ubuntu in the server room?
<hubuntu> I'm specially interested in Hardy features
<hubuntu> so if anyone has something lying down or want to chat about what i should include right now, please do
#ubuntu-server 2008-04-13
<MatthewMetzger> kirkland: around?
<MatthewMetzger> anyone awake here? I'd like to chat about how ubuntu server handles memory.
<nijaba> MatthewMetzger: hello
<MatthewMetzger> hi nijaba :)
<nijaba> MatthewMetzger: I have read our report
<nijaba> YourMomsHero, even
<nijaba> "you", even (stupid autocopletion)
<nijaba> do you have cron jobs active on yor server?
<MatthewMetzger> okay. I'm specifically wondering if "sync; echo 3 > /proc/sys/vm/drop_caches" is okay to run to clear the caches.
<nijaba> what is mysql doing?  Is it polled by someone?
<MatthewMetzger> Yes, I have a few cron jobs set up. Nothing changed, though
<MatthewMetzger> mysql is running. It is being used as a database for our library server (Koha). I'm going to do an upgrade of Koha later tonight (alpha to beta).
<MatthewMetzger> What do you mean by "polled"?
<nijaba> MatthewMetzger: I don't think dropping the cache is a good idea with mysql running
<nijaba> polled: receive request on a regular basis
<nijaba> can you try stopping mysql and see if cache continues on growing?
<MatthewMetzger> no polling. The database is used infrequently (students don't search for books often).
<nijaba> MatthewMetzger: so right now, no student uses it?
<MatthewMetzger> I can stop mysql, but only over the weekend.
<MatthewMetzger> actually, yes. The service is used every day, but it just doesn't have much traffic.
<nijaba> just to see, that's the first thing that comes to my mind to try isolate the problem
<MatthewMetzger> I understand and agree.
<nijaba> at the rate the problem occurs, you should see the difference quite fast
<MatthewMetzger> is having large amounts of memory cached normal? I don't recall seeing this on my other ubuntu installs.
<nijaba> I am going to bed quite soon, but leave me a message here, I do read logs when highlighted
<nijaba> MatthewMetzger: yes, it can be, if it never goes to swap.
<nijaba> cache is good: it is data you do not go fetch to the disk
<MatthewMetzger> nijaba: thanks. I understand better now.
<MatthewMetzger> have a good night :)
<nijaba> thanks, have a good whatever for your tz
<MatthewMetzger> American/Central/Chicago time zone
 * saltedlight hi. anyone know why ubuntu 8.04 identify ATA hard drives as SATA ?!? on every system ?!? is this a known bug or what?
 * saltedlight after dist-upgrade ubuntu is not booting because I/O on SDA witch should be HDA and if i boot on the old kernel (found on grub menu) is ok... anyone know how to fix that? 
 * delcoyote hi
<rhineheart_m> few days from now and hardy will be released. any update?
<rhineheart_m> hello.. what's the purpose of DHCP server in ubuntu?
<rhineheart_m> anybody here uses ipcop?
<hubuntu> Is an entry/profile for ebox automated installation in Hardy as there is one for LAMP in Gutsy?
<hubuntu> I'm writing a presentation for ubuntu server
<hubuntu> come on it's the second day I come around and NOBODY answers:  I am just wondering if it has become one of the choices for an automated server installation or not (like LAMP, OpenSSh, etc...)
<Deeps> no idea, check the documentation on the website, or download the beta iso and check it out
<Deeps> if you're doing a presentation on the latest ubuntu, screenshots are a useful tool, you probably want to virtualize the current release to take good snapshots from
<hubuntu> I know, but I must finish the basics for tomorrow and there is a lot to cover. The presentation ewill be hold the 26th sp by that time I will have screenshots :)
<hubuntu> thanks for the advice
<Deeps> good luck
<Deeps> suerte ;)
<hubuntu> The more I write, the better I realize Ubuntu is in the server ;) Una vez terminada espero la presenten en varias ciudades en el FLISOL
<Deeps> k guay
<hubuntu> tu sabes bastante del servidor verdad?`Puedes darmela revisando antes de entregar manana?
<hubuntu> osea el lado tÃ©cnico
<Deeps> nop, lo siento, tengo un monton d trabajo pa hacer todavia
<Deeps> estoy tomando un kitkat;)
<hubuntu> ok, en todo caso estarÃ¡ en el wiki del FLISOL y Ub untu si alguiÃ©n en tu LoCo tiene oprtunidad antes del 26
<hubuntu> me voy a seguir
<hubuntu> kitkat?
<hubuntu> Ubuntu cola?
<hubuntu> hehe
<Deeps> un descanso ;)
<Deeps> como las publicidades,
<Deeps> y no se nada de mi loco
<Deeps> creo q hay un monton de gente de kubuntu aqui en canarias
<Deeps> pero no tengo nidea
<hubuntu> estoy en contacto con la gente en ubuntu-es. Suerte con lo que estÃ©s haciendo ;)
<Deeps> ah no, estoy trabajando con algo de mi empleo
<Deeps> nada d ubuntu
<Deeps> bueno, ya sigo
<Deeps> suerte con su presentacion
<AlexC_> hey all,
<AlexC_> I've got very high memory usage on my server, and it is not even doing a lot, it is using 780mb :S. 'top' just mostly shows Apache, Dovecot, and Postfix
<AlexC_> wondering how I can locate the source of the excessive memory usage?
<Mike_KirkCameron> i need install qmail on ubuntu 7.10 server ,who can help me?
<Mike_KirkCameron> i need install qmail on ubuntu 7.10 server ,who can help me?
<AlexC_> Mike_KirkCameron, I think people heard you the first time, about 1 min ago ...
<faulkes-> AlexC: ps aux
<faulkes-> the VSZ/RSS values will tell you what is using up the most memory
<AlexC_> VSZ? I don't see that
<AlexC_> ah, yes I do
<Mike_KirkCameron> who can help me?
<Mike_KirkCameron> install qmail doc .
<AlexC_> faulkes-, hum ... shall I pastebin the output of that for you to talk a look?
<Mike_KirkCameron> every body?
<faulkes-> AlexC: certainly, I have a few moments
<faulkes-> Mike: Never installed qmail on ubuntu, is there a particular reason you need it vs. postfix?
<AlexC_> faulkes-, http://paste2.org/p/20439 - I'm running Apache2 with SuEXEC and fastcgid, with php-cgi if that is of any relevance
<Mike_KirkCameron> i see
<Mike_KirkCameron> i see
<faulkes-> the biggest usage I see there is apache2 and yes, I would say that suexec and fastcgi have relevance
<AlexC_> they shouldn't be using *that* much memory though, surely?
<faulkes-> how much memory does the box have? and have you checked the 'free' command to see how much is being used by buffers or swap?
<faulkes-> AlexC: it's using around 250+mb, there are any number of possible reasons why, especially if you have users ;)
<AlexC_> faulkes-, it has 784mb (or something like that) however it is burstable to 1.5gb (this is a VPS)
<AlexC_> free shows: 'Mem:       1572864     827696     745168          0          0          0' and using no swap
<AlexC_> faulkes-, well, the site is really not being used that much - it's nothing major
<faulkes-> I don't trust "burstable" ram ;)
<faulkes-> however, it would appear that you have just under half your ram in buffers, which is normal
<AlexC_> same, which is why I'm trying to find the cause of this
<AlexC_> what exactly does that mean?
<faulkes-> the system takes free ram and will use it to speed things up via buffers
<AlexC_> and, are you sure? there is a '0' under Buffers
<faulkes-> oh, wait
<faulkes-> yeah, sorry, was reading incorrectly
<faulkes-> still, half of your ram is free then
<faulkes-> although why it hasn't used any of it for buffers is beyond me
<faulkes-> I would start by looking at your apache / php configuration
<AlexC_> mm, but that other half is going into my burstable =\
<AlexC_> ok
<ltcabral> hey
<ltcabral> how can i kill an open connection that is LISTEN in netstat
<Nafallo> ltcabral: shut the daemon
<ltcabral> Nafallo, hm... how can i do that?
<ltcabral> u mean the application?
<Nafallo> except I define those words different I might mean what you said.
<ltcabral> i stoped the app with ctrl+z
<Nafallo> that's pause surely
<ltcabral> ya i noticed it after i did it :)
<ltcabral> how can i stop it then?
<Nafallo> fg
<Nafallo> ^C
<ltcabral> ooh thx :)
<daeron> hy guys
<daeron> there's somebody from italy?
<Nafallo> #ubuntu-it is probably from there.
<jibwn> I'm trying to make an nfs share of my /data folder which has multiple drives mounted on /data/music /data/video etc... I can access the /data folder but nothing on any of the drives mounted under it. I've tried the nohide but it didn't work. Any ideas how to get this going?
<bicz> daeron: yes
<daeron> I have some problems with vsftpd, I can't see anything after login
<daeron> somoe ideas?
<sommer> daeron: have you checked permissions?
<daeron> on yeah
<daeron> this is my cfg file
<daeron> listen=YES
<daeron> anonymous_enable=YES
<daeron> local_enable=YES
<daeron> write_enable=YES
<daeron> anon_upload_enable=YES
<daeron> anon_mkdir_write_enable=YES
<daeron> dirmessage_enable=YES
<daeron> xferlog_enable=YES
<daeron> connect_from_port_20=YES
<daeron> chown_uploads=YES
<faulkes-> please use pastebin for config files
<daeron> chown_username=daeron
<daeron> ftpd_banner=Welcome to blah FTP service.
<daeron> secure_chroot_dir=/var/run/vsftpd
<daeron> pam_service_name=vsftpd
<faulkes-> !pastebin
<daeron> rsa_cert_file=/etc/ssl/certs/vsftpd.pem
<ubotu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the channel topic)
<daeron> anon_root=/home/ftp
<daeron> oh, excuse me
<faulkes-> no worries
<faulkes-> pastebin is just easier for everyone to look at and follow
<daeron>  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16listen=YES anonymous_enable=YES local_enable=YES write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES chown_uploads=YES chown_username=daeron ftpd_banner=Welcome to blah FTP service. secure_chroot_dir=/var/run/vsftpd pam_service_name=vsftpd rsa_cert_file=/etc/ssl/certs/vsftpd.pem anon_root=/home/ftp
<creator> hey can someone help me wiht a samba issue?
<faulkes-> jibwn: if server1:/data has all the music/video stuff mounted the client1:/data should be able to see, turning off nohide shouldn't matter
<faulkes-> jibwn: I would check that nfs is properly reaching the server (/var/log/{syslog,messages}) and that there is no firewall/iptables issues occuring
<daeron> E' stata richiesta una sessione di messaggi musicali. Fare clic sull'icona MM per accettare.
<creator> i am trying to create a user account in samba but when ever i do that it tells me creator@myserver:~$ sudo smbpasswd -a georg
<creator> [sudo] password for creator:
<creator> New SMB password:
<creator> Retype new SMB password:
<creator> Failed to modify password entry for user georg
<faulkes-> creator: check permissions on the smbpasswd file (yes, even if you are root/sudo this can be an issue)
<creator> how do i do that
<faulkes-> although, it is entirely possible you retyped the password wrong the second time
<creator> << noob sauce
<creator> haha tried it 5 or 6 times ... dont think i miss typed that often
<sommer> daeron: can you not see the files when connecting as an actual user or when connecting anonymously?
<daeron> anonymously
<daeron> i don't need to configure users
<creator> faulkes: how do i check the permission on that file?
<faulkes-> creator: I don't recall the exact path to the smbpasswd file, man smbpasswd should tell you the default or /etc/samba/smb.conf
<faulkes-> however, you would then ls -l to see that the file has the w bit set for the owner
<sommer> daeron: and are there files in /home/ftp?
<jibwn> thanks, faulkes-  I just found the issue. I hadn't gotten around to adding the drives in fstab yet, they were manually mounted. After adding them it works.
<daeron> yes of course;)
<creator> damn neith the man nor conf tell me where its at
<creator> faulkes: I think this is what Im looking for
<creator> creator@myserver:~$ /etc/samba/smbusers ls -l
<creator> -bash: /etc/samba/smbusers: Permission denied
<creator> faulkes: creator@myserver:~$ sudo ls -l /etc/samba/smbusers
<creator> -rw-r--r-- 1 root root 23 2008-04-13 13:52 /etc/samba/smbusers
<sommer> daeron: are there any errors in /var/log/vsftpd.log ?
<creator> anyone?
<daeron> this is the log
<daeron> http://paste.ubuntu-nl.org/63090/
<daeron> it worked today, but now it doesn't work anymore
<stwange> hey, how do I enable gateway ports on gutsy? I checked /etc/ssh/sshd_config but it wasn't there, I tried adding it and /etc/init.d/ssh restart but I still can't connect from outside the localhost
<stwange> it's not in /etc/ssh/ssh_config either
<Deeps> what did you add to your /etc/ssh/sshd_config?
<Deeps> by default it listens on all interfaces on port 22
<Deeps> and nothing needs to be added
<stwange> I'm trying to tunnel, and I need GatewayPorts to be set to yes for it to listen on anything other than localhost:someport (different from the port 22 for ssh access)
<Deeps> oh, for when tunnelling
<Deeps> what kind of tunnel are you doing, local or remote?
<stwange> remote, reverse
<Deeps> hmm
<Deeps> yeah that i dont know
<Deeps> i usually do a second local tunnel on the remote machine
<Deeps> with -g
<stwange> man sshd_config says to set GatewayPorts to yes, but it's not there
<Deeps> add GatewayPorts yes, restart your ssh server, and reconnect
<Deeps> from what i can see in the man page anyway
<stwange> do you know how to restart sshd? I tried /etc/init.d/sshd restart but it said no such file or directory. I tried /etc/init.d/ssh restart but it didn't make a difference
<Deeps> root@router:~# /etc/init.d/ssh restart * Restarting OpenBSD Secure Shell server sshd                           [ OK ]
<Deeps> then you need to reconnect your ssh session
<Deeps> with your tunnelling
<stwange> yeah sorry about that
<Deeps> just tried it, looks like it works
<stwange> I'd restarted ssh, but forgot I had to reconnect the tunnel :)
<Deeps> might wanna use client-specified
<Deeps> rather than yes
<Deeps> and then on remote tunnels you specify -g on the ones you want globally visible
<Deeps> (like you would with local tunnels)
<stwange> thanks for the help mate
<Deeps> np
<stwange> offhand, I don't suppose you know what the disable repositories are on a clean ubuntu install? I need to add them with just bash
<Deeps> no vi?
<Deeps> cat /etc/apt/sources.list | (more|less|most|head -n|tail -n)
<stwange> yeah but they aren't commented out
<stwange> I'll check my other install and see what they were
<Deeps> you can then see what it is through that
<Deeps> grep http /etc/apt/sources.list
<stwange> I got them from my other box :) thanks anyway
<ScatterBrain> Need help recovering a failed drive.
<MatBoy> hey guys ! when I have /home as a software raid1 using ext3, is it easy to switch this one to LVM ?
<abrakadabr> hi! can anybody help me to install ispconfig?
<abrakadabr> anybody hear me?
<stwange> hey.... I modified apache2 for vhosts and messed it up, I've tried using aptitude to purge it, but reinstalling I still get connection refused
<stwange> I got it :) thanks anyway
<stiv2k> help
<stiv2k> oops, bad way to start a question
<Nafallo> lol
<stiv2k> ok I have this mysqld_safe process that runs indefinitely, and it consumes 100% CPU all the time.... it's lagging my server, what is it doing and why is it running all the time?
<stiv2k> 22429 root      25   0  1752  368  344 R 90.4  0.1  14956:41 mysqld_safe
<Nafallo> mysqladmin status
<Nafallo> mysqladmin proc
<Nafallo> that should give you somewhere to start.
<stiv2k> um,
<stiv2k> mysqladmin: connect to server at 'localhost' failed
<stiv2k> error: 'Access denied for user 'steve'@'localhost' (using password: NO)'
<stwange> stiv2k mysqladmin -p
<stwange> will prompt you for a password
<stiv2k> ok
<stwange> ok can anyone give me a hand with lamp on ubuntu 7.10? I have apache2, php5 and libapache2-mod-php5 installed, but the .php in my /var/www/ is asking to be downloaded: http://209.20.67.241/
<sommer> stwange: did you restart apache?
<symtab> how do i restart the network?
<symtab> /etc/init.d/network restart doesnt work
<sommer> symtab: did you try sudo /etc/init.d/network restart ?
<symtab> trying now
<symtab> when running ifconfig you have like like this
<symtab> txqueuelen:100
<symtab> what does this mean?
<JaxxMaxx_> transmit queue length.
<JaxxMaxx_> obscure networking setting, probably best left alone?
<symtab> the thing is
<symtab> i have 2 servers
<symtab> both in the same network
<symtab> one is .28
<symtab> one .29
<symtab> .28 works
<symtab> and both servers have 2 network cards (internal and external)
<symtab> on the one that works both network cards have txqueuelen: 1000
<symtab> on the one that doesnt work
<symtab> the external network card has txqueuelen: 100
<symtab> could this be the reason why it doesnt work?
<Deeps> highly unlikely
<symtab> i'm sure the settings (ip, netmask, gateway) are correct
<Deeps> the only instance i've ever fiddled the txqueuelen is when i was dealing with a gbit link and wanted to improve performance
<Deeps> are you sure that there's a link between the 2 nics that dont appear to be working?
<Deeps> are link lights on?
<symtab> internally they work
<symtab> but one of the server doesnt work externally
<symtab> it doesnt have a internet connection
<symtab> it should have, but it doesnt work
<Deeps> ok, so you have 2 network cards, one on an internal network, the other on an external network?
<symtab> yes
<symtab> on both servers
<symtab> let me explain again
<symtab> i have 2 servers
<Deeps> and not, 1 internal network card, and one external (eg usb) network card
<Deeps> ok
<symtab> each server has 2 network cards
<symtab> server 1 = A
<symtab> server 2 = B
<symtab> A and B are connected internally in a network (192.168.0.1/192.168.0.2) and this works
<symtab> A also is connected to the internet through the other cable
<symtab> B is not connected to the internet, because it doesnt work
<symtab> i dont know to explain better :(
<symtab> sorry
<Deeps> the external cable from server B, does it plug into a switch? another computer?
<Deeps> are there any lights on either that NIC on server B or wherever it's plugged into to indicate that there is actually a link?
<symtab> both external cables from both servers are plugged in a switch
<symtab> yeah the light is is blinking
<Deeps> ok
<Deeps> do both A and B have different IPs on their external interfaces?
<symtab> yes
<Deeps> btw, this notiation: 192.168.0.1/192.168.0.2 is wrong
<Deeps> notation*
<Deeps> as it would be interpretted as ip/netmask
<symtab> i know its wrong..i just wanted to say that the servers are also connected in a internal network
<symtab> i'm not the best networking expert :(
<symtab> as you can see
<Deeps> use a + sign, use a comma, and yes, thats why i'm teaching as we go along :)
<Deeps> ok
<Deeps> can server A ping the external gateway?
<symtab> yes
<Deeps> can server B?
<symtab> and server B cant ping the gateway
<symtab> :(
<symtab> hmm
<Deeps> do you control the gateway?
<symtab> no i dont, but i can speak with the person who does
<Deeps> is it possible that the gateway has filtering on it, to restrict access to specific IPs or MAC addresses?
<symtab> let me ask
<JaxxMaxx_> have them ping your server B external IP from the gateway
<symtab> hmm, seems like the admin is not there
<symtab> if i try this
<Deeps> alternatively, unplug server a from the external switch, assign it's IP to server B, spoof server A's external interface's MAC address onto server B
<Deeps> and then retry
<symtab> get the cable from the server that is working and plug it in the server that is not working
<symtab> should this work?
<symtab> of course reconfigure the ip
<Deeps> ifconfig externalinterface down
<symtab> i know how to use ifconfig (or at least i think i know :-)
<Deeps> ifconfig externalinterface inet <ip> netmask <netmask> hw ether <mac address of server a's external interface>
<Deeps> ifconfig externalinterface inet <ip> netmask <netmask> hw ether <mac address of server a's external interface> up
<symtab> ok
<symtab> i will try this
<Deeps> make sure both are unplugged when you do the configuration
<Deeps> plug in the cable once it's done
<Deeps> oh
<Deeps> it might be worth noting the original MAC of the interface
<symtab> ok
<symtab> so what i did
<symtab> i assigned server's A ip to server B (also reconfigured the gateway)
#ubuntu-server 2009-04-06
<tchough> i have two machines that do not have matching uid/gids... i wish to use nfs but have the uids match up properly... are there any options for this that work in ubuntu that do not involve setting up NIS?
<PhotoJim> there are ways to renumber users... I had the same problem getting a MacBook to work with my Linux network
<PhotoJim> I did it once... but I'm no expert at it.  but if you google it the solution is out there.
<PhotoJim> the thing to remember is that not only do you have to change the users' UIDs and the groups' GIDs, you have to change the owner of any files owned by them
<PhotoJim> there are commands that can do that
<mat1211> Hi, how do I change the home directory of a user?
<mattt> mat1211: usermod
<twb> mat1211: permanently, or temporarily?
<mat1211> when you say permenently, do you mean there is no way to change it back? or just that it doesn't go back on reboot.
<twb> mat1211: no, I mean as opposed to "I need $HOME to be /tmp/tmp.a72bce for the next program
<twb> "
<mat1211> nah, I just want to change the home dirs for certain user accounts, permenently unless I change them back that is.
<mat1211> but was unable to find out how on google.
<mattt> mat1211: usermod will change the home directory in /etc/passwd, but you would need to manually move the directory itself
<mat1211> I see, and how do I do these things, I am trying to set the users up on my external hd so I can properly give them quotas.
<mat1211> so every new user I create has a home dir of lets say "/var/homes/users/username"
<mat1211> is this possible?
<mattt> mat1211: that's possible, sure
<mat1211> How could I do this?
<mattt> mat1211: take a look at /etc/default/useradd
<mat1211> is useradd a file that I need to open with an editor?
<mattt> correct
<twb`> Sure you don't want /etc/adduser.conf?
<mattt> twb`: ah, i use useradd ... but i guess if adduser is your preference then yes :P
<twb`> useradd is wrong, it's low-level
<twb`> adduser is what sysadmins should use on Debian/Ubuntu
<twb`> I mean, unless you *want* to remember to populate stuff from /etc/skel or whatever the differences actually are.
<mattt> twb`: quite new to debian/ubuntu myself, will make a note of that ... tnx.
<twb`> mattt: just to be clear: adduser is a wrapper on top of useradd that does extra stuff
<mattt> twb`: i come from a red hat background, where useradd is typically used
<mattt> twb`: but thanks for pointing this out
<mat1211_> How can I change a single users home dir? my old admin user can't create users anymore.
<mat1211_> ?
<PhotoJim> sorry, I've never done that.  I keep my home directories at /home because that's what standard *nix filesystems look like.
<mat1211_> shame, this is getting annoying lol
<infinity> mat1211_: I'm sure there's some standard CLI way to edit home directories, but I can never remember what it is.
<twb> usermod -d /home/f/r/fred fred
<infinity> mat1211_: On the other hand, I'd just do "sed -i -e 's,/home/username,/var/spool/username,' /etc/passwd", because I'm evil that way.
<twb> You probably also want -m.
<infinity> twb: Oh, right, usermod.  I always forget about that one.  BSDisms...
<twb> infinity: that's definitely not for newbies
<twb> infinity: also, sed -i won't work on BSD :-)
<infinity> twb: Sure, but this isn't bsd-server, it's ubuntu-server, and it totally works there. :)
<infinity> twb: (The less evil suggestion than sed would be "vipw" which, of course, still requires understanding the file...)
<mat1211> I've changed my default home directory, and now I can now longer add users.  it says pam authorization failed, account expired or something like that.  What can I do?
<twb> mat1211: log in as a different user.
<mat1211> they are all set as old home dir, but I might be able to fix this.
<friartuck> mat1211 you can switch to root with sudo su -
<twb> friartuck: please use sudo -i.
<friartuck> twb thx, what's the difference?
<infinity> Absolutely none.
<twb> friartuck: one less fork, and it is easier to lock down.
<twb> "sudo su - fred" requires you have sudo access as root; sudo -u fred -i requries only sudo access to fred.
<friartuck> twb nice, thx
<infinity> Sure, from an /etc/sudoers perspective, one is easier to configure than the other.
<infinity> If you already have root, though, both are effectively the same. *shrug*
<infinity> (One login shell is the same as the next)
<mat1211> what would I do while in the root user?
<twb> From an aesthetic perspective, using "sudo su -" is like saying "ssh rsh".
<infinity> twb: I'm not sure how much aesthetics matter here. :)
<mat1211> that I couldn't do from the other admin one? lol
<twb> infinity: well this isn't CentOS...
<infinity> twb: (Most of it's finger/muscle memory from other similar commands, too)
<infinity> twb: For instance, "chroot /chroot/foo su -" maps nicely in my brain with "sudo su -"
<twb> Ew.
<mat1211> cause when I create a user in root it still says account has expired. lol I think I broke it.
<twb> I guess I don't use login shells within a chroot.
<infinity> twb: Best way to get a prisitine environment.  *shrug*
<infinity> twb: If you use tools like schroot/dchroot, you use login shells in the chroot, it's just cleverly hidden from you.
<twb> infinity: normally I use ssh :-)
<mat1211> ?
<twb> And pbuilder over sbuild
<infinity> My turn to say "ew"? :)
<infinity> Anyhow, back to lp-buildd hacking.
<friartuck> mat1211 did you change root login? home dir?
<infinity> Or maybe time to realise it's a weekend for a few more hours and watch a movie or something.
<mat1211> ? what's that
<mattt> mat1211: talk us through what you did exactly?
<mat1211> sorry, I was afk.  But to change the default home dir, I typed. sudo vi /etc/adduser.conf and then changed the dhome var
<mat1211> but now I cannot create users.
<mat1211> and I don't know what I can do to fix it.
<twb> mat1211: what did you change DHOME to ?
<mat1211> I changed it to /var/www/tb/users
<mat1211> why? does that change anything?
<twb> Does that directory exist?
<mat1211> yes it exists
<twb> Does it have the same owner, group and permissions as /home?
<twb> Incidentally, *why* do you want users to be created with home directories there?  It violates the FHS.
<mat1211> ? I'm not sure.  I want to create users on my external harddrive, because it will make setting up quotas easier, I think.
<mat1211> and what permitions are on home?
<twb> mat1211: ask stat(1)
<twb> mat1211: I think you would do better to simply mount the external hard drive as /home, or to make /home/foo/public_html a symlink into /var/www.
<Iceman_B^Ltop> PhotoJim: concerning the disabling a login: "chsh <username>" then appoint /sbin/nologin
<mat1211> hmm maybe, but I am also storing other files on the harddrive, I'll try that though.
<PhotoJim> Iceman_B^Ltop: that sure looks right. :)
<Iceman_B^Ltop> I found the notes a friend typed up when he was here, thought I'd share it
<twb> mat1211: then perhaps you should have used LVM on that external hard disk, and assigned separate volumes (and filesystems) to its various data storage roles.
<mat1211> I probably should have, yes.
<mat1211> I'll go over the harddrive and fix it up.
<_coredump_> moinsen
<^law^> guys,i  forgot where is th epath of sun jdk location,
<^law^> hmm i installed it  a week ago
<Kamping_Kaiser> installed via packages/
<Kamping_Kaiser> ?
<^law^> ya
<^law^> hmm can't find it
<Kamping_Kaiser> dpkg -l |grep java to find the package name
<Kamping_Kaiser> dpkg -L packagename to find where all the files went
<Kamping_Kaiser> dpkg -l |grep jre may be better btw
<^law^> oooh thx
<Kamping_Kaiser> np
<^law^> i found it  now
<^law^> :)
<Kamping_Kaiser> :)
<^law^> r those line work 4 others?
<Kamping_Kaiser> yeah
<^law^> u knw i often 4got where the programs installed
<Kamping_Kaiser> please use actual words :|
<^law^> sorry :)
<Kamping_Kaiser> thanks ;)
<twb> It's better to use dpkg -l *java* than dpkg -l | grep java
<Kamping_Kaiser> whyso?
<twb> Because it's eagerly evaluated
<twb> Oh actually, I guess dpkg -l alone defaults to only installed packages.  Grr.
<twb> Personally I use aptitude search ~i~njava, possibly with an -F %p if I only want the package names
<^law^> guys, if i wanna install maven , i only need to install maven2 package?
<^law^> ?
<DawnLight> hello. i'm trying to understand the apache2 configuration for mailman in hardy. the example apache configuration file has AddHandler cgi-script .cgi in <Directory /usr/lib/cgi-bin/mailman/> but the files there don't have .cgi extensions so how does it work?
<rst-uanic> I think that all files in /usr/lib/cgi-bin are handled as cgi scripts
<DawnLight> is that in some config?
<DawnLight> or build-time
<DawnLight> yes
<DawnLight> it is in the deafult config file
<rst-uanic> :)
<DawnLight> thanks
<DawnLight> why is the "mailman" list shown in the listinfo page?
<uvirtbot> New bug: #347250 in likewise-open5 (universe) "Upgrade from Likewise-Open 4 should be mentioned in Debian.NEWS" [Wishlist,In progress] https://launchpad.net/bugs/347250
<cjwatson> twb: if you're going to use "dpkg -l *java*", then that should be "dpkg -l '*java*'", otherwise you'll get pretty surprising results when a file in your current directory happens to contain the substring 'java' ...
<uvirtbot> New bug: #356149 in mailman (main) "Debconf questions to set passwords" [Undecided,New] https://launchpad.net/bugs/356149
<jussi01> Hrm, is there a reason you guys have a different bot?
<jussi01> is it just for the bug reporting?
<twb> cjwatson: yeah, sorry about that.
<twb> But really, what kind of silly person would have a java file ;-P
<twb> Java is for embedded systems programming.  Embedded systems with 16GiB of RAM...
<uvirtbot> New bug: #356187 in samba (main) "SIGSEGV on printing" [Undecided,New] https://launchpad.net/bugs/356187
<mat1211_> how do I check the permissions and owners of a folder?
<jpds> mat1211_: ls -l path/to/folder
<mat1211_> thx
<mat1211_> How can I extract a .rar file and keep the directory structure?
<jpds> unrar e <rar file>
<Appiah> unrar x i belive
<Appiah> just typ unrar or man unrar to see all the options
<Appiah>   x     Extract files with full path.
<Appiah> e     Extract files to current directory.
<Appiah> http://www.edenwaith.com/support/guitar/help/man/unrar.html
 * jpds points to manpages.ubuntu.com
<twb> The interface is different for unrar and unrar-nonfree
 * twb goes back to sleep
<bn43> Hi I'm running an ubuntu server for a charity where there are serious bandwidth constraints - they are using a 3g card.  therefor I have setup ntop to see who's downloading the most but cannot produce reports as ntop resets on reconnection.  I have read that there is no way around this.  Is this true?
<bn43> oh can someone recommend a monitoring tool - not to show were someone went but just a means of accounting on bandwidth - without stepping on privacy
<bn43> anyone pls?
<bn43> oh can someone recommend a monitoring tool - not to show were someone went but just a means of accounting on bandwidth - without stepping on privacy
<zul> mrtg
<friartuck> bn43 cacti
<bn43> friartuck: interesting - google did not bring up cacti as bandwidth monitoring - is there a howto I can go to?
<bn43> zul: howto?
<zul> bn43: mrtg.org
<bn43> I want to be able to compile a report at the end of each week on each ip - ntop does not keep history, do these?
<friartuck> bn43 http://www.cacti.net . no, mrtg and cacti won't do that per se. but you can monitor each switch port and find out who is connected there and basically get that info.
<bn43> ok I'll look in
<bn43> thank you for the responses
<dthacker__> why doesn't the bacula director package drop the default bacula-dir.conf in the /etc/bacula file?
<tieuvinhlong> hello
<tieuvinhlong> are you there?
<tieuvinhlong> alo
<Iceman_B^Ltop>  how can I force Samba to disallow changes in filenames, AND writes to files that are open in a linux process? Eg. rTorrent?
<orudie> with disabled password logons, is there a way to login with Filezilla FTP client ?
<giovani> orudie: what do you mean? blank passwords?
<giovani> that would probably depend on the ftp server and how it interacts with system passwords
<ivoks_> orudie: you've put /bin/false as a shell?
<ivoks_> or /bin/true
<orudie> i'm talking about connection with SFTP when PasswordAuthentication no in sshd_config ivoks_ , giovani
<ivoks_> then you are using sftp, not ftp?
<orudie> yes ivoks_ sftp
<orudie> but i figured it out already :)
<giovani> I don't get why people use sfto
<giovani> sftp*
<ivoks_> it depends on your client
<orudie> yeah filizilla interracts with pageant.exe
<ivoks_> giovani: they don't trust their isp?
<orudie> i didnt know that
<giovani> ivoks_: uh ... use scp instead
<ivoks_> giovani: that's sftp
<ivoks_> http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
<ivoks_> not ftp-ssl, sftp
<giovani> no, scp is not sftp
<giovani> they're different protocols
<tieuvinhlong> use ssh
<giovani> tieuvinhlong: they both use ssh
<tieuvinhlong> ssh protocol
<ivoks_> giovani: it's implemented by the same library
<tieuvinhlong> oh.
<tieuvinhlong> yes
<tieuvinhlong> yeah
<RoAkSoAx> hello guys! where can i find detailed information about the integration of eucalyptus into ubuntu and amazon ec2 related stuff?
<ivoks_> sftp has more features anyway
<uvirtbot> New bug: #320470 in mailman (main) "duplicate Mime-Version header " [Undecided,Fix released] https://launchpad.net/bugs/320470
<cjwatson> giovani: scp is an awful protocol
<cjwatson> giovani: it's not extensible and the bugs in it result in silly quoting requirements
<cjwatson> giovani: though it's a shame that the scp client is closer to what people often want despite the worse protocol. In principle it would be possible to reimplement the scp client on top of the sftp protocol, which would be the best of both worlds. I started work on that a while back but it's very much a back-burner project
<ivoks_> cjwatson: doesn't openssh do that?
<cjwatson> ivoks_: no
<ivoks_> even though use type in scp, it does sftp?
<ivoks_> no? ok...
<cjwatson> "use type in scp"? EPARSE
<ivoks_> :)
<ivoks_> s/use/you/
<cjwatson> no, scp works by sshing to the remote host and running scp there in a special mode
<cjwatson> inspired by rcp
<RoAkSoAx> sommer, how can i contribute with the server guide, specially with clustering related?
<Davedan> can I have several subdomains each pointing to a different ip?
<jpds> Yes.
<Davedan> jpds: even if my domain is hosted on godaddy for example?
<RoAkSoAx> o/ jpds how you doing today!
<jpds> Davedan: Depnds on your setup, I've never used GoDaddy.
<jpds> RoAkSoAx: Hey there, not too bad, thanks.
<Davedan> jpds: thanks
<RoAkSoAx> Davedan, you would just have to add more entries in godaddy. CNAME or IN A entries.
<Davedan> RoAKSoAx: so I have 2 subdomains on godaddy each one pointing a diffrent IP. How does my apache on ubuntu knows to trust the traffic?
<sommer> RoAkSoAx: here's a link with some quick instructions for getting the xml source: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Documentor%20resources
<sommer> RoAkSoAx: basically feel free to work on the sections you'd like and submit a patch :-)
<giovani> Davedan: I don't know what you mean by "trust the traffic" -- if there are two IPs, you need to tell Apache (and Ubuntu) to listen on those two IPs, and then you'll configure two IP-based virtual hosts, one for each site you want
<RoAkSoAx> sommer, well i was actually thinking on adding sections such as installation and configuration of Heartbeat V1/V2, Keepalived for healthchecking, LVS based clusters, and DRBD integration with Heartbeat
<sommer> RoAkSoAx: sure, sounds good to me
<RoAkSoAx> sommer, ok great!
<sommer> RoAkSoAx: if you have any questions about the xml files just let me know
<Davedan> giovani: I'm trying to solve js cross domain limitations and wonder if it possible using subdomains. I want domainA have sub.domainA and point it to the ip on my server. What I'm asking if there is no bad logic with this
<Davedan> giovani: let's say a client owns domainA and wants to make xmlhttprequest to a different IP
<giovani> Davedan: that isn't an apache, or ubuntu question
<giovani> that's a browser cross domain security question
<macman_> hi all
<macman_> do i have to have ubuntu server installed to a network boot ?
<ivoks> to do a network boot?
<macman_> yes
<ivoks> on another machine
<ivoks> ?
<macman_> i want to install ubuntu on another computer
<macman_> the computer has cdrom access and i don't have a floppy to boot it up .. what are my options ?
<macman_> has no cdrom access*
<ivoks> network boot
<ivoks> usb boot
<macman_> it has no usb eaither
<ivoks> maybe it doesn't have usb boot?
<ivoks> err... network
<macman_> when i go into the bios i have cdrom , network    etc ..
<orudie> macman_, just stick a cd rom in temporarly
<ivoks> oh, sorry
<ivoks> forgot about you :)
<ivoks> macman_: setup dhcp-server with tftpd on that other machine (which has some form of unix/linux)
<ivoks> there should be something like that for windows too
<ivoks> and then follow https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install
<orudie> ivoks, is surprisingly polite on mondays !
<ivoks> f... of.
<ivoks> :)
<orudie> :P
<ivoks> so, how's your mail server?
<orudie> sold !
<orudie> incoming, outgoing, mail filter, antivirus
<orudie> no complaints
<ivoks> great
<orudie> thanx bro
<ivoks> still getting some spam?
<orudie> 1 - 2 a day, before was like 1 - 2 every 10 minutes
<ivoks> implement graylisting
<orudie> on some email accounts
<ivoks> it's very easy with postgrey
<ivoks> greylisting, that is
<orudie> i actually dont think i would touch it unless I think i have to
<ivoks> it might kill those 1-2 spams
<ivoks> and it's one line change
<orudie> oh yeah :) ?
<orudie> what can i do then ?
<ivoks> yeah... but there are some side effects
<orudie> what kind
<orudie> ?
<orudie> see i rather not touch it bro
<ivoks> it's the nature of how greylisting works
<ivoks> it returns temp reject to the other server
<ivoks> and then the other server will try resending that mail in 5-10 minutes
<ivoks> and if it tries that, from same ip, from same From, to same To, it will pass
<ivoks> otherwise it will get temp reject again
<orudie> my box was hacked last week, did I tell you ?
<ivoks> :)
<orudie> not as bad as my other one a few months ago
<orudie> at least this time i was able to see what the guy did
<ivoks> hacked your ubuntu server?
<orudie> thats why i was asking about SFTP earlier
<orudie> yeah man
<orudie> my company's server
<ivoks> weak password?
<orudie> yeah
<ivoks> hopefully, not for admin account
<orudie> and I didnt even know about it , cause I had to teach another guy here how to create / add email accounts through terminal
<orudie> so he created those 10 email accounts for all employees
<ivoks> username test, password test
<orudie> and one of them was u/n jorge / jorge123
<ivoks> right? :)
<ivoks> orudie: install john
<orudie> user jorge password jorge123
<ivoks> john the ripper will test your accounts and passwords
<ivoks> it would've found jorge/jorge123
<orudie> i disabled password logins for all acounts
<ivoks> that doesn't change a thing
<ivoks> those people still use username/password for accessing their mail
<ivoks> and one could abuse your smtp server if you have smtp-auth
<orudie> yeah, that account is gone though with all the files from the system
<ivoks> install john
<orudie> apt-get install john ?
<ivoks> run it and check passwords
<ivoks> yes
<orudie> john --test ?
<ivoks> sudo john /etc/shadow
<orudie> its gonna run for a whil ?
<orudie> while ?
<Noble> Anyone got a link or some info on how I can intercept or reroute stuff that gets sent to my servers NIC on spesific ports?
<ivoks> orudie: yes, let it run for a while
<orudie> k i only got 20 minutes though, gotta get out of here ivoks :)
<ivoks> orudie: then kill it
<ivoks> orudie: it will start every night and check
<ivoks> orudie: if you uncomment lines in /etc/cron.d/john
<orudie> Loaded 1 password hash (FreeBSD MD5 [32/32])
<orudie>  ivoks
<ivoks> ?
<orudie> thats what it told me
<ivoks> you have only one user?
<orudie> no man
<orudie> i have 10
<ivoks> you copied them from another unix system?
<orudie> but only 1 user can login with SSH if that has anything to do with it
<orudie> no
<orudie> created manually here
<ivoks> can they read mails?
<mrwes> Hey if I'm sending email via smtp with username and password in my /etc/denyhosts.conf should that file have 644 perms?
<mrwes> I"m thinking 600
<orudie> yeah
<orudie> mail is working fine
<ivoks> orudie: try john --format=DES /etc/shadow
<ivoks> mrwes: i didn't quite understand your question
<orudie> whats that gonna do ?
<ivoks> mrwes: what does smtp has with /etc/denyhosts.conf?
<ivoks> orudie: it will take passwords in DES format, instead of MD5
<orudie> No password hashes loaded
<mrwes> ivok: I'm sending the denyhosts report to my internet hotmail account and in the denyhosts.conf file I have my password and username to that email account and I just noticed the conf file is 644 perms
<ivoks> could paste send me on pm one of those user accounts you've created?
<ivoks> from /etc/shadow
<mrwes> therefore readable by others correct?
<ivoks> notice that you shouldn't do that if you don't trust me
<mrwes> heh
<orudie> i can try john on my other ubuntu box
<orudie> ok?
<ivoks> sure
<orudie> dont want to mess with this 1 too much
<ivoks> mrwes: if you entered username and password, you should have it word readable
<orudie> ivoks, wanna connect to my terminal ?
<orudie> ivoks, i'll make you a user name
<mrwes> ivoks, I don't understand that....
<orudie> ivoks, we can connect with screen -x
<ivoks> mrwes: typo :)
<ivoks> mrwes: you shouldn't have it world readable
<mrwes> ahh...OK that's what I'm thinking!
<mrwes> heh
<ivoks> orudie: i'm not into sharing terminal thing :)
<ivoks> orudie: that's like sharing your wife
<ivoks> :D
<mrwes> hrmm...perk
<orudie> i'm not THAT attached to it
<orudie> and i'm not married yet, but I see where you are coming from
<ivoks> orudie: well, you just stared :)
<orudie> ivoks, just started you mean ?
<ivoks> right
<ivoks> it's 22:50
<ivoks> time to close the lid
<mrwes> thank ivoks
<orudie> you going to bed ?
<ivoks> 'night
<orudie> bye ivoks
<dthacker__> is the bacula-console-qt packge the same thing as Bacula's "Bat" utility?
<ivoks> yes
<dthacker__> thank you
<orudie> i have my bosse's laptop in front of me ivoks
<uvirtbot> New bug: #356599 in openssh (main) "ssh public key not working" [Undecided,New] https://launchpad.net/bugs/356599
<uvirtbot> New bug: #354850 in mysql-dfsg-5.0 (main) "amarock" [Undecided,Incomplete] https://launchpad.net/bugs/354850
<orudie> ivoks left ?
<renatokrause> Good evening, I am writing a page in init.d from / etc / init.d / skeleton. I have some doubts. Anyone know this part?
#ubuntu-server 2009-04-07
<owh> Yesterday I sent an email to the list about postfix and ethernet adapters. The two replies I got appear to refer to mapping postfix to an IP address, which in turn "connects" it to a physical adapter. Only, I cannot pre-determine what the IP address will be. What I really want is postfix to use whatever Internet connection there is. At the moment it just picks one and tells me that it cannot resolve an address.
<giovani> owh: you're talking about a postfix bug?
<owh> giovani: I don't think it's a bug, I think it's a "feature".
<giovani> owh: ok, what do you want #ubuntu-server to do?
<giovani> is there a question?
<owh> Yes, I'm asking if there are thoughts on how postfix might be coerced into doing what I need it to do.
<owh> Or if there are alternative approaches.
<giovani> so you have two ethernet adapters, and both are getting dynamically assigned ips?
<owh> Some background: There are two network adapters. They get their IP address from a DHCP server on the network. I'm running postfix to send out mail to an external smtp server.
<owh> Yup
<giovani> why do they both have to be dhcp?
<friartuck> owh just a thought, postfix should be behind a firewall and nat'd. why don't you set them up with static addresses?
<giovani> I'm not sure I'd advise NAT for any server, if avoidable
<owh> Static IP is also not really possible.
<giovani> you can't realistically run a mail server on the internet today on dynamic addresses
<giovani> you'll get spam-filtered at most ISPs ... totally prevented from sending mail
<owh> Well, if I connect via SSL to an external smtp server, all is just fine and dandy. I don't send mail out to the end-user, it goes via an extra hop.
<bytor4232> giovani, You have to forward the ports, so it kinda defeats the purpose of NAT.  I totally agree.
<owh> Incoming mail is via fetchmail.
<giovani> bytor4232: and NAT is just messy and never advisable unless required
<giovani> owh: ok, so you're not running an internet mail server
<giovani> just a local one
<owh> Yup
<giovani> so I'm still unclear why you can't just issue inet_interfaces = all
<giovani> and then have postfix use the default route
<giovani> like it will by default
<giovani> and listen on both interfaces
<bytor4232> In the firefox profile directory, which file contains the stored password?
<bytor4232> oops
<bytor4232> sorry, wrong channel, sorry
<owh> giovani: Well, inet_interfaces = all is already configured. It seems to just grab "the first interface" and then decide that it cannot resolve the smtp server.
<giovani> owh: it "grabs" your default route
<giovani> and if it can't resolve dns -- it sounds like your network settings aren't properly configured
<owh> Right, so if the connected interface gets its IP address after postfix has started, it uses a bogus route and dies.
<giovani> uh
<giovani> your dhclient process should be running much earlier than postfix in startup
<giovani> besides, how often is this server being rebooted that that's a problem?
<giovani> maybe you need to rearrange your startup scripts
<owh> giovani: The server is a laptop.
<giovani> ...
<giovani> sigh
<giovani> rearrange your startup scripts -- something is wrong
<giovani> no server processes should be starting before dhclient executes and finishes
<giovani> otherwise they'd all have this problem
<owh> Well, the "server" goes to sleep. When it wakes up, it takes a little while for the network to be available. The adapters are managed by Network Manager, postfix is always running.
<giovani> haha
<giovani> this isn't a postfix problem
<owh> Excellent.
<giovani> this is a ... don't run mail servers on laptops  with dual dhcp nics problem
<owh> ROTFL
<owh> Thanks, that was helpful :)
<giovani> well, be serious
<giovani> this setup of yours creates tons of problems
<owh> I'm open to suggestions.
<giovani> don't use a laptop
<giovani> for your mail server
<giovani> and why, if this is just an internal mail server, can you not use static ips?
<owh> Because it's a laptop and it moves around - onto other networks :)
<giovani> well don't do that
<giovani> sounds like you need an internet mail server
<giovani> either sitting at home on stationary hardware, or out on the internet on a $5/mo VPS
<cjwatson> owh: restart postfix in /etc/network/if-up.d/ once everything is up?
<owh> There is a long history behind this configuration. I am mobile. I have a satellite dish. I setup impromptu internet cafes alongside the road. People connect to my wifi hotspot and can send email.
<owh> cjwatson: Will the id-up.d scripts run if Network Manager is in control?
<giovani> yep, that's actually a decent idea
<giovani> let's see if it works
<owh> Hmm, there is already a postfix script there. It reloads if it's running, but I'm guessing that a reload won't re-check the route.
<owh> There is also one in if-down.d - also reloads.
<owh> What if I change reload to restart - any nasty side effects anyone can think of?
<owh> You know, like mail vanishing that is currently being sent, "little" things like that?
<owh> BRB
<owh> Hmm, seems no scripts are running at all. There is bug #336736 pointing at pre and post scripts not running, but up and down are. I'm not seeing any run.
<uvirtbot> Launchpad bug 336736 in network-manager "NetworkManager does not call /etc/network/if-pre-up.d scripts" [Medium,In progress] https://launchpad.net/bugs/336736
<wizardslovak> hello people
<wizardslovak> i am new to ubuntu server and i got couple questions
<wizardslovak> i am about to to fresh install of os and how should i do my hard drive?? i mean boot, / , swap and more
<twb> wizardslovak: how many users?  One, or more than one?
<wizardslovak> this will be my personal server for test and study purposes and LAN for now
<p_quarles> wizardslovak: in addition to number of users, it really depends on what kind of applications it will be running
<wizardslovak> admin only me users only me
<twb> wizardslovak: are you going to use software RAID?  Will there be a large amount of user data in /home (e.g. a file server)?
<wizardslovak> i want to do web server (apache , mysql,php)
<twb> OK, so it's a LAMP server?
<wizardslovak> yes
<twb> wizardslovak: are you using software RAID?
<wizardslovak> this is my old machine celeron 2.4 , 512mb 80gb hda
<wizardslovak> no
<wizardslovak> its for study purposes , i always wanted to learn servers and command line
<p_quarles> well, not many web projects are going to use anything approaching 80 gigs, so partitioning isn't going to be a terribly big concern for this machine
<twb> I recommend you use LVM, first of all.
<twb> LVM allows you to change your mind later.
<wizardslovak> logical volume manager?
<twb> Secondly, I recommend you allocate 4GiB to the root partition (/), and then (possibly after installation) allocate say 10GiB to /var/www or wherever you expect to put your data.  On a file server it would be /home.
<wizardslovak> why?
<twb> wizardslovak: yes.
<twb> 11:02 <twb> LVM allows you to change your mind later.
<twb> LVM allows you to resize partitions or move them between disks *while the system is running*.
<p_quarles> yeah, for experimental stuff, it's hard to say in advance; better to put yourself in a position where you can change things as needed
<wizardslovak> well thats what i wanted how many Gbs to what
<twb> It's good to use LVM and only allocate what you need short-term, then lattr allocate more space when you need it
<twb> e.g. 4GiB for root and 100GiB for /home (on a file server), and leave the other 376GiB unallocated.
<wizardslovak> lol i got only 80gbs for now
<p_quarles> on an 80 gb hard drive???
<wizardslovak> yes
<twb> wizardslovak: so allocate 4Gib and 10GiB.
<wizardslovak> ok 4gb root, 1.5gb swap and 10gb /home
<twb> It doesn't matter if you screw up with LVM, because you can allocate more later.
<p_quarles> that system's unlikely to swap unless you go live with a high-traffic sight, so minimal swap should be okay
<p_quarles> like 256MB
<twb> wizardslovak: well in your case you probably won't have anything in /home, right?
<p_quarles> again, you can increase as necessary
<twb> Right.
<wizardslovak> well no
<p_quarles> it might actually not make any sense to use a separate /home partition then
<p_quarles> separate /var would be more useful, if anything
<wizardslovak> where then i will install lamp and www docs?
<p_quarles> the default httpdocs directory is /var/www
<p_quarles> you can change that to anywhere you like, but might as well leave it as is until you have a specific reason to change it
<p_quarles> the elements of the LAMP stack go in /usr, /etc, and /lib
<wizardslovak> so 4gb root lest say 1gb swap and ??
<Damm> what's a sane way to get hardy to get glibc 2.8
<Damm> I need a patched pthread in hardy that just doesn't seem to exist in Ubuntu that exists in Debian
<Damm> :|
<twb> Damm: why 2.8?
<twb> Damm: Debian, at least, never even shipped that (AFAIK).
<twb> If you enjoy pain and instability, you can always (very carefully!) cherry-pick bits from Debian.  But if you're not a DD, you probably don't have experience to do so safely.
<Damm> twb, I'd rather upgrade to Jaunty
<Damm> if i have to do that
<Damm> tbh
<twb> Fair enough.
<Damm> is Jaunty going to be LTS?
<twb> Cherry-picking from ubuntu+1 is safer than cherry-picking from Debian.
<Damm> or Karmic Koala?
<twb> Koala?  Bah.  I would have chosen Kookaburra.
<owh> Not if the world is watching a Koala being watered during a bush fire :)
<p_quarles> there was a two year interval between the last LTSs, so I'd guess the next one won't be at least until 10.04
<twb> I concur with p_quarles
<Damm> naah
<Damm> yep p_quarles
<Damm> i saw that
<Damm> welp i might as well go Jaunty and see if it fixes it, if not I can reinstall
<Damm> definetly easier then trying to apt-get dist-downgrade
<Damm> getting Ulrich to admit pthread bugs is like
<Damm> trying to scale the chrysler tower with 2 fingers
<Damm> or is that too polite?
<wizardslovak> should i install lamp in os install or wait and install it later?
<twb> Damm: If you have spare space in your LVM, I strongly recommend making an LVM snapshot or otherwise keeping your old root filesystem around as-is while you do the test upgrade.
<Damm> twb, reinstalling takes 15minutes
<Damm> and it's automated
<twb> Damm: well, if you have preseeding and know exactly what you want
<Damm> twb, no it's fai
<Damm> and i didn't set it up
<p_quarles> wizardslovak: I would install it later with tasksel; I recall that giving you more options
<twb> Yeah, fai is preseeding
<Damm> but by god it's easy enough to get done
<Damm> when I have time I'll do the preseeding
<twb> I'm not really a fan of FAI, I'd prefer a combination of manual preseeding and puppet.
 * Damm stabs puppet with a fork.
<Damm> chef 4ever
<twb> Not that I like puppet...
<wizardslovak> tasksel??? can i use apt-get?
<p_quarles> wizardslovak: tasksel is another front-end for dpkg, like apt-get; it's useful for deplying common setups, like lamp
<p_quarles> wizardslovak: sudo tasksel install lamp-server
<cjwatson> (tasksel is a front-end for apt-get/aptitude, actually)
<p_quarles> wizardslovak: or tasksel --list-tasks for the options
<wizardslovak> whats the difference btw tasksel and apt-get and aptitude
<p_quarles> cjwatson: which is a dependency resolving front-end for dpkg
<twb> Damm: there's no wikipedia article for Chef, so it's obviously no good!
<cjwatson> p_quarles: I'm aware of that, but I think it's relevant that it isn't a front-end to dpkg directly, since that makes it clear that anything you can do with tasksel you can also do with apt-get
<p_quarles> cjwatson: true; tasksel is only useful if you want to deploy a common default; for wizardslovak's purposes, though, the default lamp stack should be ideal
<cjwatson> wizardslovak: tasksel is a simplified interface that just offers you the ability to install or remove sets of packages corresponding to common tasks (or profiles, whatever you want to call them). apt-get and aptitude are full package managers that give you manual control over which packages are installed.
<cjwatson> I basically agree with p_quarles though, just nitpicking :-)
<p_quarles> :)
<Damm> twb, www.opscode.com
<Damm> it's amazing that tasksel is pretty much the same as it was in Debian Potato
<twb> That's because nobody uses tasksel except newbies
<cjwatson> Damm: pretty different internally though :)
<owh> twb: Hmm, newbies eh?
<wizardslovak> newbies??
<wizardslovak> i always used apt-get
<Damm> cjwatson, I would hope so.
<Damm> if the code stagnated from old versions of libc5 and still works on current glibc
<twb> owh: yeah; tasksel's main job is to provide newbies an easy way to opt-in to getting Xorg and gnome installed :-P
<Damm> well you'd have to give that person a medal
<owh> twb: ROTFL
<cjwatson> Damm: it's in perl, so libc is not all that relevant
<Damm> rofl
<Damm> that figures shows you how much I use tasksel
<cjwatson> Damm: and potato didn't use libc5
<Damm> potato had elf
<Damm> that i do recall
<twb> Damm: well, I noticed that ubuntu-server has some fancy different tasksel tasks
<Damm> twb, i hasn't noticed
<Damm> fai kinda gets in the way of ubuntu being useful
<twb> There's now tasks like "I want lots of security holes", i.e. LAMP
<cjwatson> the libc6 transition was in bo, two releases before potato
<cjwatson> err, hamm, not bo
<Damm> right
<Damm> but ole fashioned libc5
<Damm> or old libc was potato
<cjwatson> no it wasn't!
<Damm> not this new fangled stuff that Ulrich sold us on
<cjwatson> potato was two releases after Debian switched to libc6; it did not use libc5
<cjwatson> not for anything of any importance anyway
<Damm> used libc4?
<cjwatson> it used libc6. 5+1.
<cjwatson> I'm not sure how to be any clearer :)
 * Damm runs in terror
<Damm> you can't
<Damm> and I've hit the moment that I can't takes no more
 * Damm remembers why he ran to freebsd from Debian now
<twb> Hey so guys, a stock ubuntu-server 8.04 install, and I deliberately break filesystem mounting (by removing /srv's disk).
<twb> I get dropped into a recovery shell... in which /bin is not in $PATH
<twb> Sorry, /usr/bin is not in $PATH
<Damm> /usr/bin/ls?
<twb> Yes, obviously
<cjwatson> Damm: (http://www.debian.org/doc/manuals/project-history/ may help to keep track of the codenames)
<twb> But the question is: how did it get to that point?
<twb> PATH is /sbin:/bin
<cjwatson> there are some code paths where you only get /bin and /sbin I think
<cjwatson> I usually just stick /usr/sbin and /usr/bin in there and don't worry about it
<twb> I vaguely suspect that Ubuntu has been "clever" when it juggled stuff like /etc/environment and /etc/profile around, or just that this hasn't started a login shell for some silly reason
<cjwatson> the unified PATH in /etc/environment is only effective for PAM sessions
<cjwatson> anything else gets to fend for itself so you may notice some desynchronisation
 * Damm laughs
<Damm> well that's a horrible way of making /etc/profile cleaner then
<twb> cjwatson: this is clearly a bug, because if I manually run "bash -l", it also lacks PATH
<twb> *lacks a proper PATH
<cjwatson> twb: it'll just inherit it from the parent
<cjwatson> oh, -l? not sure.
<twb> cjwatson: I expect the system-wide PATH default to be set in /etc/profile or some other similar place
<cjwatson> sulogin should probably sort it out.
<cjwatson> the problem with /etc/profile was that we got a different kind of desynchronisation
<cjwatson> /etc/profile only applies to Bourne-style shells; there are a number of processes that start up in other ways and need a PATH
<twb> cjwatson: yeah, you're right, this problem is caused by PATH setting being moved from /etc/profile to /etc/environment in Ubuntu
<twb> cjwatson: that's a fair point
<cjwatson> and this actually was a practical problem - see http://wiki.ubuntu.com/OneTruePath
<twb> Thanks, looking
<twb> cjwatson: btw, has this issue propagated into the Debian BTS?
<cjwatson> twb: I don't think so
<twb> sulogin does NOT fix it, BTW
<cjwatson> when I said "should", I meant "ought to be made to" rather than "I believe it does so now"
<cjwatson> stupid English language
<twb> Sorry, I misunderstood.
<cjwatson> actually, it's curious that this happens at all, because upstart sets PATH
<cjwatson> and apparently has done since August 2006
<twb> I wish upstart hadn't been deployed until metainit was actually ready.
<twb> I just don't see the benefit of upstart when it has to then go through a sequential sysvinit-compat layer
<cjwatson> metainit couldn't have been made ready without experience with the initial deployment of upstart
<cjwatson> and the deployment was a lot easier this way
<cjwatson> Scott does actually know what he's doing
<cjwatson> (I'm not sure whether we'll actually use metainit, but.)
<twb> I really meant "deployed as the default"
<infinity> It had to be the default to get tested.
<infinity> Double-edged sword, really.
<twb> On an unrelated note: upstart's shutdown(8) has no way to force a fsck on reboot...
<twb> infinity: yeah, I guess...
<infinity> We needed the intermediate sysvinit-compat rollout to be able to use it at all.
<infinity> twb: These days, isn't "forcing fsck on boot" more a function of marking the filesystem dirty, since "running fsck" does pretty much nothing on a journalled FS that claims to be clean.
<twb> Even fsck -f?
<twb> It takes a long time to do nothing...
<cjwatson> all that shutdown -F ever did was to touch /forcefsck before shutting down.
<twb> I figured it was something like that
<infinity> And, FWIW, checkroot.sh still honors that file.
<twb> infinity: ah, cool
<twb> I just didn't remember what the exact name for the file was, or I'd have just touched it
<twb> As it is I'm plugging the root filesystem into my laptop to fsck -f -- it's a USB key :P
<infinity> -f touched /fastboot, and -F touched /forcefsck
<infinity> Both are referenced in /etc/init.d/checkfs.sh
<cjwatson> would be worth a bug to add those options, since they're trivial
<infinity> Though it might be nice for you to file an upstart bug to get those options back in.  *shrug*
<twb> Is there actually a way to defragment ext2?
<infinity> Some people have written some tools.  Nothing that I've ever trusted, mind you.
<infinity> ext* are fairly fragmentation-resistent anyway, though if you regularly redline between 90% and 100% usage, you'll be as screwed as the next FAT32 user...
<twb> You could do one that just called sleep(size-of-disk) :-)
<Damm> amazing ubuntu did something right with libtool
<Damm> yay
<twb> cjwatson: regarding bash; I suggest making the default /etc/profile say something like "if path is <silly>, source /etc/environment"
<twb> Since AFAICT that would be exactly a no-op for login shells that *do* go through pam_environment.so
<cjwatson> twb: /etc/environment is not guaranteed to be sourceable by a shell
<cjwatson> twb: it may happen to be in many cases, but the format is not the same as shell
<cjwatson> so it gets a bit tricky
<cjwatson> I'd rather fix the (few) places that are still showing up with broken paths
<twb> cjwatson: it's not just lines of X=Y?
<twb> Yes, obviously actually fixing things is preferable :-)
<cjwatson> the quoting rules are not the same as shell.
<twb> cjwatson: ah, fair enough
<Damm> httpd: pthread_mutex_lock.c:87: __pthread_mutex_lock: Assertion `mutex->__data.__owner == 0' failed.
<Damm> well damn it's still there
<Damm> i bet this is something in apache
<starr0stealer> hi everyone
<starr0stealer> i have some questions on how i should setup a new server, for a apache mysql server
<ScottK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<vexic> I have a question about setting up LAMP if anyone can help.
<anthony1> Good morning
<anthony1> Anyone available for a networking question on Ubuntu Desktop 8.04.2 ?
<anthony1> I am looking for some assistance on obtaining a DHCP IP address on Ubuntu 8.04.2 over a Linksys wireless bridge 802.11g, model number WET54G ver 3.1
<anthony1> I am able to assign a static IP address and DNS server information and connect just fine
<anthony1> WEP is enabled on both the Verizon FIOS wireless router and Linksys wireless bridge
<anthony1> I've tried #ubuntu and they suggested I try here
<twb> anthony1: all I can think of to try is packet sniffing
<anthony1> I don't understand how that would help
<twb> anthony1: it will tell you if the DHCPREQUEST is hitting the router
<twb> I'm assuming you actually have a shell on your DHCP server / router
<anthony1> If so, I am unable to access via telnet or SSH
<anthony1> There's a web interface but that's all I have access to
<twb> I'd also obviously try turning off networkmanager, which always breaks everything.
<anthony1> lol
<twb> And I'd try running dhclient manually and watching its output
<anthony1> twb, if you're still there, I got randomly disconnected
<twb> You can see that I'm here from /names
<anthony1> Thanks
<miyako> could anyone tell me how to add a trusted SSL certificate? I'm using dreamhost for email and their ssl cert doesn't seem to work (I added it to /etc/ssl/certs but I still get an error that the certificate is not trusted)
<anthony1> twb: did you see the flood of output from dhclient?
<twb> anthony1: no.
<twb> anthony1: you should not be flooding the channel anyway
<twb> anthony1: use a pastebin
<anthony1> Long story short ....... No working leases in persistent database - sleeping.
<twb> That means it gave up
<twb> My other suggestions remain
<anthony1> Say it again?
<twb> anthony1: make sure network manager isn't running or installed.  ssh into your DHCP server / router and packet sniff there.  Packet sniff locally.
<twb> Oh, and look for suspicious output near the bottom of dmesg
<anthony1> Thanks
<anthony1> Ok
<uvirtbot> New bug: #356818 in bacula (universe) "package bacula-server 2.2.8-5ubuntu7.2 failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/356818
<uvirtbot> New bug: #352391 in dhcp3 (main) "AppArmor prevents DHCP from getting address" [Undecided,Incomplete] https://launchpad.net/bugs/352391
<Zubbb> hello, i'm trying to do something very easy: to configure a machine with ubuntu server as firewall that does masquerading. I configured shorewall and i can do pings to the net from a workstation but when i try to access some web there seems to be no data transfer... i'm i missing something evident?
<oh_noes> Can anyone tell me how to manually edit /templates/sources.list.tmpl to point add a seperate repo into sources.list during vmbuildr runtime?  I'm trying to --addpkg a package which isn't in --mirror
<oh_noes> or any other workaround I can try to get the same end result?
<uvirtbot> New bug: #355091 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: /etc/mysql/conf.d/old_passwords.cnf: No such file or directory" [Undecided,Incomplete] https://launchpad.net/bugs/355091
<uvirtbot> New bug: #356851 in samba (main) "Sharing cups disables entire system with segmentation faults" [Undecided,New] https://launchpad.net/bugs/356851
<oh_noes> Anyone know how to install jre with vmbuilder?
<twb> oh_noes: icedtea or sun?
<oh_noes> sun-java6-jre
<oh_noes> Basically, if I try to install it vmbuilder fails because of the deb package prompting for user to accept the license agreement
<twb> oh_noes: provide the answer to that prompt in a preseed file
<twb> debconf-set-selections <<<'sun-java6-jre shared/accepted-sun-dlj-v1-1 boolean true'
<twb> debconf-set-selections <<<'sun-java6-jre shared/present-sun-dlj-v1-1 note'
<oh_noes> Thanks.  The problem is I dont know how to provide that answer with vmbuilder
<twb> oh_noes: me either; sorry.
<CrummyGummy> Hi all, I have a bunch of java processes that use all the physical ram in my server and then hang it without swapping or terminating. By hang I mean most processes half work but can't do much because there is not enough memory. I can't even run ps because it tells me the process can't fork. I would assume from what I've read about kernel memory management that the processes should just get killed but this does not seem to be the case. My swappiness
<CrummyGummy> is set to 60. free -m shows the free swap to be 1913 and used to be 0. Any one seen something like this before? Any ideas?
<simplexio> CrummyGummy: killall java takes care java programs
<CrummyGummy> wow, thats amazing.
<CrummyGummy> "fix the bugs" would've been just as useful. All I'm worried about is my servers not going down when the memory management in the kernel should keep it up.
<simplexio> CrummyGummy: well. no idea why it dosent swap, bu killing stuff helps to solve problem
<simplexio> CrummyGummy: like see dmesg and seei f there has been anyproblems
<simplexio> CrummyGummy: what kernel you use, i had problem with 2.6.27-7-server that it would oops when using dmraid0 swap drives
<CrummyGummy> 2.6.24-23-server but I've had this problem for years, I do use raid on my swaps. Id your problem go away with an upgrade?
<CrummyGummy> erm s/Id/did/
<quizme> how do i install glib-2.0 ?
<cjwatson> quizme: sudo apt-get install libglib2.0-dev (assuming you're trying to compile something and it's listed glib-2.0 as a missing requirement)
<jurism> I have ata_aux 100% CPU usage after /etc/init.d/apache2 stop; pkill -9 apache2 what should I do now? I even can not restart server because reboot command not doing its job...
<quizme> cjwatson yes exactly. thanks!
<quizme> cjwatson:  Couldn't find package libglib2.0-0-dev
<jurism> Will reboot -f help? I have only remote terminal available...
<cjwatson> quizme: read what I said very carefully. You appear to have mistyped.
<quizme> cjwatson ok thanks
<simplexio> quizme: do you mean /etc/init.d/apache2 start dosent work ?
<simplexio> quizme: not 100% sure about ubuntu, but you could try zap or force-restart argument with init.d script or remove apache.running stamp from /var/cache/ ??.. not sure where ubuntu keeps track if service is runnign
<jurism> http://pastebin.com/m37cc52feNo I have soft lockup problem ata_aux process usage is 100%, I can login into ssh but I can not even restart server. Thank You for answers!
<orudie> !seen ivoks
<ubottu> I have no seen command
<fevel> hello
<fevel> my ethernets configured incorrectly it missed out eth1 and skupped numbering the interfaces directly eth2. How can I rename it to the right order?
<fevel> *skipped
<pascalou> hi here, anyone has a very cheap drive bay (16TB) to suggest in order to do drive to drive to tape backups ?
<maxb> fevel: Have a look at /etc/udev/rules.d/70-persistent-net.rules
<fevel> youre the man maxb
<fevel> maxb: how can I reset this file gracefully?
<maxb> I think you can just edit it
<fevel> ok
<maxb> You can delete entries from it if you want it to regenerate them at next boot
<jamesrfla> I got a e-mail from the Ubuntu server mailing list saying there is a meeting in #ubuntu-meeting at 15:00UTC. I am not sure what time that would be in US eastern Time. I spent 30min trying to figure out when it is
<sommer> jamesrfla: 11:00am
<jamesrfla> thanks sommer it looks like there is some other meeting going on in there right now. Be back at 11AM
<Doble> hi - im new to linux servers and I was wondering if there is something akin to the windows task manager in ubuntu, where I can get some idea of what the server is doing, and what kind of load it is under?
<ball> Doble: "top"
<ball> (in a terminal window)
<Doble> ball: ahh cool, cheers!
<ball> Doble: you're welcome.  That's common on most unix/Linux/BSD systems
<Doble> ball: great, reading the man page now
<ball> man pages are a good thing.
<giovani> Doble: you might also be interested in installing "htop"
<giovani> it's more featureful than top
 * ball wasn't aware of htop
<giovani> I would die without it
<giovani> http://htop.sourceforge.net/
<Doble> giovani: thanks i will check it out, I eventually plan to try out SNMP monitoring with nagios, but im still learning and just wanted to see what my system was up to - htop looks cool too!
<giovani> Doble: nagios monitoring is hardly a replacement for a process viewer
<giovani> but, it's definitely something you should incorporate also
<Doble> giovani: yes indeed, cheers
<Doble> well after a couple of days of resisting taking the 'easy' route with webmin and such, I now have a little home server doing DNS, file serving, and a public FTP!
<giovani> what's the public ftp for?
<ball> Why public FTP?
<Doble> when I say public, I mean its accessible from the internet, you still need a user/pass to access it :)
<giovani> why ftp at all?
<Doble> I wanted to transfer some files from work
<ivoks> ah, no, not again... :)
<giovani> use scp/sftp
<ivoks> or webdav
<ivoks> with ssl
<giovani> ftp is incredibly insecure, both in its lack of protection for your username/password, and for the data
<Doble> yeah, I'm aware of the insecurity ... I'll look at what you suggested
<giovani> well ... on top of that, ftp requries extra software, scp/sftp doesn't
<giovani> (they're built in with openssh-server)
<Doble> hm, I wasn't aware of that ... I'll check it out
<giovani> really, I'd immediately remove ftp from use
<giovani> it has no function for you
<ivoks> giovani: windows clients have ftp client by default, but not sftp/scp
<giovani> ivoks: I'm quite aware of this
<ivoks> giovani: and you could even say that's the same case with OSX
<giovani> uh, since when?
<giovani> osx doesn't have openssh client by default?
<ball> psftp ftw
<ivoks> giovani: most of OSX users look at Finder as OSX, not the whole package
<ball> ivoks: MacOS X ships with sftp
<giovani> ivoks: well, that's an inaccurate statement then
<giovani> anyway, none of this is relevant
<ivoks> i said 'and you could even say that's the same case with OSX'
<giovani> we're talking about Doble, not "any user on the planet"
<giovani> surely if he can manage an irc client, he can manage an scp/sftp client
<giovani> otherwise, it sounds like you just want to start an argument for no reason
<ivoks> i thought he was setting up server for other users, not for him self :)
<giovani> nope ... we asked
<giovani> he said it's for himself, at work
<ivoks> ok then
<Doble> this discussion is very interesting to me either way, because if i can become fluent with ubuntu I'll be able to start using it at work with our servers :)
<Doble> instead of windows server
<Doble> so i appreciate the info
<giovani> Doble: all depends on the function, and what your level of knowledge is ...
<giovani> I'd recommend against stepping in and replacing windows servers at work until you're quite confident in your skills
<Doble> of course ... however the advantage with linux seems to be set-and-forget, i've been amazed by the reliability - we have a DNS server running on SOL linux which was set up 4+ years ago by a previous sysadmin ... it's barely been touched apart from the occasional addition of a zone record and its running beautifully even now
<Doble> probably hugely insecure, unpatched and would make most sysadmins cry, but such is the place where I work :)
<Doble> giovani - i downloaded winSCP to try out the SFTP you told me about - looks great! i have access to the whole file system, this will be a big help
<jamesrfla> yeah I get to go to my first Ubuntu Server meeting :)
<jamesrfla> I don't get to go to them because I am in school at 11AM Eastern US time
<ttx> Server team meeting in 3 minutes in #ubuntu-meeting.
<jamesrfla> +1 ttx
<Doble> is there a way to get a listing of packages I've installed with apt-get ?
<abcdasd> sorry, my connection dropped and i dont know if this got through - is there a way to get a listing of packages installed?
<cjwatson> dpkg -l | grep ^ii
<cjwatson> or dpkg-query -W, perhaps a more convenient format
<abcdasd> crikey thats quite a lot
<giovani> yep ... there are a lot of applications
<abcdasd> okay, per your advice giovani, i've removed vsftpd, but when I do a dpkg -l it still shows up in the list
<giovani> you probably didn't dpkg -l | grep ^ii
<giovani> which only shows installed packages
<abcdasd> ahh, there we go, thanks
<abcdasd> sorry cjwatson, i thought that the ^ii was some kind of weird smiley! haha
<ycy> hi there
<jamesrfla> Hi ycy
<ycy> I have a server with ubuntu. Is there a way to send a mail (from the server) whenever "apt-get upgrade" has something to upgrade?
<ivoks> apt-listchanges maybe?
<sommer> ycy: apticron does a pretty good job of that
<ivoks> timtowtdi
<ycy> thank you
<abcdasd> giovani: regarding SFTP - if I wanted to make changes to files which I would normally need to be sudo to change, how would I go about it?
<abcdasd> er, this is doble by the way, my nick has gone a bit strange, heh
<christian_> hello I need use a e-mails accounts with postfix and dovecot
<giovani> Doble: you don't ...
<giovani> Doble: what files are you trying to change?
<ivoks> christian_: ?
<ivoks> christian_: you want to setup mail server?
<Doble> giovani: thats fine if you can't, and i can understand why, i was just interested - wanted to see if i could edit config files and such from my windows PC
<giovani> you should be doing so on the server, honestly
<giovani> you could open root login, but, most ubuntu folks would advise against that
<giovani> better to ssh into the server, and use sudo with a text editor there
<Doble> yeah, i agree
<christian_> yes I need setup a mail server
<jamesrfla> thanks ivoks and sommer
<Doble> I want to see how much samba is loading files from memory cache and how much it is having to access its hard drive, what would be the best way to monitor that? ie - looking at drive transfer rates on the server
<jamesrfla> christian_: I recommend Citadel Mail server for beginners
<ivoks> christian_: https://help.ubuntu.com/community/MailServer
<ivoks> jamesrfla: this is an ubuntu channel
<ivoks> anyway... take care
<jamesrfla> later everybody have to work on some homework :(
<darkside_simmons> good day everyone...
<ball> hello darkside_simmons
<darkside_simmons> i was looking trying to join the team...I have been using ubuntu server for awhile and deployed multiple web servers, email servers etc
<ball> darkside_simmons: do you use Samba for file servers?
<christian_> thks
<darkside_simmons> yea I have been
<darkside_simmons> setup domain server for xp and few simple login scripts with rights
<Doble> darkside_simmons: I'm learning the linux way too :) coming from a windows environ
<darkside_simmons> yea its fun :) if your a technical guy like myself
<ball> darkside_simmons: One of my users whinges incessantly about not being able to write-protect a file
<ball> I can't figure out how to map Windows file permissions to an ext2 filesystem
<darkside_simmons> i used ldap group policies
<darkside_simmons> and then setup each windows account on my domain server
<Doble> ball: maybe this will help - https://help.ubuntu.com/8.10/serverguide/C/samba-fileprint-security.html - look under share security, about 3/4ths way down
<orudie> !seen ivoks
<ubottu> I have no seen command
<vexic> I have a question about setting up LAMP, would anybody be able to help?
<andol> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<darkside_simmons> whats going on
<ball> Doble: thanks, it's almost useful.
<vexic> Thanks.  I followed some documentation on the ubuntu site on setting up a LAMP server, and thought I completed all of the steps, but I couldn't view the test pages on my other box's in the network, did I forget to do something?
<ball> vexic: do you have Lynx installed?
<ball> (on the server)
<darkside_simmons> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html that may help too doble
<vexic> ball, no i don't think so
<darkside_simmons> oops i mean ball
<ball> vexic: "sudo apt-get install lynx" perhaps
<vexic> ball: I'll try that,  what exactly would that do to help me? (I followed the steps from here, https://help.ubuntu.com/community/ApacheMySQLPHP)
<darkside_simmons> vexic you are trying to see the basic apache server test pages I assume???
<vexic> darkside_simmons: correct
<ball> vexic: once you have it installed, type "lynx http://localhost/"
<ball> ...and let us know whether you see your content.
<vexic> ball: unfortunately I'm at work and can't test that at the moment, I'm just trying to get a general idea of what I missed. (I can see the content in firefox on the computer that I set it up on)
<ball> vexic: can you ssh to your server?
<darkside_simmons> vexic: yea or can you ping the pc
<vexic> ball: not yet, i was hoping to get to that step before i had to go to work, but am i new so i was too slow ;/
<darkside_simmons> ifconfig or ifconfig eth0 to see you network interface status
<ball> vexic: so you can see the Web pages from Firefox run on the server, but not from other machines on the same LAN?
<vexic> ball: that is correct
<ball> vexic: sounds like a firewall issue.  Are you using the machine's IP address for the URL?
<ball> ...or a hostname?
<vexic> ball: i'm using http://localhost
<darkside_simmons> vexic need to determine if the computer is on the network can you go to google or any other website fine
<ball> vexic: that won't work from the other machines on the LAN though.
<ball> What are you using there?
<vexic> ball: that's what I was using...are you saying all i needed to do was use the machine's ip? or set it to hostname?
<ball> vexic: from the other machines on the LAN, it would be something like "http://192.168.1.64/" (or whatever your server's IP address is)
<vexic> ball: cool , thanks.  Could you tell me where I would set the hostname, so I don't have to use the ip?
<ball> vexic: that's non-trivial.
<ball> Stick to the IP address for now.
<darkside_simmons> ball would you know of any good network logging software, I have cacti installed and played with bandwidthd but I wanted to log all blocked and accepted traffic
<ball> darkside_simmons: no idea on Linux, sorry.
<zoopster> darkside_simmons: have you looked at analog?
<darkside_simmons> no I haven't
<darkside_simmons> need something for the terminal or sql/web based since I don't have a gui on the servers
<ball> darkside_simmons: you can run Xclients on a machine with no graphics hardware.
<ball> (no mouse, graphics card etc.)
<darkside_simmons> tell me more well I guess I can google it
<ball> darkside_simmons: if you have a desktop Ubuntu machine (or any other machine with an X server), you can connect to your router from that and run software (including graphical software) there, but have the output displayed on the box you're sitting in front of.  You send it mouse clicks, keystrokes and it sends you the end result.
<ball> ...just as though you were running it locally.
<ball> X is great like that.
<ball> MacOS X ships with an X server
<ball> ...most unices do.
<darkside_simmons> that is wicked.....save me from getting another pc what i was thinking off
<ball> We've had that since the mid 1980s I think
<ball> Welcome to the late C20th ;-)
<JanC> 1984
<ball> JanC: there you go.
<ball> darkside_simmons: when people say that X is "network transparent", that's what they're describing.
<JanC> X1 wasn't nearly as useful as X11 though  ;)
<ball> ...when you run X clients on the same box as the X server (e.g. running Firefox locally), I think it talks via the network stack anyway.
<ball> X11 is a Good Thing
<ball> JanC: are you in Michigan?
<JanC> no
<ball> Ah, different JanC then ;-)
<danny1> How do i get ubuntu to install on iscsi, i have tried to pass the options "install iscsi=true" to the kernel when booting up from the server edition install cd (8.04), but when disk modules is loaded it just comes up with a window saying "No disk drive was detected blah blah" and wants me to select a module (already tried the iscsi_tcp module) just like it would when doing a normal server install.
<danny1> Because its a diskless thin client.
<ball> danny1: why would you install Ubuntu on a diskless "thin client" box?
<danny1> Right now im just testing it out, we have all our clients running windows xp through AoE, and we wont be buying new windows licenses when m$ stop making security updates for xp, so when that timee comes we are going to change into linux, ubuntu i hope since im quite familiar with debian/ubuntu.
<ball> What is AoE?
<giovani> ATA over Ethernet
<ball> danny1: Ah right, I wrote quite a lengthy email this morning about server-based computing
<ball> (thin clients, graphical terminals etc.)
<giovani> this doesn't sound like server-based computing, honestly
<giovani> this sounds like virtualized storage for distributed desktops
<giovani> I much prefer the virtualized desktop route -- but, I guess if you have hardware that you wish to use rather than real thin clients ... you can do it this way, it's just a lot more management
<danny1> already made the ubuntu installer install on AoE targets with a little workarround ( ln -s /dev/ether/target /dev/sda ) but when it comes to install grub its complaining about the target not being an bios device
<danny1> thats why i wanted to try out iscsi instead, and the reason im asking inhere is that so faar its only supported in the server edition (iscsi=true)
<giovani> probably because it's pretty rare to run desktops on virtualized storage :)
<danny1> still i should be able to get the iscsi initiator menu during the ubuntu server instalation, with the iscsi=true option
<giovani> is that documented somewhere?
<danny1> the only pages i could find about it is the release notes saying its posible with that kernel option ( http://209.85.229.132/search?q=cache:BC9W63zwbIYJ:www.ubuntu.com/testing/804rc+ubuntu+iscsi%3Dtrue&cd=6&hl=da&ct=clnk&gl=dk )
<giovani> alright, let me pull up a VM and test it myself
<giovani> you're using the 8.04 server install cd?
<danny1> yes
<danny1> tried the 8.10 dvd aswell
<danny1> when i get the default boot menu i press esc and get a boot: command line, where i type in : install iscsi=true, tried the default menu using F6 to pass it to the kernel also, still no luck, tried almost everything you can imagine hehe
<giovani> esc?
<mindnull> just installed ubuntuserver on a server and during install it detected the disks fine and completed installation without error but now when it's restarted it doesn't boot from the RAID, any ideas?
<giovani> mindnull: "doesn't boot from raid" -- be more specific? what happens?
<danny1> giovani > Escape the key in the left upper corner
<giovani> danny1: you sound like you're describing the grub menu ... not the installer
<mindnull> skips it and goes to PXE
<giovani> mindnull: sounds like your raid card/bios aren't properly configured
<mindnull> it does say that it's trying to boot from cd-rom, trying to boot from a:, trying to boot from c: and then it goes to PXE
<giovani> uh
<giovani> A: and C: are dos/windows terms
<giovani> maybe you didn't do your partitioning/mbr correctly in the install
<giovani> danny1: are you sure you aren't modifying grub boot options of an existing install?
<giovani> the ubuntu installer has a big ubuntu logo, and selects language, and then asks you to press F6 to change install options
<mindnull> used the guided - use entire disk option so I don't know how that could of been messed up, I'll go look at the bios settings
<danny1> giovani > no its not grub, try starting a vm with the instal cd mounted, and when it boots up and ask you for language press escape, then it will say something like are you sure you want to blah blah and give you the old command line boot thing, where you in the old days could type "rescue" "install" etc etc
<giovani> dana_good: iscsi=true worked perfectly for me
<giovani> I think you did something incorrectly
<giovani> boot off of the CD, select your language, then press F6 ... and append iscsi=true to the list of options already there (it shouldn't be blank, and won't say "install"
<giovani> I put "iscsi=true" before the "--" at the end of options
<giovani> worked just fine
<danny1> <giovani> the ubuntu installer has a big ubuntu logo, and selects language, and then asks you to press F6 to change install options <-- yes but if you press escape you can get the old stule debian boot command line
<dana_good> giovani: i was working on some iSCSI stuff, but i think you're talking to someone else
<giovani> danny1: well don't do that ...
<giovani> danny1: there are a bunch of installer options you need to have in there ... that ubuntu provides, which clearly you're not providing
<giovani> it says "F6 for boot options" -- follow that, it worked perfectly for me
<giovani> dana_good: yes, sorry, tab-nick completion
<danny1> that will be adding iscsi=true after quiet already tried that without luck, tried it again right now still no luck
<giovani> how are you evaluating if it worked that quickly?
<dana_good> giovani: np, i just thought it was weird i was working out some iSCSI troubles on my own and suddenly i get a little notification telling me to use iscsi=true
<giovani> you don't know until 10 questions into the installer
<danny1> i have a laptop right beside me i tested it on
<giovani> and what happened? you went through the installer in 2 minutes?
<danny1> i get to the part where it should start the disk part or the iscsi initiator, but instead it says "No disk drives found"
<giovani> well ... you're gonna have to have a physical disk ...
<giovani> otherwise how is the computer going to boot?
<danny1> gpxe
<danny1> ;)
<ball> giovani: USB flash :-)
<giovani> who says that's supported, danny1?
<ball> I suppose that counts
<ball> ...as a disk.
<giovani> it works perfectly for me ... and I have a local disk
<giovani> but it asks me for my iscsi server
<giovani> just like it should
<danny1> first i know it works, that how we boot our diskless xp machines atm, no floppy no cdrom no usb keys, only gpxe chainloaded from pxe
<giovani> I didn't say that it COULDN'T work
<giovani> I said ... who said gpxe iscsi booting with ubuntu installer is supported?
<giovani> clearly ubuntu can install to an iscsi target ... I just tested it
<giovani> so, your complaint seems to be different now
 * ball hits the big blue button on the complaint-o-matic
<danny1> well might be my cd thats to old, dont remember if its a plain 8.04 or 8.04.1 or 8.04.2
<giovani> nope, your cd is probably fine
<giovani> nobody said you could do away with physical disks though
<giovani> that's not the same thing as saying "iscsi target installing is supported"
<giovani> clearly iscsi target installing is supported -- but maybe not in the specific, and unusual way that you want
 * ball sighs
<ball> I'm tired.
<ball> ...but I have a window to scrub
<giovani> cleaning windows does suck
<danny1> heh how that that being unusual, whats the idea of booting the system of san when you need to have a physical disk ^^
<giovani> danny1: so that you don't need a huge physical disk ... and storage is centralized
<ball> giovani: this one has encrusted...gunk on it.
<ball> ...possibly even between the panes.
<ball> (double-glazed)
<ball> Handy having a local disk anyway, for swap.
<giovani> and an MBR ...
<giovani> I don't know why you aren't just using true thin-clients anyway
<giovani> it's a lot less work, and less cost and etc
<danny1> gaah gpxe can load the mbr of the iscsi target
<ball> giovani: I was writing about those earlier today
<giovani> danny1: great ... who said that's supported by the ubuntu installer? did anyone represent that?
<ball> ...need to figure out how to do that stuff.
<danny1> maybe because this is what we got, buying new machines would be more expensive than buying new windows licenses ;)
<ball> giovani: X terminals ideally.
<ball> ...though Sun Ray at a pinch.
<ball> danny1: TCO though?
<giovani> danny1: you can use normal computers as real thin clients
<giovani> we do
<giovani> we have wyse thin clients, and some regular desktops
<giovani> but the regular desktops have HDs in them
<giovani> it's just amusing that you think because something can be done, theoretically, that it must be supported by ubuntu
<ball> danny1: this thing you've got, it can boot via PXE?
<danny1> well i dodnt think that it was a half ass job ;)
<giovani> it's not half-assed
<giovani> it's iscsi target support, nothing more
<danny1> even windows 2008 server can boot entirely of iscsi with gpxe as the initiator.
<giovani> so pay for windows
<giovani> we don't need trolling
<giovani> if you feel it's unacceptable -- I'm sure you'll file a bug report
<danny1> anyways tried putting in a harddrive in the test machine, and now i get the iscsi initiator menu
<danny1> thanks for the help
<ball> I thought the test machine was a "thin client"?
 * ball is confused
<danny1> its not a real thin client, its a small case with no space for harddrives, and i had to use a laptop with a harddrive in it to make this test ;)
<ball> Then don't call it a thin client if it's not.
<ball> brb
<ball> ...does anyone make X terminals any more?
<giovani> ball: not that I know of -- most of the industry has gone to ISA/RDP/VNC
<ball> giovani: wierd, though I suppose VNC at least gives you hot-desking
<PhotoJim> I figured out why my USB2.0 card on my server is running so slowly.  kernel or udev bug.  if you have both 1.1 and 2.0 USB, the 1.1 driver gets loaded first.  2.0 cards have integrated 1.1 controllers also, for legacy devices.  so the 1.1 driver sees them, and attaches to them.
<PhotoJim> no wonder my backups are so slow :)
<ball> PhotoJim: would a custom kernel help?
<PhotoJim> ball: it doesn't look like it.  might be worth a try though.
<PhotoJim> I could do a custom kernel and remove the 1.1 driver.  that would work.  but it would mean my 1.1 ports would be inactive.
<PhotoJim> or, perhaps, a custom kernel with compiled-in 2.0 support, and a module for 1.1
<PhotoJim> that might work.
<giovani> ball: why is that weird?
<ball> giovani: I'm just surprised they're not readily available off-the-shelf any more
<ball> I wonder why.
<giovani> because very few people run linux desktops in an enterprise environment?
<giovani> RDP/ISA probably accounts for 95% of desktop virtualization now
<ball> giovani: X isn't specifically a Linux thing, but I see what you're saying.
<ball> Oh well, I'll see if I can find some VNC terminals
<giovani> X is specifically not a windows thing
<giovani> ok
<ball> giovani: true, because Microsoft shun X.
 * ball sighs
<giovani> because it has little to no function on windows
<ball> VNC may be the way to go then.
<giovani> WYSE makes X Windows thin clients
<giovani> http://www.wyse.com/products/hardware/thinclients/S50/index.asp
<ball> giovani: thanks
<JanC> hm, I've seen some 2nd hand WYSE thin clients at computer fairs recently
<JanC> something Via-based
<PhotoJim> ball: that bug for USB is apparently fixed on 2.6.28-10.33 kernel for Ubuntu.  I imagine that's only for jaunty, not for intrepid.
<ball> JanC: I'm waiting for the WY-50 to make a comeback ;-)
<JanC> I don't remember what type it was, they cost something like 30 euro IIRC
<JanC> and they have Windows on them, but running linux supposedly works  :P
<ball> I'd go with Sun Ray if they opened up the server software
<giovani> JanC: doubtful you can reflash them
<giovani> brand new wyse thin clients only cost about $250 USD
<JanC> the vendor said he'd put linux on one of them
<ball> giovani: that's less than I expected.
<giovani> ball: they have to be price-competitive with $400-600 desktops I guess
<giovani> given that with thin clients ... you still need the computing power on the backend
<ball> giovani: true enough.
<giovani> you can find them on ebay, second-hand for less
<JanC> heh, you can buy desktops for 250 USD  :P
<giovani> I've seen them as low as $100 (the newer models)
<ball> JanC: right, but the TCO's higher
<giovani> JanC: unlikely ones an enteprise would buy
<JanC> depends on what they are needed for, but actually, a high-end thin client is also powerful enough to be used as a desktop for many tasks  :P
<giovani> what I mean is ... most enterprises won't be buying the ultra-cheap desktops you're referencing at $250
<giovani> they'll buy dell/hp only, basically
<ball> giovani: Lenovo?
<JanC> giovani: you mean they buy a 300 USD Dell that comes with a 400 USD support contract?  ;)
<giovani> ball: I haven't seen any large companies with lenovo desktops
<giovani> JanC: nope, a $600 dell with a $400 support contract
<giovani> lenovo's low-end business desktop is $420 retail, btw
<giovani> pretty much the same for dell
<giovani> hp is slightly more
<giovani> but yeah, hardware cost is just the beginning of the cost savings for thin clients ...
<giovani> they last longer, much lower support cost, less damage possible, etc
<JanC> giovani: last longer than compaq desktops?
<ball> JanC: in that they aren't declared obsolete by Microsoft, yes ;-)
<JanC> at my previous job all the old compaq desktops were still running while half-as-old Dell desktops died at a rate of 10-a-week sometimes
<JanC> and of course there was the Microsoft problem (Office 2k7 doesn't run on Win2k)
<ball> JanC: iPaq Desktop?
<ball> We have three of those
<ball> Well, two on-site
<ball> one has Windows 2000 and the other Xubuntu :-)
<JanC> Compaq Evo desktops
<ball> Ah, we predate those
<JanC> D310 and such
<ball> ...bought a dc5800 recently though
<ball> ...and an ML110
<ball> ...need to try Ubuntu Server on that at some point.
<JanC> you can buy stacks of the Compaq Evo D310 and similar HP Compaq models for 30-50 euro a piece here in Belgium  ;)
<ball> JanC: nice.  I bet I could turn those into VNC terminals :-)
<ball> Oh well
<JanC> of course, someone I know builds LTSP setups with these
<ball> JanC: do they PXE?
<JanC> ball: yes
<JanC> some companies give them for free (it's for schools) but they don't give the hard disk with the PCs of course
<JanC> I guess these companies are like: "these fucking machines won't die even if we throw them around, but we want new ones"  ;-)
<JanC> (take care if you throw with them though, you can easily kill people)
<ball> heh
<ball> Is it difficult to set up a PXE boot server?
<JanC> http://www.howtoforge.com/ubuntu_pxe_install_server
<JanC> it's a bit old  ;)
<JanC> I'm sure there are other how-tos, and maybe the edubuntu disk already supports this OOTB?
<ball> JanC: I've heard that it does, if you use the alternate CD
<giovani> JanC: considering typical thin clients have no moving parts, and their CPUs don't get outdated the same way desktop CPUs do .. yes ... thin clients can easily stay current for 10+ years
<JanC> giovani: I believe you, those compaq desktops are 10yo too, and they are still used to setup LTSP-based school installations
 * JanC wonders if there are any ARM Cortex A8-based thin clients yet?
<ball> I should go.
<orudie> is DenyHosts  any good ?
<acicula> it does what it says i suppose?
<orudie> i need help configuring denyhosts.conf
<danny1> google should help you do that ;)
<tcross> Does anybody know why ubuntu-server uses vim-tiny and not vim
<acicula> it's the ubuntu base profile default
<tcross> Can we get it changed.  It has issues when editing files
<friartuck> tcross sudo apt-get install vim
<tcross> I know, i have done it but if I ever have to install it on another machine I would have to remove tiny.  etc.  I think the default should be the real vim
<acicula> vim-full
<acicula> the default is what it is, you'd have to make a pretty good case and convince a lot of people to get it changed
<acicula> vim-full autoreplaces tiny i think
<acicula> whats not working with the tiny version?
<tcross> okay,  thanks for talking about it.  this is my first time getting ivolved.
<tcross> when you get in it seems to have a few commands missing and puts in the wrong characters.  I actually dont have to edit my configs for a long time.  but from recolection that was what i can remember
<acicula> yeh it's a stripped version, dunno why that is, probably because of dependencies
<uvirtbot> New bug: #357274 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 None [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/357274
<tcross> I actually switched from Centos for my server and was a little annoid at not being able to just type in vi myfile.conf
<tcross> I was basically just wondering if there was a reason we use vim-tiny.  if we are trying to save a few megs than...
<acicula> probably just because of some dependencies, it's in the base install metapackage at least
<tcross> all right.  thaks for your time acicula.
<christian_> hello
<christian_> I need know, about of vmail
<giovani> christian_: you've been in here many times, and gotten a number of recommendations on getting started with a mail server
<christian_> I know, i follow the your instruccions
<christian_> but I cant
<giovani> then maybe you aren't ready to be setting up a mail server yet
<christian_> :(
<christian_> now, I configure the postfix and dovecot
<christian_> but I dont know the emails of my accounts
<christian_> in the /vmail/domain1/user/new
<christian_> No exist the email
<mrbull> does anyone knows how to find out which keyboard X thinks you have? I'm asking here as I'm running server and X was installed by me. I don't have a DE.
<mrbull> I'm only asking as I have an abnt2 keyboard and my AltGr and right Windows Keys are not showing up on xkeycaps
<mrbull> (when I press them it says I'm pressing dot and return from the numpad)
<danny1> christian_ kerio mailserver you should be able to set that one up it has gui administration tools :)
<slestak> there is a patch on lighttpd released 2 months ago that I need for a SOAP service.  It is not included in the 1.4.19ubuntu3.1 deb.  between installing from source or patching the deb, which sounds prefreble?
<christian_> in my mail server
<christian_> With the network tools
<christian_> the accounts with the another domain
<christian_> the account esponse
<christian_> but I cant send mail with this doamin
<danny1> giovani > tricked the ubuntu instaler into installing on iscsi (also grub) by putting in a usb jumpdrive and removing it again when it prompts for iscsi host ( that way the iscsi drive ends up as sda ), it boots up but initrd cant find root filesystem, so now i just have to build an initrd with iscsi support ;)
<giovani> danny1: cool ... you might consider filing a bug report then, to see if the requirement for a HD can be removed given the iscsi=true option, considering it seems technically possible
<danny1> It should be posible to make that initrd using this guide http://etherboot.org/wiki/sanboot/debian_etch_iscsi , other dists for example fedora have it buildt in their initrd and they can do completely diskless boots from iscsi with only gpxe as boot initiator, and then ibft takes over when the kernel is loaded.
<sebblucas1> hi to all, i am requesting someone for help with setting up a LAMP server using Webmin
<sebblucas1> any help out there?
<maxb> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<maxb> Given the above, you are unlikely to find help on that here, sorry.
<sebblucas1> so how to setup a lamp server with ebox?
<giovani> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<giovani> :)
<sebblucas1> thansk ubottu!
<sebblucas1> another question
<sebblucas1> i am somewhat new to linux, and servers in general. i am getting help with configuring apache and using it as well as MySQL, thought what about hosting your own domain name?
<sebblucas1> say www.mydomain.com   <--- on my own LAMP/DNS server
<giovani> ok, what's the question?
<sebblucas1> is it possible to host your own domain name (www.mydomain.com) on a LAMP/DNS Ubuntu 8.04 LTS server and make it public to the world? as public as say, google.com?
<giovani> sure ... that's what you're doing when you set up LAMP/DNS
<giovani> that's the entire function of providing those services
<sebblucas1> ok. :D hahaha sorry for the idiotic questions
<sebblucas1> now.
<sebblucas1> ive been reading up on "zones" and "reverse" addresses
<sebblucas1> and its all very confusing.
<sebblucas1> i've tried several different tutorials
<giovani> yeah, these concepts aren't going to be incredibly simple ... they take time to absorb
<sebblucas1> right.
<sebblucas1> so, what i'm looking for now, is some way to remotely administrate my server (using a web-based control panel [now looking up !ebox])
<sebblucas1> and register my own domain name to the world, and setup a WordPress blog on my machine
<sebblucas1> i just need to be pointed in the right direction, where to look, who to ask, etc.
<sebblucas1> theres probably no one out there who will take the time and guide me step by step, so i just need help here and there
<giovani> honestly, everything you're asking for is offered, in spades, on the interenet
<giovani> internet*
<giovani> you'll need DNS (either host it yourself, or pay for someone to host it for you)
<giovani> and you'll need Apache, with PHP, and a database (most likely MySQL for Wordpress)
<giovani> and that's it
<sebblucas1> right
<sebblucas1> there inlies the problem
<giovani> I'm unclear on what the problem is
<sebblucas1> i can install ubuntu easilyyyy. i can pre-install (during installation) the LAMP server (so all the software, apache, mysql and PHP is taken care of and install) run updates and upgrades... the problem i need to solve
<sebblucas1> is how to make a domain name (www.example.com) public to the world
<giovani> you'll need a DNS provider
<sebblucas1> sorry for circling here and there. thats the ultimate question: how to setup a DNS server to host a domain name itself
<giovani> either host DNS yourself, or hire a company to do it for you
<sebblucas1> how do i host DNS myself?
<giovani> hosting DNS yourself isn't simple -- I'd advise against it
<giovani> !dns
<ubottu> DNS is an acronym for Domain Name System, and is an internet system used to translate names into IP Address.
<giovani> !bind
<ubottu> Sorry, I don't know anything about bind
<sebblucas1> i read up on BIND9 and BIND8
<giovani> https://help.ubuntu.com/8.04/serverguide/C/dns-configuration.html
<sebblucas1> when you install the DNS server option while installing Ubuntu itself, it pre0installs BIND8
<danny1> Bleh im stuck, open-iscsi refuses to compile on ubuntu :S
<giovani> danny1: why do you need to compile it?
<giovani> and by "refuses to compile" what do you even mean?
<sebblucas1> giovani thanks for all the help anyway
<sebblucas1> ill do some more research
<sebblucas1> take care.
<sebblucas1> bye
<giovani> sebblucas1: I've provided you with specific guides on how to do what you asked
<danny1> giovani > need the iscsistart binary
<sebblucas1> yes
<sebblucas1> and i thank you
<sebblucas1> :)
<giovani> danny1: what's it used for? ubuntu has an open-iscsi package
<danny1> giovani > when compiling i get lots of errors util.c: In function Ã¢daemon_initÃ¢: & auth.c: In function Ã¢get_random_bytesÃ¢: and lots more
<danny1> giovani > yes i noticed but it does not contain the binary
<giovani> well what's the binary for?
<giovani> maybe it's been renamed
<danny1> i would guess for initiating the iscssi connection
<danny1> iscsi*
<giovani> well clearly the ubuntu package has to provide that feature
<giovani> I see zero mention of "iscsistart" in the Open-ISCSI readme
<giovani> that sounds like it could be a distro-specific binary
<giovani> and not required at all
<danny1> the script i have to run on boot before mounting root fs run this command amongst others : iscsistart -i $iSCSI_INITIATOR_NAME -t $iSCSI_TARGET_NAME -g 1 -a $iSCSI_TARGET_IPADDR
<giovani> maybe it's distro-specific
<giovani> read the manpages for the binaries included with the open-iscsi package in ubuntu
<danny1> hmm the guide is for debian
<giovani> that'd be the obvious thing to do
<danny1> i noticed that during the ubuntu installer there is a binary called iscsi-start
<giovani> I don't see that anywhere in an ubuntu package
<giovani> maybe it's only in the installer
<danny1> http://209.85.229.132/search?q=cache:z2OwEG2T0vwJ:manpages.ubuntu.com/manpages/jaunty/man8/iscsistart.8.html+iscsistart+ubuntu&cd=2&hl=da&ct=clnk&gl=dk
<danny1> that says clearly what iscsistart does :)
<giovani> so then what's the problem?
<giovani> that's from the ubuntu package
<giovani> I told you to check the ubuntu package first
<danny1> well that i cant get that binary its not included in any of the packages apt provides me
<giovani> it's only supplied in ubuntu jaunty
<giovani> probably a new binary
<giovani> http://packages.ubuntu.com/jaunty/i386/open-iscsi/filelist
<danny1> can i use that binary with hardy ?
<danny1> or intrepid
#ubuntu-server 2009-04-08
<giovani> you can try
<giovani> no guarantees
<danny1> seems like it works phew
<sebblucas> Question: what is the best (and supported) remote administration software for an Ubuntu server? Similiar to Webmin?
<giovani> we went over this
<giovani> ebox
<giovani> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<sebblucas> sorry giovani
<sebblucas> but ebox
<sebblucas> doesn't seem to support Apache configuration
<sebblucas> correct me if i'm wrong
<giovani> I believe you're wrong
<sebblucas> ok
<sebblucas> so,
<sebblucas> following the instructions on the page you gave
<sebblucas> to access ebox from a machine on the same netowkr
<sebblucas> network*
<sebblucas> type the IP?
<giovani> yes ...
<sebblucas> merci.
<sebblucas> now,
<sebblucas> i was discussing setting up my own domain
<sebblucas> with a partner
<sebblucas> and i was told most likely 2-6 people in the country i'm in know how to setup what i am requesting
<sebblucas> and those work for latin american Microsoft
<sebblucas> (joke, obviously) though, maybe true.
<giovani> heh
<giovani> ok, so?
<sebblucas> ill repeat my request once again
<sebblucas> and fill me in any blanks
<sebblucas> if what im requesting is impossible
<giovani> no ... we don't need to hear the same request again
<giovani> I've already addressed your request
<sebblucas> hah... sorry.
<sebblucas> question:
<sebblucas> do i have remote administration to BIND9 configurations using ebox/
<giovani> no idea, read the ebox documentation
<sebblucas> ok my mistake, there is
<sebblucas> question: if i want to proceed as my request states, i am reinstalling ubuntu. what options should i pre-install? (DNS server, SAMBA server, Mail server, LAMP server, OpenSSH server, etc.)?
<giovani> no need to reinstall ubuntu
<sebblucas> if i want to start from scracth, which options to select
<sebblucas> scratch*
<sebblucas> (recommendations)
<sebblucas> ...
<danny1> heh now im stuck on boot with /init line 190: devide by zero
<danny1> time for some sleep might help redoing it tomorrow with a fresh head ;p
<twb> Boot with break=top or init=/bin/sh?
<markdrago> I just want to make sure I DL the right CD.  Can I do LVM @ install time with the Server CD or do I need the alternate?
<twb> Only the live (desktop) CDs do not support LVM and software RAID.
<markdrago> twb: thanks!
<twb> That is because the live CDs use stink ubiquity instead of loveable d-i.
<markdrago> Gotcha.  So the server CD and the alternate are pretty similar.  Just default package selection differences I guess?
<twb> markdrago: different defaults, and the packages that are ON the CD (as opposed to needing download) are different.
<markdrago> cool - thanks again
<cjwatson> twb: charming
<twb> Oh, I didn't even post WHY I think ubiquity is stinky
<Iceman_B^Ltop> where do ARP broadcasts get logged?
<Iceman_B^Ltop> if at all
<cjwatson> twb: does the phrase "optimised for different requirements" mean anything?
<twb> IIRC the main reason for it was to allow different special widgets, like the tz chooser.
<cjwatson> it's a little bit less trivial than that
<twb> Which was especially ironic because in 8.10 the a11y was so messed up that I couldn't actually use the tz widget
<Iceman_B^Ltop> btw, in what scenatios is a LVM handy to use ?
<twb> cjwatson: yes, well.
<twb> Iceman_B^Ltop: basically, all of them
<cjwatson> twb: FYI, the timezone map was not conceived until some distance into ubiquity development. (And yes, it was a bit broken in 8.10.)
<twb> Iceman_B^Ltop: the cases where it *isn't* useful are virtual machines, or disks that need to be accessible by other OSes.
<twb> Iceman_B^Ltop: or very small disks, such as USB keys.
<Iceman_B^Ltop> hm, okay. WHen I installed 8.10 I think I got the option to use an LVM, but I didnt use it
<Iceman_B^Ltop> since I dont know what it exactly does, the only thing that comes to mind are the "extended" and "logical" partitions Windows uses
<twb> Iceman_B^Ltop: LVM lets you add, remove, resize or move partitions (between disks) while they are in use.
<Iceman_B^Ltop> .....crud. I think I should;ve use it then
<twb> IOW it adds flexibility for an (IMO negligible) performance hit, though it does mean that non-Linux systems can't read your data.
<cjwatson> LVM gives you three new objects: "physical volume" which is just something that goes on a partition to allow it to be used by the LVM system; "volume group" which is an assembly of physical volumes; "logical volume" which is an object a little bit like a partition, but it's allocated within a volume group and can be spread across disks and handled much more flexibly than traditional partitions
<twb> Traditional MS-DOS partitions, anyway ;-P
<Iceman_B^Ltop> it almost sounds like RAID
<cjwatson> you have an example of a partition table type that is significantly better in this regard?
<twb> cjwatson: I'm trying to think if AIX called its stuff "partitions" :-)
<Iceman_B^Ltop> btw, aren't there MANY ways for non-linux systems to read data from a linux system?
<twb> But there might be e.g. ITS or something which had such flexibility, but nobody remembers it
<cjwatson> all of the traditional partition table formats share essentially the same limitations here. The DOS partition table format is worse in some other ways, particularly the primary vs. logical partition stuff.
<cjwatson> twb: it called it LVM, last I checked
<twb> Well anyway.
<miyako> aha! finally figured out why the ssl cert won't work
<centaur5> Is there a way to make a new netboot image since the one I'm using (from the repositories) isn't as current as the new kernel?
<twb> The netboot's kernel doesn't need to match the installed kernel.
<yeason> I'm trying to get cgi & perl working on an apache2 server, I keep getting a 500 error, and the log states "Premature end of script headers" which from my googling could be one of a hundred things. Can somebody give me a hand in figuring out why its doing this?
<twb> yeason: did you look at /var/log?
<yeason> that's in the apache2/error.log file, it says "Premature end of script headers"
<yeason> and then gives a file name
<yeason> I meant to say it gives the file name of the file that I attempted to run
<yeason> lmfao... white team guy just left
<yeason> oops... wrong window
<twb> Sounds like the bug's in your cgi script, then
<yeason> that's what I doubt, cause the cgi script is part of a prepackaged ecommerce setup. it was working on another server without a problem, I've been trying to spot differences in configuration but no luck yet
<yeason> I've been reading the same conclusion in google searching
<kraut> moin
<twb> If the cgi script isn't part of Ubuntu, then you need to talk to the vendor that you got it from
<yeason> that's the frustrating thing, its required that we use this stupid setup, yet it hasn't been supported as far as I can tell in several years... And it does work so I'm pretty sure its a server side issue
<yeason> also I get that same error running any .pl file
<twb> Ah, well, that's different, though I can't help you with cgi myself.
<twb> I would guess that plain CGI is pretty much unused these days, and everybody prefers mod_perl or fast CGI or whatever
<yeason> probably, also I found another error that might be of use: "(8)Exec format error: exec of 'filepath' failed"
<lyhana8> hi, how could I change the mysql user ID correctly ?
<lyhana8> actually I change it manually in /etc/passwd and /etc/group and now the server refuse to start
<lyhana8> I'm trying to share a mysql DB among a gentoo and an ubunutu. User ID change and file permissions change work fine on gentoo, but not on ubuntu
<macno> hi all. I have some questions about ntp on 8.04... which is the best way to keep time sync ?
<macno> a brutal  ntpdate -s clock.ubuntu.com in cron.hourly  ?
<incorrect> during installation I would like to set a grub option in my preseed file,  I've not seen any option for this, has anyone else ?
<uvirtbot> New bug: #357583 in nut (universe) "missing the last bit for powering off the system" [Undecided,New] https://launchpad.net/bugs/357583
<incorrect> when using the preseed file to pxe boot my keyboard layout has issues a # doesn't seems to get confused and come out as three diamonds
<psteyn> Hi, I accidently replaced my /etc/mysql with my old one, but forgot about the debian.conf file in there which gets generated..how can I regenerate that file?
<incorrect> psteyn, you can dpkg-reconfigure <package>
<psteyn> that doesn't seem to work, I still get 'error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'
<psteyn> because it seems to use the old pc's credentials..I wanna regenerate the new pc's credentials
<macno> psteyn: could you access to mysql as root?
<psteyn> yeah, but the debian.conf file has this: user     = debian-sys-maint
<psteyn> password = zZSg3xzHiCTa3x4i
<psteyn> what type of hash is that?  can I just use passwd on the debian-sys-maint user?  or how
<macno> ok we need to replace debian-sys-maint
<psteyn> what can I do?  reinstalling mysql doesn't recreate a /etc/mysql and doing dpkg-reconfigure doesnt do it either
<macno> psteyn: it's not a hash . that is the password
<psteyn> oh.
<incorrect> damn you preseed file
<psteyn> if I change the password, do I need to change it elsewhere in the system too?
<psteyn> what else relies on debian-sys-maint in other words?
<psteyn> ugh :<
<incorrect> yes but i forget where
<macno> psteyn: I suggest to change debian-sys-maint password into database with the oldone
<incorrect> dpkg -L mysql-server-5.0 will give you a clue
<psteyn> ok macno, I see its not a system user..is it a mysql user? or where can I change that password?
<macno> psteyn: yes it's a mysql user, you can update mysql.user : connected as root use mysql then update user set password = Password('zZSg3xzHiCTa3x4i') where user = 'debian-sys-maint'; flush privileges;
<psteyn> thanks :)
<macno> psteyn: once done, try to connect mysql -u debian-sys-maint -p ;)
<psteyn> cool.
<psteyn> macno: it says ERROR 1046 (3D000): No database selected
<macno> psteyn: use mysql
<psteyn> but I dont want to select a database right?  this is for any mysql thing? or is there a specific db?
<psteyn> ooh thnx
<macno> psteyn: users, grants are stored into mysql database
<psteyn> thanks :]
<macno> psteyn: you're welcome
<psteyn> *phew*...ok, next time im backing up debian.cnf before replacing the mysql folder
<psteyn> hehe
<cjwatson> incorrect: what keyboard preseeding are you using?
<cjwatson> incorrect: for adding extra boot options, just put them at the end of the installer boot arguments, after the "--"; anything after "--" will automatically be copied to the installed system, unless it's one of a list of arguments that we know to be specific to the installer
<incorrect> cjwatson, http://pastebin.com/m114b255
<cjwatson> incorrect: you used debconf-get-selections --installer didn't you?
<incorrect> that is from that
<cjwatson> incorrect: you should start from the installation guide instead. debconf-get-selections --installer produces a whole bunch of things that shouldn't be preseeded.
<incorrect> i've used both the d-i options and the non
<cjwatson> incorrect: furthermore, the owner (the first field) should be "d-i", not "console-setup".
<cjwatson> incorrect: that said, neither of these explain your problem. What boot parameters are you passing to the installer?
<incorrect> http://pastebin.com/m4ee170e2
<incorrect> i've tried this too
<incorrect> i am now trying to do a dpkg-reconfigure on the package at the end on the install
<cjwatson> no no no
<cjwatson> what boot parameters are you passing to the installer?
<incorrect> http://pastebin.com/m5eb85a01
<cjwatson> hmm, it looks correct, but you have a *lot* of unnecessary rubbish there
<cjwatson> might be confusing things
<incorrect> what do you think i don't need?
<cjwatson> first, delete *all* that console-setup stuff from your preseed file. console-setup needs to be preseeded in boot parameters anyway - the preseed file isn't processed until after keyboard configuration is done
<cjwatson> secondly, you have debian-installer/locale=en_GB.UTF-8 and debian-installer/locale=en_GB both specified. Delete one of them, and you can abbreviate it. I'd suggest just "locale=en_GB.UTF-8"
<cjwatson> thirdly, delete "console-tools/archs=at console-keymaps-at/keymap=gb" and "console-setup/codesetcode=Lat15 console-setup/dont_ask_layout=error"
<cjwatson> (the first bit of that must, I think, have come from Debian documentation, or some very old Ubuntu documentation)
<cjwatson> if that still doesn't work, then add DEBCONF_DEBUG=developer to it, and show me /var/log/installer/syslog after installation
<incorrect> DEBCONF_DEBUG=developer do the append string?
<cjwatson> I don't understand your question
<incorrect> where does DEBCONF_DEBUG=developer go?
<cjwatson> at the end of the boot parameters
<cjwatson> or anywhere, really, as long as it's after "append" and separated by spaces from the others
<incorrect> thanks
<incorrect> are there docs on the installer?
<cjwatson> don't mess about with dpkg-reconfigure though. This is perfectly doable without any of that nonsense :-) but I may need to look over the logs to see what's going wrong
<cjwatson> https://help.ubuntu.com/8.10/installation-guide/i386/
<incorrect> i am using 8.04
<cjwatson> 8.04 instead of 8.10 then
<incorrect> I am also trying to get partman to create a partition on sdb but i've tried a number of different ways
<cjwatson> one thing at a time
<incorrect> ok removing that stuff from the append has means it asks me to select a keyboard layout
<cjwatson> did you leave console-setup/layoutcode=gb in there?
<incorrect> ah i think i had a mistake in there
<incorrect> now looks like ramdisk_size=14984 debian-installer/locale=en_GB.UTF-8 console-setup/layoutcode=gb netcfg/choose_interface=eth0 netcfg/dhcp_timeout=120 url=
<cjwatson> right, that should be fine
<incorrect> perfect!
<incorrect> lets see if they keyboard works now
<incorrect> and a reboot
<incorrect> sigh they keyboard map is still broken
<Doble> hi folks - I want to back up remote servers to one of my servers over the internet, while minimising the amount of data transferred (compression would be great!) - is rsync the best tool to do that with or is there something else?
<andol> Doble: Regarding the transfer rsync, or something based on it, is definetly a good idea.
<andol> Doble: Of course, you might want something more, to handle diffrent version of your backups, etc
<andol> Doble: Rsnapshot (perl-wrapper around actual rsync) or rdiff-backup (own program, uses librsync) might be good options.
<Doble> andol: cheers, i will do some research on those two
<cjwatson> incorrect: ok, can I see /var/log/installer/syslog please?
<Doble> andol: regarding rsync - I was under the impression that it performed differential/incremental backups ... what is the advantage of rdiff-backup?
<Doble> also regarding rdiff-backup, it says that for unattended backups being run automatically require root access on the client servers, will that cause problems because ubuntu doesn't use root ?
<mat1211> Hi, I was wondering if there was a way to keep the unrar utility running even if I don't have putty or terminal opened.
<macno> mat1211: what's your need?
<yann2> mat1211 > yes with screen
<yann2> man screen
<mat1211> ah
<andol> Doble: Actually, the only magic rsync does is regarding the transfer itself. Without any wrap around it won't store anything else but a mirror of what it is copying.
<andol> Doble: rdiff-backup only reguired root access if it's going to backup filed only readable by root.
<andol> Doble: and yes, you can use the root account in Ubuntu. It is just that it doesn't come with a password set by default. Either set a root password or use an ssh-key. Regarding unattended backups the later is more or less required anyway.
<mat1211> so just screen and then the command?
<mat1211> to use screen.
<mat1211> and also, is there a way to reinstall the part of ubuntu that deals with creating users? because when I type sudo adduser username, it says pam authorization failed.
<Doble> andol: i see, thanks, im working on that now, will see how i go !
<fujin> anyone know if it is possible to use Prevu to backport a package compiled for 32bit on a 64bit system?
<fujin> ARCH=x86 prevu .. for example?
<maxb> Hmm. It's certainly a feature which could conceptually be added, at least.
<maxb> pbuilder-dist has this capability
<maxb> And prevu is just a simplified wrapper over pbuilder
<Doble> how do I run the cd command as root? when i try sudo cd I recieve command not found
<mat1211> hmm, does anyone know how I can seperate my harddrive into two partitions? I use fdisk but it says no free sectors.
<maxb> Doble: cd changes the directory of the current shell, therefore it's not something you can "run". Perhaps you want to start a shell as root? ("sudo -s")
<Doble> maxb: thanks, the sudo -s command helped, im trying to set up remote backups while doing things the 'ubuntu' way with sudo! but its a bit of a pain hehe
<maxb> Whenever you want to run more than a couple of single commands as root, "sudo -s" is useful.
<Doble> maxb: how do i return to my normal user account when im finished ?
<maxb> Exit the shell (e.g. Ctrl+D)
<Doble> cheers
<friartuck> Doble or just type exit
<Doble> so to clarify, I've set up two RSA keys to allow login without a password or user account as root - i did this on my server PRODIGY, and copied the public key to another server called NOVUS, and renamed the file to authorized_keys - can I now copy the same key from PRODIGY to ANY server and have it authenticate automatically? or do i need a new key for each server ?
<Doble> actually i just figured that out for myself - sorry, its pretty obvious! *needs sleep*
<giovani> Doble: you use the same key, it's your public key
<Doble> can someone explain what the . before a directory represents?
<maxb> Doble: In what context?
<Doble> well for example, im setting up the rsnapshot.conf and the snapshot_root is /.snapshots/ - im just wondering if the leading . means the directory will be hidden or some such ?
<giovani> Doble: it means that the file/directory is hideen, yes
<giovani> hidden*
<maxb> By general Unix convention, files/dirs with a leading dot are hidden from standard directory listing tools
<Doble> ahar, im learning, great, thanks
<giovani> Doble: if you just run "ls" to list the contents of a directory, it won't show you hidden files/folders
<giovani> adding "-a" will show you those ... so "ls -a" is how you'd see the hidden contents (as well as the rest) of a directory
<Doble> giovani: yes, thanks, i am making a habit of typing "ls -l -a" :)
<giovani> no need to do that - twice ... "ls -la" will do fine
<Doble> ahh, cool, thanks
<Doble> okay, next question - im setting up this rsnapshot tool, and i want to use SSH to do my backups, to keep it secure, but it wants to know where SSH is installed to ... and I have no clue, how do i find out, or where is it normally installed to?
<mat1211> What is the hfs+ driver for ubuntu? I have a harddrive with that fs but can't mount it.
<giovani> you can use the "which" command to find out the full path of a binary, Doble
<giovani> Doble: so run "which ssh"
<giovani> and it'll print the full path
<Doble> giovani: ah brilliant, cheers!
<cjwatson> mat1211: the kernel driver name is 'hfsplus'
<cjwatson> mat1211: you might need to specify that explicitly ('mount -t hfsplus'); sometimes if you don't it gets mounted as hfs which sort of works but won't see most of the files
<Doble> I have set up rsnapshot to back up a remote server and the localhost, but when I run the job, it prompts me for a password for the localhost - should I just add my public key i created to the authorized_keys file on the local host? is that a security risk ?
<mat1211> ah, thanks.  Just one last question, when I am resizing a partition using parted, it asks me for start? and end?  Could someone please tell me what the program wants me to type in?
<ball> mat1211: if you don't know, you shouldn't be using parted
<mat1211> I'm not sure how else to partition my harddrive, and I couldn't find the info on google.
<danny1> fdisk for example ?
<mat1211> when I use fdisk it says no free sectors or something like that.
<mat1211> cause my harddrive right now is one big partition
<ball> mat1211: it's probably best to give Ubuntu Server its own machine, or at least it's own disk drive.
<danny1> fdisk cant resize it as faar as i know, but you can delete the big partition and create smaller ones
<mat1211> now it is asking for first and last cilinder
<danny1> try the gparted live cd if you want something with gui and without those kinda technical questions
<ball> mat1211: I like cylinders
<maxb> I would like cylinders more if they didn't change size depending on what OS you're running
<maxb> or sometimes depending on which partitioning tool you're using within Linux
<mat1211> right........
<mat1211> just a question whats command to format the hd to hfsplus, I tried mkfs.hfsplus /dev/sdc1
<Doble> brilliant! my backups are working, thanks andol, maxb and giovani
<danny1> heh nice in jaunty the iscsi function within the instaler requires awk, but its not included :p
<Doble> okay, my backups worked so well, they flooded my connection and i could barely get to google, is there a way of throttling the connection?
<danny1> trickle for example
<mat1211> how do I make hfs+ fs on my hd?
<danny1> mkfs -t hfsplus
<mat1211> I did that but I did mkfs -t hfsplus /dev/sdc1, didn't work for some reason.
<danny1> do you have the hfsplus package installed ?
<mat1211> yep
<Doble> danny1: cheers, trickle looks like it will do what I need, thanks
<mat1211> the exact command I type is "mkfs -t hfsplus /dev/sdc1" and it says "No such file or directory."
<Doble> is there a way of dynamically monitoring network throughput? I've tried htop but it appears to not have that functionality
<yann2> iftop
<Doble> yann2: excellent, thanks
<danny1> mat1211 i guess you need to compile it yourself then if ther ubuntu package doesn't include that binary
<Lartza_> What is the major difference of server cd's regular and minimal installs?
<Lartza_> *main difference
<ivoks> kernel
<ball> Minimal install lacks the dancing ladies
<Lartza_> Nonono I don't think kernel
<Lartza_> I mean regular server install and minimal server install
<Lartza_> THey both propably have server kernel still
<Lartza_> Or you mean minimal misses headers or something?
<Lartza_> I am really trying to find otu what should I use
<ivoks> what's regular and what's minimal server install?
<cjwatson> mat1211: it accepts several formats - e.g. you can say "2000M" for 2000 megabytes
<Lartza_> If you boot server cd and press F4 there is options of install, regular, minimal, or minimal for virtual machine
<ivoks> oh, i was totally unaware of that :)
<Doble> ivoks: pretty sure its new in 8.10 (at least the virtual bit)
<cjwatson> danny1: iscsi> score. please file a bug
<mat1211> okay, thanks for all your help.
<Doble> lartza_: it depends what you are using your server for .. if you arent sure, id say to use the regular install, that should cover all the bases.
<ivoks> Lartza_: what ever you choose, none of them will install services by default; but i don't know what's different :/
<ivoks> and i should know stuff like that :)
<cjwatson> Lartza_: minimal doesn't install the server task (which contains patch, screen, landscape-common, vim, wireless-tools, wpasupplicant, w3m, ubuntu-serverguide in jaunty)
<cjwatson> so it's a bit smaller, but that's the only difference
<cjwatson> they're the same kernel
<ivoks> oh... so that's the former standard server install
<cjwatson> right
<ivoks> great
<cjwatson> minimalvm also doesn't install the standard task, and it doesn't use LVM by default
<Lartza_> Thanks
<cjwatson> danny1: and please tell me the bug number so I can mark it release-critical
<Doble> I want to control the bandwidth that my rsnapshot uses when backing up my remote server, but when I just put trickle in front of the rsnapshot command, it doesn't work, where could I insert the trickle command ?
<orudie> ivoks !
<ivoks> ?
<Doble> when i try running "sudo trickle -d 50 rsnapshot daily" I get the following error: "ERROR: /usr/bin/rsync returned 255 while processing root@123.456.789.123:/home/ftpusers/ touch /srv/backup/daily.0/" - how can I get the trickle command to work with rsnapshot?
<MagicFab> why do we have /etc/ldap.conf /etc/ldap/ldap.conf
<ivoks> they are not the same
<ivoks>  /etc/ldap/ldap.conf is for ldap library
<ivoks> and /etc/ldap.conf is for pam-ldap, iirc
<MagicFab> ivok could you elaborate ldap library
<ivoks> but, true, it is confusing
<ivoks> MagicFab: libldap-2.4-2
<MagicFab> are we changing anything about it or will it stay like that ?
<ivoks> we won't change anything now
<ivoks> every app compiled with ldap support checks /etc/ldap/ldap.conf
<ivoks> to see if there are something it should know before starting a query
<ivoks> like, what to do if certificate is unknown
<ivoks>  /etc/ldap.conf on the other hand is something totally different
<ivoks> it's for user authentication, IIRC
<MagicFab> ivoks, rocks. I am giving training for server live :)
<MagicFab> excellent response time :D
<MagicFab> + karm for you
<ivoks> hehe
<MagicFab> ivoks what's the difference between ldap:/// ldaps:/// ldapi:/// ?
<MagicFab> 1) plain text
<MagicFab> 2) SSL
<MagicFab> and 3 is...?
<ivoks> lol
<ivoks> ldapi is socket
<ivoks> ldapi://var/run/ldap.socket
<ogelami> hi, when my php tries to write a file i get "permission denied" in response, how should i solve this problem?
<ogelami> chmod -r 777?
<ivoks> that's bad way to do it
<ogelami> so?
<ivoks> best way would be to enable ACLs on filesystem
<ivoks> and just add www-data as a user that should be able to write in that directory
<ogelami> what is ACLs , and what does it do?
<giovani> ogelami: Access Control Lists, it's a different way of handling permissions
<ivoks> if that's not an option
<ivoks> you could make www-data user as an owner of that directory
<ogelami> oh
<ivoks> and never put enything valuable there :)
<ivoks> anything
<ivoks> i doubt valuable is correct spelling
<ivoks> heh it is :)
<p_quarles> ivoks: yeah, "valuable" is correct
<ogelami> okay, so let's just say that i want my /etc/www/grab to be writable from php?
<ivoks>  /etc is configuration directory, don't put anything thats changing in there
<ivoks> that's what /var is for
<ogelami> haha, sorry , i meant
<ivoks> but anyway, sudo chown www-data:www-data /your/directory
<ogelami> var
<Doble> is it correct that my crontab is saved to "/tmp/crontab.jDHAns/crontab" ?
<ivoks> Doble: crontab -e?
<ogelami> does that gives full permission to the subdirs in the directory i choose?
<ivoks> ogelami: no, only the parent
<ivoks> ogelami: add -R to do it for all files and dirs in it
<Doble> ivoks: yes, i want to run my backups using rsnapshot, so I added it to the crontab, but now im thinking that because im logged in as myself and not as root, that the command wont execute properly, is crontab user-specific ?
<ogelami> oh ok ty,
<giovani> Doble: yes, crontab is user-specific
<giovani> and that /tmp file is where the crontab is temp stored until it's written
<ivoks> Doble: that's ok, crontab -e saves to temporary file and then moves it into /var/spool/crontab/username
<ogelami> thank you, now it's working
<ivoks> if tar added support for ACL, karmic *should* have it
<Doble> okay, should I create the entry for my backups in root's crontab? or is there another way ?
<ivoks> Doble: don't do anything as root, unless you really have to
<giovani> Doble: do you need/want your backup to be executed with root permissions?
<Doble> yes, the rsnapshot needs to be run as root or it can't write to the lockfile
<ivoks> grrr... they still haven't accepted the patch
<ogelami> since i did that, i cannot controll my php files manualy from my ubuntu account -.-
<giovani> ogelami: correct
<giovani> this is why ACLs are used
<ogelami> hm
<giovani> I didn't follow your entire conversation, but you might be able to do youruser:www-data
<ogelami> i want www-data, ogelami and root can acces,a
<ivoks> when people write php applications, they choose one direcotry where web server should be able to write files
<giovani> root always has access
<ogelami> yea
<giovani> ogelami: you can do youruser:www-data
<giovani> so that your user still owns the dir, and www-data can be given group permissions to do so as well
<ivoks> right, and make it 0775
<J_P> hi all
<ogelami> yea thank you
<ogelami> now i can edit and write from www-data
<J_P> peple, I install ubuntu 8.10 server, and after I need Grafical interface only to use firefox. So I install apt-get install xorg icewm. But after I did startx command, mouse not works. I try ps2 and usb mouse
<giovani> J_P: GUIs aren't supported on ubuntu server
<J_P> what file I can change to try solve that ?
<ogelami> nope i was wrong -.-, i can edit from my ubuntu account but not from www-data.
<J_P> giovani: You mean, aren't supported by ubuntu or in this channel ?
<giovani> J_P: both
<ogelami> i want full permission from my ubuntu account, and read/write/append for my www-data.
<giovani> ogelami: then you didn't apply 0775 permissions
<J_P> giovani: ok, I will try in #ubuntu. thanks
<ogelami> how do i apply 0775 ?
<giovani> ogelami: sudo chmod 0755 /path/to/dir/
<giovani> and you'll need to add -R there if you want to apply that to all subsequent files/folders
<ogelami> thank you giovani
<giovani> in the future, ogelami, if you don't know how to follow an instruction ... just ask, rather than ignoring it, and claiming the instructions didn't work
<ogelami> now I'm not able to append the file my php wrote.
<ivoks> fix your php code
 * ball doesn't like php
<ivoks> tell it to create 664 file
<ivoks> without ACL you'll have a hard time getting this into what you want
<ogelami> I'm a noob when it comes to linux, i don't know how to do that
<ivoks> with ACL you can just tell it that every file created in that dir can be rw by your user
<ivoks> and whatever PHP does, it can't change that and both you and your php application would be happy :)
<ivoks> enabling acl is easy
<ivoks> remount your filesystem with acl option
<ivoks> install acl package
<Doble> should I use ACL on a samba file server serving windows clients? I was having some trouble with permissions before with multiple users ... when a user created a file, only he could delete/edit that file, even if another user that was part of the same group attempted to edit it
<ivoks> Doble: samba has better ways to solve this
<Doble> i got around it by forcing everyone to be admin in the samba smb.conf
<ivoks> Doble: force user and force group
<Doble> i see
<ivoks> Doble: you can set it up like 'force user = nobody ; force group = nogroup'
<ivoks> Doble: add valid users = jim carry pamela anderson
<ivoks> Doble: and that's it
<Doble> hmm, I see
<ivoks> they all can access it, write it and stuff, but on the filesystem level, it will be owned by nobody:nogroup
<Doble> yeah, let me give you a scenario and maybe you can tell me if this will work ...
<Doble> Lets say I have a Samba file server set up in a small business with 5 users, running windows pcs. I want each user to have an account on the server, and I want the users to be divided into three groups, Staff, Admin, and Executive. There should be one primary file share, within which there are directories. Only certain staff should have access to certain directories, but it should be additive, eg: executives have access to both admin and 
<Doble> once inside the directory, everyone should be able to do everything
<Doble> if that makes sense :)
<ivoks> i understand what you are up to
<ivoks> you can do that with ACL, of crouse, but you could also setup couple of shares
<ivoks> you can even do that without acl
<ivoks> make top directory rw by public group
<ivoks> under it is staff directory, rw by staff group
<ivoks> next to it is admin directory, rw by admin group
<ivoks> add admin users in public, staff and admin group
<ivoks> staff users in public and staff
<ivoks> public users only in public
<Doble> thats not bad
<ivoks> hm...
<ivoks> but it has a flaw :(
<ivoks> i just realized it
<Doble> ?
<ivoks> if admin users writes something in public directory
<ivoks> it will be owned by admin group
<Doble> what if you force everyone to nobody.nogroup ?
<ivoks> and public users won't be able to see what's in that file
<ivoks> then you  don't have groups :)
<Doble> but you have set the permissions on the primary directories already
<Doble> they act like gates, and only let in the right users, but once inside, its a free-for-all
<ivoks> that's right, and when your admin user tries to write, it will try to write there as nobody:nogroup
<ivoks> and fail
<Doble> ah, i see
<ivoks> acl is the way to go
<Doble> well, id like to do it without multiple shares because they require multiple drive mappings to the user's computers, and ideally I'd like just one 'share' with access then controlled by permissions. it also simplifies user management, for example, if a new staff member joins, i just add them to the 'staff' group and it sorts itself out - i do the same on my windows network at work
<ivoks> cjwatson: would it be too bad to include support for acl in tar, even though gnu tar is still considering correct aproach, and might do it differently? :)
<cjwatson> sounds like an excellent way to create future incompatibilities
<ivoks> right
<cjwatson> we had this pain when they changed the bzip2 option name
<ivoks> fwiw, they are considering the patch i've sent to debian maintainer
<ivoks> it's based on what redhat has done for their tar
<ivoks> they even added some fixes to it :)
<ivoks> let's wait and see
<Doble> hmm, my crontab doesn't seem to be working, I added "20 2 * * * /usr/local/bin/rsnapshot daily
<Doble> " to root's crontab, to get the job to run at 2:20am every day ... and it just crossed over 2:20am and it hasn't run, any ideas ?
<ivoks> check your mail
<Doble> how do i do that? i dont think i've set up an email address for root yet
<ivoks> check /etc/aliases to see where root mail goes to
<ivoks> and then /var/mail :)
<Doble> i don't have a /etc/aliases
<Doble> should I ceate one ?
<cjwatson> Doble: root's crontab, or /etc/crontab?
<Doble> root's crontab
<cjwatson> ok
<ivoks> no, don't create one
<ivoks> check /var/log/syslog
<ivoks> it should have an info about crontab job
<Doble> it does, it just says - Apr  9 02:26:01 prodigy /USR/SBIN/CRON[18701]: (root) CMD (/usr/local/bin/rsnapshot daily )
<Doble> so im guessing it ran ?
<ivoks> yes, it did
<ivoks> now, what's the outcome, we can only guess :)
<ivoks> add 1> /tmp/crontab.stdout 2> /tmp/crontab.stderr
<ivoks> so...:
<ivoks> 20 2 * * * /usr/local/bin/rsnapshot daily 1> /tmp/crontab.stdout 2> /tmp/crontab.stderr
<ivoks> fix the time, to 35 2
<ivoks> and wait for it to run again
<Doble> actually, im one ahead of you - i just turned on logging in the rsnapshot.conf file :)
<Doble> it should log to /var/log
<ivoks> well, that doesn't do what i planed... but ok
<Doble> ah, sorry, thought i was being clever
<ivoks> :)
<ivoks> maybe this way will work too
<Doble> hmm, it didnt create a log file
<Doble> if i run the command manually, it logs it in /var/log like it should
<Doble> so i guess that crontab isn't running the command
<ivoks> it is
<ivoks> you've seen the logs
<ivoks> maybe rsnapshot needs some env variables?
<Doble> hmm doesnt seem so
<Doble> im following this guide - http://rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html#automation
<ivoks> add those 1> and 2>
<Doble> ok
<ivoks> and try again
<Doble> ok done, is it okay to set the crontab just one minute ahead of time? ie the date shows "02:40:10" so I set it to 2 41
<Doble> nevermind of course it is, because its working ... we checked that already
<Doble> aha,
<Doble> bin/sh: /usr/local/bin/rsnapshot: not found
<ivoks> there you go :)
<ivoks> which rsnapshot
<Doble> rsnapshot is actually in /usr/bin/rsnapshot whoops !
<Doble> that'll teach me to blindly copy/paste from guides :) cheers
<Doble> brilliant, it's working now, thanks ivoks
<ivoks> np
<Doble> haha, this 'hard links' stuff is crazy ... coming from a windows environ, the idea that I've made four backups of about 30mb each ... but the three backups after the first are only taking up 700 bytes each on my drive! yet they appear to be full backups ... brilliant
<ivoks> right
<ivoks> i wasn't aware of rsnapshot, so i created my own backup system :)
<ivoks> with the same idea
<Doble> i still dont quite understand how the different backup sets relate to eachother - if i have a daily backup and a weekly backup, is rsnapshot smart enough to maintain hard links across the backup sets, so I only have one copy of a file at a time ?
<cjwatson> /usr/bin/rsnapshot> in general it's best to invoke commands without an explicit path if you can, so just 'rsnapshot' rather than '/usr/bin/rsnapshot'
<andol> Doble: there is no diffrence between a hard link an the "original" filename. Actually, any normal filename is basically a hard link. The filesystem keeps track of the data as long as there is at least one hard link pointing to it.
<Doble> very interesting, thanks
<olcafo> rsnapshot looks interesting. It's funny that I also created my own version of this with scripts, although this seems better because you can let the users retrieve their own stuff.
<Doble> cjwatson: thanks, i've changed it in my crontab now
<Doble> another question about cron and rsnapshot, what happens if one rsnapshot job is running, and another is executed while it is running? does the server just create a new process for the new rsnapshot job?
<ivoks> that depends on rsnapshot
<ivoks> in my system, i create temporary file, which i erase once backup is done
<ivoks> i don't know how rsnapshot handels that
<Doble> hmm, i know rsnapshot uses a lockfile while it's working
<ivoks> there you go
<ivoks> so, it won't start again if it's already running
<ivoks> bye all
<Doble> thanks ivoks
<Doble> how can I get cron or rsnapshot to email me a file with the output of its job automatically ?
<sommer> Doble: set the MAILTO=your_email option
<Doble> sommer: where do i find that ?
<wo0f> yo guys
<wo0f> i have a prob...
<wo0f> iv been running ubuntu-server
<wo0f> and have switch to ubuntu-desktop to easily setup freeNX
<wo0f> but
<wo0f> the meta package for LAMP ("web server") does'nt install the same as ubuntu-server
<giovani> it's the same package
<giovani> server and desktop use the same repositories
<wo0f> for instance suhosin is not installed
<wo0f> giovani, thats what i thought
<wo0f> but like i say, suhosin patch server is not installed :S
<wo0f> do you think using .tasksel, rather than aptitude will make any difference?
<giovani> what packages did you install?
<christian_> hello
<christian_> somebody know how download the e-mail with postfix an d dovecot in virtual mail??
<uvirtbot> New bug: #357939 in openssh (main) "package openssh-server 1:5.1p1-5ubuntu1 failed to install/upgrade: subprocess pre-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/357939
<wo0f> giovani, the meta package, web server
<giovani> ok ... and what's the problem then?
<wo0f> it doesnt install everything that gets installed when doing the same from ubuntu-server
<wo0f> e.g. theres no suhosin patch server
<orudie> !seen ivoks
<ubottu> I have no seen command
<orudie> !why?
<ubottu> Sorry, I don't know anything about why?
<orudie> !kittens
<ubottu> Sorry, I don't know anything about kittens
<orudie> lol
<wo0f> !seen banner
<ubottu> I have no seen command
<orudie> !banner
<ubottu> Sorry, I don't know anything about banner
<orudie> !wo0f
<ubottu> Sorry, I don't know anything about wo0f
<wo0f> !seen wo0f
<ubottu> I have no seen command
<wo0f> does the alternate cd run tasksel?
<wo0f> i presume it must do
<Grahzny> I just did an upgrade of a little ubuntu-server machine, from intrepid to jaunty, and it went super smooth. Just thought I'd throw that out there and smile
<PhotoJim> good news.
<PhotoJim> I'm tempted to upgrade my server, but I think I'll wait for release.
<wo0f> how long is it now?
<wo0f> 14/15 days?
<Grahzny> Nothing wrong with waiting a couple of weeks. I upgraded my development workstation, though, so I wanted to have the same version of Django (and Python, of course) running on the server. I hope it doesn't bite me!
<wo0f> aint this ubotto bot got a counter ?
<wo0f> !help
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://jussi01.com/web/factoids.cgi - Usage info: http://wiki.ubuntu.com/UbuntuBots
<Grahzny> Scheduled for the 23rd, so yeah, 15 days, eh
<wo0f> !wo0f is pro
<wo0f> :P
<wo0f> !wo0f
<ubottu> Sorry, I don't know anything about wo0f
<Grahzny> He's got a regular Zombie Hoof
<wo0f> hmm, whats that gui tool for viewing virts?
<wo0f> gtk i seem to remember
<Grahzny> I'm not sure what you mean by virts, so I have no clue :)
<orudie> which command is used to copy between hosts
<orudie> is it wcp or something like that ?
<giovani> scp
<orudie> thanx
<giovani> Secure CoPy
<orudie> s as in ?
<orudie> ok
<yeason> I'm not sure why but mysql seems to be listening on a random port other than 3306 even though that's what I have it set to. Does anybody have any suggestions on where I can look to figure out why this is happening?
<yeason> hmm... nvm, it does appear to be listening to the right port, but I still can't connect. I get "access denied for user... unable to connect to database server"
<giovani> yeason: you probably haven't set up permissions properly
<yeason> that's the funny thing... I've setup the user, double checked the password, allowed all permissions, allowed that user all permissions to the database required, and setup the client with the correct information and I still get this error
<giovani> probably failed to set up the proper ACL for where the user can log in from
<yeason> I'm sorry, what is ACL?
<giovani> read the mysql manual on setting up users
<giovani> just because a user exists, doesn't mean it can log in from any machine
<yeason> uh yea... I've set this user to be able to log in from anywhere
<giovani> unlikely given the error you're getting :)
<giovani> you've somehow not applied the permissions properly
<giovani> because mysql works for everyone else :)
<yeason> the user in question can log in from Hosts: Any, and has permissions: All
<yeason> I'm looking at it through webmin
<giovani> webmin isn't supported for ubuntu
<giovani> so use it at your own risk
<Nafallo> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Nafallo> :-)
<yeason> huh... I find that interesting, its never really caused problems for me before
<giovani> nobody said it will, absolutely, cause problems
<giovani> the fact that it's unsupported means ... if it causes problems ... there won't be fixes provided
<orudie> giovani, how do i specify ssh port for scp ?
<giovani> orudie: read the manpage for scp
<orudie> giovani, its -P thanx
<orudie> anyway i'm out
<orudie> later all
<wo0f> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<wo0f> will ebox actually work in the next version?
<wo0f> or is it that they only release for LTS?
<uvirtbot> New bug: #357998 in openssh (main) "openssh-client (amd64) can't login after upgrade to jaunty" [Undecided,New] https://launchpad.net/bugs/357998
<wo0f> jesus!
<wo0f> thats a pretty MASSIVE bug :P
<CoinRN> I have a Ubuntu-Server and Windows XP at my LAN-House (i don't know how it called in USA). and a buy 2 links of internet, and configured the Server to share 1 one link to same ips, and the other link to the rest... but now, when a PC stay ocious, it lose connection to network... why does it happens?
<CoinRN> can anyone help me?
<ball> CoinRN: is a LAN-House a remote location that hosts your equipment?
<CoinRN> no... it's a place when normal people cames, and pay to access internet on our pcs
<CoinRN> it's a "enterprise"
<Vog-work> I think CoinRN might be trying to do like aggregation.
<CoinRN> i have same PCs. people pays to acess internet in this pcs
<CoinRN> its so popular here in Brazil
<Vog-work> Ahh internet cafe
<CoinRN> because people don't have money to pay internet and buy PCs
<CoinRN> yessssssssssss
<CoinRN> it's a Internet Cafe
<CoinRN> =D
<ball> link aggregation
<CoinRN> i live in a poor state of Brazil, so the Net here is bad
<CoinRN> the best provider of my city, provides only 1 MB =/ at max
<CoinRN> [beawesomeinstead]: i buy 2 links of 1 MB
<CoinRN> OMG why i cant' say so?
<CoinRN> could i show to you my config file?
<Vog-work> use pastebin.ca to post it and then give us the link
<CoinRN> i configured like: these PCs will acess the INternet Link 1, and those other will acess the internet link 2
<CoinRN> all right
<ball> CoinRN: are both links wired?
<CoinRN> yeah, both wired
<ball> CoinRN: I wouldn't configure your client PCs that way.
<CoinRN> http://paste.ubuntu.com/147232/
<CoinRN> it's because, we have a group of 8 PCs, that makes downloads a lot
<CoinRN> and the others, is for gamers
<ball> CoinRN: sounds like you want traffic shaping
<CoinRN> When the people of the group 1, start to download things, the gamers guys got crazy. So i dived, 1 MB to the guys who got downloads, and 1 MB to the guys to use normal internet and online games
<moz_> i have a user i have just added that I wanted limited access to in my webserver, have made a directory in /var/www for it, and when I ftp in it works fine, and the user cant change directory, why is it that my other user account, can ftp in and browse my entire VPS server, im wondering what the difference is, is it expected behaviour but i dont know exactly why, can anyone help ?
<CoinRN> well... i agree with you ball... by the way i also think that is good dived the internet in 2 parts... 1 internet for the group 1 and another one to the group 2
<moz_> p.s. im not logging with root on the second account
<moz_> oh actually it doesnt work , the second user can view my entire directory structure
<CoinRN> because the guys who watch youtube and download a lot of things, need some internet speed, but must don't made other people crazy
<moz_> how can I stop this from happening?
<CoinRN> and these people are focced in 8 PCs
<CoinRN> my Internet Cafe has 3 rooms... the first and second are very similiar... it's for gamers and normal people
<CoinRN> and the third room, wich have only 8 PCs, it's private rooms... so, many people go to download things, watch Porn, etc...
<CoinRN> anyway... it doesn't matter... my problem is... When i turn ON a PC, and it stay ocious for a long time, its lost contact to network :S
<CoinRN> why does it happens?
<ball> CoinRN: you're doing it wrong.
<CoinRN> =( so, how can i do it correctly?
<CoinRN> by Shaper? (cbq)
<ball> I have to go, my daughter's waiting to be picked up from school
<CoinRN> =/
<CoinRN> Could anyone else help me?
<Vog-work> CoinRN: I don't know what you mean by ocious
<CoinRN> ok, i'll explain
<CoinRN> the server is linux, but the other PCs are Windows
<Vog-work> ok
<CoinRN> [sommer]: we turn ON the pcs
<CoinRN> ops
<CoinRN> [beawesomeinstead]: we turn ON the PCs... and only it
<CoinRN> OMGGG
<CoinRN> -312312321 so, we turn on the pcs... and just it
<CoinRN> if a client (person) cames, and use the PC, the computer stay normal, with internet acess
<CoinRN> but, if the PC still turn on from a long time, and no one use it
<Vog-work> ok
<CoinRN> it lost the network acess
<CoinRN> :S
<CoinRN> i can't understand it
<Vog-work> AH ok...
<uvirtbot> New bug: #358035 in dhcp3 (main) "can't create file: permission denied by apparmor" [Undecided,New] https://launchpad.net/bugs/358035
<Vog-work> CoinRN and it you use the repair connection option in WinXP does it fix the problem?
<cjwatson> wo0f: 357998> I find it doesn't usually pay to panic until one has actually diagnosed the bug
<CoinRN> mm... good question. i can't try that, because the Windows PC have a software that block the PC, if there's no network acess =/ it's don't a configuration, but a bug... in the "Internet Cafe Software"
<CoinRN> 12312321 so, i cant do it =/
<CoinRN> ----- so, i restart the PC, and it back to work
<CoinRN> but, it happens to in the "internet cafe manager software Server", and when i disable and renable the conection, all back to work
<CoinRN> sorrry for terrible english, can you understand what i Said?
<CoinRN> and this Windows PC, who have the "Internet Cafe Manager" (no, the software it's not caled this) also has a shared printer... and when its nertowks go down, the others PCs can't print anything =\
<CoinRN> i guess that I have configured something wrong in the rc.local, because these kind of problems came after i configured the 2 internet links
<Vog-work> Yeah I understand, I htink that this problem is on the winxp computer and not on the Ubuntu Server.
<Vog-work> Either that or 2 computers are attempting to use one IP or one MAC address.
<Vog-work> (I dounbt 2 computers would have the same mac address but I have seen the problems once before)
<Vog-work> ^^ (I doubt)
<uvirtbot> Vog-work: Error: "^" is not a valid command.
<Vog-work> stupid bot.. :)
<CoinRN> well... so, thare is something that i can to confirm it? for be sure that the problems isn't the ubuntu server?
<CoinRN> and thanks for the help man =D
<CoinRN> but, did you saw my rc.local? aparently are all ok there?
<CoinRN> because I'm really noob on linux... =/
<CoinRN> i have linux only at this Server and at my House (i installed 1 mounth ago... Ubuntu Intrepid)
#ubuntu-server 2009-04-09
<techsupport> how do I extract file.tar ?
<cjwatson> techsupport: tar xf file.tar
<techsupport> cjwatson, thanx
<cjwatson> petia: it'll extract to the current directory, so you might want to do this in a new directory just in case
<renatokrause> Good night
<wo0f> nn
<renatokrause> i wrote a code and i like to sugests to incorporate. how can i do this?
<renatokrause> *sugests to add in Ubuntu and Debian
<jtaji> !packaging | renatokrause
<ubottu> renatokrause: The packaging guide is at http://wiki.ubuntu.com/PackagingGuide - See https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages for information on getting a package integrated into Ubuntu - Other developer resources are at https://wiki.ubuntu.com/UbuntuDevelopment - See also !backports
<renatokrause> is a daemon for the mrtg. the mrtg exists but in Ubuntu it run in crontab and dont explore a daemon resource of MRTG. I wrote a daemon based in /etc/skeleton.
<renatokrause> */etc/init.d/skeleton
<renatokrause> !mrtg
<ubottu> Sorry, I don't know anything about mrtg
<jtaji> renatokrause: I suppose you can file a bug and attach your patch https://launchpad.net/ubuntu/+source/mrtg
<renatokrause> jtaji: very thanks. https://bugs.launchpad.net/ubuntu/+source/mrtg/+bug/358123
<uvirtbot> Launchpad bug 358123 in mrtg "MRTG DAEMON" [Undecided,New]
<jtaji> renatokrause: you are welcome
<renatokrause> jtaji: thanks man, very thanks really
<renatokrause> jtaji: im writing a bot configurator of swith for mrtg, i dont know if its can be added too.
<renatokrause> i write this in python and bash
<jtaji> renatokrause: I'm sure your contributions will be welcome... here's some info on submitting patches https://wiki.ubuntu.com/UbuntuDevelopment/Patches
<renatokrause> jtaji: thanks i will read
<renatokrause> bye all, i will play with my son
<renatokrause> thanks all
<twb> How do I discover what my nearest primary mirror is?  Apparently "apt-get install apt-spy" is wrong.
<brad_> I will ask in case anyone knows (I've went through synaptics and can't find what I'm looking for)  I have about 150 accounts telnet/ssh on different devices that I have to change my  passwords every 60-90 days and was wondering if there was an app that could assist me with this?
<twb> brad_: the Right Thing would be to stop using passwords.  Instead, use key-based authentication.  Then you only need to change the passphrase on one ssh key.
<twb> If you just want a tool to generate randomized passwords, I can recommend apg(1).
<brad_> I agree, but they can't force passwords on the ssh key
<brad_> the right thing to do would be to use radius
<twb> brad_: possibly so.
<brad_> twb: nah, I need something to go change all those passwords.
<twb> That would basically mean that you had all the passwords written down where the script could get to them anyway.
<twb> IMO that pretty much defeats the purpose of having passwords.
<brad_> I would have the passwords consistent across the devices and would just be changed.  I keep everything in an encrypted app on my blackberry
<twb> brad_: wait a minute.  You're saying that you have 50 different telnet and ssh targets, and they all have the SAME password?
<brad_> yes, but I'm not an administrator on those boxes... for example, the cisco routers are read only.
<brad_> the one's I admin I use securid on :)
<twb> Owie
<twb> brad_: you mean an RSA token?
<twb> Yeah
<brad_> if they're going to use telnet and not ssh then it doesn't deserve a special password for each one since they don't care about security to behin with.
<twb> I hate the new USB ones, though
<brad_> yep, RSA securid token.
<twb> brad_: IMO it doesn't deserve a password in the first place -- just make it the null password.
<brad_> I just have the standard keyfob
<brad_> i've already installed the sshaskpass app so if a site requires a password for your ssh key it fakes it out.
<twb> You mean a passphrase?
<brad_> but then again I'm the type of person who locks my machine every time I walk away from it.
<brad_> yes
<twb> I'd have said that's ssh-agent's job, not ssh-askpass's
<sebblucas> hi!
<sebblucas> i've installed a 'Perfect Server' setup for ISPConfig (2) on 8.04 LTS
<sebblucas> i need some assistance as to where are some guides or PDFs on hosting own site.
<sebblucas> i just registered a domain name today
<sebblucas> and i would like to set it up, though i have no clue what to lookup in google.
<sebblucas> any help out there?
<twb> I'm not aware of any rigorous, comprehensive documentation on the subject.
<twb> Generally I'd be inclined to recommend a VPS solution rather than hosting your own hardware in a back room.
<twb> For ispconfig specifically I found upstream documentation at http://www.ispconfig.org/documentation.htm
<oh_noes> Is this command meant to work?  "scp /local/* user@server:/foo/bar/" meant to work?  I get "/local/* No such file or directory"
<oh_noes> ls -l /local/* works (it exists)
<Kamping_Kaiser> try scp -r /local/ instead of scp /local/*
<oh_noes> oh nice, thanks
<Kamping_Kaiser> ( i assume you want a recursive copy ... :))
<oh_noes> Yep.   I found * works in some systems, but i'll stick to recursive, cheers
<twb> After making an LVM volume and a filesystem on it, how do I make the filesystem appear in /dev/disk/by-uuid?
<kraut> moin
<uvirtbot> New bug: #358261 in samba (main) "net rpc command potentially dangerous on Windows 2003 Server " [Undecided,New] https://launchpad.net/bugs/358261
<HigH5> Anybody out there with LDAP experience?
<incorrect> sure
<HigH5> I'm trying to add an ldif file with slapadd (followed the official help for Ubuntu Server), but the slapadd keeps telling me I have an error: "Error, entries missing! entry 1: dc=example,dc=com"
<incorrect> and your dn is dc=example?
<HigH5> No, is something different, but I have that sorted out.
<incorrect> so why are you trying to add to example?
<HigH5> Actually, the dn is dc=kas,dc=lan
<incorrect> so change your add command to reflect that
<HigH5> No, that's fine: slapadd -l kas.lan.ldif
<incorrect> and the ldif file looks like?
<HigH5> Just like this one here: https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html
<HigH5> It's in the middle of the page.
<incorrect> let me guess, ou=people should be ou=People
<incorrect> ou=groups = ou=Groups
<HigH5> Well, I just figured it out. The template from the official guide seems to be incomplete.
<incorrect> the docs are pretty poor for ldap
<HigH5> The community guide template solved my problem. I had to add dn at the beginning.
<incorrect> i've packaged 2.4.15 of openldap for hardy as .11 is pants
<HigH5> It works now, thanks anyway.
<uvirtbot> New bug: #358314 in apache2 (main) "Invalid e-tag when using mod_deflate" [Undecided,New] https://launchpad.net/bugs/358314
<oly> hi, can anyone tell me how you netinstall ubuntu 64bit are there seperate linux and and initrd.gz files ??
<oly> or do you use some sort of parameter at boot ?
<oly> I am already netinstalling 32bit ubuntu just want to add 64 bit versions
<cjwatson> separate files
<cjwatson> under installer-amd64
<oly> okay cheers :)
<davmor2> Guys I had a query last night off a guy who runs a small hosting company.  He uses centos at the moment but would like to use ubuntu server but needs compatibility with something call cpanel iirc.  (the hosting config panel you get)  Are there any plans to get this certified for ubuntu or not do you know?
<ttx> davmor2: it's apparently not a question of certification. cPanel apparently only supports RHEL (or centos). Since it's closed-source afaict, they would need to port it somehow
<davmor2> ttx: cool thanks I'll pass the message on
<ttx> davmor2: I don't know cpanel, was just looking at their website
<davmor2> ttx: No Probs
<uvirtbot> New bug: #358382 in sysstat (universe) "iostat -N doesn't report device mapper names" [Undecided,New] https://launchpad.net/bugs/358382
<Knightwise> hey guyz
<Knightwise> do you know if imagewriter supports ubuntu server ?
<Knightwise> i want to boot my machine of a stick
<uvirtbot> New bug: #358468 in samba (main) "Samba crashes on install...." [Undecided,New] https://launchpad.net/bugs/358468
<Sam-I-Am> hmmmm
<Sam-I-Am> anyone here use dhcpd with in failover peer mode?
<Sam-I-Am> getting a fun segfault occasionally with the jaunty packages
<hackeron> hey, I put "fusecctv         hard    nice           -10" into /etc/security/limits.conf - logged out and back in, but I get "nice: cannot set niceness: Permission denied" when I run say nice -n -5 echo -- any ideas?
<giovani3> are you root?
<hackeron> giovani3: no
<giovani3> well uh ... why do you think you'd be getting a "permission denied" then?
<giovani3> only root can set a negative nice value
<hackeron> giovani3: that's the question - the line I added to limits.conf should allow user fusecctv to set nice level up to -10
<giovani3> unless the process has been specifically allowed beyond that in limits.conf
<giovani3> yes, but you just said you ran nice on echo
<giovani3> not fusecctv
<hackeron> giovani3: huh?
<giovani3> "when I run say nice -n -5 echo"
<hackeron> oh wait, I had to log out of the original shell
<hackeron> works now
<hackeron> $ whoami
<hackeron> fusecctv
<hackeron> fusecctv@fusetech-dev:~$ nice -n -5 echo
<hackeron> works fine :)
<giovani3> great
<hackeron> except why on earth are limits disabled in /etc/pam.d/su by default!??!?
<jpds> hackeron: Because root is not enabled by default?
<jpds> And thus, sudo is used instead?
<hackeron> jpds: what?
<hackeron> jpds: limits allow you not to use root
<hackeron> jpds: so here you're forced to use root unless you edit /etc/pam.d/su and enable limits which enabled /etc/security processing -- you may as well delete /etc/security in the default setup :)
<jdstrand> ScottK: fyi-- between the delayed 0.95.1 release and some security work that popped up yesterday, I was not able to get 0.95.1 before archive freeze
 * Sam-I-Am files a bug report on dhcp3-server
<Sam-I-Am> yay segfaults!
<Sam-I-Am> and theres no debugging symbols compiled in either...
<cjwatson> use ubuntu-bug and it will fetch the necessary symbols
<cjwatson> if you've already filed the bug, and you're running jaunty, you can use apport-collect to add information to an existing bug
<Sam-I-Am> well, i have some output from gdb
<cjwatson> see https://wiki.ubuntu.com/ReportingBugs and https://wiki.ubuntu.com/DebuggingProcedures
<Sam-I-Am> it'll tell me which function it borked in, but no debugging symbols
<Sam-I-Am> er, dhcpd was not compiled with -g i guess and theres no -dbg package
<cjwatson> debugging symbols are in separate packages
<cjwatson> the tools I just pointed you to know how to fetch them on demand
<Sam-I-Am> sure...
<cjwatson> Sam-I-Am: if for some reason you need to do it by hand, see https://wiki.ubuntu.com/DebuggingProgramCrash
<Sam-I-Am> thats what i've been reading
<Sam-I-Am> getting the gdb output from that documentation
<cjwatson> if you've already been reading that, you should already have debugging symbols ...
<cjwatson> (from ddebs.ubuntu.com)
<Sam-I-Am> ah, thats where they're hiding...
<cjwatson> very first section of https://wiki.ubuntu.com/DebuggingProgramCrash
<Sam-I-Am> yeah, i apparently managed to jump into DebuggingProcedures first
<Sam-I-Am> got it now... installing debug packages
<Sam-I-Am> thx
<Sam-I-Am> cjwatson: interesting how i cant get it to crash under valgrind :)
<jcastro> kirkland: slots are filling up quickly now, you might want to stake a claim rsn.
<kirkland> jcastro: url
<jcastro> https://wiki.ubuntu.com/UbuntuOpenWeek/Prep
<jcastro> anyone else on the server team want to do a session?
<jcastro> yeesh, not everyone jump up at once.
<Sam-I-Am> heh
<mralphabet> Anybody familiar with some knowledge base software?  Any recommendations?
<giovani3> mralphabet: I've used docuwiki a bit
<giovani3> twiki is also a common choice
<Sam-I-Am> yay, bug filed
<Sam-I-Am> https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/358589
<uvirtbot> Launchpad bug 358589 in dhcp3 "Segmentation fault during peer startup in failover configuration" [Undecided,New]
<Sam-I-Am> cjwatson: thanks for the tip on finding the right debug package
<cjwatson> np
<uvirtbot> New bug: #358589 in dhcp3 (main) "Segmentation fault during peer startup in failover configuration" [Undecided,New] https://launchpad.net/bugs/358589
<Sam-I-Am> hey look...
<uvirtbot> New bug: #358612 in openssh (main) "X11 forwarding fails (Invalid MIT-MAGIC-COOKIE)" [Undecided,New] https://launchpad.net/bugs/358612
<J_P> hi all
<J_P> hi all
<J_P> people, ubuntu server 8.10 don't have more webmin package?
<J_P> any other? I would like give to user configure IP interface via web
<p_quarles> I remember reading somewhere that webmin was quite difficult to maintain due to design issues
<friartuck> J_P if you are talking about the actual package "webmin" don't use that product. It's full of security issues.
<giovani> J_P: webmin isn't supported in ubuntu
<giovani> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<giovani> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<J_P> friartuck: and giovani so, do you know another package for that? configure IP via web ?
<giovani> J_P: read what it says
<giovani> it can't be more clear
<J_P> giovani: ahh sorry, I see now :-)
<User777> with proftpd how do I allow a user to access a director outside of his home?
<User777> anyone?
<ivoks> hello
<WastePotato> Hi.
<twomashi> im getting 404s when I try to upgrade
<twomashi> Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-23-server_2.6.24-23.48_i386.deb  404 Not Found
<twomashi> anyone got any idea..?
<kees> twomashi: your apt cache is likely out of date.   sudo apt-get update   and try again
<twomashi> that was it, thanks!
<giovani> twomashi: you have to do that regularly -- really, once every time before you install/upgrade a bunch of packages
<giovani> i.e. if you're gonna do 3 separate apt-gets in a few minutes/hours, no need to run apt-get update 3 times, but, if they're a day or more apart -- run apt-get update first
<twomashi> yea
<twomashi> im not that well versed in ubuntu
<twomashi> but you have the same thing in arch linux
<twomashi> have to synchronise the package databases
<giovani> yeah, this is not ubuntu-specific
<giovani> apt is a debian creation
<ScottK> jdstrand: slangasek says we can still get it in.
<jdstrand> ScottK: AIUI, there are 2 relevant security issues
<jdstrand> ScottK: I'm going to have a tough time getting it in before early next week (and even then will be hard)
<Grahzny> Sometimes I miss ole Debian. Maybe sometime I'll set it up 5.0 as an alternative to Ubuntu-server.
<ScottK> jdstrand: I have some time now.  Let me see what I can do.
<jdstrand> ScottK: that would be truly excellent. I can work on backporting the security fixes to intrepid (but again, it'll be early next week)
<ScottK> OK.
<saysay123> hello, any one here running ubuntu on a gigabit network ? If so how fast id you large transfer speeds ?
<Penguino> Hi everyone
<Penguino> I need help
<Penguino> (sorry if i'm bothering you)
<Penguino> Sorry
<Penguino> Ok, this is my question
<Penguino> I'm trying to make it catch wireless connection with a USB adapter
<Penguino> Exactly it uses this chipset
<Penguino> Bus 002 Device 006: ID 148f:2573 Ralink Technology, Corp. RT2501USB Wireless Adapter
<Penguino> Do Ubuntu Server support this chipset?
<Penguino> I found the driver, but i don't know if I must install it
<Penguino> Again, sorry if i'm annoying :(
<JanC> wireless in a server?
<Penguino> Yes
<Penguino> You mean... this is not possible?
<Penguino> I was going to make server use wireless connection
<JanC> it's not a very common use case
<Penguino> Oh
<Penguino> What about a wired connection?
<JanC> have you tried using the desktop kernel?
<Penguino> Nope
<Penguino> I didn't try
<Penguino> I think it's the kernel too
<Penguino> But... does desktop kernel work ok with a server?
<JanC> Penguino: if your server is based on desktop hardware, then the desktop kernel should work
<Penguino> Yes, it's based on desktop hardware
<Penguino> And wireless adapter worked on my desktop
<Penguino> Ok
<Penguino> So... thank you so much
<Penguino> Sorry for my noobness
<Penguino> :D
<JanC> no problem
<Penguino> Oh
<JanC> the -server kernel is more for real server hardware
<Penguino> Does PHP, MySQL, LAMP and all that applications work on desktop server?
<JanC> yes
<Penguino> (ok, thanks for your advice)
<Penguino> I didn't know that
<Penguino> Ok
<JanC> you only have to change the kernel, not install everything again  ã
<Penguino> Again, thanks
<Penguino> Oh
<Penguino> Again...
<Penguino> Let me google it
<JanC> you need the kernel images ending in -generic
<Penguino> Ohhhhhhh
<Penguino> I understand
<Penguino> My image ends on -server
<Penguino> So, shouldI remove current image and
<JanC> yes, that's what the server CD installs by default, while the desktop CD installs -generic by default
<Penguino> *install new one?
<Penguino> Oh
<Penguino> Ok
<Penguino> Apt-get, i think
#ubuntu-server 2009-04-10
<Penguino> Ok
<Penguino> I'll try it
<Penguino> I hope it works with apt-get
<JanC> you need to install linux-generic or linux-image-generic
<Penguino> Oh. ok
<JanC> those will always depend on the latest -generic kernel
<Penguino> Oh
<Grahzny> Ah, interesting to explore how it's organized.
<Penguino> But i think I must download it here on desktop, because server can't connect to Internet :D
<Penguino> Whoops
<Penguino> Thanks, JanC
<JanC> Penguino: in that case you probably best download the latest kernel version directly, and install the linux-generic meta-package once you have an internet connection
<Penguino> Ok
<Bullterd> Evening All
<Bullterd> I have a ubuntu server x64 install
<Bullterd> and i just put in a adaptec PCI RAID Card, 16 port
<Bullterd> I have setup 6x 500gb RAID 5 on the card, however, fdisk -l does not show the drive(s)
<Bullterd> How would I go about setting that up ?
<ropetin> Bullterd: did you prepare the RAID array using the Adaptec utility?
<Bullterd> prepare?
<Bullterd> I set it up as a logical drive e.t.c
<ropetin> That's what I meant :)
<Bullterd> Same as I did when it was a *shudder* M$ Server
<ropetin> OK
<Bullterd> but that was all in the adaptec BIOS config :)
<ropetin> Exactly
<Bullterd> I think it may be driver related :(
<ropetin> I would guess maybe a kernel module issue, yeah
<ropetin> Whats the exact model?
<Bullterd> Adaptec AAR 21610SA
<ropetin> Looks like it's aacraid you need, but not sure if it's enabled as standard or not
<Bullterd> Hah
<Bullterd> Which swiftly brings me along to
<ropetin> modrobe it?
<Bullterd> Why do I keep getting "aacraid host adapter abort request"
<ropetin> modprobe even
<Bullterd> Um, How would I do that?
<ropetin> sudo modprobe aacraid
<OscarTgrouch> what is the best way to block server access to a certain IP?
<ropetin> OscarTgrouch: iptables?
<ropetin> Or ufw which is a front end fow ufw
<ropetin> for ufw
<nitsedy> Oscar, this should help: http://www.higherpass.com/linux/Tutorials/Iptables-Primer/4/
<nitsedy> third line down
<Bullterd> ropetin: modprobe aacraid returns nothing
<ropetin> Bullterd: I'm out of ideas then, sorry
<MTecknology> So - deploying dovecot-postfix - how quickly can I setup a brand new email server?
<lamont> depends on how you define "email server"
<lamont> and how familiar you are with dovecot and postfix
<lamont> by the 3rd one, I'd expect the answer to be on the order of minutes,  most of which is waiting for hte computer to finish what it's doing
<SJr|Work> klogd is/was going nuts on my system using almost 100% cpu usage, it is unacceptable
<MTecknology> lamont: I've done courier/postfix from scratch a couple times in a vm - never dovecort
<SJr|Work> I have since restarted the machine, but to prevent this from happening again, I am left with only two options, investigate the cause of the high cpu usage, and correct it. Or failing that, format the machine and install the antithesis of Ubuntu, debian.
<MTecknology> SJr|Work: well, if it were me, I'd do the first
<MTecknology> probably a whole lot easier
<SJr|Work> Any suspects?
<MTecknology> lamont: is dovecot easier to figure out?
<MTecknology> SJr|Work: why didn't you kill it to see what else was running?
<SJr|Work> I did
<infinity> MTecknology: dovecot pretty much "just works" for most simple configurations.
<infinity> MTecknology: So, yeah, I'd call it easy.
<MTecknology> infinity: cool :)
<MTecknology> infinity: anything special for multiple domains?
<infinity> Depends on what you mean by "mutliple domains".
<infinity> Multiple domains being delivered to real local users, or virtual users?
<lamont> MTecknology: dovecot is on my list of things to figure out
<MTecknology> virtual
<infinity> I don't do virtual users, so couldn't say.
<infinity> I do "virtual domain" in my MTA, in the sense that they all have their own aliases and such, but back-end delivery still ultimately lands in the mailboxes of real UNIX users.
<MTecknology> I would like to keep all mail in /var/spool/mail/virtual/user stored in maildir format - I prefer not having real users
<infinity> MTecknology: Combining it with something like vpopmail might make the virtual user thing easier.
<infinity> MTecknology: But yeah.  Not my bag, so I can't be incredibly helful on that score.
<MTecknology> thanks for the info - I'm excited to use it
<Bullterd> Fuck Sakes
 * Bullterd starts thinking M$ might be easier
<ropetin> Does this help Bullterd?
<ropetin> http://linux.adaptec.com/?p=22
<Bullterd> yeah i checked that o8ut
<Bullterd> Didnt make any sense, dell have changed the page he links too
<Bullterd> atleast, I think they did
<ropetin> k
<Bullterd> I love linux
<Bullterd> I fucking hate hardware incompatibility
<RS_Asleepy> Hello
<Bullterd> ello
<ropetin> !cc
<ubottu> Sorry, I don't know anything about cc
<ropetin> Doh!
<ropetin> :D
<Bullterd> !boobs
<ubottu> Sorry, I don't know anything about boobs
 * Bullterd chuckles
<RS_Asleepy> I'm having a bit of an issue trying to install Ubuntu Server 8.10 :(
<RS_Asleepy> Trying to boot the Ubuntu Server 8.10 Server CD and it loads as far as "Loading...boot" and goes no further. Any ideas? :(
<Bullterd> Checked the media ?
<Bullterd> DVD / CD Drive OK? (as in, not an old shitey one)
<RS_Asleepy> Tried a couple of different brands of CD. I did put a memtest86+ ISO on one and that booted up no idea
<Bullterd> Dunno
<RS_Asleepy> It's a VIA Epia 5000.
<Sam-I-Am> not trying to fun 64-bit on 32, right?
<Sam-I-Am> fun/run
<RS_Asleepy> Nope :)
<Bullterd> Dang, theres a concept
<Bullterd> XP picks up everything first time
<Bullterd> :'(
<RS_Asleepy> I did have a look around and I did notice some people did have issues with the Epia, but they all seemed to be at least able to install it!
<Sam-I-Am> have you tried any other linux distros?
<Sam-I-Am> like... debian lenny, or ubuntu 9.04 beta?
<RS_Asleepy> It has debian on it but I thought I'd give Ubuntu a try
<RS_Asleepy> Not tried 9.04
<RS_Asleepy> I did notice there was 8.04 LTS, but I'm not sure if a) thats a wise choice to use b) what the difference is between that and 8.10
<Sam-I-Am> it has extended support... thats all
<LonelyGirl545454> Hello all
<RS_Asleepy> I don't think I'm doing anything daft :)
<Bullterd> LonelyGirl545454: Pics else liez! :D
<Bullterd> LonelyGirl545454: That aside, can I help ?
<LonelyGirl545454> Im having trouble setting up Jinzora on Ubuntu 8.10 server.  Im following this wiki http://en.jinzorahelp.com/wiki/Linux_Installation_with_shell_access  I've gotten to the part where i set up the permissions.  Then when i direct my browser to the folder i get a "403 forbidden Error" .  Any ideas?
<Bullterd> ropetin: Haha, guess what color my screen just turned
<Sam-I-Am> your permissions are wrong :)
<LonelyGirl545454> =) Hi Sam.
<LonelyGirl545454> Should i be using something different then "chmod 744 configure.sh"
<LonelyGirl545454> Im new....SHHHH. =)
<Sam-I-Am> thats just the script... the 403 is from what the web browser probably doesnt have permission to read
<Bullterd> What Sam-I-Am said basically
<Bullterd> chmod the folder
<Bullterd> LonelyGirl545454: Did the shell script execute OK ?
<LonelyGirl545454> Is that when i set the permissions.  Im sorry.  Im extremely new to this.
<LonelyGirl545454> It said it was ready to install and to direct the browser to http://ip/jinzora2 after i set the permissions
<LonelyGirl545454> Bull should i cd to /var/www and then type chmod 744 jinzora2?
<Bullterd> erm
<Bullterd> LonelyGirl545454: It says you've gotta execute the shell script
<Bullterd> did you do that
<LonelyGirl545454> @bull.  i sent you a private message dont know if you received it or not.
<LonelyGirl545454> Im not sure exactly what part of the wiki has me Executing the shell script.  in all honesty i dont even know what that means.  Please feel free to enlighten me. =).   I've done everything down to the setting permissions part.
<MTecknology> There any guides to deploying dovecot-courier?
<MTecknology> I selected it on installatiopn
<Sam-I-Am> anything in the server guide?
<MTecknology> not that i saw
<Sam-I-Am> gotta be something out there...
<Sam-I-Am> i'm familiar with cyrus, but not dovecot/courier
<MTecknology> i'm sure there is, idk where it's at - that's why I'm asking :P
<MTecknology> Sam-I-Am: in 9.04 there's a dovecot-courier package
<OscarTG> how do i list all the servers that are running on my machine>?
<ScottK> MTecknology: You mean using dovecot with courier-mta?
<MTecknology> first created user in 9.04 isn't automatically in the sudoers file....
<MTecknology> wtf
<Sam-I-Am> MTecknology: it was for me
<MTecknology> i tried sudo -s and it said differently
<Sam-I-Am> is that the user you installed with?
<Sam-I-Am> when it asked for a user
<MTecknology> just installed it - ya
<MTecknology> only user that exists
<MTecknology> i ran id and it only shows uid=1000(michael) gid=1000(michael) groups=1000(michael)
<Sam-I-Am> weird...
<MTecknology> extremely - fresh install
<MTecknology> I can't fight with figuring it out though... i have no mail server right now :P
<MTecknology> hurray for recovery boot
<infinity> MTecknology: Did you do an "expert" install?
<infinity> MTecknology: If you do an expert install and set a root password, it bypassed the usual adding-the-first-user-to-admin-groups and such.
<infinity> (at least, it used to)
<MTecknology> nope, just standard server install
<MTecknology> oh well - all better
<MTecknology> only 80 updates
<Bullterd> I love this.
<Bullterd> Linux's main issue: Hardware compatibility
<Bullterd> What do I get? Thats right, Hardware compatibility
<Bullterd> Windows's Main Issue: BSOD's
<Bullterd> What do I get? Thats right, a BSOD
<Bullterd> and wheres my Official ubuntu stress relief ball I bought last week?
<MTecknology> perhaps you have bad hardware...
<Bullterd> Yep, Cant find it
<Bullterd> MTecknology: Nah, Its not bad
<Bullterd> Linux didnt like my adaptec controller, thats fair doo's
<Bullterd> Windows didnt like not having drivers for my onboard SATA
<MTecknology> still nothing found for dovecot-courier...
<infinity> MTecknology: dovecot-courier wouldn't make much sense, since they both fulfil the same role.
<MTecknology> s/courier/postfix/
<infinity> Well, there's nothing to configure to make them work together, really.
<infinity> By default, they Just Work.
<MTecknology> !info dovecot-postfix
<ubottu> Package dovecot-postfix does not exist in intrepid
<MTecknology> !info dovecot-postfix jaunty
<ubottu> dovecot-postfix (source: dovecot): full mail server stack provided by Ubuntu server team. In component main, is optional. Version 1:1.1.11-0ubuntu3 (jaunty), package size 21 kB, installed size 112 kB
<infinity> For things like virtual users, you configure postfix to deliver to said virtual users, you configure dovecot to read from them.
<infinity> Just install dovecot and postfix. :P
<MTecknology> I know, one handles delivery and one handles reading
<MTecknology> infinity: I installed that package... idk how to configure it - I've never dealt w/ dovecot before
<infinity> Or, if you're happier with courier, postfix and courier, or exim4 and courier, or, or, or...
<infinity> MTecknology: Well, for basic use, it's already configured.
<infinity> MTecknology: For deeper and crazier configs, the dovecot wiki is good.
<MTecknology> how? it automatically knows everything about everything?
<infinity> MTecknology: Well, a default setup doesn't have virtual users or anything, so yeah, a default postfix and default dovecot just DTRT.
<MTecknology> that makes very little sense that it knows everything about the server environment
<infinity> MTecknology: What's there to know?
<infinity> MTecknology: We have filesystem hierarchy standards and such for a reason.  Every MTA and MDA we ship knows where things happen by default.
<infinity> MTecknology: Until you decide to do something slightly more fun/funky, they all "Just Work".
<MTecknology> i never expected anything to be able to happen like that
<MTecknology> authentication is handled by pam?
<infinity> Yup.
<MTecknology> and maildir automatically exists for the user?
<infinity> Don't recall if the default setup is mbox or maildir, to be honest.
<MTecknology> what about multiple domains?
<MTecknology> I have 5 of them
<infinity> Multiple domains to local users is just a question of what domains you ask postfic to accept mail for.  Multiple domains to aliased users would start requiring lookup maps in postfix, I assume, which is out of my scope as an exim user.
<infinity> Multiple domains to virtual users starts looking at tying something like vpopmail into postfix and dovecot for lookup tables.
<MTecknology> alrighty - I'll enjoy knowing that the package exists for smaller setups or single domains - i think I'll resort to my whole massive setup :P
<MTecknology> thanks :)
<MTecknology> infinity: the setup I was looking at originally uses courier/postfix/mysql/postgrey/sasl/amavis/spamassassin/clamav
<infinity> Whatever works for you. :)
<MTecknology> infinity: how does the default setup do w/ tls - or is that an extra config?
<infinity> Mine's exim4/dovecot/spamassasin and some other bits.
<infinity> TLS should be pretty much an out-of-the-box (maybe changing one option?) thing for most of the mail software in the distro.
<infinity> We auto-generate snakeoil certs for the lazy, even.
<MTecknology> ya - I'm going to need to figure out how to get my cert to be used
<MTecknology> that'll be fun - I can use the exact same cert for imaps/pops/smtps/https right?
<infinity> Yup.
<infinity> As long as they all use the same hostname.
<MTecknology> awesome
<MTecknology> I figure I have an hour left before email messages start bouncing and not coming back
<MTecknology> almost have postfix configured :D
<giovani> almost? :)
<giovani> postfix is a 10 minute from 0 to 100 config
<MTecknology> depending on how you set it up
<MTecknology> all done
<MTecknology> it was about a 45min setup for me - I have a crap load of security options and other crap setup
<MTecknology> I lied, forgot about setting up tls
<MTecknology> /etc/postfix/master.cf isn't so much fun to muck around in
<MTecknology> almost have my mail server redone except for smtp... biggest part right now
<JanC> postfix requires a bit of reading docs, but it's not illogical once you understand...  ;)
<MTecknology> JanC: It should be working right now - but I can't connect on that port
<MTecknology> not open at all
<JanC> that's better than it being open for everybody  ;)
<MTecknology> ya - but I know I have email bouncing :P
<JanC> MTecknology: the logs should have info
<JanC> BTW: what are you trying to do?
<MTecknology> lol - had three files owned by root instead of postfix
<MTecknology> JanC: setup a mail server
<JanC> "a mail server" can be a lot of things...
<MTecknology> email
<MTecknology> courier/postfix/mysql/postgrey/sasl/amavis/spamassassin/clamav
<JanC> my server does IMAP (using dovecot) and SMTP (using postfix)
<JanC> incoming mail on the default SMTP port
<MTecknology> yup
<JanC> mails I send on the "submission" port
<MTecknology> yup
<JanC> (meaning SMTP over TLS/SSL)
<MTecknology> yup ;)
<JanC> + authentication
<twb> The submission port need not be SSL, I think
<JanC> twb: need not be, but if you want security...  :P
<twb> Right, so they are orthogonal.
<twb> And both good, of course.
<JanC> I use this with my laptop everywhere
<JanC> and it's easy enough to require TLS/SSL on it
<JanC> MTecknology: so, what doesn't work?
<JanC> MTecknology: and why use courier ?  ã
<MTecknology> it's working now
<JanC> forgot to restart a daemon?  ;)
<MTecknology> because I know courier, never used dovecot
<MTecknology> permissions
<MTecknology> /etc/init.d/postfix check   let me know what was wrong
<JanC> right
<MTecknology> This is why postfix took so long to configure - http://pastebin.ubuntu.com/148082/
<JanC> hm, I don't use amavis anymore
<MTecknology> why not?
<JanC> I had to restart it too often...   :P
<JanC> (manually, that is)
<MTecknology> I hope I won't have to
<MTecknology> I set it up to notify on updates, so it should be good
<MTecknology> wtf......
<MTecknology> I just accidentally ran sudo reboot instead of sudo aptitude update
<JanC> lol
<MTecknology> JanC: why does your nick seem so familiar?
<JanC> but amavis just kept eating memory on my server, so I removed it  ;)
<JanC> MTecknology: #ubuntu-locoteams ?
<MTecknology> oh - thanks
<JanC> and ubuntu-be.org  ;)
<MTecknology> that would be it :)
<JanC> IIRC you made our site theme
<MTecknology> yup - you like it?
<JanC> yeah, it's good
<JanC> now we just need to make the site better  ;)
<MTecknology> I'm in that boat too - feel free to stick around in -drupal :)
<JanC> -drupal ?
<JanC> ubuntu-drupal ?
<MTecknology> #ubuntu-drupal
<MTecknology> ya
<JanC> it's mostly Pierre who does the site admin tasks though
<MTecknology> well - after an update I'll need to reboot my server - I always reboot for kernel updates - that's a good idea, right?
<JanC> without a reboot kernel upgrades have no effect
<JanC> but on my server I wait a day to see if it will cause no major breakage
<JanC> at least for most kernel updates
<MTecknology> you mean like waiting for bug reports?
<JanC> bug reports or people complaining in blogs or whatever
<MTecknology> oh
<JanC> if something is really wrong with a kernel, it will be published widely in no time  ;)
<JanC> depends on what was fixed
<MTecknology> I suppose - I can wait till after release before rebooting again
<MTecknology> any eta on ubuntu supporting ext4 defrag?
<MTecknology> preferably online - but I don't care how it's done
<JanC> I'm the only one with access to this server, so local privilege escalations are not as urgent as they would be for a shared hosting provider
<JanC> eh, I hope you don't use ext4 yet?  ;)
<MTecknology> lol - what you said reminded me about how I upgraded to 9.04 and Ext4 remotely - ext4 on /, /home, and others
<MTecknology> would been fine if other tutorials didn't leave out a vital step - but that wouldn't even have been an issue if my motherboard wasn't crapping out
<MTecknology> why not?
<JanC> because it's new?
<MTecknology> lol - that's how I run
<MTecknology> all my servers are now 9.04, my laptop is, my servers are one defrag away from being all ext4
<MTecknology> I'm that guy you guys like that reports huge issues where a system dies because they tried the newest stuff :P
<MTecknology> I have noticed issues w/ it - but they've been incredibly minor
<MTecknology> found existing bug reports and called it good enough :P
<JanC> ext4 is new & largely untested, so I don't use it for a server that has serious tasks (like providing my e-mail & some websites)
<MTecknology> email, samba, websites, backups, irc, bots, etc :P
<MTecknology> I know, not safe - and I don't advise people doing it - but I did write a blog in case people do - so they don't have the same issues I did
<MTecknology> I still need to reconfigure samba, restore data, etc on this (primary) server
<JanC> I host websites that aren't just for personal use  ;)
<MTecknology> I do a few of those - but business websites are on 1&1
<MTecknology> the bandwidth here proved to be too low to use
<MTecknology> 2.9MB/s over wireless - not bad
<JanC> I'm not talking about business, but I take open source projects seriously...
<MTecknology> my loco site is on there, that's about it
<MTecknology> for important stuff
<JanC> I host the gparted forum  ;)
<MTecknology> ya, would stick w/ stable for that
<JanC> and if I hosted my loco team site, I won't be playing with bleedign edge shit either
<JanC> actually, this server is still running debian
<JanC> well, VPS
<MTecknology> well - for a while, that site was the bleeding edge version of that package - but now dev is at staging.profarius.com
<MTecknology> You shoulda seen it when I decided it was time to clean up the code
<MTecknology> that was over 100k lines of diff
<MTecknology> and great - things seem to work except I can log into webmail - I wonder if telnet shows me messages
<twb> ITYM nc.
<MTecknology> ?
<twb> Using telnet to connect a network socket to stdio is rather... old-fashioned.
<MTecknology> it's good for testing things though - see an exact error
<twb> netcat or socat at least lack telnets stigma.
<twb> MTecknology: no, I mean using telnet to do it, instead of a tool specifically FOR that purpose.
<MTecknology> what should I use to test?
<MTecknology> a LOGIN michael@profarius.com password   ;   * BYE Temporary problem, please try again later
<MTecknology> wtf...
<MTecknology> nice - Apr  9 23:11:34 vindico imapd: authentication error: No such file or directory
<MTecknology> the bright side is... email is coming in right now
<MTecknology> I wish I knew how to track that down
<JanC> MTecknology: telnet does some things that most servers ignore, but it's better not to do them (so that's why you want to use netcat instead)
<MTecknology> use it the same way?
<JanC> yes, you can use them for the same things that you use telnet now
<MTecknology> ok
<JanC> telnet is for those poor souls still left on Windows  ;)
<JanC> they don't have decent tools available  ;)
<MTecknology> ok
<twb> Haha, cygwin
<JanC> netcat is probably also available as 'nc' BTW
<MTecknology> I wonder if this is killing it... MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
<JanC> twb: yeah, and maybe even in a mingw version
<MTecknology> I don't know offhand how that's built
<MTecknology> there we go - screwed up a default value in mysql so mail was pointing at the wrong spot
<MTecknology> JanC: How do I make directories automatically and not allow users to delete them?
<JanC> I have no clue about how you implemented your server
<MTecknology> :(
<JanC> dovecot can make directories automaticly
<MTecknology> I know courier can too - it's probably because of my funky setup
<MTecknology> I made it so I can't delete certain folders... but not so it created the whole profile automatically
<MTecknology> I am so unbelievably happy I don't need to do this on a large scale
<MTecknology> I installed courier-webadmin but I don't know how to get to it - any pointers?
<Kamping_Kaiser> tried http?
<Kamping_Kaiser> :)
<Kamping_Kaiser> !info courier-webadmin
<ubottu> courier-webadmin (source: courier): Courier mail server - web-based administration frontend. In component universe, is optional. Version 0.60.0-1ubuntu2 (intrepid), package size 47 kB, installed size 256 kB
<MTecknology> Kamping_Kaiser: I tried getting to it but I don't see any apache files for it
<Kamping_Kaiser> MTecknology, i'd suggest looking in /usr/share/doc/courier-webadmin/ for doco
<Kamping_Kaiser> MTecknology, probably drops a file in /etc/apache2/conf.d/
<MTecknology> there isn't
<MTecknology> I checked there which is why I;m confised
<Kamping_Kaiser> odd. try the doco dir, i might have a readme.debian
<MTecknology> there is
<MTecknology> http://localhost/cgi-bin/courierwebadmin
<Kamping_Kaiser> s/i /it
<Kamping_Kaiser> \o/
<MTecknology> but I go there and get nothing
<Kamping_Kaiser> check your logs for info.
<MTecknology> nothing to really look for though - there's no apache config
<MTecknology> Kamping_Kaiser: this sucks :(
<Kamping_Kaiser> MTecknology, sorry, i cant really help with specifics, and i didnt know the utility existed until you told me about it.
<MTecknology> from what I'm seeing - it should "just work"
<Kamping_Kaiser> MTecknology, i can only suggest things like check you have cgi setup in apache properly - with niche apps dependencies can go astray without people noticing at times.
 * Kamping_Kaiser shrugs. :9
<Kamping_Kaiser> * :(
<MTecknology> thanks for trying :)
<MTecknology> it sounds like it could be a really awesome tool
<Kamping_Kaiser> good luck with it, let me know if you win
<MTecknology> yup
<MTecknology> I've won on most everything else so far today - jsut want to alter the way it works a little bit and I'm tired of massive configsd
<Kamping_Kaiser> I might be about to have a win as well.
<MTecknology> win what?
<Kamping_Kaiser> building a custom install cd
<MTecknology> fun
<Kamping_Kaiser> not really :p
<Kamping_Kaiser> anyhow, brb
<MTecknology> what purpose?
<MTecknology> !info courier-webadmin
<ubottu> courier-webadmin (source: courier): Courier mail server - web-based administration frontend. In component universe, is optional. Version 0.60.0-1ubuntu2 (intrepid), package size 47 kB, installed size 256 kB
<MTecknology> !info courier-webadmin jaunty
<ubottu> courier-webadmin (source: courier): Courier mail server - web-based administration frontend. In component universe, is optional. Version 0.60.0-2ubuntu1 (jaunty), package size 48 kB, installed size 260 kB
<MTecknology> I wonder how long it'll take to run updatedb on 1.5TB
<cemc> MTecknology: probably the file count is more important than how much it occupies
<MTecknology> cemc: hm?
<cemc> AFAIK updatedb creates a list, an index of all the filenames and directories
<sejo> someone experience with python-pgsql on ubuntu hardy? can't get it installed
<cemc> so it doesn't really matter how mach data you have, if you have 1 large 1.5TB file, it won't take a second to run updatedb. if you however have lots of files and directories, it can take a while
<sejo> python-psycopg2: Depends: python-egenix-mxdatetime but it is not installable
<sejo> same for python-pgsql
<MTecknology> sejo: oh.. whole lotta files
<MTecknology> figure < 50MB each
<sejo> MTecknology: ?
<sejo> this is on an ubuntu hardy (server)
<MTecknology> cemc: **
<cemc> on my laptop with 160k files it takes about 30 seconds to run
<MTecknology> How can I see how many files it scanned?
<MTecknology> I know the first time takes longer
<MTecknology> How do I run perl code in apache?
<MTecknology> :'( - I want to get these two things done before sleep
<jpds> MTecknology: Tried libapache2-mod-perl2?
<MTecknology> ya, didn't help
<MTecknology> jpds: wanna peak at my config?
<MTecknology> http://pastebin.ubuntu.com/148223/
<MTecknology> it's short
<acicula> that's not with mod-perl?
<acicula> but you still dont get perl code execution with that snippet?
<MTecknology> acicula: nope
<acicula> anything helpfull in the logs?
<acicula> i think it should work exactly the same as using php 4 in cgi mode
<acicula> maybe that helps with finding config examples
<MTecknology> my coputer just freaked
<MTecknology> [Fri Apr 10 04:02:14 2009] [notice] Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
<MTecknology> only thing resemnling an error
<acicula> did you threatn it to install windows again?
<MTecknology> it's in error.log
<MTecknology> nope
<acicula> that is remarkebly unhelpfull
<acicula> heh
<MTecknology> the error?
<MTecknology> I know it is :P
<acicula> yeh, heh
<acicula> so if you request the perl cgi through apache, what happens
<MTecknology> wants me to dload file
<MTecknology> I wanna be sleeping by 5am
<acicula> ah
<acicula> so it doesnt know it's supposed to execute it\
<MTecknology> doesn't seem like it
<MTecknology> makes no dang sense...
<acicula> so your configuration is not faulty, it's just doesnt do what you want
<MTecknology> sure
<MTecknology> I usually assume I just screwed up
<acicula> though dunno whats missing, have a look at how to conf the php4 bin with cgibin, this works in the same way, just swap php for pl
<acicula> or use modperl :)?
<MTecknology> ya - i did that alreyad
<MTecknology> damned courier-webadmin - thought life was going to get easier
<acicula> hehe
<MTecknology> regenerating this ssl cert is a pain too
<acicula> heu why
<MTecknology> Distinguished Name does not match existing certs Distinguished Name
<MTecknology> no idea what that means
<uvirtbot> New bug: #357569 in samba (main) "please set usershare path" [Undecided,Incomplete] https://launchpad.net/bugs/357569
<acicula> The Distinguished Name information should be entered accurately to reflect your registered organization name
<MTecknology> heh... I don't even get asked to enter that info
<MTecknology> DN
<MTecknology> hurray, I think I have this thing re-keyed
<MTecknology> great - now I'm too tired to remember how to impliment these :P
<MTecknology> screw it - it's 04:41
<MTecknology> I'll ttyal
<acicula> nn
<kraut> moin
<uvirtbot> New bug: #358652 in mysql-dfsg-5.0 (main) "Error during mysql slave replication" [Medium,Incomplete] https://launchpad.net/bugs/358652
<uvirtbot> New bug: #358801 in mysql-dfsg-5.0 (main) "sal all" [Undecided,New] https://launchpad.net/bugs/358801
<t325> Hello, I'm trying to build mysql-5.1.33 from a modified generic source code on an Ubuntu box (not sure of the version, it's an Amazon EC2 box set up by another guy working on the project) with OpenSSL; cannot figure out which value I have to pass to --with-ssl= in the configure statement (--with-openssl doesn't exist anymore in the last MySQL 5.1 releases, you have to specify the path where to find the OpenSSL libs). Have the openssl package installed. It 
<t325> Google led me to an outdated tutorial for MySQL 5.0 on Ubuntu with OpenSSL and a Debian Etch-specific tutorial (http://talkingcode.co.uk/2007/11/12/error-2026-hy000-ssl-connection-error-the-joy-of-mysql-ssl-on-debian/)
<acicula> t325: they are probably in /usr/bin ? try locate libssl
<acicula> err /usr/lib
<t325> In fact libssl-dev has to be installed (didn't have it); then dpkg -L libssl-dev (got the reply on ubuntu-devel..)
<t325> then configure mysql -with-ssl=/usr/include/openssl/
<t325> now will it build that's another question..
<acicula> arent there packages with prebuilt ssl support?
<t325> I modified the source code; adding SSL support to the Federated storage engine
<t325> but I think that they aren't
<t325> MySQL doesn't care much about SSL
<t325> (and the packagers seem to follow this trend)
<acicula> i suppose most mysql servers are not attached to public interfaces much
<t325> might be, but anyways I think that SSL should be given more support since the wide adoption of MySQL by very different businesses with very different needs..
<acicula> http://dev.mysql.com/doc/refman/5.0/en/secure-using-ssl.html
<acicula> seems it supports ssl already?
<acicula> and you dont need to specify the =path either it seems as long as your dev headers are in the default location
<acicula> as far as being build with ssl support, you'd have to take that up with the maintainer, or modify the deb package file?
<t325> talking about 5.1; it does support SSL, but badly - you have to investigate if you want to build against OpenSSL which is way more feature complete than built-in yaSSL but non-GPL -> legal bs
<t325> ..it built successfuly!
<t325> I only test it on Ubuntu, it will not be the production platform, but yes I could get in touch with the maintainer..
<uvirtbot> New bug: #359062 in php5 (main) "bad symlink or missing package in php5-dev with libtool.m4" [Undecided,New] https://launchpad.net/bugs/359062
<jcastro> kees: https://wiki.ubuntu.com/UbuntuOpenWeek/Prep
<jcastro> kees: I was thinking, could someone on the security team do something like "Introduction to Apparmor" or something?
<madmartian> could anyone help me set up spamc to filter my mail through a provider's spamd service?
<bytor4232> madmartian: spamc -d ip_address
<bytor4232> madmartian: Of course, the spamd at ip_address needs to be able to listen
<madmartian> bytor4232: is there a way I can integrate that into postfix
<cornmander> hi, I just noticed that trying to execute things in my cwd fails: -bash: ./hldsupdatetool.bin: No such file or directory
<cornmander> even though hldsupdatetool.bin exists and has 755 permissions
<cornmander> ah, got it, I don't have 32 bit libs installed
<bytor4232> madmartian: I'm not sure.  I've always used spamc in procmail
<madmartian> bytor4232: how does that work?
<ivoks> that's slow and bad for CPU
<mike-9> Having a problem logging in (on ubuntu). I'm currently connected to my headless server because I got an error logging in with putty. I try to log in with my normal user and I get this: setuid: Resource Temporarily Unavailable. However, I can log in as root (which is why I'm logged in as root). Any ideas on what I need to do to fix this? Google didn't provide much help
<ivoks> might be lots of things
<ivoks> did you check dmesg?
<ivoks> for filesystem errors
<mike-9> ivoks: dmesg is flooded with firewall messages. err, I need to fix that.
<ivoks> have you changed anything for your user?
<cjwatson> that sounds like the system is under exceptionally heavy load, to me
<cjwatson> check top
<cjwatson> firewall message flooding might not be helping
<cjwatson> setuid(2) says:
<cjwatson>        EAGAIN The uid does not match the current uid and  uid  brings  process
<cjwatson>               over its RLIMIT_NPROC resource limit.
<ivoks> good one
<cjwatson> which is the error you're seeing - so, in English, your normal user has too many processes running
<cjwatson> (or else resource limits are misconfigured, I suppose)
<ivoks> anyone has experience with four quad core cpus? i've heard opteron is better for that amount of cpus, cause xeon is limited by fb-dimm
<madmartian> how do I set up a filter in Postfix? I want to do spam filtering with spamc using my hosting provider's spamd daemon, and I can't work out how to put spamc in the pipeline?
<giovani> madmartian: did you read the postfix documentation?
<madmartian> giovani: yes, but I can't seem to make head nor tail of it and there has to be an easier way of integrating spamc than a shell script
<giovani> it's pretty clear, I think
<giovani> http://www.postfix.org/documentation.html
<giovani> the content inspection section
<Black_Lord> Ã¯Ã°Ã¨Ã¢Ã¥Ã² Ã¢Ã±Ã¥Ã¬
<madmartian> giovani: i'm looking at http://www.postfix.org/FILTER_README.html
<Black_Lord> Ã¥Ã±Ã²Ã¼ ÃªÃ²Ã® Ã­Ã¨Ã¡Ã³Ã¤Ã¼?Ã¦Ã¨Ã¢Ã®Ã©
<MTecknology> time to finish redoing my server :)
<Black_Lord> Ã¬Ã®Ã¦Ã­Ã® Ã¯Ã®Ã±Ã²Ã Ã¢Ã¨Ã²Ã¼ Ã³Ã¡Ã³Ã­Ã²Ã³ Ã±Ã¥Ã°Ã¢Ã¥Ã° Ã± Ã£Ã°Ã Ã´ Ã®Ã¡Ã®Ã«Ã®Ã·ÃªÃ®Ã©?
<madmartian> !ops
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz or tom
<ikonia> Black_Lord: please stop that
<madmartian> thanks for your help
<frojnd> hello there
<petia> ivoks, early today today, we are working till 2 pm cause of the catholic easter
<petia> so i'm about to go home , yeaa !!!!
<ivoks> ?
<petia> ivoks, i'm just glad i'm leaving early today , and its a holiday i had to share with you since you are my friend
<ivoks> i am?
<ivoks> :)
<petia> yeah you helped me out, so i consider you my friend !
<frojnd> bah.. lucky u... I have to program or learn to program with  MFC VS08 here :(
<ivoks> petia: well, happy easter
<petia> you too guys
<petia> i'm out
<ivoks> oh, we don't install dovecot-postfix as a mail task?
<ivoks> a bit disappointing :)
<lamont> ivoks: huh?  is that gonna have to wait for karmic then?
<ivoks> i had even bigger plans for karmic, like ldap integration and stuff
<ivoks> i was expecting this would be in jaunty
<MTecknology> ok... I have a .key and .crt for my server and the .crt for the issuer. I setup postfix and apache to use it - but I have no idea how to take care of this for courier since it wants a .pem file
<cemc> MTecknology: you can just cat .crt .key > .pem
<cemc> and give that to courier
<cemc> so the .crt and the .key will be in the .pem file
<MTecknology> oh - thanks :)
<frojnd> does ubuntu have somesort of a search engine that finds a package and it's repository ?
<frojnd> I need a repository for bittorent package
<giovani> huh?
<ivoks> ERR: do not understand
<giovani> frojnd: the "bittorrent" package is provided in the ubuntu repositories, no searching required
<giovani> `sudo apt-get install bittorrent` will do it
<ivoks> lamont: we should also put 'ntp' as a dependecy for dovecot-postfix for next release
<ivoks> since dovecot doesn't like ntpdate :)
<lamont> ivoks: everything likes ntpdate.  just only once at boot, kthx.
<ivoks> :)
<lamont> how does dovecot "doesn't like" it?
<ivoks> cause it shifts clock
<ivoks> and it time is shifted backwards, dovecot does a suicide
<lamont> well, yeah, does it then scream about things that are older than older things?
<lamont> \o/
<lamont> sounds like a dovecot bug
<lamont> :-p
<ivoks> well, it's a feature
<lamont> and yeah, we should depend on ntp
<lamont> rather, dovecot could solve the bug by depending on ntp
<ivoks> it writes 'Time shifted backward, I'm going to kill my self now'
<ivoks> and dies
<ivoks> http://wiki.dovecot.org/TimeMovedBackwards
<lamont> yeah - the package clearly depends on ntp (since we can't encode "ntp || !ntpdate" in Depends)
<giovani> what do you mean dovecot should depend on ntp? how does dovecot control the ubuntu package?
<ivoks> we are talking about dovecot-postfix package
<giovani> ohh, I see
<ivoks> or dovecot-common package
<ivoks> whatever, the point is that package depends on another pacage
<ivoks> ntp-server
<lamont> ivoks: well.. if the dovecot package is FAIL on a machine with ntpdate and not ntp, then it depends as above...  but yeah, fixing it in dovecot-postfix is prolly less politically turbulent
<lamont> ntp-server only (currently) exists in dapper
<lamont> ntp is the true name
<ivoks> well, ntp
<lamont> :-D
<lamont> wow.  and it's completely gone from debian
<lamont> which is to say that dapper is older than oldstable.  how very, um, painfully strange
<ivoks> hehe
 * lamont goes to ponder the weirdness inherent in that for a while
<ivoks> is that a first supported distribution with packages older than debian oldstable?
<ivoks> :)
<ivoks> i still have one 6.06 server
<ivoks> cjwatson: would it be impossible to change task in ubuntu-server now? if yes, then i won't even bother chasing that goal :/
<vexic> has anyone here used talk or talkd before?
<MTecknology> great - no pidgin account will connectright now..
<MTecknology> how is it that not a single account is connecting....
<MTecknology> ok... I installed my certificate for apache and it worked fine, but courier/postfix aren't working right and I think it's because I need an intermediate bundle for them too. How do I set the intermediate crt file for them?
<lamont> ivoks: I expect he's holiday today, prolly monday too
<lamont> ivoks: but -release might be able to answer that
<ivoks> right
<lamont> you ask, I'll chime in...
<ivoks> wrong approach or nobody is in there :)
<tubuntu> Hello is there someone that can help me with a problem conecting an xp pc to my ubuntu server?
<MTecknology> GR! I can't figure out how to make courier or smtp use an intermediate crt bundle
<MTecknology> cemc: ok - so when I create a .pem with the intermediate bundle, does it matter what order I put things in?
<acicula> did you whip perl into submission yet?
<MTecknology> nope - more worried about certs atm
<MTecknology> I have apache working fine with it - but that's it
<acicula> i'm not much help with that, all my server does is forward some local mail
<MTecknology> great - apparently I can't sent through my smtp
<MTecknology> hrm - smtp is throwing an authentication error too
<MTecknology> this is very very very annoying
<MTecknology> Apr 10 15:29:32 vindico postfix/smtpd[22433]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
<giovani> well pastebin your SASL config
<MTecknology> giovani: I don't recall doing any configuration to sasl
<giovani> heh
<giovani> well it wouldn't do SASL unless you configured it to do so
<giovani> paste your main.cf then
<giovani> in a pastebin
<MTecknology> http://pastebin.ubuntu.com/148580/
<MTecknology> master.cf - http://pastebin.ubuntu.com/148581/
<giovani> permit_sasl_authenticated
<giovani> why do you have SO many smtpd_recipient_restrictions?
<giovani> jesus ... there are dozens
<giovani> and there are duplicated lines
<giovani> fix that
<MTecknology> duplicate lines explained by a very late night :P - 5am
<giovani> uh, ok?
<giovani> well clearly you're including sasl there
<giovani> why, I'm not sure
<giovani> did you just paste those lines from a howto?
<MTecknology> a couple of them
<giovani> sigh
<giovani> that's never a good idea
<MTecknology> I was in a rush to redo my mail server
<MTecknology> I was using zimbra prior
<giovani> yep, understood -- but this just creates problems that now have to be sorted out
<giovani> postfix is a 10 minute config normally
<PhotoJim> yeah, postfix is a pretty easy mta to configure.
<MTecknology> sasl all gone
<MTecknology> now it's saying authentication not enabled
<MTecknology> giovani: so should I purge and try it again?
<MTecknology> I do want to keep using mysql for authentication - but that's the only part i'm very concerned about - that and security
<MTecknology> giovani: so i wiped the config clean
<MTecknology> giovani: can you please help me get this working right :)
<cjwatson> MTecknology: regarding your query yesterday, we'll support ext4 defrag only once the relevant code is actually integrated into e2fsprogs upstream
<cjwatson> MTecknology: we have a little too much respect for our users' data to ship something that's still just floating around as miscellaneous patches :)
<MTecknology> cjwatson: ya - I was mostly curious if anyone knew if there was an estimated time for it - I didn't realize it was that unstable
<giovani> MTecknology: it's not "unstable" it's just not heavily tested
<MTecknology> oh
<cjwatson> I have no information on its stability; I just know that shipping code that edits ext* filesystems and isn't yet part of e2fsprogs is optimistic
<cjwatson> I don't know anything about estimated times - that's a matter for Ted Ts'o et al, I think
<MTecknology> -_- I want postfix/courier working so I can get homework done... grr
<giovani> courier ... eww
<giovani> dovecot's nice :)
<MTecknology> postfix is what I care about right now
<giovani> except that you care about courier, it seems
<MTecknology> hm?
<giovani> <MTecknology> -_- I want postfix/courier working so I can get homework done... grr
<mynous> i have a server with 2 hard drives. the second hdd seems to be completely formatted as swap. is there anyway to change this without reinstalling?
<MTecknology> ya - but right now I have no way to receive email
<giovani> mynous: sure, how would you like to have it configured?
<MTecknology> I wiped stuff clean for postfix, added the mysql stuff back, and now it's now working
<mynous> giovani: well id like to just use it as i guess the equivalent of one big hard drive
<giovani> mynous: I don't know what you mean by that
<giovani> it has to be mounted somewhere on your filesystem
<giovani> how about you run `sudo fdisk -l` and then paste the output of that in http://www.pastebin.ca/
<mynous> yes, is it possible to have /home write to it if /dev/sda1 /home gets full?
<giovani> mynous: no
<mynous> figured
<giovani> that's what RAID or LVM is for
<mynous> thats raid and not setup
<mynous> yeah
<mynous> giovani : this is what fdisk -l returns http://www.pastebin.ca/1388351
<giovani> mynous: ok ... well your problem description was incorrect
<mynous> is it that the second is just not formatted?
<giovani> that's what it says right there, yes
<mynous> does it not contain the /swap?
<giovani> no, it doesn't
<mynous> hmm
<giovani> you can see that your swap partition is on your first drive
<giovani> #
<giovani> /dev/sda1   *         524       38913   308367675   83  Linux
<giovani> #
<giovani> /dev/sda2               1         523     4200997   82  Linux swap / Solaris
<giovani> damn pastebin ... with its #s
<mynous> well now i think i feel dumb
<giovani> your first drive has a / partition (I presume), and a swap partition
<giovani> it's a basic, and standard setup
<mynous> yeah
<giovani> you're welcome to partition your second drive and use it for something
<mynous> i was mistaking /dev/sda1 for sdB1
<mynous> or 2 rather
<uvirtbot> New bug: #359309 in mysql-dfsg-5.0 (main) "mysql client package has broken SSL support" [Undecided,New] https://launchpad.net/bugs/359309
<MTecknology> great - now it seems like postfix isn't logging anything for me
<LonelyGirl545454> Hello.  Bull if your out there i was talking with you last night.  Hit me up.
<MTecknology> this is almost making me consider going back to 8.04 and putting zimbra back on
<LonelyGirl545454> whys that MT?
<MTecknology> LonelyGirl545454: fighting to make everything work is driving me insane
<LonelyGirl545454> =/ Ack.  I no the pain.
<MTecknology> #postfix isn't any help either
<cemc> MTecknology: /var/log/mail.* ?
<MTecknology> cemc: I was looking there and nothing was shoing up
<cemc> MTecknology: is syslog running? ps ax |grep syslog
<cemc> is postfix running? like netstat -nlp |grep postfix
<MTecknology> ya, it's running
<MTecknology> log is too
#ubuntu-server 2009-04-11
<JanC> it took me some time to understand postfix, but once I understood I didn't have problems to get it working  ;)
<JanC> also, I didn't use it before I understood  ;)
<mattt> to get it working how?
<mattt> it works out of the box, no?
<JanC> mattt: to get it working as I wanted it to of course
<MTecknology> JanC: hi
<MTecknology> JanC: I think I'm almost done w/ my email stuff - then I need to get the ssl stuff working right
<MTecknology> GAH! - why won't this let me log in w/ postfix.....
<VK7HSE> after pulling my head out of the sand... is anyone currently using 9.04b server ???
<MTecknology> ya
<MTecknology> I'm trying to setup a mail server w/ it
<MTecknology> This is frustrating now because it's acting like there's nothing wrong w/ my postfix config and I'm actually putting in the wrong user/pass - but I know it's right
<MTecknology> AH!
<MTecknology> wrong SQL password in sasl
<MTecknology> I knew drinking would make me figure things out
<MTecknology> VK7HSE: for the post part it's been great - I upgraded to Ext4 too - so my network is pretty beta right now :P
<VK7HSE> MTecknology:  did you upgrade from a previous install or started a fresh ?
<MTecknology> 2 upgrade and one fresh
<MTecknology> I had zimbra installed on an 8.04 server - figured I may as well go fresh on it
<VK7HSE> did the upgrade go smoothly ? and apart from the ext4 has everything remained in a working state?
<VK7HSE> as I currently have 8.10 here and I'll be upgrading as soon as 9.04 is a stable release!
<MTecknology> the only reason ext4 had issues was because a lot of people missed a very important step in their blogs about it.
<Kamping_Kaiser> surely ext4 isnt shipped by default? :|
<MTecknology> no
<Kamping_Kaiser> phew
<MTecknology> that issue though made me realize (after 9hr of fighting w/ fixing) that I have a motherboard dying in one of my servers
<MTecknology> aside from bad hardware and that one step - everything went great
<VK7HSE> 8-)  I look forward to a (hopefully) stress free upgrade then!
<MTecknology> i'm sure you'll experience just that
<VK7HSE> I have a dinosaur IBM eserver here that for some reason that I can't explain! the raid wasn't picked up by 8.04 but it was in 8.10 (very strange!) so I just hope that, that bit still works or there will be a little bit of cursing this way!
<MTecknology> i'm sure it will be - if an update made it work
<VK7HSE> 8.10 was a fresh install on Xmas day! after using Debian for some time...
<VK7HSE> further details of my sever are on...  http://www.vk7hse.hobby-site.org/blog/about/
<giovani> callsign?
<Kamping_Kaiser> VK7HSE, you call that server dinosaur? bah.
<giovani> heh, well it's definitely not a "green server" :)
<VK7HSE> yes callsign is vk7hse !!! from Tasmania, Australia...
<VK7HSE> well the best part was I got it for FREE !!!  \o/
<MTecknology> first server i ever used ran as a web server - about 16mn ram w/ all 4 simms used up
<Kamping_Kaiser> VK7HSE, speaking of which, do you get on 10/40/80m HF much?
<MTecknology> about 10yr ago
<giovani> VK7HSE: yeah, but power isn't free :)
<JanC> lol, I know several radio amateurs here in Belgium and they often use their callsign as a nick too  ;)
<Kamping_Kaiser> JanC, well, its unique :)
<Kamping_Kaiser> VK7HSE, my gateway is a Sun Ultra5 :)
<JanC> we even have 3 radio amateurs in one of our local linux groups here  ã
<VK7HSE> well for those that know me that's is my alias! as for Kamping_Kaiser... I'm a packet radio nut so I'm on 40m with that but rarely ever on voice!
<giovani> packet radio ... nice
<Kamping_Kaiser> VK7HSE, ah, fair enough. I cant do packet on my Fcall, so i dont get to play :( (which is a shame, since i want to)
<JanC> they have an ubuntu server running as a packet radio "server" (or "router" or whatever you call it?)
<VK7HSE> well... originally I was going to run all the packet stuff on this server of mine but then I had a better idea! why not learn about web-servers & email etc... and that's where my journey started!
<Kamping_Kaiser> aiui you cant use a digi for routing in au, only for node hopping.
<VK7HSE> if you have the ax25 stuff configured for tcp/udp you can do what ever you like with it! the only bad part is the slow speed on the packet side!
<Kamping_Kaiser> VK7HSE, i thought the licence conditions disallowed using nodes for routing.
<VK7HSE> as it just become another Ethernet device!  well if that be the case (license) then I'm in big trouble! as my APRSD I-Gate would then be in violation!
<Kamping_Kaiser> I havent read the regs recently, but that was my impression.
<VK7HSE> back in the dark ages yes but that was all changed 5+ years ago...
<VK7HSE> anyway we're talking servers in this IRC ;-)
<Kamping_Kaiser> i've had my licence for a year, so i wasnt reading the regs more then a 18months ago :)
<VK7HSE> well in the dark ages you couldn't patch into a public network (aka IRLP) but now that is allowed as long as there is a mechanism to prevent abuse from non-licensed hams to access that system...
<VK7HSE> back to server talk!...  the sever I have... (IBM eserver 220) represents my self teaching!...  :)
<Kamping_Kaiser> :)
<VK7HSE> Kamping_Kaiser:  my fading memory has you pinned as VK5FOSS ?
<Kamping_Kaiser> VK7HSE, yup, thats me.
<VK7HSE> 8-)
<Kamping_Kaiser> :)
<Kamping_Kaiser> done terrorising vk7rad during LCA, back in vk5
<VK7HSE> well... as I mentioned I'm a rare contact on voice! but I'm active in a few mailing lists...
<Kamping_Kaiser> I dont have any HF yet, but hopefully 'soon' I will
<Kamping_Kaiser> bad location for it :(
<Kamping_Kaiser> VK7HSE, is the ibm your only server?
<VK7HSE> well for me unless it's 01101110111000111100 then ya wasting ya time!  and yes at this stage, but I'm considering a second to dedicate to packet as my current desktop is acting as that currently... well do you consider a desktop install using the server kernel a server? :P
<Kamping_Kaiser> no, becaue it has a gui ;)
<VK7HSE> that's right! it always make me chuckle when you see the question for adding a GUI to a server!
<Kamping_Kaiser> its so wasteful :\
<VK7HSE> exactly!
<MTecknology> GREAT - Now I can't log into webmail
<Kamping_Kaiser> MTecknology, :(
<MTecknology> I'm now considering downgrading to 8.04 and installing zimbra
<VK7HSE> Oh ow.... ;)
<MTecknology> huh?
<MTecknology> zimbra works pretty well otb - just need to keep ubuntu on lts releases
<VK7HSE> may be the way I typed that didn't reflect how I wanted it to sound!
<MTecknology> how did you want it to sound?
<MTecknology> better yet - explain the reason for your espression
<VK7HSE> well... that's a good question in an environment that sound is irrelevant!
<VK7HSE> treat it as... ;-)
<MTecknology> I've been fighting this for about 24hr and I've really just had enough fighting with it
<VK7HSE> maybe some sleep and return to it at a later time?
<MTecknology> I did sleep
<MTecknology> I only have one day left to work on this - not even that
<MTecknology> and I need to get homework done too
<VK7HSE> :(   well... as it's not a package I'm familiar with I'm unable to assist!
<MTecknology> I can reinstall everything in probably about 2hr
<MTecknology> maybe less - after everything is downloaded
<VK7HSE> as for the home work I never did it! and look where I am now!.... :)
<MTecknology> where are you now?
<VK7HSE> unemployed! and now just filling in time in front of this PC !!! :)
<MTecknology> oh
<VK7HSE> he he
<MTecknology> I need a drink and a blank
<VK7HSE> don't we all!
<VK7HSE> I'm an ex cancer victim so my reason for not working is actually related to that!...
<VK7HSE> just having a look at the Zimbra site...
<VK7HSE> MTecknology:  as I have LAMP setup on the desktop here for testing stuff... I'll see if I can get it to play here! (mind you I have never used this before!)
<VK7HSE> interesting though... they only have Ubuntu 8.04 LTS as the latest version...
<MTecknology> VK7HSE: it's because they only do lts builds
<MTecknology> when 9.10 comes out, they'll make a build for it
<VK7HSE> Ahh ok! so 9.04 gets missed? or was that a typo?
<MTecknology> 9.04 and 8.10
<MTecknology> zimbra is a massie package and creating an open source only version for every release of ubuntu plus the others is hard work
<MTecknology> not worth their time
<MTecknology> besides, a lot of companies are sticking to lts now
<JanC> 9.10 won't be LTS AFAIK
<MTecknology> no?
<JanC> no
<JanC> probably 10.04 will be
<MTecknology> from a marketting, developement, and support stand point lts seems like an incredibly awesome idea
<MTecknology> LOL
<JanC> with all the crazy things the ywant to do in karmic?  Idon't think so...  :P
<MTecknology> let's hope 10.04 isn't lethargic llama
<MTecknology> what do they want to do in 9.10?
<VK7HSE> pretty up the desktop...
<MTecknology> as always
<VK7HSE> amongst a lot of other things!
<MTecknology> I think they reached the level of pretty that they need - probably just keeping up w/ mac
<MTecknology> :p
<MTecknology> JanC: you know any ideas for 9.10 yet?
<centaur5> Aren't they also focusing a lot on performance for 9.10 though?
<MTecknology> I thought that's what 9.04 was for
<centaur5> Well I know 9.04 was all about performance but I don't think they finished a lot of it and boot speeds still aren't at the goal of 25 seconds.
<MTecknology> mine is
<centaur5> I hope they have more performance plans for 9.10.  :)
<MTecknology> http://profarius.com/content/jaunty-boots-fast-15sec
<VK7HSE> well the boot time is really a system dependant! (I run Dinosaurs here!)
<MTecknology> partially it is
<MTecknology> i also have a 5400 drive
<centaur5> That's after adjustments though isn't it?  How about default install.  Also I do understand it depends on hardware but I'm also talking about benchmarks that have been showing a decrease in performance for the past 3 releases according to reviews.
<MTecknology> probably trim about 2sec off w/ 7200
<MTecknology> my system is tweaked to shit
<MTecknology> my laptop :)
<JanC> Keybuk has a proof of concept system running Xubuntu that boots in 7 seconds to the desktop  ;)
<centaur5> Well I noticed a huge improvement in boot speed on my machine with ext4 and that's one reason I wanted my new server on Jaunty but Ebox doesn't have their new packages for it also my raid card doesn't get along with the installer.
<JanC> on an atom-based netbook
<MTecknology> NICE
<MTecknology> http://pastebin.ubuntu.com/148723/
<JanC> actually, jaunty boots quite fast here too
<MTecknology> dpkg --get-selections
<MTecknology> jaunty is definitely faster - no questions there
<MTecknology> ext4 helps too
<JanC> considering that I have 2 database servers, 3 webservers, etc. running
<JanC> on ext3
<MTecknology> woah - this is going to be my new -offtopic :D
<MTecknology> pgsql?
<JanC> postgres & mysql
<MTecknology> I prefer mysql
<MTecknology> just feels nicer - but I've heard pgsql is a lot faster
<JanC> depends
<MTecknology> I think I'm getting just drunk enough to install a server
<JanC> most of the services I run on my desktop are for testing, not real use
<MTecknology> I need to find a blank cd though
<JanC> or a usb stick?
<MTecknology> i've never had any luck w/ that
<centaur5> Good point I need to see if my net install is fixed with today's new netboot image.  :)
<MTecknology> where did that point come from?
<centaur5> installing a new server
<MTecknology> I know where some blanks probably are - but I'd have to break into a room and steal them
<VK7HSE> um... borrow with intent never to return! :P
<MTecknology> breaking into  a room while intoxicated - may pose a challenge
<centaur5> No, you're doing a favor by pre-loading their CD-R with Ubuntu.  :)
<MTecknology> lol
<MTecknology> w/ an old version
<centaur5> Why would you do old?
<MTecknology> 8.04
<centaur5> Oh, I had to do that version as well although I really wanted Jaunty.
<MTecknology> I have some blank dvd's in my dorm room - but I'm locked out until monday
<genii> 8.04 will be old when 10.04 becomes the current LTS version
<MTecknology> good point
<centaur5> I like to try to keep all my machines on the same version but now I had to break that cause I'm always running the newest on workstations but now I have 1 server on 8.04.
<centaur5> Now I have extra updates downloaded for just 1 box.
<MTecknology> found a blank dvd i might be able to write over
<MTecknology> s/blank//
<MTecknology> nope
<MTecknology> ok - can you guys help me get a bootable usb?
<centaur5> Install Intrepid use the new USB creator tool.  :)
<MTecknology> I have 9.04 installed on here
<MTecknology> what usb creator
<centaur5> that works
<MTecknology> ?
<centaur5> Go to System -> Administration -> Create a USB Startup Disk
<MTecknology> I found a desktop version of 8.04.1 64bit
<centaur5> It's a piece of cake.
<MTecknology> I don't have gnome
<centaur5> oh
<MTecknology> what's the app called?
<twb> centaur5: open it up and run xwininfo to find out what it's called
<centaur5> usb-creator
<twb> (Might be xprop, I get them mixed up.)
<VK7HSE> MTecknology: If the file is a .img then look at http://www.vk7hse.hobby-site.org/blog/2009/03/31/imagewriter/
<MTecknology> sweet
<MTecknology> that is easy
<centaur5> I was so glad when they made that tool.
<MTecknology> that's not even funny it's so easy
<MTecknology> i'm gonna go finish some rice
<centaur5> Don't worry, the USB boot will be done before the rice!  :)
<MTecknology>  rice is done
<MTecknology> it's not booting from usb
<MTecknology> I'll do a cli install from that desktop cd
<MTecknology> oh wait... fuck
<VK7HSE> ImageWriter is for making bootable USB devices so you can either boot into a live or install...
<MTecknology> I can't do a cd install, I can't do a usb install...
<MTecknology> next option?
<MTecknology> i checked everywhere for a -rw
<MTecknology> is it possible to upgrade a 32bit install to 64bit?
<VK7HSE> I wouldn't think so...
<centaur5> MTecknology: net installs are the way to go!
<MTecknology> how do you do that?
<MTecknology> I FOUND ONE!
<MTecknology> hurray for old cd's
<centaur5> https://help.ubuntu.com/community/Installation/Netboot
<MTecknology> reinstalling - partitioning is the longest part
<centaur5> Well I'm off to get some dinner.
<MTecknology> I no longer like ext3
<MTecknology> it feels slow now that i'm watching fsck run
<JanC> ext3 can be (almost) as fast as ext4 if you want
<MTecknology> how do you make the fsck run faster?
<genii> Go to sleep while it happens
<MTecknology> i almost could
<MTecknology> it can take over 45min to run sometimes
<genii> Try running it on 4.5 Tb   ;)
<MTecknology> 1.5TB - here - but it's over 4 drives w/ 2-4 partitions each
<genii> Yeah it can take a while
<MTecknology> rebooting to new kernel after updates :)
<MTecknology> my point was that there's usually no more than about 3 running on a boot
<MTecknology> but it happens more ofter
<MTecknology> <install type="mail_server">
<MTecknology> <install type="prereq">
<MTecknology> </install type="prereq">
<MTecknology> time for another drink - bbiab
<MTecknology> <fix type="dns">
<JanC> ext3 has a mode to wait to write data until after the power-loss too  :P
<MTecknology> gr - idk how to fix this dns thing
<MTecknology> How do I tell my server that the mx record for itself is itself?
<MTecknology> maybe that will bypass the issue
<jmarsden> MTecknology: Edit the zonefile for your domain so the MX is "your server" and cause the DNS server hosting that zonefile to reload it... what is the real problem?
<MTecknology> jmarsden: publicly my mx record is right, I meant so I can do dig server.com mx from my system and have it resolve the ip
<jmarsden> So right now if you do   dig server.com mx   on your server, what is the result?
<MTecknology> nothing
<MTecknology> -_-
<JanC> MTecknology: if that doesn't work, either your MX is wrong or something else is broken  ;)
<jmarsden> MTecknology: does   dig yahoo.com mx    work?
<MTecknology> JanC: well - /etc/hosts has the ip pointing at itself - so it isn't getting out to the public records
<MTecknology> behind nat
<jmarsden> dig will not care about /etc/hosts....
<MTecknology> anyway - not the issue now - apparenlty things are vastly broken
<JanC> MTecknology: dig doesn't look at /etc/hosts
<JanC> heh ã
<jmarsden> MTecknology:   What does      dig yahoo.com mx    output?
<MTecknology> lotta ips
<MTecknology> {a,b,c,d,e,f,g}c.mx.mail.yahoo.com.
<MTecknology> {a,b,c,d,e,f,g}.mx.mail.yahoo.com. **
<jmarsden> So that works.  OK.  Does    dig yourdomain.com      work (with no mx after it)?
<MTecknology> yup
<MTecknology> 192.168.1.11
<JanC> eh
<jmarsden> Huh...?  That's not a public IP...
<MTecknology> no it's not
<jmarsden> Then don't put it in the public DNS...!?
<jmarsden> CAn you tell is what the domain in question is so we can dig it for ourselves??
<jmarsden> s/tell is/tell us/
<MTecknology> vindico.profarius.com
<MTecknology> it's resolve to 24.111.170.20 or something like that
<MTecknology> s/170/117/ i think
<JanC> 173
<jmarsden> Looks to me like there is no MX record on your DNS server for vindico.profarius.com, but there is one for profarius.com which points to vindico... so all should be working fine.
<MTecknology> doh....
<jmarsden> How are you getting the 192.168.x.x result -- do you run a fake master DNS server
<MTecknology> yup
<MTecknology> internal dns server
<MTecknology> but only A records
<jmarsden> Do you really need it?  And if so, does *it* have sane MX records?
<MTecknology> yes, I do need it
<jmarsden> OK, then put MX records on it :)
<MTecknology> can't
<MTecknology> 23:49 < MTecknology> but only A records
<MTecknology> :P
<MTecknology> I know how to fix it I think
<jmarsden> You have a fake local DNS server that is not under your own control???
<genii> Weird
<MTecknology> it's not a fake dns server
<MTecknology> it's a dns forwarder
<jmarsden> It is giving you incorrect results for the A record... I'd call that fake :)
<MTecknology> if I add a record, that address will forward to w/e ip i give it
<jmarsden> If you add a record, a working DNS server will return the info in that record when queried.
<jmarsden> Is the local server running BIND on Ubuntu?  And do you have admin rights on it?
<jmarsden> The local DNS server, that is.
<MTecknology> yes, no, yes
<jmarsden> So you must either run your own local DNS server and use that, or else just use a public DNS server.
<MTecknology> lol....
<jmarsden> Or persuade the admin of the local DNS server to fix it.
<MTecknology> convo here is getting me nowhere
<jmarsden> What prevents you running BIND on the mailserver and pointing /etc/resolv.conf to 127.0.0.1 and then adding a fake master zonefile for profarius.com on that DNS server with the exact records you want to see?
<JanC> I hope you're not running mail on NAT'ed server?
<JanC> public mail that is
<MTecknology> why not?
<MTecknology> it has it's own public ip, just sitting behind a firewall and nat
<MTecknology> JanC: why is that so bad?
<MTecknology> JanC: ?
<MTecknology> </fix type="dns" status="methinks">
<MTecknology> </install type="mail_server">
<MTecknology> Now - how do I make firefox ignore that a certificate has been revoked?
<Polk`> hello, I am trying to use RAID 5 with ubuntu server I am useing 8.04
<MTecknology> Polk`: congrats?
<Polk`> can you help me
<MTecknology> i didn't see any question
<Polk`> lol..
<Polk`> can you hello me install ubuntu on a RAID 5?
<Polk`> MTecknology,
<MTecknology> maybe
<MTecknology> been a while since I've done software raid, but last I remember it was pretty easy
<MTecknology> give me a little bit to setup a virtual environment
<MTecknology> how many disks?
<Polk`> what do u mean by softwear?
<Polk`> raid..
<Polk`> theese are actuall HD.
<Polk`> 3 of them
<MTecknology> raid5 w/ 3 disks?
<Polk`> yes
<MTecknology> you do realize you lose the capacity of two drives when you do raid5, right?
<Polk`> yes.. I mean it has 4
<MTecknology> err - now, 5 is n-1 - nvm
<Polk`> what?
<Polk`> haha.
<MTecknology> means you lose one drive by doing raid5
<Polk`> I have a RAID 5 with 4 34.7gb drives
<Polk`> mhmm
<Polk`> I understand
<MTecknology> raid6 is n-2
<Polk`> idk.. but I am using a RAID 5 and I know it looses a drive..
<Polk`> but thats how I want it
<Polk`> haha
<MTecknology> k
<MTecknology> are you doing software or hardware raid?
<Polk`> idfk.. haha
<Polk`> the machine is a fresh install
<Polk`> the harddrives are set into a RAID 5
<MTecknology> lol...
<Polk`> SO I would guess Hardware
<Polk`> but I mite be wrong
<MTecknology> when you do raid you have two options - hardware or software. If you're doing hardware then the raid is handled by your raid card - right after bios and prior to grub. You install ubuntu ignoring the fact that any raid exists
<Polk`> oh I see..
<MTecknology> after setting it up from there
<Polk`> so its hardware
<Polk`> so do I need to resize..
<Polk`> nvm
<MTecknology> resize what?
<Polk`> I just need to do guided use entire disk?
<Polk`> or LVM?
<Polk`> or encrpyted LVM?
<MTecknology> when you look at the partition manager, do you see all your disks listed? - under advanced partitioning
<Polk`> no
<Polk`> 1
<Polk`> MegaRaid
<Polk`> 140 gb
<MTecknology> then ignore that any raid exists and install however you want
<MTecknology> this is where hardware raid is nice
<Polk`> oh I see
<Polk`> I picked up 2 of these machines..
<Polk`> and both have hardware raid
<Polk`> controlets
<Polk`> controlers
<MTecknology> I've never had luck w/ hardware raid - I always needed to do software
<Polk`> y?
<MTecknology> driver support wasn't there - it might be now for those systems
<MTecknology> I'm hoping installing my server cert will work now - doubt it /me checks
 * MTecknology cries
<Polk`> haha
<MTecknology> I've been fighting this crap for days at 20hr/day
<Polk`> what?
<MTecknology> I'm getting nowhere
<Polk`> fighting what?
<MTecknology> mail server
<Polk`> oh I see
<Polk`> just use google
<Polk`> hah
<Polk`> free
<MTecknology> !enter
<ubottu> Please try to keep your questions/responses on one line - don't use the "Enter" key as punctuation!
<Polk`> what?
<Polk`> haha
<MTecknology> if you put all your value in google - then all your value is gone
<Polk`> oh I se?
<MTecknology> besides, those people that manage google servers have issues too. What would you tell them?
<MTecknology> Polk`: ?
<Polk`> yes?
<Polk`> tell who what?
<Polk`> haha
<Polk`> lol
<MTecknology> !enter > Polk`
<ubottu> Polk`, please see my private message
<Polk`> oh I see! ok... I think I got it
<MTecknology> better
<Polk`> haha .. yep
<Polk`> jeeves is here?
<Polk`> lmao
<MTecknology> Polk`: you should depart from this channel and join #ubuntu-offtopic
<MTecknology> or just join there and speak there instead
<Polk`> why is this cant I be in both?
<Polk`> oh ok
<kraut> moin
<Polk`> MTecknology, I got it
<Tuxist> hi I have problem with ubuntu 8.10 heimdal and opnafs http://rafb.net/p/xtAPbR59.html
<Tuxist> I have created this principal and add to the kextab
<ScottK> jdstrand: I added the CVEs from clamav 0.95 to Bug #354190 (too late for debian/changelog unfortunately, we shouldn't fix stuff so fast ...) - I've never grokked your CVE tracker, so FYI so you can add them.
<uvirtbot> Launchpad bug 354190 in clamav "Security fixes from clamav 0.95 need backport" [Medium,Fix released] https://launchpad.net/bugs/354190
<Polk`> is landscape free?
<ScottK> Polk`: landscape-client is, but the server component is not.
<ScottK> jdstrand: clamav 0.95.1 is uploaded to Jaunty.  Thanks for the help.
<Polk`> ok.. so I cannot see that info elsewear?
<Polk`> ScottK, ?
<ScottK> Polk`: I don' t know a lot about it, but there's a commercial service that Canonical offers to go with it.
 * ScottK doesn't use it.
<Polk`> ok.. Thnks
<Polk`> ScottK, what do u use?
<ScottK> For server management, mostly a collection of my own scripts I've accumulated over time.
<Polk`> oh I see
<giovani> nagios/puppet 4life! :)
<beawesomeinstead> giovani: i tried puppet but didnt like it -- it's pretty weird
<giovani> why do you think it's weird?
<beawesomeinstead> i use mostly capistrano + git for config files
<beawesomeinstead> giovani: i don't like the concept of puppet
<giovani> ok ...
<beawesomeinstead> it looks... overengineered for me
<giovani> you're good at vague criticism :)
<beawesomeinstead> aint i? :-)
<uvirtbot> New bug: #359669 in samba (main) "mount.cifs crashed with SIGSEGV in main() - SmbMount - smbfs" [Undecided,New] https://launchpad.net/bugs/359669
<Tuxist> I have problems with openafs and ubuntu 8.10
<Tuxist> http://rafb.net/p/Lvfwlc89.html
<Tuxist> I found the failure
<Tuxist> no iget bad ticket
<MTecknology> I GOT THE CERT INSTALLED!!!!
<cellofellow> um, not sure this is the correct place to ask, but is the Ubuntu-packaged version of Cherokee compiled with fastcgi and scgi support?
<cellofellow> or, how can I find out?
<MTecknology> cellofellow: you could "apt-get source cherokee" - something in there might tell you
<MTecknology> best answer I have for ya
<cellofellow> tried that but I don't quite understand how to read debian/rules files. I saw some mention of both so probably.
<MTecknology> sorry I can't be of more help, I have no clue on that subject. #ubuntu-motu might be able to better help you
<cellofellow> motu?
<MTecknology> master of the universe
<MTecknology> they do the packaging in the universe repos
<cellofellow> ah
<cellofellow> thanks
<thenewguy> Hi
<thenewguy> Just wondering if anybody is using KVM in a production environment?
<thenewguy> Do you think it is ready?
#ubuntu-server 2009-04-12
<jdstrand> ScottK: big thanks for taking care of 0.95.1 :)
<ScottK> jdstrand: Thanks.  Glad I could find the time to squeeze it in.
<jdstrand> ScottK: I actually added the CVEs to our tracker when they came through last week, and updated the USN
<jdstrand> (but yeah, not in the changelog)
<ScottK> jdstrand: OK.  There's one or two more from 0.95.1.
 * jdstrand nods
<jdstrand> I'll get to those next week
<ScottK> jdstrand: One of the Debian guys is going to have a look at it tomorrow, so I may have something before then.
<jdstrand> ah, great :)
<Polk`> !hammertime
<ubottu> Sorry, I don't know anything about hammertime
<cemc> is there a way to install exim without removing postfix ?
<cemc> when I do an apt-get install exim, it automatically wants to remove postfix, but I'd like to keep postfix on too
<lamont> cemc: that is according to policy.  you get at most one MTA
<cemc> I see. no way around that?
<lamont> it would violate policy if you could.  so that'd be a "no, you can't do that"
<lamont> of course, you could run the other inside of a VM or even a chroot, but then you get to decide which one listens on port 25, and which one fails
<cemc> got it
<ScottK> The one true answer is you really want to keep postfix.
<ScottK> ;-)
<cemc> I know that :)
<cemc> just wanted to do some exim testing, without removing postfix
<cemc> but I guess it only removes the package, not the config, so it's good
<cemc> policy is kinda strange tho :) why can't I have more than one MTAs if I can handle the conf, or I have multiple IPs, or whatever
<lamont> cemc: tell me how you'll have more than one daemon listening on port 25, and I'll tell you how to have policy allow multiple MTAs (oh, and make /usr/sbin/sendmail point to both MTAs while  you're at it)
<ScottK> Multiple IPs could solve the port 25 problem, but not sendmail.
<lamont> yeah
<cemc> you have sendmail.postfix and sendmail.exim, and you have sendmail pointing to one or the other, like with alternatives ?
<lamont> cemc: yeah - except for the part where debian policy says that the MTA will provides/conflicts/replaces: mail-transport-agent
<cemc> ehe :)
<cemc> too bad, but no biggie ;)
<cemc> did I say something wrong? :))
 * |Sigma| waves
<|Sigma|> is there any way to setup a VPN server so only a certain subnet gets routed through it, and everything else gets routed to a DNS server?
<twb> That would be called setting up a routing table
<twb> Yes, you an do it.
<twb> *can
<|Sigma|> great, routing table, thanks for the key word, I've been trying to figure this out for a while
<|Sigma|> so in this case, I could get away with setting up the table on the vpn server and then setting up the clients to send all traffic through the VPN, correct?
<twb> Can I remotely drop a machine into single user mode and straight back out again?
<twb> ls /proc/NNNN/ hangs, and similar problems with the process table, but I don't want to drive out there and do a hard reboot.  A soft reboot doesn't work, it just ignored my "shutdown -r now"
<bootsandall> I'm a bit new to linux, but I guess you could set up a cron job to bring it back to multi user mode in 5 minutes?
<twb> bootsandall: assuming that atd/crond aren't stopped as part of the single-user shutdown :-)
<twb> As it happens, "telinit 1" is ignored just like shutdown (which amounts to telinit 0).
<twb> I would like to blame upstart for this, but honestly it's more likely to be the mangling that openvz has done to the kernel's innars.
<twb> *innards
<ZipmaO^> Hi
<ZipmaO^> Is there some way to track a user accounts shell command history?
<ZipmaO^> I have e useracc that I used for samba and therefore had a trivial password. The account was hacked from ssh and now I want to know what they did
<ropetin> ZipmaO^: they probably covered their tracks, but what about the .bash_history file in their home directory?
<ZipmaO^> the account had /bin/sh shell at the moment
<ZipmaO^> non-
<ropetin> So as far as I know, no, there is no way to get a list of their commands
<ZipmaO^> and was not admin
<ZipmaO^> ok
<ZipmaO^> can i search for files with a specific ownership?
<ZipmaO^> I found files that I think they created in /var/tmp/.www/
<cemc> ZipmaO^: try 'man find', and search for -uid, -user
<ropetin> yup, find would be good, combined with grep
<ZipmaO^> ok, really thanks for the help
<cemc> something along the lines of: find . -user 'foo' (find all the files with owner foo in the current directory and below, aka recursive)
<cemc> well this actually will find directories too, see -type
<ZipmaO^> I didn't mind much when I noticed that someone logged in as the account when I ran "lastlog"
<ZipmaO^> so I changed the shell then to /bin/false to prevent it again
<ZipmaO^> But earlier today I noticed in syslog that somekind of cron-job was running every minute
<cemc> oops :) sounds like you got hacked, or something ;0
<ZipmaO^> found it in the hacked accounts crontab and it led me to /var/tmp/.www/
<ZipmaO^> yep..
<ZipmaO^> well the accound had the same name as passwd
<ZipmaO^> Kinda scary but I guess I don't have to worry that much since the acc isn't in the sudoers list?
<cemc> weell...
<cemc> you _really_ want to check everything, you never know
<yann2> ZipmaO^ > check /tmp, often stuff in there :)
<ZipmaO^> ok, will do :)
<ZipmaO^> Thanks for the help guys
<cjwatson> ZipmaO^: unfortunately, local root escalation is one of the more common categories of vulnerabilities, so I'd second the suggestion to check everything very carefully indeed
<ZipmaO> Cjwatson, I don't really understand the term "local root escalation" ?
<andol> ZipmaO: Basically a vulnerability which allows a local non-root user to gain root status. It doesn't have to be a regular user, it can also be a system user, running one of your daemons.
<ZipmaO> how would that be possible?
<ZipmaO> Or more important: what to check?
<ZipmaO> admin group, sudoers list, user shells?
<ZipmaO> running daemons processes?
<ZipmaO> noone?
<mattt> hello
<mattt> what's the question
<cemc> ZipmaO: that's the problem... what to check... if there was an exploit and the hacker gained root access, he could've hid a backdoor, or something bad like anywhere...
<ZipmaO> ok.
<ZipmaO> I see
<cemc> the smartest thing to do is probably a clean install,
<cemc> but if not... you have check everything
<ZipmaO> probably less efficient
<ZipmaO> I don't have that much configuration on the server
<cemc> not sure how is it done on ubuntu, but on redhat I did a rpm -Va, that checked every rpm installed,
<cemc> every package for changes, then I went over the list of changes etc
<cemc> check crontab, check stuff in /etc, users, change passwords, firewall ssh, let nobody in ;)
<ZipmaO>  I just ran "sudo find / -ignore_readdir_race -user *****"
<ZipmaO> just the files that I talked about earlier /var/tmp/.www/
<ZipmaO> seemed like a script hack that installed an IRC-bot
<cemc> mhm
<mattt> ZipmaO: what was the file ownership of those files?
<cemc> probably apache
<cemc> ;)
<mattt> yeah :)  check for mambo/phpbb/etc.
<ZipmaO> all the files in that folder matched ownership of the username
<ZipmaO> found some more files now..
<ZipmaO> /proc/5303
<ZipmaO> what are those folders used for?
<cemc> proc/<pid>/ contains info about that process which is running and has that process ID
<cemc> do a ps ax |grep 5303
<cemc> and you'll see what process that is
<cemc> better yet, do 'ps axu |grep 5303', so you can see the user the process is running as
<ZipmaO> ok
<ZipmaO> thanks cmec
<ZipmaO> the hacked user owns that catalouge
<ZipmaO> root      5303  3.0  0.2  13680  4860 ?        S    22:19   2:43 /usr/sbin/smbd -D
<ZipmaO> Doesn't seem weird since it's a samba user
<ZipmaO> ?
<cemc> what did you find in /proc/5303 exactly
<ZipmaO> sec..
<ZipmaO> well.. quite many folders and files
<ZipmaO> weird thing though, ran the find command again
<ZipmaO> and didn't report any files under /proc this time
<ZipmaO> Well well..
<ZipmaO> Guess I'll do an reinstall asap
<ZipmaO> just to be sure..
<cemc> yep, that's probably the best thing
#ubuntu-server 2010-04-12
<domas> anyone ever seen such installer error: http://p.defau.lt/?1XZtv34Fg4nT3UcUa_o1WQ ?
<glphvgacs> http://paste.ubuntu.com/412831/
<domas> how do I find out partition table on ubuntu-server? parted rounds to megabytes, and fdisk doesn't work with GPT
<domas> can anyone share preseed magic to align file systems? :)
<uvirtbot> New bug: #561281 in samba (main) "case sensitivity option (case sensitive=no) is not honored" [Undecided,New] https://launchpad.net/bugs/561281
<nobse> hi
<Dr4g> Guys i'm on ubuntu server version 8. What alternatives are there to cPanel ??
<twb> ebox
<Dr4g> Looks good. But no file directory access, or vhost setup.
<twb> IMO all "I want to administer the system from my browser" solutions are utter, utter shite.
<Dr4g> Ditto. I'm the sys admin but the directors are uneasy that i'm the only linux dev in the building.
<Dr4g> so they want GUI access
<Dr4g> I gave them SCP/SFTP acess and phpMyAdmin acess
<twb> As opposed to, you know, training the other sysadmins :-/
<Dr4g> but still not enough :S
<twb> I tried to sell my bosses on putting gnome-system-tools on the server and having the faux sysadmins access it using xming32
<twb> Since AFAICT all they REALLY needed was the ability to add and remove users.
<Dr4g> hehe
<twb> Instead we're running webmin (urgghh!)
<Dr4g> twb, what would you want to use insterad o webmin ?
<Dr4g> it looked not bad.. mysql, email, ftp administration.
<twb> Dr4g: a shell.
<twb> Re. FTP, http://mywiki.wooledge.org/FtpMustDie
<Dr4g> twb, i was referring to a web product like cPanel
<twb> Something that doesn't have hundreds of lintian errors, several of them critical?
<Omahn> Does Ubuntu have a command line tool that will collect all the various system configuration files and logs then bundle them up for sending to support?
<Omahn> (Other than just creating a tarball each time)
<twb> reportbug?
<twb> Except that Ubuntu NIHd debbugs :-/
<Omahn> Looks like a little script might be easiest.
 * amine_ hello
<ttx> soren: ping
<eagles0513875> hey guys im trying to upgrade ubuntu server from karmic to lucid and i keep getting this message
<eagles0513875> Exception during pm.DoInstall():  E:Internal Error, Could not perform immediate configuration (2) on mountall
<eagles0513875> any solution or way i can upgrade to lucid
<pmatulis> eagles0513875: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/559582
<uvirtbot> Launchpad bug 559582 in mountall "Upgrade from karmic to lucid failes with Internal Error, Could not perform immediate configuration (2) on mountall" [Undecided,New]
<zul> ttx: does euca have a built in dhcp server or uses the dhcp server
<eagles0513875> pmatulis: should i go ahead and confirm it
<pmatulis> eagles0513875: add that you are also affected (near the top)
<ttx> zul: i'm not sure I understand your question... eucalyptus hands off IP addresses to the VMs
<zul> ttx: k i think i figured it out
<eagles0513875> pmatulis: ty and i added myself to that list :)
<eagles0513875> pmatulis: so no way to upgrade
<eagles0513875> unless i do an entirely clean install
<pmatulis> eagles0513875: are you on #ubuntu+1 ?  if not, you should be if you are running lucid
<eagles0513875> pmatulis: i am but im on karmic trying to upgrade im just asking if my solution would be a clean install
<eagles0513875> since upgrade process is broken
<pmatulis> eagles0513875: i would wait and try again in a while.  is it a VM?
<eagles0513875> non virtualized setup
<pmatulis> eagles0513875: how did you perform you uprade anyway?
<eagles0513875> pmatulis: like the wiki says
<eagles0513875> updated fully
<eagles0513875> then ran sudo do-release-upgrade -d
<pmatulis> eagles0513875: ok.  just asking b/c the bug poster says he manually edited sources.list
<eagles0513875> pmatulis: that used to be the way back in the days of edgy etc
<eagles0513875> no need for that now
<eagles0513875> used to use source o matic hehe
<pmatulis> eagles0513875: yes, i know
<zul> ttx: the case sensitivy bug has been re-opened fyi ;)
<eagles0513875> man this is upsetting
<pmatulis> eagles0513875: so your system is a regular install (Server ISO)?
<eagles0513875> pmatulis: ya
<eagles0513875> nothing is setup on the machine have been using it as a testing and development machine
<pmatulis> eagles0513875: ok, i'm investigating
<eagles0513875> pmatulis: thanks :)
<pmatulis> eagles0513875: fresh karmic install?
<eagles0513875> yep
<pmatulis> eagles0513875: how long ago?
<eagles0513875> few weeks
<eagles0513875> its fully up to date
<ScottK> ttx: Who's the mysql expert these days?  We (Kubuntu) are still having akonadi/mysql problems and we need to coordinate on packaging changes.
<ttx> ScottK: mathiaz
<ScottK> ttx: Any idea when he'll be around?
<ttx> ScottK: usually in one hour
<ScottK> ttx: Thanks.
<eagles0513875> ScottK: any ideas on a rather nasty upgrade bug
<eagles0513875> bug 559582
<uvirtbot> Launchpad bug 559582 in mountall "Upgrade from karmic to lucid failes with Internal Error, Could not perform immediate configuration (2) on mountall" [Undecided,Confirmed] https://launchpad.net/bugs/559582
<ScottK> Nope.
<zul> ttx: ping about bug 276472 i vaguely remembering seeing a kernel patch in the samba bugzilla
<uvirtbot> Launchpad bug 276472 in samba "cp -p on CIFS mount does not preserve permissions and returns a permission denied error" [Medium,In progress] https://launchpad.net/bugs/276472
<ttx> zul: if you can find the reference back, post it as a comment -- just give Surbhi a chance to fix it
<zul> ttx: ok
<smoser> ttx, someone maybe should look at https://bugs.launchpad.net/ubuntu/+source/devmapper/+bug/557909 . it needs more information, but looks like it is fairly severe
<uvirtbot> Launchpad bug 557909 in devmapper "lucid hangs on boot because of device ownership" [Undecided,Confirmed]
<uvirtbot> New bug: #561475 in xinetd (main) "when sysctl net.ipv6.bindv6only=1, xinetd can not bind to both IPv4 and IPv6 on same port" [Undecided,New] https://launchpad.net/bugs/561475
<ttx> smoser: ack
<uvirtbot> New bug: #561485 in samba (main) "Mounting CIFS folder i can only have READ ONLY access" [Undecided,New] https://launchpad.net/bugs/561485
<uvirtbot> New bug: #561491 in net-snmp (main) "SNMP and Sundance driver problem" [Undecided,New] https://launchpad.net/bugs/561491
<J_P> hi all
<J_P> I have this error in client (ubuntu desktop 9.10) trying to mount on server (ubuntu 8.04 server):
<J_P> mount.nfs: mount system call failed
<J_P> But if I try to mount in localhost (server) mount nfs ok
<J_P> any idea?
<J_P> no firewall between client and server
<zul> ttx: ping had a look at 556343 yet?
<ttx> zul: no, it's all yours to debunk
<zul> i think we already debunked it
<ttx> zul: ah ? We determined that it's not an apparmor issue, but the upgrade problem still remains, no ?
<zul> ttx: yeah i dont think its a really a bug though its just a verbose warning
<ttx> zul: the post-installation script fails with exit status 1... tat's not a warning
<zul> because cups, ntpd, mysql will give the same warning
<ttx> zul: I don't care about the "apparmor_parser" warning
<jdstrand> the apparmor thing is a verbse warning (and didn't cause the postinst to fail)
<ttx> zul:  I care about what makes the upgrade fail (which is *not* the warning)
<zul> ttx: k
<ttx> zul: if you can't reproduce failure on upgrade (but just the warning) then we'll de-prioritize it
<zul> thats what Im saying
<ttx> zul: if you do hardy+bind -> lucid upgrade it doesn't fail ?
<J_P> anyone?
<zul> no it doesnt
<ttx> zul: check if mvo is he can reproduce on every run of his upgrade tester... maybe it only occurs when all tasks are installed (that's what he tests upgrade from)
<ttx> ...check with mvo if...
<zul> k
<mvo> zul: it happens only on the tasks all profile, but I can reproduce it in the VM 100% of the time
<mvo> zul: its also transient, at the end of the upgrade I can restart bind just fine
<ttx> mvo: so it's not blocking ? Perhaps zul missed it if it's just transient
<mvo> ttx: well, its transient in the sense that it will fail only during the upgrade. but it still fails and makes dpkg/apt unhappy
<mvo> ttx: so we should fix it (or at least figure out more about it :)
<mvo> I commited a change that stops apparmor before dpkg runs so at messages about apparmor that are red-herrings should be gone with the next u-m upload
<ttx> mvo: you can reproduce on a VM with only server + bind task, or you test the "all tasks" install ?
<mvo> all tasks
<mvo> I have not tried with server + bind only
<ttx> mvo: ok, so maybe it's a conflict, if zul can't reproduce on server+bind
<mvo> I can start a run for this in a little while, first the kernel needs to be sorted
<ttx> mvo: zul will try to reproduce first
<mvo> http://people.canonical.com/~mvo/automatic-upgrade-testing/current/ <- rather unhappy because the kernel can not be downloaded anymore
<mvo> ttx: ok, thanks
<zul> ttx/mvo: im going to be doing the testing from an iso and will let you know after
<ScottK> ttx: Still no mathias.  Anyone else?
<axisys> how come I can ssh to a down interface here ?
<axisys> http://pastebin.com/izmZ7Ce4
<axisys> i can ssh to the ip bind to eth1
<eagles0513875> pmatulis: might have found a work around from someone on the bug you linked me to im testing it out now
<eagles0513875> this bug https://launchpad.net/bugs/559582
<uvirtbot> Launchpad bug 559582 in mountall "Upgrade from karmic to lucid failes with Internal Error, Could not perform immediate configuration (2) on mountall" [Undecided,Confirmed]
<zul> ScottK: ping can you have a look at #535185 for me please?
<ScottK> Looking.
<mathiaz_> zul: hi - what's the status of mysql-5.0 in lucid?
<zul> mathiaz_: will be done tonight
<pmatulis> eagles0513875: yeah, i'm getting the bugmail
<eagles0513875> pmatulis: testing it as we speak
<ScottK> zul: Approved.
<zul> ScottK: thanks
<eagles0513875> pmatulis:  :) seems to be working
<pmatulis> eagles0513875: nice
<eagles0513875> hopefully nothing breaks :(
<Genk1> Hello ! what is the topology of a network equipped with a an IPS host ?
<Genk1> I mean where can I put the ips in my network !
<eagles0513875> Genk1: are you talking about a dhcp server
<eagles0513875> which dynamically allocates ip addresses to machines on ur network for a certain period of time
<ttx> ScottK: mathiaz is here now
 * ttx stops for the day
<ScottK> mathiaz: We're still having some Akonadi/Mysql issues in Kubuntu.  Could you join us in #kubuntu-devel to discuss possible package adjustments?
<zomGreg> can anyone point me to some eucalyptus "certified" ubuntu804 LTS images?
<mathiaz> ScottK: sorry - I'm busy for now
<mathiaz> ScottK: I should have more time in a couple of hours
<ScottK> mathiaz: OK.
<mathiaz> ScottK: should I drop by #kubuntu-devel later or could you send me an email?
<ScottK> mathiaz: Please drop by.
<mathiaz> ScottK: ok - will do in a few hours
<ScottK> Thanks.
<realmatt> has anyone here used gpart on a 4TB raid array?
<Zider> are there any "official" fix for the problem with the init not waiting for cryptdisks to finish before attempting to mount them?
<apw> kirkland, about ?
<kirkland> apw: yo
<apw> we have some patches for kvm which we would like to apply before release, but after the last disaster i'd like to get them tested before i commit them ... would you be able to test them out
<apw> and do you have an amd based kit to test on?  i think it went bang there last time
<apw> kirkland, plus ... is svm the thing that kvm used on amd64?
<Zider> I find it odd that noone else seems to have this issue.. I mean, surely others must run encrypted drives, right?
<kirkland> apw: vmx is intel, svm is amd, yeah
<apw> Zider, i think you would be supprised just how few do
<Zider> apw: perhaps they don't because of the initscript problem :P
<kirkland> apw: i do have both intel and amd kit here
<kirkland> apw: though my amd kit is very old (though still supports kvm)
<kirkland> apw: it's hardly comprehensive
<apw> i may have something which can test it
<kirkland> apw: do you have a kernel?
<kirkland> apw: in a ppa or what?
<apw> kirkland, not as yet... if you can test i'll get some building
<kirkland> apw: sure, i'll test
<sherr> Zider: I run encrypted on my laptop - what bug?
<Zider> sherr: mount-script tries to mount the disks before cryptdisks finishes unlocking them
<axisys> i have two interface eth0 and eth1 .. with different IP .. eth1 is down.. when I ping from remote host even the eth1 reponds .. but the arp shows mac address of only eth0 .. a bug ?
<sherr> Zider: is there a logged bug I can look at?
<Zider> sherr: I'm not sure it logs anything special at bootup.. it seems to run all scripts at the same time, which screws up the order if you have many encrypted disks
<alvin> Zider: Are you talking about bug 475936 or 456274?
<uvirtbot> Launchpad bug 475936 in cryptsetup "race condition between encrypted device creation and mountall probing with random-encrypted devices (swap, tmp)" [High,Fix released] https://launchpad.net/bugs/475936
<Zider> alvin: where can I see those?
<alvin> Well, bug 456274 (show 'm uvirtbot!Â°
<uvirtbot> Launchpad bug 456274 in mountall "mountall 0.2.5 and cryptsetup fail to boot when using usplash (encrypted root)" [Undecided,Fix released] https://launchpad.net/bugs/456274
<alvin> Zider: Click on the links and see whether the description matches your experience
<Zider> alvin: it's 456274
<Zider> no wait..
<Zider> 475936
<alvin> That one is fix released I see
<Zider> sorry, I c&p'ed wrong
<Zider> well, it somewhat applies anyway, I don't have any random-encrypted disks, just "regular" ones.. but there's 5 of them, and they don't get unlocked in time before mountall runs
<alvin> Ah, 5. Hmm, could you uncomment one in /etc/fstab? In LVM, you also can only mount 4 volumes (in Lucid)
<Zider> to shorten the start-time you mean?
<alvin> No, the LVM thing is actually a real bug, but mabe the shorter start time does do something
<alvin> Karmic had the same problems with NFS: network not up fast enough = blocked boot
<Zider> I don't use LVM afaik
<alvin> Not enough people do :-)
<Zider> I don't really see a point to :)
<alvin> Oh, there are many. Even for a desktop system. Snapshots for example.
<_ruben> resizing and snapshotting are the most common ones
<Zider> I don't use either. :)
<sherr> LVM is proving very useful. Better perf. for virt. devices as well.
<Zider> I just have the drives mounted in separate dirs
<alvin> Can someone confirm my suspicion that the upgrade to Lucid changes all LVM fstab entries to mount-by-uuid?
<hggdh> smoser: can we chat about the EC2 test cases?
<smoser> sure
<hggdh> smoser: I see you started working on them, and already have it pretty much done, sort of
<smoser> "sort of"
<smoser> :)
<hggdh> :-)
<ChmEarl> when might this be available for karmic or lucid? http://packages.debian.org/sid/linux-image-2.6.32-4-xen-amd64
<hggdh> much more than what *I* had, and it is alomost complete
<hggdh> smoser: I have some Qs: (1) the tests are quite inclusive, but I am unsure on how we report an error on one of them
<hggdh> for example, would it be a good idea to add the different models explicitly?
<smoser> models ?
<smoser> the general "test suite" is quite hacky.
<smoser> and much of the tests (so far) require me to look at console output.  I basically run the test-multi.sh and then 'vi *'.
<smoser> which is obviously going to be error prone , but is *considerably* better than launching all that by hand and looking at output one by one.
<hggdh> yes, I agree. I am trying to arrive at something that can done by (theoretically) anybody
<hggdh> well, as long as this "anybody" is willing to spend money ;-)
<smoser> hggdh, so the stuff that isn't automated, can probably be automated. i collect enough data from each instance.
<smoser> (and if not, we can just collect more)
<smoser> i'd suggest adding a directory of tests that run maybe after console data had been collected, before termination
<smoser> that could do things like verifying the ssh keys are what the console said they should be
<smoser> hggdh, its embarrasingly hacky at this point :)
<smoser> but it works
<smoser> one thing i've wondered, though, is why anyone would *want* to spend money just to run an automated test suite
<hggdh> smoser: don't ask me... there are always somebody willing (and I really welcome them, BTW)
<smoser> well, i understand being interested in finding bugs you care about, or making sure your hardware works.
<smoser> but this seems just simply a donation to amazon
<smoser> but anyway
<hggdh> heh
<uvirtbot> New bug: #561750 in squid (main) "squid starts and stops immediately (after upgrade from karmic to lucid)" [Undecided,New] https://launchpad.net/bugs/561750
<hggdh> smoser: as far as I can see, I agree with you --- one test is enough here
<uvirtbot> New bug: #561751 in clamav (main) "package clamav-milter 0.96+dfsg-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 20" [Undecided,New] https://launchpad.net/bugs/561751
<hggdh> smoser: I mean one *tester*
<uvirtbot> New bug: #561760 in clamav (main) "package clamav-milter 0.96 dfsg-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 20" [Undecided,New] https://launchpad.net/bugs/561760
<uvirtbot> New bug: #561761 in clamav (main) "package clamav-milter 0.96 dfsg-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 20" [Undecided,New] https://launchpad.net/bugs/561761
<uvirtbot> New bug: #561779 in squid (main) "squid is not started on runlevel transition 1 -> 2" [Undecided,New] https://launchpad.net/bugs/561779
<hggdh> mathiaz: I have added euca-get-console-output to your uec-testing-scripts, can I propose a merge?
<airliasdesign> anyone here to help me?
<guntbert> !ask | airliasdesign
<ubottu> airliasdesign: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<MagicFab> hi all
<airliasdesign> I'm looking into possible server OS options for a new website I'm running, and I'm looking to run a clouding setup with Ubuntu as my OS, would it be possible to run 1 instance of Apache with all of my node resources dedicated to that Apache server, then run a MySQL cloud, then a mail cloud and so forth?
<airliasdesign> In other words, it would be separate clouds on separate ip addresses and hubs
<MagicFab> I was wondering if there is a list of kvm enhancements/new features/fixes that would cover 8.04LTS -> 10.04LTS ? Other than the fully detailed changelog
<MagicFab> specifically, re: running Windows guests in KVM (Win2008 server)
<MagicFab> nijaba, mathiaz  ^
<airliasdesign> is 10.04LTS out yet?
<ruben23> hi
<guntbert> airliasdesign: not yet
<airliasdesign> thought so
<airliasdesign> my 9.10 CDs came in the mail yesterday lol
<airliasdesign> I'm going to start a collection
<airliasdesign> lmao
<nimrod10> airliasdesign, it is out in beta : http://releases.ubuntu.com/10.04/
<airliasdesign> ahh ok
<airliasdesign> anyone know about the clouding question?
<airliasdesign> well
<airliasdesign> 17 days until 10.04
<ScottK> sommer: FYI - Bug #561825
<uvirtbot> Launchpad bug 561825 in ubuntu-docs "Replace dkim-filter in mail filtering section with opendkim" [High,New] https://launchpad.net/bugs/561825
<airliasdesign> hey guys
<airliasdesign> nevermind
<airliasdesign> wrong box
<apw> kirkland, dunno what time it is for you, but those kernels are uploading ... will msg the location
<kirkland> k
<airliasdesign> ok
<airliasdesign> I want to replace CentOS with ubuntu
<airliasdesign> is there any way to transfer the user's files ?
<netnull> ciao ragazzi, ho un problema configurando la posta su un server virtuale tiscali, mi potreste aiutare?
<netnull> hello guys..sorry, i didnt see its an english channel.. could someone help me to set up a mail server on a virtual server?
<ruben23> hi guys anyway i can implement a domain controller with active directory on an ubuntu server..
 * genii ponders "anyway, I can do something" as opposed to "any way I can do something?"
<jetole> Hey guys. I'm setting up a small HA web server scenario right now. In this case only 3 web servers where all requests will be round robin setup between the servers. What I wanted to know is what is a good way to keep the filesystem replicated across all servers that will scale well as the number of web servers grows?
<jetole> I was thinking about rsync but that doesn't seem well designed for this. DRBD is a thought I had and have experience with but I'm not sure how well that will work as the numbers grow. I have also never tried DRBD with more then two nodes. I have looked briefly into OpenAFS but don't have experience with it. What do you guys recommend?
<RoAkSoAx> jetole, i would go with DRBD
<RoAkSoAx> jetole, sample setups with new cluster packages can be found in: wiki.ubuntu.com/ClusterStack/LucidTesting
<jetole> RoAkSoAx: Thanks for the advice
<jetole> RoAkSoAx: I have another question for you. Suppose I want to configure files to be manages by rsync that typically need root access for example /etc/drbd/*. How would I set this up without creating root ssh logins/keys ?
<jetole> or is there another way I should manage shared configuration files?
<RoAkSoAx> jetole, you can take a look to csync2
<jetole> Thanks again. googling now
<RoAkSoAx> jetole, http://www.roaksoax.com/2008/06/cluster-sinchronization-tool-csync2
<jetole> awesome!
<jetole> RoAkSoAx: reading thatnow
<RoAkSoAx> ;)
<panamaquono> hello
<panamaquono> I'm using opera to do this, is that a mistake?
<mathiaz> hggdh: hi - merges are free - so please go ahead
<panamaquono> I've run into a wall
<mathiaz> hggdh: are you using the test rig for now?
<panamaquono> I tried to install ImageMagick on my Ubuntu Server
<panamaquono> I need to know how to completely remove it
<panamaquono> I tried rm -r and that seems to only work on folders, I'm not sure what I'm aiming at is a folder
<panamaquono> I'm very novice
<panamaquono> is this working?
<genii> Yes
<genii> panamaquono: Also, yes
<panamaquono> wonderful, I wasn't sure I haven't used opera in a while
<panamaquono> I tried to wget a fresh version of it and 'roll out the tarball' and then make, and then 'sudo make uninstall' - that was supposed to do it,
<panamaquono> but it's still shows up if I type ls
<panamaquono> I also believe the actual program to be running
<panamaquono> perhaps I should look for a chat room for that thing?
<jetole> does anyone know how I can see whats using the most bandwidth on my network from looking at pcap files?
<jeeves> what is the be all and end all way of fixing an apt failure?
<hggdh> mathiaz: no, I am not
<hggdh> mathiaz: your uec-testing-scripts is under ./+junk, should I just send you the diff?
<mathiaz> hggdh: can't you create a merge proposal?
<jeeves> what is the be all and end all way of fixing an apt failure?
<mathiaz> hggdh: or push to your +junk/ branch as well
<mathiaz> smoser: are you using the uec test rig?
<isnoop> Is there a command line path to upgrade 8.04 to 10.4 Beta2?  Perhaps a flag for do-release-upgrade?
<isnoop> -d gave me "An unresolvable problem occurred while calculating the upgrade"
<hggdh> mathiaz: I will push to my own +junk, I cannot create a merger proposal for +junk branches
<mathiaz> hggdh: ok - that looks good enough
<mathiaz> hggdh: can you subscribe me to your branch?
<hggdh> mathiaz: done
#ubuntu-server 2010-04-13
<smoser> mathiaz, no
<mathiaz> smoser: good for you - because I've already scratched cempedak ;)
<smoser> good for me indeed.
<smoser> mathiaz, since you're here, do you happen to have thoughts/example of config on bug 556176
<uvirtbot> Launchpad bug 556176 in openldap "slapd creates /nonexistent homedir (and some enhancements...)" [Medium,Confirmed] https://launchpad.net/bugs/556176
<smoser> ie, an example config that i'd be looking to make sure worked properly?
<mathiaz> smoser: ie you wanna a quick way to set up a base directory infrastructure?
<mathiaz> smoser: https://code.launchpad.net/~mathiaz/openldap-dit/add-ldapscripts-files
<mathiaz> smoser: ^^ this is what I use to setup an directory
<mathiaz> smoser: and add user/group using the ldapscript package
<smoser> mathiaz, ok. that might be enough. mainly i need something that i can test was working -> is still working after upgrade
<smoser> i'll poke around there some
<mathiaz> smoser: yeah - ^^ that sets up a directory
<mathiaz> smoser: to make sure things are still working you can also use the ldapsearch command
<mathiaz> smoser: I usually use:
<mathiaz> smoser: ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
<mathiaz> smoser: *sudo* ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"
<mathiaz> smoser: ^^ that should be enough to dump the whole cn=config tree
<mathiaz> smoser: and check whether slapd is still working afterwards
<smoser> mathiaz, thanks. i've got to run, but will maybe bother you tomorrow on it more.
<mathiaz> smoser: np
<chewbranca> hi, has anyone had luck getting ubuntu enterprise cloud working in virtual box?
<chewbranca> both the main server and nodes as well?
<chewbranca> I tried it a while back but was having issues with it not being able to use the hardware virtualization
<JanC> chewbranca: AFAIK virtualisation-in-virtualisation only works with kvm
<JanC> in any case, I think you better use a dedicated machine
<JanC> or multiple ones
<chewbranca> JanC, ok that's what I figured
<chewbranca> JanC, this is my dev box, just trying to build a setup for testing out eucalyptus/ec2 instances without needing to pay or buy another box
<jeeves> ok guys, I'm stuck, and I can't do any package installs/upgrades.  How can I fix this?   http://pastebin.com/FbsVPMAT
<chewbranca> I've got plenty of hardware on my dev box, but I don't want to put in virtualization at a low level on it because I still use this for everything and I don't want to mess with graphics or anything else
<JanC> chewbranca: yeah, I know what you mean, I wish I had a bunch of such boxes around myself  ;-)
<chewbranca> JanC, yeah I think the gf might kill me if I setup another server in the apt lol
<chewbranca> JanC, just built up a nas recently
<chewbranca> and with my new dev station we don't need to turn the heat on anymore
<chewbranca> lol
<chewbranca> going to be a warm summer
<jeeves> chewbranca, I heated my apartment with my home hosting
<chewbranca> jeeves, hahahha nice
<jeeves> chewbranca, lol, thanks.  We were living in North Bay Ontario.
<JanC> jeeves: I guess you tried the usual apt/dpkg fix incantations?
<chewbranca> jeeves, oh way haha, yeah I'm over in Seattle, doesn't get extremely cold here
<chewbranca> s/way/wow/
<jeeves> JanC, yep.  I've tried the dpkg reconfigure and apt-get install -f
<jeeves> this is what I'm getting.    http://pastebin.com/FbsVPMAT
<chewbranca> hrmm... so I wonder what is cheaper, build a new server or just pay for EC2 test server instances
<jeeves> chewbranca, lol, how long do you need them for?
<JanC> jeeves: in that case you might want to try editing or removing some post-removal scripts
<chewbranca> jeeves, well I want to put together a consistent dev environment for being able to kick out processes and setup apps on EC2
<JanC> jeeves: and maybe file bug reports about them  ;)
<jeeves> chewbranca, go get VM infastructure 3.5 and load it on some old x86 hardware.  That's all I've got.
<jeeves> JanC, how/where do I do that?
<chewbranca> problem is my dev box is way beefier than my home server, home server is 32bit and limited to 4 gigs of ram, and only running 2 right now, and its already loaded pretty well
<chewbranca> jeeves, all my old comps are gone... lol, dumped them all to make room in this apt
<jeeves> chewbranca, lol.
<chewbranca> just have my dev box and dual core opteron with 2 gigs of ram
<jeeves> so, ideas on how to nuke this problem?
<jeeves> chewbranca, any ideas on how to fix this issue
<ruben23> hi guys want to deploy around 50 linux desktop, what should i do to manage them with file sharing and other network stuff..?
<ruben23> like directory service.
<jeeves> ruben23, LDAP
<ruben23> jeeves: how about file sharing..?
<chewbranca> jeeves, was taking a peak, not really sure, looks like you've got an old failed install that is messing with it, I would try clearing everything out and reinstalling the package
<ruben23> file, storage and others..
<chewbranca> not sure though
<jeeves> chewbranca, that's what I'm trying to do, but apt refuses to letme do ANYTHING.  I can't uninstall (because it leaves messed up packages), and I can't install due to this messed up issue
<jeeves> ruben23, LDAP interfaces with samba
<chewbranca> jeeves, weird, any idea what got you to that point?
<ruben23>  jeeves: ill setup sama=ba server then..openldap..
<jeeves> chewbranca, lol, I tried installing Amarok.
<chewbranca> jeeves, hahahah
<jeeves> ruben23, no, set up openLDAP first. you need to build your services off of that
<ruben23> jeeves: after openldap ill do, samba server right..?
<jeeves> yes, Samba is your file/printer server
<JanC> jeeves: try looking into /var/lib/dpkg/info/*.postrm where "*" is the name of the package causing troubles
<jeeves> JanC, then just delete it?
<JanC> or edit it so that it doesn't throw an error when it shouldn't
<JanC> check what it does
<JanC> most likely it will delete some files you don't need anymore, but if it does something more complicated you might want to leave that around
<jeeves> JanC, I think I'm just going to do a fresh re-install.  this install has been as stable as courtney love since day one
<JanC> my guess is it tries to remove files that it already removed before or something like that
<jeeves> JanC, lol.  yea.  hence the reinstall!
<pierce2> does anyone know if any of the vnet modes modes are supported on single macheine UEC deployments, or if there are any official ubuntu EMI images that support SYSTEM or STATIC mode?
<JanC> it's a bug if that causes an error though
<MTecknology> What package tells you how many packages can be updated when you log in?
<MTecknology> sorry, I'll ask in the right channel
<twb> Server does it, too, I think.
<twb> I dunno what it is, because 8.04 didn't have it :-)
<MTecknology> twb: 10.04 does have it and it takes longer to log into the system- I already know if packaged need to be updated before I log in so it's somewhat of a waste for me
<twb> MTecknology: hmm, I thought it was a static file, updated daily
<twb> Try looking in /etc/profile.d/
<MTecknology> ntohing in there
<MTecknology> nothing*
<twb> MTecknology: OK, then grep -r over /etc/ for the static part of the message.
<MTecknology> NICE
<MTecknology> I always used -d recurse
<MTecknology> /etc/motd
<MTecknology> twb: thanks
<twb> MTecknology: motd is static.
<MTecknology> yup
<MTecknology> like you said - some file updates it
<twb> Well, then, it can't be the thing that's making EVERY login slow
<MTecknology> so - touch .hushlogin (should work..
<ajmitch> there's an update-motd package that is most likely doing it
<twb> ajmitch: thanks
<MTecknology> ajmitch: not installed
<ajmitch> it uses the files in /etc/update-motd.d
<MTecknology> there is stuff in /etc/update-motd.d/ - just update-motd isn't installed
<ajmitch> ah, the description says it's superseded by a pam module
<twb> Icky.
<MTecknology> oh
<MTecknology> touch .hushlogin worked
<MTecknology> it is noticably faster too :P
<twb> MTecknology: that's interesting!
<ajmitch> not sure if pam_motd is running stuff in /etc/update-motd.d now or not
<MTecknology> It's definitely useful info for most people- just causes irritation for me because I like instant
<twb> If it's updated more than daily, it's not really a mot*d* anymore, is it :-/
<MTecknology> true
<MTecknology> ajmitch: thanks to you too :)
<ajmitch> historical naming & all that
<eagles0513875> bug 559582
<uvirtbot> Launchpad bug 559582 in mountall "Upgrade from karmic to lucid failes with Internal Error, Could not perform immediate configuration (2) on mountall" [Undecided,Confirmed] https://launchpad.net/bugs/559582
<twb> ajmitch: bah!
<twb> Not sure why it wouldn't go in .profile if you want to execute it on EVERY login
<ajmitch> it said it placed a script ito /etc/profile.d which these used what was in /etc/update-motd.d
<ajmitch> & then I stopped trying to follow just what was going where
<twb> Hm.
<twb> Well, I'll be grumpy regardless
<twb> It's my ground state
<MTecknology> I haven't been able to figure out why I can't make ssh login work via ssh key..
<ajmitch> permissions on ~/.ssh is often a cause of that
<twb> MTecknology: read auth.log; it'll tell you
<MTecknology> twb: I know the feeling - I got into an hour long debate while trying to discuss standardising things - the end result was, screw this - I'm doing it my way
<MTecknology> Apr 13 03:48:45 incipio sshd[25256]: Authentication refused: bad ownership or modes for directory /home/michael
<ajmitch> so, permissions, check that it's not world-writable
<MTecknology> I tried setting it to 750 user:group
<MTecknology> and I musta screwed up
<MTecknology> Thanks :D
<MTecknology> I feel like an id10t now
<twb> Accepting your fate is the first step
<MTecknology> yes- had to use that spelling too :P
<MTecknology> twb: I know, but I don't want to - I want to think I'll be useful someday
<px43> Anyone here knowledgeable much about Ubuntu Enterprise Cloud?  I'm trying to figure out what the recommended actions are when new kernel vulns come out.  The typical   apt-get upgrade&&reboot  doesn't work so well since the kernel and initrd are specified outside of the disk image, and I don't really see a way to auto update eki and eri images.
<twb> How are they specified?
<px43> twb: from what I understand, when you create an emi (the main OS image), you specify which eki (kernel) and eri (ramdisk) you want to use.  Then, when you launch an instance, you specify which emi you want to start with, and then the system boots.
<px43> twb: you can update the instance, and reboot it etc, but as far as I can tell, every time you reboot, you are back with the original kernel, and there is not a way to change it for the lifetime of the instance, and even if there is, it surly isn't automatic, which seems like a security issue
<px43> kees: *ding*  :-D
<twb> px43: are these specified as paths?  What does an example eki value look like?
<px43> pierce@majin:~$ euca-describe-images
<px43> IMAGE	emi-D1EC1024	euca/ubuntu.9-04.x86-64.img.manifest.xml	admin	available	public		x86_64	machine	eki-12CA1182	eri-48AB1259
<px43> IMAGE	eri-48AB1259	euca/initrd.img-2.6.28-11-generic.manifest.xml	admin	available	public		x86_64	ramdisk		
<px43> IMAGE	eki-12CA1182	euca/vmlinuz-2.6.28-11-generic.manifest.xml	admin	available	public		x86_64	kernel
<twb> Also, as a cheap hack you may want to investigate kexec-tools, which can replace the kernel without stepping down to the bootloader.
<twb> Where is eki-12A1182 on the filesystem?
<px43> the cloud is magical, so it's hard to say :-)  somewhere stored in the bukkit manager from what I can tell
<px43> I have each cloud component installed on a single piece of hardware
<px43> I have *every* cloud component installed on a single piece of hardware    <-- maybe more clear
<px43> from what I can tell, it's either being sent between daemons over some sort of SOAP session, or an ATA over Ethernet mount
<px43> even though it's all on the same box, but in theory I could abstract it to more machines :-D
<sCOTTo> hey guys - whats the best set up to instal for firewall & VPN setup ?
<sCOTTo> -- I need the advice to run with so I can get my stuff back up and running asap - I made some mistakes :(
<twb> sCOTTo: ufw is Ubuntu's standard firewall abstraction layer
<sCOTTo> hmm ok
<sCOTTo> is it best to do a reinstall ?
<sCOTTo> i have all sorts of crap on my machine lol
<twb> I have no idea.
<sCOTTo> lol
<sCOTTo> thanks ill go lool
<sCOTTo> bbs
<lifestream> ... does SQLite have default root password? I just googled stuff like "root sql password"  "change sql password" and I got no relevant search resutls
<lifestream> When I have a command that needs to connect to it, what password would it use?
<lifestream> Oh... wait...
<lifestream> Only databases have passwords... I see..
<darkk^> lifestream, there is no sqlite password at all, that's just file (MAYBE, there is some sort of sqlite encryption, but I'm not aware of it)
<twb> I imagine the way you'd encrypt an sqlite database would be out-of-band, e.g. with gpg
<lifestream> Ah thanks darkk^   I have a program that comes with it's own sqlite database... I have sqlite installed... so I try to  run the program, it complains it can't connect.  I look on the config file, the password is asterisks... ummm... anyway.  :P  Maybe this isn't the problem... I'm not sure:P
<darkk^> lifestream, check file permissions
<lifestream> I'm following install instructions, for this program that uses a sqlite db, but on the instructions, they don't say I have to do anything about the db or password at all
<lifestream> file permissions? which ones? *tilts head*
<maxagaz> how to print the line N of a file ?
<lifestream> programming homework?;p
<maxagaz> lifeless, not really...
<lifeless> maxagaz: ?
<uvirtbot> New bug: #562146 in nagios3 (main) "Integrate nagios users with system ones" [Undecided,New] https://launchpad.net/bugs/562146
<lifestream> he meant me, not lifeless,  stupid tab auto-complete, happens to me all the time
<twb> maxagaz: sed -n 22p foo.txt
<maxagaz> twb, thanks
<maxagaz> twb, and how to execute the printed command ?
<twb> Are you looking at .bash_history?
<maxagaz> twb, no
<twb> You'd execute it by piping it into whatever interpreter (e.g. bash) the line was intended for.
<maxagaz> twb, looking at a bash file
<maxagaz> like this: sed -n 22p foo.txt | bash ?
<maxagaz> ok
<cbeebie> Does anyone know how to build virtual machines with vmbuilder in 10.04 that will run on machines that don't have hardware support for virtualisation? In 8.04 you could build qemu-based VMs using ubuntu-vm-builder but the qemu option has gone away in vmbuilder.
<uvirtbot> New bug: #562139 in nautilus-share (main) "FUSE filesystems cannot be accessed when shared (dup-of: 175689)" [Undecided,New] https://launchpad.net/bugs/562139
<SmokeyD> hey everyone. I am trying to get ubuntu 9.10 64bit server edition installed in a software raid1. But it seems this won't work without a /boot partition outside the RAID, is that true?
<laen> Installed a local ubuntu mirror, testing it out now and i'm getting "Failed to fetch http://somewhere/Packages.bz2  Hash Sum mismatch". All i can find so far on the internetz is "Chose another repository", which isn't helping at all. Any idea why that mismatch happens? The Package.bz2's exist, as i can download them with wget.
<twb> cbeebie: kvm and qemu are architecturally identical, AFAIK
<twb> cbeebie: kvm-the-program is basically qemu plus some glue to make it talk to kvm-the-kernel-module
<cbeebie> twb: So, if I build a VM using something like "vmbuilder kvm ubuntu ....", I should be able to run it with a qemu command?
<twb> cbeebie: try it and find out
<apw> kirkland, hey ... did you get to test that kvm kernel?h
<alvin> SmokeyD: It should work without /boot outside RAID
<alvin> SmokeyD: I just checked. I have a server with software RAID1 here without separate /boot.
<twb> I dunno why you'd use RAID without LVM
<alvin> I can't find that he said it would be without LVM. (Lucid in its current state would be a good reason)
<twb> I'm assuming /boot on LVM on md RAID is still Bad Juj
<twb> *Juju
<jpds> laen: â #ubuntu-mirrors.
<twb> I mean, it works with grub2, but I wouldn't trust it in production
<alvin> Unfortunately, I think you are right there
<twb> I did it way back when grub2 was new
<alvin> Ah, then there was a bug. Separate /boot didn't work, but that was even without LVM
<twb> It convinced me that it was a waste of time; just blow 256MB on a separate three-way md RAID1 /boot partition
<alvin> It worked years ago, when Ubuntu didn't exist yet. I would rather see fixes.
<twb> Well, I wouldn't have been using Ubuntu
<SmokeyD> alvin, but I don't want /boot outside RAID
<SmokeyD> alvin, that makes the raid kind of useless if a disk fails, because no /boot will be available
<alvin> No, in elder times, you just made 2 boot partitions and copied them. But it is of no importance. You don't have to put /boot outside.
<SmokeyD> ok.
<alvin> Just use the ubuntu-server installer and put your 2 drives in mirror. Then put an LVM on top.
<SmokeyD> alvin, I have been trying to get that to work for hours already, but failed. At first the disks were marked by the SATA raid controller as a hardware raid.
<alvin> Aha!
<SmokeyD> I got that fixed now in the bios
<alvin> So, you have a firmware RAID.
<alvin> So, now they are two separate disks, not marked by the firmware raid anymore?
<twb> SmokeyD: just make two md RAID arrays
<alvin> When the installer says you have a softraid, it's not good.
<SmokeyD> alvin, not really. I just got a mobo which has an extra option to use the sata disks in raid, but I got that disabled, I just want to use software raid.
<twb> software raid is fine.  hardware raid is fine.  fakeraid is abominable.
<alvin> SmokeyD: Just disabling is not enough. First, enable the RAID, go into the RAID Bios of your firmware RAID, and destroy the array. Make sure it is destroyed and you have 2 separate disks. Then disable the RAID and run the Ubuntu-installer. (Zeroing part of the drive might also work)
<SmokeyD> alvin, yeah, that is what I did. Took me a while to figure that out though :)
<alvin> I know. Struggled long with the same problem. It's not something that is documented somewhere.
<pmatulis> does kvm impose a limit on the number of recognized lvm volumes?
<twb> https://wiki.ubuntu.com/FakeRaidSpec
<SmokeyD> alvin, but would you recommend just creating /dev/sda1 and /dev/sdb1 for the raid using all available disk space, and then setting up LVM on top of that to create the necessary partitions?
<alvin> SmokeyD: Actually, yes. That's what I do.
<SmokeyD> also setup swap in LVM?
<twb> SmokeyD: yes; though I'm crusty enough to make /boot a separate, second md RAID1 array
<alvin> SmokeyD: Yes, you can then increase your swap at will :-)
<SmokeyD> twb, crusty? Sorry, I am not a native speaker ;)
<SmokeyD> alvin, twb ok, cool. Thanks a lot
<alvin> twb is more careful
<twb> old and set in my ways
<SmokeyD> :) Ok, I learned a new expression today :) crusty
<alvin> I can tell you for sure that the lvm on top of mdadm works fine. My first experiences with Lucid, however, are pointing towards disaster. I'll do an update this week to check again.
<twb> SmokeyD: http://en.wiktionary.org/wiki/crusty
<alvin> pmatulis: (thanks for handling our support cases btw) Not according to this: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Virtualization_Guide/sect-Virtualization-Virtualization_limitations-KVM_limitations.html Might I inquire as to the reason of the question?
<SmokeyD> twb, alvin thanks a lot for your help. The installer is now formatting the ext4 Logical Volume. I am keeping my fingers crossed
<alvin> SmokeyD: You will now for sure on reboot :-) What version are you using?
<SmokeyD> 9.10
<alvin> Me too. Should work. (9.10 as delivered on the CD had problems with separate /boot anyway)
<SmokeyD> alvin, I was in doubt between 9.10 and hardy LTS, but I think hardy is getting a bit old by now so I decided to try karmic
<SmokeyD> alvin, I just downloaded the iso for 9.10 and made a bootable memorystick from it
<alvin> Hardy is a lot more stable than Karmic, but it doesn't have ext4
<twb> Bugger ext4
<alvin> and the kvm in Karmic is better
<twb> FWIW, I've backported qemu to 8.04.  I can't speak for KVM.
<alvin> yeah... I'm also starting to think ext4 might not be stable yet. I'm not sure yet.
<twb> It seemed like a lot of people were fumbling with it in ext4
<SmokeyD> hmm, I just formatted the partition to ext4 :)
<alvin> You can do that of course :-) But I don't want to lose official support, so I'm sticking with official versions.
<twb> Er, in 9.10
<twb> I think Ubuntu jumped the gun again by making it the default
<SmokeyD> twb, what kind of trouble are people experiencing with ext4?
<twb> I can't remember
<twb> Stuff like "my machine don't boot so good no more"
<SmokeyD> :D
<alvin> There was data corruption when moving large files, and data corruption of qcow images,.. Yes, stuff like that. The not booting is mostly grub2 beta and upstart.
<SmokeyD> alvin, ok. Hmm, well I won't be doing to much large files. No qcow stuff definately (got some vm's on my desktop, but not on the server)
<twb> IMO they should've at least turned extents off by default
<alvin> The qcow stuff should be solved. Don't worry about that. But I am still experiencing weird stuff with copying large files. Don't know anything for sure yet.
<twb> Pity squeeze and lucid will ship with an ENOSPC-broken btrfs
<alvin> Lucid will ship with btrfs?
<SmokeyD> alvin, grub-pc is asking where to install grub. Should I install it to /dev/sda and later manually install it also on /dev/sdb (using grub-install)?
<kirkland> apw: sorry, server wasn't installable last night :-(
<kirkland> apw: i'm checking now to see if it was fixed overnight
<alvin> Hmm, I have forgotten that. For now, I would choose /dev/sda
<apw> kirkland, lack of a kernel probabally ...
<kirkland> apw: yeah
<kirkland> apw: no modules found
<apw> also my fault
<kirkland> tsk tsk
<alvin> SmokeyD: I have read some documentation about that. Let me see if I can find it.
<apw> broke all thinkpads ... not handy
<kirkland> apw: syncing my mirror, then installing
<apw> kirkland, thanks ... i need to push or revert them today
<kirkland> apw: i'll test today
<apw> kirkland, <- star
<kirkland> apw: people.canonical.com/~apw/security-lucid/
<kirkland> apw: is that right?
<apw> ack
<SmokeyD> alvin, the system boots fine. INdeed I needed to install it to /dev/sda. I now did a manual "grub-install /dev/sdb"
<kirkland> smoser: around?
<kirkland> smoser: apw has a couple of kvm updates in the kernel he needs tested ASAP
<alvin> SmokeyD: I think you can now adapt grub, so that you can boot from both drives.
<SmokeyD> I am going to remove the sata cable for sda, see if the system stays alive (mdadm -D /dev/md0 looks fine)
<kirkland> smoser: i'm wondering if you can drop them into your UEC (images, as well as hosts) along with me
<alvin> SmokeyD: Let us know how it goes
<ttx> kirkland: hey
<kirkland> ttx: howdy
<ttx> kirkland: so I read your demo went well last weekend ?
<binBASH> What I need to do exactly when changing VNET settings on a node? Just restart eucalyptus-nc?
<kirkland> ttx: yeah, i was happy with it
<ttx> cool
<SmokeyD> alvin, it works. THe system stayed alive when I removed the cable of sda, and also reboots fine
<alvin> SmokeyD: Cool!
<SmokeyD> alvin, thanks a lot for your help.
<kirkland> apw: linux-headers-2.6.32-21-server_2.6.32-21.31~security201004122115_amd64.deb
<kirkland> linux-image-2.6.32-21-server_2.6.32-21.31~security201004122115_amd64.deb
<kirkland> apw: that's the two binaries I need to install?
<kirkland> (btw, that directory is a confusing mess)
<alvin> SmokeyD: You're welcome
<apw> you only need the linux-image if you don't have prop h/w
<apw> kirkland, and yes it is ... i think i have old builds in there ... HRM tooling spammage
<kirkland> apw: k
<apw> kirkland, is that better
<SmokeyD> Ok, I am off to get a coffee and lunch on a terrace in the sun somewhere :)
<binBASH> you don't have to tell us that really :)
<kirkland> apw: installing happily today
<apw> yeah a new kernel was force fed into the system to fix it up
<smoser> kirkland, here
<kirkland> smoser: i'm doing the same now
<kirkland> smoser: on my laptop, and in my cloud
<smoser> kirkland, we can do that today, yeah. what do you need?
<kirkland> smoser: apw has kernsl at http://people.canonical.com/~apw/security-lucid/
<kirkland> smoser: these need to either be published to lucid today, or tabled for an SRU
<kirkland> smoser: some kvm security issues fixed in there
<kirkland> smoser: sounds fairly high priority to make sure these kernels work as our virt hosts and guest
<smoser> kirkland, ok. i can install them onto the my 2 systems hosts and will use the kernel for guest
<kirkland> smoser: thanks
<smoser> but i've got to take a 30 minute break here in 5 minutes
<pmatulis> alvin: you can theoretically use btrfs in karmic
<pmatulis> alvin: but even in lucid it is considered highly experimental
<alvin> pmatulis: Thanks, in that case, I'll wait a bit. I'm curious about btrfs though. Let's see how long I can wait :-)
<smoser> kirkland, quickly, stupid grub2 question
<pmatulis> alvin: package is btrfs-tools
<smoser> how do i tell it to boot the kernel i just installed
<smoser> never mind. i'm guessing it will, as its the newest by version number.
 * alvin is thinking. Maybe with a nice backup... Only for personal use... (but no, experimental file systems are dangerous toys)
<pmatulis> alvin: it is known to not work with a lot of userspace stuff (boot loader being one example)
<alvin> I thought as much. Well, patience is a virtue. I'm sure btrfs will be a success.
<uvirtbot> New bug: #562261 in krb5 (main) "Sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/562261
<franjpr> Hi, I have swithed on my ubuntu server but the startup fails after the following: init: ureadahead-other... status 4. Any clue?
<franjpr> Thanks
<ttx> smoser: is there any documentation about cloud-init config syntax, other than the examples in the cloud-init branch ? Do you plan to write some wikidoc ?
<smoser> there isn't doc other than in the source, no.  I can write some wiki doc. I think the examples are reasonably good, wiki doc would mostly just mimic them
<ttx> smoser: I care more about discoverability of the feature, tbh
<ttx> smoser: At this point you have to know about it to discover it exists
<smoser> this is a fair point.
<ttx> smoser: maybe updating/linkingfrom EC2StartersGuide would improve that
<ttx> it's a significant part of what makes Ubuntu server cloud friendly, we need it to be more apparent
<smoser> ttx, i'll try to put something together for that today.
<smoser> just fyi, i did do a blog entry
<ttx> smoser: no hurry, but before release, definitely. Some blogging could also help.
<smoser> i'm sure that at least 3 people have read it :)
<ttx> ah :)
<smoser> http://ubuntu-smoser.blogspot.com/
<ttx> smoser: you need some killer title, like "Why Ubuntu doesn't suck in cloud"
<smoser> that 3 includes myself and my mom though
<ttx> let's make that 4
<ttx> are you syndicated to ubuntu planet ?
<smoser> no. i need to do that. syndicated to cloud-planet now.
<ttx> ok
<smoser> i actually wasn't sure if, as a non ubuntu member, i was allowed to be syndicated to planet ubuntu
<zul> how about "deep thoughts by jack handy"?
<hggdh> smoser: you need to be an Ubuntu member, AFAICR
<hggdh> smoser: why don't you apply?
<smoser> hggdh, the application is being worked on
<smoser> :)
<smoser> of course everone here iwll flock to give testimony for me
<hggdh> certainly. And you *do* have the requisites
<hggdh> smoser: OTOH, I can be syndicated, but I do not blog
<pmatulis> alvin: that's the spirit
<smoser> hggdh, i dont understand, if you don't blog how do you communicate with people ?
<smoser> oh... you must facebook
<smoser> :)
<kirkland> smoser: sorry, was doing an interview
<kirkland> smoser: you get grub figured out?
<smoser> yeah, it "just worked". i didn't dig for where that was. when i looked i thought i was installing a kernel that wasn't going to be newest
<kirkland> smoser, ttx: I'm testing apw's kernels ...  my guests are not network accessible, looks like the plymouth issue, though
<smoser> and that i'd have to manually tell grub to boot that one
<smoser> kirkland, oh?
<kirkland> smoser: http://pastebin.com/XAq4tMtM
<kirkland> smoser: $ ssh 10.1.1.100
<kirkland> Read from socket failed: Connection reset by peer
<kirkland> smoser: but it's pingable
<ttx> kirkland: the plymouth issue ? You mean, the one that prevents login prompt ?
<ttx> kirkland: that one doesn't block SSh, fwiw
<smoser> hm... i dont' know what would have cauesd your failure there.
<kirkland> ttx: hrm, okay
<kirkland> ttx: smoser: okay, so kvm is running, guest is pingable, i've authorized port 22
<smoser> you've definitely run some of the user space cloud-inti code (Generating locales... INFO: Successfully authorized...)
<kirkland> ttx: smoser: but i can't ssh to it
<kirkland> smoser: it was able to call out to ssh-import-lp-id of kirkland
<smoser> right. which runs well after ssh should hav started
<smoser> i'm testing here.
<kirkland> smoser: interesting, i can telnet to 22
<kirkland> SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3
<kirkland> smoser: but ssh resets the connection
<kirkland> smoser: this is weird
<ttx> kirkland: does ssh -v give you more messages ?
<smoser> its keys didn't get generated
<smoser> so it denies it
<ttx> or -vv
<smoser> you have no keys in your console log
<smoser> it would be nice if init/plymouth didn't give such foul looking errors
<smoser> kirkland, i can't reproduce here :-(
<smoser> kirkland, is it still in that state?
<kirkland> smoser: hmm, okay, now i have 2 instances running
<kirkland> smoser: one was started without a -k option
<kirkland> smoser: the other was started with a -k option
<kirkland> smoser: only the one with a -k option works
<kirkland> smoser: not the one without the -k option
<kirkland> smoser: this is a regression since Friday
<kirkland> smoser: something in that recent upload i sponsored?
<smoser> absolutely not in that.
<smoser> and i dont really see how the -k would affect this.
<kirkland> smoser: the one that produced the problem was just run with "uec-run-instances -l kirkland $EMI"
<kirkland> smoser: http://pastebin.ubuntu.com/413662/
<smoser> yeah, that isn't helpful.
<smoser> i  know why ssh is saying no
<smoser> its because the keys have not been generated (sshd's keys)
<kirkland> smoser: oh?  sshd's keys?
<smoser> right.
<smoser> it has no keys, so it wont allow anyone to talk to it
<kirkland> smoser: hmm, i maintain that something's still funny/odd with plymouth/upstart/mountall
<smoser> ie, /etc/ssh/ssh_host_rsa_key
<kirkland> smoser: before i disabled splash, i couldn't boot my CLC
<smoser> maybe. but what is strange is that other things ran
<kirkland> smoser: well, I could boot it, but it wasn't running right
<kirkland> smoser: for instance, i couldn't start screen
<kirkland> smoser: but i was able to ssh into the system
<smoser> and sshd started, which starts on 'filesystem' event, which is the same event that the thing that writes the keys starts on
<smoser> can you launch a couple more instances and see if this is reproducible ?
<kirkland> smoser: sure
<dasunsrule32> Hi, I have a quick (maybe quick), is there a good way to mount a cifs share automatically for multiple users from an Active Directory that log in?
<smoser> i can't come up with any reason why we wouldn't see keys written to that console.
<kirkland> smoser: just started 4
<hggdh> smoser: I did not have, so far, anything to blog about
<dasunsrule32> For instance, I have used the smbcredentials option with samba, but that really will only work for one user in my environment. I need to be able to have either Gnome or fstab to pull in the user logging in and mount the share that way.
<ivoks> jdstrand: so, those are bugs :)
<smoser> well thats clearly a filter problem.  have you ever looked at the internet?  the problem is you seem to have some sort of filter stopping you from just mindlessly babbling
<kirkland> smoser: hmm, i just fired up 4 more instances, identical to the first ... and did not reproduce the behavior there
<kirkland> smoser: shall i kill all 6 of these and retry?
<jdstrand> ivoks: I certainly think so. I don't see any technical reason why qemu and kvm whouldn't both work. they do in libvirt
<smoser> sure.... i have no idea as to what is causing this.
<jdstrand> s/whouldn't/shouldn't/
<ivoks> jdstrand: ok, i'll try to isolate the problem
<smoser> it seems to me that the cloud-config-ssh.conf isn't running, or at least not correctly
<ivoks> jdstrand: but i might need some help :/
<kirkland> smoser: 6 more started
<jdstrand> ivoks: soren is your best bet. he may even know exactly what the problem is
<smoser> oh... i wonder...
<ivoks> soren: ^? :)
<kirkland> apw: okay, i'm running vm's successfully with 2.6.32-21-server #31~security201004122115 as the host
<kirkland> apw: let me try to get that kernel into the guest
<smoser> ssh-keygen probably relies on some entropy
<kirkland> smoser: how hard is it for me to get this kernel into a new image to register?
<smoser> maybe it was blocked on ramdom data (/dev/random) ? for some reason that guest didn't think it had a sufficient supply
<smoser> what kernel, kirkland
<kirkland> apw: and i need to reboot my laptop to do some kvm testing here too
<smoser> i'm testing with apw's kernel.
<kirkland> smoser: apw's kernel at http://people.canonical.com/~apw/security-lucid/linux-image-2.6.32-21-server_2.6.32-21.31~security201004122115_amd64.deb
<smoser> what you need to do:
<smoser> sudo mount -o loop whatever.img /mnt && sudo cp linux-*.deb /mnt && sudo chroot /mnt dpkg -i linux*.deb && cp /mnt/boot/vmlin*2.6.32-21.31* . && sudo umount /mnt
<ivoks> mixed minis is very dangerous bag; eating chocolate like chips surely isn't good :)
<smoser> then, uec-publish-image x86_64 whatever.img 20100413-testkernel --kernel-file vmlinuz-*
<smoser> thats what i've done here, and it booted
<kirkland> smoser: thanks
<smoser> i booted both i386 and amd64
<kirkland> smoser: okay, i just ran 6 more images in the exact same way ... no problem
<kirkland> smoser: glitch in the matrix?
<smoser> jdstrand, my suspicion about entropy above, does that possibly make sense?
 * jdstrand reads backscroll
<smoser> kirkland, i really have no idea why that would hang like that.  previously, there was a bug where the cache file wasn't being read, and instead metadata service was being crawled several times on boot, and it would fall over, but that was fixed.
<kirkland> smoser: okay, well, let's file it away to the back of our mind for now, and keep an eye out for any similarly aberrant behavior
<smoser> kirkland, yeah. there are other ways to debug an instance, but all of them basically require enabling debug stuff
<mathiaz> smoser: hey - do you have branch with your ldap changes?
<smoser> mathiaz, yeah
<jdstrand> smoser: I strace'd ssh-keygen, and it uses /dev/urandom, so it should not block
<smoser> it just has 2 of the three fixed, not the nice one.
<smoser> jdstrand, yeah. well nuts to that theory, thanks for testing.
<smoser> mathiaz, lp:~smoser/ubuntu/lucid/openldap/lucid.dev
<jdstrand> of course, and I've said this before, there may not be enough entropy in these images for a strong key...
<jdstrand> that is only a theoretical attack btw
<smoser> well, i think it would be more than theoretical.
<kirkland> apw: okay, rebooted my laptop to test your kernel now
<smoser> there is absolutely a limited amount of entropy
<smoser> i suppose it has been suggested, that you could have a paravirt /dev/random driver
<apw> kirkland, heh you are a trooper ...
<kirkland> smoser: no matter ... i killed that instance, and i have started 18 VMs identically, without seeing the same problem again
<smoser> kirkland, that doesn't exactly give you warm fuzzies though :-(
<jdstrand> smoser: you mean like a passthru? yeah-- that would be nice
 * kirkland multitasks like an s390 :-)
<smoser> jdstrand, right.
<kirkland> smoser: definitely not
<kirkland> smoser: i can almost guarantee that this is going to come up again ... i've seen this kind of behavior too much with uec in the past
<jdstrand> smoser: by theoretical, I mean that while people have observed that starting a hundred identical images with the same hardware *should* have poor entropy and weak(er) keys, I've not heard of a practical attack against this yet
<jdstrand> but I'm sure people are working on it
<kirkland> apw: okay, i'm running 4 kvm'd desktop livecd's now
<apw> heh thats one hell of a laptop
<kirkland> apw: can i see the changelog/patchset that you've applied?
<kirkland> apw: nah, just an x200 thinkpad (dual core 2.4GHz, 4GB)
<apw> patches were in the place you downloaded for
<apw> from
<kirkland> apw: KSM helps a bit, running 4 identical VMs
<apw> kirkland, good point
<kirkland> apw: 1-14 ?
<apw> there are a few indeed
<kirkland> apw: all of these are from the stable tree?
<apw> i think there are 10 whicih are KVM, 1 other and 3 noise
<apw> they are all pre-stable, but coming to me via security
<apw> pre-stable == sent to and accepted for 2.6.32.y but not yet released there
<kirkland> apw: i'm sharing  124786 pages (saving 4KB per page), according to /sys/kernel/mm/ksm/pages_sharing
<apw> impressive
<kirkland> apw: that's 487MB
<apw> substantial
<kirkland> apw: okay, i think i'm good
<kirkland> apw: i spot checked the patches (actually, just the headers)
<apw> kirkland, thanks, i'll call them committed
<kirkland> apw: all look like reasonable things to fix
<apw> yeah concur
<kirkland> apw: i can't say i'm not just a little nervous
<kirkland> apw: as things have been working pretty well for us here, kernel-wise
<apw> i am less nurvous now you have tested them
<apw> if it wasn't coming from -security i'd not be doing it either
<kirkland> apw: so my testing covered UEC hosts, smoser covered UEC guests, and i tested KVM as an app on my local machine via TestDrive
<kirkland> apw: did security test it at all?
<kirkland> jdstrand: kees: mdeslaur: ?
<kirkland> jdstrand: kees: mdeslaur: did you guys test apw's kernel with these 11 security patches?
<jdstrand> kirkland: is this a pending -security kernel?
<kirkland> jdstrand: yes
<kirkland> jdstrand: well, it's a pending lucid kernel
<kirkland> jdstrand: which apw is working on, some kvm security fixes
<jdstrand> kirkland: oh, no we haven't
<jdstrand> kirkland: stable kernels kees will usually do the testing
<jdstrand> kirkland: but dev, not usually
<smoser> kirkland, fwiw, i was running that test kernel on the host and hte guests
 * ttx sighs
<apw> its probabally a lot better tested than the average
<jdstrand> kirkland: do you need additional testing? we've been testing apparmor kernels lately
<ttx> Did I mention how much I hated maven ?
<smoser> mathiaz, were you wanting to look at bug 559070
<uvirtbot> Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070
<mathiaz> smoser: I'd like to review openldap in lucid
<smoser> thats what i was asking you about last night.  I have bug 556176 and bug 538848 commits in my branch.
<uvirtbot> Launchpad bug 556176 in openldap "slapd creates /nonexistent homedir (and some enhancements...)" [Medium,Confirmed] https://launchpad.net/bugs/556176
<mathiaz> smoser: and include the latest fix
<uvirtbot> Launchpad bug 538848 in openldap "slapd.postinst output doesn't mention configuration conversion step" [Wishlist,Confirmed] https://launchpad.net/bugs/538848
<mathiaz> smoser: i saw your branch yesterday
<smoser> mathiaz, i dont follow... so you want me to try to fix that ?
<mathiaz> smoser: I'd like to review your branch and sponsor it
<smoser> ok. i think we need a fix for 559070 though
<smoser> before its really useful
<smoser> or do you disagree, ttx? thoughts
<smoser> ?
<thebishop> quick noob networking question
<jdstrand> kirkland: tbh, getting it into lucid and having the wider community testing there helps us verify when the patches end up in stable releases
<ttx> smoser: to disagree I'd have to follow that discussion
<ttx> yes, bug 559070 is the only significant one in that list :)
<uvirtbot> Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070
<smoser> hm... ok. well, ttx, yesterday you asked me to look at 556176 538848 and 559070
<thebishop> i have a network interface, which is getting a proper local IP address through dhclient.  But I can't access hosts on the internet.  DNS name resolution works, but i can't ping to wget from internet servers.  there's no problem with my internet connection, i can browse the web fine on my ubuntu desktop
<smoser> i have the first two in a branch that i think is probably ready for review. but do not have the last.
<smoser> do you think we need to fix that last one
<ttx> smoser: I think we need to.
<smoser> i know little to nothing aobut slapd, but reading the bug it seems that this will break a working config, causing loss of access
<ttx> smoser: yes, there was an upgrade issue that would prevent hardy->lucid upgrades. I fixed that, but my fix denied access more than it should
<ttx> smoser: I can work on it if you don't feel confident
<smoser> right.
<ttx> smoser: ideally we need mathiaz to validate the fix in the end
<smoser> if i can get a clean example of the failing config, i think i can probably do it
<ttx> smoser: I documented on the bug what I think needs to be done...
<ttx> the trick being to handle all the cases
<ttx> and I still need an openldap cn=config expert to validate those assumptions
<axisys> how do I become root if sudo fails ?
<binBASH> :D
<binBASH> su -
<smoser> ttx, maybe i'm missing something
<smoser> you documented where ?
<axisys> su - wont work because root password is locked by default
<mathiaz> hggdh: are you using the uec test rig?
<smoser> bug 559070 has no comments
<axisys> binBASH: ^
<uvirtbot> Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070
<ttx> smoser: in the desc :
<ttx> "Combining the two lines into:
<ttx> olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * none
<ttx> or even (since access is implicitely denied when no clause match):
<ttx> olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage
<ttx> should solve it."
<binBASH> axisys: reboot with init=/bin/bash as kernel param so it will boot into root shell
<axisys> sudo points to radius auth .. but radius server is going throug maintenance
<axisys> binBASH: ok .. sweet.. in grub ?
<ttx> smoser: the tricky part is to support hardy->lucid, karmic->lucid and lucid->lucid
<kirkland> jdstrand: understood; just wondering if you've sniffed it at all
<binBASH> axisys: yeah, just pass it as parameter
<axisys> binBASH: in kernel line ?
<axisys> binBASH: i can power cycle but cannot run reboot .. since i am not root
<axisys> but during reboot i will have access to grub
<binBASH> axisys: Yeah in kernel line
<axisys> binBASH: thanks
<jdstrand> kirkland: I have not, sorry. tbh, I wasn't aware of the kernel
<smoser> axisys, you can do as binBASH says, or alternatively boot rescue media, chroot  and set root's password.
<kirkland> jdstrand: okay, well, apw is going to roll out to Lucid anyway
<jdstrand> sounds good
<binBASH> Hi smoser btw. :)
<binBASH> how to pass additional kvm startup parameters when starting instances in uec?
<mathiaz> smoser: ttx: I've commented on bug 559070
<uvirtbot> Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070
<ivoks> could someone fasttrack something for me?
<ivoks> just pull in rhcs from debian testing?
<ttx> ivoks: as in "syncing" ?
<ivoks> ttx: yes
<soren> ivoks: What's the problem?
<ivoks> all our changes are in debian
<ivoks> soren: vmbuilder fails to create xml for libvirt (i've posted the question to the ubuntu-server mailing list)
<ttx> ivoks: you will need an AA for that. kirkland or jdstrand could help you, maybe
<ttx> soren: o/
<kirkland> ivoks: i'm responding to your mail
<ivoks> kirkland: ok
<soren> ivoks: Ah. I'm way behind on Ubuntu e-mail these days.
<ivoks> soren: me too :/
<soren> ivoks: I have a secret plan (don't tell anyone) about throwing a bunch of hours at vmbuilder next week when I get back from holiday.
<ivoks> soren: :)
<ttx> I /knew/ about that plan.
<mathiaz> smoser: bug 556176
<uvirtbot> Launchpad bug 556176 in openldap "slapd creates /nonexistent homedir (and some enhancements...)" [Medium,Confirmed] https://launchpad.net/bugs/556176
<mathiaz> smoser: I'd suggest to keep /nonexistent as the home directory and use the --no-create-home option for adduser
<smoser> why?
<smoser> it is commonplace to use /var/lib/<package> as home for a daemon
<mathiaz> smoser: well the security team is trying to move away from that
<smoser> (i just realized, it would be nice to clean that /nonexistent dir up on upgrade also... do you think that should be done ? case where '/nonexistent' was created and empty by something else is probably small)
<hggdh> mathiaz: no
<smoser> mathiaz, ok. thats easy enough to change. i just looked at other packages.
<mathiaz> smoser: there are couple of other packages that use nonexistent
<hggdh> mathiaz: I am not using the rig
<mathiaz> hggdh: thangs
<hggdh> mathiaz: welgome
<mathiaz> smoser: for the time being use --no-create-home is enough IMO
<ttx> jjohansen: I'd like to bring bug 546743 to your attention, breaking consoles on lots of servers
<uvirtbot> Launchpad bug 546743 in linux "Blank screen at first boot with ATI ES1000 and 10.04 server" [High,Confirmed] https://launchpad.net/bugs/546743
<smoser> mathiaz, sounds good.
<mathiaz> kees: jdstrand: mdeslaur: what's your opinion on setting up the home directories of system users running daemons to /nonexistent instead of /var/lib/... ?
<ivoks> kirkland: kvm and qemu aren't the problem
<ivoks> kirkland: they work
<ivoks> kirkland: problems are vmbuilder and libvirt
<jdstrand> mathiaz: it depends on what the application and the user in question does/needs to do. if it has an actual directory, that user can then do things with dot files, filling the disk, etc, so unless you need an actual directory, there is no reason to have it
<mathiaz> jdstrand: how about openldap?
<jdstrand> mathiaz: I would recommend not straying from Debian on this with openldap, since they have more experience with the code, daemon and user in question
<jdstrand> mathiaz: either that, or ask Debian about it
<jdstrand> personally, I like --no-create-home
<jdstrand> don't give the extra access unless it is determined that it is needed
<kirkland> ivoks: gotcha, thanks
<Oh-God-Whyyyy> This is driving me nuts!  Does sqlite need a connection string like MySQL does? This is the MySQL one: ConnectionString = "Data Source=localhost;Database=MyAwesomeDatabase;User ID=TheAwesomeUser;Password=***;"
<jdstrand> mathiaz: ^
<Oh-God-Whyyyy> Been trying to get this program to work for almost 24 hours
<jdstrand> mathiaz: and by 'more experience', I mean 'more experience than me' :)
<jdstrand> err... s/me/I/
<ivoks> kirkland: if you want to reproduce it, create (on vt-enabled hardware) kvm/xen/vmware system with vmbuilder, as you usually do
<kirkland> ivoks: not particularly ;-) ... i avoid vmbuilder
<ivoks> kirkland: start it and inside of that system try creating another virt system, that should be non-accelerated
<ivoks> eh...
<kirkland> ivoks: i tend to spend more time debugging vmbuilder than it takes for to just go and build the vm i need by hand
<jdstrand> kirkland: yeah, but you'd rather avoid libvirt too :P
<kirkland> jdstrand: heh, well, i often skip libvirt to remove complexity, rather than because it doesn't work
<kirkland> jdstrand: libvirt works really well, in my experience :-)
 * jdstrand was only teasing :)
<jdstrand> yes, I use it all the time
<kirkland> jdstrand: it=vmbuilder or it=libvirt ?
<jdstrand> libvirt. vmbuilder I do use when I (re)create my VMs. that has been a while though
<jdstrand> my security VMs that is
<jdstrand> iso testing I use virt-install
<jdstrand> security VMs, vmbuilder
<jdstrand> one-offs I just use virt-manager
<jdstrand> I'm a libvirt-junkie
<jdstrand> now that I use snaphosts for my security VMs, I haven't had to use vmbuilder in ages...
<smoser> jdstrand, qcow snapshots ?
<jdstrand> smoser: qcow2, yes
<mathiaz> smoser: I'm using qcow snapshots for my vms as well
<mathiaz> smoser: I was wondering whether the uec images could be used directly from kvm/libvirt?
 * smoser wishes for qcow backing devices to be fixed with apparmor
<mathiaz> smoser: I have a base lucid vm that I always need to boot and update
<jdstrand> mathiaz: you may be interested in knowing that the apparmor security driver for libvirt now handles backing store just fine
<jdstrand> smoser: it is
<mathiaz> smoser: I was wondering if using the daily uec images instead would work
<smoser> mathiaz, they need some de-cloudification done to them
<mathiaz> smoser: ie: every day download the latest uec daily and use this as the base vm
<jdstrand> smoser: bug #470636 was fixed in 0.7.5-5ubuntu18
<uvirtbot> Launchpad bug 470636 in libvirt "AppArmor security driver does not support backingstore" [Medium,Fix released] https://launchpad.net/bugs/470636
<jdstrand> smoser: that was part of my upstreaming/0.7.7 work, and then I backported it to lucid
<smoser> i did not know this... i thought you had basically said "will not fix"
<smoser> in comment 9 of that bug.
<smoser> that rocks. thanks jdstrand.
<jdstrand> smoser: yes, I did. I still think it is not an optimal way to do it, but upstream added all the hooks to do it already, so I went ahead and used their work
<smoser> "all the hooks" ie, you're now just parsing xml ? or you do have to read the image file yourself.
<uvirtbot> New bug: #562370 in apache2 (main) "Upgrade from 2.2.14-5ubuntu6 to 2.2.14-5ubuntu7 results in syntax error, missing module" [Undecided,New] https://launchpad.net/bugs/562370
<jdstrand> smoser: I think the backing store info should be available via the xml, but that is a discussion I need to have with upstream
<jdstrand> smoser: oh I don't look at the image myself-- libvirt has an API I used
<jdstrand> smoser: but it peeks at the image file
<smoser> mathiaz, https://code.launchpad.net/~smoser/+junk/boothooks : bin/ dir there has the decloudification stuff. its less than ideal as you also have to insert metadata. i hope to have that much more sane in maverick. so that those could "just work" like you'd like.
<smoser> jdstrand, right.
<smoser> thanks jdstrand
<mathiaz> smoser: excellent - if that's a topic for maverick, that's enough for me! :)
<jdstrand> oh sure-- it was a bp'd item for me, so I was motivated :)
<jdstrand> of course, I created that bp...
<uvirtbot> New bug: #550343 in openvpn (main) "openvpn crashed with SIGSEGV" [Low,Incomplete] https://launchpad.net/bugs/550343
<uvirtbot> New bug: #274006 in tftp-hpa (main) "init script of tftpd-hpa is not LSB compliant" [Low,Won't fix] https://launchpad.net/bugs/274006
<mathiaz> smoser: for the status function that could count as a new feature
<smoser> mathiaz, i have no strong feelings.
<mathiaz> smoser: so I'd ask for a FFexception
<smoser> can you tag that bug as such then please ?
<mathiaz> smoser: done - I've opened a new bug and you should be subscribed to it
<smoser> mathiaz, bug number ?
<uvirtbot> New bug: #562377 in openldap (main) "[FFe] Add status action to slapd init script" [Low,Triaged] https://launchpad.net/bugs/562377
<mathiaz> smoser: ^^
<smoser> danke.
<smoser> does anyone know, is 'do-release-upgrade --devel-release --sandbox' generally expected to work ?
<smoser> https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/562394
<uvirtbot> Launchpad bug 562394 in update-manager "do-release-upgrade fails with AttributeError" [Undecided,New]
<RoAkSoAx> mathiaz, i was also planing on creating OCF RA's for UEC
<uvirtbot> New bug: #562388 in libpam-ldap (main) "Authentication failure on successful login when using LDAP authentication" [Undecided,New] https://launchpad.net/bugs/562388
<mathiaz> RoAkSoAx: seems interesting - using EBS as the backend store?
<RoAkSoAx> mathiaz, well my idea is provide with HA (failover) to the UEC (any of the *-controllers). I.e. If cloud-controller fails, failover to another running
<RoAkSoAx> mathiaz, of course they'll need data stored someplace else or replicated between the nodes
<mathiaz> zul: bug 562370
<uvirtbot> Launchpad bug 562370 in apache2 "Upgrade from 2.2.14-5ubuntu6 to 2.2.14-5ubuntu7 results in syntax error, missing module" [Undecided,Confirmed] https://launchpad.net/bugs/562370
<uvirtbot> New bug: #562404 in clamav (main) "package clamav-daemon 0.95.3 dfsg-1ubuntu0.09.10.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/562404
<zul> mathiaz: working on it
<pierce> In Ubuntu Enterprise Cloud, does anyone know if any of the MANAGED vlan modes modes are supported on single machine deployments, or if there are any official ubuntu EMI images that support SYSTEM or STATIC mode?
<pierce> I am also trying to figure out how automatic security updates are supposed to work with kernel vulns, since the kernel is specified in eucalyptus, not on the emi image itself (so apt-get update doesn't really update the kernel).
 * lamont struggles to understand the sense of having all that work at login, just to update motd with stuff he already knows for the servers he deals with
<Genk1> hello
<Genk1> my squid server seems to work fine !  but when I try to access a website like http://mail.google.com/mail/.. it fails.. the browser show me the message : "Could not connect to proxy server."
<Genk1> any suggestions ?
<pierce> you are sure your browser is pointed at the right server on the right port?  how do you know your squid proxy is working fine?
<Genk1> pierce, because I have tested many other site like google yahoo ...
<Genk1> and there is no error messages in squid logs
<pierce> so it works for yahoo and google, but it won't connect when you try to go to gmail?
<Genk1> exactly !
<pierce> strange
<pierce> are there any other sites that it won't connect to?
<Genk1> pierce, yes for example facebook ! when I try to enter login and password
<pierce> ahh
<pierce> maybe it's an ssl issue
<Genk1> I have simply the login window
<Genk1> pierce, yes I think so !
<Genk1> is there a solution ?
<pierce> how do you have you SSL certs set up?  I think you need to generate a man in the middle type cert, and load it into your browser
<Genk1> pierce, hmm I will check this !
<Genk1> ok thank you
<pierce> I have never set up a squid server, but from what I understand you can make your own root CA, and squid will generate new certs for domains based on your new root
<Pici> fyi, Squid's official channel is also here on freenode in #squid
<pierce> anyone here have any experience with ubuntu enterprise cloud?
<kees> pierce: heya! nice to see you.  :)
<kees> pierce: smoser's in the best position to answer your questions about ec2, but when we publish kernel updates, we publish -ec2 updates too.
<kees> pierce: when those are incorporated into a new AKI is up to smoser, though.
<pierce> kees: The most recent set of images that support SYSTEM mode in eucalyptus seems to be 9.04.  Inside the instance that I have started, I upgraded all the way to lucid, but I can't for the life of me figure out how to upgrade the kernel past 2.6.28-11.  Even if I can it seems a bit sketchy that things like that aren't updated automatically.
<pierce> smoser: are you around?
<smoser> pierce, yes here now
<pierce> smoser: hey there, is there a good way to auto update the kernel in UEC?
<smoser> auto update?
<pierce> I'm messing with euca-modify-image-attribute at the moment..
<smoser> you can't do it there.
<smoser> you'll have to create a new image in euca
<pierce> I'm using a set of images for 9.04, but when I patch the kernel for recent security vulns, I reboot, and it's still using the old kernel (which totally makes sense)
<smoser> with ec2 you can use an ebs root
<smoser> and shut it down , modify kernel/ramdisk and start it
<smoser> pierce, for security vulnerabilities... you may actually (my tounge is in cheek) be able to use ksplice
<pierce> when you terminate an instance, you delete it right?  is it normal to mount things like /etc with the volume manager?
<smoser> well, the key is to do nothing in instance-store (/) that you really care about.
<smoser> if you want persistence, mount that stuff on an ebs volume (euca-attach-image)
<pierce> I've just got a few static IPs that I use to host a few services for myself and friends, so I don't really have funding for things like ksplice and landscape etc :-/
<smoser> yeah, :-(
<pierce> smoser: do you know if any of the official ubuntu images for UEC support things like STATIC and SYSTEM vnet modes?
<kees> note that ksplice doesn't exist for free in 10.04.
<smoser> kees, i didn't say it was free, and i had my tounge in my cheek.  jeesh
<smoser> pierce, static and system are no metadata ?
<kees> oh! heh, well, I assume ksplice _would_ work, it's just not free.  :)
<pierce> booting the recommended emis seem to fail in a bad way when I try to use them in SYSTEM mode
<smoser> i really hate to say it, but that really just wasn't on the radar
<pierce> VNET modes
<smoser> right, it fails to reach meta data service
<pierce> ah ya
<smoser> as those don't provide it, is that right
<smoser> yeah
<smoser> so... i hope to address that in maverick if that makes you happy
<dassouki> is there a webtool that i can isntall on my server to monitor it's performance, any apps or site that are haugign memrry processor or bandwidth
<smoser> one other thing i think you could do would be kexec
<pierce> since I am using external network configs to dhcp with my images instead of the private networking
<smoser> although i have very little experience iwth that.
<smoser> i keep crossing fingers and poking jjohansen for kexec on our ec2 kernels
<smoser> in theory, you could kexec into new kernel from old (eki registered) kernel
<pierce> smoser: I mostly really want to get away from using vmware-server for my hosting :-D
<pierce> smoser: that seems yucky
<smoser> essentially allowing the guest to service its own kernels (what a concept!)
<smoser> i dont think it would be too yucky
<pierce> well, if I need scripts that will auto update to pull new kernel images, then automatically kexec into the new kernels on all my instances, it seems a bit complicated :-)
<smoser> essentially you'd end up registering a 'kboot' kernel
<pierce> especially if that's the only way to patch a security vuln
<smoser> well, if its stable and it works, it works.
<smoser> you trust your bootloader to load a kernel aftr its installed.
<smoser> but i agree, its a bit mroe complicated
<jjohansen> smoser: I promise I'll have another look at kexec for M
<smoser> guest serviceable kernels would so rock
<pierce> smoser: besides that kernel issue, I am also confused about some of the networking issues.  It seems that none of the MANAGED modes work when you are running all components on a single machine, but there are no ubuntu emis that support STATIC or SYSTEM mode.  Is there a good reason for that, or did I overlook something?
<smoser> imagine a world where your kernels came from your OS provider (ubuntu) rather than from your hardware provider (ec2 in this case)
<smoser> crazy
<pierce> no canonical emis rather
<smoser> i really don't have enough experience with different modes.  i knwo that my default 2 system install "just works".  but i know that if you dont have a metadata service, then our images wont "just work".
<pierce> they hang for an hour on first boot, and if you try to restart the node controller they terminate and delete themselves :-/
<pierce> they do "work" for a little while though
<smoser> pierce, so the guest is oging to fall over when it doesn't have metadata service
<pierce> doing it in MANAGED mode seemed to work great, but I was unable to route from the internet to my instances
<smoser> you can probabaly disable most of cloud-init and be OK.  in the modes without a Metadata service, the eucalyptus hacks into /root/.ssh/authorized_keys, so you'd be able to ssh in
<pierce> will canonical ever support system or static mode, or should everyone just be using managed (which is tricky on a single machine)
<smoser> to disable cloud-init, mount the image, for x in etc/init/cloud-*; do mv $x $x.disabled; done
<smoser> i've not tested that, but i think it might work
<pierce> smoser: sshd runs after ec2-init hangs :-)
<smoser> ah. for karmic.
<smoser> yeah
<smoser> thats right, it generates ssh keys
<smoser> you'd have to create them somehow. maybe add a job that creates the /etc/sshd/*key* stuff.
<dassouki> is there a webservice i can install on my server to monitor its performance ?
<smoser> that make sense? thats the one thing i think youd' have to do.
<pierce> ya, also strange that I ssh into the root account rather than ubuntu when the metadata service fails
<smoser> well, i dont know about canoncial plans and system or static support.
<smoser> but i do plan on finding some way to make the maverick images work there.
<pierce> I also noticed that canonical is offering support contracts for UEC, do you know if there is a training program that I could go through, and then be sent out as an UEC consultant?  I do security consulting now, and it might be fun to throw that in as a service I could provide.  I'm not sure how franchised out the whole support contract thing is with canonical though.
<pierce> it's starting to sound like the MANAGED networking issues are going to be resolved before the STATIC emi issues, so maybe I will just convert everything back over :-/
<pierce> been going back and fourth for 2 weeks now, and my friends are starting to get annoyed that their servers have been down so long :-D
<pierce> dassouki: ntop works well for watching traffic, also prelude with prewikka if you are looking for something more detailed
<pierce> smoser: any insights on MANAGED networking issues vs STATIC image issues?
<smoser> pierce, i don't know about support. and sorry, no insights . i really have much less experience with this.
<pierce> smoser: thanks much, at least I know now that I'm not completely insane, and that these are real issues :-)
<pierce> would it be appropriate to file a bug report or anything like that?
<smoser> pierce, if you want to file a "ubuntu i amges do not work in system mode" then go ahead
<smoser> it wont be addressed for lucid
<smoser> but i do want to fix for maverick
<slestak> anyone use rsyslog heavily on their server box?  I am configuring a central server and want to make customizations to the default.  I considered leaving the 50-default.conf in place and either preceding or appending my changes with a 40- or 60-.  Not sure if my local changes should be on which side?
<slestak> s/central/central syslog/
<dassouki> pierce: thanks
<realmatt> in order to use the "offset" option with the mount command do I have to specify the "loop" option?  I ask because I am trying to mount a partition on a raid 5 array that isn't in the partition table but is on the disk
<pierce> dassouki: not sure exactly what you are looking for, but you might also look into nagios
<dassouki> pierce: pretty much a task manager
<dassouki> plus more information
<ttx> jjohansen: ping
<ttx> jjohansen: did you get my message about bug 546743 ? Let me know what are our options (comment on the bug when you can)
<uvirtbot> Launchpad bug 546743 in linux "Blank screen at first boot with ATI ES1000 and 10.04 server" [High,Confirmed] https://launchpad.net/bugs/546743
<RoyKe> bug 546743?
<ttx> RoyK: yes, bug 546743.
<zul> mathiaz: apache fixed
<RoyKe> ttx: just asking the bot
<uvirtbot> New bug: #562516 in backuppc (main) "package backuppc 3.1.0-6ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/562516
 * ttx disappears
<uvirtbot> New bug: #562531 in apache2 (main) "Latest Apache 2.2 is missing mod_reqtimeout.so" [Undecided,New] https://launchpad.net/bugs/562531
<sh4g0> someone speak spanish?
<kirkland> hggdh: did we ever get to the bottom of why config_multi wasn't working?
<kirkland> mathiaz: around?
<mathiaz> kirkland: o/
<kirkland> mathiaz: i think me, you, and hggdh need to take a look at his config_multi setup for beta2 testing
<kirkland> mathiaz: all of those runs failed
<mathiaz> kirkland: ok - is the failing environement currently up and running?
<kirkland> mathiaz: well, 99.8% of the runs failed, somehow 0.2% succeeded
<kirkland> mathiaz: i'm trying to get in touch with hggdh
<mathiaz> kirkland: ok - let me know once the infrastructure is up and running
<mathiaz> kirkland: and try to re-run the test
<mathiaz> kirkland: do you have the logs somewhere?
<kirkland> mathiaz: i asked hggdh to check them into bzr;  i have not seen them yet
<mathiaz> kirkland: ok - so in the logs should give use some clue about why things were failing
<kirkland> mathiaz: how long are you around today?
<mathiaz> kirkland: probably another 2 hours
<kirkland> mathiaz: okay, let's hope hggdh comes back around in that time
<RoyK^> can someone advise for an enterprise virtualisation platform for ubuntu?
<hggdh> kirkland: no, I was never able top find out why
<kirkland> hggdh: okay, mathiaz is here now, and ttx has asked us to get to the bottom of this
<kirkland> hggdh: what state is the rig in?
<kirkland> hggdh: do you have any logs?
<hggdh> kirkland: (1) mathiaz was using the rig the last I heard (2) I do have the logs saved (and, IIRC, attached to the bug)
<mathiaz> hggdh: the UEC test rig is available
<hggdh> mathiaz: so I guess we can go and do a multi again
<mathiaz> hggdh: on which topology was the test failing?
<hggdh> mathiaz: lucid-amd64-multi
<mathiaz> hggdh: how did you install the topologie?
<mathiaz> hggdh: lucid-amd64-multi is not fully automated
<mathiaz> hggdh: and the plan for now is to install everything from packages
<kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/559230
<uvirtbot> Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete]
<hggdh> mathiaz: I manually tweaked the preseeds to have the correct keys
<hggdh> mathiaz: so -multi is not to be run now?
<mathiaz> hggdh: well - you can - you just need to install from packages
<hggdh> mathiaz: what exactly does that mean (in other words: I do not think I did it)
<mathiaz> hggdh: bug 559230
<uvirtbot> Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete] https://launchpad.net/bugs/559230
<mathiaz> hggdh: ^^ this is not the multi-network topology
<mathiaz> hggdh: kirkland: which topology are we trying to debug here?
<hggdh> mathiaz: no, it is the multi-machine
<mathiaz> hggdh: which topology was setup when all the tests were failing?
<kirkland> mathiaz:  lucid-amd64-topo2:
<kirkland>      hosts:
<kirkland>        cempedak: CLC
<kirkland>        mabolo: Walrus
<hggdh> mathiaz: I am sorry, this was not the one. I had one component per machine, same network
<kirkland>        marula: CC
<kirkland>        santol: SC
<kirkland>        sapodilla: NC
<kirkland>        soncoya: NC
<mathiaz> hggdh: so IIUC, the failing logs are for topo2 (multi-machine) and we're looking at bug 559230?
<uvirtbot> Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete] https://launchpad.net/bugs/559230
<hggdh> mathiaz: that's correct
<mathiaz> hggdh: where are the logs?
<hggdh> I have the logs locally, but they are humongous
<kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/559230
<uvirtbot> Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete]
<kirkland> http://launchpadlibrarian.net/43545406/EucalyptusCloudDebugLog.gz and http://launchpadlibrarian.net/43545407/EucalyptusCloudOutputLog.gz
<mathiaz> hggdh: kirkland: and the logs from the testing scripts?
<hggdh> mathiaz: 8M compressed, where can I load them? people.c.c is OK?
<kirkland> hggdh: sure
<mathiaz> hggdh: yes
<uvirtbot> New bug: #562575 in vm-builder (universe) "vm-builder fails to resolve package dependency in vanilla system" [Undecided,New] https://launchpad.net/bugs/562575
<hggdh> mathiaz, kirkland people.c.c/~cerdea/logs.tar.gz
<mathiaz> hggdh: not found
<mathiaz> hggdh: did you put the file in your public_html/ directory?
<hggdh> mathiaz: scp or sftp, under my home dir
<hggdh> but I will put it under public_*
<hggdh> both places now
<mathiaz> hggdh: ssh: connect to host 10.55.55.104 port 22: Connection timed out
<mathiaz> hggdh: it seems that instance wasn't run properly
<mathiaz> hggdh: it doesn't seem to be a problem the testing scripts
<hggdh> mathiaz: yes, a lot of them. If you look at multi_test.log.2010-04-07_190728, about half failed
<mathiaz> hggdh: and the instance (ex: i-4A18091A) was running according to UEC
<hggdh> of 1,000 runs
<mathiaz> hggdh: right - I'd setup the same infrastructure and re-run the tests
<mathiaz> hggdh: this time using your branch to store the console logs before terminating an instance
<mathiaz> hggdh: if it's marked as failed
<hggdh> mathiaz: k
<hggdh> that's what the branch should be doing
<smoser> mathiaz, i'll get the openldap later tonight,and send you a review request
<smoser> then tommorrow you can review commit . that sound reasonable ?
<mathiaz> smoser: great thanks
<mathiaz> smoser: I'll try - I'm traveling tomorrow
<smoser> ok. if not, thierry
<mathiaz> smoser: but thanks to bzr support for offline mode, I should be able to get it reviewed
<smoser> yeah, true.
<hggdh> mathiaz: just to be sure: who will rerun the tests, you or me?
<mathiaz> hggdh: you
<hggdh> mathiaz: roj
<hggdh> mathiaz: which images you want?
<mathiaz> hggdh: beta2
<hggdh> er. where are the beta2 images?
<hggdh> cannot find them on cdimages.u.c
<hggdh> mathiaz: ^
<ajmitch> hggdh: try releases.ubuntu.com
<hggdh> ajmitch: thank you
<lionel> :)
<hggdh> mathiaz: releases.ubuntu.com does not seem to be accessible from tamarind
<mathiaz> hggdh: right - there isn't any firewall rules to enable access
<mathiaz> hggdh: try with the latest archive installation then
<hggdh> mathiaz: roj
<Testament> hello, i'm using ubuntu server 9.10 and when i try to dpkg-reconfigure slapd, dpkg ask me only 3 question, and never ask aout the domain etc... all tutorials i found talks about more options when i do that, is this a known issue? and there is a solution please ?
<uvirtbot> New bug: #562599 in apache2 (main) "can't start apache2" [Undecided,New] https://launchpad.net/bugs/562599
<kirkland> hggdh: so you're installing now?
<hggdh> kirkland: yes, right now cempedak is being installed
<kirkland> hggdh: cool, i'll standby
<kirkland> hggdh: as i want to get to the bottom of this, if it's a euca problem
<hggdh> kirkland: welcome :-) I am betting on a fat hand from my side, though. Also, bug 559745, if not yet resolved, may impact this test
<uvirtbot> Launchpad bug 559745 in eucalyptus "NC failed to start a session with a libvirt internal error" [Medium,Confirmed] https://launchpad.net/bugs/559745
<ruben23> hi whi is it when i tried to reboot my system then sometimes it says on startup that, hcek forced on one of my LVM..
<ruben23> what do i do, cause its causing delays..is it possible to do it automatically.
#ubuntu-server 2010-04-14
<kirkland> hggdh: status check
<uvirtbot> New bug: #562635 in krb5 (main) "Sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/562635
<hggdh> kirkland: finalising installs
<hggdh> kirkland: only waiting for the two NCs to finish install. UEC image is registered
<kirkland> hggdh: k
<kirkland> mathiaz: nearly done ....
<mathiaz> kirkland: I need to jet out for now
<kirkland> mathiaz: are you traveling all day tomorrow?
<mathiaz> kirkland: yeah - I'll be able to retrieve/read/respond to email though
<mathiaz> kirkland: (when I'm not on planes)
<kirkland> mathiaz: okay, we'll try to get the debug info to you
<mathiaz> kirkland: the next step is to run the tests again and save the log information
<mathiaz> kirkland: put them online somewhere if they fail again
<kirkland> mathiaz: what specifically do you want?  a tee of the run ?
<mathiaz> kirkland: the whole test run log
<kirkland> hggdh: ^
<hggdh> kirkland: nodes registered, running a single-instance test now
<hggdh> kirkland: test running, log is being written to ~/uec-testing-scripts/resutls/single*
<hggdh> kirkland: on cempedak
<kirkland> hggdh: cool, and you can ssh in?
<hggdh> kirkland: negative
<kirkland> hggdh: cannot ssh in
<hggdh> kirkland: ssh fails on timeout
<hggdh> really sounds like routing
<kirkland> hggdh: interesting
<kirkland> hggdh: okay, put the log somewhere for me to check out
<hggdh> kirkland: k. I just ran one instance by hand, and then tried to ssh into it -- fails with a timeout
<kirkland> hggdh: okay, that's easy to reproduce
<kirkland> hggdh: log?
<hggdh> kirkland: people.c.c/~cerdea/single_test.log.2010-04-13_193218
<kirkland> hggdh: rsync -aP people.canonical.com:~cerdea/single_test.log.2010-04-13_193218 .
<kirkland> hggdh: file not found
<kirkland> hggdh: found it, public_html
<hggdh> heh. one wants it on public_html, another on the root ;-)
<kirkland> hggdh: ls -alF users/admin/uectest-k0.priv
<kirkland> hggdh: and cat that file, make sure it matches -----BEGIN RSA PRIVATE KEY-----
<kirkland> hggdh: is that instance still running?
<kirkland> hggdh: can you telnet to its port 22 ?
<hggdh> kirkland: yes, the instance is still running
<hggdh> kirkland: the priv key seems kosher
<kirkland> hggdh: and telnet ?
<hggdh> kirkland: timeout. Also, a traceroute (FWIW) reaches marula (the CC) and stops there
<kirkland> hggdh: oh, interesting
<kirkland> hggdh: that's got to be it
<hggdh> kirkland: let me try to ssh from marula
<kirkland> hggdh: yeah
<kirkland> hggdh: scp the priv key over
<kirkland> hggdh: and try from there
<hggdh> kirkland: first test -- reachability -- successful
<kirkland> hggdh: ack
<hggdh> will move the priv key there now
<kirkland> hggdh: and?
<hggdh> kirkland: getting permission denied (pub key)
<hggdh> kirkland: but the important piece is that I am *reaching* the instance
<kirkland> hggdh: hrm, odd
<kirkland> hggdh: agreed on that point
<kirkland> hggdh: and you're doing ssh -i ./whatever.priv ubuntu@ip ?
<kirkland> hggdh: and whatever.priv is perm'd 600
<hggdh> kirkland: yes indeed, and will check again
<hggdh> but on wrong permission ssh would bail out
<hggdh> kirkland: and the full command is ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ./uectest-k0.priv  ubuntu@10.55.55.100
<hggdh> although sort of overworked, I admit
<kirkland> hggdh: hmm, okay
<kirkland> hggdh: it may be that the guest is having trouble getting out
<kirkland> hggdh: or at least to have the key injected
<kirkland> hggdh: okay, add your traceroute findings to that bug
<kirkland> hggdh: and email mathias (cc me) the link to that log
<kirkland> hggdh: i'm reassured that this appears to be a networking issue, but we'll need to get to the bottom of it
<kirkland> hggdh: i gotta run for the night
<kirkland> hggdh: thanks dude!
<hggdh> kirkland: will do, and g'night
<storrgie> set up key based auth with ssh, but still get password prompts on one of my computers... any idea why?
<Scunizi> What's the best/easiest way to share a directory on a secondary drive with no password access for those on my LAN?
<osmosis> who is the server team manager?
<osmosis> as in, job description, Reports To:  Server Team Manager
<twb> Maybe https://launchpad.net/~ubuntu-server says
<twb> It's "owned" by mathiaz, for whatever that's worth.
<twb> (I tend to avoid lp, so I'm just guessing.)
<ScottK> He's not the server team manager
<ziesemer_> Can anyone here help me with a few basic questions concerning OpenLDAP under 9.10 or 10.04?
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<ziesemer_> OK, I was asking for that.
<ziesemer_> So dpkg-reconfigure no longer really does anything for OpenLDAP in Karmic in newer.
<ziesemer_> I.E., LDAP is pretty much unusable once installed, apparently without a large amount of additional configuration.
<ziesemer_> Two such guides I found for this are at http://ubuntuforums.org/showthread.php?t=1313472 and http://ubuntuforums.org/showthread.php?p=8154148 .  However, they vary quite a bit, etc.
<ziesemer_> Is there anything more official towards getting this running other than a forum post?
<ziesemer_> For example, the first one uses back_hdb for olcModuleLoad, the other uses back_bdb.la .  What's the difference?
<twb> ziesemer_: have you tried the ubuntu server guide?
<ziesemer_> https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html ?  Yes, but apparently it is very wrong and incomplete, as detailed in those forum posts.
<twb> Are you running 9.10 or 10.04?
<ziesemer_> Either.  I played with this previously on 9.10.  I'm trying to start from scratch on a 10.04 VM, since it'll be official in just a few weeks...
<twb> Have you looked at the 10.04 ubuntu-serverguide?
<ziesemer_> I couldn't find.  Google wasn't helping...
<ziesemer_> Was at least suspecting it wasn't done yet?
<twb> apt-get install ubutu-serverguide in whatever you're running
<ziesemer_> Oh - not available online?
<twb> I don't know if it's going to help, I'm just giving you the standard triage
<ziesemer_> np
<ziesemer_> Installed - how do I access?
<ziesemer_> No man page, etc.
<JanC> ziesemer_: dpkg -L ubuntu-serverguide
<JanC> should tell you what files were installed where
<JanC> it's probably some HTML files in /usr/share/doc/ubuntu-serverguide/
<ziesemer_> file:///usr/share/ubuntu-serverguide/html/C/index.html - thanks.
<uvirtbot> New bug: #562746 in php5 (main) "Apache2 wont start, missing lib - 10.04" [Undecided,New] https://launchpad.net/bugs/562746
<ziesemer_> Interesting.  They pretty much just copied one of the forum posts into the doc.
<uvirtbot> New bug: #562750 in apache2 (main) "Apache2 wont start, missing lib - 10.04" [Undecided,New] https://launchpad.net/bugs/562750
<axisys> anyone know of a csv to html tool that takes multiple columns and generate a html table and a bar chart ?
<twb> gnuplot?
<axisys> twb: gnuplot .. ok ... let me check it out
<twb> I don't know if gnuplot can emit the format you want specifically.
<twb> But it's the obvious way to turn data into graphs/charts.
<axisys> twb: i am new to it.. have not fig out how to plot yet ;-)
<twb> It's not exactly intuitive :-P
<macno> Hi, I have just installed a new machine with user's home encrypted. Now I need to run usermod -u but this not affect the unmounted home partition
<macno> can I mount the user's home from root?
<uvirtbot> New bug: #562832 in drbd8 (main) "module drbd8 update kernel from 2.6.32-16 to 2.6.32-20" [Undecided,New] https://launchpad.net/bugs/562832
<RobbieThe1st> I'm trying to get an email-server working on my Ubuntu 9.04 VPS. Checking my mail.log file, I see Apr 14 09:59:13 vps2735 postfix/master[28009]: fatal: bind 127.0.0.1 port 10024: Address already in use - Port 10024 is being used by Amavisd... what should I do?
<RobbieThe1st> To be honest, I really don't care about Amavisd - all I want is a simple email server up and running. The tutorials I followed(or tried to) had other ideas, however...
<_ruben> RobbieThe1st: then dont use amavisd
<_ruben> regarding the use of tutorials, the #postfix channel bot has a clear opinion abou tit
<_ruben> :30 < knoba> _ruben: "tutorial" : A very common problem is that some people prefer to follow a step-by-step tutorial that shows them how to setup their server w/out reading the documentation or understanding what they are doing. If
<_ruben>  something goes wrong, they have no clue whtsoever about where to find hints, and they sometimes decide to start from scratch using a different tutorial. This is not Th e Proper Way.
<RobbieThe1st> I'm trying -yet again- to uninstall it, yet for whatever reason, last time I did it Postfix was looking for Amavisd.
<RobbieThe1st> And, no its not the true way. Or the best way, but I can't understand all of the documentation, so I figure the best thing to do is to use tutorials until I get things mostly working, then experiment from there on my own
<pths> I'm wondering if the http://ppa.launchpad.net/ubuntu-ha/ is going to be fully implemented in the standard Ubuntu repo, or do I need to enable this to be running get the complete cluster stack?
<pths> *-get*
<persia> Good day.  In #ubuntu-powerpc we've been discussing oversized CDs.  The Ubuntu sever CD is one of those that is oversized on powerpc.  I wondered if the eucalyptus stuff could be safely dropped from powerpc because kvm doesn't support powerpc and we don't ship the IBM hypervisor.
<persia> If that's not enough (it ought be), I wonder if anyone would object to dropping other virtualisation bits (and would hope someone could give me a list of good candidates)
<uvirtbot> New bug: #562912 in munin (main) "munin-node plugin initialisation fails on ip_" [Undecided,New] https://launchpad.net/bugs/562912
<uvirtbot> New bug: #562919 in samba (main) "Lucid Beta2: Desktop Crash, then Unable to Boot" [Undecided,New] https://launchpad.net/bugs/562919
<ttx> persia: yes, that sounds like a good candidate for removal
<ttx> persia: however the eucalyptus.udeb might be linked from the "Install UEC" option on that CD
<ttx> persia: you probably would need to get rid of that as well
<persia> ttx: How is the "Install UEC" option defined?
<ttx> persia: I think it's directly on the ISO itself, let me check
<persia> My worry is that this may not be an arch-dependent-aware construction.
<ttx> persia: right, that's why I mention it
<persia> But I am fairly sure that attempting to do a powerpc cloud without IBM's hypervisor is doomed to failure :)
<ttx> syslinux/text.cfg has "menu label Install Ubuntu ^Enterprise Cloud"
<persia> (unless someone steps up and ports another hypervisor, but given that only a small proportion of hardware supports it, and all of that comes with IBM service contracts, ...)
<ttx> on the ISO itself
<ttx> then it points to /cdrom/preseed/cloud.seed
 * persia pulls debian-cd to see how that is constructed
<persia> ttx: Would you mind adding [!powerpc] to the relevant packages in the seed anyway?  I'll try to sort out how to make the option go away, but I'd rather a CD with a bug than an oversized CD.
<ttx> persia: that would be for package eucalyptus only ? (and then the deps will not get pulled ?)
 * persia looks at the seed
<ttx> persia: kirkland should upload a new eucalyptus today, could you sync with him when he is up ?
<binBASH> new eucalyptus?
<binBASH> ;)
<ttx> well, cherrypicking the last bugfixes from upstream branch
<binBASH> ok, just wondering because apt-get installed already new ones yesterday
<binBASH> didn't think it updates that often.....
<persia> Ugh.  Looks like it might be complicated, because the eucalyptus stuff is all split out in other seeds, which would need to be completely [!powerpc]'d
<persia> Or maybe better to have them [i386 amd64] ?  Does eucalyptus work on sparc/ia64?  I know it doesn't on powerpc/armel (no kvm).
<persia> ttx: But, yeah, I'll try to catch kirkland when it's daytime there.
<ttx> he should be around in ~1h
<ttx> I don't think it works on sparc/ia64
<persia> Then, yeah, we ought special-arch that stuff.
<binBASH> ttx: Do you know how to pass kvm parameters when running instances? I want the kvm instances launched with -vnc
<ttx> it builds, but I suspect kvm will play weird games
<ttx> binBASH: no, maybe ask in #eucalyptus
<persia> Well, we build qemu-kvm, so we end up with working qemu even when kvm isn't around.
<binBASH> ttx: Trying since some days now, I will ask in their forum
<persia> But yeah, I don't know enough about hypervisors for sparc/ia64 to know if it *can* work.
<binBASH> persia: I think it depends on the cpu features.
<persia> And ia64 CD is also oversized (although I don't personally care), so making it [i386 amd64] may help there as well.
<binBASH> not on the hypervisor itself
<persia> binBASH: Well, yes, but also on the implementation.  For example, kvm hasn't been ported to use PowerVM
<persia> (mostly because most folks who get hardware that has this feature are happy to get IBM's lower-level utilities and use that)
<Jeeves_> Does anyone here know if keepalived in Lucid supports ipv6?
<Jeeves_> Can't find anything about it
<zul> mvo: ping
<smoser> ttx, ping
<ttx> smoser: yo
<smoser> so the libsasl2-2 issue i mentioned.
<smoser> thats not really a bug, right, but an unsupported upgrade ?
<uvirtbot> New bug: #562960 in samba (main) "folder sharing in gnome not working in Lucid" [Undecided,Incomplete] https://launchpad.net/bugs/562960
<ttx> smoser: I suspect it doesn't happen on a true do-release-upgrade
<ttx> so it's taken care of by the upgrade script
<smoser> you are correct, it does not happen there.
<smoser> thats what i thought.
<ttx> smoser: then no, it's not a bug, it's an unsupported scenario that needs some effort to work
<ttx> smoser: we'll let you test a little your latest, give a chance to mathiaz to ack, and I can sponsor it EOD in any case
<smoser> well i just tested the hardy2lucid
<smoser> which is the only case in which the code i most recently changed fires
<ttx> hardy2lucidppa direct ?
<smoser> yeah
<ttx> yes, I tested that one a few mion. ago
<ttx> got my email ?
<smoser> right. i saw your mail and responded.
<ttx> ok
<smoser> as much as i can tell its right.
<smoser> it was a lot simpler once i understood what was needed....
<ttx> To test "real upgrade" we'ell have to get it into the archive anyway
<ttx> cn=config is on the long list of things I've got to find time to play with, unfortunately nowhere near the top
<smoser> your explanation in the bug was good, but having no familiarity with it, i was misled a bit.
<ttx> zul: mvo is not on this channel
<binBASH> help.ubuntu.com down?
<Pici> binBASH: its certainly taking a long time to access here.
<binBASH> Pici: I get here 503
<binBASH> Service Temporarily Unavailable
<binBASH> The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
<binBASH> Apache/2.2.8 (Ubuntu) mod_ssl/2.2.8 OpenSSL/0.9.8g Server at help.ubuntu.com Port 443
<Pici> binBASH: I'm poking some people about it.
<kirkland> persia: howdy
<uvirtbot> New bug: #563039 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/563039
<binBASH> Pici: Now I get some Squid error ;)
<persia> kirkland: Good day.  So, the powerpc CD is oversized, and I'd like to cut some stuff.  Am I correct that eucalyptus wants kvm, or does it also work against qemu?
<Pici> binBASH: Try again, it just started working for me.
<binBASH> It's back! thx Pici
<neuro666> hi, if I use lftp ftp://login:pwd@ip -e "cd / ; mirror -R  /DIR_DIST_BACKUP ; quit"    for save any ubuntu server, is there any risk?
<uvirtbot> New bug: #563053 in mysql-dfsg-5.0 (universe) "Please remove Mysql 5.0 from the archive for lucid." [Undecided,New] https://launchpad.net/bugs/563053
<sherr> neuro666: risk in what way? In the clear password presents some risk perhaps.
<b14ck> Hi all. I'm trying to configure my second NIC, I'm doing it via editing the file /etc/network/interfaces. Jere
<b14ck> *crap*
<acalvo> anyone using CUPS with SAMBA to store Windows drivers?
<b14ck> I'm trying to configure my second NIC with a public IP. I'm editing the file /etc/network/interfaces. I've got my public IP, netmask, and gateway that I need to assign. But do I need to specify a 'network' and 'broadcast' line in the config? What are those for? How do I find out what addresses to assign those if they are required?
<_ruben> b14ck: not required, they are automagically determined based on ip+netmask
<alvin> b14ck: What you want to do is not difficult. You just type your netmask, gateway, network, broadcast and address under the 'iface eth? inet static' line. See http://www.debian-administration.org/article/An_introduction_to_Debian_networking_setup
<alvin> Eh, as _ruben said. They are not required
<b14ck> Ah thanks you both. I'll read that guide too.
<b14ck> Appreciate it!
<uvirtbot> New bug: #563084 in bacula (main) "bacula-director-pgsql does not install cleanly with db-config" [Undecided,New] https://launchpad.net/bugs/563084
<persia> kirkland: So, ttx suggested that if eucalyptus does depend on kvm, it would be safe to drop it from the CD.  The menu adjustments in debian-cd seem already to be i386/amd64 specific.  What do you think about adding [i386 amd64] liberally to the euca* seeds?
<persia> Now if eucalyptus truly depends on kvm, it may make sense to set Architecture and P-a-s it, but if it works with qemu, maybe we can do a seed-only change.
<kirkland> ttx: persia: the only part of eucalyptus that actually depends on kvm is eucalyptus-nc (the node controller itself)
<kirkland> persia: that said, i don't have any interest in support eucalyptus on any architecture other than amd64
<jdstrand> zul: hi!
<zul> jdstrand: hey!
<persia> kirkland: Not even i386?
<kirkland> persia: personally?  no.  but we shouldn't drop i386 :-)
<jdstrand> zul: so on bug #559628 I think it should be marked "Won't Fix" per my comment #3
<uvirtbot> Launchpad bug 559628 in ntp "ntpd profile denies access to /etc/ld.so.preload" [Low,Triaged] https://launchpad.net/bugs/559628
<kirkland> persia: i think it would be acceptable to force UEC to amd64|i386 in the CD seeds
<kirkland> persia: and leave the builds in the archive for ambitious arm,powerpc,sparc users
<jdstrand> zul: basically, I think the apparmor profile is doing its job
<zul> jdstrand: sounds good to me
<persia> kirkland: OK.  I don't have write access to the server seed.  Would you mind adding "[i386 amd64]" to the relevant packages in those seeds?
<kirkland> persia: (the reason for my amd64 comment ...   amd64 hardware can host both 32bit and 64 guests; i386 hardware can only host 32bit guests
<persia> kirkland: Also, eucalyptus-nc probably wants to Recommend: qemu-kvm rather than "kvm" to avoid installing the transition packages on new installs.
<persia> Makes sense.
<kirkland> persia: good call
<persia> Thank cjwatson for it, really.
<kirkland> persia: i'll do it, if you'll double check my work for me before commit
<kirkland> ttx: are you okay with this?
<jdstrand> zul: do you mind 2nding my opinion and updating the bug then?
<persia> kirkland: Be happy to do so, thanks.  I believe this will get us burnable powerpc and ia64 CDs again (although we may need to find something else to trim).
<kirkland> persia: eucalyptus-nc recommending qemu-kvm committed
<zul> jdstrand: sure
<jdstrand> zul: thanks
<zul> jdstrand: done
<alvin> What package is responsible for changing entries in /etc/fstab to UUID on upgrade? I'd like to file a bug against it.
<ttx> kirkland: yes
<kirkland> cjwatson: persia: will this suffice?  http://paste.ubuntu.com/414373/
<ttx> kirkland: that's easily reversible if it breaks the world as we know it
<cjwatson> I'd recommend [amd64 i386]'ing the entire tasks, not just eucalyptus-*
<cjwatson> otherwise you have weird half-empty tasks on other architectures
<persia> cjwatson: Can that be done in STRUCTURE?
<ttx> RoAkSoAx: around ?
<b14ck> Hi guys, one of my network interfaces isn't working, but I can't figure out why
<b14ck> What command can I use to verify that my physical NIC port is UP and should start using the statically assigned IP when the ethernet port is plugged in?
<cjwatson> persia: no, sorry
<kirkland> cjwatson: hmm, i thought about that, but this didn't show me how:  grep "Task.*i386" *
<cjwatson> kirkland: I meant just every package in those tasks
<kirkland> cjwatson: ah
<persia> cjwatson: I hadn't thought so, but figured it was worth asking :)
<persia> So users will end up with empty tasks for ports, but that's fine, as if they want to install UEC, they ought be doing it on i386/amd64 anyway.  And if someone wants to fix it by getting it to work nicely on another arch, the packages are available, and we can change in the future (assuming there's space on the CDs)
<kirkland> persia: cjwatson: http://paste.ubuntu.com/414376/
<persia> kirkland: Did you mean to drop screen from all the lsits?
<kirkland> (note that i also dropped screen, which is no longer necessary since we have eucalyptus-udeb now installing the server seed too)
<kirkland> persia: yup
<persia> In that case, yeah, looks fine.
<kirkland> persia: i can do this in 2 separate commits, if you like
<persia> Doesn't matter to me, I just wanted to verify it was intentional :)
<kirkland> persia: yeah, thanks
<kirkland> persia: cjwatson: r1699 pushed
<alvin> I would really know the name of the package that is responsible for the change to UUID in /etc/fstab. Is it update-manager-core?
<kirkland> cjwatson: ttx: can we get a server cd build going for i386 and amd64 just to make sure this is good?
<persia> Excellent.  Does that need a -meta upload also, or should I see the effects on the next round of ports CDs?
<kirkland> alvin: totally guess here, but i'd expect mountall
<persia> If we're building ports CDs, can we do powerpc and ia64 too?  I want to make sure they get un-OVERSIZED from this.
<kirkland> persia: i don't know the answer to that question
<cjwatson> kirkland: not right now, needs a d-i upload first
<cjwatson> persia: it needs two non-empty publisher runs
<cjwatson> so I recommend against rushing to do CD spins in general for this, it will probably only confuse
<alvin> kirkland: Thanks
<persia> Right then.  I'll check at normal rebuild time.
<nimrod10> is there any other software to test hd performance other than iozone or bonnie ?
<RoAkSoAx> ttx, i am
<ttx> RoAkSoAx: about cluster stack status
<RoAkSoAx> ttx, well everything is in universe besides corosync
<RoAkSoAx> i mean cluster-agents, cluster-glue, pacemaker and heartbeat
<ttx> RoAkSoAx: did you file the sync requests
<ttx> ?
<ttx> with debian ?
<tgalal> I'm trying to automate install of ubuntu server on many machines using kickstart. All steps go fine except that setup complains about missing default route and needs user input.how do I bypass this?
<RoAkSoAx> ttx, i did
<ttx> RoAkSoAx: and they were taken care of yet ?
<RoAkSoAx> ttx, im waiting for FFe to be accept to be able to upload the latest packages
<ttx> RoAkSoAx: ok, maybe ping ScottK, would be good to have before the Freeze
<RoAkSoAx> ttx, i already did :)
<ttx> RoAkSoAx: ok
<ttx> RoAkSoAx: anything we can do to help ?
<RoAkSoAx> ttx, other than that, ivoks and I discussed what to do, and we decided to keep some packages in ubuntu-ha-maintainers and provide updates there.. and then I guess we could backport them
<RoAkSoAx> ttx, other than that.. I think we are pretty much all set with the new clsuter stack
<ttx> RoAkSoAx: sounds good to me
<RoAkSoAx> ttx, and I guess we'll try to SRU docs for the server guide
<RoAkSoAx> once polished
<ttx> RoAkSoAx: good wikidocs are ok anyway
 * ttx brb
<RoAkSoAx> ttx, ok then. We still have some work items left that I guess could be worked for maverick
<ttx> RoAkSoAx: ok, feel free to mark them "POSTPONED" on the blueprint whiteboard
<uvirtbot> New bug: #563114 in lm-sensors (universe) "w83697hf-isa-0290 wrong voltage values and tags" [Undecided,New] https://launchpad.net/bugs/563114
<RoAkSoAx> ttx, will do
<smoser> zul, kirkland woudl one of you be able to sponsor a openldap upload later today?
<zul> smoser: sure
<kirkland> smoser: sure
<smoser> we're hoping to get mathiaz review and sponsor, but if he doesn't come around then we'll need someone else
<zul> smoser: lemme know when
<smoser> we'll give mathiaz till 4:00 PM US/Eastern (20:00 UTC)
<binBASH> kirkland: Do you know how to pass kvm parameters when running instances? I want the kvm instances launched with -vnc
<kirkland> binBASH: through libvirt?
<kirkland> binBASH: if you're using libvirt, you need to edit the xml, or use virsh
<binBASH> kirkland: yup, I mean in eucalyptus btw. Didn't find any xml :(
<kirkland> binBASH: i'm not sure, i haven't tried
<binBASH> kirkland: http://forum.eucalyptus.com/forum/kvm-inbuilt-vnc
<binBASH> this is what I get :/
<b14ck> What's the best way to force 'ssh' to start at boot?
<b14ck> Mine doesn't start automatically for some reason.
<pmatulis> b14ck: you'll need to figure out why.  does manually running the init script work?
<RoyK> bladernr: /etc/init.d/ssh starts it, and /etc/rc2.d/Sxxsshd should be a symlink to it
<bladernr> RoyK:  huh?
<smoser> binBASH, are you looking to hack ?
<smoser> i can hack this for you
<binBASH> smoser: Just want to get it running somehow ;)
<b14ck> /etc/init.d/ssh starts it just fine
<smoser> well, on the NC there is /usr/share/eucalyptus/gen_kvm_libvirt_xml
<RoyK> bladernr: heh - s/bladernr/b14ck/
<smoser> that is the thing that writes the libvirt xml
<b14ck> I was thinking I had to run update-rc.d or something
<pmatulis> b14ck: no, you should not need to do that with ubuntu
<smoser> modify it, and put a vnc console stanza in, and then you will (untested) be able to get there via vnc.
<smoser> the difficulty will be in knowing which of the NC has the instance you just launched
<smoser> it is possible with log scraping on the CC
<b14ck> pmatulis, when I do an ls -la /etc/init.d | grep ssh, it is not a symlink
<RoyK> b14ck: no, the symlink is in /etc/rc2.d
<binBASH> smoser: That was indeed a very good hint, will try it later.
<binBASH> thanks a lot
<b14ck> oh, ya that symlink is there
<RoyK> Ssomethingssh
<binBASH> smoser: Within the script it's also possible for me to force mac address based on nodes hostname. Very good ;)
<smoser> well, ... maybe. you wont have much information to go on, though
<smoser> but it might work. i'm not sure.
<binBASH> I will try ;)
<smoser> binBASH, http://pastebin.com/B0A8K3Zc
<smoser> i did that, started an instance and verified connection
<smoser> however, you can't log in because ubuntu user and root doesn't have a password (in the UEC images)
<smoser> you'd have to set one .  that can be done scripted with 'echo ubuntu:ubuntu | chpasswd'
<smoser> or, possibly more clearly 'echo ubuntu:newPassWord | chpasswd'
<LMJ> Hi
<jjohansen> ttx: so yes basically Bug #542208 is the same and we need to blacklist the ATI ES1000 from kms
<uvirtbot> Launchpad bug 542208 in linux "Please blacklist i830 from Kernel mode-setting" [Critical,In progress] https://launchpad.net/bugs/542208
<v0lksman> anyone know how to set internal-sftp users umasks?
<pmatulis> v0lksman: create a new login class i guess
<v0lksman> just read that somewhere...how do you do that?
<v0lksman> (docs are fine...just no clue about that)
<pmatulis> v0lksman: man 5 login.conf
<v0lksman> yeah:  No manual entry for login.conf in section 5
<pmatulis> v0lksman: i'm sure you'll find what you need eventually
<v0lksman> "You" here is the upstream developers of OpenSSH, and they really did
<v0lksman> mean login.conf(5), since they're working on OpenBSD. Indeed it doesn't
<v0lksman> exist on Linux, though.
<v0lksman> i just need to make sure that when an sftp user uploads a new file it is group writable...
<pmatulis> v0lksman: maybe a wild cron job?
<v0lksman> hhaha...thought about it...but that just seem wrong...
<pmatulis> v0lksman: yeah
<v0lksman> openssh 5.4 has the ability built in...and there is a patch available for 5.1 but again seems wrong to have to go that route...I think I'm stuck
<pmatulis> v0lksman: run an OpenBSD server?  ;)
<v0lksman> hahaha...almost looking that way...I already had to break my LTS to get openssh5.1 so I could easily add chroot'd sftp users now this!  :)
<pmatulis> v0lksman: cjwatson is here and he is the maintainer.  maybe get his thoughts
<v0lksman> thanks!  hopefully he will chime in... :)
<pwnguin> MTecknology: approve my linked in group application!
<pmatulis> v0lksman: i found this: Subsystem sftp /bin/sh -c âumask 0002; /usr/libexec/openssh/sftp-serverâ
<v0lksman> pmatulis: I don't think that works with 5.1...that's for older versions of openssh (< 4.6) if I'm correct
<v0lksman> I bit the bullet and applied the patch to 5.1...not happy about it but it works...
<v0lksman> going to open a bug to see if it can be added in a backport or something...I hate having to maintain ssh on my own
<uvirtbot> New bug: #563202 in euca2ools "euca2ools often output error messages to stdout" [Undecided,New] https://launchpad.net/bugs/563202
<pmatulis> v0lksman: so you made your own package?
<v0lksman> yep
<pmatulis> v0lksman: ok
<v0lksman> http://sftpfilecontrol.sourceforge.net/ using that patch
<v0lksman> very simple patch...I think it got approved by openssh and is now part of 5.4
<uvirtbot> New bug: #563216 in openssh (main) "Openssh5.1p1 sftp file control" [Undecided,New] https://launchpad.net/bugs/563216
<binBASH> smoser: thx for patch, I'll try that
<uvirtbot> New bug: #551901 in krb5 (main) "likewise-open fails to join Windows 2000 SP4 domain" [Undecided,Confirmed] https://launchpad.net/bugs/551901
<arthurjohnson> Don't you love when your trying to help someone in an irc channel, and they just part without saying anything.
<arthurjohnson> So, I know this has been asked before, but does anyone know what the difference between a command line only install and a ubuntu server install?
<arthurjohnson> Other than the ubuntu-server kernel of course.
<MTecknology> pwnguin: please read directions
<MTecknology> pwnguin: If I wasn't clear then please let me know. However, I won't approve it until you follow that one simple step.
<uvirtbot> New bug: #563240 in mysql-dfsg-5.1 (main) "package libmysqlclient16 5.1.41-3ubuntu12 failed to install/upgrade: error writing to '<standard output>': Success" [Undecided,New] https://launchpad.net/bugs/563240
<uvirtbot> New bug: #563241 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu11 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/563241
<u0324> exit
<binBASH> smoser: I have to make this changes on cluster controller I think?
<smoser> node controller
<binBASH> ohh, ok
<smoser> i'm not sure what does the replacement of the hard coded strings
<smoser> such as BASEPATH or PRIVMACADDR
<binBASH> np, I will hardcode those anyways per node
<binBASH> like I said my provider forces ip addresses bound to the mac address of eth0
<binBASH> so I think all vms need to have same mac
<ghostlines> hi all, i mounted a ntfs partition with the -rw but can write to it even as root, any idea's?
<sipher> I'm trying to setup a cloud, 1 cluster controler, 2 nodes. I can't start the images. Does ubuntu cloud REQUIRE kvm?
<sipher> if not, the images are constantly stuck in a "pending" state...
<sipher> that or they will fail almost immediately. ...goes to terminted.
<NCommander> coffeedude: ping?
<NCommander> anyone around who can do an upload of likewise-open?
<uvirtbot> New bug: #552829 in eucalyptus "In rare cases, if the SC fails to export a volume, volume state is not correctly updated" [Wishlist,Fix committed] https://launchpad.net/bugs/552829
<uvirtbot> New bug: #552883 in eucalyptus "When volume creation fails, storage statistics are incorrectly updated in some cases" [Wishlist,Fix committed] https://launchpad.net/bugs/552883
<zul> NCommander: sure
<NCommander> zul: I'm just waiting for GrueMaster to complete the validation, but it appears we have a working likewise-open on ARM (finally) :-)
<zul> NCommander: nifty i can do the upload for you if you want
<uvirtbot> New bug: #545000 in eucalyptus "walrus, create_bucket with spaces" [Undecided,Fix committed] https://launchpad.net/bugs/545000
<rgreening> ScottK: ping
<NCommander> zul: thanks, I'll have the debdiff ready to go in a few minutes
<zul> NCommander: just lemme know
<NCommander> zul: just got the "Ok, it works" message :-)
<zul> NCommander: pass on the debdiff then
<NCommander> zul: doing so now
<NCommander> zul: http://launchpadlibrarian.net/44182186/likewise-open.debdiff & https://bugs.edge.launchpad.net/ubuntu/+source/likewise-open/+bug/517300
<uvirtbot> Launchpad bug 517300 in likewise-open "[armel] likewise-open needs porting to ARM" [High,In progress]
<NCommander> zul: (sorry for the size of the debdiff, but autoreconf really clutters it up)
<zul> NCommander: ick
<NCommander> zul: sorry, I know this is painful :-/
<zul> NCommander: you didnt update the debian/control when you did ubuntu1, just doing a test build now
<NCommander> zul: no, your not supposed to
<zul> NCommander: eh?
<NCommander> zul: this is an ubuntu native package directly maintained by likewise-open. I know the versioning is skewed.
<NCommander> Its not a sync from Debian :-/
<zul> NCommander: k
<tgalal>  I'm getting debootstrap warning while installing with kickstart file ubuntu/dist/karmic/restricted/binary-amd64/packages was corrupt
<tgalal> http://ubuntuforums.org/showthread.php?p=9122485#post9122485
<kirkland> hggdh: dude, just switch the keyboard and mouse cables
<kirkland> hggdh: :-)
<kirkland> hggdh: that shouldn't hang your host
<NCommander> coffeedude: ping me when you reappear :-)
<hggdh> kirkland: heh. I had not understood the first comment, but the second cleared it :-)
<kirkland> hggdh: and if you keep hanging your hosts, you'll probably end up in jail
<hggdh> kirkland LOL
<kirkland> hggdh: :-)
<coffeedude> NCommander, pong
<NCommander> coffeedude: fixed likewise-open on ARM again, and got gruemaster to test it against an AD; it works
<RoyK> omg. seems all air traffic in Norway might be closed because of volcanic ash from Iceland
<sipher> No air traffic was allowed in a large area above and around the eruption site
<zul> NCommander: done
<guntbert> !ot | RoyK sipher
<ubottu> RoyK sipher: #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics. Thanks!
<NCommander> zul: thanks
<sipher> guntbert I asked my question 2 hours ago :p
<zul> NCommander: no probs
 * sipher listens to crickets.
<tgalal> anyone familiar with network installation with kickstart?
<zul> kirkland: dont they hang hosts in texas as punishment anyways?
<kirkland> zul: you know it ;-)
<NCommander> coffeedude: ARM fixed likewise-open uploaded to the archive.
<Daviey> tgalal: Yes, but you would be better asking your real question :)
<tgalal> Daviey, everything is going fantastic with installation with ks file, except that a Debootstrap warning shows and say restricted Packages was corrupt. when I click continue, installation continues normally and finished.
<RoyK> sipher: .no is quite far from .is.......
<sipher> RoyK that was quoted from a repescted news source.
<Daviey> tgalal: What are you using as a mirror?
<coffeedude> NCommander, I only saw the debdiff.  Is there a new upload to main already with the patch?  Or you need me to review the patch and include it for the next upload?
<coffeedude> NCommander, I'm working on a new upload now but have not had time to review the patch yet.
<NCommander> coffeedude: it just got uploaded about five minutes ago
 * Daviey goes afk
<NCommander> coffeedude: your not going to be able to upload past today
<NCommander> We enter final freeze tomorrow
 * zul wonders off
<coffeedude> I thougth the 15th was the freeze?  That's tomorrow.
<NCommander> coffeedude: generally speaking, you want everything in the day before final freeze.
<coffeedude> NCommander, that would have been good to know before now.
<NCommander> coffeedude: sorry about that, thats why I scrambled to get likewise-open uploaded with the ARM patch since if it didn't go now, there was a chance it wasn't going to go :-/
<NCommander> coffeedude: what changes are you making; you might still be able to upload past final freeze until release
<coffeedude> NCommander, so....I have no idea about your dcerpc changes.  it makes me nervous to have it uploaded without having run through my tests.
<NCommander> coffeedude: the !arm code is untouched.
<coffeedude> NCommander, small changes.  postinst fix, one more patch to fix an issue with domainjoin-XX leave.
<NCommander> coffeedude: we can back out the armel change if it fails your tests after the fact (its easier to remove than to add)
<coffeedude> NCommander, k.....I maybe out of luck anyways....since I can't upload without going through sponsorship and I still have my US taxes to file by midnight tomorrow....
<coffeedude> NCommander, I'll just keep working and if the upload has to be a patch after release, so be it.
<tgalal> Daviey, I'm using another ubuntu server
<tgalal> Daviey, in my network
<NCommander> coffeedude: that sounds like thats acceptable for upload past final freeze. I can help you track down a sponsor if need be
<tgalal> Daviey, I moved the installation files inside /var/www/ubuntu
<coffeedude> NCommander, pitti has been helpful but I hate to always ask for more work for him :)
<tgalal> Daviey, the installation works fine and completes normally .. except for the above error
<tgalal> Daviey, suggestions
<tgalal> ?
<ScottK> RoAkSoAx: I'm good for your 4 FFe requests now (just got back from a $WORK thing).  Please just copy/paste this into the bugs and go ahead.
<ScottK> rgreening: Pong
<RoAkSoAx> ScottK, awesome. Thank you!
<smoser> ok, kirkland zul i've given up on mathiaz for today.
<smoser> i need a sponsor for  lp:~smoser/ubuntu/lucid/openldap/lucid.dev
<smoser> kirkland, zul ^^
<binBASH> smoser: the patch works
<binBASH> just need to find out now how to change vnc ip because it bound to 127.0.0.1
<smoser> yeah, i'd tested it, but you sitl have to figure out where it got run and what port vnc on and such.
<smoser> that is strange.
<smoser> see libvirt xml doc
<smoser> it says how to do that
<binBASH> it's default
<binBASH> where it runs is not so problematic, I could send out mail via the perl script for example
<binBASH> ;)
<zul> smoser: ok on it
<kaffien> having problems with cron making duplicate backups  for some reason  http://pastebin.com/mrdc5uZY shows my script, the results and my cronttab if someone could review it.  I can't seem to find anything that would cause duplication.
<zul> smoser: done, although I had to fix the changelog again
<RoyK> kaffien: I'd use rsync if I were you, for a start
 * zul wonders off again
<smoser> zul,  you had to move from "UNRELEASED" , right?
<smoser> that was all
<kaffien> RoyK, might be a good idea
<kaffien> can rysync look for the latest file in   folder  X/ with the name starting with lsm2k8?
<zul> smoser: yep
<kaffien> is rsync suitable for files  sized 7GB - 45 GB?
<kaffien> ug this is confusing hehe
<RoyK> kaffien: no problems with large files and rsync
<kaffien> didnt think so
<kaffien> i don't understand this command very well
<RoyK> early 32bit rsync had problems with >2GB, but I guess that's mostly history
<RoyK> rsync -avP -e ssh somehost:/theirpath /mypath
<RoyK> very verbose version, though. -a will do the same, but verbosity can be fine for a start
<kaffien> the backup device is local
<RoyK> you don't need somehostess: unless it's remote
<kaffien> i need to be able to tell it to copy  /backup/file.tgz   /rd1000   but it has to look through about half a dozen files with the same name  (date attached to name)  and copy only the latest
<RoyK> kaffien: rsync will do that by default
<RoyK> you may add -c to use md4 checksumming to make sure the right stuff gets over
<RoyK> but mostly it just looks at size/timestamp and that should be sufficient
<kaffien> so i  rsync -avcp /backup /rd1000 ?
<kaffien> keep in mind that /rd1000 will only be carrying the newest files
<kaffien> not the whole folder
<RoyK> -a includes -p
<RoyK> man rsync
<RoyK> -P is (--progress --partial)
<kaffien> oh
<kaffien> but i can only specify directories not files
<RoyK> also, doing rsync -avcP /backup/. /rd1000 (mind the space) might be better - if rd1000 exists, /backup/rd1000 will be created if you just do rsync -avcP /backup /rd1000
<metalfan_> hi
<RoyK> just rtfm - there are --include and --exclude statements for rsync
<metalfan_> server was running for about 180 days just fine, now it starts and says:  :/ waiting for /dev/server-bohlsen something
<kaffien> sorry, just finding the manual confusing
<metalfan_> why cant it find the lvm mapping?  the hardware wasnt changed
<RoyK> kaffien: do some testing - rsync is quite easy, but depending on your needs, you might need to do it right, yourself
<metalfan_> kaffien, rsync has this ugly behavior that "rsync target source" and "rsync target/ source" mean different things
<RoyK> metalfan_: no, source target, not target source
<metalfan_> yes, my fault
<RoyK> just use rsync -a /some/source/. /some/target
<metalfan_> i was hinting at the "/"
<RoyK> that works
<RoyK> yeah - i know
<kaffien> anyhow my problem isn't with the cp command
<kaffien> its cron
<kaffien> cron is doing something funky
<kaffien> the script only double copies files when i run it via cron
<RoyK> rsync won't do that
<kaffien> probably will if cron runs it
<kaffien> lol
<RoyK> no
<RoyK> I use rsync a LOT
<RoyK> with terabytes of data
<kaffien> ah i see
<binBASH> smoser: I found it out, had to specify listen='0.0.0.0' attribute
<smoser> binBASH, you actually could be ok with the bind to localhost
<smoser> you could live with that by having ssh in as a user and using ssh tunneling
<binBASH> yup
<smoser> ie: ssh -L 5900:localhost:5900 vncuser@node-controller
<binBASH> I am connected via vnc.
<binBASH> though there is no login screen
<binBASH> only qemu bios ...
<binBASH> it logged everything else in the logfile I think
<binBASH> have to find out now how to enable login console ;)
<binBASH> A task for tomorrow, going to bed now.
<binBASH> good night and thx again smoser for all the help
<smoser> binBASH, hm.. i got a console login
<smoser> but it failed in my test
<binBASH> huh?
<binBASH> :)
<smoser> but i migh thave enabled serial console in some other debugging on the instance that i ran
<smoser> humm...
<smoser> i'd have to look at it
<binBASH> smoser: The serial type is set to file in the xml so it can't have a console I think
<binBASH> has no console section, I'll add one so I can connect using virsh console
<kaffien> hrrrm i did that wrong
<kaffien> its syncing the whole directory
<kaffien> i see how i would exclude certain files but not how to only backup the first of  2010-04-14 2010-04-13 2010-04-12   i only want 2010-04-14 to copy
<smoser> binBASH, yeah, i wsa misguided above commenting about console
<smoser> but you have to replace the console section that is present
<smoser> and then get-console-output will fail
<smoser> ie, instead of to a file you want to at tty
<gzmask> do I need an intel VT or AMD-V enable cpu to run UCE?
<uvirtbot> New bug: #393396 in quota (main) "warnquota mail template stored in static strings within the executable, impossible to customize or translate" [Low,Confirmed] https://launchpad.net/bugs/393396
<Xpistos|work> HI all.
<Xpistos|work> Can someone give me a hand with a permissions issue?
<hggdh> Xpistos|work: just stae your issue, hopefully someone will help ;-)
<Xpistos|work> I have a folder that for some reason is telling me it is read only but I chmod it and no change?
<gzmask> did you sudo before your chmod?
<Xpistos|work> gzmask: yes
<Xpistos|work> sudo chmod -r 766 /foldername
<gzmask> what's the "ls -la" detail for that file?
<hggdh> er. You really want 766?
<Xpistos|work> Not really, but I want to get it working first
<hggdh> so, as gzmask asked for, give us the 'ls -la /foldername'
<hggdh> Xpistos|work: pastebin if needed
<Xpistos|work> drwxrwxrw-  9 xpistos xpistos  8192 2010-03-25 10:55 torrent
<Xpistos|work> The folder is it's own drive mounted in /home/data/torrent and it is NFS and SSH
<Xpistos|work> remote or local I get the same issues
<Xpistos|work> I just started doing this about a week or so ago
<Xpistos|work> and the install was done back in december
<Xpistos|work> when I run the chmod it asks for a password and that is it
<Xpistos|work> but there is no change when I try to rm a file
<hggdh> Xpistos|work: you want to change the permissions on all subfolfers and files under it?
<Xpistos|work> chmod -R
<hggdh> better
<hggdh> :-)
<hggdh> also, is this a soft link?
<Xpistos|work> I don't believe so
<Xpistos|work> I have an NFS share set from it however if that makes a difference, mounted in my laptop's home partition
<hggdh> oh. This is a *remote* folder/fs?
<Xpistos|work> no
<Xpistos|work> The issue is on the server
<Xpistos|work> but I noticed it on the laptop
<Xpistos|work> if I ssh in to the server, same problems
<Xpistos|work> I can mv files from this one folder elsewhere, I can rm -rf files from the SSH, but I can't delete from my NFS share and I can rename anywhere (SSH or NFS)
<Xpistos|work> i haven't tried sshfs but I don't know that would make a difference since ssh isn't doig the job either
<hggdh> and you cannot change the permissions at the server either?
<Xpistos|work> it doesn't give me an error, but it still doesn't work
<Xpistos|work> I use the laptop most to move the files and use filezilla  as well but it is just with that specific folder
<hggdh> Xpistos|work: if you chmod from the laptop (i.e., remotely) what will happen will depend on the permissions NFS gave you
<hggdh> now, locally, if there are no ACLs involved, a chmod should work
<hggdh> you said it is a filesystem by itself. WHat type?
<Xpistos|work> ok
<Xpistos|work> if I try and chmod from the laptop
<Xpistos|work> chmod: changing permissions of `Torrents/': Read-only file system
<Xpistos|work> chmod: cannot access `Torrents/lost+found': Permission denied
<Xpistos|work> etc
<hggdh> heh. There is your answer... from your laptop this is a read-only FS.
<Xpistos|work> but I never had it set that way and when I ssh in to my server, it is no I still can minipulate files
<hggdh> Xpistos|work: if you access it via NFs, NFS will impose its own permissions
<Xpistos|work> I have rw in NFS
<Xpistos|work> let me check my exports
<Xpistos|work> SOB!
 * hggdh thinks an answer was found...
<Xpistos|work>  data/torrent     192.168.1.2(ro,async) nfs defaults 0 0
<hggdh> good, now you know why
<hggdh> brb
<Xpistos|work> now if I can remember how to restart the nfs
<Xpistos|work> Stupid!
<Xpistos|work> All this time
#ubuntu-server 2010-04-15
<Xpistos|work> hggdh: I think I did this inadvertently when I added my wifes NFS shares when I got her moved over to linux. I didn't have anything in my downloads for a few weeks that is why I didn't' notice and I must have looked at the wrong line when I check my exports before.
<Xpistos|work> hggdh: Thanks for you help
<Xpistos|work> and oddly enought I can fo things in my NFS share now
<Xpistos|work> hmm?
<hggdh> :-)
<RoAkSoAx> is there a list of all the server packages that use upstart instead of the LSB init scripts?
<MatBoy> is there a date around when 10.04 can be released ?
<ScottK> MatBoy: April 29
<zul> happy happy joy joy
<medex> How can I update my version from the terminal no gui?
<Pici> medex: do-release-upgrade, check --help for options
<hazmat> is there a way to make ubuntu not try to use gcj for all the java packages?
<hazmat> i've got a 'real' java installed and identified as such for java alternatives
<hungnv> hello all, I create samba share for other ubuntu clients, then I mount at clients, some works well, some I get problem : mount : cannot allocate memory
<hungnv> http://pastebin.com/bFanKYYZ at client dmesg shows that problem
<hungnv> please give me a solution
<ScottK> hazmat: There is an #ubuntu-java.  I don't know if they'd be able to help.
<hazmat> ScottK, thanks
<lifestream> Could anyone help me with .... setting up NAT(?) so I can use Linux (host) to connect to a program (server) that is on a virtualbox guest? (I am on the #vbox channel too)
<lifestream> I don't understand what this means:
<lifestream> We have a Guest Machine with a running ssh server which accepts connections on the TCP port 22. Our goal is to make any packet arriving at a given TCP port (i.e. 2222) of the Host machine, to be forwarded to the TCP port 22 of the Guest Machine.
<lifestream> Wait... nevermind, I think I'm following the wrong tutorial.
 * lifestream is away: afffkkkkk
<maxagaz> I can I check the activity of the network in live ?
<maxagaz> how
<KurtKraut> maxagaz, what do you mean precisely by activity? Give us an example.
<maxagaz> KurtKraut, I'd like to be able to check the activity of the network between each node
<KurtKraut> maxagaz, 'activity' still an abstract idea.
<KurtKraut> maxagaz, bandwith? what IP and port being used? Read the packets content?
<maxagaz> KurtKraut, I mean the size of datas going between nodes
<KurtKraut> maxagaz, in real time or you want it logged?
<maxagaz> KurtKraut, in real time
<maxagaz> KurtKraut, my network is often slow, but I don't understand why, it would be easier to see if I can monitor the traffic the traffice between computers
<KurtKraut> maxagaz, try the following packages? bwm-ng and nethogs
<KurtKraut> maxagaz, try the following packages? bwm-ng and nethogs
<KurtKraut> oops
<KurtKraut> maxagaz, try the following packages: bwm-ng and nethogs. They may give you the data you need.
<KurtKraut> maxagaz, another good resource is http://www.ubuntugeek.com/bandwidth-monitoring-tools-for-linux.html
<krezel> I'm running Karmic and I need to run an old webapp that relies on PHP4 and I believe to be suspect from a security standpoint. What's my best option? chroot jail? Compile php4 and run it alongside php5 but with the app isolated by mpm-itk?
<ScottK> Best is don't do it.
<krezel> I seem to hear that a lot :)
<ScottK> It's good advice.
<ScottK> If you really need to run php4, set up a Dapper system (in a vm or something).  Dapper has another ~year of security support and has php4.
<krezel> Hmm, I'm already on a vm (linode) but I could probably set up dapper in a chroot jail, right?
<ScottK> No idea, but presumably.
<kees> krezel: chroots are not secure containers.  they should only be used for testing.  if you have no choice, I would port it to run with php5, and then confine it with apparmor.  there are good examples in lucid, but should work in karmic too.
<krezel> kees: Sadly I don't think this steaming pile of dung will take the upgrade to php5 well. Its basically a big custom phpwiki and I wouldn't even know where to start
<ScottK> Which gets back to my initial advice
<kees> :(
<krezel> The fun never ends
<jasonmchristos> what tracker software does torrent.ubuntu.com use? i want to setup my own tracker
<darkk^> kees, by the way, what's wrong with chroots as soon as user does not have root in the chroot?
<darkk^> yes, root can almost always escape from the chroot, but how can ordinary user do that?
<_minerva> hi
<kees> darkk^: depends on the chroot, but many have /proc mounted, which can expose kernel interfaces.  chroots are better than nothing, but there are much better solutions.  :)
<jjohansen> ttx: for bug #546743 is the proper solution but we are kind of out of time there so I think for server we can get away with changing /etc/modprobe.d/radeon-kms.conf to have options radeon modeset=0
<uvirtbot> Launchpad bug 546743 in linux "Blank screen at first boot with ATI ES1000 and 10.04 server" [High,Confirmed] https://launchpad.net/bugs/546743
<ttx> jjohansen: that would only affect server ? Which package is this shipped in ?
<jjohansen> xserver-xorg-video-radeon
<jjohansen> ttx: hrmm, well I assume there is a way to only make it affect server
<jjohansen> I could be wrong
<ttx> jjohansen: maybe it shouldn't just affect server anyway
<ttx> jjohansen: I don't think server ships with xserver-xorg-video-radeon ? Or do I get something wrong ?
<jjohansen> well I think some desktop people would be awful unhappy if kms was off by default
<ttx> .. probably :)
<jjohansen> ttx: well that is the desktop package
<jjohansen> I guess
<ttx> jjohansen: can we move this to #ubuntu-release ?
<jjohansen> its installed here, I didn't even think to look in the server install
<jjohansen> sure
<uvirtbot> New bug: #563642 in tomcat6 (main) "tomcat6 (6.0.24) "Duplicate local variable" error" [Undecided,New] https://launchpad.net/bugs/563642
<jjohansen> ttx: is there anyone else with ES1000 hardware who can test soon?
<ttx> jjohansen: there are affected servers in the London DC, but I don't have contacts there
<ttx> jjohansen: we can also ask in the bug, reporters were pretty responsive
<jjohansen> ttx: sure, but I am talking with in hours
<ttx> jjohansen: otherwise fader should be up in ~3 hours
<jjohansen> okay I'll let apw know
 * apw jerks awake
<Guest70176> hi there
<Guest70176>  maybe someone got a clue! i installed in UEC mode from the cd installer. one host for clc walrus etc, and one host as a nc. everything is working fine. QUESTION: how do i log into the nc?? in the installation process i wasn't ask for a passwort :o
 * ttx admires the kernel team capability to suspend/resume
<ttx> Guest70176: you should use the same as the CLC
<ttx> Guest70176: it's preseeded from whatever you chose on the CLC
<ttx> the NC takes a lot of installation defaults from the CLC
<Guest70176> ttx: aaah so it's the user / pwd i choosed from the installation on the CLC?
<ttx> yes, and feel free to change them if you need different ones
<Guest70176> ttx: ohman, thanks! that should go in the documentation :)
<ttx> Guest70176: it's a wikipage, fix it :)
<Guest70176> ttx: this one, aye? https://help.ubuntu.com/community/UEC/
<ttx> Guest70176: I'm not sure it's up to date anyway
 * ttx looks
<ttx> a quick note on Step3 that the node will inherit user/password from the CLC could help yes
<e-DIO-t> ad ogni modo: Yo!
<VSpike> Is there any way I can get squid-2.7.STABLE9 onto 9.10 server?
<franjpr> I am running ubuntu server 9.10. The other day it failed to start. It halts in the init steps. Any idea what to do?. Thanks
<VSpike> franjpr: did you try the recovery mode?
<VSpike> franjpr: do the last few lines of output contain anything interesting?
<franjpr> vspike: yeah, I tried the recovery mode. Same result
<alvin> franjpr: And the last messages you see?
<franjpr> last lines are init: ureadahead-other...
<franjpr> or whatever process
<alvin> ah, try pressing 'M' at that point.
<franjpr> let me check
<alvin> If my suspicion is right, it should give you a recovery shell
<franjpr> no, it justs prints M or m in the screen
<franjpr> the boot process stops with init steps
<alvin> And if you press 'S'?
<franjpr> the same
<franjpr> I can type in the screen
<franjpr> but there is no command line
<franjpr> last line, init: ureadahead-other main process (652) terminated with status 4
<franjpr> I read on a thread that this message does not interfere in the boot process
<franjpr> and I do not know what to do
<alvin> I have the same on all servers, but if I press 'M', the recovery shell appears and I can mount remaining filesystems manually. Just like you, the last lines are ureadahead... and I can't see what error actually occurs (filesystems not mounting)
<franjpr> not in my case
<alvin> franjpr: What's your disk layout? Are you using mdadm or lvm?
<franjpr> there is no recovery shell
<franjpr> lvm
<alvin> Do you have snapshots?
<franjpr> no
<alvin> Do you have more than 4 lvm volumes?
<franjpr> no
<alvin> In that case, it's something I did not encounter yet.
<franjpr> just two hdd
<franjpr> one /dev/sda
<franjpr> and another /dev/sdb
<franjpr> in /dev/sda
<alvin> no mirror?
<franjpr> no
<franjpr> it is a very simple server
<alvin> and single user mode (recovery in grub) gives you the same output?
<franjpr> in /dev/sda I have /dev/server-root
<franjpr> and /dev/server-root/boot
<franjpr> or something like this
<franjpr> yes
<franjpr> I go to grub menu
<franjpr> and select recovery
<franjpr> and I get the same result
<alvin> Ah, a separate boot! Since karmic, I have stopped using that because of bug 462961
<uvirtbot> Launchpad bug 462961 in grub2 "auto-resize install renders previous system with separate /boot unbootable" [Medium,Fix released] https://launchpad.net/bugs/462961
<alvin> This is a fresh install or an upgrade?
<franjpr> this is an upgrade from 9.04
<franjpr> but it has been working
<franjpr> normally
<franjpr> untill yesterdayi
<alvin> With 9.10 in between? Or did you switch sources?
<franjpr> I upgraded from 9.04 to 9.10, just following the upgrade process from ubuntu
<alvin> Ah, ok. I thought you were on Lucid.
<franjpr> ah no
<alvin> Nothing else in /etc/fstab? NFS mounts, CIFS mounts?
<franjpr> fstab?
<franjpr> I can run an ubuntu server cd
<alvin> Yes, /etc/fstab, where your mount points are defined
<franjpr> and edit whatever file
<franjpr> I have not changed anything these days
<alvin> I would do that. Check the contents of /etc/fstab (or post them here, using pastebin)
<alvin> No recent kernel upgrade either?
<franjpr> I can check the file
<franjpr> I can't tell right now
<alvin> You didn't change anything in the BIOS?
<franjpr> however I  have tried to select other kernels from grub menu, with the same result
<whom> i have a local code <div>'Ã§a'  </div> , remote server is ubuntu, via ftp, i upload my code, i check it back from server, output is:  'ÃÂ§a'   , what is wrong?
<franjpr> no, when before this issue. Afterwards, I have tried.
<franjpr> let me check fstab
<franjpr> alvin: I am running ubuntu server cd
<franjpr> repair broken system
<alvin> Yes, answer a bit more questions and choose to have a shell in /
<franjpr> I have /dev/sda /dev/sdb /dev/server/root /dev/server/swap_1
<alvin> /dev/server/root
<franjpr> let's the fstab
<franjpr> the seems to be correct
<franjpr> nothing has been changed
<uvirtbot> New bug: #563752 in samba (main) "3.0.28a-1ubuntu4.11 has new "unix extensions" parameter default to yes, wreaking havoc on existing configs" [Undecided,New] https://launchpad.net/bugs/563752
<alvin> franjpr: I'm not suggesting anything is wrong with your /etc/fstab. Neither is anything wrong with mine, but most servers do not boot either.
<whom> i did set binary, and transfer one line to that ubuntu server, i read it back , it gives me broken chracters. then i also send in ASCII same. whats the point now?
<whom> i have a local code <div>'Ã§a'  </div> , remote server output is:  'ÃÂ§a'  ?
<franjpr> alvin: I am a bit lost. I do not know how to proceed to recover the server.
<alvin> franjpr: Me neither. I encounter boot problems on a daily basis, but yours are new. I wish there was a log somewhere. I think you can set mountall to debug mode, but do not know how. Anyone?
<alvin> Aer your lvm volumes defines by UUID in /etc/fstab, or are they /dev/mapper/server-root, etc,...
<franjpr> by uuid
<alvin> Try changing them back to /dev/mapper
<franjpr> ok+
<franjpr> however it seems they are mounted correctly
<whom> alvin, franjpr : in my centos LANG=en_US.UTF-8, i have a local file with only this value: 'Ã§a' , when i use upload ftp (ascii/binary)  that file, which is hosted ubuntu server,  and again if i download it back, the same file value gets changed to this: 'ÃÂ§a' , do you read me!!
<franjpr> at least they are identified and fsck checks them
<franjpr> afterwards, in the init steps...
<alvin> whom: We're not a helpdesk. Read up on ASCII vs BINARY file transfers by FTP.
<alvin> franjpr: Still halts? (try 'M' now if it does)
<whom> alvin, i am not  a client also, came in the community, i did ASCII and Binary transfer both same result, but when i cent my centos box to another remotelocation same centos the same characters output same. What is the point, ubuntu ftp server is not listening or miss configured?
<whom> alvin, anyway you are not listening, like all of those broken neck. you dont know this simple point dont you? shame on you, playing with big toys.
<franjpr> alvin: I changed in fstab all uuid to /dev/... with the same result
<franjpr> the partitions are correctly identified
<alvin> This is bad. What could it be then?
<franjpr> no idea
<alvin> Did you press 'm' this time?
<franjpr> partitions are checked
<franjpr> then stops
<alvin> You could file a bug against mountall, but I wouldn't know what information to provide in your case, except for the description; https://bugs.launchpad.net/ubuntu/+source/mountall
<franjpr> after the last line init:whatever...
<franjpr> the cursor blinks
<franjpr> you can type m or M
<franjpr> hit enter
<franjpr> go to the next line
<franjpr> but nothing happens
<alvin> No, it should give you a rescue shell. In your case, something crashes, but I don't know what.
<franjpr> yes
<franjpr> i do not know
<franjpr> and i do not know what to report
<alvin> Just where your boot halts, what the last messages are, your kernel version, mountall version and /etc/fstab I think.
<ttx> smoser: around ?
<smoser> here
<smoser> whats up ?
<ttx> smoser: about openldap's latest comments from mathiaz, I assume you uploaded before he commented ?
<ttx> smoser: if so, We should create a bug to track the remaining items
<ttx> alvin: re: mountall logs: you can edit /etc/init/mountall.conf so that the mountall line reads:
<smoser> we did upload before he commented, kyes.
<ttx> exec mountall --debug --daemon $force_fsck $fsck_fix > /dev/mountall.log
<ttx> smoser: ok, I'll create a bug for the remaining stuff
<smoser> ttx, yeah. i can try to gake a quick stab at it and race the Final Freeze
<ttx> smoser: I doubt that, given we are already frozen
<smoser> oh.
<smoser> did not realize that.
<smoser> so yeah, thats an unlikely race to win
 * smoser searches for that flux capacitor ... i know its around here somewhere
<ttx> alvin: about your boot issues on 10.04
<ttx> alvin: iiuc you have two issues: one is that it fails to mount things, and the other is that it fails to tell you about it. Is that correct ?
<ttx> alvin: about the first, are you running on LVM ? about the second, what are your kernel options ? About both, do you already have opened bugs about those ?
<alvin> franjpr: look at what ttx posted for your mountall debug options. (I'll enable that too)
<ttx> alvin, franjpr: fwiw I usually make a copy of /dev/mountall.log to /ev/copy.log while in M mode, I saw some file clobbering when I made the install continue after that
<ttx> franjpr: that said, I don't think it would work for 9.10
<alvin> ttx: Actually, I have more than those 2 issues with Lucid. Still examining a bit before filing the bug. Plymouth fails to tell me when using ubuntu-server, but the keys do work (S, M,...) The other one is: as soon as I create a snapshot, one machine gets into grub rescue, the other will not be able to mount all filesystems.
<ttx> alvin: I'll try to reproduce the "fails but keys do work" one
<alvin> and the last is: when creating a snapshot, sometimes the snapshot gets mounted instead of its parent. I filed that one yesterday and it's only on upgrades. > bug 563117
<uvirtbot> Launchpad bug 563117 in mountall "Release upgrade converts /dev/mapper entries in /etc/fstab to UUID" [Undecided,Confirmed] https://launchpad.net/bugs/563117
<alvin> ttx: Easiest way is to snapshot an lvm volume
<alvin> and reboot
<ttx> I know that Foundations are still working on a slew of mountall issues
<alvin> WHat is Foundations?
<ttx> the group that works on ubuntu foundations for both desktop and server, that includes the boot process
<alvin> Ah, cool
<alvin> I see the trouble with lvm snapshots on both server and desktop, but they react differently. Probably because the server has mdadm raid1 too. That one is the worst because it only gets into as far as grub rescue.
<uvirtbot> New bug: #563805 in samba (main) "mount.cifs won't mount shares; set uid bit not set" [Undecided,New] https://launchpad.net/bugs/563805
<Jeeves_> Any apt specialists here?
<Pici> Depends what the question is.
<Genk1> hello, is there a way to crypt all the traffic network of a LAN ? I mean for every protocol used in the LAN !
<Jeeves_> Pici: It's about the gpg checking.
<Jeeves_> But I found what's going wrong
<Jeeves_> All I need to do now is fix my mirror :)
<Pici> Jeeves_: Why not just ask the question and we'll see if we can answer.  Or nevermind.
<alvin> Genk1: You can tunnel about anything over ssh, but I have no experience with that. All traffic is a bit much, no?
<Genk1> alvin, yes it's a high traffic !
<Jeeves_> Pici: Nevermind :)
<alvin> I think encryption is easier for point to point connections. For example, file transfers over sftp. CIFS also has encryption, but that is really th protocol itself. If you want all X traffic in the lan encrypted, I wouldn't know the answer to that.. You can tunnel X through ssh easily, but a broadcast is something else.
<Genk1> alvin, hmmm.. I see !!
<Genk1> thank you
<uvirtbot> New bug: #563829 in openldap (main) "olcAccess are options broken on upgrade in {-1}frontend.ldif" [Undecided,New] https://launchpad.net/bugs/563829
<_ruben> Genk1: that's pretty much what ipsec is used for
<zul> Daviey: ping wtf with the ubuntu-fortunes-server?
<Daviey> zul: what about it?
<Daviey> zul: it's all fixed now.. but it seems the MIR wasn't actioned ages ago.
<zul> Daviey: ok
<Daviey> zul: fwiw, i thought it was in main already - prepaired an upload yesterday, and didn't notice.
<zul> Daviey: gotcha
<iclebyte> anyone familar with drbd? after creating and performing the inital sync, should you only create the file system on /dev/drbd0 on the primary note? i.e. will the creation of the filesystem replicate to the slave node via the block device?
<zul> ttx: is it your day for daily triage?
<ttx> zul: no, was yesterday
<ttx> today's smoser's
<smoser> yeah. my triage day.
<alvin> You assign each other triage jobs?
<smoser> alvin, its just that each of us has agreed to spend time doing triage one day of the week.
<smoser> you, and anyone, is more than welcome to triage server bugs any time you'd like (and I suggest you help out on Thursdays :)
<smoser> https://bugs.launchpad.net/ubuntu/+bugs?field.searchtext=&orderby=datecreated&field.status%3Alist=NEW&field.importance%3Alist=UNDECIDED&assignee_option=any&field.assignee=&field.bug_reporter=&field.bug_supervisor=ubuntu-server&field.bug_commenter=&field.subscriber=&field.component-empty-marker=1&field.status_upstream-empty-marker=1&field.omit_dupes.used=&field.omit_dupes=on&field.has_patch.used=&field.has_cve.used=&field.affects_
<smoser> me.used=&field.tag=&field.tags_combinator=ANY&field.has_no_package.used=&search=Search
<smoser> wow. silly long link.
<zul> smoser: slacker
<alvin> I'm currently at work. We use ubuntu-server a lot, so a bit of triaging during work hours couldn't hurt
<smoser> http://ubuntu-server-new-bugs.notlong.com
<alvin> If you're triaging now, try rebooting lucid after you made a snapshot of an lvm parition. I have yet to file the bug though.
<ttx> link: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Bug%20Triager%20resources
<mathiaz> zul: bug 561750
<uvirtbot> Launchpad bug 561750 in squid "squid starts and stops immediately (after upgrade from karmic to lucid)" [Medium,Incomplete] https://launchpad.net/bugs/561750
<mathiaz> zul: it seems that squid reload kills squid
<zul> mathiaz: ok ill have a look
<alvin> Ah, triaging is not testing, but setting the importance and status of bugs. I see.
<ttx> mathiaz !
<mathiaz> ttx: o/
<Italian_Plumber> so... wget doesn't recursively follow javascript links?
<_ruben> i doubt wget does any javascript at all
<Italian_Plumber> well fudgenuggets
<Italian_Plumber> what about links that exist on the pages as <area> instead of <a>... or is that javascript
<ttx> alvin: reproduced, filing bug
<alvin> ttx: Wait, I just filed two
<ttx> ah
<ttx> bug # ?
<alvin> bug 563895
<uvirtbot> Launchpad bug 563895 in grub2 "Disk not found when booting mdadm RAID1 with snapshotted lvm volume" [Undecided,New] https://launchpad.net/bugs/563895
<alvin> looking for the other one
<alvin> bug 563902
<uvirtbot> Launchpad bug 563902 in mountall "When snapshots exists, mountall will not mount the parent partition" [Undecided,New] https://launchpad.net/bugs/563902
<alvin> I hope I chose the right packages
<ttx> ok, will file for the lack of M / S prompt
<alvin> Good, I didn't file that one. Please, post the number here so  can subscribe
<persia> So, I installed a new lucid server, and have a new, cool, byobu theme.  On an upgraded server, I still have the old theme.  What do I need to do to get the new theme on the upgraded server?
<kirkland> persia: F9-> Select background (black), Select foreground (white)
<persia> kirkland: Thanks!
<kirkland> persia: or ... printf "BACKGROUND=k\nFOREGROUND=w\nMONOCHROME=0" > ~/.byobu/color
<kirkland> persia: if you want the "monochrome" theme to make the grey-and-white look of Lucid
<jasonmchristos> what tracker software does torrent.ubuntu.com use? i want to setup my own tracker
<ttx> alvin: bug 563916
<uvirtbot> Launchpad bug 563916 in mountall "[lucid] No prompt for [S]kip or [M]anual recovery on server boot" [Undecided,New] https://launchpad.net/bugs/563916
<persia> kirkland: That's even better: now if I get a custom selection I can just scp it about.  Thanks again.
<alvin> ttx: thanks
<kirkland> persia: cheers, yeah
<kirkland> persia: i actually use different color combinations for each host (so that i recognize what machine i'm on by a visual cue)
<Pici> Me too
<persia> Hmm.  So maybe I oughtn't have "fixed" that :)
 * persia reverts to prevent a future mistake in advance
<kirkland> persia: ?
<kirkland> persia: it's totally up to you
<persia> kirkland: Yeah, but it's a *really* good idea to have a visual cue to differentiate hosts :)
<persia> kirkland: Also, thanks for the seed changes: http://cdimage.ubuntu.com/ubuntu-server/ports/daily/current/ is all <700MB now.
<kirkland> persia: http://people.canonical.com/~kirkland/colors.png
<persia> Oh my.  I don't have quite that server count, but I can see why you almost need it.
<binBASH> I rebooted the machine where cloud controller etc. is on, now it shows 0 free vms :/
<binBASH> anyone knows what's wrong?
<binBASH> in logfile I see it gets timeout on select()
<uvirtbot> New bug: #527888 in php5 (main) "apache2 crashed with SIGSEGV in module_destructor()" [Medium,Incomplete] https://launchpad.net/bugs/527888
<mathiaz> ttx: bug 423252
<uvirtbot> Launchpad bug 423252 in sudo "NSS using LDAP on Karmic breaks 'su' and 'sudo'" [High,Confirmed] https://launchpad.net/bugs/423252
<mathiaz> ttx: ^^ we should have a look at this one as well
<ttx> ew
<mathiaz> hggdh: are you using the uec test rig?
<ttx> mathiaz: added to watch list on ReleaseStatus page
<hggdh> mathiaz: was, but I can give it up
<mathiaz> hggdh: kirkland and I are going to look at the multi-machine topo
<hggdh> mathiaz: a Q: the /etc/eucalyptus/eucalyptus-ipaddr.conf should point to the correct addresses of the CLC, CC, Walrus, etc, correct?
<mathiaz> hggdh: is this the topo that is currently installed?
<mathiaz> hggdh: yes
<hggdh> mathiaz: lucid-adm64-topo2
<hggdh> mathiaz: they are not
<hggdh> mathiaz: to the point I am not sure how it even works
<mathiaz> hggdh: they all look good
<mathiaz> hggdh: eucalyptus-ipaddr.conf is only used by the avahi publishing jobs
<kirkland> hggdh: mathiaz: actually, /etc/eucalyptus/eucalyptus-ipaddr.conf isn't very accurate ... i started working on a fix for that (using avahi, and grepping the logs)
<mathiaz> hggdh: to pick up the correct IP address to publish on the nework
<hggdh> ah, OK
<kirkland> hggdh: mathiaz: but i figured it was too late to commit that kind of a change
<hggdh> mathiaz, kirkland: the rig is all yours. Want me to logoff?
<mathiaz> hggdh: ok thanks
<ttx> hggdh: you have three work items on https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-uec-testing about testing of the Beta2 milestone, it would be good to cover them soon, with whatever topology works at the time... If already done please mark those work items as "DONE"
<ttx> because next week we'll switch to testing RC candidates
<ttx> so the beta2 post-milestone tests need to be covered by then
<mathiaz> ttx: doesn't the WI cover *all* topologies?
<ttx> or should they be considered covered already ?
<hggdh> ttx: as soon as mathiaz and kirkland are done
<hggdh> ttx: only the all-in-one was tested
<ttx> mathiaz: I prefer partial results this week to no results at all for B2
<mathiaz> hggdh: have you already tested beta2 on topo1?
<hggdh> mathiaz: I had, yes
<ttx> hggdh: you still have a few days, so let's give all the topologies a chance :)
<ttx> hggdh: just saying that next week you'll be busy with RC candidates validation, so we'll have to go with whatever you can come up with by... Monday
<hggdh> ttx: ack
 * hggdh runs around
<e-DIO-t> seeya
<uvirtbot> New bug: #563973 in vsftpd (main) "vsftpd fails to start on boot when using pasv_addr_resolve" [Undecided,New] https://launchpad.net/bugs/563973
<kirkland> smoser: ping
<kirkland> smoser: see nurmi's noted;  neil +1'd your euca2ools change
<kirkland> smoser: shall i sponsor and get that uploaded?
<matt3206_> is this purely server support
 * matt3206_ wonders wtf is everyone
<ScottK> matt3206_: This is Ubuntu Server support and development.
<matt3206_> thanks
<matt3206_> i need multimedia support
<smoser> kirkland, please do sponsor that
<matt3206_> do you know which channel i could find that in?
<smoser> kirkland, bug 551847
<uvirtbot> Launchpad bug 551847 in euca2ools "Rebundled uec instance boot fail" [Low,Confirmed] https://launchpad.net/bugs/551847
<matt3206_> anyone work with sun micro system hardware?
<ScottK> matt3206_: General Ubuntu support is #ubuntu
<jzy> anyone using nginx on ubuntu-server?
<matt3206_> cool thanks
<matt3206_> scott you ever heard of an NCC
<mathiaz> hggdh: I've fixed the bug on the uec test rig
<mathiaz> hggdh: and pushed it to my branch
<mathiaz> hggdh: I've also merged your console output patch
<mathiaz> hggdh: everything can be found at lp:~mathiaz/+junk/uec-testing-scripts
<mathiaz> hggdh: could you mark your branch merged?
<hggdh> mathiaz: áºill do
<hggdh> mathiaz: and I will update my local copy of your branch
<hggdh> mathiaz: what was it?
<hggdh> mathiaz: forget it, read the comments ;-)
<hggdh> mathiaz: can I use the rig now?
<mathiaz> hggdh: yes
<hggdh> mathiaz: thank you
<hggdh> ttx: I do not have access to the beta2 images from the rig, can I use the daily?
<aaaccc> !search: german: No such pack or chat room
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<cemerick> is there any easier way to get the unlimited java policy files installed, short of going to oracle's site?
<RoyK> cemerick: aren't those in the repository?
<hggdh> nowadays I do not know, but Sun used to require you to get there and accept the conditions
<cemerick> RoyK: not that I can see
<cemerick> hggdh: they're totally unrestricted at this point *shrug*
<RoyK> apt-get install ubuntu-restricted-extras ?
<cemerick> RoyK: sheesh, not sure how else I would have found that.  Been googling for a while.  Thank you very much :-)
<RoyK> that installs a bunch of stuff, though
<cemerick> I can live with that vs. carrying around another couple of jars or automating a wget from somewhere. :-)
<binBASH> Hi RoyK
<RoyK> hi, shelly :)
<smoser> mathiaz, ping
<binBASH> Hi smoser
<smoser> hey binBASH
<cemerick> RoyK: that doesn't seem to actually include anything related to JCE -- just a metapackage that happens to include the sun jvm I think...
<RoyK> comwhat is JCE?
<RoAkSoAx> kirkland, ping!!
<cemerick> java cryptography -- the API for using AES, etc
<cemerick> if you want to use larger keys, etc., you need to have the "unlimited strength" crypto policy files installed.  These used to be export-controlled, but are now free and clear.
<RoyK> oh - I'm not a java person, really, except for the blackish fluid, so I don't know - sorry
<RoAkSoAx> kirkland, I just upgraded and libvirt seems to have broken something since I cannot launch any VM from virt-manager
<binBASH> RoAkSoAx: Sounds like you're doomed :/
<RoAkSoAx> kirkland, it shows me something like: Error starting domain: could not remove profile for 'libvirt-f0530b2a-fe14-70cb-e036-7f50c06e2b67'
<RoyK> is there something like a nice gui for kvm?
<RoAkSoAx> binBASH, LoL i'm actually am... have a presentation later today and have to reinstall everything :'(
<RoAkSoAx> RoyK, virt-manager?
<RoyK> does that allow stuff like live migration?
<RoyK> sorry - I'm on a slow link - asking too many questions :Ã¾
<binBASH> RoAkSoAx: I was doomed today. my Cloud Controller didn't show any free vms, neither totals. 6 hours later I noticed it was caused by a firewall rule :/
<RoAkSoAx> binBASH, haha but in my case is totally local ;/
<binBASH> RoyK: Maybe proxmox or abicloud, dunno if virt-manager does live migration.
<binBASH> RoAkSoAx: Luckily I'm just testing, not productive yet :p
<RoyK> heh - 25% of european air traffic is down... :)
<RoyK> seems the Icelanders have made their payback for the finincial crisis
<binBASH> hehe
<binBASH> I read on a newspage that there will be a second erruption at another crate maybe.
<binBASH> In history it was always like this...
<RoyK> the bad thing is that EyjafjallajÃ¶kull has never erupted in known history (1200 years) without trigging Katla, which is the largest volcano in Iceland
<binBASH> They wrote, maybe it could be like in a hollywood movie.
<RoyK> the two eruptions so far are quite small
<RoyK> if Katla wakes up, it'll be bad
<RoAkSoAx> kirkland, it is not even creating new VM's with same kind of error
<RoAkSoAx> kirkland, nevermind I just foudn the bug report :/ will have to wait till the fix is published
<uvirtbot> New bug: #238821 in mod-auth-mysql (main) "Query call failed: MySQL server has gone away" [Undecided,Fix released] https://launchpad.net/bugs/238821
<thebishop> hello
<thebishop> got a question about nfs configuration.  I'd like for owner on the client side to appear as a different user than the owner on the host side.  is this possible?
<alvin> thebishop: You want user mapping. I never did that, but I think it's possible. There's probably a config file for that kind of thing. (idmap?)
<mathiaz> smoser: hi!
<smoser> hey.
<smoser> you've a mail from me, regarding server-dev team
<alvin> apparently not idmapd.conf I just read the man page
<mathiaz> smoser: yop - I'll reply to it
<mathiaz> smoser: just discussed that with kirkland
<alvin> thebishop: I found something for you. Look here: http://ubuntuforums.org/showthread.php?t=552579
<alvin> map_static. I have need of such a thing too. Just never got around to it until you asked your question.
<ewook> mathiaz: and you'll get one from me soon, since I don't know what do do ;)
<ttx> hggdh: the idea of the B2 test is to use the milestone to get a reference point...
<hggdh> ttx: but we did go thru them when beta2 was being released (at this time I was still doing it in a way not to be hit by the issue)
<hggdh> and I did use the beta2 ISO
<ttx> hggdh: then you should mark them as done :)
<hggdh> ttx: anyway -- the rig does not have access to archive.ubuntu.com
<hggdh> ttx: so this should be considered -- how do we get it open to archive?
<ttx> there is some redundancy in those items
<hggdh> yes I thought so, but a list is a list...
<ttx> there is one about candidate testing and one about milestone testing. Obviously the last candidate is also the milestone :)
<hggdh> indeed
<hggdh> but I am going thru them, anyway, using today's image
<ttx> ok, feel free to mark those as done, with a note about having run only topo1
<hggdh> ttx, I only did not run the multi on the last candidate
<ttx> hggdh: I'll let you handle it, going to bed :)
<ewook> aw man. my landscape trial just died out, without me even testing it once =(
<hggdh> ttx: marked done (but still testing the daily ;-)
<hggdh> ewook: it is interesting, been testing it
<ewook> hggdh: oooh. what did you think of it?
<kirkland> smoser: RoAkSoAx: sorry, been busy ... just catching up to backlog
<kirkland> smoser: sponsoring 551847 now
<smoser> ok
<hggdh> ewook: seems really nice, only thing is to have mail filters set if you subscribe to all alerts
<RoAkSoAx> kirkland, np :), the fix was already in the archives but by the time It wasn't built yet, so I just build it locally and install it :)
<hggdh> ewook: really nice to command selective updates remotely
<ewook> hggdh: hurpf.. I'll try to beg for a new trial when I know I have time for it :)
<kirkland> smoser: the patch at https://bugs.edge.launchpad.net/ubuntu/+source/euca2ools/+bug/551847 does not apply cleanly to euca2ools in lucid
<uvirtbot> Launchpad bug 551847 in euca2ools "Rebundled uec instance boot fail" [Low,In progress]
<kirkland> smoser: please doctor accordingly
<kirkland> smoser: neither hunk
<smoser> what ?
<smoser> i'll look at it
<smoser> kirkland, it applies here to trunk of lp:~ubuntu-core-dev/eucalyptus/euca2ools
<smoser> is that not where this should be going ?
<kirkland> smoser: hrm
<kirkland> smoser: what rev is head?
<thebishop> alvin, the thing i'm consistently seeing about user masking is that it doesn't work
<smoser> kirkland, 277
<thebishop> if you have the UIDs don't match between host and client, inconvenient things can happen
<alvin> That's why I make sure users have the same UID. It's a bit of a pain though. I have yet to try that masking so I can't say whether it works or not.
<sandberg> I'm looking into bug #423252, but I'm afraid I'm stuck. Anyone feel like giving a hand, or just some hints?
<uvirtbot> Launchpad bug 423252 in sudo "NSS using LDAP on Karmic breaks 'su' and 'sudo'" [High,Confirmed] https://launchpad.net/bugs/423252
<smoser> kirkland, ^^
<kirkland> smoser: bugger, i had a push fail
<kirkland> smoser: no ...
<kirkland> hmm
 * kirkland starts over
<smoser> i applied that both to your  ~coredev branch and to lp:ubuntu/lucid/euca2ools cleanly
<kirkland> smoser: jeebus.  my fault.  trying to do too many things at once
<kirkland> smoser: applies perfectly
<kirkland> smoser: when i apply the right patch
<kirkland> smoser: and use p0
<kirkland> yeesh
<kirkland> RoAkSoAx: okay, good, so you're back on track with libvirt?
<RoAkSoAx> kirkland, you mean if its working correctly? Yes everything is working smoothly.
<kirkland> RoAkSoAx: cool
<RoAkSoAx> kirkland, btw I'm almost done with school so I'll be also be poking you about testdrive
<kirkland> jdstrand: https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/564075
<uvirtbot> Launchpad bug 564075 in qemu-kvm "KVM hangs after KERNEL BUG (tun.c)" [Medium,New]
<kirkland> jdstrand: can you take a look at the dmesg output attached to that bug?
<kirkland> jdstrand: http://launchpadlibrarian.net/44314688/bug.txt
<kirkland> jdstrand: there's an apparmor issue in the dmesg, it looks like
<kirkland> jdstrand: but also a kernel bug
<jdstrand> kirkland: have the person update to .21. jjohansen did a lot of work to fix some of these issues
<kirkland> jjohansen: can you take a look at that stck trace to?
<kirkland> jdstrand: ah
<kirkland> jdstrand: jjohansen: bug updated
<jdstrand> kirkland: also, make sure that the person has the latest libvirt ubuntu24 from today
<jdstrand> kirkland: once the person has ubuntu24, virt-aa-helper denied reads are non-fatal (it is virt-aa-helper trying to see if the file has a backingstore-- something that a file in /dev/mapper won't)
<kirkland> jdstrand: thanks
<jdstrand> kirkland: what bug is that? is the xml available?
<jjohansen> kirkland: interesting trace
<kirkland> jdstrand: jjohansen: https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/564075
<uvirtbot> Launchpad bug 564075 in qemu-kvm "KVM hangs after KERNEL BUG (tun.c)" [Medium,Incomplete]
<jdstrand> ah 564075
<jjohansen> kirkland: yeah I caught that
<jdstrand> kirkland: actually, you can see in the dmesg that the denied messages were non-fatal: right after those, you get a profile_load of the VM-- that means virt-aa-helper did its job
<jjohansen> I'm subscribed
<uvirtbot> New bug: #564213 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 (not installed) failed to install/upgrade: sub-processo novo script pre-installation retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/564213
<arthurjohnson> If you have any servers running clamav, you might want to make sure its 0.95 or later.
<arthurjohnson> I'm getting segfaults, causing a race condition, on my older mailservers.
<hggdh> kirkland: got some failures on a stress test on euca
<kirkland> hggdh: oh, interesting
<kirkland> hggdh: bug filed?
<hggdh> kirkland: not yet, just ended a stress on single, (in)famous topo2
<hggdh> kirkland: trying to figure out how many different failures there were
<kirkland> hggdh: pastebin the results somewhere that mathiaz and i can see them
<hggdh> kirkland, mathiaz: http://people.canonical.com/~cerdea/single_test.log.2010-04-15_171304
<kirkland> hggdh: is this against beta2, or today's archive?
<kirkland> hggdh: also, what version of the kernel, qemu-kvm, and libvirt are on those NCs ?
<hggdh> kirkland: all based on today's daily, 20100415
<kirkland> hggdh: and the guest image?  same?
<kirkland> smoser: around?
<smoser> whats up kirkland
<hggdh> kirkland: uec is also from 20100415
<kirkland> smoser: did the newest kernel make it into today's uec image build?
<kirkland> hggdh: smoser: in http://people.canonical.com/~cerdea/single_test.log.2010-04-15_171304, looks like 2.6.32-20-server
<smoser> http://uec-images.ubuntu.com/lucid/20100415/ has manifests of whats in it
<smoser> http://uec-images.ubuntu.com/lucid/20100415/lucid-server-uec-amd64.manifest
<smoser> linux-image-2.6.32-20-virtual 2.6.32-20.30
<kirkland> we should be testing 2.6.32-21-server at this point
<kirkland> smoser: thanks
<smoser> it pulls whatever is in the archive
<kirkland> smoser: timing issue then
<kirkland> smoser: can you push the button that says "make a new uec image now" ?
<smoser> i can. the whole thing takes 2 hours or so
<smoser> it will organically pop out in about 5 or 6
<hggdh> then we can wait for tomorrow's
<smoser> so pushing button now saves 2
<smoser> err 4.
<smoser> yesterdays' thing was published at 03:39:14 UTC
<smoser> so, right at 5 hours from now
#ubuntu-server 2010-04-16
<kirkland> hggdh: it's pretty much EoD ... want to just wait for tomorrow's?
<kirkland> smoser: i don't really think it's worth waiting around for another two hours, then rerunning the tests (personally)
<uvirtbot> New bug: #564301 in puppet (main) "Spec tests failing" [Medium,Triaged] https://launchpad.net/bugs/564301
<hggdh> kirkland: I will wait for tomorrow, and re-run the tests
<kirkland> hggdh: ack
<uvirtbot> New bug: #564355 in eucalyptus (main) "Second euca-run-instance request in same security group causes eucalyptus to remove network assoicated with security group" [Undecided,New] https://launchpad.net/bugs/564355
<MTecknology> This may be a long stretch asking in here but... When I plug in an external drive, dmesg shows me that the drive and partitions are detected. I have pcmanfm installed and I want the new device to show up there so I can click and auto-mount the partition. The way I'm doing it now I have to drop to cli and manually mkdir && mount. What do I need to do for that to work?
<thebwt> MTecknology: when you say "show up there" where is there?
<MTecknology> thebwt: the file manager
<thebwt> MTecknology: hmm to be more specific, do you want the filesystem to be mounted in the same place everytime or in a different place based on your firle manager's current working directory
<MTecknology> thebwt: I have a very very slim version of Ubunut, I would love to have it working the same as it works in any other full version of ubuntu
<thebwt> basically I'm seeing two paths, automount in fstab/mtab (not sure how it works exactly); or a script/plugin for pcmanfm (which I've never even heard of before)
<thebwt> MTecknology: right now they auto mount in /media and then are sym linked to a "desktop" and added to the gnome "book marks"
<MTecknology> ya - that
<thebwt> does pcmanfm have a desktop manager?
<MTecknology> no
<thebwt> kk so don't have to worry about that
<thebwt> you need to automount to /media. I don't know how, but I know where to find out how... let me look it up
<MTecknology> I wonder what package gnome-volume-manager comes in...
<MTecknology> maybe that could help :S
<thebwt> not if you're trying to keep it tight
<thebwt> the solution is probably super simple
<MTecknology> OH!
<MTecknology> pmount
<MTecknology> !info pmount
<ubottu> pmount (source: pmount): mount removable devices as normal user. In component universe, is optional. Version 0.9.19-1 (karmic), package size 108 kB, installed size 856 kB
<thebwt> nice
<MTecknology> thebwt: I just noticed this page saying pmount is hard coded in gnome-volume-manger - http://www.togaware.com/linux/survivor/Using_Gnome_Volume_Manager.html
<MTecknology> thebwt: nwo how to use it :P
<thebwt> indeed
<thebwt> need to know how to have a script be called when a removable device is inserted.
<MTecknology> pmount /dev/sdb1
<MTecknology> mounted the drive to /media
<thebwt> but first, go ahead and write a script that does what you need it to do. That is, mount it (and add to pcmanfm bookmarks?).
<MTecknology> no permission or anything though
<thebwt> neat
<MTecknology> I'm thinking I need to go bck to something with a volume manager
<thebwt> perhaps, but if you have the time to learn it, I'd do so.
<MTecknology> thebwt: I mounted as root - probably wasn't supposed to :P
<thebwt> hah
<MTecknology> that's it...
<MTecknology> thebwt: so... pmount is definitely the answer in some shape or another :D
<MTecknology> thebwt: any idea how to figure out what package provides gnome-volume-manager?
<MTecknology> !info gnome-volume-manager
<ubottu> gnome-volume-manager (source: gnome-volume-manager): GNOME daemon to auto-mount and manage media devices. In component universe, is optional. Version 2.24.1-3ubuntu1 (karmic), package size 377 kB, installed size 2752 kB
<MTecknology> !info gnome-volume-manager lucid
<ubottu> Package gnome-volume-manager does not exist in lucid
<MTecknology> hrm...
<thebwt> http://manpages.ubuntu.com/manpages/hardy/man1/gnome-volume-manager.1.html
<thebwt> package seems to be gnome-colume-manager
<thebwt> volume*
<MTecknology> thebwt: seems to have gone away in lucid
<thebwt> look at teh package halevt ...
<thebwt> looks right up your alley
<MTecknology> :D
<MTecknology> yay - broke installing
<MTecknology> thebwt: http://dpaste.com/184401/
<thebwt> eww root :p
<MTecknology> thebwt: hm?
<MTecknology> thebwt: sudo -s
<thebwt> *nods*
<MTecknology> I do have a root pass on here - but good reasons for it :P
<thebwt> http://www.mail-archive.com/debian-bugs-closed@lists.debian.org/msg214174.html
<MTecknology> extremely long, rarely ever used
<thebwt> ah
<thebwt> it won't start without a configuration script
<thebwt> fixed upstream it seems
<MTecknology> this version is upstream
<MTecknology> !info halevt
<ubottu> halevt (source: halevt): Generic handler for HAL events. In component universe, is optional. Version 0.1.3-3 (karmic), package size 47 kB, installed size 264 kB
<MTecknology> !info halevt lucid
<ubottu> halevt (source: halevt): Generic handler for HAL events. In component universe, is optional. Version 0.1.5-3 (lucid), package size 57 kB, installed size 304 kB
<thebwt> debian has 0.1.5-4
<thebwt> http://packages.debian.org/unstable/main/halevt
<thebwt> .debs are there
<MTecknology> the bug was fixed before that last sync to lucid it seems
<MTecknology> I guess I don't need that
<thebwt> http://packages.debian.org/changelogs/pool/main/h/halevt/halevt_0.1.5-4/changelog
<thebwt> bug was fixed in -4
<thebwt> lucid has http://packages.ubuntu.com/it/lucid/admin/halevt
<MTecknology> oh..
<MTecknology> thebwt: there's a usbmount package....
<thebwt> hal events really seems like what you need though
<thebwt> *looks up usbmount*
<MTecknology> thebwt: usbmount seems to jsut toss scripts in for udev
<thebwt> *nods*
<thebwt> I rescend my commit
<MTecknology> maybe not exactly what I want - but it's hacky enough to work
<thebwt> what other functionality do you need?
<MTecknology> it would be nice if it were a little cleaner
<MTecknology> thebwt: beggers can't be choosers - I know there's a better way but right now - it works :D
<MTecknology> thebwt: if it could let me unmount them that would be great too but- oh well
<arthurjohnson> clamav ruined me
<uvirtbot> New bug: #564435 in clamav (main) "package clamav-milter 0.96 dfsg-1ubuntu2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 20" [Undecided,New] https://launchpad.net/bugs/564435
<laen> Is there a script, similar to Redhat's /etc/rc.sysinit, which is run once at boot?
<Airells> hi , dpkg-reconfigure slapd  dont ask me about new password , what is the easiest way to change password ?
<Airells> ubu 9.10
<ttx> laen: /etc/init.d/rc.local ?
<ttx> hm /etc/rc.local, sorry
<laen> Hm, okay.
<e-DIO-t> Yo!
<binBASH> ttx: those images from ubuntu uec have no password?
<ttx> binBASH: they use public key auth through SSH
<binBASH> oh, ok
<binBASH> so I have to create own because I don't get ips automatically assigned
<ttx> binBASH: you're supposed to spin them up with some -k or userdata that will install a key in ~ubuntu/.ssh/authorized_keys
<ttx> you can even use Launchpad SSh keys if you have one
<ttx> uec-run-instances -l ttx $EMI
<uvirtbot> New bug: #564532 in clamav (main) "clamav-daemon stopped working in hardy" [Undecided,New] https://launchpad.net/bugs/564532
<maxagaz> hi
<maxagaz> I've got this error message on a desktop machine : Use of uninitialized value $item in hash element at /usr/share/perl5/Debconf/DbDriver/File.pm
<maxagaz> when I do "aptitude install"
<maxagaz> someone knows how to fix it ?
<binBASH> ttx: Ok, will try because I have an ip assigning problem ;)
<\sh> zul, when will  mysql-5.0 be removed from universe (lucid) ? looks like it's still in there ;)
<mbiebl> hi, is this the right channel to for EC2 related questions?
<mbiebl> I was wondering, why I have 5 different kernels within my karmic AMI
<binBASH> This is the channel for Ubuntu Server Edition including Ubuntu Enterprise Cloud
<mbiebl> binBASH: I have 2.6.31-14-server, 2.6.31-17-server, 2.6.31-20-server, 2.6.31-302-ec2 and 2.6.31-305-ec2 installed
<mbiebl> but only 2.6.31-302-ec2 seems to be used?
<binBASH> this is not really amazon support channel ;)
<binBASH> I don't have amazon ec2, too
<mbiebl> binBASH: Well, the images are from Ubuntu/Canonical
<J_P> why ubuntu server 9.10 don't have nessus?
<binBASH> mbiebl: Think those are from Amazon
<binBASH> ;)
<mbiebl> binBASH: they are from http://uec-images.ubuntu.com/releases/karmic/release/
<mbiebl> I used ami-05c2e971
<binBASH> ahh, these are for usage in Ubuntu Enterprise Cloud.
<binBASH> if your run private cloud
<ragi2010> I'm using the latest ubuntu server ami ebs boot from alestic.com, when I terminate the instance, the ebs also  gets deleted. How do I change this behaviour
<J_P> anyone?
<binBASH> J_P: Maybe because of licensing issues.
<mbiebl> binBASH: are those the official,supported images from Canonical for EC2 or not?
<J_P> binBASH: humm ok
<binBASH> mbiebl: Like I said they're for usage in Ubuntu Server cloud. If you run a ubuntu enterprise cloud installation. It's a private version compatible to Amazon.
<binBASH> J_P: I think nessus has .deb packages for download
<J_P> binBASH: yes, I'm doing that.. :-)
<binBASH> J_P: Ubuntu should have openvas
<binBASH> an opensource alternative to nessus
<J_P> binBASH: yes, I install openvas, but that is strange.. say like as nessus download app
<binBASH> http://packages.ubuntu.com/de/source/karmic/openvas-client
<drbobb> hey, how do i install and activate the git-daemon service on ubuntu?
<drbobb> it doesn't appear to work seamlessly like just about all service daemons on debian-derived systems
<drbobb> in other words, I think it's somehow foobared ;-/
<zul> \sh: the request has been filed with the archive admin
<drbobb> again, does anybody know how to achieve a working git-daemon on ubuntu?
<drbobb> ok there is a package called `git-daemon-run' but it depends on some weirdness called `runit' which I never heard of before, and which is not used by anything else on my system
<drbobb> oh and btw it's broken anyway, the git-daemon service fails to run with some cryptic error
<drbobb> wow, it was known already in 2008 that git-daemon-run is broken
<drbobb> and apparently it still hasn't been fixed
<arthurjohnson> drbobb:  you should fix it.
<hazmat> i'm having an issue adding a custom apt repository to karmic installations, using add-apt-repository or manually by hand into /etc/sources.d.list along with the key... after i'll do an apt-update and see a fetch for the package manifests. but doing apt-cache search will still show the package version from the dist repository instead of the new repository.. is there something obvious i'm missing?
<TeTeT> hazmat: try apt-cache policy <package> to get more information
<stephank> I'm reading about NSS and PAM. I've read that pam_unix uses standard C-library calls. Does that mean it uses NSS? And would I thus be able to set up an LDAP server with anonymous access somewhere, configure nss-ldap to use it (for passwd and shadow), and continue using pam_unix for authentication?
<ahasenack> stephank: it's possible, but that would mean every user would have access to the hashes of the other users (shadow)
<ahasenack> stephank: unless playing some tricks with root_bind_dn in nss_ldap
<ahasenack> stephank: i don't remember all the implementation details, but you should watch out for that
<stephank> ahasenack: ah, okay. that makes sense
<AlexC_> morning
<AlexC_> I've got a weird issue whereby 'aliases' added in /etc/network/interfaces via 'up ip addr add ....' do not always get added when I do a '/etc/init.d/networking restart' - some do, but not all - what is going on?
<oru_work> urgent: mail stopped working because i'm running clamav and the new version was released
<oru_work> i really need to know what is a proper way of upgrading to the new version
<pmatulis> oru_work: mail stopped working?  what do you mean?
<oru_work> pmatulis, none of my employees received mail this morning
<oru_work> i'm checking mail.log and its really complaining about the outdated anti-virus
<pmatulis> oru_work: outdated doesn't mean it's not working
<pmatulis> oru_work: are you receiving mail or not?
<oru_work> pmatulis, no i'm not
<pmatulis> oru_work: so there must be an MTA error.  what MTA are you using anyway?
<oru_work> postfix
<pmatulis> oru_work: so pastebin the error(s)
<oru_work> pmatulis, i just upgraded clamav antivirus and mail started working again, but its really messed up that all of mail had been lost since last night
<oru_work> or not
<oru_work> hang on
<pmatulis> oru_work: standard MTAs will send mail for 5 days
<bogeyd7> it should start processingthe que
<bogeyd7> pmatulis, that doesnt mean anything when it is actually delivered and is just awaiting lmtp
<reya276> morning
<pmatulis> oru_work: or your deffered queue will be processed
<PazDog> hey, how do i make sshd block multiple logins for a user. Like if the account user1 logged in twice, both sessions would be closed
<pmatulis> bogeyd7: he didn't say if the mail was rejected or not, but i could have guessed not
<reya276> does anyone know how to fix the Bad request in apache if you have SSL on with multiple sites?
<bogeyd7> reya276,  https://help.ubuntu.com/community/forum/server/apache2/SSL
<oru_work> pmatulis, as soon as i updated clamav i'm seeing lots of activitiy in tail -f mail.log , so I guess all the mail that was in que is getting processed atm
<oru_work> i'm happy :)
<reya276> right now if you try to hit this website http://www.accureports.com it will give you a bad request in firefox?
<pmatulis> oru_work: ok, good
<bogeyd7> oru_work, now you need to setup your freshclam for hourly updates
<bogeyd7> cron.hourly is where you set it up
<oru_work> bogeyd7, any specifics or details on that please ?
<bogeyd7> oru_work, sudo su root , then crontab -e, then make a crontab entry for the freshclam to run hourly
<bogeyd7> that is easier than trying to make a cron.hourly script
<AlexC_> I've got a weird issue whereby 'aliases' added in /etc/network/interfaces via 'up ip addr add ....' do not always get added when I do a '/etc/init.d/networking restart' - some do, but not all - what is going on?
<electro_> I am trying to install Ubuntu on a sunfire x4100 and I'm getting an error about no disks.  I see that this issue existed in dapper, but I am still running into the issue.  Has anyone found a workaround?
<electro_> https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.15/+bug/37452
<uvirtbot> Launchpad bug 37452 in linux-source-2.6.15 "fusion mpt sas driver does not find a RAID1 disk during installation(Sun Galaxy X4200 and X4100, Dell SASR5/i)" [High,Invalid]
<reya276> bogeyd7: would this tutorial apply to 9.10?
<reya276> bogeyd7: is says for 7.10
<oru_work> bogeyd6, around ? check your pm please :)
<oru_work> i'm getting the following error ./freshclam
<oru_work> ERROR: /var/log/clamav/freshclam.log is locked by another process
<oru_work> ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
<smoser> mathiaz_, ping me when you have a minute
<ttx> zul, smoser, kirkland, mathiaz: could one of you cover the following beta2 testcase today ? http://iso.qa.ubuntu.com/qatracker/result/3919/480
<ttx> ara wants all optional cases covered before we start RC testing... and will cover iSCSI ones
<zul> ttx: i can do it
<ttx> zul: thanks !
<uvirtbot> New bug: #564727 in qemu-kvm (main) "qemu-kvm: ubuntu-7.10-server-i386.iso fails to boot" [Undecided,New] https://launchpad.net/bugs/564727
<kirkland> ttx: do you mind if it's done in a KVM ?
<kirkland> ttx: ah, i see zul is the man ;-)
<ttx> zul, smoser, kirkland, mathiaz: if you run out of ideas on bugs to fix, there are some unassigned bugs in the list @ https://wiki.ubuntu.com/ServerTeam/ReleaseStatus :)
<ttx> that's mostly for smoser a,d mathiaz, since the others already have some :)
<zul> ttx: ill never run out of ideas ;)
<smoser> ok. thanks ttx
<ttx> mathiaz: let me know if you received my "Server Team 20100414 meeting minutes" recent email
<electro_> I am trying to install Ubuntu on a sunfire x4100 and I'm getting an error about no disks.  I see that this issue existed in dapper, but I am still running into the issue.  Has anyone found a workaround?
<ivoks> which version do you use?
<ivoks> mathiaz: hey
<ivoks> mathiaz: i have a working solution for dovecot-postfix
<mathiaz> ivoks: glad to hear that!
<mathiaz> ivoks: have you tested upgrade as well?
<ivoks> no, i just created a setup that works with default (upstream supported) config location
<ivoks> i'll work on upgrade paths now
<ivoks> # Config files can also be included. deliver doesn't support them currently.
<ivoks> #!include /etc/dovecot/conf.d/*.conf
<ivoks> # Optional configurations, don't give an error if it's not found:
<ivoks> #!include_try /etc/dovecot/extra.conf
<zul> ttx: iso test passed
<ivoks> break and than wrap up this dovecot-postfix once for all
<binBASH> <italic>You searched for ivoks did you mean "Ewoks"?</italic>
<ivoks> new config syntax allows us to do wonders in maverick
<mathiaz> ivoks: maverick?
<mathiaz> ivoks: what's the state for lucid then?
<ivoks> for lucid i have solution
<ivoks> for maverick we can split dovecot-postfix
<ivoks> and use a tool to setup mail server
<ivoks> that would copy config files to conf.d
<ivoks> instead of using separate package
<mathiaz> ivoks: what's the solution for lucid then?
<ivoks> mathiaz: dovecot-postfix stays and i'll send a patch before 8AM CET
<mathiaz> ivoks: could you give me a quick (2 sentence) overview of the solution?
<ttx> kirkland/mathiaz: Foundations just asked that we help them on bug 557429, since they are getting their hands full with installer/mountall/plymouth
<uvirtbot> Launchpad bug 557429 in mdadm "array with conflicting changes is assembled with data corruption/silent loss" [High,Triaged] https://launchpad.net/bugs/557429
<ivoks> mathiaz: put dovecot-postfix.conf in /etc/dovecot/conf.d/, enable include_try for that directory in /etc/dovecot/dovecot.conf
<ttx> kirkland/mathiaz: I know it's not necessarily your area of expertise, but your combined looks is probably our best chance to help them
<ivoks> mathiaz: add /etc/dovecot/auth.d and put auth part of dovecot-postfix.conf into /etc/dovecot/auth.d and add include_try under auth section of /etc/dovecot/dovecot.conf
<ttx> kirkland/mathiaz: could you add it to your agenda ? jdstrand submitted it, so he can give you any missing detail
<ivoks> so it works in the same way as apache, amavis...
<mathiaz> ivoks: ok - sounds like a good plan to me
<mathiaz> ivoks: how about upgrades?
<ivoks> mathiaz: that could be tricky
<ivoks> mathiaz: i'll look at the possible issues
<kirkland> ttx: ugh, okay
<ivoks> mathiaz: i'll work it out
<kirkland> ttx: assign to me, i'll fight it
<philsturgeon> i have a user csahost who can log into FTP, but is not allowed permssion to write files. the user csahost does not show when i do $ cat /etc/passwd
<ttx> kirkland: we at least need to see if that's not a known issue, since apparently the package lags with upstream and this is *not* a lucid regression
<ttx> kirkland: thanks !
<skrite99> having trouble with dnsmasq, i can use it on a local machine, but other computers on the lan seem not to be working with it
<persia> Do you have libvirt installed?
<skrite99> i may not. checking
<persia> If you do, there's some interaction issues that mean you have to configure dnsmasq in a special manner.
<skrite99> install by apt  package libvirt0 ?
<persia> If not, then I have no idea about your issue.
<skrite99> persia, hey, found the problem. hosts file was nuked
<persia> skrite99: Aha!  That would do it.
<bogeyd6> I am thinking of getting a Ruckus 7731 wireless bridge for two buildings. Does anyone have any thoughts they would like to share if they have used them before?
<skrite99> persia, yup, built a hosts file and what do you know? it works.    thanks
<philsturgeon> stupid question, but how can i find out what FTP daemon is running?
<ivoks> netstatp natp | grep 21
<ivoks> s/p//
<ivoks> netstat -natp | grep 21
<hggdh> smoser: I am using today's UEC image, but the booted instance still shows 2.6.32-20
 * hggdh is sorta confused
<smoser> doen'st sound right
<smoser> $ ls /boot/vmlinuz-2.6.32-21-generic-pae
<smoser> t/vmlinuz-2.6.32-21-generic-pae
<smoser> that is from today's image on ec2
<hggdh> smoser: this is what I see, both from the instance and from cempedak: http://pastebin.ubuntu.com/415637/
<smoser> in the instance, cat /etc/cloud/build.info
<hggdh> I think I got it -- a stale ISO in the way
<uvirtbot> New bug: #564796 in logwatch (main) "The --print options in the logwatch man page examples don't work" [Undecided,New] https://launchpad.net/bugs/564796
<hggdh> ooooh this is not god: kernel oops in a instance
<jpds> Hmm, god.
<hggdh> er. s/god/good/
<RoyK> the panic god?
<RoyK> which one is that? :)
 * RoyK votes for Loki
<hggdh> in kernel we trust
<smoser> hggdh, did you figure this out above ?
<smoser> i think you must have registered an old image
<smoser> ah, never mind. i see that you did.
<shennyg> hey guys, I am trying to change the port ssh listens on... I edited /etc/ssh/sshd_config and then restarted ssh w/ /etc/init.d/ssh restart and it didn't work
<shennyg> I noticed that the ssh I was running is /usr/sbin/sshd am I editing the wrong config file?
<shennyg> just mentions my nick and I will be back in here :) thanks
<au> can we see your /etc/ssh/sshd_config?
<uvirtbot> New bug: #564842 in samba (main) "Installing winbind causes sudo to behave weird on SIGINT" [Undecided,New] https://launchpad.net/bugs/564842
<shennyg> au: sure https://gist.github.com/04181e137eb1c447cce9
<au> # What ports, IPs and protocols we listen for
<au> Port 22
<au> change that
<shennyg> yeah, I had that on 2222 and it didn't work
<shennyg> I just changed it b/c I gave up
<au> hehe, then I'm not sure what's wrong
<shennyg> I just get connection refused
<shennyg> it is an amazon ec2...
<au> no idea
<au> sorry that I can't help you
<shennyg> ok thanks, do you know why when I do a "which ssh" I get /usr/bin/ssh but when I do a ps ax |grep sshd I see the process as /usr/sbin/sshd
<au> no idea (I am a bit of a ubuntu newbie)
<shennyg> gotcha, thx
<au> probably because there are two versions
<au> and your init.d script uses the sbin one
<shennyg> yeah...
<au> that's all I can think of
<shennyg> lol, if anyone else has any clues just mention shennyg
<au>  2349 ?        Ss     0:00 /usr/sbin/sshd
<au> which sshd returns sbin, which ssh returns bin
<shennyg> au: I figured it out... I was juggling 4 servers and had two of them mixed up :)
<shennyg> thanks for your input
<jpds> shennyg: ssh is the client and sshd is the server?
<shennyg> gotcha
<hggdh> smoser: yes, it was indeed a stale ISO in the path
<hggdh> smoser: but I got about 50% success anyways :-(
<smoser> hm.. how do you fail ?
<uvirtbot> New bug: #564861 in puppet (main) "puppetmaster error /etc/puppet/files" [Undecided,New] https://launchpad.net/bugs/564861
<hggdh> smoser: many different ways... kernel OOPS (1), euca tracebacks (most) ssh no route to host(same)
<hggdh> smoser: I will email you with the results. Repeating, now, wth m1.small
<smoser> hggdh, so this is just massive horrible regression ?
<hggdh> smoser: sounds like
<hggdh> kirkland: ^
<smoser> hggdh, verified outside of you and data center ?
<kirkland> hggdh: log?
<hggdh> kirkland: emailed to you
<hggdh> smoser: of course not... I can only test in the data centre
<smoser> :)
<hggdh> smoser: but I have been running stress tests, I do not know if this is done outside the rig
<jcastro> kirkland, https://wiki.ubuntu.com/UbuntuOpenWeek
<jcastro> kirkland, I've put you down for two sessions, let me know if this isn't doable
<kirkland> jcastro: d00d
<jcastro> kirkland, feel free to sell out any other person for the Q+A
<kirkland> jcastro: wed may 5 i'm at somehands
<jcastro> ok
<kirkland> jcastro: move byobu to the monday session and i'm happy to do that one
<jcastro> ok
<kirkland> jcastro: grab another server dude for the q&a on wednesday
<jcastro> ok
<kirkland> jcastro: maybe mathiaz ;-)
<kirkland> jcastro: thanks for the recruitment
<jcastro> amber told me to just volunteer you so I JFDIed you. :D
<kirkland> hggdh: still around?
<hggdh> kirkland: aye
<kirkland> hggdh: have you run these stress tests before (with complete success)?
<hggdh> kirkland: yes, up to beta2
<kirkland> hggdh: so this is a regression since beta2?
<hggdh> kirkland: I am not able to state so with certainty, but looks like
<kirkland> hggdh: there has been a major kernel kvm change since beta2
<kirkland> hggdh: i was a little nervous about that
<hggdh> kirkland: certainly: (1) the kernel oops is new and ugly; (2) I used to have some few instances not tested; (3) we did not have the console output before
<hggdh> kirkland: this is why I am reserving a final position here
<kirkland> hggdh: and libvirt has changed a few times too
<kirkland> hggdh: understood
<hggdh> kirkland: not counting that, yes
<kirkland> hggdh: what state is the test rig in?
<kirkland> hggdh: ideally the same state as the tests you just ran and emailed to me ...
<hggdh> kirkland: finishing a 100-instance run on m1.small
<kirkland> hggdh: how long (ish) does that take to run?
<hggdh> kirkland: indeed it is. We can always restart the cloud, anyways
<kirkland> hggdh: here's what i'm thinking ....
<kirkland> hggdh: right, i just want quick turnaround on this, without reinstalling
<hggdh> kirkland: finished it
<kirkland> hggdh: these are all guest oopses, right?
<hggdh> kirkland: correct
<kirkland> hggdh: dmesg in the host is clean of oopses?
<kirkland> hggdh: in the NCs ?
<hggdh> kirkland: hum. Checking
<kirkland> hggdh: and can you confirm for me the kernel version in both host and guest?
<kirkland> jjohansen: around?
<jjohansen> yep
<hggdh> kirkland: no OOPSes on the NCs, and both NCs and guests are running 2.6.32-21.31
<kirkland> jjohansen: we have another OOPs in guest VMs in UEC
<kirkland> jjohansen: not sure if it's new or not, actually
<hggdh> kirkland: but many audit messages with denied for libvirt
<kirkland> jjohansen: but its an oops that we apparently didn't have in beta2
<jjohansen> kirkland: paste bin or bug#?
<jjohansen> oh!
<kirkland> jjohansen: pasting
<jjohansen> hggdh: so 32-21.31 cleanedup your issues then
<hggdh> kirkland: oooh this is good. apparmor is in enforce mode for libvirt
<hggdh> jjohansen: not on my laptop, no
<jjohansen> okay, one can always hope /me reading backscroll
<kirkland> jjohansen: scp chinstrap.canonical.com:~kirkland/Results_from_a_stress_test_using_the_ISO_from_20100416.bz2 .
<kirkland> hggdh: i put your results there for jjohansen, internal server
<smoser> hggdh, did you see this sort of failure when you were (mistakingly) running guests from yesterday ?
<kirkland> hggdh: i have another suggestion ....
<hggdh> smoser: yes
<hggdh> kirkland: shoot
<kirkland> hggdh: can you register a karmic 9.10 image in your uec, and run your stress test against that?
<kirkland> hggdh: let's take this all the way back to that released image
<hggdh> kirkland: no prob
<kirkland> hggdh: take the image/instance out of the equation
<kirkland> hggdh: and see if we see issues there
<hggdh> kirkland: roj. It takes about 20 minutes for a 100-instance tun
<hggdh> run
<kirkland> smoser: what's your confidence in the 9.10 uec-image as a guest?  pretty rock solid?
<kirkland> hggdh: great, then we can iterate over that a few times per hour
<smoser> it should be, yes.
<kirkland> smoser: ie, if we need to track a problem down to being host or guest, could we lean on the 9.10 uec image as a guest, and with a high degree of confidence, expect that image to work?
<kirkland> smoser: it's been my experience so far, anyway ^^^
<smoser> well, i dont think you are that lucky really
<kirkland> smoser: ?
<smoser> its certainlyi something worth trying
<kirkland> smoser: care to explain that?
<kirkland> hggdh: okay, i think we have an approach; let's run the stress test with the karmic image and see what happens
<smoser> well, i guess i retract the comment.
<kirkland> jjohansen: were you able to grab that log?
<smoser> but it would be more informative to back off to beta2 guest image
<smoser> as that is "known working" and would give you a bisect path on lucid
<kirkland> smoser: right, that's my next suggestion, pending the results of using 9.10 as the baseline guest
<kirkland> hggdh: got that?  after running stress test against 9.10, then bump to beta2
<jjohansen> kirkland: I copied the file, I haven't unecoded the log yet
<kirkland> hggdh: let's compare both of those against today's image
<hggdh> kirkland: just registered current karmic, will start run now
<kirkland> hggdh: rock on
<smoser> for what its worth, i've run a couple guests in the 0413 range that were fine. i didn't stress, but 50% failure rate doesn't require stress to run into
<hggdh> kirkland: then, back to beta2.
<kirkland> hggdh: you got it
<kirkland> hggdh: poke me as you get results
<hggdh> kirkland: will do
<hggdh> kirkland: backtracking to beta2 will take significantly longer, though -- I will have to reinstall all
<jdstrand> hggdh: hey, what is it that apparmor is denying?
<jdstrand> hggdh: (in libvirt)
<jdstrand> hggdh: and do you have ubuntu24 of libvirt?
<hggdh> jdstrand: just a sec
<hggdh> jdstrand: libvirt\* is 0.7.5-5ubuntu24
<hggdh> jdstrand:  type=1503 audit(1271441213.099:434):  operation="open" pid=31521 parent=1333 profile="/usr/lib/libvirt/virt-aa-helper" reques
<hggdh> ted_mask="::r" denied_mask="::r" fsuid=0 ouid=107 name="/var/lib/eucalyptus/instances/admin/i-465B0851/disk"
<jdstrand> hmmm
<smoser> hggdh, no wait.
<jdstrand> hggdh: those are non-fatal btw, but I'd rather get rid of them
<smoser> do not (please) back the system back to beta2
<smoser> lets do one component at a time
<hggdh> smoser: roger
<jdstrand> hggdh, smoser: what is the pattern for disks in euca?
<hggdh> smoser: right now it is running on karmic UEC current
<smoser> pattern ?
<jdstrand> yes-- the name of the disks? eg disk.img, disk.gcow2, just plain 'disk'
<smoser> hggdh, you mean lucid-current euca running karmic guest, right?
<smoser> jdstrand, let me look
<hggdh> smoser correct
<smoser> i actually think it is 'disk', but i will have to verify
<jdstrand> I'd like to get rid of those apparmor denials-- they will confuse people
<jdstrand> oh, I could acutally just add /var/lib/eucalyptus/instances/...
<smoser> jdstrand,
<smoser>         <disk type='file'>
<smoser>             <source file='BASEPATH/disk'/>
<smoser>             <target dev='sda'/>
<smoser>         </disk>
<jdstrand> smoser: cool, thanks
<jdstrand> I'll get that fixed up
<jdstrand> (it is just the backingstore checking-- totally non-fatal, but confusing for people to see in the kern.log)
<smoser> jdstrand, let me make absolute sure, launching an instance and then will look at virsh dumpxml
<jjohansen> kirkland: I don't think I got the entire log
<smoser> jdstrand, xml: http://pastebin.com/3QYBaPGW
<jdstrand> well, between what you just said and hggdh's denied message, I should have enough. if you want to chek feel free, but I think I've got it
<jdstrand> cool, yeah
<jdstrand> smoser: you were fast! :)
<jdstrand> fixing now
<jjohansen> kirkland: I get an "invalid input" when decoding, though I do get a fairly decent size decoded log file
<hggdh> jjohansen: the whole log is available at http://people.canonical.com/~cerdea
<jjohansen> hggdh: thanks
<hggdh> jjohansen: it is the single* file
<jjohansen> hrmm, so I pretty much got the whole log, I'm not sure why the decode is complaining
<smoser> jdstrand, for completeness : http://pastebin.com/VkfrCL8k
<hggdh> ugh. the karmic UEc does not even start
<smoser> that one has a second disk (ebs volume) attached
<smoser> hggdh, console messages?
<jjohansen> hggdh: do we have a bug open for this yet?
<hggdh> jjohansen: no, not yet
<hggdh> smoser: heh. The karmic image needs 3G of disk for small, and lucid has 2...
<hggdh> restarting the whole thing, using c1.medium
<smoser> hggdh, yes, known issue
<hggdh> smoser: known, and forgotten my me :-(
<hggdh> jjohansen: I am opening a new bug now
<uvirtbot> New bug: #564914 in libvirt (main) "virt-aa-helper denied messages in eucalyptus" [High,In progress] https://launchpad.net/bugs/564914
<hggdh> jdstrand: thank you for the bug
<jdstrand> hggdh: sure. it'll be fixed momentarily
<hggdh> jjohansen: bug 564924
<uvirtbot> Launchpad bug 564924 in linux "UEC guest sometimes gets kernel OOPS" [Undecided,New] https://launchpad.net/bugs/564924
<jjohansen> hggdh: thanks
<hggdh> jjohansen: just attached the dmesg
<uvirtbot> New bug: #564920 in php5 (main) "PHP5 under Apache2 on 64 bit system is not completely 64 bit " [Undecided,New] https://launchpad.net/bugs/564920
<hggdh> smoser: I am considering cycling all servers, and redoing the karmic UEC run. Success rate is at .08 right now
<hggdh> kirkland: ^
<kirkland> hggdh: ?
<smoser> here i have success rate of 100% reaching guests of lucid 20100416 (granted i've launched 5 of them)
<hggdh> kirkland: just in case. It seems most instances are not reachable by ssh
<kirkland> hggdh: any oopses?
<hggdh> smoser: kirkland yes, at least one
<smoser> i'm at 1.6.2-0ubuntu29 in eucalyptus. i tihnk i'm booted into andy's (apw) test kernel from a wekek ago or so.
<kirkland> hggdh: hmm, okay so the karmic kernel is oopsing too?
<smoser> but as a reference everything seems generall working here.
<hggdh> kirkland: correct
<hggdh> smoser: darn! So what is different?
<tesseracter> running 9.10, installed memcached, tried to start it with start memcached, and it didnt have a clue what I was talking about.
<kirkland> hggdh: okay, next, let's replace the host kernel on the NCs
<kirkland> hggdh: with the beta2 kernel
<kirkland> hggdh: can you do that, and rerun your tests against the karmic image?
<smoser> i can dis-upgrade and see if the world fails for me
<hggdh> kirkland: only on the NCs?
<kirkland> hggdh: yeah
<kirkland> hggdh: shouldn't matter elsewhere
<hggdh> kirkland: this will take a while. I will have to find out how to get it done remotely
<kirkland> ?
<kirkland> hggdh: can you scp to the nc's?
<kirkland> hggdh: it will just take a couple of hops
<hggdh> kirkland: what you propose?
<kirkland> hggdh: 1) mount -o loop the beta2 server iso, grab the server kernel
<kirkland> hggdh: 2) scp that to the nc's
<kirkland> hggdh: 3) dpkg -i it
<kirkland> hggdh: you might have to edit /etc/default/grub to make sure that kernel boots
<hggdh> kirkland: oh, you just want the kernel
<kirkland> hggdh: yeah
<kirkland> hggdh: let's start there
 * hggdh was thinking of a whole install...
<kirkland> hggdh: no no no
<kirkland> hggdh: let's downgrade piece by piece
<kirkland> hggdh: a) kernel, b) qemu-kvm, c) libvirt
<hggdh> kirkland: k. Give me 15m to grab a lunch
<kirkland> hggdh: ack
<leonel> ScottK: Thank you for your work on clamav for keep the updated version and keep my servers running with the clamav change yesterday  Thank you very much
<ScottK> leonel: You're welcome.
<ScottK> I don't see any sign that other distros were similarly prepared.
<ScottK> #clamav has been totally insane.
<leonel> ScottK: even twitter and all arround is crazy but  ubuntu servers just working   THANK YOU !
<tesseracter> anyone? i want memcached to start and stay running - was gunna use upstart, but i dont see much on google.
<hggdh> kirkland: er. Where can I find a beta2 ISO for the server?
<kirkland> releases.ubuntu.com
<kirkland> hggdh: or there should be one in the lab
<hggdh> dammit
<kirkland> hggdh: let me grab the kernel for you
 * RoAkSoAx feels that this release cycle has been more problematic than others
<kirkland> hggdh: okay, here's the quickets way to get this
<kirkland> hggdh: start here: http://releases.ubuntu.com/10.04/
<kirkland> hggdh: where you can find this: http://releases.ubuntu.com/10.04/ubuntu-10.04-beta2-server-amd64.list
<JanC> tesseracter: it uses a sysvinit-style init script by default, and you might have to configure it in /etc/memcached.conf and then enable it in /etc/default/memcached
<kirkland> hggdh: in that file, you should see: /pool/main/l/linux-meta/linux-image-server_2.6.32.19.20_amd64.deb
<kirkland> hggdh: then go to Launchpad to find that deb
<kirkland> hggdh: https://edge.launchpad.net/ubuntu/+source/linux/+publishinghistory
<kirkland> hggdh: a few clicks later, i find http://launchpadlibrarian.net/42795268/linux-image-2.6.32-19-server_2.6.32-19.28_amd64.deb
<hggdh> kirkland: removed :-(
<kirkland> hggdh: i can download http://launchpadlibrarian.net/42795268/linux-image-2.6.32-19-server_2.6.32-19.28_amd64.deb
<smoser> kirkland, so your plan here is to back out to the older kernel and see if that fixes the guests ?
<smoser> older kernel on host, that is.
<hggdh> kirkland: my mistake, fat-fingered the keyboard
<kirkland> smoser: that's the current plan
<kirkland> smoser: then back down kvm, libvirt, and eucalyptus (in that order)
<kirkland> smoser: until we get back to the state at which everything worked
<kirkland> smoser: the kvm changes in the kernel were pretty massive
<smoser> well, for some point of reference:
<smoser> http://pastebin.com/KsQXF7kx
<kirkland> smoser: i acked them after a sniff test on my local hardware
<smoser> is currently working as well as anything for me.
<kirkland> smoser: running the security kernel?
<kirkland> smoser: can you apt-get dist-upgrade and see if everythign is still working?
<smoser> uname -r shows: 2.6.32-21-server
<smoser> so, yeah, 2.6.32-21.31~security201004122115
<leonel> what ?
<smoser> kirkland, i'm in the process. i'm waiting on
<smoser> Setting up eucalyptus-walrus (1.6.2-0ubuntu30)
<smoser> from the dist-upgrade of the CC
<smoser> i really should have just gotten the new kernel
<smoser> hggdh, for the record, you can get karmic images to fit into m1.small fairly easily, just register them as:
<smoser> uec-publish-tarball --resize 1408M karmic-*.tar.gz my-karmic
<smoser> well, kirkland i'm 3 for 3 in ssh reaches at the moment.
<smoser> remember, my hardware isn't necissarily blazing
<kirkland> smoser: bzr branch lp:~mathiaz/+junk/uec-testing-scripts
<kirkland> smoser: edit config_single.yaml
<kirkland> smoser: i changed id to my emi
<kirkland> smoser: type: to m1.small
<kirkland> smoser: max_instances_to_start: to my max instances
<kirkland> smoser: and cred_dir: to my .euca dir
<kirkland> smoser: or use a symlink
<hggdh> kirkland: rebooting NCs
<osmosis_> kirkland, hi dustin. I am the one who emailed you about volunteering.
<kirkland> smoser: did you get all of that?
<oru_work> how can I install 7zip, i tred apt-get install 7zip which didn't work :)
<kirkland> smoser: my wifi seems to be a little lossy
<kirkland> hggdh: i'm running latest/greatest lucid cloud here
<kirkland> hggdh: and i'm stress testing via mathiaz' test suite
<hggdh> kirkland: good
<osmosis_> oru_work, apt-cache search 7zip
<hggdh> kirkland: running another 100 instances on 2.6.32-19
<smoser> kirkland, running now
<smoser> kirkland, is this output written somewhere?
<kirkland> smoser: stdout
<smoser> oh. i see, it finished.
<kirkland> smoser: if you're in screen, you can write your scrollback buffer to a file
<smoser> well, i was 2 for 2 on it
<barbarella> oru_work:7za
<smoser> can i run multiple runs with a single (admin) user ?
<kirkland> smoser: yes
<kirkland> smoser: bump up max_instances_to_start:
<kirkland> smoser: i just ran that with 60
<kirkland> smoser: my cloud can accommodate 6 at a time
<smoser> so it starts them serially ?
<kirkland> smoser: yeah
<smoser> or does it check the available
<kirkland> smoser: checks available
<kirkland> smoser: ask mathiaz for the algorithm
<kirkland> smoser: or read the code
<kirkland> smoser: but he says it monitors availability
<hggdh> smoser, kirkland just edit the config_single.yaml, and uncomment the log file at the beginning
<smoser> i dont seen in code that it launches more than one
<kirkland> hggdh: heh, well there you go, smoser ^
<hggdh> it is assyncrhonous
<hggdh> and it does check availability
<smoser> it does not pass '-n' to euca-run-instances
<hggdh> mathiaz did a good job there ;-)
<smoser> oh. i see.
<smoser> but it will never invoke --instance-count=2
<smoser> or N
<smoser> that would be something to add, which would possibly stress in a different way
<kirkland> smoser: hggdh: i gotta drop, but i'm going to run this over the weekend on my local hardware with some really, really, really large number
<smoser> kirkland, are you seeing any errors ?
<smoser> i see 100% success here.
<kirkland> smoser: hggdh: i'll setup a cronjob to rsync that output file to my people.canonical.com pub html
<kirkland> smoser: 100% success here too
<kirkland> ubuntu@beagle:~$ grep -i oops out
<kirkland> ubuntu@beagle:~$ grep -i error out
<kirkland> ubuntu@beagle:~$
<kirkland> smoser: success rate is 100%
<kirkland> smoser: this is up-to-date lucid
<smoser> same here now
<kirkland> image form this week
<smoser> well, yo ushould be using image from today
<smoser> but i am
<hggdh> kirkland, smoser not 100% here, but no console output
<smoser> no console output where ?
<kirkland> gotta run
<hggdh> we changed the uec_test.py to output console on error
<hggdh> kirkland: k
<oru_work> which command is used to upgrade from 8.10 to 9.10 ?
<guntbert> !upgrade | oru_work
<ubottu> oru_work: For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<hggdh> smoser: how did it go? How many total sessions?
<smoser> well, my first run '2'
<hggdh> oh
<smoser> as i understood that to be concurrent
<hggdh> try 100
<jdstrand> fyi, I uploaded ubuntu25 for libvirt... needs to be approved of course
<smoser> yeah, its doing 100 now
<hggdh> jdstrand: thanks, I hope it is. These messages really suggest failures
<hggdh> smoser: I got 32 succeeded, 68 not tested
<jdstrand> hggdh: I'm confident it will be. I understand the confusion it could cause
<hggdh> jdstrand: IOU
<jdstrand> hggdh: thanks for noticing it! :)
<hggdh> heh
<ruben23> hi guys when i try to type in this cd /etc/network/interfaces ----> i get error  no such file or directory..
<ruben23> im on root- i type in sudo bash
<ruben23> any ideas
<hggdh> ruben23: /etc/network/interfaces is a file, not a directory
<smoser> hggdh, wait.
<smoser> so now everything is happy for you?
<hggdh> ruben23: and, BTW, it is better to run 'sudo vi' than 'sudo bash' -- safer to only be root when needed
<smoser> you reverted to old kernel on nodes ?
<ruben23> hggdh: even i do- i do this cd /etc/network/---same error
<hggdh> smoser: yes, I am running kernel 2.6.32-19. No OOPSes so far
<smoser> this is strange to me.
<ruben23> hggdh: also cd /etc/-----no such file or directory
<ruben23> what should be the problem iwth this
<hggdh> ruben23: are you sure you are running Linux? ;-) if you do not have /etc, your system should be hosed (or on its way to)
<ruben23>  hggdh: yeah im running ubuntu-all boots up and said OK. then i login my usernmae
<hggdh> smoser: and you are all in current, including UEC?
<hggdh> ruben23: and?
<smoser> current as of my mirror
<smoser> but let me check its currency
<ruben23> then type in sudo bash
<ruben23> input hte password then i type in cd /etc/---no such file or directory
<hggdh> ruben23: weird. What version of Ubuntu, and is this a server edition?
<guntbert> ruben23: no need for sudo bash  -- if you *really really* need a root shell you better use sudo -i
<incorrect> how does Eucalyptus compare to kvm?
<hggdh> incorrect: eucalyptus *uses* kvm
<incorrect> hggdh, i had a feeling you were going to say that
<incorrect> so Eucalyptus can run my windows vms?
<gzmask> hello guys, question forcha: at https://help.ubuntu.com/community/UEC/CDInstall step 7 where I got lost: should I run the ssh key generation at node or at cluster?
<ruben23> guntbert: im root
<guntbert> !root | ruben23
<ubottu> ruben23: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<leonel> jcastro: pong
<hggdh> incorrect: if you want a cloud, yes
<guntbert> ruben23: then why do you need sudo? (if you are root already)
<ruben23> still i can do cd /etc/ or cd /home/ ---> no files or directory
<hggdh> ruben23: what version of Ubuntu?
<hggdh> second time I ask
<ruben23> 8.04 server
<incorrect> hggdh, what i want it to be able to run up vm's to compile my code, get a build and then shutdown, hudson seems to have plugins to do the control for me, i just don't see what the difference between Eucalyptus and just kvm is
<ruben23> hggdh: ubuntu-server 8.04 LTS
<hggdh> incorrect: eucalyptus will allow you to build a cloud of virtual machines (like Amazon EC2). KVM will allow you to run a virtual image
<hggdh> ruben23: and this server was working perfectly before?
<binBASH> smoser: My vms get ips assigned now!
<incorrect> never used EC2
<ruben23> hggdh: this is a new install
<ruben23> fresh install
<binBASH> just installed a local dhcp server on each node, where I specify the ip range.
<ruben23> what could be wrong where i can download the officcial copy of ubuntu-server 8.04 torrent..?
<hggdh> ruben23: try to run 'echo /etc'. I am curious about what you see
<uvirtbot> New bug: #564996 in euca2ools (main) "euca-describe-instances should order output newest first" [Undecided,New] https://launchpad.net/bugs/564996
<ruben23> hggdh: i guess i need to re install
<ruben23> where can i download officeial copy of ubuntu server 8.04- torrent file
<hggdh> smoser: the plot thickens. Now I see eucalyptus-cloud using 790M of memory
<smoser> well, thats not too big a surprise
<smoser> it is a massive java stack
<hggdh> smoser: sorry. 749M
<hggdh> and I am getting out-of-memory there...
<ScottK> Massive Java stack is a bit redundant
<hggdh>  java.lang.ClassCastException: java.lang.OutOfMemoryError cannot be cast to java.lang.RuntimeExce
<hggdh> heh
<osmosis_> doest ubuntu have an equivalent to  /etc/init.d/iptables save   ?
<osmosis_> ruben23, google  ubuntu torrents
<smoser> hggdh, ok, thats bad news.
<smoser> hggdh, ok, so let me see if i understand where you are
<smoser> right now, we had massive complete failure
<smoser> then we backedleveled the host kernel on the node controllers
<smoser> then we have much better results
<smoser> is that correct ?
<resno> is it possible to use the credentials a user uses to logon to log into their samba account?
<tesseracter> so am I right to assume that email sending is not set up by default on 9.10 server(in this case, on amazon ec2)?
<smoser> hggdh, ^^
<hggdh> smoser: sounds correct, but I have not had any oops on 2.6.32-19
<hggdh> smoser: also, after I bounced all of cloud/cluster/sc, I am now able to run imagtes again
<smoser> jjohansen, it appears we're seeing regression on our data center hardware with the newer kernel
<smoser> hggdh, i'd like to see verification that switching the NC to the current lucid kernel will cause catostrophic failure
<smoser> note, that kirkland and I are running tests on our more modest hardware and do not see these issues.
<hggdh> smoser: after I can complete a stress run without other issues, I will revert to current kernel, and try again
<hggdh> smoser: I follow you. It bothers me that you and Dustin cannot get the same failures
<resno> is there a way when i login to my machine when i access samba on the server, it will know my username and password?
<resno> and allow me access to my directory only, etc
<smoser> hggdh, i see 2 failures in 69 at the moment.
<smoser> for which i just opened bug 565018
<uvirtbot> Launchpad bug 565018 in cloud-init "instance is not reachable via ssh (access denied)" [Undecided,New] https://launchpad.net/bugs/565018
<smoser> hggdh, yeah, i dont like that we don't see the failure either, but i have a puny little single cpu system
<hggdh> you got access denied? That's new, I think
<smoser> Intel(R) Core(TM)2 CPU          6300  @ 1.86GHz
<smoser> and dustin is on laptop class hardware
<smoser> i think it turns access denied
<hggdh> yeah. This may be related to concurrency level
<gzmask> on UEC cluster controller, when I am starting my VM, I got FinishedVerify not enough resources available: addresses error. How do I assign ip address to VMs? How do I register my VMs Mac address so that my DHCP server knows what to do?
<smoser> hggdh, i updated it. it wasn't access denied.
<smoser> hggdh, well, yeah, thats my thoughts is that its racy kernel multi cpu. i dont know. but thats all i can explain.
<smoser> hggdh, i have to run. i'll check back in later.
<hggdh> smoser: k
<hggdh> smoser: I will revert the NC back to current kernel & run it again
<guntbert> resno: sorry - my experience with samba/windows network is minimal - I couldn't tell
<resno> ah ok
<resno> guntbert: lol
<guntbert> resno: but have a look at man smbpasswd
<uvirtbot> New bug: #565022 in squid (main) "package squid 2.7.STABLE7-1ubuntu12 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/565022
<guntbert> resno: and if you want something to read : https://help.ubuntu.com/9.04/serverguide/C/windows-networking.html
<binBASH> smoser: How to connect to the uec image from ubuntu?
<gzmask> can I run Cloud controller, cluster controller and node controller on the same machine?
<hggdh> gzmask: yes
<CodPair> Does anyone know of any issues with the partition formatter in ubuntu server 9.10? Mine formated a few partitions but froze at 33% when formatting the / partition. Is this common?
<CodPair> Specifically during installation.
<gzmask> I use Gparted from desktop version to partition and format. then select "manul" in server version to use the formatted drive
<JanC> CodPair: it's not common, but can happen...
<Ng> how come we have an /etc/default/libvirt-bin when it's not used?
<osmosis> Ng, what version?
<Ng> osmosis: lucid
<CodPair> How would you suggest I proceed with installation?
<CodPair> Could my RAID card be incompatible with the partitioner?
<JanC> CodPair: maybe
<CodPair> JanC: I just tried manual partitioning as ext3 and it jumped right to 33% and froze
<JanC> I guess it's some fake raid thing  ;)
 * CodPair face-palms
<CodPair> i figured it out
<CodPair> i accidentally put the dead drive in the server.
<orudie> should i upgrade 9.04 to 9.10 ?
#ubuntu-server 2010-04-17
<orudie> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<osmosis> where are the config files for the ethernet bridging ?
<lifestream> errmmm, how would I go about ressetting the mysql password? I forgot what it was
<jeffesquivel> lifestream, http://dev.mysql.com/doc/refman/5.1/en/resetting-permissions.html
<lifestream> thank you much, jeffesquivel
<jeffesquivel> lifestream, no problem
<uvirtbot> New bug: #565101 in eucalyptus (main) "walrus reports java.lang.OutOfMemoryError: Java heap space" [Undecided,New] https://launchpad.net/bugs/565101
<smoser> binBASH, sorry, i didn't catch your question
<smoser> ssh is the primary way to get to an instance
<orudie> here is my output after running do-release-upgrade http://www.pastebin.org/154139
<orudie> any ideas ?
<orudie> that's long into the process
<orudie> anyone ?
<orudie> Ð¿Ð¾Ð¼Ð¾Ð³Ð¸ÑÐµ Ð¿Ð°ÑÐ°Ð½Ñ
<uvirtbot> New bug: #565123 in chkrootkit (main) "chkutmp assert failure: *** stack smashing detected ***: ./chkutmp terminated" [Undecided,New] https://launchpad.net/bugs/565123
<lifestream> Why isn't this workking?
<lifestream> mysql> set password for opensim = Password('mypassword');
<lifestream> ERROR 1133 (42000): Can't find any matching row in the user table
<lifestream> I mean, the error is easy to understand
<lifestream> The database exists ;  what row is it asking for? Password? It should be there, if I created the user, no?
<lifestream> Here are the commands I was running for mysql
<lifestream> http://www.pastebin.lt/view/raw/75158984
<uvirtbot> New bug: #520273 in postfix (main) "cron doesn't send mail" [Undecided,New] https://launchpad.net/bugs/520273
<lifestream> Can I completely wipe all databases, users, rows, etc, from mysql, ro make it like a fresh install?
<jeffesquivel> lifestream, hmm... IIRC, mysql package asked you for your password when installing, right?
<jeffesquivel> lifestream, you may be able to get that dialog again with dpkg-reconfigure
<jeffesquivel> but I'm not sure of that, have never done it
<ChmEarl> problem in fresh lucid domU http://paste.ubuntu.com/415895/
<ChmEarl> getting broken pipe errors before apparmor starts
<pHcF> hey guys :)
<pHcF> guys, how do i set the user's root to a folder
<pHcF> and disable his access to any folder "higher"?
<ruben231> hi guys i have a hosted server on a hosting sompany, how so i install ubuntu-server on it...any suggestion..?
<ruben231> hi guys i have a hosted server on a hosting sompany, how do i install ubuntu-server on it...any suggestion..?
<ScottK> ruben231: You need to talk to the hosting company.
<ruben231>  ScottK: mostly whats the procedure for that..?
<ScottK> Depends on the hosting company
<ScottK> You need to ask them
<ruben231>  ScottK:  but can i remote install on a hosted server is it possible what process is it
<ScottK> It's not possible in most cases.
<ruben231>  ScottK: so your request to the hosting company to install it for you..
<ScottK> Yes
<erichammond> I had a hosting company that provided a slick remote KVM UI in a browser which let me see the VGA display output in real time as well as mount ISOs on the remote server and boot from them.
<erichammond> I seem to remember it was enabled by Belkin hardware.
<ScottK> That would be one example of why I said most not all.
<binBASH> smoser: I got everything working now :) thx again for all your help.
<duffy_duck> hi, I'm using ubuntu server for multiple web hosting. I want to limit server resources for each customer. I'm using mpm-itk but apparently the Rlimitcpu directive is not applied to non cgi processes. Do you have an alternate solution for this?
<duffy_duck> anyone?
<au> hmm
<RoyK> duffy_duck: what sort of resources would you like to limit? bandwidth? cpu? memory?
<duffy_duck> ideally all of those
<duffy_duck> RoyK: bot so far CPU would be a good starting point
<RoyK> cpu is tricky
<RoyK> are they using cpu intensive stuff?
<RoyK> cgi should be avoided at all costs anyway
<duffy_duck> well, the point is that if a website is under some sort of load it'll slow down all the others
<binBASH> cpu for non cgi? are you using things like mod_php?
<duffy_duck> yes
<binBASH> don't use it ;)
<binBASH> I would switch to cgi version
<binBASH> and use suexec
<duffy_duck> it's far slower
<binBASH> well, every big hoster uses it.
<RoyK> binBASH: cgi is a ninetees thing
<binBASH> RoyK: Well, it's safe
<RoyK> cgi => fork a job for every request
<RoyK> it's NOT safe
<binBASH> it is with suexec
<RoyK> say you have perl cgi and someone launches 10k requests, 10k perl scripts are forket out with a memory footprint of 3-5MB each
<binBASH> and mpm_itk is slow as well ;)
<RoyK> make that 100k
<binBASH> peruser.org seems to be much better.
<binBASH> using this myself
<duffy_duck> is that a mod_something?
<binBASH> it's an alternative to mpm-itk
<binBASH> though harder to control but faster ;)
<binBASH> but I think you can't limit cpu there.
<duffy_duck> hmmm, well the point is. I'using vmware and when the server gets too meny requests it dumps some out of memory messages on console and then it freezes
<duffy_duck> and you have to reboot.
<RoyK> I guess suexec and some ulimit magick might work
<RoyK> but then, ulimit will just make the jobs stop working after spending xx in cpu
<binBASH> duffy_duck: How many sites / users you have on your webserver?
<RoyK> duffy_duck: really, cpu is rarely a problem with web pages, is it? do you use sysstat or something to monitor long-term cpu use?
<duffy_duck> it's about 500 websites
<binBASH> RoyK: btw. to your opensolaris suggestion. I just read yesterday there are some discussions in the community, due to the new plans of oracle
<duffy_duck> no, i have the cpu graphs from vmware
<RoyK> ok
<RoyK> binBASH: what plans?
<RoyK> duffy_duck: ok
<RoyK> duffy_duck: but can't you just do the limitations from vmware?
<binBASH> RoyK: They shifted a release
<duffy_duck> RoyK: it's OS problem, when it gets too many request ( eg using a few apache benchmark ) it crashes
<RoyK> what do you mean 'shifted'?
<binBASH> and they stopped the sending service for opensolaris cds
<binBASH> postponed
<RoyK> well, it takes a man to download and burn it
<RoyK> duffy_duck: I don't think I've seen ubuntu crash on cpu use - only memory
<RoyK> duffy_duck: do you monitor the memory and swap use for your vmware guests?
<duffy_duck> RoyK: I probabily should. BUT I still think it should stop opening processes instead of crashing
<RoyK> apache doesn't care about how much memory the system has
<RoyK> it just goes on
<RoyK> you'll have to limit the max in the apache config
<RoyK> if apache or any other process starts forking wildly, it'll consume large amounts of memory and then swap
<duffy_duck> globally?
<RoyK> and then linux will probably die, trying to swap
<RoyK> duffy_duck: monitor swap use
<duffy_duck> good point,I'll give it a try
<binBASH> duffy_duck: and tune memory_limit in php.ini :)
<RoyK> linux has an OOM (out of memory) killer that kicks in when the system runs out of memory, but usually too late
<RoyK> binBASH: that's per session, so if you have 10k sessions, it won't help much
<binBASH> true RoyK, OOM never worked for me yet :)
<binBASH> RoyK: Just don't allow that much dynamic processes? ;)
<duffy_duck> Royk: the problem with OOM is that it's kills one and apache opens 3
<RoyK> that'll be limiting concurrent apache connections, since once you have an apache connection, it'll run
<duffy_duck> so there's no way it can sort out
<RoyK> duffy_duck: i know - the solution is to add more memory
<binBASH> RoyK: A solution I would try is, putting a proxy before the webserver, let it handle static things
<RoyK> how much memory do you have on these guests?
<binBASH> varnish is really good on it ;)
<duffy_duck> it's a cluster 512 x 3
<RoyK> binBASH: yeah, varnish kicks ass :)
<RoyK> binBASH: linpro.no did a great thing making that :)
<RoyK> it can be a little hard to setup correctly with cookies and stuff, though
<binBASH> true ;)
<duffy_duck> is that some sort of proxy?
<RoyK> duffy_duck: I meant - how much memory for the guests?
<RoyK> duffy_duck: it eats squid for breakfast
<duffy_duck> 512 x 3 guests
<duffy_duck> 512 each
<RoyK> ok
<RoyK> 512MB isn't really a lot if you're hosting a heavy webapp on it
<duffy_duck> but the problem is that when you get some attack memory is never enought
<RoyK> well, start with monitoring swap
<RoyK> use nagios/icinga or something else
<duffy_duck> and, would you suggest x64 or x32?
<RoyK> I use 64bit all the way these days unless I just need some toolbox vm
<RoyK> even then, often 64
<duffy_duck> would you install varnish on a separete server or one on each node?
<RoyK> varnish should be on a separate box in front
<RoyK> with LOTS of memory
<duffy_duck> 2GB?
<RoyK> varnish doesn't do disk caching
<RoyK> yeah or 4 or 8 or more
<RoyK> depending on the workload
<duffy_duck> the boss is gonna kill me :D
<RoyK> get a nice pizzabox with two CPUs and 16 gigs of RAM
<binBASH> duffy_duck: Memory is not that expensive
<RoyK> digi.no, a quite popular IT site, replaced  16 squid servers with 4 varnish boxes, and reports they really needed one, plus one for redundancy
<RoyK> varnish kicks ass
<binBASH> RoyK: are you using it?
<RoyK> nope - not running anything like that
<binBASH> well I plan to use it, but geoip based
<binBASH> have to find a solution as well for smart dns round robbin
<RoyK> binBASH: varnish was developed by linpro.no after vg.no contacted them to help speed up things. vg.no is probably the largest news site in .no. varnish was written for freebsd but later ported to other platforms. it might be a good idea to look at the freebsd implementation - it's said to be better
<RoyK> there are some sendfile() stuff in linux that isn't very good
<RoyK> or was - I haven't been looking into this for a year or so
<binBASH> RoyK: probably, well in my cloud I can run all sorts of os
<RoyK> don't run varnish on a vm...
<RoyK> run it on dedicated hardware
<binBASH> yup
<binBASH> ;)
<RoyK> it requires very fast memory access
<binBASH> So I have to take linux :P
<binBASH> I already testdrived varnish, it's quite nice.
<RoyK> I'd give freebsd a chance if I were you - varnish should perform a lot better on that with a good sendfile() implementation
<binBASH> http://www.hetzner.de/en/hosting/produkte_rootserver/eq8/
<binBASH> maybe two of these for varnish failover
<RoyK> :)
<binBASH> 24 GB RAM should be fine ;)
<RoyK> yeah
<duffy_duck> ok guys i'lll give it a try and report next week
<duffy_duck> thanks for the soggestions
<binBASH> np
<RoyK> duffy_duck: since varnish uses sendfile() for zero-copy memory access, it can't do so properly on linux because of a faulty implementation, and falls back to send()/recv(), meaning you'll get an in-memory copy operation for each request - it'll still help a lot, but on fbsd, it'll be faster with high traffic
<RoyK> as long as the varnish system is running on low load, you probably won't notice much difference, but fbsd will scale better
<duffy_duck> we have like 300 servers, I'm not going to learn how to administer another os for no reason
<duffy_duck> :D
<smoser> binBASH, i'd be interested in seeing / knowing what all you did and how you've set things up.
<binBASH> smoser: I setup a dhcpd locally on each node.
<binBASH> and changed the network config of eucalyptus to system
<binBASH> and with your patch all worked
<Grudg3> Hey all
<Grudg3> Does someone here have knowledge of blade servers and has 5 minutes of time? Please :(
<guntbert> !ask | Grudg3 (no help in that realm from me - sorry)
<ubottu> Grudg3 (no help in that realm from me - sorry): Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Grudg3> Well I'm ineterested in the specific blade server, and I just have some basic questions, would rather talk in private
<guntbert> Grudg3: usually you don't get 1:1 support here anyway
<Grudg3> Aha, okay thank you, got a link to a hardware channel here in freenode from #ubuntu ... thenks anyway, cheers!
<guntbert> Grudg3: Good luck :-)
<Italian_Plumber> good morning all
<Italian_Plumber> I'm revisiting today an old issue of mine:  "ATA bus error" with my hard drive.  The details are here: http://ubuntuforums.org/showthread.php?t=1410891 ... .anyone with any advice would be greatly appreciated.
<Italian_Plumber> and the advice would be too. :)
<jaypur> Italian_Plumber, is this when the pc is booting???
<Italian_Plumber> no it's all the time
<Italian_Plumber> the error occurs repeately when the drive is being accessed.
<jaypur> damn...
<jaypur> let me see... i don't know how to help but i'll take a look
<jaypur> lol i think it's all about the driver.... does the problem unable you to make things?
<Italian_Plumber> thanks.  I feel like I've tried everything but I'm sure someone has a suggestion that I haven't tried yet
<Italian_Plumber> the computer is usable, and the drive appears to read and write data without errors.  I have downloaded large torrents and they all pass the hash checks.
<jaypur> so whats the real problem, if you can use the pc it's all ok
<Italian_Plumber> well that's actually part of my dillemma... I don't really know if this is even something I should be worried about.
<Italian_Plumber> at the very least, it makes my syslog HUGE.
<jaypur> man
<jaypur> if you eat a pizza
<jaypur> do you wanna know what happened to make it?
<jaypur> :D
<jaypur> just a sec brb
<Italian_Plumber> well, knowing what you're putting in your body goes a long way towards keeping you healthy... keeping a server healthy is a simlar experience, is it not? :)
<Italian_Plumber>  is bumping considered rude in ubuntuforums.org?
<jaypur> i don't think so, i think if you be polite all goes ok...
<jaypur> yeah that's right what you said...
<jaypur> and depends if you're running a serious server, yeah you should worry about it...
<jaypur> if you running just for fun.... don't cook your brain...
<Italian_Plumber> heh
<jaypur> good luck my friend
<Italian_Plumber> :) thanks.  Yeah it's not a "serious" server.  Just my personal one for music, virtual machines, and, um... wallpapers. :)
<jaypur> i'm back Italian_Plumber
<Italian_Plumber> welcome back. :)
<jaypur> Italian_Plumber, i have one for counter-strike 1.6 server, webserver... and soon some cloud stuff
<RoyK> Italian_Plumber: which version is this?
<Italian_Plumber> of ubuntu?  hardy... 8.04.4
<RoyK> my guess it's either a bad driver or a faulty drive
<Italian_Plumber> how do I update the driver?
<RoyK> check if there's a newer kernel available
<RoyK> you also may want to try to upgrade ubuntu to a newer distro version
<Italian_Plumber> I was planning on doing that when lucid comes out
<lil_cain> aye, I'd never move a server off LTS
<orudie> good morning. Can you guys have a look at this? This is what I got after d0-release-upgrade on ubuntu 9.04 http://www.pastebin.org/154139
<orudie> this error I saw about 1.5 hours into the install
<lil_cain> try removing wine, upgrading, and installing wine again?
<lil_cain> </hack>
<lil_cain> I'd guess it's trying to change vm.mmap_min_addr since wine requires it set to 0, and you've changed it in some way
<sporedi> how do i acess my ubuntu server  over internet using xrdp/mstsc
<aetaric> sporedi: server doesn't have an X11 server
<aetaric> so you can't use a mouse.
<sporedi> i have installed ubuntu desktop
<lil_cain> You'll have to install a vncserver
<ikonia> sporedi: those are windows tools
<lil_cain> And then connect over VNC. I would recommend ssh forwarding to localhost, and only having your VNC server listening there.
<aetaric> that too. tightvnc works well to connect to a vnc server
<sporedi> ok
<sporedi> thx
<orudie> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<schmidt>  /j #haml
<schmidt> whops
<RoyK> /j #msdos
<RoyK> whoops
<binBASH> lol
<RoyK> a colleague of mine was complaining about things the other day - it was so stable and clean when we were running Sintran, but now it was all problems
<orudie> how can I choose a different screen profile
<orudie> in 9.04 it was there by default
<orudie> in 9.10 its not
<Italian_Plumber1> Did someone say (in regards to my earlier quesiton a few hours ago) that the UDMA settings are in the BIOS?
<ruben23> hi guys on the installation porcess of my ubuntu-server 8.04 LTS- its asking me for bootloeader something about grub and i have selection- hd0, hd1 and fd0, tried hd0 but i get fatal error
<ruben23> any suggestion what should i do on this part im stuck
<Italian_Plumber1> how many physical hard drives you have?
<Italian_Plumber1> did you try hd1?
<Italian_Plumber1> ugh.  My server is unresponsive, even from the console, and I don't want to do a hard reset.  Are there any other options for doing a controlled shutdown?
<Pici> !sysrq | Italian_Plumber1
<ubottu> Italian_Plumber1: In an emergency, you may be able to shutdown cleanly and reboot by holding down Alt+PrintScreen and typing, in succession, R, E, I, S, U and B. For an explanation, see http://en.wikipedia.org/wiki/Magic_SysRq_key
<pHcF> hey guys
<Italian_Plumber1> wow... that seems to have worked. :)
<pHcF> there's any tool to monitor with graphics CPU, Bandwith and RAM for ubuntu server? something that generates an image, like .jpg or something
<Italian_Plumber1> interesting.
<Italian_Plumber1> THANKS!
<Pici> pHcF: munin does 5 minute snapshots and graphs them on RRDs.
<pHcF> Pici: thanks :D
<pHcF> gonna search
<uvirtbot> New bug: #565481 in php5 (main) "PHP preg_match doesn't match matching string" [Undecided,New] https://launchpad.net/bugs/565481
<Mahdi> Who i can convert slapd.d to slapd.conf in ubuntu 9.04
<ruben23> hi guys, im having unusual issue during install of ubuntu server 8.04 LTS
<lil_cain> What's the issue?
<ruben23> after install and im on root, when i do cd /etc/ or cd /var/ i got no file or directory..
<ruben23> this is really confusing
<lil_cain> what does ls / give you?
<lil_cain> All the expected stuff?
<ruben23> lil_cain:  im re installaing it again now for th 8 time
<ruben23> i tell you when its done ill try your advice
<lil_cain> cool.
<mallchin> hi guys
<mallchin> are there any giudes fpr
<mallchin> guides for securing an ubuntu server
<ScottK> mallchin: Did you have any particular issues in mind.  It's meant to default to a reasonably secure condition.
<mallchin> ScottK: thanks, none in particular, I'm using a dedicated hosted server, just making sure it's secure
<ScottK> The base Ubuntu Server install has no ports open to the outside world by default.
<ScottK> The ufw firewall is included, but off by default.  You might start looking at it.
<mallchin> ScottK: great, thank you
<mallchin> ScottK: is there an easy way to tell if I am using server edition or not?
<ScottK> No ports open by default is true of all Ubuntu flavors.
<mallchin> ScottK: I assume it would be better to use server edition for a server though?
<ScottK> Yes.
<mallchin> thanks
<ruben23>  lil_cain: you there
<ruben23> ..
<lil_cain> yup
<ruben23> i got same error
<ruben23> no file or directory
<ruben23> what couls be the problem its my 9 time install of the ubuntu server
<lil_cain> ls /
<lil_cain> what's there?
<lil_cain> and do you get any errors during your install?
<ruben23> i dont get any error
<ruben23>  duirng install but
<lil_cain> ok. Is /etc/ there when you ls / ?
<ruben23> during login
<lil_cain> and is there anything odd in dmesg?
<ruben23> it says no such files or directoryt
<ruben23> im on root at that moment
<lil_cain> you get no such file or directory when you ls / ?
<ruben23> yes
<ruben23> and also cd /etc/
<ruben23> and also /var/
<ruben23> all
<ruben23> my install dont have any error at all
<lil_cain> right. cd /; echo *;
<lil_cain> and then try cat /proc/mounts
<lil_cain> This is just a base install, you didn't do anything funny?
<ruben23> yeah
<ruben23> i follow this
<ruben23> http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p3
<lil_cain> ok. Is there anything in / when you echo *?
<lil_cain> better yet, for i in /*; do echo $i; done;
<lil_cain> ruben23: how far did you get in that?
<ruben23> try it now
<ruben23> ill try now
<lil_cain> also, don't follow that guide. Anything which tells you to disable app armour is stupid.
<lil_cain> as is telling you to use dash, rather than patching the single script they have.
<lil_cain> sorry to replace dash
<ruben23> still no such file or directory
<lil_cain> you get no such file or directory when you cd ?
<lil_cain> sorry, 'cd /'
<ruben23> no such file or directory
<ruben23> still
<lil_cain> what does pwd say?
<ruben23> :'( what should i do- i cant install ubuntu-server
<ruben23>  /home/cj911#
<ruben23> thats my pwd
<lil_cain> Right. What happens when you type 'cd ..'
 * ScottK notes that a lot of people who know what they are doing spend a lot of effort on the Ubuntu Server Guide.
 * ScottK finds it generally a lot better than random web howto's.
<ruben23> hi
<ruben23>  lil_cain:/home#
<ruben23> thats it
<guntbert> ScottK: yes, but there is a disadvantage: you must be willing to read a whole page ;-))
<ScottK> ruben23: If you're running as root you are doing it wrong.
<ruben23> ScottK: what should be
<lil_cain> ScottK: That's a matter of taste.
<RoAkSoAx> kirkland: ping?
<ScottK> Since Ubuntu ships with root disabled, you've already made your system non-standard
<lil_cain> yes. But non-standard doesn't mean worse.
<ScottK> lil_cain: Yes and no.  There are parts of the system that have been changed to expect sudo instead of a true root account.
<lil_cain> like what?
<ScottK> lil_cain: It does when people ask for support
<lil_cain> ruben23: cd ../
<lil_cain> ScottK: What is possibly going to break because you're root?
<ScottK> It's fine if you know what you are doing, but people just starting shouldn't start doing non-standard things.
<ScottK> I'm not sure of anything on server, but on desktops priviledge escalation for doing root level things is hardwired to sudo.
<ruben23>  lil_cain: nothing happens
<guntbert> lil_cain: why do you think you *need* root enabled?
<ScottK> lil_cain: As it happens, I prefer to enable root on servers too, but I'm not the one here with a non-working system.
<RoyK> ScottK: "enable root"?
<guntbert> !root | RoyK
<ubottu> RoyK: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<ScottK> guntbert: Thanks.  I was about to look for that url.
<RoyK> guntbert: I'm quite aware of what root is, but "enable root" means nothing. enabling root password means something
<guntbert> RoyK: don't pick on words please
<guntbert> ScottK: :)
<RoyK> guntbert: not doing that - just saying it wasn't clear what he meant
<ScottK> RoyK: What else would it have meant?
<guntbert> and RoyK the root account is not enabled by default - no way to change to it
<RoyK> guntbert: on the other side, it should be quite fine if people learned to use their language properly before babbling out
<guntbert> !attitude | RoyK
<ubottu> RoyK: The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IRC/Guidelines
<RoyK> guntbert: sudo su - ; passwd
<ScottK> RoyK: If you can't contribut constructively go elsewhere
<RoyK> ScottK: I contribut a lot in here, SIR
<guntbert> RoyK: we know - but what you suggest is just useless
<RoyK> huh?
<RoyK> why?
<ScottK> So far in this discussion all I've seen is pointless pedantry.
<guntbert> RoyK: sudo su is definitely not needed and not useful, and there is no need to set a root password,
<RoyK> omg
<RoyK> guntbert: sudo su - is an old version of the newer sudo -i
 * RoyK hits guntbert with a small iron bar
<guntbert> ScottK: "a lot" doesn't necessarily mean quality :-)  - sorry RoyK I could not resist - please stop telling me old facts as your latest findings
<guntbert> !ops | RoyK verbal violence
<ubottu> RoyK verbal violence: Help! Channel emergency! soren, lamont, mathiaz or tom
<ikonia> easy please guys
<ScottK> RoyK: I think if you'll look there are differences in the resulting environment between those two commands.  They are not identical.
<RoyK> guntbert: calm down, sir
<ikonia> RoyK: you too please
<RoyK> ScottK: the result is the same - you end up in a shell with root's environment
<ikonia> the environments are different, but both are root shells, there is a page on the wiki about this, I'm sure
<RoyK> sudo su and sudo su - differs
<RoyK> sudo su and sudo -i differs
<ikonia> of course, the - matters
<ikonia> RoyK: as well it should
<RoyK> but sudo -i and sudo su - doesn't differ
<ikonia> I believe they do, there is a document on the wiki that talks about this, but I'm not fully aware without research
<ScottK> It does.
<ScottK> It's clear from just reading the su and sudo man pages.
<ikonia> bottom line is, ubuntu put sudo in place - respect it's implimentation and don't try to bypass it
<ScottK> The difference is generally of little or no consequence, but sudo -i is generally preferred to sudo su.
<RoyK> ScottK: sudo su doesn't take root's env, but sudo su - does, but I see the point - sudo -i keeps DISPLAY and stuff
<tsimpson> "sudo su -" is pointless, you switch from your user to root via sudo, then switch from root to root via su
<RoyK> tsimpson: sudo -i is quite new
<ikonia> not really
<ikonia> been around a long time now
<tsimpson> define "quite new"
<RoyK> as in 'doesn't work with older versions of sudo'
<ikonia> I'm pretty sure it does, RoyK what versions are you talking of
<RoyK> if you manage a truckload of OSes, sudo su - works for them all
<tsimpson> it works from at least dapper, probably earlier
<tsimpson> dapper is 6.06
<ikonia> RoyK: it's in solaris 9 and hpux 11.20 too, so that's pretty old
<ikonia> that's pretty good legacy coverage
<ScottK> It was added in 2004.
<ScottK> 2004-01-18 17:55 to be precise.
<RoyK> damn
<ikonia> ScottK: impressive searching
<lil_cain> guntbert: You don't. It's a matter of taste.
 * RoyK sends some eyjafjallajÃ¶kull ash in ScottK's direction
<ScottK> Sorry, I live upwind.
 * ScottK was there once, but when it wasn't erupting.
<guntbert> lil_cain: was that about "need" - of course you do on your system what you regard as appropriate :-)
<lil_cain> guntbert: Aye.
<lil_cain> I wouldn't recommend people do it. But I'm going to continue doing it, because I prefer it that way.
<guntbert> lil_cain: exactly :-)
<ScottK> lil_cain: I find that quite reasonable.
<ruben23> lil_cain:  you there..?
<ruben23> my echo $PATH --> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
<lil_cain> I don't see what your PATH should change.
<lil_cain> cd is a builtin.
<lil_cain> and you've go /bin
<lil_cain> cd / shouldn't give an error, no matter what.
<cemc> ruben23: what does 'alias | grep cd' say? :-)
<ubuntologist> Hi all, would anyone have any clues as to why my syslog is showing a Shorewall net2fw entry where the destination IP is not on my LAN but rather my ISP's DNS? I've recently installed DNSMasq - is this perhaps modifying the frame before it's logged?
<ubuntologist> Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC= SRC=222.59.176.26 DST=220.233.15.6 LEN=40 TOS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=9415 WINDOW=16384 RES=0x00 SYN URGP=0
<guntbert> ubuntologist: it came in through ppp0
<ubuntologist> yes
<ubuntologist> aah...ok, i think i understand
<ubuntologist> thanks guntbert - got it
<guntbert> ubuntologist: nice :-)
<ruben23> hi
#ubuntu-server 2010-04-18
<bluethundr_> I am trying to setup a postffix-mysql-courier mail server in an AWS cloud using a RightScale Ubuntu Server 9.10 image ..however it looks like I don't have the apt sources to install the SASL auth modules
<bluethundr_> http://pastebin.com/HJ6V71Jq
<ScottK> You do have the right sources.list.
<ScottK> I'd apt-get update and try again.
 * bluethundr_ is on it
<bluethundr_> that did it... thanks
<SamuelPeterson> I currently have apache installed on ubuntu and I can not access the server remotely, only from computers connected to my router... I have no idea where to begin with trouble shooting this. I have read a lot about ufw and tried a lot of things, and even disabled it to see if it was the problem... but it's not.
<gbear14275> hello, I'm trying to setup an ubuntu server as a virtual host and have 2 network connections...  I have connected ethernet cables to both ports but one doesn't seem to be working.  I was hoping someone might be able to point me to a howto which can show me how to setup a server with two nics.  Any help would be appreciated.  Thank you
<bluethundr_> I am trying to map several directories (/tmp, /var, /var/logs) to an S3 bucket on EC2. I tried a dry run by setting up the partitions as /dev/sdb1, /dev/sdb2 and /dev/sdb3 and labelling them with e2label. I am giving them interim names with '2' at the end (e.g. /tmp2) so that I can move the contents of those folders to the right place on the S3 bucket. I created a dry run with /tmp2 in my /etc/fstab (which I backe
<bluethundr_> d up) but the device will not mouint. Any clues how best to proceed? http://pastebin.ca/1865735
<resno> im looking for a way to get a cheap home phone, whats the best route? asterisk, with sip or voip?
<Lunks> Hi, I'm trying to install OpenLDAP on my Ubuntu as a LDAP server. I'm not sure about the slapd.d directory structure. Is it fine if I just create directories inside it with names I want or does it follow LDAP structure?
<Lunks> Hi, I'm trying to install OpenLDAP on my Ubuntu as a LDAP server. I'm not sure about the slapd.d directory structure. Is it fine if I just create directories inside it with names I want or does it follow LDAP structure?
<ScottK> !weekend | Lunks
<ubottu> Lunks: It's a weekend. Often on weekends the paid developers and a lot of the community may not be around to answer your question. Please be patient, wait longer than you normally would or try again during the working week.
<Lunks> ScottK: I'm being patient. It's been a while since I asked and a few people have joined the chat room.
<ScottK> Lunks: Did you look in the Ubuntu Server Guide.  I know it has some openldap stuff.
<Lunks> ScottK: Could you hand me a link? I've found it, but it just had 2 chapters.
<ScottK> Lunks: What Ubuntu version are you running?
<Lunks> 9.10
<Lunks> I'm trying to use EBox, Ldap, ldapscripts, anything... but without success so far.
<ScottK> https://help.ubuntu.com/9.10/serverguide/C/network-authentication.html
<ScottK> In particular https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html#openldap-configuration
<ScottK> Seem like they are relevant
<Lunks> ScottK: thanks a lot!
<ScottK> You're welcome.
<Lunks> ScottK: so far ebox has been great on me, just checkboxes changing config files I've been struggling with. Hopefully it's the kind of changes I want, not the ones which will make me reinstall. :)
<Lunks> I'll be sure to check the links you provided as well, of course.
<ZeeshanQ> Hey, does anythone it is possible to bind 2 servers to port 80, on different subdomains
<ZeeshanQ> on same ip
<whalesalad> hey guys... know of anything out there that will sort of.. automatically mitigate a DoS? Something that will create iptables ip blocks on the fly when a host hits you too many times
<mrp> im having trouble enabling ufw via ssh without killing my connection
<RoyK> mrp: which distro?
<RoyK> i mean version
<RoyK> I've done it on 8.04 without problems - the connections that were active remained open, while new connections weren't allowed
<mrp> hrmm its a vps
<mrp> 9.10
<RoyK> do you have access to the system now?
<RoyK> http://pastebin.com/RR0HQkC1
<mrp> i did a rebuild
<mrp> now im upgrading to 10.04 :)
<mrp> seeing as that is the next LTS
<RoyK> yeah
<RoyK> I have a couple of machines with 10.04 beta myself
<mrp> vps is not critical
<mrp> :_
<mrp> just play around
<RoyK> but I think I'll wait a few months before moving the 8.04 boxes over to 10.04
<mrp> RoyK: yup
 * RoyK is on a fscked up slow cell phone network and is counting down to the 6Mbps DSL installation - 22 hours left
<mrp> bugger that
<mrp> where can i read up on this ubuntu cloud stuffs?
<RoyK> just google uec
<RoyK> wtf - ubuntu supports arm??
<lifeless> RoyK: very much so
<lifeless> RoyK: its a supported arch
<lil_cain> That said, ubuntu used to support Sun_4v, and we got pretty badly burned by that. I certainly wouldn't rely on Ubuntu's ARM support.
<RoyK> seems there's only a netbook release for arm
<RoyK> I thought of using it on a Moxa box
<ScottK> lil_cain: If you look at the current Canonical job postings, it's clear that Canonical is planning a major investment in arm.
<TannerF> what does E: Sub-process /usr/bin/dpkg returned an error code (1) mean and how do i fix it?
<arrrghhh> when i try to install sun-java6-jdk it fails says there's no candidate version... how do i install jdk?
<uvirtbot> New bug: #566069 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.4 failed to install/upgrade: le sous-processus post-installation script a retournÃ© une erreur de sortie d'Ã©tat 1 : I want to install adobe flash player for browsing (with firefox) but it is not working using 3 different ways." [Undecided,New] https://launchpad.net/bugs/566069
<RoyK^> lol
<persia> arrrghhh: Try openjdk-6-jdk (although 90% of the time you want openjdk-6-jre-headless on your server)
<Sp3c1alK> Will ubuntu server also be upgraded to 10.04 along with the desktop version?
<jpds> Sp3c1alK: Yes.
<blue-frog> question not related to the server but could serve as well. where are the report generated by apport when a bug occurs?
<ScottK> blue-frog: /var/crash
<blue-frog> yeah thx just found it
<Nafallo> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<RoyK^> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<slipper1024> is anybody watching here?
<binBASH> sure
<Myx0x3> can anybody help me setup network bonding? i followed a guide before, but i had to reinstall ubuntu couse i could not get it to work after
<Myx0x3> i followd this one https://help.ubuntu.com/community/UbuntuBonding
<slipper1024> upgraded from ubuntu server 6.06 to 8.04 running a live ispconfig install
<slipper1024> everything working fine except smtp auth
<slipper1024> testsaslauthd    authenticates succesfully
<slipper1024> but no matter what i try smtp does not
<slipper1024> anybody that can help
<slipper1024> ?
<slipper1024> postfix is the smtp server
<slipper1024> cyrus sasl
<ScottK> slipper1024: Are you using cyrus sasl or sasl2?
<ScottK> Dapper had both and Hardy only supports sasl2
<ScottK> It's been years since I was required to care about the details, but there are some changes needed to migrate to cyrus sasl2
<slipper1024>    libsasl2-modules
<slipper1024> i   libsasl2                                    - Cyrus SASL - authentication abstraction library (tran
<slipper1024> i   libsasl2-2
<slipper1024> installed
<ScottK> IIRC Ubuntu Server Guide has good instructions for SMTP Auth setup on Ubuntu.
<ScottK> I don't recall if for Hardy they used Cyrus or Dovecot.
<lil_cain> I'd use dovecot anyway.
<lil_cain> oh, smtp auth, not IMAP
<ScottK> For SMTAP Auth, dovecot is generally easier to set up, but once you have one working, there's no great reason to prefer one over the other.
<lil_cain> for IMAP, I found cyrus to be far faster than dovecot.
<lil_cain> sorry, other way around.
<slipper1024> ok, do i have to replace my current courier imap setup with dovecot to use dovecot sasl
<slipper1024> ?
<ScottK> No
<slipper1024> any dovecot packages need to be installed
<slipper1024> ?
<slipper1024> dovecot.conf file created
<slipper1024> in /etc/
<slipper1024> and settings added to main.cf
<slipper1024> but still hashed out
<ScottK> Look in the server guide.  See help.ubuntu.com
<slipper1024> looked at guides they do not mention anything to be installed
<slipper1024> but it could be that they assume using dovecot mail
<slipper1024> dovecot-common?
 * ScottK doesn't recall.  Sorry.
<ScottK> slipper1024: Yes.  https://help.ubuntu.com/8.04/serverguide/C/postfix.html#postfix-sasl
<slipper1024> thanks man
<slipper1024> this is looking good
<slipper1024> hope it works
<slipper1024> fatal: no SASL authentication mechanisms
<slipper1024> Apr 18 22:59:09 itdirect postfix/smtpd[3226]: warning: SASL: Connect to private/auth-client failed: Permission denied
<slipper1024> warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
<slipper1024> after applying dovecot sasl
<slipper1024> you guys must think i cant readd a manual
<slipper1024> didn't add the user / group def
<orudie> greetings
<orudie> how can I go about intsalling mysql, and apache2 on ubuntu server 9.10 ?
<binBASH> orudie: try apt-get install httpd
<binBASH> it will list you available webservers types
<cloakable> apt-get install mysql-server apache2
<cloakable> orudie: sudo apt-get install mysql-server apache2
<slipper1024> ScottK: You are the best man
<slipper1024> where can i send you're bottle of brandy to?
<orudie> cloakable, got it thanx
<ScottK> Thanks.
<cloakable> orudie: no problem
<ScottK> slipper1024: Just hang around and help someone else.  It all has to get paid forward.
<orudie> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<slipper1024> i am still looking for a linux administrator to join me at the company i work in stellenbosh
<slipper1024> anybody interested
<slipper1024> +/-20k
<binBASH> :-)
<slipper1024> will it be safe to disable saslauthd completely now after implimenting dovecot, or does something else depend on it?
<ScottK> Not unless you set something else up to use it.
<slipper1024> binBASH: you want first dibs?
<binBASH> slipper1024: Thanks I have a good job already.
<binBASH> Working in Zurich ...
<bogeyd6> slipper1024, you pay to relocate and sponsor a visa?
<slipper1024> you got me, forgot on what channel i was
<binBASH> :p
<Sp3c1alK_> I just installed ubuntu server 9.10, configured everything how I want it and now upon restart I'm getting "could not access PID file for nmbd" and "connectors have no modes"
<Sp3c1alK_> Now I can't do anything. Even in recorey mode.
<Sp3c1alK_> When someone says "remove quiet and splash from the grub boot entry" that means editing the entry by pressing 'e' right?
<ChmEarl> Sp3c1alK, yes, but when you re-enter the OS edit grub.cfg and locate default kernel options in comments
<ChmEarl> Sp3c1alK, with those errors might go into tasksel and remove samba/windows server
<Sp3c1alK> It didn't work, I still can't get into the OS
<Sp3c1alK> it's freezing on an error and wont budge
<Jeeves_Moss> how can I setup software RAID sice for some messed up reason, Linux won't see the sis RAID controller on-board
<persia> Jeeves_Moss: Can you see the underlying drives?
<persia> If you can, the following (old, but likely still relevant) page may help: https://wiki.ubuntu.com/Raid
<persia> If you can't, then you have one of those nifty-cool high-performance HW raid controllers, and you need to go find a driver.
<Jeeves_Moss> persia, thanks.  do you know if there is a way to get the OS to see the motherboard RAID controller?  I can see it (as the RAID drive) in XP
<hey_you> hi, I need help, i can't connect to my SSH on ubuntu. any help ?
<persia> Jeeves_Moss: Do you see the underlying drives?
<masu3701> i just installed samba on my  fileserver but when i boot to windows and try to connect to the server no user name and passwork is required to acess it...how can i secure it with a pass word?
<Sp3c1alK_> Check out: https://help.ubuntu.com/community/SettingUpSamba
#ubuntu-server 2011-04-11
<jeeves_moss> how do I setup a rule to move all e-mail marked with "**SPAM**" to the user's junk box?
<twb> jeeves_moss: in what?  procmail?
<jeeves_moss> dovecot
<jeeves_moss> brb
<twb> jeeves_moss: so, you want to do this for existing mail, or every time new mail comes in?
<greppy> jeeves_moss: look into sieve for dovecot.
<twb> greppy: hmm, could sieves replace my users' use of procmail?
<greppy> if using dovecot, yes.
<twb> Cool
<greppy> there's even squirrelmail and roundcube plugins to talk to sieve, so they can manage thier filters that way.
<twb> Actually I hope to roll out prayer instead, simply because it's not PHP
<jeeves_moss> twb, yes, existing (since once account has ~8K e-mails in it) and all existing
<twb> jeeves_moss: OK, then you can just do that easily with mutt or python imaplib
<jeeves_moss> ??
<twb> In mutt for example, mutt -f imaps://user@imap.example.net
<twb> Then T ~s**SPAM** to tag stuff with spam in the subject line
<twb> Then ; C =/Spam RET to copy into the spam folder (and mark the local version for expunging)
<twb> Then $ or q to expunge the spam from the local folder.
<jeeves_moss> kk, thanks
<twb> That won't be as efficient as writing a little 10-line python script
<patdk-lap> or if it's in maildir format, even easier
<patdk-lap> using dovecot 2.x, just use doveadm :)
<twb> I don't think dovecot 2 is recommended yet
<patdk-lap> I'm sure every single feature in it isn't 100% yet
<patdk-lap> but I haven't had any issues with mailbox or mdbox imap/sieve/lmtp usage with it
<osmosis> i want the kernel to cache less and to just leave the unused ram free.  I set swappiness to 10 (from the default of 60) and now it is making even more cache.  uhh...why?  isnt  a low swapiness value suppose  to avoid swapping processes out of physical memory?
<ScottK> My advice is don't try to be smarter than the kernel.
<qman__> there is no benefit to having RAM free instead of caching
<qman__> as cache is automatically purged when RAM is needed
<qman__> and that has nothing to do with swap, either
<MTecknology> this is a bit frustrating....
<MTecknology> i have a file named 't' with a really long list and I use whiptail --textbox "t" 40 80 but there's no ability to scroll the file
<MTecknology> just the first 40 lines and the rest is cut off
<kaushal> hi
<kimmy> Any body know how to set up freeradius for authenticating mac addresses? plz help
<kaushal> The server recognizes only 3Gigs out of 4 Gigs of RAM
<kaushal> http://paste.ubuntu.com/592471/
<kaushal> Its a 64 Bit machine
<twb> kaushal: did you install ubuntu amd64?
<kaushal> twb: yes
<twb> kaushal: ddr2 or ddr3?
<kaushal> x86_64
<kaushal> twb: ddr1
<kimmy> Any body know how to set up freeradius for authenticating mac addresses? plz help
<twb> kaushal: I really doubt it's ddr1
<twb> http://en.wikipedia.org/wiki/DDR_SDRAM
<twb> DDR1 was pre-pentium iirc
<kimmy> Any body know how to set up freeradius for authenticating mac addresses? plz help
<kimmy> how to set mysql database for doing mac auth for freeradius?
<twb> kimmy: be patient.  Repeating yourself will not help.
<kaushal> ok
<kaushal> twb: so is there a limitation ?
<kaushal> I have seen it in BIOS
<kaushal> so for setting up a gateway server, 3 Gigs would suffice ?
<twb> kaushal: IIRC you have to populate DDR3 in triplets, not pairs
<twb> kaushal: so if you have four sticks in there, that's why only three work
<kaushal> ok
<_ruben> the mainboard determines the use of dual/triple channel, not the dimms themselves
<_ruben> 3g should be plenty for most gateways, kinda depends on what you'll be running on it obviously
<kaushal> _ruben: ok
<kaushal> _ruben: still not fully understood
<kaushal> apologies for asking
<twb> I take "gateway" to mean "it's a router", i.e. 16MB is plenty
<kaushal> On the BIOS it shows DDR1
<twb> But I expect he meant something else
<kaushal> twb: shall i pastebin the dmidecode output ?
<twb> kaushal: didn't you already do that?
<kaushal> twb: it was just for memory only
<kaushal> http://paste.ubuntu.com/592486/
<kaushal> _ruben: you around ?
<_ruben> twb: 16megs wouldn't suffice for a full ipv4 feed ;)
<twb> "feed"?
<twb> Last time I looked it was packet-switched
<_ruben> +table
<twb> Are you talking about that travesty known as NAT?
<_ruben> no, about having 300k routes in your routing table
<twb> Maybe if he's the backbone
<twb> I doubt it
<twb> ssh alpha.cyber.com.au ip route | wc -l ==> 15
<_ruben> i run edge sites but do have full routing tables at several of 'em .. so "the backbone" is a flexible thing ;)
<_ruben> either way, i doubt this is the case for kaushal
<kaushal> ok
<kaushal> I have 4 slots and chip of DDR1 400 Mhz
<kaushal> still trying to understand
<_ruben> you really sure its 64bits kernel? did you grant an insane ammount of memory to the (onboard) gfx card? etc..
<jussi> how does one upgrade ubuntu server from lucid to natty (or maverick)?
<kaushal> _ruben: http://paste.ubuntu.com/592497/
<kaushal> http://paste.ubuntu.com/592499/
<_ruben> jussi: edit /etc/update-manager/release-upgrades, then use do-release-upgrade to perform the actual upgrades
<ScottK> jussi: sudo do-release-upgrade
<ScottK> You will need to edit it as _ruben said to go to a non-lts.
<_ruben> kaushal: looks sane
<kaushal> ok
<jussi> _ruben: ScottKthanks
<kaushal> _ruben: so ?
<jussi> also, is there an appropriate tool that is equivalent to webmin for ubuntu?
<_ruben> kaushal: what does 'free -m' show?
<ScottK> jussi: vim
<_ruben> ebox
<jussi> ScottK: hah!
<jussi> ebox is rather strange though. :/
<kaushal> http://paste.ubuntu.com/592502/
<_ruben> kaushal: how about 'dmesg' ?
<kaushal> sure
<kaushal> please give me a moment
<kaushal> http://paste.ubuntu.com/592504/
<_ruben> my guess is that your motherboard somehow masks the area between 3G and 4G .. which isn't that uncommon for older hardware
<twb> I thought only Windows did that
<kaushal> ok
<kaushal> _ruben: so i have to settle it for 3G ?
<kaushal> anyways
<kaushal> thanks
<kaushal> 3Gigs should be sufficient
<kaushal> _ruben: any wiki to setup gateway or router
<_ruben> sudo sysctl -w net.ipv4.ip_forward=1
<_ruben> done
<kaushal> I mean some document or wiki
<koolhead11> _ruben, that turns your machine into router isn`t it?
<_ruben> koolhead11: indeed
<_ruben> kaushal: google probably has a huge list of those, it all depends on what you want exactly, it's not like you're giving out a lot of info here
<kaushal> sure
<kaushal> Thanks
<kaushal> much appreciated
<jussi> I can ask also in the mozilla channel, however, does anyone know how to get bugzilla to send via gmail?
<twb> Uh, surely bugzilla is like any other well-behaved unix service, and sends via /usr/sbin/sendmail?
<twb> IOW: configure your damn MTA
<jussi> twb: it can, yes. However, it also can use a smtp service - and Id like it to do so. the issue is with the tls authentication mail uses.
<twb> Sanity check please: for a headless VM server, do I need virt-*manager* installed, or do I only need to install that on the desktop side?
<twb> jussi: IME that is more hassle than it's worth
<_ruben> jussi: you want to go through your local mta, just in case the remote smtp service isn't available for whatever reason, your local mta would queue the mail, unless that one's down as well
<twb> Good point
<twb> To answer myself: no, you only need libvirtd-bin on the server side
<soren> twb: Indeed. libvirtd and an ssh server, and you're all set.
<twb> Except that virt-manager disconnects from my pty, so it fails to ask for my password
<soren> You're not using keys?
<twb> (It's *stupid* to assume that just because I'm using X, I have a full desktop.)
<twb> soren: it worked once I ran "ssh-add" on the remote server on which virt-manager was installed.
<soren> It should be using ssh-askpass, too.
<twb> ssh-askpass is GUI, right?
<twb> There's no SSH equivalent of pinentry-curses
<soren> You have virt-manager running on a remote server? Uh.. Why?
<twb> soren: because I do not want to pollute my personal laptop with such frippery
<soren> Sorry, I'm missing something. If you can run virt-manager, why can't you run ssh-askpass?
<twb> soren: because it isn't installde
<soren> Ah.
<twb> It's not installed because virt-manager is installed on a VM, not on a full-blown GNOME desktop
<soren> That seems a bit silly.
<twb> And I'm using xinit /usr/bin/ssh -X twb-scratch virt-manager
<twb> soren: it's a VM on a different VM system
<twb> soren: I *would* have installed it directly on the user's system who will be using virt-manager, but that's Fedora Core 7 and I don't think that will be easy
<soren> No, nothing is easy in that context, I imagine.
<twb> But that doesn't detract from my assertion that it's *wrong* for virt-manager to assume it's installed on a full-blown desktop with ssh-askpass
<soren> I think it's reasonable to assume what is true in 99% of the cases, and consider corner cases like yours corner cases, and hence sort out the general case first and leave the rest as wishlist items.
<twb> Bah
<twb> Aaaaaanyway, where can I find instructions on migrating vmware-server 1.x VMs to libvirt/kvm?  I asked #virt on OFTC but they're asleep.  I know how to use qemu-img for migrating to plain kvm, but not how to write the XML file for libvirt
<soren> virt-goodies (and Ubuntu package) has a script that converts vmx files to libvirt xml.
<soren> courtesy of jdstrand (*hugs*)
 * twb looks
<twb> It recommends munin-node?  How odd.
<soren> That's a point of view.
<twb> Ah, because it provides munin monitoring bits
<soren> Right.
<twb> Which is fair enough
<twb> Looks like virtd also doesn't like me naming my ifaces meaningfully
<twb> 1 theta libvirtd: 18:56:42.547: error : udevStrToLong_ui:73 : Failed to convert '009' to unsigned int#012
<twb> soren: OK, vmware2libvirt is sensible.  But what's the standard locations for the disk images and the XML files?
<twb> soren: also, can I use an LV instead of a disk-image-on-a-file ?
<soren> twb: LV's are fine, yes.
<soren> twb: The only somewhat-standard location is /var/lib/libvirt/something-that-I-don't-remember
<soren> ...but I don't think anyone really uses it.
<twb> OK
<twb> I guess I dig out the virt docs and work out how to change <disk type='file' device='disk'> for LV
<soren> ...since we, in Ubuntu, generally don't run as root, and thus can't easily create disk images there.
<soren> Don't change anything (other than the path).
<twb> Huh, OK
<twb> Also, <on_poweroff>destroy</on_poweroff> is a bit worrying
<soren> destroy isn't as destructive as it sounds.
<twb> http://libvirt.org/formatdomain.html suggests it's OK
<soren> It just means "shut down", really.
<soren> Yeah.
<twb> Yay for making up new terminology that fights old terms :-/
<soren> Heritage from Xen.
<twb> Ah
<twb> That'd be why they're referring to "domains"
<soren> Hence the talk of "domains" rather than e.g. "virtual machines".
<soren> Right.
<twb> I didn't connect because they didn't just say "dom" :P
<soren> You're not alone :)
<twb> But hang on, if there's no standard location for the XML files, how does libvirtd find them when it boots?
<twb> Oh, I see, virsh is expected to do that part
<soren> twb: Oh, for the xml files? Sorry, I thought we talked about disk iamges.
<soren> twb: You "define" your xml files. That imports them into libvirt.
<soren> twb: They land in /etc, but don't touch them. If you want to edit them, use "virsh edit" or "virsh dumpxml" followed by "virsh define".
<twb> soren: sorry I meant both
<soren> twb: You did say so, I just missed it.
<twb> I shouldn't edit them why?  Because virtd will overwrite my changes when it exists?  or just so that "virsh edit" does proper locking?
<soren> twb: Those are two of the reasons.
<twb> okey dokey
<soren> twb: libvirt expects to own those files. If you edit them, libvirt might overwrite the changes, and will certainly not read your changes at runtime. virsh dumpxml and define are the correct interfaces to edit the files. virsh edit is a clever wrapper for those two.
<twb> Grmph
<twb> I do not like systems that try to be clever
<twb> Although I suppose then I shouldn't be runing virtd at all, just doing it by hand
<soren> The idea is fine, the problem is just that the files end up in /etc (and look like they're supposed to be edited).
<twb> Yeah, putting them in /var/lib would fix that
<soren> Being in /etc make them managed by etckeeper, though, which is rather handy.
<twb> Nod
<twb> I am a biiiiiiig fan of etckeeper
<soren> Anything that makes up for my lack of memory is a big win, so me too.
<twb> (Not so much ubuntu changing the default backend to bzr, but whatever.)
 * soren <3 bzr
<twb> I will concede that bzr is probably tolerable if you have a lp login, you tell bzr about it, and you store everything inside lp
<twb> The #bzr people basically told me that if you don't, you don't get the bzr smart server (over SSH), which is why my performance sucked so hard.
<twb> That and it requires around 750MB of RAM to bzr branch Emacs' repo :-/
<twb> Should I be worried if hardy's "qemu-img info foo.vmdk" doesn't realize the vmdk is split into a shitload of -s0001.vmdk bits?
<twb> I thinks foo.vmdk is a 4kB raw file
<soren> You could help it along a bit and tell it that it's a vmdk.
<twb> Oh you're kidding
<twb> my non-root user has read access to *some* of the -sNNN files
<twb> Unless those -NNNNNN-MMM files are snapshots or something?  My brain hurts.
<twb> http://paste.debian.net/113661/
<twb> Oh, apparently those are a second HDD
<twb> Aaaand the first disk isn't used anymore.
<twb> OK, WTF.  As root I can run "file" on all of the vmdk files, but "qemu-img -f vmdk foo.vmdk" is complaining that it can't read them
<twb> http://paste.debian.net/113662/
<patdk-lap> twb, those look like the 2gig max, split vmdk format
<twb> patdk-lap: they are
<twb> patdk-lap: I want to convert them to raw format so I can put them on LVs
<patdk-lap> why use qemu to do it?
<twb> patdk-lap: what else is there?
<patdk-lap> why not just use vmware to convert it
<twb> Because I will not touch vmware unless I absolutely have to
<twb> Call that "plan B" if you wil
<patdk-lap> heh, I never use split mode
<twb> I'm migrating from legacy crap that I didn't set up
<soren> strace?
<twb> soren: I tried that but I couldn't see what was wrong.
<soren> twb: Can you share it?
<twb> soren: now I'm trying to just copy the full directory and then try on the copy, in case it's getting confused about something.  (I'm not allowed to just chown and chmod)
<twb> soren: share the VM?
<soren> twb: The strace output.
<twb> Oh sure, one moment
<twb> open("fish (DO NOT USE).vmdk", O_RDWR|O_CLOEXEC) = -1 EACCES (Permission denied)
<twb> WTF, qemu-img
<twb> http://paste.debian.net/113664/
<soren> Not sure why it wants RDWR.
<twb> It's even doing it in the full cp -r I made
<twb> Maybe it doesn't understand space and aprens and shit
<soren> I have a hard time imagining a bug where space and parens would case it to change the mode with which it attempts to open a file :)
<twb> Changing it to fish.vmdk (including the slice names in the index text file) didn't help
<soren> You do have write access to the ones in the copy, don't you?
<twb> Yes.
<twb> I'm root, and I just chown root: and chmod 755 for good measure
<soren> Can you run it with strace again, please?
<twb> qemu-img *can* read the individual slices, and correctly identifies them as sparse vmdk 2G images
<twb> soren: sure
<twb> http://paste.debian.net/113665/
<soren> Ah.
<soren> Different problem, I guess.
<soren> Can you share fish.vmd?
<soren> vmdk, even.
<twb> Just the index file, you mean?
<soren> Yes.
<twb> http://paste.debian.net/113668/
<soren> Oh, you /did/ change that, too :)
<twb> Now I'm just trying this: qemu-img convert -f vmdk -O raw fish-s*.vmdk /mnt/scratch/fish.img
<twb> It seemed to work, dunno what it created though
<soren> *chuckle*
<soren> frankendisk.
<twb> Blood users
<twb> *blooody
<twb> You know, the only reason I'm doing this is because we need Windows to talk to the Australia Tax Office -- who are windows out the wazoo
<twb> Hmm, stupid question -- does libvirt need raw format just because it's LV?
<twb> Probably using qcow2 format on top of LV would be better...
<soren> twb: No, that won't work.
<soren> and why would that be better?
<soren> (ignoring the fact that it won't work)
<twb> Because you can't have sparse LVs
<twb> So I would have to allocate a couple hundred GB up front
<soren> Yes...
<twb> I would just prefer not to, that's all
<soren> How do you expect they would grow if they held a qcow2 inside?
<twb> soren: it explodes if it tries to grow  too big
<soren> twb: And that's your desired outcome?
<twb> Sure
 * twb is not thinking too clearly at this point
<twb> FWIW, qemu-img convert on the slices got enough for "chmod 400 fish-1.img; kvm -hda fish-1.img -vnc :0" to get as far as a window koops screen, so it seems to have worked at least partially.
<soren> You don't have to convert to raw first. qemu-img can convert directly onto a raw device.
<soren> like an lv.
<twb> soren: like "qemu-convert -f vmdk -O raw fish-s*.vmdk /dev/theta/fish" ?
<soren> There's a "host_device" "format".
<soren> Or something to that effect.
<twb> Hum
<soren> it's the same thing, really.
<twb> OK
<twb> Ahaha
<twb> http://paste.debian.net/113672/
<twb> Apparently default units for LVM is the pitibyte
<twb> Er, pibibyte
<twb> pebibyte?  Whatever.
<_ruben> no, apparantly its default is 1/millionth of a PiB
<twb> Oops, yeah
<_ruben> billionth
 * soren always goas "-L 40G" or whatever.
<soren> s/goas/goes/
<twb> I would if it was a new disk
<maswan> twb: "Default unit is megabytes" as per docummentation. And I always use explicit units too.
<soren> twb: Whyh?
<_ruben> conversion of existing disks, not that odd to specify the new location's size in bytes
<soren> Oh.
<soren> Right, right. Got it.
<soren> Good point.
 * twb switches back from "panic" to "grumbling"
<_ruben> heh
<TeTeT> jamespage1: hi there, been toying around with Jenkins - pretty nice. However, I stumble over installing the 'violations' plugin on testing from the PPA. The Web UI tells me it is installed, but I don't see it listed in the plugins nor is there anywhere the violations checkbox for any project
<zul> morning
<TeTeT> jamespage1: I wrote a minimal python script and stored it in lp and used Jenkins to test it, works really nicely
<TeTeT> hi zul, any updated on nova / lxc? E.g. should I test again?
<zul> TeTeT: sure if you want
<TeTeT> zul: ok, I'll update and let you know if it works today :)
<jamespage1> TeTeT: hey - glad its working for you - I'll take a look at the violations plugin and see
<zul> TeTeT: cool
<jamespage1> TeTeT: OK - I think that you will need to install the Maven Project plugin; looks like its a dependency
<jamespage1> TeTeT: /var/log/jenkins/jenkins.log should be complaining on startup
<TeTeT> jamespage1: thanks, I'll give it a try. Didn't know about the jenkins log file!
<jamespage1> TeTeT:  so you have hit one difference between the Ubuntu packaging and upstream; I was not able to include the maven-plugin by default as its not buildable from source  - no Maven3 in archive
<Daviey> hallyn, Hey... is bug 742770, just needing uploading?
<uvirtbot> Launchpad bug 742770 in lxc "Erorr in syntax in ubuntu templates" [High,In progress] https://launchpad.net/bugs/742770
<hallyn> Daviey: that is fixed.  Doesn't lp automatically update status of any bug listed in changelog when package is pushed to archive?
<ScottK> SpamapS: Your drizzle package seems to build better than the one Monty uploaded to Debian.  If you were perhaps interested in preparing an NMU, I'd sponsor it.
<hallyn> Daviey: or does the person pushing have to do that by hand?
<hallyn> of course it wasn't the latest anyway.
<hallyn> I"ll change the bug status :)
<Daviey> hallyn, hmm.. i guess there was an issue with syntax
<soren> hallyn: That's generally the case, yes. Sort of.
<hallyn> well the upload did fix 4 bugs at once
<soren> hallyn: dpkg-gencontrol parses the changelog entry (or entries), and adds a x-launchpad-bugs-fixed field to the _source.changes files.
<soren> s/files/file/
<soren> This gets read by Launchpad, which then goes to close the bugs (if the bug has a bug task for the given source package).
<hallyn> hm, actually the changelog is a bit messed up - it has two duplicate entries (with sequential version #s)
<soren> So Launchpad doesn't per se read the changelog entries.
<Daviey> hallyn, what upload version was it?
<hallyn> right now it is at 0.7.4-0ubuntu6
<hallyn> zul: so something went wrong with the lxc changelog.  It's different int he package from in my source tree.  See the entries for versions 0.7.4-0ubuntu3  and 0.7.4-0ubuntu2
<soren> hallyn: It looks like ubuntu2 and ubuntu3 were never uploaded.
<zul> hallyn: ok ill have a look
<soren> hallyn: Judging by https://launchpad.net/ubuntu/+source/lxc/+publishinghistory
<soren> dpkg-gencontrol by default only parses the top-most changelog entry.
<hallyn> soren: ok, that explains that then, thanks :)
<soren> It doesn't ask launchpad (or anything else) what the most recent version is, so you're supposed to pass -v<most recently uploaded version> to dpkg-buildpackage to make sure it includes older entries.
<soren> hallyn: sure thing.
<hallyn> soren: oh, so when you do that it would change the bug status for all changed entries?
<hallyn> zul: I'm comparing to http://bazaar.launchpad.net/~serge-hallyn/ubuntu/natty/lxc/lxc-fix-3bugs/view/head:/debian/changelog
<soren> hallyn: Yes.
<zul> hallyn: grr....sorry about this ill fix it today
<hallyn> zul: oh, i see there are actually 2 entries for ubuntu2  :)  so no information actually lost, no big deal :)
<hallyn> thanks
<RoAkSoAx> morning all
<Daviey> smoser, Are you able to confirm bug 712026 easily?
<uvirtbot> Launchpad bug 712026 in udev "cloud-init.conf never runs, instance not reachable via ssh" [High,Confirmed] https://launchpad.net/bugs/712026
<smoser> it would be impossible to completely confirm
<smoser> it happend ~ 4% of the time
<Daviey> hallyn / zul: Is the debootstrap entry on bug 740167 invalid?
<uvirtbot> Launchpad bug 740167 in lxc "LXC natty guest failing to configure properly" [Undecided,Fix released] https://launchpad.net/bugs/740167
<Daviey> smoser, Ah, so perhaps jamespage should see it in jenkins for b2?
<zul> i think so it got worked around
<smoser> well, we should see lack of it.
<smoser> Daviey, i would suggest we should try running a bunch of instances to try to catch it.
<jamespage> smoser, Daviey: do you want me to try running a subset of the tests to reproduce?
<Daviey> smoser, Is euca enough, or do you think it's limited to aws?
<jamespage> multi-instance might be a good one :-)
<hallyn> Daviey: i blievei t should be valid, and i believe it is still a real bug in debootstrap
<Daviey> jamespage, I'll defer to smoser's recommendation :)
<smoser> i have never seen it on euca. its timing. so its either more likely, less likely, or as likely on eucalyptus
<Daviey> smoser, "There are known unknowns that we know we don't know"
<smoser> jamespage and i only ever saw it occur on i386.  so i would suggest that we launch 20 instances in each of 5 regions of i386 m1.small and attempt to connect and  collect logs.
<smoser> that would seem like a reasonable effort
<jamespage> Right-oh
<smoser> however, we might not have -server images with that kernel at the moment.
<jamespage> I'll hold off for the moment - I'll need to just check on the setup anyway
<smoser> Daviey, i'm pretty sure, that ther eis no updated kernel published yet
<smoser> right ?
<jamespage> smoser - will that blow my account limits? 20 in each region....
<smoser> it might. i dont know.
<smoser> i can run them if you'd like
<smoser> i dont recall if the default is 10 or 20
<smoser> they are per-region, though
<Daviey> smoser, not sure
<ttx> hey guys, testing Natty current uec-image / LXC / Nova, have a few issues I discussed with zul already
<ttx> The container starts, but there is a sleep 60 somewhere and I can't ping it until 70 seconds after start
<ttx> then there are quite a few missing files affecting operation...
<zul> also the ssh seems to be stopping for some reason
<ttx> /etc/default/locale, /etc/ssh/ssh_host_{dsa,rsa}_key[.pub]
<ttx> ~ubuntu/.ssh/authorized_keys
<ttx> trying to make sure it's an image issue, not somethign we need to fix on our side
<ttx> let me know if that rings a bell.
<smoser> ttx, zul i think you're confused.
<smoser> zul told me on friday that they worked perfectly ;-)
<zul> smoser: wth kvm
<zul> smoser: this is with lxc now...not so much
<smoser> i suspect the sleep 60 is form cloud-init
<smoser> that its waiting for a nework device to come up
<zul> hallyn/smoser: im getting something weird in my log files ill pastebin it in a sec
<zul> smoser/hallyn: http://pastebin.ubuntu.com/592646/
<smoser> i would qualify that as a little more than "weird"
<smoser> you said you had tested this, right zul ?
<zul> smoser: i did test it...not with lxc recently though
<smoser> ttx, zul, there is, explicitly a 60 second timeout in /etc/init/cloud-init-nonet.conf
<smoser> well, even 70 seconds (10 + 60)
<smoser> so i suspect that is not functioning well with lxc.
<ttx> smoser: i could live with the 70second-timeout... if I could ssh in afterwards
<ttx> but due to the missing files I can't
<smoser> well, you probably have messages lke "gave up waiting for a network device."
<smoser> in your ocnsole logs
<jMCg> Hey folks, I'm having trouble booting a KVM (both host and guest are Ubuntu 10.10) http://dpaste.com/530912/ -- the vm just hangs there..
<ttx> smoser: no... http://paste.ubuntu.com/592627/
<hallyn> zul: what am i looking at?
<ttx> smoser: I have network up after 70 seconds.
<ttx> I can ping, but ssh fails because of missing /etc/default/locale, /etc/ssh/ssh_host_{dsa,rsa}_key[.pub]
<hallyn> zul: what's weird about it?
<zul> hallyn: the mknod failing
<hallyn> zul: libvirt-lxc only creates the 1 tty, so tty2-4 won't exist.
<zul> hallyn: ok
<hallyn> which mknod is worrying you?
<zul> hallyn: gimme a sec im on a call now
<hallyn> me too
<hallyn> kirkland: Daviey: re bug 700511, I'm about to try just syncing debian's vgabios verbatim.  They have a new version now which does the vmware+qxl bioses, so I think its the way to go.
<uvirtbot> Launchpad bug 700511 in vgabios "[Regression] Widescreen resolutions are missing from vgabios, breaking widescreen in qemu" [High,In progress] https://launchpad.net/bugs/700511
<hallyn> any complaints?
<kirkland> hallyn: hrm, i always check with aliguori privately on vgabios syncs/merges, he knows which ones are good and bad, usually
<kirkland> hallyn: but along those lines...
<kirkland> hallyn: i'd think that vgabios would be one thing that we could have a checklist of things we need to verify before uploading
<kirkland> hallyn: ie, a matrix of vga modes, resolutions, and OSes
<hallyn> kirkland: sure, that makes sense.  but at the same time compared to other things that seems very low priority.
<kirkland> hallyn: extremely low, yes, sorry, I didn't mean "let's do that now" :-)
<hallyn> which is really why I'd be very happy to be back at a zero-delta debian sync
<SpamapS> ScottK: re the drizzle package for debian, ACK, I will take a look at it later today.
<ScottK> Thanks.
<ScottK> I didn't compare the Ubuntu and Debian packaging.  No idea how different it is, but yours at least builds.
<ppetraki> jMCg, get to the grub prompt, erase the quiet arg and add '--debug'
<SpamapS> ScottK: I think in Debian its still a pre-release not the GA (2011.03.13)
<ScottK> No.  It's the same upstream version.
<SpamapS> Interesting
<uvirtbot> New bug: #757617 in munin (main) "mysql_ plugin fails with skip-innodb (patch available)" [Undecided,New] https://launchpad.net/bugs/757617
<jMCg> ppetraki: that does quite a bit.. I can pastebinit.
<ppetraki> jMCg, we really only need to see the last bit, where it hangs
<ppetraki> jMCg, pb is good
<jamespage> Daviey: merges proposed as we discussed earlier - thanks...
<jMCg> ppetraki: http://pastebin.com/zQWFG3SW
<Daviey> jamespage, cool
<ppetraki> jMCg, looks like the filesystem is mounted, and network is up. If you press enter a couple times, does a prompt show up?
<jMCg> ppetraki: nope.
<ppetraki> jMCg, yeah, I couldn't tell you. The startup looks fine, I can't tell why you're not getting a prompt, unless it's something like the console is on the wrong tty
<jMCg> ppetraki: the XML: http://pastebin.com/TeJ649ZA
<ppetraki> jMCg, what do you need " serial=tty0" for? the console= should be enough
<jMCg> Oh.. duh.
<jMCg> I forgot to put a /etc/init/ttyS0.conf in there
<ppetraki> jMCg, I was wondering why I didn't see that in the init logs ;)
<zul> soren: im going to upload a newer version of glance to the archive today fui
<zul> soren: s/fui/fyi/
<jMCg> ppetraki: thanks for your help -- now to find out why the networking setup doesn't work.
<ppetraki> jMCg, :), good luck
<smoser> hallyn, zul it would appear to me that (per http://pastebin.ubuntu.com/592646/), /dev/ is read-only
<smoser> dev should be mounted RW by either or ramdisk
<zul> smoser: that occured to me as well
<smoser> either kernel or ramdisk
<smoser> what kernel is this ?
<smoser> your'e trying to run this on a lucid host
<smoser> i suspect
<zul> smoser: lxc container on natty
<smoser> well, something needs to mount /dev as a tmpfs
<zul> smoser: right
<smoser> err... devtmpfs.
<smoser> ttx, did you see that mknod stuff in your logs ?
<hallyn> the mknod stuff could just as well be due to devices cgroup
<hallyn> zul: can you fire off a job to check /dev/?
<hallyn> zul: it's possible that this was broken to my change to lxcguest.
<zul> i have the image still mounted if that helps
<hallyn> cools o what is under /dev?
<hallyn> as in, output of df and 'mount'
<zul> http://pastebin.ubuntu.com/592674/
<zul> should i chroot into it to get you that?
<hallyn> no that won't suffice
<hallyn> can you log into the console?
<ttx> smoser: no I didn't see that
<zul> hallyn: lemme try
<smoser> ttx, do you have access to look at the filesystem ?
<ttx> I can restart an instance for that, yes
<smoser> i suspect that /var/run/network/ifstate does not get updated
<smoser> and so the "is it already up" check of cloud-init-nonet.conf (grep -qv '^lo' /var/run/network/ifstate) just fails, and then the network device doesn't come up after that (possibly because its already up)
<hallyn> smoser: lxcguest can't make /var/run a tmpfs for now, yes
<hallyn> so you just need to manually create /var/run/network
<zul> hallyn: http://pastebin.ubuntu.com/592678/
<smoser> well, something will need to populate it for this stuff to work.
<smoser> (normally that is populated via ifup)
<hallyn> right so why doesn't ifup do it here?
<hallyn> lxc containers are coming up fine, so i'm confused as to why you're having troubles
<ttx> smoser: anything in particular you want me to look at in the container fs ?
<hallyn> zul: how do you create the basic rootfs which gets used?  can you trivially add another package?
<hallyn> zul: first off, this will cease to be a problem once we get proper shutdown/reboot support for lxc
<zul> hallyn: i just mount through qemu-nbd basically
<hallyn> zul: the problem is that mounting tmpfs over /var/run stops lxc init's parent from seeing the guest's utmp and seein gif it is a reboot or shutdown
<hallyn> zul: so basically you can either:
<hallyn> 1. uncomment the lines in /lib/init/fstab.lxc
<hallyn> 2. install your own /etc/init/libvirt-lxc.conf which works around this
<hallyn> is (1) pretty easy to test?
<zul> hallyn: i can install packages in it without a problem
<ttx> smoser: no /var/run/network directory
<hallyn> zul: ok, i guess create your own lxcguest real quick with a fstab.lxc with the lines uncommented
<zul> hallyn: ok
<hallyn> zul: so it's ok for this to be a one-off for now?
<hallyn> zul: or do i need to think of a clean way to handle this generically?
<zul> hallyn: i think we need a clean way to handle this generically since it might bite us in the future again
<hallyn> well it'll be a shorterm thing in any case
<hallyn> i'm still curious about the actual problem
<hallyn> i.e., why does lxc seem to create /var/run/network just fine while libvirt-lxc does not?
<smoser> ttx, yeah, so zul/hallyn are going to have to sort that out..
<hallyn> are you changing anything in the upstart jobs?
<hallyn> or is this a pristine natty guest plus lxcguest?
<zul> its a pristine natty plus lxcguest
<zul> hallyn: because it doesnt use the lxc-templates in lxc
<ttx> smoser, zul, hallyn: ok, let me know when/what I can retest... tomorrow.
<hallyn> but the lxc natty template doesn't play with those
<zul> hallyn: right thats what im saying :)
<hallyn> zul: so waht would be the diff between lxc and libvirt starting it
<zul> hallyn: im not sure
<hallyn> zul: you can trivially change the string you put in init's ENV right?
<hallyn> (for 'container=lxc' or whatever?)
<zul> hallyn: i think so
<hallyn> if so, it's sort of admitting that we'll always have to be hacky, but we could make libvirt do 'container=libvirt'
<hallyn> then lxcguest can DTRT
<zul> hallyn: that might be what needs to happen
<zul> and then get a proper fix after natty
<hallyn> yeah like i say we're going to fix the proper reboot/shutdown hopefully before lxc sprint, but if need be then at lxc sprint
<zul> hallyn: agreed
<hallyn> zul: can you make the libvirt change?  I'll do the lxcguest change and get it to you to push?
<zul> hallyn: sure if i need where to look
<ScottK> python-psutils is in Main now.
<hallyn> zul: say huh?
<RoAkSoAx> ScottK: thanks!
<hallyn> zul: ok, biab.
<ppetraki> FYI ALL, if anyone is having problems with SANs on Ubuntu, I'd like to hear about it.
<zul> ppetraki: you probably get some more traction if you send it to ubuntu-server ml
<ppetraki> zul, true
<kirkland> RoAkSoAx: ping
<RoAkSoAx> kirkland: pong
<kirkland> RoAkSoAx: https://bugs.launchpad.net/ubuntu/+bug/732759
<uvirtbot> Launchpad bug 732759 in ubuntu "[FFe] [needs-packaging] python-ethtool" [Wishlist,Confirmed]
<kirkland> RoAkSoAx: i'm checking status on that
<kirkland> RoAkSoAx: looks like pitti gave you the FFe on 3/15
<kirkland> RoAkSoAx: any thing uploaded?
<RoAkSoAx> kirkland: yeah.. https://launchpad.net/ubuntu/+source/python-ethtool/0.6-0ubuntu1
<RoAkSoAx> kirkland: I think the upload never closed the bug report
<kirkland> RoAkSoAx: k, i'm going to close it then
<RoAkSoAx> kirkland: but as far as I can remember it was marked as Fix Released for Ubuntu and New for Debian, so maybe they messed something up when they were working on launchpad
<kirkland> RoAkSoAx: thanks.
<RoAkSoAx> kirkland: btw... you were the archive admin that approved the upload :)
<uvirtbot> New bug: #757752 in libvirt (main) "LXC containers do not start anymore." [Undecided,New] https://launchpad.net/bugs/757752
<SpamapS> hggdh: not sure why bug #735072 is assigned to canonical-server .. what are we going to do?
<uvirtbot> Launchpad bug 735072 in hundredpapercuts "The hostname proposed by installer is too long for file sharing to work correctly." [Low,Confirmed] https://launchpad.net/bugs/735072
<zul> SpamapS: rewrite netbios ;) samba already truncates the hostname
<SpamapS> It seems like this needs to be handled as the user requests.. by warning/limitting in the installer.
<zul> SpamapS: ditto ive already argued that point before
<hggdh> SpamapS, zul: I am not sure why we have to limit the host name -- it goes against the RFC
<zul> hggdh: right its a netbios limitation
<hggdh> SpamapS, zul: I can see this being done on, say, the samba post-installer
<hggdh> and the task is on samba(ubuntu)
<zul> hggdh: what like a hostname | wc -m and warn install if its more than x number characters
<hggdh> zul: or just truncate it?
<zul> hggdh: no because its going to do that anyways
<hggdh> adn warn it has been truncated
<hggdh> zul: I am confused, then: what is truncated, the system hostname, or the netbios name?
<zul> hggdh: my understanding is that it uses the hostname for the netbois name and it gets truncated when using netbios
<hggdh> zul: and so, what is the bug about, then?
<hggdh> or is it a SRU thingy?
<zul> hggdh: that netbios is not respecting the rfc
<hggdh> zul: well, this is how it is, nothing we can do without breaking it for everybody else
<zul> hggdh: agreed
<hggdh> zul: could you then please add your comments -- the hostname is already truncated, and netbios is happy, etc, etc?
<zul> hggdh:
<zul> yes
<hggdh> zul: and, of course, that it does not make sense to limit the hostname unilaterally -- the user can select that, and so on
<zul> hggdh: yeah im thinking of doing a warning in postinst
<axisys> hi all.. any beneft in having ssds on ubuntu server? on solaris I can put the ZIL on ssd to improve write IOs
<uvirtbot> New bug: #681090 in memcached (main) "status operation on init.d not working correctly" [Low,Triaged] https://launchpad.net/bugs/681090
<ScottK> netbios name doesn't have to be hostname.
<ScottK> That's an implementation convenience.
<hggdh> ScottK: agreed. The only thing left was to decide what approach to take.
<ScottK> I vote not enforcing non-RFC limits on hostnames.
<ScottK> Samba and netbios can do whatever they want.
<hggdh> +1
<uvirtbot> New bug: #637114 in memcached (main) "Large multiget requests randomly broken" [High,Fix released] https://launchpad.net/bugs/637114
<ppetraki> axisys, beyond the obvious by way of random read/writes being about the same as seq rw?
<Scunizi> How do I verify the validity of an email address given as part of the registration process on a web site?  assuming that I have a comma delimited file that I can use to feed the tool addresses?
<Trainbird> hi everybody
<Trainbird> I wanted to know if its possible to install ubuntu server on a RAID 1 environment
<axisys> ppetraki: how do I implement it?
<axisys> ppetraki: in linux
<ppetraki> axisys, implement what exactly? what I described is a property of the media/firmware, it's OS independent
<sss314> [noob] Is there a software for Ubuntu for streaming videos/music?
<uvirtbot> New bug: #374986 in memcached (main) "Memcached not active after reboot on 64-bit install" [Undecided,Fix released] https://launchpad.net/bugs/374986
<uvirtbot> New bug: #411856 in memcached (main) "Lame default for memcached in karmic (dup-of: 374986)" [Undecided,Confirmed] https://launchpad.net/bugs/411856
<uvirtbot> New bug: #530920 in memcached (main) "memcached segmentation fault" [Undecided,Invalid] https://launchpad.net/bugs/530920
<Scunizi> sss314: lots..
<sss314> Scunizi, rephrase: What easy software wou.d you recommend fo making a streaming server?
<axisys> ppetraki: is there way I can use SSDs on linux to allow async IOs to write on it?
<ppetraki> axisys, well, yes, there is an async-io api
<RoyK> Trainbird: it is - either software raid or hardware raid
<ppetraki> axisys, I don't get what you're trying to deploy though, there's so many options with Linux, you've got to pick a fs or sw raid stack first, and then start tweaking
<Trainbird> software raid
<RoyK> Trainbird: just choose manual partitioning, create one partition on each drive for each mirror, choose software raid config, create RAID1 groups, put filesystems/swap on them, done
<axisys> ppetraki: i have two ssds in this server .. it was supppose to be used for solaris .. but we decided to go with ubuntu server.. it is sun fire x4170 m2
<Tom___> I know that the Ubuntu-Desktop have alternate cd images for advanced installations but is this true for ubuntu server as well as I am trying to see how to install ubuntu server with raid on HP ML115 G5
<axisys> ppetraki: so we are wondering how can we benefot from the two SSDs ..
<axisys> ppetraki: this server will mainly run splunk
<Trainbird> RoyK: and then it will also be possible to create new partitions to raid them for normal data-use?
<RoyK> sure
<ppetraki> axisys, splunk?
<axisys> ppetraki: splunk index storage does not need SSDs unless the indexing is throttling.. which is not in our case
<RoyK> Trainbird: it's just partitions and raid - it doesn't matter what you'll use them for
<axisys> splunk: http://splunk.com is to index your logs
<Trainbird> RoyK: okay, I'll give it a try :)
<Tom___> I know that the Ubuntu-Desktop have alternate cd images for advanced installations but is this true for ubuntu server as well as I am trying to see how to install ubuntu server with raid on HP ML115 G5
<RoyK> Tom___: the alternate install, now called the DVD install, is both desktop and server
<RoyK> Tom___: if that server has a RAID controller, use that
<Scunizi> sss314: depends on what you want to do.. check this out. http://www.google.com/linux?hl=en&q=streaming+server+ubuntu&btnG=Search
<Tom___> is this available from cdimage.ubuntu.com if so can you give me the link so I can see exactly which image to sownload
<RoyK> Tom___: do you need X?
<Tom___> no
<Tom___> cli is fine
<RoyK> then just install from the server image
<RoyK> you can setup RAID etc from that quite easily
<RoyK> Tom___: but then, an ML115 might have a RAID controller?
<Tom___> It has a hardware raid controller
<Tom___> I guess its a case of rtfm
<RoyK> then use that
<RoyK> boot on the smartstart cd and setup raid with that
<RoyK> ubuntu will see one drive, which is fine
<ppetraki> axisys, so regardless of application, you can use something like blktrace to start getting data on your application, and take it from there
<ppetraki> axisys, then again SSDs are fairly inexpensive at this point so the "try it and find out" methodology is relevant  too
<Tom___> also one more thing out of all the raid levels which one would you suggest for a media server style of host i.e. high availability, robust mirroring or striping?
<smoser> kirkland, i think you did the uec-seeds commit wrong
<smoser> we needed to add 2 binary packages: cloud-initramfs-growroot and cloud-initramfs-rescuevol . it seems you added source package cloud-initramfs-tools (http://paste.ubuntu.com/592770/)
<RoyK> ppetraki: using SSDs for servers is a waste unless you need the extra IOPS - they wear out far quicker than spinning rust
<ppetraki> RoyK, I wasn't exactly recommending them :-p
<ppetraki> RoyK, you don't get much warning when they fail either
<zim> Hi all. I am trying to setup a raid 1 with 2 x 2TB drives. I have formated the whole 2TB on both to EXT4 then used configure software raid added both sdb1 and sdc1 to the raid but it is showing as unusable.
<RoyK> ppetraki: that's why I use zfs for critical data storage :P
<zim> is 2TB to big or am I missing somthing?
<RoyK> no, it's not
<ppetraki> RoyK, yeah, btrfs has cost me data 1-2 times now, not too happy with it
<zim> I did not thinkk so as that was the ext3 limit
<zim> what am I doing wrong?
<RoyK> ext4 supports 1EiB
<RoyK> should suffice
<ppetraki> zim, you're using mdadm, software raid?
<RoyK> ppetraki: btrfs isn't flagged stable
<RoyK> ppetraki: zfs is rock fucking stable :)
<zim> yup but setting it up with the installer. (as I have done before and all worked great)
 * RoyK has some 380TiB on ZFS
<ppetraki> RoyK, I know, but I was expecting just a little more stability, good thing I do nightly backups
<RoyK> ppetraki: you shouldn't expect stability on software flagged as experimental
<ppetraki> RoyK, the source of all disappointments  :-)
<zim> ppetraki: what is wrong with ext4?
<ppetraki> zim, oh nothing
<RoyK> zim: he was using btrfs
<zim> ok
<eichi> http://pastebin.com/Vh3Jv43e someone can tell my, why apt-get install postfix does REMOVE so much packages?
<ppetraki> zim, so these partitions are marked as "linux raid" and you added them to the array?
<RoyK> eichi: because postfix replaces exim
<RoyK> you don't want two MTAs on the same system
<zim> nope. Free space -> make ext4 partition on both -> add to raid
<zim> is that wrong?
<ppetraki> zim, so there's your problem
<ppetraki> zim, yeah
<RoyK> zim: yes, that's wrong
<RoyK> zim: flag the partitions as "use for RAID" (don't remember the exact text)
<zim> kewl problem half solved dam crappy howto :)
<ppetraki> zim, assuming you're using one partition to span the entire disk
<ppetraki> we'll, we should have better docs too
<zim> yup just want a 2tb /Data partion
<zim> the os is on another drive
<RoyK> zim: just create a partition on each drive and flag it for RAID use
<eichi> RoyK: shouldnd be a problem for the system?
<ppetraki> zim, it's partition tag "fd"
<RoyK> eichi: the system wants an MTA, any will do
<zim> I am doing it from the ubuntu-server 10.04 installer
<RoyK> zim: should work well
<RoyK> zim: I've installed software RAID on a dozen or so servers the latest year - works for me (tm)
<zim> I have just deleted all partions so now have 2 tb free space on both
<RoyK> zim: create partition - instead of choosing ext4, choose "use as physical ... for RAID"
<zim> thats where I went wrong will get back if I have any other problem Many Thanks to you both.
<ppetraki> np
<ppetraki> RoyK, so are you using zfs on linux or do you have some solaris instances kicking around?
<RoyK> ppetraki: openindiana
<RoyK> zfs fuse sucks rather hard on write performance
<ppetraki> RoyK, that's pretty cool, I never heard of that project before
<RoyK> opensolaris fork
<ppetraki> yeah, I'm reading the faq now
<RoyK> :)
<ppetraki> it's amazing how long linux has been around and we still don't have the fs thing figured out
<RoyK> well, ext4 works, but btrfs should have stabilised ages ago
<RoyK> but seems there's a key person at Oracle working on certain parts
<RoyK> fsck for one
<RoyK> also, they don't have any raid[56] code working
<RoyK> I guess btrfs may stabilise in a few years, but only if development resources are allocated to it from someone like RedHat
<RoyK> or Canonical
<kirkland> smoser: oh, doh
<kirkland> smoser: did you fix, or do you want me to?
<smoser> i cannot commit, kirkland so please do
<smoser> (no coredev)
<soren> zul: Cool.
<kirkland> smoser: doing so now
<kirkland> smoser: fixed
<kirkland> smoser: that teaches me to commit on your behalf without a proper merge proposal :-)
<zul> smoser: why was 60 seconds choosen anyways?
<smoser> zul, no good reason
<smoser> we basically depend/expect there to be an eth0
<smoser> we assume there is eth0 and it is dhcp-able
<smoser> and within cloud environment it should be pretty consistent that such a thing would come up within 70 seconds of boot.
<zul> smoser: cool...just wondering
<koolhead17> kim0: around
<koolhead17> hey smoser
<smoser> hi
 * RoAkSoAx off to lunch
<eichi> how to make postfix start automatically after installing ?
<uvirtbot> New bug: #712026 in udev (main) "cloud-init.conf never runs, instance not reachable via ssh" [High,Confirmed] https://launchpad.net/bugs/712026
<guntbert> eichi: you have to edit the config and change some value to tell it to start - if I remember correctly (but i forgot the line, it is easily spotted though)
<zim> Hi guys back again how long should it talk to format a 2TB raid 1 partition?
<zim> s/talk/take
<RoyK> zim: ext4?
<zim> yup
<RoyK> dunno - perhaps 15 minutes to an hour
<zim> wow that long
<zim> ok
<zim> it get to 33% in half a second then just hangs/is doing it but nothing changes
<ppetraki> zim, that might be a cue for you to get a coffee or something
<ppetraki> zim, and check on it in 15 mins or so :-p
<zim> kewl ok bugger just quit it after about 30min :)
<zim> will let it run
<ppetraki> zim, so is the array rebuilding while you're formating the new md disk?
<zim> its a pity the progress bar is not informative
<qman__> zim, that progress bar is only indicative of the number of tasks that it has completed out of the number it's doing
<qman__> so if you have one really small partition and one huge one, it will instantly reach 33%, then take a very long time to do the huge one
<zertyui> hello there
<zertyui> iptable  is it easy ?
<TheEvilPhoenix> zertyui:  what do you mean by "easy"
<zertyui> this is what i mean  : http://www.thefreedictionary.com/easy TheEvilPhoenix
<TheEvilPhoenix> zertyui:  short answer, no.  long answer, maybe.
<RoyK> zim: just use ufw
<TheEvilPhoenix> ^ that
<uvirtbot> TheEvilPhoenix: Error: "that" is not a valid command.
<RoyK> zertyui: that one was for you
<TheEvilPhoenix> zertyui:  i'd recommend you use ufw rather than just iptables
<TheEvilPhoenix> zertyui:  iptables is complicated in comparison to ufw
<RoyK> ufw can do most iptables stuff
<TheEvilPhoenix> indeed
<zertyui> what is the difference between ufw and iptable  ?
<TheEvilPhoenix> zertyui:  ufw isnt complicated :P
<RoyK> ufw is an iptables wrapper
<TheEvilPhoenix> zertyui:  ufw lets you define rules simply, but it will automatically fill in iptables' rules based on the uncomplicated rules you specify to ufw
<zertyui> define rules simply, like what ?
<RoyK> zertyui: man ufw
<zertyui>        This program is for managing a Linux firewall and aims to provide an easy to use interface for the user.
<zertyui> how easy it is ?
<zertyui> is there any web based application for that ?
<RoyK> zertyui: did you read the manpage or just the header?
<zertyui> just the header
<RoyK> bingo
<RoyK> read on
<zertyui> i don't have any idea about what can firewall can do
<zertyui> give me some example kind of task
<RoyK> see EXAMPLES in the manpage
<zertyui> can we do with ufw
<RoyK> does 'RTFM' sound familiar?
<zertyui> no
<zertyui> i know this one  : WTF
<RoyK> zertyui: just read the manual and stop bothering us
<zertyui> ok fine
<jMCg> mmmmmmm....
<uvirtbot> New bug: #758082 in augeas "[armel] segfaults in make check pass when built with optimization" [Undecided,New] https://launchpad.net/bugs/758082
<jMCg> Wonder if I should RTFM too, or ask stupid questions first on ufw..
<hallyn> zul: all right, please try with my newest lxcguest (just pushed to bzr) as well.  That gives you a console when you do 'virsh -c lxc:/// console n1', so you can actually snoop around
<hallyn> after i did 'rm -rf /etc/init/cloud*' it came up fine for me with eth0 having netaddr :)
<hallyn> i'm going to go look just a bit more at vga stuff, bbl.
<mrevd> every couple of days apache OOMs on me. always at the same time. how can i determine what specific apache process is causing this?
<zul> hallyn: cool will do
<jMCg> mrevd: how many do you have running? Doesn't syslog say which process it killed?
<mrevd> jmcg: i see 6 apache process running
<jMCg> mrevd: but those aren't separate deamons, right?
<mrevd> syslog states 'Kill process 2932 (apache2) score 180 or sacrifice'
<mrevd> jmcg: how can i tell if they're separate deamons?
<jMCg> mrevd: judging from the problem statement and the way you're asking, I'd say they're not.
<mrevd> jmcg: sorry, this is new to me
<jMCg> mrevd: what I find weird is the score. It seems low to me. How much memory do you have. What are you apache2 processes doing and how? Are they alone on that machine or do you also have other daemons (a DBMS, an MTA, etc..)
<mrevd> 5 or 6 other apache processes were killed at the same time
<mrevd> http://p.linode.com/5149
<jMCg> mrevd: so you have what, ~500M memory?
<mrevd> 512
<jMCg> mrevd: it seems a bit too low for me, either that or you're doing something severely wrong. Might want to answer the rest of my questions too :)
<mrevd> there are other daemons on the machine, apache is server a couple of small traffic sites
<jMCg> What daemons? Should they be running on that machine, given that that one's going down regularly?
<jMCg> Are the sites dynamic? How is httpd serving them?
<zul> hallyn: the libvirt patch worked as well?
<mrevd> the sites are dynamic. i'm not sure what you mean, how httpd serves them
<jMCg> mrevd: mod_php, mod_wsgi, mod_perl, mod_cgi, etc..
<mrevd> mod_php
<mrevd> mostly, some cgi
<markatto> snmpd got installed with the wrong permissions due to my umask. is this normal?
<markatto> well, the config file for it
<markatto> at least I assume it's due to my umask, as the permissions on it matched my umask
<jMCg> mrevd: you could throttle MaxRequestsPerChild a bit and see if that gives you any head space.
<mrevd> this just started happening, i was hoping to find the process that's responsible and clean/remove it
<jMCg> mrevd: the process responsible is, most probably your apache2 process, because it gets bloated by some ugly wordpress site with mod_php
<ZaclnxNewb> Hey, what's the best secure and easy email server for ubuntu headless 10.10?
<jMCg> mrevd: here's a good summary of how it works: http://prefetch.net/blog/index.php/2009/09/30/how-the-linux-oom-killer-works/
<ZaclnxNewb> I'm currently installing postfix
<mrevd> jmcg: it's definitely apache2, but how can i narrow that down. i'm running 6 sites
<jMCg> mrevd: I do that by running them with different daemons.
<mrevd> jmcg: multiple apache daemons?
<jMCg> mrevd: yes.
<mrevd> jmcg: could you share how? i wouldn't know where to begin
<jMCg> 00:39:20 <fajita> http://wiki.apache.org/httpd/ExtendingPrivilegeSeparation
<jMCg> This here: http://thoughts.j-davis.com/2009/11/29/linux-oom-killer/ suggests, among other things, to: turn off overcommit, run FreeBSD or Solaris (and Oracle instead of PostgreSQL), do not turn off overcommit and have more memory.
#ubuntu-server 2011-04-12
<hallyn> zul: oh sorry, yeah.  the libvirt patch worked (in fact is necessary with my lxcguest patch)
<zul> hallyn: ok cool just wanted to make sure
<hallyn> zul: so how should we go about this?
<hallyn> keep this in ppa?
<hallyn> or push for natty?
<zul> hallyn: push for natty after the beta
<hallyn> after beta2?
<hallyn> ok - can you link your bzr tree to the bug?
<hallyn> (i haven't seen an email go by from lp so am assuming you ahven't yet)
<zul> i willl tonight
<hallyn> cool, thx - ttyl
<zul> SpamapS:  the php-fpm bug? i think i fixed it in last update
<SpamapS> zul: its not fixed. exit 1 still means the package can't be installed
<zul> SpamapS: damn it..
<zul> can you queue something up?
<SpamapS> zul: http://git.debian.org/?p=pkg-php/php.git;a=commitdiff;h=7b4a9e9ba45b147c428f70e8b3ef508daad11246
<SpamapS> zul: looks like they set it to /tmp by default
<zul> SpamapS: it is
<zul> SpamapS: cool do it
<SpamapS> zul: we're in hard freeze so uploads will just sit in the queue until its unfrozen yes?
<zul> SpamapS: afaik yes
<mndo> hi
<mndo> i have a karmic server that needs php 5.3 anyone knows any good repo?
<SpamapS> mndo: you may want to update to 10.04 .. karmic will stop getting security updates in a few weeks.
<mndo> SpamapS, i know, this server will be decommissioned soon but right now i need php 5.3 on it
<SpamapS> mndo: you can always try downloading the source package from natty/maverick/lucid and building it on karmic
<SpamapS> mndo: http://packages.ubuntu.com/lucid/php5
<jeeves_moss> I have a bind9 server setup with internal/external domains, but I can't the DNS server to serve up EXTERNAL DNS names for other sites.  How can I get my local DNS server to forward requests upstream?
<zim> Hi all. Having problem creating a raid 1 from 2 x 2TB drives. info: ubuntu-server 10.04.1 -> create a 2tb raid partion on each drive --> create raid tick sdb1 and sdc1 ---> all good ---> Try to format to ext4 it starts at 33% and has been there for 3 hours :(
<zim> any ideas?
<jeeves_moss> does anyone know why BIND would be doing this?   client 192.168.1.12#59843: view internal: query (cache) 'teredo.ipv6.microsoft.com/A/IN' denied"
<pmatulis_> zim: don't you need a swap partition?  anyway, check you logs
<qman__> zim, if you're using green drives or a PCI disk controller, that's normal
<juanito1> que dia sale la version oficial de
<juanito1> ubuntu
<juanito1> alguien sabe ?
<pmatulis_> !english | juanito1
<ubottu> juanito1: The #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit https://wiki.ubuntu.com/IRC/ChannelList
<twb> !es
<ubottu> En la mayorÃ­a de canales de Ubuntu se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter.
<smoser> jamespage, when you see this, the ubuntu-server ec2 builds of '20110411.1' (or by the time you see it '20110412' will have the kernel we want to test)
<twb> My ubuntu servers are frequently experiencing hangs when you run simple commands like "ls" when the system is under heavy I/O load.
<twb> I suspect this is because the default I/O scheduler for .32-server is deadline (instead of CFQ).  *WHY* was deadline chosen for a server kernel config?
<patdk-lap> deadline or noop is normally perferred for servers
<patdk-lap> assuming your server has anything more than a single drive
<twb> patdk-lap: even when it's a shell server?
<twb> What's happening is that as I add bloated useless services like mysql and apache2, simple shell commands are being starved of I/O
<patdk-lap> well, if you have a raid card, or san or anything
<patdk-lap> it won't matter to change the order in the kernel
<patdk-lap> cause the controller will redo it
<twb> I'm using md (linux software) RAID1 of 3Ã2TB SATA drives
<patdk-lap> not sure what level it interacts with soft-raid
<patdk-lap> you could try using cfq and cgroups
<twb> I also noticed the same behaviour on a new 10.04 server which was doing *nothing* but converting a 40GB vmdk to a .img
<patdk-lap> but you need like the natty kernel for that to work
<twb> Yeah, actually I am using cgroups out the wazoo, because it's a LXC container server
<patdk-lap> I've been fighting with how to solve my io issue :)
<patdk-lap> I want my servers to do a MAX of 100iops
<twb> Do you know if there's a way to say "echo cfq > /sys/device/ALL/scheduler" rather than having to list each block device separately?
<twb> I have lots of LVM LVs, and I create and destroy them pretty often
<patdk-lap> a for loop? :)
<twb> Bah
<patdk-lap> add it to the create script?
<patdk-lap> I know I did that with xen
<twb> That's plan B :-(
<twb> Still better than recompiling the kernel I guess
<pmatulis_> specify the scheduler as a kernel option?
<twb> You mean in the boot: line?
<twb> pmatulis_: ^
<twb> Hooray, got permission to try CFQ on production host
<donnie> Does any one use vlc as dedicated video server?
<twb> patdk-lap: guess what
<twb> http://en.wikipedia.org/wiki/OpenVZ#I.2FO_scheduler <-- looks like I'm doing it right
<patdk-lap> I still wonder how that scales
<patdk-lap> most tests poeple post, and my own testing
<patdk-lap> cfq generally isn't that good for a server
<patdk-lap> but guess your doing shell type stuff
<patdk-lap> and cfq is good for desktop
<twb> We will see
<cmdbbq> i have ordered a dreamplug running ubuntu server and i have some questions in setting it up. it does not seem to  have a standard install and so i was wondering if anyone here had any first hand experience
<ruben23> hi guyd what firewall you can recommedn for ubuntu server any idea
<ruben23> any firewall recommended for ubuntu server..?
<cmdbbq> sorry about that
<uvirtbot> New bug: #758357 in dhcp3 (universe) "Please remove dhcp3 source from Natty" [Medium,Confirmed] https://launchpad.net/bugs/758357
<ScottK> ruben23: It comes with ufw by default.  So that's the one that's recommended.
<Rahoul> Hi I would like to start coherence automatically on ubuntu server after startup. Ive been looking at Upstart but I am not sure how to write a script. I would like to start with basics. Coherence is usually executed using "coherence -d" Any thoughts??
<twb> I got a new switch (HP Procurve).  It only speaks TIMEP or SMTP to get time, *not* NTP.
<twb> Rather than installing inetd on my server, can I simply tell my ntpd to also serve timep?
<SpamapS> twb: WHA?
<SpamapS> twb: every procurve I've had does NTP
<twb> Ah, $coworker tells me apparently "SMTP" in that context is a strict subset of NTP
<SpamapS> and I'd count that in the range of 40 or so switches ranging across at least 5 models
<SpamapS> SMTP or SNTP ?
<SpamapS> mine would pick up a broadcasted time
<twb> Er, yes
<twb> brain fart
<twb> All good now
<twb> He said "SNTP", I heard "SNMP", and I wrote "SMTP" because I've been dealing with mail all day
<SpamapS> :-D
<SpamapS> twb: for most needs, procurves are equal to anything cisco makes that is approximately 2x the price
<twb> That's why we got it
<cmdbbq> so, here is the thing: I need some networking advice for a device with mutliple network devices (1 WLAN and 2  ethernet ports) that is only reachable by ssh. basically, I am connected to an ad hoc put u=out by the device which then needs to connect to my router via one of the ethernet ports. once i have it on my local wireless i intend to disable the wireless network, but that is my only way to access it until it is functioning prop
<twb> on ebay of all things
<SpamapS> cmdbbq: what is "an ad hoc put u=out" ?
<cmdbbq> SpamapS: me having poor typing skillz :p
<cmdbbq> the device puts out an ad hoc network (guessing with termonology) that i can connect to and then ssh into 192.168.1.1
<SpamapS> cmdbbq: ad hoc wifi you mean?
<cmdbbq> yes
<SpamapS> ah
<SpamapS> so the device has an ethernet connection to the router already
<SpamapS> just isn't configured?
<twb> As opposed to infrastructure
<SpamapS> which one is running Ubuntu ?
<cmdbbq> the device is connected to the router by ethernet cable
<cmdbbq> it says it is running ubuntu
<cmdbbq> server
<SpamapS> cmdbbq: alright. So.. you need to know how to give it a static IP on the ethernet port?
<cmdbbq> i brought the interface down (ifdown) and then up (ifup) and it chooses 192.168.1.16 (outside the routers range) and claims the network is unreachable
<cmdbbq> but, yes, eventually i would like a static ip
<cmdbbq> assuming i still just edit /etc/network/interfaces?
<cmdbbq> thing is, connected to the wireless ad hoc, i can ping 192.168.1.16, but not connected to the router
<cmdbbq> ok, further weirdness, i found an entry for 192.168.1.16 in the routers dhcp table
<cmdbbq> still unreachable on that network, but there
<cmdbbq> why would the server request an ip address outside the routers normal range?
<cmdbbq> wait, nevermind
<cmdbbq> the range in the router was changed, 192.168.1.16 is within the range
<cmdbbq> resolv.conf shows the proper name server and /etc/network/interfaces looks correct
<cmdbbq> i am going to sign off and switch to static ip for eth0, be right back
<cmdbbq> i'm back! this is my terminnal output when trying to  bring eth0 up with DHCP and with a static ip: http://pastebin.com/5EzXEjzA
 * cmdbbq looks around in desperation 
<cmdbbq> ii think the issue must be that both the router and the server locate themselves at 192.168.1.1
<cmdbbq> do i have this right?
<TheEvilPhoenix> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<cmdbbq> sorry, didn't mean to be a nuisance, i was just reporting new things i tried
<cmdbbq> anyhow, i am switching back to talk to the server so brb
<cmdbbq> back again
<cmdbbq> ok, i have a server that allows configuration via an AP type wireless network. I need it to connect with a static ip to my linksys router. both the router and the AP wireless networrk set themselves up at 192.168.1.1 I think this must be the source of the problem. I need to be connected to the wireless network hosted by the server until i get it up and running on the proper network. once i can ssh in that way, i will shut the wirele
<ruben23> hi guys anyone can recommd best service proxy service in UK..?
<twb> ruben23: what is a "proxy service"?
<ruben23> twb: give me anonymous connection to UK by using multiple UK IP even im not on UK
<twb> Why don't you just rent a VPS in the UK?
<ruben23>  im trying to do is to have multiple IP of Uk where i can connect, coz i have to enter a particular data on a website where Uk ip are only accepted and this data should have unique UK IP per entry, so somehow the UK ip should be dyanmic or multiple if static.
<twb> Call that webmaster and tell him not to be a retard
<verynewubuntu> hi guys, I was trying to set up a basic web counter using cgi but uh.. not
<verynewubuntu> sure exactly where it should go, or in fact which file to edit to point to
<verynewubuntu> the cgi-bin directory if I wanted to create my own cgi-bin directory...
<verynewubuntu> any hints pls pm me
<Daviey> smoser, can you add lxcguest (or have you already?) to the cloud images?
<Daviey> had an MIR ack.
<soren> I thought it had been there for weeks.
<ropetin> Quick question; anyone know of a tool I can use to show only the changes to a text file since last time I checked?  Kind of like tail, but tail --since_last_check
<DigitalFlux> Anybody here has Ninja skills with the upstart provider for puppet ?
<BCS-Satori> Hello, I have a question about heartbeat resources.  In my haresources I have a line containing "BCSVSA001 drbddisk::iscsi.target.VMware.Storage.1 LVM::replicated iscsitarget" however LVM::replicated does seem to bring the LVM volume online unless I type "vgchange -a -y replicated".  Can haresources accomplish this or do I need to make a bash file to add it to haresources (and if so how do I call the script
<BCS-Satori> )?
 * RoyK would rather like to exercise a diverse set of material art on the people that chose upstart over SysV
<zul> Daviey: that patch you cherrypicked for dovecot is also for dovecot2 right?
<Daviey> zul, yes
<zul> Daviey: you checked the configuration file right?
<Daviey> zul, no.. i just plucked the patch.
<zul> Daviey: ok just checking
<Daviey> zul, i have no idea if it is compatiable
<zul> Daviey: cool...ill just ignore it then ;)
<Daviey> zul, heh
<semiosis> RoyK: material art?  that sounds tasteful
<Daviey> zul, the patch does apply fwiw.
<zul> Daviey: right....but we would have also take care of dovecot-postfix possibly (without looking at the patch)
<Daviey> zul, yeah.. I think the approach of the patch is too risky this late in the cycle tbh.
<zul> Daviey: agreed
<zim> Hi all. Is it normal for the partitions formatting to start at 33% and just sit there I am trying to  format a raid 1 2TB partition to ext4
<zim> Tried a few times last night left it for 3 hours no joy
<uvirtbot> New bug: #758737 in clamav (main) "freshclam crashed with SIGSEGV" [Undecided,New] https://launchpad.net/bugs/758737
<smoser> Daviey, soren lxcguest is in the images for quite some time now.  when the package makes it into the uec seed (its not there right now, i just checked) then I will need to change the automated build scripts to not specify it explicitly
<zul> smoser: ill add it to hec seed
<zul> uec seed even
<zul> smoser: done
<Daviey> smoser, can you add it to the uec seed please?
<zul> Daviey: already did
<Daviey> pah.. being slow.
<zul> Daviey: maybe you need more sleep ;)
<Daviey> :)
<Daviey> (smoser, it will only get promoted by being seeded).
<smoser> right.
<smoser> thats why i said it had to be seeded.
<smoser> but it can't be seeded until its MIR goes through
<smoser> so, until now, we were there waiting on MIR
<zul> it went through yesterday
<Daviey> smoser, I think what i was asking this morning, was for you to add it to the seed. Due to the MIR being ack'd late last night.
<smoser> i can't add it to seed.
<smoser> so zul did
<smoser> thank you zul
<smoser> so we're good.
<smoser> thanks.
<AlexMax> Why does libtomcat6-java depend on collections
<user3133> hello, when attempting to configure dapper with vmbuilder, i get an error with tzdata (because it's not included in dapper). is there any way i can create this machine and bypass vmbuilder's attempt to configure tzdata?
<hallyn> oooh.  big angry red screen from debian installer.
<hallyn> (it couldn't find its mirror)
<user3133> hallyn, are you talking to me? what do i do to fix this?
<hallyn> user3133: oh, no i wasn't
<user3133> :(
<hallyn> user3133: what is your vmbuilder command?
<rnigam> Anyone know how I can install xen dom0 kernel from ubuntu repositories? Ubuntu-10.10 doesn't seem to have the 'linux-image-xen-amd64' package !
<Ahtenus> How can i access the terminal on the ubuntu-server live cd?
<Ahtenus> or rather the regular installation cd...
<pmatulis_> Ahtenus: Alt-F1 i guess
<pmatulis_> Ahtenus: Alt-F2 , etc
<Ahtenus> didn't work from the menu.. trying "install ubuntu"
<pmatulis_> Ahtenus: yes, begin the process first
<RoAkSoAx> Daviey (nice work on the Desktop on the cloud!! (am I missing anyone?)
<RoAkSoAx> smoser: (nice work on the Desktop on the cloud!! (am I missing anyone?)
<RoAkSoAx> kirkland: (nice work on the Desktop on the cloud!! (am I missing anyone?)
<kirkland> RoAkSoAx: Daviey !
<kirkland> RoAkSoAx: stgraber too
<RoAkSoAx> stgraber: (nice work on the Desktop on the cloud!!
<Daviey> RoAkSoAx, and the testers :)
<RoAkSoAx> :)
<uvirtbot> New bug: #758808 in ipvsadm (main) "ipvsadm  -n doesn't work" [Undecided,New] https://launchpad.net/bugs/758808
<uvirtbot> New bug: #758813 in postfix (main) "mail corrupt at random, attachments rendered as code, text randomly missing, addresses randomly corrupted" [Undecided,New] https://launchpad.net/bugs/758813
<quentusrex_> Anyone know of a good system for automatic pxe install of ubuntu and other distributions?
<zul> quentusrex: cobbler
<uvirtbot> New bug: #758890 in dhcp3 (main) "Please remove dhcp3 from universe. (dup-of: 758357)" [Undecided,New] https://launchpad.net/bugs/758890
<hggdh> Daviey: so, we will have a re-spin of the server ISOs? If so, I will not bother to fill in the qa tracker
<semiosis> i'm working on writing an upstart job that will start a service after the network interface is up, but before remote filesystems are mounted.  or at least start the service after the network interface is up, then reattempt mounting of remote filesystems.  emitting remote-filesystems doesnt seem to have any effect on the _netdev entries in /etc/fstab.  any ideas?
<TeTeT> semiosis: sorry but I can't answer your question. Maybe you find some hint here: http://upstart.ubuntu.com/cookbook/
<semiosis> TeTeT: i'm working my way through that right now.  thanks for the pointer, I hope the answer is somewhere in there.
<hallyn> Daviey: bug 700511 is looking like it won't be fixed after all.
<uvirtbot> Launchpad bug 700511 in vgabios "[Regression] Widescreen resolutions are missing from vgabios, breaking widescreen in qemu" [High,In progress] https://launchpad.net/bugs/700511
<hallyn> near as i can tell it works nowhere
<hallyn> vmware mode works fine, so i'm going to mark that as workaround and back down to medium
<Daviey> hallyn, but it is a regression from Lucid?
<hallyn> no i think it's broken in lucid too
<hallyn> it's a regression in any case
<hallyn> but low prio imo.  in fact maybe i'll mark it low prio instead of med.  near as i can tell noone should need it.
<hallyn> jdstrand: do you have second?
<jdstrand> hallyn: what's up?
<hallyn> jdstrand:  i'm working on bug 673705 - the fix includes fixups to the network .xmls.  So the rh package had a postinst  fixing up existing ones.  Should we do that automatically in libvirt-bin.postinst?  And if so, is the 'configure' the right switch to putit under?
<uvirtbot> Launchpad bug 673705 in libvirt "running guests freeze when a guest is powered down" [High,In progress] https://launchpad.net/bugs/673705
<hallyn> i'm not really comfy with the blind chopping and dicing of the network .xml files, but...
<hallyn> not sure that telling people to update it manually is sufficient
<hallyn> it wont' break anything (more than it's already broken) if they don't update it
<hallyn> jdstrand: ah, i see.  i'll use the dpkg-compare versions bit from an existing blob in postinst
<jdstrand> hallyn: I don't know enough to say yes to 'should'. I can say that if moving forward 'configure' is the correct place-- and it should be versioned. look at libvirt-bin.postinst for the 'libvirt-migrate-qemu-disks' bit I added as an example (though you might be able to but it in the case statement of the postinst)
<jdstrand> hallyn: yeah
<hallyn> jdstrand: thanks.  if you don't mind, i'm going to run it past you before committing :)
<jdstrand> hallyn: ok. I am a little leary of adjusting the xml. would it suffice to ship a good configuration for new installs and then having instructions somewhere (maybe the bug is enough?) on how to fix it themselves?
<jdstrand> hallyn: cause if you adjust the xml, I am pretty sure you will need to destroy/undefine followed by define/start, and that is a poor upgrade experience
<hallyn> you don't have to undefine, but i assume the change wont' take effect until after they've recreated the bridges
<hallyn> as it is the script just adds the macaddr entry in entries in /var/lib/libvirt/network and /etc/libvirt/qemu/network/
<hallyn> jdstrand: ^
<jdstrand> hallyn: what are you doing in configure then?
 * jdstrand is not familiar with the bug or fix
<jdstrand> is the script a one time fix or done on each bridge creation?
<hallyn> jdstrand: hang on, i'm grabbing a url for the file
<hallyn> new bridges will be created with the macaddr element.
<hallyn> jdstrand: but hey, if you're ok with not auto-fixing existing bridges, then i'm happy with that.  less potential for breakage.  (more potential for dups)
<hallyn> jdstrand: http://bazaar.launchpad.net/~serge-hallyn/ubuntu/natty/libvirt/fix-maccaddr2/view/head:/debian/libvirt-bin.postinst
<jdstrand> hallyn: I gotta be honest-- I'd rather see that broken out into a tool that libvirt-bin could ship, and then people could run it manually. aiui, this bug has been around for awhile, so, especially this late in the cycle, that seems safer
<jdstrand> hallyn: I looked at the patches in the redhat bug-- those look pretty big too-- were you applying them in this update?
<jdstrand> hallyn: if something breaks in a postinst then the installation will pretty much halt
<jdstrand> s/installation/upgrade/
<hallyn> jdstrand: how would you ship the tool?
<jdstrand> hallyn: like I did with libvirt-migrate-qemu-disks
<hallyn> jdstrand: maybe i should just upload the script in the bug as an attachment,
<hallyn> and leave it at that?
<hallyn> hm, that'll stay around forever then...  polution...
<jdstrand> hallyn: that is an option too-- depends on how much you think people are hurting
<hallyn> well, not too much apparently :)
<hallyn> jdstrand: most people who are pounding on libvirt are not using NAT bridge rigth?
<hallyn> they've got a phsyical NIC on the bridge, and that's fixing it for them
<jdstrand> hallyn: if that is the case, I would focus on new installs
<hallyn> ok.
<jdstrand> I don't know what most do. I use nat
<hallyn> yeah - its usually a 3-10 second pause, so i think i've usually assumed my laptop was just acting slow
<hallyn> jdstrand: but so you do think it's better not to push the fix into natty at all?
<jdstrand> hallyn: you mean upstream's patch?
<hallyn> in that case, for o-series we'll be syncing 0.9.0 so won't need it at all...
<hallyn> yeh
<jdstrand> hallyn: there is a lot of stuff to do. if it were me, I would sync with 0.9.0 when oneric opens, mark the bug fix released and see who whines about getting it fixed in previous releases, at which point evaluate for SRU
<jdstrand> s/oneric/oneiric/
<jdstrand> hallyn: that said, if you really want to see it fixed in natty, you might run it by skaet
<jdstrand> the release team is reviewing all the changes and I would hate for you to do the work and have it be rejected since it was deemed too risky
<hallyn> i think i'll defer.
<hallyn> i really don't want to risk more breakage
<jdstrand> hallyn: I think that is wise
<hallyn> jdstrand: thanks for the advice
<jdstrand> sure! :)
<BCS-Satori> In a while loop in a bash script, how can I check the users input so that it matches a file contained within a folder to continue?
<jMCg> BCS-Satori: -> #bash
<RoAkSoAx> zul: quick question. If project X has been merged into project Y, instead of being just a separate project. However, now it is called Y, but I'd like to keep the package named as X. Is that possible/recommended?
<RoyK> no/no
<zul> what he said
<RoyK> you can keep the package with setting a keep flag on it (see man aptitude), but if a new arrives, you'll need to replace the old one with the new one to keep the machine updated
<RoAkSoAx> RoyK: right right, I can keep the source package name with the same name and rename the tarball automatically in get-orig-source
<RoAkSoAx> zul: ^^
<RoAkSoAx> zul: however, cluster-agents have now merge with the resource agents from RHCS, and they are just simply called resource-agents
<RoAkSoAx> zul: and I though it might be easier to just keep the mpackaging called cluster-agents rather than resource-agents
<zul> well you can create a new package called resource-agents and do conflict/replace
<RoAkSoAx> zul: yeah that's what I did, but was just wondering if instead of going through the new package process, MIR's, etc etc, to just keep the naming convention as cluster-agents
<RoAkSoAx> but anyways, I guess not :(
<hallyn> skaet: I'm looking at Bug #582769.  Debian actually fixed it the simple way last august.  I've been talking to amorgan, the libcap maintainer - he is opposed to that and feels something must be wrong in the courier-authlib itself.
<uvirtbot> Launchpad bug 582769 in libcap2 "/lib/security/pam_cap.so: undefined symbol: pam_get_item" [High,Triaged] https://launchpad.net/bugs/582769
<hallyn> skaet: would you like the simple fix from debian for natty?  Or leave as is?
<hallyn> does anyone else here care a lick about courier-imap-ssl with pam_cap?  (i'm assuming no)
<TheEvilPhoenix> isnt natty support in #ubuntu+1?
<TheEvilPhoenix> !natty
<ubottu> Natty Narwhal is the codename for Ubuntu 11.04, due April 28 2011. Help and support (only) in #ubuntu+1. Natty is beta and is not currently intended for production systems.
<TheEvilPhoenix> that's what I thought
<hallyn> oh ffs, here i thought courier-imap might be server
<TheEvilPhoenix> i dont think it matters whether its server or not, afaik, there's only one ubuntu+1 channel for both server and desktop :/
<hallyn> i was sort of wondering if ScottK might care
<hallyn> TheEvilPhoenix: the bug is relevant for maverick and lucid
<TheEvilPhoenix> hallyn:  oic
<TheEvilPhoenix> hallyn:  sorry, the mentioning of Natty triggered my "wrong channel" red flags :P
<hallyn> just still a q of whether anyone cares
 * skaet looking
<hallyn> TheEvilPhoenix: :)
<hallyn> zul: btw, you would be the other one, beside ScottK, who i would think might be interested
<zul> hmm?
<hallyn> zul: do you know anything about courier-authlib?
<zul> hallyn: nope...im a dovecot dude
<hallyn> i've been talking with amorgan about how it does authlib-pam
<hallyn> zul: ok
 * zul wonders out for a while
<hallyn> bet he even wanders
 * RoAkSoAx is off to lunch
<david5345> I am having a locale bug, I don't know if it's Ubuntu or PHP. I run the code that I listed here : http://pastebin.com/WRwSDXS8 . The timezone returns as EDT ( that's Eastern Daylight Time ), but it should return HAE ( Heure AvancÃ©e de l'Est), as the locale is french. Is this PHP or Ubuntu that is giving the wrong info ?
<masterzu> anyone able to help me get phpmyadmin working?
<RoyK> nope
<masterzu> on ubuntu server
<masterzu> i got it installed but i'm not seeing the directory show up
<masterzu> it's like it didn't install but it did
<masterzu> <---- confused
<guntbert> masterzu: what does w3m localhost    show you?
<masterzu> sql error because mybb isn't connecting to the mysql database correctly. i'm trying to get my mybb website running locally on a vm
<masterzu> lol hi again guntbert XD
<david5345> When I run "LC_ALL=fr_CA.UTF-8 date +%c", it says "EDT" at the end instead of "HAE". Is this a bug or a feature ?
<RoyK> david5345: LC_ALL="fr ...
<RoyK> put the quote after =
<david5345> RoyK Sorry, I was quoting to indicate what was on the command line. The month and day were in french, but the timezone in english
<RoyK> please pastebin the whole thing
<masterzu> any reason why I don't see the folder for phpmyadmin after installing it? the system says it's installed but i can't see any folder for it in /var/www/ or via the browser
<david5345> RoyK http://pastebin.com/CTKijx7C
<RoyK> david5345: sorry - no idea - tested myself and still faulty
<david5345> RoyK : It says EDT on your system ? Can you give me the version of Ubuntu you are using ?
<genii-around> masterzu: sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin
<genii-around> masterzu: Then to restart apache
<RoyK> david5345: it doesn't say anything if I give it a LANG or LC_ALL, it just reports localtime - tested with 10.04 and 10.10
<david5345> RoyK run sudo locale-gen fr_CA.UTF-8
<david5345> than rerun the command
<masterzu> genii-around, now what?
<RoyK> david5345: same thing on 10.10
<RoyK> and 10.04
<shauno> do timezones usually get translated?  I always see germany referenced as CEST, not 'MESZ'
<genii-around> masterzu: Now apache should know to point the wen browser to the real place phpmyadmin is ( in /usr/share/phpmyadmin/ ) when you point your bowser to hour.url/phpmyadmin
<david5345> shauno, who would have an authoritative answer ?
<genii-around> Bleh typos
<RoyK> david5345: some god :)
<masterzu> freaking awesome, thanks genii-around!!!
<shauno> david5345: I'm not sure.  You could do worse than to ask #ubuntu-translators I guess
<david5345> RoyK :P
<genii-around> masterzu: You're welcome
<masterzu> hmmmm password isn'tw orking....
<RoyK> masterzu: just pastebin admin user/password and someone will probably help quite soon :D
<masterzu> :P unfortunately phpmyadmin is on a virtual machine installed on my laptop, it's not at a web page
<masterzu> i'll figure it out, just going to search google :)
<genii-around> masterzu: Perhaps try http://localhost/phpmyadmin/scripts/setup.php first
<genii-around> Or the equivelent
<RoyK> masterzu: there's a root password set when you install mysql - try that
<masterzu> suppose i'll just reinstal mysql
<masterzu> XD
<david5345> Ok, I'll keep looking. Thanks RoyK and shauno.
<RoyK> masterzu: reinstalling won't do no good
<RoyK> resetting the root password on mysql may be better :P
<masterzu> >_> well, i can't seem to stop the mysql server in order to change the password anyways...
<masterzu> sudo /etc/init.d/mysql stop this isn't working. it's telling me to stop it with the service, but i can't find anything about service on google, all i get is this: "sudo /etc/init.d/mysql stop" and that doesn't work
<genii-around> masterzu: sudo initctl stop servicename
<genii-around> Or servicename stop, i always forget the order until i have to do it
<masterzu> unknown instance
<masterzu> the first one was right htough
 * RoyK just sent Pratchett's agent an email about how to sort out selling the Vetinari clock :P
<masterzu> genii-around, says it needs a job or something?
<masterzu> or Job [keyvalue]
<uvirtbot> New bug: #759238 in mysql-dfsg-5.1 (main) "package mysql-client-core-5.1 (not installed) failed to install/upgrade: intentando sobreescribir `/usr/bin/mysql', que estÃ¡ tambiÃ©n en el paquete mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/759238
<genii-around> masterzu: What does: sudo initctl list | grep sql                     show?
<masterzu> mysql stop/waiting
<masterzu> genii-around ^^
<genii-around> masterzu: So if you want to reconfigure mysql server, i would suggest: sudo dpkg-reconfigure -plow mysql-server      and set password, etc etc. Then: sudo initctl start mysql          and try login from phpmyadmin after
<genii-around> masterzu: You might need to use mysql-server-5.1 there as the name actually
<masterzu> ok, i'm in now, thanks :)
 * genii-around makes more coffee
<uvirtbot> New bug: #743608 in clamav (main) "freshclam crashed with SIGSEGV" [Medium,New] https://launchpad.net/bugs/743608
#ubuntu-server 2011-04-13
<uvirtbot> New bug: #759284 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/759284
<dravekx> question: when manually run update and upgrade with apt-get, there are 3 packages kept back. If I run with aptitude, they are installed. Anyone know which is correct or does it matter?
<dravekx> the 3 packages are:  linux-headers-server, linux-image-server, and  linux - server
<dravekx> ahhh.. nvm. found the answer.
<airtonix> how odd, when i perform the initial three default schema installation for ldap as per ( https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html ) via Fabric, it errors. But performing the exact same commands mannually succeds
<RoyK> dravekx: apt-get update && apt dist-upgrade
<dravekx> RoyK, thx :)
<juanito1>  hi guys
<airtonix> i'm having some problems with sudo, why there is a significant pause between user input of sudo password and the expected terminal response when using sudo after the cache timeout ?
<jblz> hey guys- i just fired up a new maverick server, and it doesn't appear to have add-apt-repository... is this normal?
<patdk-lap> it is on all my lucid servers
<jblz> right, me too :)
<onecrazycat> i'm setting up two dhcp servers and i want one to be a backupâ¦ any good docs on how to do this?
<RoyK> just copy the config file out
<RoyK> or setup a proper backup system
<RoyK> up to you
<onecrazycat> yeah but i only want one to be a primary at any given time.
<onecrazycat> in other words, the backup should be dormant until the primary fails
<onecrazycat> unless this is the wrong approach.  i'm by no means an expert with this sort of thing.
<RoyK> just google dhcp clustering
<RoyK> it's trivial
<RoyK> ubuntu clustering is trivial and works very well
<RoyK> that is, at least the dhcp  part
<patdk-lap> ya, clustering dhcp is alittle bit to wrap your head around at first
<patdk-lap> but is pretty simple
<onecrazycat> actually i think i found what i needed here:  http://www.madboa.com/geek/dhcp-failover/
<onecrazycat> In case anyone else is interested.
<patdk-lap> can only do two servers though
<onecrazycat> It's pretty straightforward.
<onecrazycat> Two is all I need.
<onecrazycat> â¦for now
<RoyK> we're running that at the office
<patdk-lap> my only issue is, I dunno why, but when I set it up, all dhcp requests get delayed a good 10sec or so
<RoyK> works like a dream
<RoyK> one fails, the other takes over
<patdk-lap> and I do lots of netboots, so it annoys me
<onecrazycat> RoyK:  what happens once your primary comes back up?
<patdk-lap> it resyncs
<RoyK> patdk-lap: then you must have done something funny
<RoyK> onecrazycat: they sync up
<patdk-lap> royk, ya, i figured, but can't figure out what :)
<onecrazycat> RoyK:  Nice.  So no manual intervention req'd then?
<RoyK> no
<onecrazycat> RoyK:  You're a gentlemen and a scholar ;)
<patdk-lap> you can also setup dhcp ranges that are private per each instance
<RoyK> thank you, boy :)
<patdk-lap> and stuff served there don't failover
<patdk-lap> required for bootp
<patdk-lap> I wonder if that is what is screwing me, still have bootp stuff
<RoyK> it's not everyday I get called a gentleman, I must confess I feel honored
<onecrazycat> RoyK:  Sap it up.  :)
 * RoyK hands onecrazycat a dram
<onecrazycat> RoyK:  It's not every day I get a solid dram from someone in ubuntu-server IRC.
<RoyK> :)
<RoyK> that'll be an islay
<jblz> does maverick server normally run apache2 + sendmail out of the box by default., or is that just my vpses config?
<onecrazycat> I'm pretty sure your VPS needs to enable that during install.
<onecrazycat> Ubuntu server (any version) doesn't run anything by default, that's the beauty of it.
<RoyK> jblz: iirc that's apache + exim or postfix
<jblz> yeah, it's totally weird, it's got apache2 and "sendmail-mta", with one of the apache2 processes running as root
<onecrazycat> It could be for their administrative purposesâ¦ but this would be a question you could ask them to confirm.
<jblz> well, i figured someone on here would know whether that was standard maverick behavior or not
<onecrazycat> not standard
<jblz> good
<jblz> thank you onecrazycat.
<onecrazycat> jblz: np
<RoyK> nite
<patdk-lap> they probably just set the lamp install by default
<uvirtbot> New bug: #759367 in php5 (main) "package php5-fpm 5.3.5-1ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/759367
<onecrazycat> I have a server with dhcpd installed, but it isn't runningâ¦  I inherited this box, and I'm curious, how can I tell if it's set to start at boot?  I looked at the rc.* files in /etc/, and it's there as though it is set to run at bootâ¦  is there anywhere else this sort of thing can be set?
<twb> onecrazycat: what release?
<twb> onecrazycat: lucid?
<twb> As at lucid, dhcp3-server is still a sysvinit package, so it will be in /etc/init.d/dhcp3-server with SNN symlinks in /etc/rcS.d or rc[2-5].d
<onecrazycat> twb: hardy
<twb> Same applies then
<onecrazycat> twb: okay, this is where i'm a little confused.
<onecrazycat> twb: i ran a quick ls /etc/rc* | grep dhcp
<onecrazycat> and i get a lot of files in each of the rc[2-5].d directories
<extraclassic> onecrazycat: /etc/network/interface has to say inet dhcp
<onecrazycat> extraclassic: let me check that
<onecrazycat> extraclassic: are you sure?  My current dhcp server doesn't have this
<onecrazycat> extraclassic:  that is, the server I know is running dhcp for sure doesn't have this.
<extraclassic> i'm not sure what the file is called then...in debian it's /etc/network/interface so I guessed
<onecrazycat> extraclassic: ah okay, let me grep through that directory (/etc/network/) to see if i can find any references to dhcp on a known working server
<extraclassic> try /etc/network/interfaces
<onecrazycat> yea nothing there...
<extraclassic> onecrazycat: try this then - http://www.ubuntugeek.com/how-to-install-and-configure-dhcp-server-in-ubuntu-server.html
<extraclassic> nevermind...don't think that's what you were asking
<twb> I have a Soekris net5501 board, which I believe has a Geode CS5536 southbridge.
<twb> I am trying to work out which/how to load the watchdog driver.
<twb> AFAICT it's the "geodewdt" driver, which hit mainline in 2008.  But this module isn't present in my lucid install (2010, .32) -- so WTF?
<twister004> hi guys... where can I find the list of recently installed updates on my ubuntu 10.04 Lucid?... I updated laptop and the touchpad stopped working
<twb> My logs show that ntpd regularly unbinds from 0.0.0.0:123 and binds to <every interface>:123.
<twb> This is stupid.  How do I tell ntpd to shut up, bind to 0.0.0.0:123 when it starts, and just stick to that?
<joschi> twb: unfortunately you can't.
<twb> It's *especially* stupid because I have e.g. four IP addresses on 1.2.3/26, and it claims to bind onto 1.2.3 thrice
<twb> Bloody ISC needs to get a clue
<twb> I just finished replacing bind9 with ntpd and unbound, maybe I should throw away their ntpd too
<joschi> twb: I hope you meant nsd instead of ntpd ;)
<joschi> twb: openntpd is not bad, if you want to try out an alternative to ntpd
<twb> Er, yeah
<twb> Thanks for the +1 for openntpd
<xro2>  hi, i use a ubuntu server10.04 64bits as a router... So i activate net.ipv4.ip_forward=1 in /etc/sysctl.conf but it's really slow (10KB) and i have 50MB in the lan... Where should i look to solve this issue?
<twb> xro2: are both NICs gigE?
<xro2> twb, i have 1Go and 10Go on the other side
<twb> NFI then
<xro2> twb, NFI?
<twb> No Fucking Idea
<xro2> twb, ok...
<xro2> nobody else have an idea why my network is slow?
<\sh> Ng: ping terminator and grouping all terms via super+g (it doesn't work when you under unity ;)) any solution for this?
<Ng> \sh: I've only been back from paternity leave for 2 hours, so I haven't had a chance to do any testing with natty yet. Perhaps mapping it to another shortcut would be a good short term solution until I figure out what's changed about Super in Unity :)
<\sh> Ng: good idea...and about the super key, it's being catched by the launcher first imho...eventually didrocks has a solution to this problem :)
<xro2>  hi, i use a ubuntu server10.04 64bits as a router... So i activate net.ipv4.ip_forward=1 in /etc/sysctl.conf but it's really slow (10KB) and i have 50MB in the lan... Where should i look to solve this issue? I forgot to tell that is a virtual machine on a ESX server
<adac> Hi guy. Does anyone know if there is a "pastebin" server available in the packages
<m_tadeu> when I have a "register=>xxxx:yyy@zzz" in sip.conf, should this peer be displayed in "sip show peers"?
<delfick> Hi, I want to start jscoverage when my server starts (I have a script inside /usr/local/bin which is executable and just calls jscoverage-server with the appropiate arguments). So I have in my /etc/rc.local the line "/usr/local/bin/startJsCoverage &" but it doesn't seem to work, how am I supposed to be doing this?
<xxron> Hi, i try to set ip_forwarding on a ubuntu server 10.04 64bits (on vmware)... I setted cat /etc/sysctl.conf net.ipv4.ip_forward=1... But the routing process is very slow... I get 50MBytes on each lan and only 20KBytes when i route the traffic from one lan to the other one... Have you an idea?
<xxron> ls
<xxron> someone could confirm me that there is nothing more than set ipv4.ip_forward=1 to activate routing...
<red2kic> xxron: You can try it at #ubuntu (but this channel would probably benefit you the more).
<red2kic> xxron: Sorry -- Slow traffich here. :(
<red2kic> traffic*
<zoopster> xxron: yes that's what you need to do and either restart or reload sysctl with the change
<patdk-wk> xxron, check your duplex settings
<xxron> zoopster, patdk-wk, it's full duplex, mtu are the same, no iptables...
<patdk-wk> are you sure it's fullduplex on your nic AND the switch?
<zoopster> xxron: throw a packet sniffer on it and you'll quickly find the problem
<xxron> Duplex: Full on eth1 and eth3
<xxron> patdk-wk, the problem is that it works on LAN... i get problem only when i try to route the traffic......
<patdk-wk> 50MBytes doesn't sound like working
<patdk-wk> you should be able to get atleast 90MByte
<patdk-wk> what kind of system is it?
<xxron> Mware VMXNET3 Ethernet Controller
<patdk-wk> that isn't a system
<patdk-wk> that is a nic driver
<xxron> so, what do you mean by system?
<patdk-wk> motherboard, cpu, nic's, ...
<xxron> patdk-wk, so it's a virtual machine on a ESX4.1 server, with 2 intel CPU, and VMXNET3
<patdk-wk> that still doesn't tell me anything at all
<xxron> patdk-wk, a virtual machine don't really have a motherboard and a nic...
<patdk-wk> virtual machines don't run on thin air
<patdk-wk> and yes, virtual machines do have motherboards and nics, in your case vmxnet3 nic's :)
<patdk-wk> and probably a vm version7 motherboard
<patdk-wk> but I'm talking about the real hardware it's on
<xxron> patdk-dk, so you want the ESX hardware...
<zul> Daviey: we should be iso testing today shouldnt we?
<Daviey> zul, I'm not convinced that this is our real candidate... but cautionary testing is still worthwhile.
<krycek_> is ubuntu going to support PERC S300 anytime soon?
<Daviey> zul, At least getting most of the test cases covered would be a good sniff... but i don't think we need to break our backs on it, if there are other urgent things on.
<laen> Anyone got an idea why /sbin/blkid doesn't give any result when executed as non-root on 8.04? It works on 10.04 as non-root..
<laen> And no, i'm not planning to upgrade the entire environment to 10.04.
<ppetraki> laen, off the top of my head, no, but strace will show what's going on
<ppetraki> laen, are you sure you're not root? because it doesn't work for me here on 10.04 as a non-root user
<laen> ppetraki: that's because your /etc/blkid.tab has no read permission for other.
<laen> ppetraki: Many distro's just give that permission.
 * ppetraki needs a second cup of coffee
<laen> ppetraki: open("/dev/sda1", O_RDONLY)             = -1 EACCES (Permission denied)    ..auch :P
<ppetraki> laen, yeah, I get that too, even when it works
<ppetraki> laen, http://pastebin.com/b5sWS8Pm
<laen> ppetraki: your blkid does seem to work as normal user though
<ppetraki> laen, sure it does
<ppetraki> <09:30:42>ubuntu-lucid$ blkid  /dev/sda1
<ppetraki> /dev/sda1: UUID="ca077257-f9ec-4b63-8b0c-b8376e6f068a" TYPE="ext4"
<laen> yeah
<ppetraki> the stat calls go through, and there's a read on the blk device
<ppetraki> I've never looked at the blkid source code but I suspect it's examining the partition table as part of the uuid generation
<ppetraki> on you 8.04 system, is that block device delegated to something like mdadm?
<laen> Nope, direct disk, no software raid or lvm or something.
<laen> Wondering how or why the user doesn't have O_RDONLY access on the disk, in 8.04, and does on 10.04.
<laen> I'm not having a very bright moment here.
<ppetraki> don't worry about it ;)
<ppetraki> permission check on 8.04?
 * ppetraki has blkid source code now
<ppetraki> <09:35:50>src$ ls -l /dev/sda1
<ppetraki> brw-rw---- 1 root disk 8, 1 2011-03-28 17:54 /dev/sda1
<laen> It's the old blkid 1.0.0
<laen> yeah, same
<ppetraki> that's funny, even my user isn't in the disk group
<laen> ppetraki: yep
<toff> can any body help me in doing mac based auth using freeradius?
<toff> i have done settings as per http://wiki.freeradius.org/Mac-Auth
<toff> but while connecting the server is ignoring my request
<toff> plz ?
<toff> is any body out there?
<toff> plz anybody anser
<laen> ppetraki: "Before  kernel  2.6.24,  and  since  kernel  2.6.24 if file capabilities are not enabled"  ..guess i'm out of luck, it's using CAPABILITIES in 10.04, which isn't used in 8.04 as that is the .24 kernel.
<ppetraki> laen, where'd you find that factoid?
<laen> ppetraki: I went from the manpages of  OPEN(2), FCNTL(2), PATH_RESOLUTION(7) to CAPABILITIES(7), where that sentence was written.
<laen> ppetraki: Not that i found those manpages on Ubuntu though ;)
<ppetraki> laen, well, they're part of the programmers manual. I have them, but I'm a kernel dev
<laen> So, does that sound logical to you then?
<ppetraki> laen, still reading, but yeah
<a7ndrew> So, I'm wanting to look at a bit of system monitoring and diagnoses. The packages 'atsar' and 'systat' are both available to me. Does anyone have any opinion/ experience regarding either of them?
<laen> ppetraki: thinking about a workaround, how unsafe would it be in this case, to give blkid suid ..the customer application prefers not to use sudo
<ppetraki> laen, well, adding suid to anything puts the system at more risk, instead, you may be able to install the lucid kernel on 8.04 (hardy?)
<ppetraki> laen, actually populating the disk group might be enough
<laen> ppetraki: oh duh, indeed.
<ppetraki> laen, then again, what does a regular user need blkid to begin with?
<laen> ppetraki: none, customer application
<laen> ppetraki: well, open() call still fails .. weird.
<laen> Oh wait
<laen> wrong machine ;). Done, works!
<ppetraki> \o/
<laen> Interesting problem :)
<ppetraki> yeah, and I
<laen> I mean, the solution was a bit too easy, but.. cool :)
<ppetraki> 'm still half asleep :)
<laen> Ow :)
<laen> ppetraki: got any good documentation to read into when i wanna try to understand the way CAP_* are used on distributions?
<ppetraki> laen, besides the  manpages? not really. Then again, I mostly tolerate userspace :-p, so I'm not the best person to ask
<ppetraki> laen, that would be  a great idea though
<TREllis> anyone know of a tool like grubby for grub2? afaik grubby is from grub1 days
<TREllis> or am I left with ... sed -i /etc/default/grub  ;-)
<laen> ppetraki: :)
<ScottK> hallyn: SpamapS has been looking into some courier bugs. He might be the best one to 'care'.
<smoser> Daviey, kirkland , zul
<smoser> could someone review this, just to make certain its sane:
<smoser> http://paste.ubuntu.com/593600/
<Daviey> looking
<smoser> i'm fairly sure it is, i tested by:
<smoser>  * run new instance
 * kirkland looks
<smoser>  * sudo apt-get --purge remove grub-legacy-ec2 grub-pc grub-common
<smoser>  * sudo rm -Rf /boot/grub
<zul> looks ok
<kirkland> smoser: yeah, looks fine
<smoser>  * sudo dpkg -i grub-legacy-ec2_0.6.1-0ubuntu6_all.deb
<kirkland> smoser: i just noticed that:
<smoser>   this fails (thats the old version)
<kirkland> $ dpkg -S /boot/grub
<kirkland> dpkg-query: no path found matching pattern /boot/grub.
<smoser>  * rm -Rf /boot/grub
<smoser>  * sudo dpkg -i grub-legacy-ec2_0.6.1-0ubuntu7_all.deb
<kirkland> smoser: so that dir must be manually created by the installer, or something
<Daviey> kirkland, did you run it past foundations?
<kirkland> Daviey: nope, but i suggest to smoser that he might ask cjwatson about it, just for a history lesson, if nothing else
<uvirtbot> New bug: #759885 in cloud-init (main) "grub-legacy-ec2 does not create /boot/grub on install" [Critical,In progress] https://launchpad.net/bugs/759885
<smoser> cjwatson, ^^ would appreciate feedback
<Daviey> kirkland, good thinking.
<smoser> cjwatson, the pastebin at http://paste.ubuntu.com/593600/
<smoser> so, should i wait on cjwatson ?
<smoser> we're kind of gated on uec images build to get ec2 images out there. and that is gated on this bug.
<smoser> bug 759885
<uvirtbot> Launchpad bug 759885 in cloud-init "grub-legacy-ec2 does not create /boot/grub on install" [Critical,In progress] https://launchpad.net/bugs/759885
<smoser> Daviey, kirkland thoughts ^
<kirkland> smoser: i don't think you need to wait, no
<kirkland> smoser: it's blocking our work, and me/zul/daviey all gave you a thumbs-up
<kirkland> smoser: so it's on us
<kirkland> smoser: it would be good to get cjwatson's opinion, if and when he can give it, but let's rock and roll with what you have
<uvirtbot> New bug: #756489 in samba (main) "smbd crashed with SIGABRT in __kernel_vsyscall()" [Low,Incomplete] https://launchpad.net/bugs/756489
<uvirtbot> New bug: #759099 in samba (main) "smbd crashed with SIGABRT in close_file()" [Low,Incomplete] https://launchpad.net/bugs/759099
<cjwatson> meeting
<cjwatson> I'll get back to you in a bit
<smoser> ok. i just uploaded that.
<smoser> so i assume i need a release admin "OK" anyway
<m4xx> i've installed festival on my 10.04 server machine, ran the update.rc and made/edited /etc/defaults/festival, yet when i try to run the festival init script it seems to do nothing, i see nothing in logs.
<m4xx> any ideas?
<smoser> anyone know how i woudl see if a package is in a seed ?
<smoser> uec seed was modified yesterday (2011-04-12 09:12:31 -0400)
<smoser> to add lxcguest
<smoser> but 'apt-get remove lxcguest && apt-get install ^uec --dry-run' does not indicate that lxcguest would be installed
<smoser> i'm wanting to drop line 13 from http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/view/head:/conf/natty-server.conf
<smoser> but dont know that i can yet.
<m4xx> apparently festival.smc needs to be in /etc/ not /usr/share/festival/
<m4xx> thanks =]
<thinkpad> Question: My samba domain controller will not serve up scripts upon login, and acts very slow when not connected to the Internet. Once the net connection comes back up, everything is fine. Anyone know why this may be happening?
<rnigam> how do i change th kernel config parameter in ubuntu. I would like to change the value of CONFIG_VHOST_NET=y from m.
<thinkpad> The DNC is ubuntu 10.04.2 for the above question
<hallyn> ppetraki: so, udev.log is basically filled with junk like http://paste.ubuntu.com/593611/
<hallyn> ppetraki:  (this is for bug 644489)
<uvirtbot> Launchpad bug 644489 in multipath-tools "constantly changes /dev/disk/by-id/{scsi,wwn}-* LUN symlinks with multipathing" [High,Confirmed] https://launchpad.net/bugs/644489
<hallyn> ppetraki: why would /dev/sdc keep being marked as 'changed'?
<hallyn> could kpartx.vs.multipath be the problem here?
<ppetraki> so the udev rules can run, and find that there's no real work to do
<ppetraki> it's not exactly fine grained :/
<ppetraki> so what's the bug here, log spamming or some real hung processes?
<hallyn> well, lots of system time taken up, and symlinks from wwid by-id to /dev/sdX keeps changing
<hallyn> something is very wrong there
<hallyn> /dev/disk/by-id/wwid* is supposed to point into /dev/mapper...
<hallyn> not to /dev/sdX
<ppetraki> the symlinks actually change, as in the signature, or they're just being recreated needlessly?
<ppetraki> oh I see
<ppetraki> so do we know what kernel event prompted all this traffic?
<uvirtbot> New bug: #759940 in mod-wsgi (main) "webdav modifies uri and path_info attributes" [Undecided,New] https://launchpad.net/bugs/759940
<hallyn> ppetraki: no,
<hallyn> ppetraki: but hey, it looks like he's still  using '-Q' flag to modprobe
<ppetraki> hallyn, yeah, that's busted, and a quick fix
<hallyn> ppetraki: but soI wonder if it's evidence of bug 737027
<uvirtbot> Launchpad bug 737027 in multipath-tools "kpartx udev rule is broken" [Medium,New] https://launchpad.net/bugs/737027
<hallyn> well let's ask the guy to try '-q' i guess :)
<ppetraki> that'll work :)
<hallyn> ppetraki: feh.  he's the one who originally submitted that bug about -Q!
<hallyn> i don't know how, but I need tocome up with a better way to represent bugs for myself.  Faster fetches, but also showing me what other open bugs people and packages have
<hallyn> all right, so on that note, i need to go check for burning bridges in kvm/libvirt for natty.
<uvirtbot> New bug: #759943 in mod-wsgi (main) "mod_wsgi.so-3.2 gives errors" [Undecided,New] https://launchpad.net/bugs/759943
<cjwatson> smoser: /boot/grub is created by the action of installing GRUB.  We've tried to avoid putting it directly in packages because some people like to unmount /boot except when upgrading, to minimise risk of filesystem wear.  Your fix is OK for beta-2, but I would prefer it if you created it in postinst or in update-grub-legacy-ec2 or something like that
<smoser> cjwatson, :-(
<smoser> sorry. i would have done that for sure. that was my original thought.
<smoser> it is *really* not a big deal, though, as if you're installing grub-legacy-ec2, you're really on a virtual machine, and likely in EC2 where /boot is probably on /
<pmatulis_> darn, unity-2d doesn't work at all on kvm
<cjwatson> smoser: right, hence why it's OK for beta-2.  It would be good to clean it up for final, that's all.
<smoser> cjwatson, ok. i'll do that.  you'd just do 'mkdir /boot/grub' in postinst >
<smoser> ?
<cjwatson> mkdir -p, yes
<orudie> i'm running ubuntu with /dev/sda5 linux swap . I just resized disk in vmware ESXi, when I load gparted it doesn't let me resize the partition, since right at the end of dev/sda1 is dev/sda5 then unallocated space
<hallyn> ppetraki: drat, -q didn't fix it for him
<ev> so right now the installer prevents you from having an upper case letter as the first character of a username
<ev> this is a bit silly. There's no technical reason this should be the case
<ev> I'd like to change it in a later version of Ubuntu (see: not natty), but I'm looking for examples of things this might break
<ev> cjwatson mentioned you folk may have encountered software that's more likely to have such interoperability issues
<NightDragon> hello all
<NightDragon> need help with something if someone would be so kind
<zul> Daviey: it has just being pointed out to me that the cobbler web setup for apache takes over the whole server basically
<NightDragon> <NightDragon> so, i've set up a Time machine with a samba share and netatalkd
<NightDragon> <NightDragon> (on my linux server)
<NightDragon> <NightDragon> but for some reason, the time machine backups never finish
<Daviey> zul, oh goody.
<Daviey> zul, is there a bug?
<zul> Daviey: its coming
<uvirtbot> New bug: #760012 in cobbler (universe) "cobbler-web unnecessarily overrides default DocumentRoot" [Undecided,New] https://launchpad.net/bugs/760012
<Daviey> smoser, It would probably be a good idea to raise two blueprints when you have a chance... cloud-server-p-image-build-process and cloud-server-p-desktop-image (i think pitti will want to take that one over fwiw).
<smoser> what would be in 'image-build-process' ?
<Daviey> smoser, I think two things... one you were talking about using new build platform earlier, and secondly handling of migration to centralised builds.
<Daviey> what do you think?
<smoser> sure
<uvirtbot> New bug: #760019 in cobbler (universe) "A profile's --kopts-post option does not work" [Undecided,New] https://launchpad.net/bugs/760019
<NightDragon> anybody good with mailers?
<NightDragon> need help with sendmail
<axisys> how do I rollback a fs ? I want to put some data on /path/foo .. so I create a tar of /path/foo first and then make tons of changes.. what is the best way to roll back to orig /path/foo ? do I untar the old /path/foo to a new location and point /path/foo to it ?
<axisys> in solaris zfs rollback does all the magic
<NightDragon> rm -rf /path/foo
<NightDragon> tar -xzvf pathfoo.tar.gz
<NightDragon> tar -czvf preserves file structure
<NightDragon> so if you run tar -xzvf at /path/..
<NightDragon> it will be as it was
<axisys> NightDragon: ok .. thanks a lot
<NightDragon> np
<axisys> NightDragon: do I need a -p to preserve file mode and ownership ?
<axisys> NightDragon: or that is default ?
<NightDragon> if you didnt create the tar with -p i dont think it will matter
<rnigam> how do i change th kernel config parameter in ubuntu. I would like to change the value of CONFIG_VHOST_NET=y from m.
<pmatulis_> rnigam: sounds like you want to run a custom kernel
<ap0c> anyone help with a 10.04 bios RAID issue ?
<ap0c> i created a RAID 5 logical disk in my bios, but ubuntu is still reporting it as individual drives
<ap0c> is there something i need to do ?
<cloakable> yeah, not use fakeraid
<cloakable> either use linux SW raid, or true HW raid.
<ap0c> use use mdadm in ubuntu and don't use the BIOS raid
<ap0c> ok i figured that's what i have to do
<ChmEarl> ap0c, for any linux to detect your fakeraid, you need dmraid loaded
<ap0c> i did that, but it still didn't recognize my fakeraid
<ap0c> i just turned off the bios RAID and am going to do sf raid now
<ap0c> it's not my boot device so not really important
<ap0c> just 4 1TB disks going to use RAID 5 sf mdam now
<ap0c> these ok directions? https://help.ubuntu.com/community/Installation/SoftwareRAID
<rnigam> pmatulis_: Well I would like to add a vhostnet module to the current kernel. Is that possible?
 * RoAkSoAx off to lunch
<hggdh> smoser: uec-publish-image is failing on maverick and natty images on euca i386
<smoser> hggdh, can you give more information please ?
<hallyn> jbernard: do you have libcgroup update for natty queued up for natty?
<hallyn> (with the security fix)?
<hggdh> smoser: opening a bug now. But I was preparing to beta2-test uec on i386, and -- in the process -- I load lucid, maverick, and natty kernels.
<jbernard> hallyn: it's in unstable now
<hggdh> smoser: lucid went OK, maverick and natty failed. Hum. I can try *not* using --use-loader
<jbernard> hallyn: so it should be ready for merging
<hallyn> jbernard: ok - have you talked to skaet about it?
<jbernard> hallyn: your patches should apply cleanly on top
<hallyn> (since we're late in natty cycle)
<jbernard> hallyn: i haven't
<jbernard> hallyn: is that the next step?
<hallyn> jbernard: sigh - way too late for my patches (the upstart ones, right?) to go in for natty, unfortunately
<hallyn> jbernard: i think so
<hallyn> jbernard: that is, if the change is going to be rejected for natty anyway you may as well save yourself the effort
<smoser> hggdh, can i get at this uec somewhere ?
<hallyn> though with security fix I find that hart to believe
<hallyn> hard
<hggdh> smoser: if you have access to the uec test rig, certainly
<smoser> what host?
<hggdh> smoser, santol
<hggdh> smoser: zeroed in --user-loader on uec-publish-tarball
<smoser> what is santol's ip ?
<hggdh> just a sec
<hggdh> smoser: 10.55.55.7
<jbernard> skaet: is it possible to sync libcgroup from unstable to fix a security issue?
<axisys> how do I kill this process?
<axisys> root      7647 27139  4 19:20 pts/0    00:00:05 [tar]
<axisys> kill -9 7647 did not work
<axisys> do I need to reboot ?
<jbernard> hallyn: if we can get the merge accepted, then we can upload a version with your patches to natty-updates potentially?
<hallyn> jbernard: yeah, we push it to o-series and then consider SRU to natty
<jbernard> hallyn: ok, I think that will work well
<hallyn> jbernard: and since there are real bugs fixed by it, SRU has a chance
<hallyn> cool
<hallyn> pls do talk to skaet though
<smoser> hggdh, so where can i get credentials?
<jdstrand> libcgroup is in universe. there shouldn't be a huge problem with that
<hallyn> oh.  i keep forgetting about that
<hallyn> jdstrand: so is it subject to freeze now?
<hggdh> smoser . ~/uec-testing/scripts/users/admin/eucarc
<smoser> i think you're on soncoya, not santol
<jdstrand> hallyn: if its bugfix only, no. if there is more, you still need approval from a member of the release team
<smoser> oh wait. no
<jbernard> jdstrand: it's a new minor upstream release that includes bugfixes
<skaet> jbernard,  challenge is what else is there beyond the bug fixes, and do we have regression potential (and scope of testing needed)
<skaet> so yes,  definitely for o-series, and assess impact for SRU and what sort of scope of testing we'll need to feel confident.
<jdstrand> skaet: it is in universe...
<skaet> jdstrand,  thanks for the clarification.  that does influence things a bit ;)
<axisys> that tar finally went away
<hallyn> skaet: no no, the o-series plan was for *my* patchset,
<hallyn> skaet: but jbernard has another set of bugfixes including security fixes
<hallyn> (my patchset is also bugfixes, but they can wait)
<ScottK> hallyn: For Universe, bugfix is still a good thing to get uploaded.
<hallyn> ScottK: ok.  in that case, jbernard let me know if you need anything from me, but if you just want to rebase my patchet on top of yours I'm happy
<ScottK> hallyn: It needs a bug or a branch with ubuntu-sponsors subscribed.
<hallyn> jbernard: ^
<jbernard> hallyn: ok, ill file a bug and link a branch that includes what's in unstable now + your patches
<hallyn> jbernard: great, thanks.
<hallyn> there is an existing bug for my patches
<jbernard> ah yes, good call
<hallyn> recon it must be https://bugs.launchpad.net/ubuntu/+source/libcgroup/+bug/681724
<uvirtbot> Launchpad bug 681724 in libcgroup "cgroup-bin package installs with errors (failure to parse /etc/cgconfig.conf)" [High,Confirmed]
<hallyn> or is it https://bugs.launchpad.net/ubuntu/+source/libcgroup/+bug/644669
<uvirtbot> Launchpad bug 644669 in libcgroup "cgred should be started before libvirt-bin" [Medium,Triaged]
<BCS-Satori> Hello,  I made a bash script that currently lives on my cluster drive /srv/data.  How can I make the bash file executable from any working directly.  I tried adding the path to /etc/environmental but it doesn't seem to work.
<jbernard> hallyn: the later, i believe
<RoyK> BCS-Satori: add it to the PATH.....
<BCS-Satori> Royk: isn't that what /etc/environmental is?
<cloakable> BCS-Satori: is the script +x?
<BCS-Satori> cloakable: yes it is.  I get a "command not found" when outside the directory where it lives.
<cloakable> BCS-Satori: What does 'echo $PATH' say?
<BCS-Satori> cloakable: It is missing the directory I added.  Is there someway of reloading the file or do I need to reboot?
<cloakable> BCS-Satori: log out then log back in, should give you the new $PATH
<BCS-Satori> cloakable: that did it....thanks lol.
<cloakable> BCS-Satori: No problem :)
<BCS-Satori> cloakable: always the simple things
<cloakable> BCS-Satori: usually
<Daviey> Does anyone here have access to VMWare-ESX ?
<cloakable> Not I
<uvirtbot> New bug: #586632 in memcached (main) "build should run test suite" [Low,Confirmed] https://launchpad.net/bugs/586632
<BCS-Satori> Daviey: i have several esx systems running
<Daviey> BCS-Satori, Great!  Would you be able to do the ESX test case for Natty server Beta 2 candidate?
<Daviey> (it's pretty easy)
<BCS-Satori> Daviey: can't do that sorry they are full production (at office) -- sorry
<Daviey> BCS-Satori, Not as a server btw, just spawning an extra image to test it as a guest.
<Daviey> RoAkSoAx, Are you free to do a testcase?
<Daviey> RoAkSoAx, if you could take, http://iso.qa.ubuntu.com/qatracker/result/5442/269 <-- that would rock
<Daviey> Who else is around that wants to do some testing? :)
<uvirtbot> New bug: #760157 in euca2ools (main) "uec-publish-tarball --use-loader fails to publish an image on eucalyptus" [High,Triaged] https://launchpad.net/bugs/760157
<Daviey> zul, kirkland, kim0, smoser, RoAkSoAx, nigelb, raphink, adam_g, popey </shameless hilight> Fancy doing some REALLY fun iso testing? :)
<zul> depends on the fun
<Daviey> zul, you will not believe the fun involved.
<zul> still depends on the fun
<Daviey> zul, do you have a machine with 2 x spare hd's?
<Daviey> jamespage, !! just in time for some awesome testing fun !!
<RoAkSoAx> Daviey: sure... just got back from lunch
<Daviey> RoAkSoAx, so you are taking amd64/kvm ?
<smoser> hallyn, you maybe know
<smoser> or someone else might too
<Daviey> smoser, someone probably does.
<smoser> process opens a file, writes to a file, exits
<jamespage> Daviey: blah - having IPv6 hell with my router(s) so need a break
<Daviey> jamespage, sorry!
<smoser> immediately after that, something checks for existance of file
<smoser> is there some guarantee that such file will be immediately found after process closes?
<smoser> i would think so
<hallyn> posix i assume?
<RoAkSoAx> Daviey: yeah I;ll take it
<jamespage> Daviey: ISO's?
<smoser> yeah
<smoser> i'm fairly certain thats guaranteed. almost has to be or all sorts of things might not work.
<smoser> probalby guarantted after close()
<Daviey> jamespage, we have pretty good coverage already
<smoser> hm... check this out
<zul> Daviey: i can do some later tonight
<Daviey> but if RoAkSoAx is taking kvm/amd64 jeos, do you want to take kvm/i386 jeos?
<Daviey> zul, Do you have 2 x spare hd's on a machine?
<zul> Daviey: no...ill do the netboot ones
<smoser> ok. in http://paste.ubuntu.com/593753/
<smoser> line 761-785
<Daviey> zul, hmm.. not sure they are needed
<hallyn> what the....  bug 677764 was never fixed for lucid?
<uvirtbot> Launchpad bug 677764 in vsftpd "vsftpd postinstall checks for user/group starting with ftp" [Medium,Confirmed] https://launchpad.net/bugs/677764
<Daviey> it was :/  I was sure it was
<hallyn> oh, but i need -updates
<hallyn> note it's still listed confirmed in the bug
<zul> Daviey: they are on the list
<smoser> something was causing a race where the 'os.path.getsize(targz) <= 0:' woudl be taken
<smoser> how could that happen
<Daviey> zul, but they are done, no?
<smoser> i woudl have thought that the targzfile.close() would cause that to be flushed
<zul> Daviey: i dunno i thought there was a new iso no?
<Daviey> zul, well preseeds are really well covered - all the automated tests are done from preseeds.
<Daviey> zul, what would be more useful is doing a no network install?
<smoser> my patch : http://paste.ubuntu.com/593755/ seems to fix it, but i'm not certain i'm not just delaying a race
<Daviey> zul, or Rescue amd64|i386 ?
<zul> Daviey: what about the upgrade tests? anyways ill be back in a couple of hours and ill pick up the slack
<Daviey> zul, mvo has been covering automated update tests pretty well, i think.. extra coverage wouldn't hurt - but if we can get the iso test cases covered, that would rock.
<zul> Daviey: ok no problem ill be back in a while
<Daviey> zul, have fun
<Daviey> smoser, When are you planning to upload fix for 760157?
<Daviey> bug 760157
<uvirtbot> Launchpad bug 760157 in euca2ools "uec-publish-tarball --use-loader fails to publish an image on eucalyptus" [High,Triaged] https://launchpad.net/bugs/760157
<smoser> Daviey, well, i can do it "right now" or real close
<Daviey> smoser, No worries, just wondered if we can expect it in the archive for b2 release.
<kim0> Daviey: wouldn't mind playing with this iso testing thing .. more info ?
<Daviey> kim0, you hero... :)
<kim0> hehe
 * kim0 trembles
<Daviey> kim0, Do you have a machine with 2 x hd's spare?
<kim0> :/ kvm would work ?
<Daviey> ideally bare metal for this one..
<kim0> no that's hard to find for me
<Daviey> kim0, no worries
<Daviey> RoAkSoAx, can you mark the test you are doing as started?
<Daviey> jamespage1, Have you started a test?
<jamespage1> Daviey: not yet - anything specifically need picking up?
<Daviey> jamespage1, do you have hardware with 2 x hd's?
<jamespage1> Daviey: sorry no I don't
<Daviey> jamespage1, no worries
<Daviey> kim0, Do you want to do a "no network install?"
<RoAkSoAx> Daviey: i already did
<Daviey> RoAkSoAx, you rock.
<RoAkSoAx> xD
<Daviey> jamespage1, want to take http://iso.qa.ubuntu.com/qatracker/result/5443/270 ?
<Daviey> kim0, no network install is good in virtualisation if that suites?
<jamespage1> Daviey: on it now
<Daviey> kim0, http://iso.qa.ubuntu.com/qatracker/result/5443/480 <-- see the detailed instructions link ?
<hallyn> gah.  rev 28 removed the fix
<kim0> Daviey: got it .. the no network install thing
<Daviey> kim0, if you take it, can you mark the test as 'started' ?
<hggdh> Daviey: last time I ran the RAID1 on KVM -- defined two disks, and used them
<Daviey> kim0, awesome!
<kim0> Daviey: doing it
<hallyn> mdeslaur: !!!!
<hggdh> Daviey: this cycle I cannot trust my KVM
<Daviey> hggdh, yeah - trying to get some bare metal testing.
<Daviey> hggdh, heh
<jamespage1> Daviey: stupid question time - does the first screen of the installer not normally show more languages than just English?
<Daviey> erm
<mdeslaur> hallyn: huh?
<hallyn> phew, it all makes more sense now :)  i thought i was going crazy
<ScottK> It shows whatever it has available.
<kim0> Daviey: use daily server iso ?
<Daviey> jamespage1,  lemme restart this test
<ScottK> If there's only english on the ISO, that's all it shows.
<Daviey> ScottK, fancy joining the testing fun?
<hallyn> mdeslaur: i dunno, something went wonky with vsftpd in lucid-updates
<kim0> ah saw the iso link up there
<ScottK> Daviey: Still working on Kubuntu testing.
<Daviey> jamespage1, Hmm
<Daviey> ScottK, ok :(
<Daviey> jamespage1, hmm
<Daviey> you are ONLY seeing English variants?
<ScottK> Daviey: Bug #759503 is a 'fun' one.
<uvirtbot> Launchpad bug 759503 in linux "Crash trying to install over btrfs partition in live installer" [Undecided,New] https://launchpad.net/bugs/759503
<kim0> duh QA account is not Ubuntu SSO
<Daviey> kim0, yeah... not cool.
<hallyn> mdeslaur: sorry for hte noise :)  i think there was a package importer snafu
<kim0> ok
<RoyK> ScottK: imho using btrfs in production is like BASE jumping with a very small, round, parachute with holes in it, in bad weather and no reserve
<mdeslaur> hallyn: bug 677764? looks like it never made it to -proposed
<uvirtbot> Launchpad bug 677764 in vsftpd "vsftpd postinstall checks for user/group starting with ftp" [Medium,Confirmed] https://launchpad.net/bugs/677764
<hallyn> mdeslaur: if you look at the bzr changelog, it's there, but gets undone
<Daviey> RoyK, Proper base rigs don't carry reserves anyway :)
<hallyn> mdeslaur: so i assume the package importer overwrite the previous bzr commit
<mdeslaur> hallyn: I don't update bzr for security updates, since support for doing that isn't complete
<hallyn> UDD kicks another pupy
<RoyK> Daviey: more and more do :)
<mdeslaur> hallyn: well, the package got rejected, so the auto-importer is right
<jamespage1> Daviey: yes - on the CD boot screen it just has English in the menu - thats i386
<hallyn> rejected?
<Daviey> jamespage1, Hmm
<mdeslaur> hallyn: look at comment #13 in the bug...pitti rejected the upload to -proposed
<hallyn> odd, bc i see it at commit 26
<RoyK> Daviey: with the new spring-loaded reserves, it's quite possible to survive if the main chute doesn't open
<mdeslaur> hallyn: what's in bzr does not represent what's in the archive...that's two separate things
<hallyn> confounded
<Daviey> jamespage1, http://erk.daviey.com/firstscreen.png
<hallyn> mdeslaur: thanks
<Daviey> RoyK, New spring loaded reserves.... interesting.. must investigate. :)
<jamespage1> Daviey: not that one; the one right at the start just as the ISO boots
<Daviey> jamespage1, Yeah.. i have more than just english on amd64
<Daviey> checking i386 shortly
<hallyn> RoAkSoAx: can you re-upload your fix for bug 677764?
<uvirtbot> Launchpad bug 677764 in vsftpd "vsftpd postinstall checks for user/group starting with ftp" [Medium,Confirmed] https://launchpad.net/bugs/677764
<hallyn> (for lucid)
<hallyn> RoAkSoAx: another user was just bitten by it
<RoAkSoAx> hallyn: sure... I wonder why it never got processed
<hallyn> RoAkSoAx: lol
<hallyn> RoAkSoAx: see comment #13
<hallyn> RoAkSoAx: (i laugh bc I just spent 10 minutes trying to figure that out, and mdeslaur had to kindly explain it to me)
<smoser> Daviey, ok. that is uploaed. bug 760157
<uvirtbot> Launchpad bug 760157 in euca2ools "euca-bundle-image can fail on small images" [High,Triaged] https://launchpad.net/bugs/760157
<Daviey> smoser, cool... /me makes a note to add it to release notes.
<RoAkSoAx> hallyn: yeah. after commt #13, I made Daviey re-upload and apparently never got processed by SRU ppl  :)
<RoAkSoAx> hallyn: that's why I'm now wondering why it never got re-processed after Marting rejected both conflicting uploads
<hallyn> i see
<smoser> hggdh, fix is uploaed. and installed on santol
<RoAkSoAx> hallyn: anyways, I'll take of it later today/tomorrow morning
<hallyn> RoAkSoAx: thanks!
<Daviey> RoAkSoAx, *sigh*.. is it still in the queue, or was it nuked?
<RoAkSoAx> Daviey: i think it got nuked
<Daviey> *sigh*
<Daviey> hallyn, Are you saying it's busted in natty aswell, or just Lucid SRU?
<RoAkSoAx> Daviey: there's a security update now, so I'll have to re-prepare the patch
<RoAkSoAx> Daviey: just lucid SRU
<hallyn> DavidLevin: just lucid afaik
<RoAkSoAx> yeah it is just lucid
<hallyn> let's do the SRU dance
<hallyn> shift to the left, shift to the right, push up, pop down, byte byte byte?
<RoAkSoAx> lol
<Daviey> heh
<Daviey> jamespage1, OK, i just booted i386 and i get full language selection directly after boot
<Daviey> Can you boot the iso you have in KVM / Virtualbox etc and take a screenshot
<jamespage1> Daviey: md5sum of your ISO
<Daviey> and generate and md5
<Daviey> hah
<Daviey> jamespage1, eaaa0439e1df169d0531bae9654c0348  ubuntu_natty-server-i386.iso
<Daviey> kim0, how is it going?
<jamespage1> Daviey: snap
<jamespage1> eaaa0439e1df169d0531bae9654c0348  natty-server-i386.iso
<Daviey> *boggle*
<Daviey> jamespage1, reproducing in virtualised?
<jamespage1> Thats where I'm testing TBH
<Daviey> :(
<Daviey> jamespage1, can you post a screenshot somewhere?
<Daviey> jamespage1, http://erk.daviey.com/language-natty-first-screen.png
<RoAkSoAx> Daviey: should the installation of JeOS in KVM be less than 500
<Daviey> RoAkSoAx, we encountered this last cycle, and i *think* we ignored it
<jamespage1> Daviey: http://inky.ws/g/96
<Daviey> RoAkSoAx, What size is it?
<RoAkSoAx> Daviey: 533M
<Daviey> RoAkSoAx, technically, it's failed the test case - so can you mark it so?
<Daviey> I think it's OK tho.
<Daviey> jamespage1, boggle!
<RoAkSoAx> Daviey: the other thing is that there's no network but I'm doing it with TestDrive, so that might be it
<RoAkSoAx> Daviey: ah never mind there's network after reboot
<Daviey> RoAkSoAx, yeah, last time i tried server with testdrive i had similar
<RoAkSoAx> Daviey: so yeah should I file a bug because of the installtion is of 533 and mark it as failed test, or should I just ignore it
<RoAkSoAx> and mark it as passed test
<Daviey> RoAkSoAx, mark it failed, and note the bug number.
<Daviey> (i suspect we'll release with it oversized tbh)
<Daviey> RoAkSoAx, https://bugs.launchpad.net/ubuntu/+bug/760288
<uvirtbot> Launchpad bug 760288 in ubuntu "JeOS is oversized" [Undecided,New]
<RoAkSoAx> Daviey: cool I was just filing a bug
<hggdh> again oversized?
<Patrickdk> was it ever not oversized? :)
<RoAkSoAx> Daviey: still around?
<Daviey> RoAkSoAx, o/
<kim0> Daviey: side tracked into real life issues .. will do it max tom morning
<RoAkSoAx> Daviey: Could you please take care of https://code.launchpad.net/~andreserl/ubuntu/lucid/vsftpd/sru1/+merge/57608 :)
<Daviey> RoAkSoAx, wilco, doing some beta crtical things first.
<RoAkSoAx> Daviey: sure, thanks
<ScottK> RoyK: Sure.  It was just for testing.
#ubuntu-server 2011-04-14
<Slyboots> Hello all
<Slyboots> I was tracing down a problem wiht my server (hard-lock) and noticed something really weird in the logs
<Slyboots> Not sure if this is "normal" Apr 13 18:39:01 beluga CRON[6946]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
<kirkland> Daviey: hey, do we still need some ISO test coverage?
<Daviey> kirkland, That would rock.
<Daviey> kirkland, do you have hardware with 2 x hd's?
<kirkland> Daviey: tonight, or can it be done on the morrow?
<kirkland> Daviey: i have tons and tons of KVMs :-)
<Slyboots> Anyone have any idew aht that command might be donig? I dont have any crontjobs setup as root o.o
<kirkland> Daviey: and my primary server has 2 hd's, but zat's it
<RoAkSoAx> SpamapS: can you please take care of the recently uploaded SRU by Daviey for vsftpd please
<Daviey> kirkland, we are slow close to complete coverage before b2, making nowish a better time.
<Daviey> crikey RoAkSoAx, i literally just dputted it :P
<Daviey> kirkland, i had a rough time with raid/amd64 using virtualbox
<Daviey> would really like it reproduced, even with kvm.
<Daviey> kirkland, http://iso.qa.ubuntu.com/qatracker/result/5442/286
<kirkland> Daviey: i can get this up and running with raid
<kirkland> Daviey: sorry, with kvm
<Daviey> kirkland, thanks - see my comments
<kirkland> Daviey: doing it now, then the missus wants me to join her for dinner
<Daviey> removing first hd worked for me, reversing the test failed... i think it was vboxes fault tho
<Daviey> kirkland, That is fine, dinner + laptop on table *always* goes down well.. I know from experience. :/
<kirkland> Daviey: installing
<RoAkSoAx> Daviey: heeheh I just wanna get that done :P
<Daviey> :)
<kirkland> Daviey: okay, installed
<kirkland> Daviey: hmm, hanging for a *long* time at installing grub, 66%
<kirkland> Daviey: nevermind, made it past
<RoAkSoAx> kirkland: I'll get a DRBD/MySQL and will let you know to try eCryptfs
<kirkland> RoAkSoAx: rocking ;-)
<Daviey> kirkland,  I was about to head to bed, but curious how this works out.
<kirkland> Daviey: hang here, 2 more minutes
<kirkland> Daviey: trying to boot from disk a only
<kirkland> Daviey: okay, disk a boot worked
<kirkland> Daviey: but i see my byobu/raid plugin is broken
<kirkland> Daviey: separate bug
<Daviey> :(
<Daviey> kirkland, yeah dropping disk A worked for me
<Daviey> (make sure you wait for raid to rebuild after boot)
<kirkland> Daviey: booting from disk b
<kirkland> Daviey: yup, it rebuilt
<smoser> hm... jamespage is not awake.
<Daviey> slacker.
<kirkland> Daviey: disk b booted fine
<smoser> hggdh, do you know how to kick off jamespage's jenkens ec2 tests ?
<Daviey> kirkland, ahh cool
<kirkland> Daviey: behavior looks good here, except for my byobu/raid breakage
<Daviey> wonder what caused my headache
<smoser> http://uec-images.ubuntu.com/server/natty/20110413.1/ is ready
<hggdh> smoser: it only runs on his server...
<kirkland> Daviey: virtualbox
<kirkland> Daviey: i'll mark this passed for me
<Daviey> kirkland, sweet, thanks.
<kirkland> Daviey: no problem
<kirkland> Daviey: time for dinner
<Daviey> kirkland, o/
<Daviey> time for bed here methinks.
<Daviey> smoser, The best i can suggest is jotting jamespage an email asking him to kick it off first thing.
<Daviey> smoser, I thought you and jamespage were working on a plan for you to be able to kick them off aswell?
<smoser> yes. i will do that.
<Daviey> smoser, How long did the jenkins testing take last time?
<Daviey> (smoser, do i understand it that you won't be doing your normal testing for b2)
<smoser> i did not do my testing for b1.
<smoser> so i had not lanned to for beta2
<Daviey> ok, cool.
<smoser> under a couple hours to run the tests.
<kirkland> Daviey: done, i'm out
<Daviey> kirkland, o/
<Daviey> Anything else before I head to bed?
<zul> Daviey: got your email
<Daviey> zul, got your reply :)
<Daviey> thanks zul
<Daviey> nn all o/
<smoser> danielck, sent you an email about testing
<rnigam> is anyone here tried vmbuilder before? if so, can you please tell how can I pass vhost=on and virtio as parameters while installing a kvm guest
<smoser> as parameters to what, rnigam ?
<rnigam> smoser: Could you tell me how you would tell your guest to use virtio drivers and VhostNet drivers at creating time.
<rnigam> creation*
<smoser> as in when building the image ?
<smoser> or as in launching a guest
<smoser> building an image really shouldn't need anything.  the virtio drivers are included in any recent (karmic or later at least) kernel, and should "just work".
<smoser> when starting kvm, via kvm command line, "-drive mydisk,if=virtio" there are other ways to do that in libvirt and such
<rnigam> smoser: what about VhostNet? I finally managed to install the vhost_net module in maverick but have not been able to understand whereI must pass vhost=on as mentioned in : http://www.linux-kvm.org/page/UsingVhost
<smoser> i've never used that myself... but,
<smoser> > egrep "CONFIG_(VHOST_NET|PCI_MSI)" /boot/config-$(uname -r)  ~
<smoser> CONFIG_PCI_MSI=y
<smoser> CONFIG_VHOST_NET=m
<smoser> 2.6.38-8-generic
<smoser> thats natty kernel i'm not sure aobut others
<jeffro> hey
<rnigam> I am at 2.6.35 and those options are already set by default. So in order for guest to use vhost_net i dont have to do vhost=on at all?
<rnigam>  <interface type='bridge'>
<rnigam>       <mac address='52:54:00:0e:e1:93'/>
<rnigam>       <source bridge='br0'/>
<rnigam>       <target dev='vnet0'/>
<rnigam>       <model type='virtio'/>
<rnigam>       <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
<rnigam>     </interface>
<rnigam> sorry that came by mistake !
<smoser> ah, in libvirt, you'll have to somehow tell it to create a kvm guest with vhost, yes
<smoser> but i would think that the kernel will figure it out if you do manage to do that.
<smoser> you might want to try just launching a kvm guest by hand as dscribed there. (ie, without libvirt as a test)
<onecrazycat> Cheers everyone.  I'm setting up DHCP failover and I am a little confused.
<onecrazycat> I have an existing server, but on this server I have manually configured groups of hosts.  Do each of these group { statements need a "failover peer "XXXXX" statement?
<onecrazycat> For example, I set up failover peer "NAME" { } with a bunch of parameters, and I also have to define what addresses fall into this failover ruleâ¦  If I have a ton of different groups, do they all need to reference this?
<onecrazycat> BTW, this is all found in the dhcpd.conf file...
<onecrazycat> Any dhcpd gurus here tonight?
<ap0c> anyone know how to mount a md device on boot ?
<ap0c> onecrazycat: yeah i'm pretty good with dhcpd
<ap0c> what are you trying to do?
<onecrazycat> ap0c: I'm setting up a failover
<ap0c> heh, yeah i scrolled back and saw that
<ap0c> whats the error ?
<onecrazycat> ap0c: No error, just that I have a lot of different groups configured in my dhcpd.conf file.
<ap0c> ah, so whats the problem?  it's not failing over?
<onecrazycat> ap0c: none of the tutorials or man pages seem to address this commonality.
<onecrazycat> ap0c: it isn't even set up yet.  I just want to configure it properly.
<ap0c> something like http://ubuntuforums.org/showthread.php?t=447377
<onecrazycat> ap0c:  I just followed the man page, but I'm no so sure this will give me the results I want.  If I put the "failover peer "NAME";" and a range section in a pool {} under my subnet settings, that's all well and goodâ¦ but what about hosts outside of that range?
<ap0c> ?
<onecrazycat> ap0c:  yes, similar to the forum post
<onecrazycat> ap0c:  I'm thinking I'm going to give this a go and cross my fingers, but I'm the type that likes to spend a lot of time preparing and less time debugging, dig? :)
<ap0c> haha yeah pretty much
<onecrazycat> ap0c: which is why I asked about it here.  I appreciate you replying.
<ap0c> just go for it man
<onecrazycat> ap0c:  Will do.  Thanks :)
<dudeami> Anyone here?
<dudeami> Nvm
<Abhijit> hi
<Abhijit> is it okay to have 5-6 apache processse running in localhost only apache server machine? or is it security issue?
<Abhijit> hi
<Abhijit> hepl
<Abhijit> is it okay to have 5-6 apache processse running in localhost only apache server machine? or is it security issue?
<jeffro> anyone wanna try to tackle a midnight postfix problem? :D
<binBASH> just ask your question
<jeffro> alright
<jeffro> i get these errors: warning: unable to create lock file /var/mail/xxxxx.lock: permission denied
<jeffro> postfix/local says : (cannot append message to file /var/mail/jeffro: cannot open file: Permission denied)
<binBASH> so fix your permissions
<jeffro> so i ran postfix set-permissions
<jeffro> i tried adding myself to the postdrop group
<jeffro> etc, doesn't work
<jeffro> im not experienced w/ linux, obviously
<greppy> what are the permissions on /var/mail and /var/mail/jeffro
<jeffro> k
<greppy> ls -ld /var/mail
<jeffro> drwxrwsr-x  2 root mail
<jeffro> thats mail
<greppy> ls -l /var/mail/jeffro
<jeffro> /vra/mail/jeffro: -rw-rw----  1 jeffro mail
<jeffro> and the places the error messages come from is /var/syslog
<jeffro> if that matters
<greppy> in /var/syslog? are you running ubuntu?
<jeffro> yeah, 10.10
<jeffro> sorry
<jeffro> /var/log/syslog
<jeffro> i've tried removing/installing
<jeffro> postfix is just pwning me
<jeffro> also tried taking off chroot for sendmail
<jeffro> also possibly relevant, i changed /etc/aliases to forward root to my user acct. i also appended jeffro: /var/mail/jeffro
<jeffro> sorry, back
<xelister> hello soren \o/
<xelister> vmbuilder continues to suck an epic dick and not working at all
<xelister> new bug:
<xelister> Setting up linux-firmware (1.34.4) ...
<xelister> , stderr: Done.
<xelister> Running depmod.
<xelister> update-initramfs: Generating /boot/initrd.img-2.6.32-30-server
<xelister> mktemp: failed to create directory via template `./TMP/mkinitramfs_XXXXXX': No such file or directory
<xelister> update-initramfs: failed for /boot/initrd.img-2.6.32-30-server
<xelister> soren: perhaps the workaround for lack of -tmp= flag screws up later installation?
<xelister> the setting of TMPDIR
 * xelister beats up smoser with a metall gauntlet
<xelister> why can't you get vmbuilder to work correctly :<  (on i7 and with small /tmp)
<thes26> which is the quicly browser on ubuntu
<soren> thes26: Huh?
<joschi> thes26: lynx
<thes26> joschi, thx
<uvirtbot> New bug: #760478 in postfix (main) "postfix upgrade-configuration reports extraneous files" [Undecided,New] https://launchpad.net/bugs/760478
<sjbnz> join #linuxoutlaws
<Dr_Jekyll> :-)
<nimrod10`> what is the conf file for apt in 10.04 server in which I'm supposed to put the http proxy config ?
<pnunn> Anyone on here know anything about squid config?
<iclebyte_work> pnunn, ask your question
<soren> nimrod10`: /etc/apt/conf.d/<something>
<pnunn> OK.. I have two servers talking to one authentication box... at one site it works fine... at the other not.
<pnunn> as far as I can see the configs are identical.
<pnunn> At one site in the log I get in the log
<pnunn> access.log.1:1302567283.836    618 192.168.100.132 TCP_MISS/200 7321 POST http://fred.spydus.com/cgi-bin/spydus.exe/PGM/CAT/AWZREQ - DIRECT/203.33.245.12 text/xml
<pnunn> at the other
<pnunn> access.log.1:1302590223.719     77 192.168.0.67 TCP_MISS/417 1938 POST http://fred.spydus.com/cgi-bin/spydus.exe/PGM/CAT/AWZREQ - NONE/- text/html
<pnunn> which I think means its not passing on the request after the cache miss for some reason.
<pnunn> I can't for the life of me find out why its not passing on the request.
<nimrod10`> soren, just put a name like  http-proxy  for that file ?
<nimrod10`> for further reference , to enable   apt to work through a http proxy  I've put a http-proxy file containing   http://[[user][:pass]@]host[:port]/    in  /etc/apt/preferences.d/
<nimrod10`> soren, ^
<joschi> nimrod10`: see apt.conf(5) (-> `man apt.conf`) for the correct syntax
<joschi> nimrod10`: and /etc/apt/preferences.d is wrong
<soren> nimrod10`: See "man apt.conf" for more info.
<nimrod10> soren, joschi thanks for the heads up
<zul> morning
<Daviey> afternoon zul o/
<RoAkSoAx> morning all
<uvirtbot> New bug: #760653 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/760653
<rickspencer3> Daviey, et al ...
<rickspencer3> Beta 2 getting ready to go today! what's the word on the street for Ubuntu Server?
<smoser> Daviey, so, really, we need to open https://bugs.launchpad.net/ubuntu/+source/udev/+bug/712026
<smoser> its not fixed.
<uvirtbot> Launchpad bug 712026 in udev "cloud-init.conf never runs, instance not reachable via ssh" [High,Fix released]
<smoser> SpamapS, ^
<smoser> s/open/re-open/
<smoser> it seems like the race window was reduced.
<Daviey> rickspencer3, It's looking pretty good... We've already got near complete test case coverage.
<rickspencer3> Daviey, sweet!
<rickspencer3> Ubuntu Server is rocking in Natty
<rickspencer3> I hope you guys are as psyched as I am
<Daviey> rickspencer3, Something i'm not sure about, the minimal virtual instal (formally JeoS) is specified as being <500MB... I believe last cycle we had the same issue we are seeing now where it is ~535MB.
<rickspencer3> interesting
<Daviey> I'm not sure we /need/ to bring it back under 500MB... (there was original sensible rational).
<rickspencer3> Daviey, well, I think 500 Megs is a good limit
<rickspencer3> and this demonstrates why having an ISO is good for discipline
<rickspencer3> however, it's Beta 2
<rickspencer3> and 35MB sounds like a lot
<Daviey> rickspencer3, ack... i'm reasonably sure we dicovered this in maverick but let it slide.
<uvirtbot> New bug: #760725 in cloud-init (main) "Cloud-init failed to complete actions" [Undecided,New] https://launchpad.net/bugs/760725
<Daviey> smoser, do you have thoughts on that bug ^^?
<soren> 535MB for JEOS? Wow.
<soren> Just... wow.
<smoser> Daviey, i have no thoughts on that. i only suspect that some upstart job hung, and thus blocked rc from running (or 'rc' job blocked on something)
<smoser> and thus cloud-final didn't run.
<smoser> one way or another cloud-final didn't run, and we don't have enough info from the instance to see why that was.
<Daviey> soren, Do you remember us having this same discussion last cycle?
<smoser> jamespage will modify test suite to collect some info tha tmight be helpful in the future.
<soren> Daviey: Honestly? No :)
<Daviey> soren, I need to grep logs then... :)
<soren> Daviey: I'm not denying it happened. I just have no recollection  of it :)
<Daviey> soren, oh aye... i can't remember who was in the discussion.
<JanC> why is it so big?  ;)
<soren> If I had a nickle for every time I heard that question...
<soren> I'd have a nickel.
<Daviey> O_o
<soren> :(
<Daviey> :(
<air^> howdy.
<JanC> I remember 3 years ago JeOS was smaller than a Debian minimal install  ;)
<jamespage> Daviey: we had some issues earlier this cycle with the JeOS install size; I'll see if I can dig out what the issue was
<Daviey> jamespage, please...  i expect it's printer related :)
<zul> smoser: i might be seeing the same thing in the lxc container using cloud-init
<jamespage> hggdh: please can you restart both Jenkins slaves; had to restart the master instance earlier today - ta
<jamespage> Wow: http://jenkins.qa.ubuntu-uk.org/view/natty-ec2/job/natty_server_ec2/9/testReport/ - nearly 1000 tests and we did not even do us regions!
<soren> The boot seed alone weighs in at 244MB.
<Daviey> I'm wondering if we are seeing bug 712145 again, the numbers seem to match.
<uvirtbot> Launchpad bug 712145 in pkgsel "ubuntu-server JEOS ISO install uses 519M of storage" [Medium,Fix released] https://launchpad.net/bugs/712145
<jamespage> Daviey: ISO testing looks for 550MB not 500MB as a good threshold - there was a reason for this
<Daviey> cjwatson, Is it likely pkgsel has reintroduced that bug above ^^?  We are seeing large JEOS installs again.
<soren> cjwatson: language-selector-common is in standard. Won't it get installed regardless?
<smoser> ok. mainly i'm just curios.
<smoser> i dont understand this http://paste.ubuntu.com/594057/
<smoser> it seems to me that the 'targzfile.close()' should be enough to ensure that the file exists when 'size = os.path.getsize(targz)' checks.
<soren> smoser: How does it fail?
<smoser> read the test case... but basically the file that it creates has size 0 when it checks
<smoser> so, i guess it does exist, but i would have thought that the close would have ensured that it would have non-zero size.
<soren> Oh, it's size 0?
<soren> How big is this file usually?
<smoser> 1549
<soren> bytes?
<smoser> yeah
<smoser> so they're all in IO buffer
<soren> Right.
<soren> The problem is this:
<smoser> but i would have thought the close would have flushed them
<soren> You're closing your own file descriptor, but zipproc has it open, too.
<soren> Twice, actually.
<soren> (once inherited from your process and once attached to its stdout)
<soren> Or maybe subprocess handles the former case. Anyways, it's open at least once.
<soren> ...and it's zipproc that has stuff in its buffer.
<smoser> right.
<hallyn> kirkland: we'd been wanting to package gpxe, looks like ipxe is all set (in its place), ITP for gpxe was http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474034.  Q is, is there anything to be done for it on our end before May?
<smoser> so the fix path is fine, though.
<uvirtbot> Debian bug 474034 in wnpp "ITP: ipxe -- PXE network bootloader for x86 PCs" [Wishlist,Fixed]
<smoser> right ?
<soren> smoser: Yes, perfectly.
<hallyn> zul: is there anything to be done to kick the samba community re https://bugzilla.samba.org/show_bug.cgi?id=6724 ?
<uvirtbot> bugzilla.samba.org bug 6724 in File services "smbd panic action with yield_connection name=0x0" [Normal,New]
<zul> hallyn: looking
<soren> smoser: You seem somehow unconvinced?
<smoser> well it made sense to me when i made the patch
<smoser> but then i thought about it
<kirkland> hallyn: not really;  you could, perhaps, push it into the ~ubuntu-virt PPA, for curious Ubuntu virt users
<smoser> i think your'e right though
<kirkland> hallyn: it won't make it into Natty, though
<kirkland> hallyn: and it should be sync'd from Debian once Oneiric archives open
<zul> hallyn: ill see what i can do
<hallyn> kirkland: it'll get automatically synced?
<hallyn> zul: thanks
<soren> smoser: It *does* happen. Cccasionally.
<hallyn> kirkland: that's waht i was wondering, if there were any steps we could take to get it into O as soon as possible
<soren> Occasinally, even.
<kirkland> hallyn: if it's in debian unstable before Oneiric's Debian Import Freeze, yes, it's automatic
<soren> Errr.
<soren> Darn it.
<hallyn> kirkland: awesome, thanks
 * smoser deletes irc logs of this so he is not bothered by soren being correct
<zul> hallyn: which version is that with?
<hallyn> zul: you claimed 3.3 :)
<hallyn> lemme find our bugs for it again
<zul> hallyn: i did? :)
<hallyn> zul: well the original bug (which we link dups to) is bug 388483
<uvirtbot> Launchpad bug 388483 in samba "smbd panic action with yield_connection name=0x0" [Medium,Confirmed] https://launchpad.net/bugs/388483
<zul> hallyn: ah ok
<hallyn> there it's 2:3.3.2-1ubuntu3
<hallyn> 2:3.4.7~dfsg-1ubuntu3.2 was the most recent
<jamespage> Daviey, RoAkSoAx: I just installed a minimal virtual amd64 natty and its only 429MB?
<zul> hallyn: yeah i think we might try to reproduce it again
<Daviey> jamespage, wtf.
<Daviey> jamespage, that is not helpful.
<jamespage> Daviey: TBH that's inline with what I saw on i386....
<jamespage> Daviey: 410MB - still had it kicking around
<Daviey> jamespage, That makes no sense... RoAkSoAx and highvoltage both saw it 53XMB
<Daviey> i think there was one more report aswell of that.
<Daviey> RoAkSoAx, around?
<RoAkSoAx> Daviey: yes sir
<RoAkSoAx> Daviey: what's bothering you my friend?
<jamespage> Daviey, RoAkSoAx: http://paste.ubuntu.com/594071/
<RoAkSoAx> ah lol (irssi doesn't notify me :s)
<RoAkSoAx> jamespage: weird
<RoAkSoAx> in my case was 533
<jamespage> thats odd
 * RoAkSoAx downloading a new ISO
<jamespage> Daviey: might be linked to that other issue I had re language support on the ISO boot screen?
<jamespage> maybe I'm not getting so many options?
<jamespage> RoAkSoAx: what did you test on?
<RoAkSoAx> jamespage: KVM, using testdrive
<jamespage> RoAkSoAx: I'm using KVM but from virt-manager
<RoAkSoAx> jamespage: will test both and compare
<Daviey> RoAkSoAx, sorry, i was afk
<Daviey> I wanted you to compare experiences with jamespage, to try and determine why you have different jeos sized images
<RoAkSoAx> Daviey: no worries
<RoAkSoAx> Daviey: yeah I'm on it
<RoAkSoAx> downloadin ISO now
<RoAkSoAx> jamespage: just installed again with TestDrive and is 533M
<RoAkSoAx> will now try with virt-manager
<jamespage> RoAkSoAx: most puzzling
<RoAkSoAx> jamespage: /win 13
<RoAkSoAx> arghh
<jamespage> hehe
<RoAkSoAx> hehe
<RoAkSoAx> sry
<RoAkSoAx> happens all the time xD
<resno> heres my issue. i installed zyntal. but now i cant get it to speak on the network
<RoAkSoAx> jamespage: confirmed, installing with virt-manager gives a different disk size
<RoAkSoAx> jamespage: 428M
<resno> i clear all the iptables, recongiured dhcp. its gets an address but wont "connect"
<jamespage> RoAkSoAx: same as my install - now that is odd
<RoAkSoAx> jamespage: maybe the type of disk used
<jamespage> Might be - what does testdrive use?
<RoAkSoAx> kirkland: qcow2
<RoAkSoAx> jamespage: qcow2
<RoAkSoAx> kirkland: any ideas why the install size would differ between TestDrive and virt-manager?
<jamespage> RoAkSoAx: thats what I used in virt-manager as well so no diff
<RoAkSoAx> uhm weird then :S
<jamespage> RoAkSoAx: when you installed using virt-manager did you get presented with multiple language options in the ISO boot screen?
<RoAkSoAx> jamespage: yes
<jamespage> Hmmm - so not that then - I have an issue there but it seems to be a me only one
<RoAkSoAx> jamespage: in my case was everything exactly like with TestDrive
<RoAkSoAx> jamespage: kvm command from testdrive:  kvm -m 512 -smp 2 -cdrom /home/roaksoax/.cache/testdrive/iso/ubuntu_natty-server-amd64.iso -drive file=/home/roaksoax/.cache/testdrive/img/testdrive-disk-KiJDSk.img,if=virtio,cache=writeback,index=0,boot=on -usb -usbdevice tablet -net nic,model=virtio -net user -soundhw es1370 -vga cirrus
<RoAkSoAx> jamespage: the one with virt-manager /usr/bin/kvm -S -M pc-0.14 -enable-kvm -m 512 -smp 2,sockets=2,cores=1,threads=1 -name natty7-jeos -uuid 59c4d5ff-82e7-4833-c7b9-8c95f5cc769a -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/natty7-jeos.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -rtc base=utc -boot order=c,menu=off -drive file=/media/vm1/natty7.img,if=none,id=drive-virtio-disk0,bo
<RoAkSoAx> jamespage: it must be something with that
<RoAkSoAx> jamespage: maybe because testdrive disk format used is with virtio while virt-manager's is raw? -drive file=/media/vm1/natty7.img,if=none,id=drive-virtio-disk0,boot=on,format=raw
<cjwatson> Daviey: dunno.  are logs available?
<jamespage> hmm - don't think so - I use qcow2 in virt-manager
<Daviey> cjwatson, jamespage and RoAkSoAx and comparing, they have differing results.
<Daviey> s/and/are
<jamespage> Daviey: installing through testdrive appears to create a larger install than installing through virt-manager
<Daviey> jamespage, this makes no sense...
<jamespage> Daviey: tell me about it :-)
<Daviey> RoAkSoAx / jamespage: Might be an idea to reproduce, saving the d-i logs?
<jamespage> Daviey: assuming that's what gets installed to /var/log/installer/syslog I already have one :-)
<skaet> smoser, Daviey - what's the story with the UEC images?   Am not seeing them on the iso tester
<skaet> are we good to ship them?
<Daviey> They should be published now smoser ?
<smoser> you're not ? http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
<smoser> shows them there. we've not run test in the us regions
 * skaet refreshing her link...
<smoser> because the apt mirrors are broken there. there is an is ticket open, but running test depends on 'apt-get update' not failing.
<skaet> smoser,  I don't see UEC images,  just EC2 ones...
<smoser> ah... uec images. ok. i dont think they'd been populated there for a while.
 * skaet may be cross eyed though by now...
<Daviey> ah... they are the same.
<smoser> well.... we used to have uec images
<smoser> explicitly to test running the images under eucalyptus
<Daviey> smoser, They got dropped tho, didn't they?!
<smoser> well, they really should not have. it is quite valid to test. we expect the images to work on UEC and we've seen failures on Eucalyptus before.
<smoser> now, i happen to know that hggdh tested natty images in natty uec yesterday.
<skaet> smoser, Daviey - we have mentioned them in the announce note.   We'll need to synch up what's expected.
<smoser> also, if you want to add them, i can get a test run on them. they will run fine.
<skaet> smoser,  that would be good.
<Daviey> skaet, hmm.. "http://uec-images.ubuntu.com/releases/natty/beta-2/ (Ubuntu Server for UEC and EC2)"
<smoser> wait. was that supposed to have been done ?
<smoser> is this released now ?
<Daviey> no.. not afaik
<skaet> Daviey,  we're still preping things.
<Daviey> skaet, see my PM?
<SpamapS> RoAkSoAx: ack .. will take a look
<SpamapS> smoser: ^^
<RoAkSoAx> SpamapS: cool thnaks
<SpamapS> hmm I don't see anything in lucid-proposed for vsftpd
<RoAkSoAx> Daviey: ^^
<hggdh> jamespage: how's EC2 testing?
<Daviey> RoAkSoAx, hmm... i sure did dput it... I wonder if it was lost with the LP outage last night
<RoAkSoAx> Daviey: maybe
<jamespage> hggdh: OK - all regions aside from us-* tested - however archive checksum issues in those regions which means we can't test
<Daviey> RoAkSoAx, re uploading
<hggdh> jamespage: this also includes EBS testing (meaning were they done/not done)?
<RoAkSoAx> Daviey: thanks
<RoAkSoAx> SpamapS: ^^ should be available soon
 * RoAkSoAx is off to lunch
<jamespage> hggdh: non-optional EBS tests where completed
<hggdh> jamespage: perfect, thank you
<jamespage> hggdh: http://jenkins.qa.ubuntu-uk.org/view/natty-ec2/job/natty_server_ec2/9/
<RoAkSoAx> Daviey: see your upload as (Waiting for approval)
 * RoAkSoAx really this time off to lunch
<Daviey> RoAkSoAx, o/
<jamespage> Daviey: please can you ignore the merge requests associated with bug 715152
<uvirtbot> Launchpad bug 715152 in ntp "ntp wont run on IPv6 only host unless lo has 127.0.0.1 address" [Medium,Fix released] https://launchpad.net/bugs/715152
<jamespage> need to add headers to the patch
<Daviey> jamespage, ack, just update the branch and it'll refresh the merge proposal
<hvgotcodes> im trying to get lucid32 running on ec2.  I can start the machine up, but its not running my --user-data-file script
<SpamapS> RoAkSoAx: I see it now, wil review
<RoAkSoAx> SpamapS: thanks!
<SpamapS> RoAkSoAx: http://launchpadlibrarian.net/69370270/vsftpd_2.2.2-3ubuntu7.1_2.2.2-3ubuntu6.2.diff.gz ... looks like you got the version numbers wrong in changelog
<RoAkSoAx> SpamapS: not me.. seems the branchs are not up to date
<RoAkSoAx> SpamapS: take a look to the latest security and update branches those are ubuntu6.1
<skaet> smoser,   Just checking I can remove this... "Running images in EC2, t1.micro is currently limited to arch amd64."
<smoser> yes.
<smoser> skaet,
<skaet> :)
<skaet> done
<SpamapS> RoAkSoAx: interesting
<SpamapS> RoAkSoAx: you need to make the version higher than the previous upload to proposed: https://launchpad.net/ubuntu/+source/vsftpd/2.2.2-3ubuntu7.1
<RoAkSoAx> SpamapS: there's no 7.1 in the archives
<SpamapS> RoAkSoAx: Yes but there was one uploaded (and rejected)
<SpamapS> RoAkSoAx: I will ask pitti if that matters but usually it does
<RoAkSoAx> SpamapS: right -updates is 6.2
<RoAkSoAx> SpamapS: so the branch in -proposed was never in -updates
<SpamapS> RoAkSoAx: if it was accepted in proposed, people may have it on their system.
<RoAkSoAx> so makes no sense to branch from -proposed
<RoAkSoAx> SpamapS: right but -proposed differs from -updates
<RoAkSoAx> SpamapS: so a SRU enters through -updates
<RoAkSoAx> SpamapS: when a SRU is accepted, then branch should be -updates
<SpamapS> RoAkSoAx: sorry but I have no idea what you are arguing.
<SpamapS> this has *nothing* to do with branches. Its the state of the archive. If the branches don't reflect that, its a bug in udd.
<hvgotcodes> guys, can u think of why a --user-data-file script wouldn't run?
<SpamapS> RoAkSoAx: going afk for a bit.. bbl
<RoAkSoAx> SpamapS: right but the state of the archive is that there's a ubuntu6.1 as the *last* upload for vsftpd in lucid
<RoAkSoAx> so the next one sjhould be ubuntu6.2
<RoAkSoAx> SpamapS: Ok so here's the deal. It seems that the mistake here was that in -proposed there's a branch with 7.1 when it should have been 6.1. That upload was rejected and never made it into the archive, but the branch was kept in -proposes (lp:ubuntu/lucid-proposed/vsftpd)
<Daviey> SpamapS, hang on... this doesn't make sense
<Daviey> https://launchpad.net/ubuntu/+source/vsftpd/2.2.2-3ubuntu6.1 == archive content
<RoAkSoAx> SpamapS: Now, I branched the branch in lp:ubuntu/lucid-updates/vsftpd since it has the latest. This branch contains a security update which is now 6.1, and proposed the merge against
<SpamapS> Yes apparently the 7.x never made it into the archive
<Daviey> https://code.launchpad.net/~andreserl/ubuntu/lucid/vsftpd/sru1 == RoAkSoAx's branch
<SpamapS> so its ok.. I'll do the debdiff manually per pitti's advice
<Daviey> (based on what is currently in the archive)
 * SpamapS begs your patience as he prepares for the sru team jedi trials
<RoAkSoAx> SpamapS: yeah that's were I was going next
<RoAkSoAx> if I would have prepared a debdiff instead of a branch, it is still ubuntu6.2
<RoAkSoAx> SpamapS: Daviey i guess we've encountered that the approach of branching -proposed -updates -security differently does not maintain consistency of the archive
<RoAkSoAx> s/archive/branches
<Daviey> RoAkSoAx, no, as SpamapS the branches in this instance are irrelvant
<SpamapS> UDD is very broken for SRU's. :-P
<RoAkSoAx> Daviey: yeah but I meant in the case of SRU as SpamapS is mentioning
<Daviey> I swear i looked in lucid unapproved queue before uploading.. :/
<Daviey> RoAkSoAx, ah
<RoAkSoAx> Daviey: it is not your error, it is an error of having a branch in -proposed that never made it into the archive
<RoAkSoAx> which caused the confusion
<Daviey> SpamapS, Was this package already in lucid unapproved queue?
 * Daviey *boggles*... A) i'm pretty sure i checked the unapproved queue before uploading, B) i uploaded yesterday and recieved no confirmation.
<RoAkSoAx> Daviey: that upload was never made I think, but the branch was merged
<RoAkSoAx> Daviey: but either way, way after that ... an upload for 6.1 as a security update was made
<RoAkSoAx> Daviey: so there should not have been any issues when uploading a 6.2
<Daviey> Okay... so is the -proposed bzr branch confusion or -proposed archive pocket (approved or unapproved)?
<Daviey> SpamapS, ^^ ?
<RoAkSoAx> Daviey: he's gonna do a debdiff
<RoAkSoAx> to ignore the error in the -proposed bzr branch
<Daviey> RoAkSoAx, Well.. i think it would be helpful if we know what caused this :)
<SpamapS> Daviey: what caused this is the weirdness between the branches when there are updates/security/proposed versions
<SpamapS> RoAkSoAx: ok, tentatively approved.. have to wait for pitti to do the real accept.
<RoAkSoAx> SpamapS: cool thanks
<RoAkSoAx> SpamapS: and I agree with you, weirdbess between those 3 branches
<Daviey> SpamapS, Still confused, RoAkSoAx's bzr branch is based on current -updates content.
<Daviey> SpamapS, I couldn't see it in the unapproved queue... so wtf happend?
<SpamapS> Daviey: the queue diffs against the "latest version uploaded" .. the latest version isn't decremented if an upload is rejected.
<SpamapS> Again, nothing to do with the branches
<Daviey> SpamapS, Ahh... you mean the LP generated diff in the unapproved queue?
<SpamapS> Daviey: right
<Daviey> Ahh!
<Daviey> I have an open bug about this
<Daviey> SpamapS, so pitti is asking you to debdiff for your review?
<jeffro> heyy.... anyone want to help me w/ this postfix issue? :D
<Daviey> SpamapS, bug 680911 fwiw
<uvirtbot> Launchpad bug 680911 in launchpad "Diff generation in the proposed pocket should consider the updates pocket even when there are previous proposed publications." [Low,Triaged] https://launchpad.net/bugs/680911
 * SpamapS heads to lunch
<mathiaz> SpamapS: hey!
<SpamapS> mathiaz: hallo from Santa Clara! ;)
<mathiaz> SpamapS: happy lunch!
<mathiaz> SpamapS: haha - hello from San Francisco
<mathiaz> SpamapS: I'm also heading out to lunch :)
<RoyK> zzhellozz from zznorwayzz
<jeffro> yayyy sf and santa clara
<hallyn> soren: question on vmbuilder.   You build (built) for current dev release using lp:vmbuilder and lp:~vmbuilder-dev/packaging.  To SRU a cherry-pick from a bzr commit, would you insist on moving to a whole new commit, or would you take lp:ubuntu/lucid-updates/vm-builder and just update it?
 * RoAkSoAx will be back later
<hallyn> soren: well, i'm goign the simple cherry-pick route
<fosterdv> Hey, by chance... does anyone know how to check to see which IP a SSL certificate has been made for?
<cloakable> Examine the CN of the certificate?
<fosterdv> I haven't tried that... I'm not too strong, when it comes to SSL... I'll try that now.
<rcsheets> Usually SSL certificates aren't made for specific IP addresses, but rather specific hostnames.
<cloakable> yeah
<fosterdv> Oh.. nice. I didn't know that. Thank you guys.
<rcsheets> fosterdv: could you explain the context of what you're trying to accomplish a bit more?
<rcsheets> or was that really all you needed to know?
<fosterdv> rcsheets: Yeah, I'm trying to set up a Ubuntu 10.10 server, and I'm trying to step up certificates for mytestserver.us + server.mytestserver.us, but didn't know what IP I used, for mytestserver.us
<fosterdv> I'm trying to set up ehcp, without needing to recycle my server again.. so, I'm trying to figure out how I need to get my domain to resolve.
<pirx> hello! does anyone by any chance run Lucid (server) on a Mac Mini? (cant get sound working)
<rcsheets> fosterdv: probably just make sure your dns is set up correctly
<fosterdv> rcsheets: Yeah, I'm setting up server. to resolve to the second IP on the server.
<soren> hallyn: I don't think I understand what you mean by "a whole new commit".
<fosterdv> rcsheets: Hey, by chance.. do you know when installing 'libapache2-mod-php5filter', would be necessary?
<fosterdv> http://packages.ubuntu.com/maverick-updates/libapache2-mod-php5filter
<linuxthefish> Can someone help me quit a frozen application?
<fosterdv> linuxthefish: ps -ef  | grep something    then run:   sudo kill -9 PID
<linuxthefish> i typed "php" into the terminal, and there isn't anything that tells me how to exit it!!
<fosterdv> What's the frozen application?
<linuxthefish> its not frozen, just not displaying anything
<linuxthefish> and i quit it...
<fosterdv> What exactly are you doing, and what's the error you are seeing?
<linuxthefish> i logged onto my server locally, and was playing around with some random commands and typed "php" and then nothing somes up!
<linuxthefish> and i can't ssh in and kill it...
<fosterdv> Try typing php -v
<fosterdv> when you type php
<fosterdv> and it just takes you to that blank prompt...
<linuxthefish> yere
<fosterdv> Hit CTRL+C
<linuxthefish> oh!
<linuxthefish> thanks! :)
<fosterdv> :D
<hallyn> soren: see for instance https://code.launchpad.net/~serge-hallyn/ubuntu/lucid/vm-builder/vmbuilder-tmpfs
<hallyn> soren: as opposed to simply merging commits 34..37 from lp:ubuntu/natty/vm-builder in their entirity
<hallyn> which'd be hard to justify sru-wise
#ubuntu-server 2011-04-15
<kirkland> SpamapS: howdy, you might be happy about this ...
<rcsheets> fosterdv: never heard of it.
<kirkland> SpamapS: finally fixed the detach/logout bug a bit better;  you can now press shift-F6 if you want to detach the session, but not logout
<RoAkSoAx> kirkland: for byobu?
<kirkland> RoAkSoAx: yup
<RoAkSoAx> kirkland: yay \o/
<fosterdv> rcsheets: I forgot what I asked, I cleared the screen. Thanks anyways. :D
<rcsheets> 18:15 <fosterdv> rcsheets: Hey, by chance.. do you know when installing 'libapache2-mod-php5filter', would be necessary?
<fosterdv> rcsheets: I looked at my activity history, lol.. Yeah, I saw that.
<fosterdv> Thanks for the reply on that.. I couldn't figure out any reason to use it... I skipped it.
<rcsheets> i generally wait until i have a reason to install something, and then install it, rather than ponder whether there might be a reason to install random packages ;)
<fosterdv> ;)
<fosterdv> I was installing ehcp for my server, and it came up asking if I wanted to install it.
<kirkland> RoAkSoAx: it'll also preserve screen splits
<fosterdv> I do about the same, but... though I think I'm awesome at this game... I still don't know quite what I'm doing yet.
<RoAkSoAx> kirkland: how do you split them? :)
<RoAkSoAx> kirkland: never mind, figured it out... didn't know that was possible, but cool!! No longer have the need to use terminator!! yay
<twb> What does this mean?
<twb> mkswap: /dev/theta/swap: warning: don't erase bootbits sectors on whole disk. Use -f to force.
<twb> I wanted to lvextend the swap LV because d-i doesn't use 1024b blocks, and in "lvs" "11.97g" looks uglier than "12g"
<twb> Hm, #580558
<twb> "Mkswap also thinks LVM volumes are a whole disk, and thus doesn't erase the 'bootbits', and complains about it."
<twb> So, mkswap -f and go home.
<twb> Remind me, how do you turn on write-intent bitmaps?
<twb> mdadm /dev/md0 --grow -binternal
<uvirtbot> New bug: #761320 in php5 (main) "package libapache2-mod-php5 5.3.5-1ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/761320
<shaggy_surfer> hello
<shaggy_surfer> Hi , is anyone actively here? I had a question for a knowledgeable Ubuntu Server person.
<fosterdv> am I still connected?
<shaggy_surfer> I see you.
<fosterdv> I don't know why, I can't see my list.
<fosterdv> What was your question?
<shaggy_surfer> I am currently going through PCI compliance and we have a php5 issue where ubuntu server LTS 10.04.02 doesn't have support for php 5.3.6 yet
<shaggy_surfer> I was wondering if anyone knew how I can get a more recent version w/o having to compile it from source myself
<shaggy_surfer> I searched on google but didn't find anyone who has 5.3.6 only 5.3.5, and the PCI won't pass it on 5.3.5
<shaggy_surfer> I thought Ubuntu stayed up to date with their security vulnerabilities, this issue was discovered 4 weeks ago.
<shaggy_surfer> I checked their CVE list  for ubuntu and it shows that Lucid still needs it upstream for many of the php5 issues that the version 5.3.6 addresses.
<fosterdv> I don't know much about PCI Compliance..
<shaggy_surfer> is this the right channel to be asking this question.?
<fosterdv> I wouldn't know if this was the right channel or not.
<fosterdv> Give me one sec though, I'm trying to see if there is a way to install by versions, using apt-get
<shaggy_surfer> well usually you just do 'apt-get upgrade' and it will then get the upgraded package, but I have done this.
<quentusrex> Anyone know of a channel that would be familiar enough with the ubuntu kernel so that I can get pointed in the right direction to find out which kernel patch caused a particular regression?
<shaggy_surfer> doing a dpkg -l | grep php5 shows:
<shaggy_surfer> ii  php5                                      5.3.2-1ubuntu4.7                  server-side, HTML-embedded scripting languag
<fosterdv> Here is a post I found, that might be useful:
<fosterdv> http://ubuntuforums.org/showthread.php?t=1535023
<shaggy_surfer> thank you fosterdv, reading now...
<fosterdv> Anytime, and you might check this one out too... http://www.easy-ubuntu-linux.com/php-install-ubuntu.html
<fosterdv> Look at that one first.
<fosterdv> Might not be the best answer, but.. I'm up for attempting to help, while everyone else is gone :P
<shaggy_surfer> :)
<shaggy_surfer> So I read the post and it appears that they are stating to get professional help... lol.  I am professional
<shaggy_surfer> I am a Senior  Systems Admin running Ubuntu 10.04.02 LTS Lucid Lynx and unfortunately the Ubuntu Security Team has the list of exploits but no patch yet for the issues addressed in php 5.3.6
<fosterdv> Lol... is that in the second link?
<shaggy_surfer> no , the first
<shaggy_surfer> Here is an example of what I am speaking about:  http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1153.html
<uvirtbot> shaggy_surfer: Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. (http://cve.mitre.org/cgi-bin/cvename.cgi?name
<shaggy_surfer> if you look there, you will see that the package states:  needed for lucid
<fosterdv> Under Patches, is that what you're suppose to run, or no?
<fosterdv> - Fixed bug #54247 (format-string vulnerability on Phar)
<uvirtbot> Launchpad bug 54247 in scim-qtimm "Javascript doesn't correctly handle decimal calculations" [Undecided,Fix released] https://launchpad.net/bugs/54247
<fosterdv> http://svn.php.net/viewvc?view=revision&revision=309221
<shaggy_surfer> right that is a link showing that the upstream php site has the fix, the issue I have is that it has not been ported into the official security repositories for lucid in ubuntu, so an 'apt-get upgrade' produces no upgrade for the package.
<fosterdv> Ah.. I see what you're saying.
<shaggy_surfer> 5.3.2-1ubuntu4.7 is the latest release for lucid from the ubuntu security team
<shaggy_surfer> I need 5.3.6
<shaggy_surfer> stuck!
<fosterdv> Like Chuck
<shaggy_surfer> even the newer non LTS versions maverick and latest natty are coming with 5.3.5
<shaggy_surfer> so they don't even meet the 5.3.6 yet
<shaggy_surfer> indeed
<shaggy_surfer> any idea on how to contact the ubuntu security team directly through the website?
<fosterdv> I dno't
<shaggy_surfer> maybe I can submit something asking when the next update will be.
<fosterdv> I don't.
<fosterdv> https://launchpad.net/~ubuntu-security
<shaggy_surfer> well I appreciate the help and will continue on my journey for the answer.
<fosterdv> Okay, good luck.. sorry I wasn't more help.
<shaggy_surfer> thanks buddy for the link, I will let you know if I have success.
<fosterdv> Sweet
<fosterdv> I'll be here.
<whiskey_> how to chane mysql variables?
<fosterdv_> test
<Camer0n> hello, I've been redirected here from #ubuntu and am trying to make xampp run on start up, I was told to install the bum package but the only instructions ive found for it are for ubuntu desktop, how do I use it?
<tony__> Hi. Is there anyone here who could help with a postfix problem?
<greppy> tony__: what's the problem?
<tony__> I'm trying to move my home mail setup from centos to ubuntu server. It sends mail out ok but I get a weird error when receiving mail
<tony__> command line usage error. Command output: Fatal:   Missing -m argument
<tony__> This is bounced back to the sender
<greppy> can you link to a pastebin of your main.cf?
<tony__> pastebin?
<greppy> http://pastebin.ubuntu.com/
<tony__> Ok. I look at see what's involved.
<tony__> Done!
<tony__> http://pastebin.ubuntu.com/594409/
<jamespage> Daviey: merge proposals for bug 715152 updated if you would care to review - ta
<uvirtbot> Launchpad bug 715152 in ntp "[SRU] ntp wont run on IPv6 only host unless lo has 127.0.0.1 address" [Medium,In progress] https://launchpad.net/bugs/715152
<Daviey> jamespage, ack
<Camer0n> how do I mount things on startup?
<joschi> Camer0n: see /etc/fstab and fstab(5) (-> `man 5 fstab`)
<Camer0n> okay
<Camer0n> errr... huh?
<koolhead11> hi all
<Camer0n> what do i add to the file
<koolhead11> Camer0n, https://help.ubuntu.com/community/AutomaticallyMountPartitions  :)
<Camer0n> http://www.youtube.com/watch?v=9-lYAKbAmAk ive got a youtube tutorial :)
<koolhead11> hey bgupta
<Camer0n> would I just write #xampp
<Camer0n> host /opt/lampp/htdocs vboxsf?
<JanC> why are you using third-party versions of applications that are available & supported in Ubuntu ?
<Camer0n> are they?
<Camer0n> how?
 * koolhead11 points Camer0n to #ubuntu :D
<Camer0n> bye!
<JanC> Camer0n: you could read the Server Guide on help.ubuntu.com to learn how to install apache2, mysql-server, php5, etc.
<Camer0n> thanks
<adac> Iw ant to sue a web app that is not included in the debs. where do you normall yput such an app (location file sytem) /var/www or what is the standard location?
<adac> *I want to use
<JanC> in Debian/Ubuntu /var/www/ (or maybe better a subdirectory of that) is still sort of the default location, although it's probably more correct to put it under /srv/   ;)
<Daviey> jamespage, your branches for ntp for lucid & maverick both build fine, look good and just uploaded.
<jamespage> Daviey: ta
<TeTeT> jamespage: thanks for your help on jenkins - I showed it to my colleagues this week and it went very well
<TANATHOS> way to go jamespage:)
<zul> mornign
<TANATHOS> mornin zul
<jamespage> TeTeT: np - if you want to do anything more in-depth give me a shout
<TeTeT> jamespage: yeah, eventually I would like to write some tests for customized isos that we produce - though we first need the auto build infrastructure for the isos. I'll also recommend it to a tool to our customer, as their main application is written in Java
<jdstrand> shaggy_surfer: either file a bug with 'this is a security vulnerability' checked, or send an email to security@ubuntu.com
<jdstrand> shaggy_surfer: you can also vist #ubuntu-security and ask there (but right now I am the only one there from the team :)
<ScottK> zul: Is your swift upload bug fix only?
<zul> ScottK: no its the latest release needed for natty
<ScottK> zul: Then it needs an FFe.
<ScottK> I'm going to reject it for now.
<zul> ScottK: actually it is a bug fix
<ScottK> Let me see if I can rescue it then.
<zul> otherwise ill just re-upload it
<ScottK> zul: I believe I just moved it from rejected to accepted.  If you don't get an accepted email in 10 minutes or so, feel free to reupload.
<zul> k
<Daviey> ScottK, It's my understanding that it is merely an unstable snapshot -> final.
<ScottK> Daviey: It's accepted now.
<ScottK> I only rejected it because zul said it was a feature release.
<Daviey> ahh
<zul> Daviey: and we will have in the archive before the openstack guys get it in their ppa ;)
<jamespage> kirkland: Merge proposed for bug 760012 if you would like to sponsor :-)
<uvirtbot> Launchpad bug 760012 in cobbler "cobbler-web unnecessarily overrides default DocumentRoot" [Low,Triaged] https://launchpad.net/bugs/760012
<RoAkSoAx> morning all
<BlackZ> hey RoAkSoAx how're you doing? :)
<RoAkSoAx> BlackZ: hey man good good
<RoAkSoAx> how about you
<BlackZ> RoAkSoAx: I'm quite good, thanks!
<kirkland> jamespage: will do asap!
<jamespage> kirkland: great :-)
<kirkland> jamespage: hmm....
<jamespage> kirkland: ?
<kirkland> jamespage: looks like the change is affected in both a) directly in config/cobbler_web.conf, and b) debian/patches/39_cw_remove_vhost.patch
<jamespage> kirkland: so the branch is in 'patches applied' state
<jamespage> as its source format 3.0 (quilt)
<kirkland> jamespage: aha :-)
<kirkland> jamespage: okay, great, thanks
<kirkland> jamespage: looks good
<kirkland> jamespage: pushed to branch, uploaded to queue;  upload is holding for release team approval
<jamespage> kirkland: ta
<kirkland> jamespage: no way, thank you for fixing it ;-)
<jamespage> np
<Kurisutian> Hey guys! I wonder if anyone in here has tried to install the latest natty on a btrfs drive. I have several problems with that and wanted to know if anyone else is having that kind os trouble...
<jamespage> Daviey: mod-wsgi python 3.2 support issues again - bug 759943
<uvirtbot> Launchpad bug 759943 in mod-wsgi "mod_wsgi.so-3.2 gives errors" [Undecided,New] https://launchpad.net/bugs/759943
<RoAkSoAx> kirkland: /win 10
<RoAkSoAx> arrrrrrrrgh
<jamespage> hehe
<RoAkSoAx> kirkland: sorry :).
<RoAkSoAx> jamespage: see it happens to me all the time
<RoAkSoAx> hahaha
<Daviey> jamespage, awesome.
<jamespage> Daviey: not really :-(
<jamespage> key issue is that upstream are still working on 3.2 support; 3.1 is the highest supported version
<robbiew> Kurisutian: hi
<Daviey> jamespage, oh lovely.. fwiw, wsgi is working on a natty server i have here.
<Kurisutian> robbiew: Hey, how is it going?
<jamespage> Daviey: which version of the package are you  using?
<robbiew> Kurisutian: in terms of btrfs, I don't think anyone on the ubuntu-server team has tried it
<robbiew> but
<robbiew> cjwatson can probably help you with any installer issues in #ubuntu-installer
<Daviey> jamespage, interesting - policy output,   Installed: 3.3-2build1 / Candidate: 3.3-2ubuntu1
<robbiew> Kurisutian: or you can try asking psurbhi or mvo in #ubuntu-devel, who have both done testing on btrfs
<Daviey> jamespage, so if it is consistently breaking, it's been introduced with *ubuntu1 as i haven't updated to that yet
<Kurisutian> robbiew: Thanks for the hint.... yeah, I figured so that only my boss wants to check btrfs on a server.... ^^
<jamespage> Daviey: sorry - not clear on that - two versions of the package - one for 2.x and one for 3.x '- py3' suffic
<Daviey> jamespage, ah!
<Daviey> jamespage, I assume you have reproduced it?
<jamespage> Daviey: 2.x package should be just fine; its the -py3 when combined with python 3.2 that generates the issue
<jamespage> Daviey: working on that now!
<robbiew> Kurisutian: yeah...tbh, it's still marked as EXPERIMENTAL in the kernel
<robbiew> so I wouldn't go production on it, just yet
<robbiew> we are closely tracking it's development and doing a lot of integration work into the installer, grub2, etc...so when the community deems it ready...we'll be good to go ;)
<RoAkSoAx> kirkland: howdy! Do you think having the fence-agents (or cman) for power management is really necessary for cobbler, or is a feature that we are not looking to support?
<Kurisutian> robbiew: Well, we hat to choose either using btrfs and it's snapshots at university or create a own kernel with aufs support and nfs export included..... so he said he's running btrfs fine for quite some time and we can go for that....
<uvirtbot> New bug: #761804 in samba (main) "winbind miss upstart configuration" [Undecided,New] https://launchpad.net/bugs/761804
<robbiew> Kurisutian: ah...then definitely reach out to mvo and psurbhi in ubuntu-devel
<robbiew> mvo handles apt ;)
<robbiew> and everything else around package management
<robbiew> psurbhi did a lot of work on btrfs for us as well
<kirkland> RoAkSoAx: for natty?
<kirkland> RoAkSoAx: or oneiric?
<robbiew> Kurisutian: and cjwatson can help with installer issues, but we'd prefer to have a bug, if you are hitting errors
<RoAkSoAx> kirkland: oneiric
<kirkland> RoAkSoAx: well, i think power management is absolutely something that orchestra should know about
<kirkland> RoAkSoAx: using powernap, cman/fence-agents, etc.
<kirkland> RoAkSoAx: but i'd think that should be handled at the orchestra level, rather than the cobbler level, IMHO
<Kurisutian> robbiew: thanks! Yeah, I will get in touch with them.... cjwatson and I already talked a bit about problems I'm, having when using grub2 with btrfs... ^^
<robbiew> Kurisutian: cool
<RoAkSoAx> kirkland: right, so if we handle that in orchestra level there's no real need to keep cman/fence-agents as a dependency then, is it?
<kirkland> RoAkSoAx: probably not
<cjwatson> I know of basically two remaining problems with GRUB and btrfs in Ubuntu, one of which will be fixed in natty and the other of which probably won't
<cjwatson> that's bug 759772 and bug 736743 respectively
<uvirtbot> Launchpad bug 759772 in grub2 "grub2: btrfs: does not install core.img to boot block" [Medium,Triaged] https://launchpad.net/bugs/759772
<uvirtbot> Launchpad bug 736743 in grub2 "environment block not implemented on btrfs" [Wishlist,Triaged] https://launchpad.net/bugs/736743
<RoAkSoAx> kirkland: cause the thing is that redhat-cluster (which ships cman including the fence-agents), has been split and the fence-agents are completely a separate source package. However, if I introduce it in oneiric, this means that it will conflict with cman cause apparently I'll be keeping the "old" RHCS version (in preparation for its demotion for LTS hopefully)
<RoAkSoAx> kirkland: so if there's no real need to have cman/fence-agents, then I can keep cman there for cobbler use.
<Kurisutian> robbiew: thanks for the help!
<RoAkSoAx> kirkland: if there's a real need for its use, we can just include fence-agents new source package into the archives and either conflict with cman binary, or not install those agents with cman
<robbiew> Kurisutian: heh..thanks for using ubuntu ;)
<RoAkSoAx> kirkland: so that we can use those bits for cobbler/orchestra separately from having to get cman installed
<jamespage> Daviey: confirmed
<RoAkSoAx> kirkland: can we demote to Universe binaries from source X while keeping other binaries from the same source in Main?
<Kurisutian> robbiew: well only on our servers at university... but hey, it's going good there as far as I have to work on it....  ;-)
<kirkland> RoAkSoAx: yes
<Daviey> jamespage, Oh groovy, that is probably one issue we should have fixed for release.
<kirkland> RoAkSoAx: as long as none of the binaries in main depend (runtime or build) on what you're demoting
<robbiew> Kurisutian: I'll take what I can get! :P
<jamespage> Daviey: I was thinking about a different approach; as 3.2 is not yet supported upstream maybe we should update the package to by default use python 3.1
<RoAkSoAx> kirkland: right. Cool. Thanks for the info then
<ScottK> jamespage: FYI, we'll drop 3.1 completely in oneiric.
<Daviey> jamespage, wsgi 3,2 variant works with python 3.1 ?
<Daviey> jamespage, seen bug 672901?
<uvirtbot> Launchpad bug 672901 in mod-wsgi "libapache2-mod-wsgi v 3.2-2 attempt to install python3" [Medium,New] https://launchpad.net/bugs/672901
<kirkland> RoAkSoAx: np
<Daviey> jamespage, Changing the symlink back to 3.1 seems to make sense?
<Kurisutian> robbiew: Hey, I'm installing kubuntu mainly on every beginners computer since it's easy to deal with.... myself I think it's a little to easy, I prefer different.... but great for beginners and awesome to replace M$... :-D
<robbiew> Kurisutian: nice
<Kurisutian> robbiew: Hey a great concept for beginners is alway appreciated. I can't give them my distro of choice since they lack in knowledge so (k)ubuntu fits perfect for that. And if somebody has seen Windows before I simply fool them with the vistar7 theme.... worked with a bunch of teachers on a school I'm working for as a consultant atm. ^^
<robbiew> Kurisutian: lol...sweet.  What distro do you use?  Gentoo?
<ScottK> Daviey and jamespage: I think libapache2-mod-wsgi in Debian now has a proper python/python3 split.
<TREllis> urgh, not sure how I managed to break cobbler web today, python mismatch? http://paste.ubuntu.com/594496/
<ScottK> It's also rebuilt with python3.2, so I don't know what your issue it, but I'd look at the current Debian package.
<Kurisutian> robbiew: Archlinux. Gentoo takes to long to compile plus all the hating and dissing behind the scenes a while ago is something I don't like and want even if I'm not directly affected....
<robbiew> Archlinux is very cool...yeah, I understand
<robbiew> the drama in the opensource world can definitely be insane
<robbiew> lol
<jamespage> Daviey: lemme just take a look at the packaging
<jamespage> ScottK: issue is that libapache2-mod-wsgi-py3 is built with support for python 3.1 and 3.2; upstream only support python 3.1 at the moment
<ScottK> Does it not work with 3.2?
<Daviey> ScottK, it *seems* that 3.2 doesn't work.. and 3.1 does.. the minimal fix for this, is surely just flipping the symlink ?
<ScottK> It's slightly more complex than that, but not much.
<ScottK> Did you talk to barry and see if he could fix it to work?
<jamespage> ScottK: not yet
<ScottK> Did you discuss this with the Debian maintainer?
<ScottK> He might have some insight.
<jamespage> ScottK: only just started looking at this :-)
<TREllis> RoAkSoAx: re your comment on the cluster fence agents earlier for cobbler
<TREllis> RoAkSoAx: they are very helpful as part of a cobbler setup anyway --> https://fedorahosted.org/cobbler/wiki/PowerManagement
<TREllis> RoAkSoAx: of course, in natty... because the agents are in the cman package, you have to pull in a bit too much really
<RoAkSoAx> TREllis: yeah
<RoAkSoAx> TREllis: that's why I was asking how necessary it is
<RoAkSoAx> TREllis: becyuase the thing is:
<RoAkSoAx> TREllis: what used to be RHCS is now a different set of source packages: RHCS 3.1.X (ships cman/dlm), fence-agents, resource-agents (which has merge cluster-agents and the agents from RHCS), and gfs2-utils
<RoAkSoAx> all of these are completely new sources
<RoAkSoAx> TREllis: now, RHCS3.1.X no longer ships dlm_controld.pcmk creating the dependency of having to use pacemaker >= 1.1.5 + corosync + cman to be able to use dlm_controld
<RoAkSoAx> TREllis: howver, other option is to use pacemakaer >= 1.1.5 + RHCS3.0.12 which ships dlm_controld.pcmk + corosync, avoinding the usage of cman
<RoAkSoAx> TREllis: this obviosly means not updating RHCS to the latest
<TREllis> RoAkSoAx: nasty
<RoAkSoAx> TREllis: so if I were to package fence-agents/gfs2-utils/resource-agents while keeping old RHCS (3.0.12) there would be lots of conflicts
<RoAkSoAx> TREllis: that can be avoided/"fixed" by either 1. not installing those pieces with RHCS 3.0.12, or simple Replaces/Conflicts in the packaging
<RoAkSoAx> TREllis: so if I wanted to get the fence-agents in Oneiric, I'll have to drop the installation of them in RHCS 3.0.12 if we were to keep it for dlm_controld.pcmk
<TREllis> RoAkSoAx: I'd be inclinded to go for the 3.1 stack
<RoAkSoAx> TREllis: the thing is that in a year or so, cman corosync plugin wants to be dropped so that corosync can access directly to dlm_controld
<RoAkSoAx> TREllis: so, there's quite a mess there, that I would like to avoid in order to not end up like we did in Lucid
<TREllis> RoAkSoAx: yeah agreed, linux-cluster is so messy still :-/
<RoAkSoAx> TREllis: now, RH/Fedora are shipping RHCS 3.1.X + pacemaker 1.1.5 (so that they can use dlm_controld + corosync + cman + pacemaker)
<RoAkSoAx> TREllis: Suse, is shipping Pacemaker 1.1.5 + libdlm (no RHCS, no cman, no nothing) but the libdlm they are shipping is the one we are shipping in RHCS 3.0.12 (which has dlm_controld.pcmk)
<uvirtbot> New bug: #761847 in cloud-init (main) "cloud-init does not work in eucalyptus SYSTEM or STATIC modes" [Medium,Triaged] https://launchpad.net/bugs/761847
<RoAkSoAx> TREllis: now in turn of these events, I was firstly inclined on shipping RHCS 3.1 to use pcmk + corosync + cman, but now... I'm thinkin on going for keeping RHCS3.0.12 just for dlm_controld.pcmk and upgrade to pacemaker 1.1.5
<RoAkSoAx> TREllis: *but* LinBit guys say that it is way to early to upgrade to pacemaker 1.1.5 as it is not ready for production accroding to them
<RoAkSoAx> however, the other distros are already shipping them
<RoAkSoAx> TREllis: so yeah, a complete mess :)
<TREllis> RoAkSoAx: heh, you are making me change my mind too
<RoAkSoAx> TREllis: yeah, case at the end, cman is gonna be dropped anyways
<RoAkSoAx> TREllis: that's something that I wanna target at the UDS
<RoAkSoAx> TREllis: hopefully I can get someone from upstream/LinBit to come to the UDS
<TREllis> RoAkSoAx: I guess it comes down to if we want to be bleeding edge on the cluster stack or not, for Oneiric I suppose that's not a bad idea then see how the situation is for 12.04 as it needs to be solid for then
<RoAkSoAx> TREllis: exactly my point, but again, pacemaker 1.2.0 might be or might not be ready for 12.04 :)
<RoAkSoAx> TREllis: pacemaker 1.1.X is the development towards 1.2.0 and they think it might be ready a year from now.
<Daviey> SpamapS, Were you investigating bug 661453 ?
<uvirtbot> Launchpad bug 661453 in dovecot "dovecot.conf always shows as having been locally modified on update" [Low,Confirmed] https://launchpad.net/bugs/661453
<jamespage> Daviey: mod-wsgi/python3.2 is def broken; just tried a quick test....
<jamespage> Daviey: I've pinged maintainers on #debian-python
<jamespage> Daviey: but I suspect that we may have to fix to 3.1
<Daviey> jamespage, ok, good stuff - as ScottK said, if sniffing it doesn't jump out anything obvious, see if you can jump on barry
<jamespage> Daviey: looking at upstream trunk there is **alot** of refactoring going on to support threading changes.
<jamespage> Daviey: I'll ping barry and see what he thinks
<Daviey> oh nice
<SpamapS> Daviey: investigating it? sort of. I reported it.
<Daviey> SpamapS, Ok, were you working on fixing it aswell?
<Daviey> :)
<SpamapS> Daviey: no not at all.. but I'd be happy to if we're targetting it for natty.
<Daviey> SpamapS, That would be super!
<shaggy_surfer> thanks jdstrand , I have submitted a mail to security@ubuntu.com, hopefully I get an update soon.
<phretor> hi, I need to test whether a certain DHCP responds correctly, w/o applying any received settings to the NIC. Is this possible?
<patdk-wk> phretor, what does that even mean?
<phretor> patdk-wk: I need to run dhclient -s mynewserver eth0 but, in case mynewserver replies, I don't want dhclient to apply the settings to the card. I just need to test the serve response.
<genii-around> You could make alias interface like eth0:0
<phretor> genii-around: good idea.
<hallyn> kirkland: hey.  just wondering if you've beenwatching the in-kernel kvm support thread at all
<hallyn> Daviey: you removed the milestone for bug 747090 ?
<uvirtbot> Launchpad bug 747090 in qemu-kvm "wrong return address sometimes pushed for INT in kvm (not qemu)" [High,Invalid] https://launchpad.net/bugs/747090
<jbernard> kirkland: /usr/bin/byobu-select-session, line 79; you want os.execvp(), not os.execp(), right?
<jbernard> kirkland: else you'll have to specify the full path to screen, which probably isn't waht you want
<jbernard> kirkland: nevermind, you beat me to it
<Daviey> hallyn, i think i did for the invalid task
<hallyn> Daviey: right you are, thanks :)
<smoser> RoAkSoAx, can you mark https://code.launchpad.net/~jtaylor/ubuntu/natty/matplotlib/matplotlib-fix-752647/+merge/56843 as merged
<RoAkSoAx> smoser: I can't someone with access to ubuntu-branches needs to do it :(
<RoAkSoAx> smoser: ah never mind
<RoAkSoAx> I just did it
<RoAkSoAx> lol
<kirkland> jbernard: thanks ;-)  yeah, uploaded a fix for that yesterday
<jbernard> kirkland: actually, i think what's in trunk right now might be broken
<kirkland> jbernard: oh?
<jbernard> kirkland: i suspect the os.execp("screen"...) will fail, no? you want execpv() if I'm not mistaken
<kirkland> jbernard: there's no os.execp() in head, here
<kirkland> jbernard: there's os.execv()
<RoyK> http://karlsbakk.net/vetinari-clock-orig.3gp
 * RoyK likes wierd stuff :D
<jbernard> kirkland: ahh, i mistyped, i meant execvp over execv
<kirkland> jbernard: hmm
<kirkland> jbernard: seems to be working fine here for me ...
<kirkland> jbernard: http://docs.python.org/library/os.html#os.execv
<kirkland> jbernard: interesting, i think you may be right
<kirkland> jbernard: but it's not broken here, somehow
<jbernard> kirkland: execv expected variable number of args, but also expects a full path ot the executable
<jbernard> kirkland: which works with the PREFIX + "/bin/screen"
<jbernard> kirkland: very odd indeed :)
<kirkland> oh
<kirkland> yes
<kirkland> i see now
<kirkland> jbernard: you are totally correct
<uvirtbot> New bug: #762054 in php5 (main) "php5-curl install should restart apache not reload it" [Undecided,New] https://launchpad.net/bugs/762054
<RoAkSoAx> SpamapS: ping
<Daviey> ./
<SpamapS> RoAkSoAx: pong
<SpamapS> Daviey: your head seems a bit small today.. been spending time with beetlejuice ?
<RoAkSoAx> SpamapS: are you free to sponsor a couple uploads>?
<SpamapS> RoAkSoAx: sure. don't want to wait for the patch pilot? ;-)
<RoAkSoAx> SpamapS: nah. I want you to endorse my core dev application so it is best if you sponsor them :)
<RoAkSoAx> SpamapS: bug #751344
<uvirtbot> Launchpad bug 751344 in heartbeat "Cluster resource agents fail to run because of missing /var/run/resource-agents directory" [High,Confirmed] https://launchpad.net/bugs/751344
<RoAkSoAx> SpamapS: there's two debdiffs there, one for heartbeat, one for corosync
<Daviey> SpamapS: hah, it was a typo.
<SpamapS> Daviey: thats how every shrunken head story starts...
<Daviey> heh
<SpamapS> RoAkSoAx: any reason the bug wasn't forwarded to Debian ?
<RoAkSoAx> SpamapS: for heartbeat, because upstream maintains the packages in debian and they are gonna address it differently, but I didn't want the proposed patch just yet, as it affects the build-depends of the package and I don't feel safe applying the patch just yet
<RoAkSoAx> s/the proposed patch/the proposed patch in upstream bugtracker/
<SpamapS> RoAkSoAx: interesting. Ok well thinking with my "merge w/ debian" hat on, we need to note that fact in the changelog so the next person who merges corosync will know to check and see if that bug has been fixed, and remove this delta.
<RoAkSoAx> SpamapS: it won't be addressed in corosync, but it will in heartbeat
<SpamapS> Even *more* important then that it be noted in the changelog.
<RoAkSoAx> SpamapS: they themselves recommended to patch the init scripts until *better* solution is found
<SpamapS> A merging person needs to go look at heartbeat to see if this delta is still necessary.
<RoAkSoAx> SpamapS: but the debian maintainer of corosync is in vacation so can't yet forward it
<SpamapS> RoAkSoAx: yeah, I see that this is a temporary fix now. The changelog doesn't really make that clear.
<RoAkSoAx> SpamapS: it is not really necessary to note that in every changelog. Changelogs would be huge if we note that in every package
<SpamapS> Hopefully, this note will be *dropped* when its fixed and we sync back up with Debian.
<RoAkSoAx> SpamapS: I'm gonna fw corosync patch to debian
<RoAkSoAx> SpamapS: the one I';m not gonna fw is heartbeat's patch as the fix is there
<RoAkSoAx> SpamapS: either way, the patch doesn't really hurt as it just checks if the dir is there, if not, it will create it
<SpamapS> RoAkSoAx: I love the patch. I'm concerned that it will just be merged over and over even when its unnecessary and can be synced w/ debian.
<SpamapS> RoAkSoAx: I'm saying "when upstream bug #2378 is fixed in heartbeat, this can be dropped" needs to be in the changelog.. normally it wouldn't be necessary if they took your patch, but they went a different direction.
<uvirtbot> Launchpad bug 2378 in svk "New version fixes several program issues" [Medium,Fix released] https://launchpad.net/bugs/2378
<SpamapS> RoAkSoAx: and I'm nit picking on this one thing, because in about 2 months, we're going to be doing a boat load of merges from Debian.. we need them to be as easy as possible. :)
<SpamapS> RoAkSoAx: will it break anything if I upload heartbeat before corosync? That one looks good.
<RoAkSoAx> SpamapS: nope, nothing will be broken
<RoAkSoAx> SpamapS: corosync/heartbeat are both messaging layers for pacemaker so either one of them can be used, depends on your liking
<RoAkSoAx> SpamapS: and I do understand the case, but from my point of view pointing that out in every single changelog just creates a bigger changelog, when it should be kept at minimum
<SpamapS> developer time is a lot more precious than 72 bytes.
<RoAkSoAx> SpamapS: yeah. Tell you what, make a formal suggestion on changing the approach of writing changelogs then
<RoAkSoAx> SpamapS: cause, since I started merging packages back in karmic, I've never seen what you mention but in 1 or 2 changelogs
<RoAkSoAx> SpamapS: and even then, you still need to review changelogs, review code, review diffs
<ScottK> RoAkSoAx: SpamapS is giving you good advice.
<ScottK> I sometimes make notes for the next merger in debian/changelog.
<aliverius> does the lts ever get a newer kernel?
<Patrickdk> aliverius, a release never gets a newer kernel
<Patrickdk> unless you install it yourself
<aliverius> aha
<Patrickdk> same goes for anything in a release
<aliverius> so  far kvm is working fine with .32 but i was just curious if i am getting the most kvm can offer
<Patrickdk> it's a huge exception to the rules to upgrade a version of a program, other than to just backport security patchs
<Patrickdk> there are webpages that tell you how to install newer kernels onto lucid
<Patrickdk> hell, linux-image-2.6.35-25-server is in the depo
<Patrickdk> ready to go
<Patrickdk> unless you want even newer :)
<smoser> jdstrand, or kirkland it would be nice to see your thoughts on bug 644632
<uvirtbot> Launchpad bug 644632 in libnss-ldap "nssldap-update-ignoreusers needs to be configurable to ignore users" [Low,New] https://launchpad.net/bugs/644632
<SpamapS> RoAkSoAx: uploads sponsored. :)
<RoAkSoAx> SpamapS: awesome! Thanks! :)
 * SpamapS runs off to get some lunch while 185MB of updates download
<binaryhat> when my internet connection goes down then comes back up, my ubuntu server does not auto-reconnect.  i have to restart the network daemon.
<binaryhat> solution?
<cloakable> There is no network daemon
<binaryhat> so...
<cloakable> So either install on or restart it.
<cloakable> *one
<binaryhat> which do u suggest?
<cloakable> Depends on if you're comfortable pulling stuff like dbus onto your server.
<binaryhat> i just want it to reconnect if the link comes back up
<cloakable> static ip?
<binaryhat> yes
<cloakable> Then it shouldn't matter, iirc. The interface should stay configured even with the cable missing.
<cloakable> Not sure what's happening there.
<binaryhat> this morning i discovered my router went down so i reconnected to my modem
<binaryhat> my ubuntu server was inaccessible
<binaryhat> so i had to restart the server
<hallyn> mdeslaur: hey - i updated my vm-tools bzr tree, and notice it no longer auto-runs /postinstall.run after doing a vm-clone.  That never worked reliably for me anyway so I don't mind, but Im' just wonderin gwhether that's expected?
<hallyn> Daviey: phew, that was a touch more work than i thought, but i have a backward-compatible syslog-ng patch, sending to the m-l.  brace for impact.
<hallyn> Daviey: as for bug 388483, shall we mark it fix released given feedback?
<uvirtbot> Launchpad bug 388483 in samba "smbd panic action with yield_connection name=0x0" [Medium,Confirmed] https://launchpad.net/bugs/388483
<robbiew> RoAkSoAx: do we have HA packages in main already?  ( I thought we did)
<uvirtbot> New bug: #230197 in openvpn (main) "network-manager-openvpn is incapable of supplying openssl-vulnkey with the X.509 key passphrase it requests" [High,Fix released] https://launchpad.net/bugs/230197
<robbiew> RoAkSoAx: nevermind...I checked...we do
#ubuntu-server 2011-04-16
<ScottK> robbiew_: Does the content of https://wiki.ubuntu.com/ServerTeam/Roadmap/OneiricPlanning mean the "Split Ubuntu Server into Server/Cloud" is off the table or not documented yet?
<robbiew_> not documented yet...not even CLOSE to being done
<ScottK> OK.
<robbiew_> ScottK: just started putting items in collected...and ran out of gas
<robbiew_> will resume later on ;)
<robbiew_> ...and let folks know when I think I have the list of discussions/features ready for review
<bencer> robbiew_: i was talking on #ubuntu-uds about proposing a track on zentyal and bringing ubuntu server to the masses:
<hallyn> Daviey: drat, kernel api shortcoming, my patch for upstream isn't quite right.  will have to decide what to do next week.
<Daviey> hallyn, :(... I missed it :)
<hallyn> ?
<jbernard> hallyn: is there a particular libcgroup branch I should clone as a starting point, or is it better to create a new repo with just unstable+your-patches ?
<hallyn> jbernard: not sure what you mean - is this for your own development branch, or just for merging into natty?
<hallyn> oh
<hallyn> just a sec
<hallyn> jbernard: lp:~serge-hallyn/ubuntu/natty/libcgroup/upstart  was the last one
<hallyn> that i worked on for natty
<hallyn> should just be able to merge in my commits from that tree into your tree (or unstable's)
<hallyn> since natty's is not at all diverged from unstable's at the moment
<RoAkSoAx> robbiew_: yeah we do, everything is in main now: heartbeat/corosync/pacemaker/cluster-agents/cluster-glue (the new), and redhat-cluster (the old stack), and ocfs2-tools and DRBD have always been there.
<RoAkSoAx> robbiew_: gfs2-tools is shipped by redhat-cluster
<RoAkSoAx> robbiew_: and some docs are here: https://wiki.ubuntu.com/ClusterStack/Natty
<mdeslaur> hallyn: postinstall.run is only when you create a new VM with vm-new
<mdeslaur> hallyn: vm-clone only mounts the image and changes a few things (like dhcp, mac address, hostname, etc.)
<hallyn> mdeslaur: hm, right.  so my pristine ones must have never run the postinstall i guess? :)
<hallyn> mdeslaur: thanks.  have a good weekend
<mdeslaur> hallyn: that could be!
<mdeslaur> hallyn: I haven't tried vm-new in a while though...I may very well be broken right now
<mdeslaur> you too!
<CrazyGir> while on the vm topic.. when using vmbuilder to create a new vm, I set the release to server. does this default the console to serial?
<CrazyGir> or do you need to run through the steps to setup a serial console on the new server vm?
<CrazyGir> I've been unable to mount the raw disk image, so I'm hoping it is done by default..
<CrazyGir> I take that back, but found a completely different way to mount the image
<CrazyGir> odd, so it appears as though the serial console is enabled by default
<CrazyGir> I don't get a login prompt when connecting via: virsh console #
<CrazyGir> (after hitting enter a few times)
<uvirtbot> New bug: #727210 in mysql-5.1 (main) "package rsyslog 4.2.0-2ubuntu8.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,New] https://launchpad.net/bugs/727210
<aliverius> i mistakenly erased one partition of my raid 1
<aliverius> now i am trying to use mdadm to correct this
<aliverius> is assemble the mode i need?
<aliverius> like mdadm -A /dev/md0 /dev/sda3?
<aliverius> or create?
<aliverius> no wrong
<aliverius> i did not format over the second raid partition
<aliverius> is seems my /dev/sdb3 was the special grub boot partition
<aliverius> but how do i restore it
<aliverius> eveything is ok
<aliverius> that odd numbering of partitions in my system has totally confused me
<aliverius> it was simply a swap partition
<aliverius> what does it mean when a dir appears as green on the terminal?
<shauno> aliverius: on mine, a green background on a dir indicates the sticky bit (+t).  don't recall whether that's default, but see if it matches what you're seeing
<aliverius> i have serious trouble with accessing that dir as user
<aliverius> wanna take a look?
<shauno> what permissions does ls show?
<aliverius> drw-rw-rw- 6 nobody root 4096 2011-04-16 11:37 archive_1
<aliverius> now lets take a look inside
<aliverius> shall i use a pastebin?
<shauno> it won't let you list the contents without +x set
<aliverius> isnt +x executable?
<aliverius> so i shall chmod 777?
<shauno> on files, yes.  on dirs, it's a bit special
<shauno> if you need it to be world-writable, 777 it is.  but at the very least, +x as the user that you'd expect to be able to enter that dir
<aliverius> yes i want to to be writable by anyone. i wan to make is a nfs share
<aliverius> it seems to be working now shauno. thank you :)
<shauno> no problem.  if you ls -l /, you'll see +x is on almost every directory.  it's normal :)
<aliverius> so noexec in fstab should cover me against executing files in there?
<shauno> sure
<aliverius> ok
<uvirtbot> New bug: #762600 in autofs5 (main) "Autofs5 dismount folders that are in use" [Undecided,New] https://launchpad.net/bugs/762600
<Psi-Jack> Alright guys. I'm trying to resolve a little issue with Ubuntu 10.04.2 LTS and multipath'd iSCSI situations, seems to be race conditions that, A> It's umounting the multipath device /after/ killing multipath, then logging out of the iSCSI initiators, which causes the final shutdown to break with ping timeouts and it never reboots because of it.
<user5v> hello, I have a question because amazon EC2. If I create an instance (a.e. of ubuntu 10.10) i must use a key, that can be created in the AWS management console. QUESTION: is this key saved inside the ubuntu installation too?
<donniezazen> If i make a folder mywebsite in /var/www/ and subdirectories like video, ampache, ajaxplorer, etc will it automatically load mywebsite.com/videos mywebsite.com/ampache.
<cloakable> No
<cloakable> You'll need to setup a config file for mywebsite.com
<cloakable> What you'll get is mywebsite.com/mywebsite/ampache
<cloakable> in the default setup.
<RoyK> hm... I'm setting up this open wifi system, but I want people to be told that things get logged etc before they get in. no password should be required. I guess using a proxy and a default site to hey-I-know-what-you're-doing-page should be it, but I'm a little unsure about how to set this up - anyone done this before?
<donniezazen> @cloackable do i need to tweak virtualhost
<cloakable> RoyK: Look up captive portals.
<cloakable> donniezazen: Yes.
<donniezazen> the config file yo are talking about is virtualhost or some different file?
<JanC> donniezazen: I suggest you read the Debian/Ubuntu documentation for Apache in /usr/share/doc/apache2/README.Debian.gz
<JanC> that explains the way Apache is usually configured in Debian & derived distros
<JanC> (you can use 'zless' to read it without having to manually unpack it first)
<donniezazen> Thanks JanC, will do that.
<JanC> donniezazen: of course reading the main apache documentation is useful too, but the README.Debian contains info about things that are different from a "vanilla" apache
<JanC> (it's always useful to read README.Debian if a package has one, because it means there is some Debian-specific info that is not in the upstream documentation)
<donniezazen> yeah read me is always help ful
<andygraybeal> is there an ETA when I might be able to select a physical network device when adding a network card to a virtual machine?
<andygraybeal> i'm not able to select eth1 of the host machine to be dedicated to the virtual machine
<pmatulis_> andygraybeal: wouldn't that screw things up a bit?
<JanC> andygraybeal: I haven't tested if it works, but I think qemu/kvm can do that with -net nic,model=virtio ?
<andygraybeal> aah virtio
<andygraybeal> pmatulis_, yes, it actually made it so the machine wouldn't boot.. but i have no idea
<andygraybeal> JanC, interesting i will read more about it.
<andygraybeal> thank yuo for the responses
<JanC> it's sort of a guess though, as I have never used it  ;)
<andygraybeal> yea, i have no idea, i'm going to mail the mail list and see what responses i get, i'm going to mail ltsp-discuss first.
<andygraybeal> i think i have to make two bridges, br0 for eth0 and br1 for eth1....
<andygraybeal> ithink i understand what to do now
<quentusrex> Anyone aware of an issue that when the KVM host has br0 configured the networking does not start on boot? but can be fixed by manually running 'sudo /etc/init.d/networking restart'
<CrazyGir> no, but anything in dmesg/etc?
#ubuntu-server 2011-04-17
<quentusrex> [   13.408612] ADDRCONF(NETDEV_UP): eth0: link is not ready
<quentusrex> is the only line that looks like it has an issue
<CrazyGir> weird
<quentusrex> happens on multiple boxes
<quentusrex> Im' just finally tired of dealing with it.
<quentusrex> the only commonality is that I have bridged networking configured for KVM
<CrazyGir> grep the source, see what' causes that error?
<CrazyGir> do all of the systems have the same nic?
<CrazyGir> mmm
<quentusrex> no, completely different nics
<CrazyGir> I look to the source in these sorts of situations
<CrazyGir> what are primary differences between the generic and server kernel flavors?
<onecrazycat> djbdns vs BIND vs ???:  Any suggestions for a home DNS server with under 30 hosts (some VMs)?
<CrazyGir> openbsd + built in BIND
<CrazyGir> it'll take you 10 minutes to setup
<CrazyGir> but that's mee
<CrazyGir> *moho
<cloakable> dnsmasq?
<cloakable> pfsense?
<onecrazycat> CrazyGir:  I want it to run on Ubuntu Server since that's what I'm comfortable with.
<CrazyGir> I can't make a recommendation for you, sorry :(
<onecrazycat> np
<JanC> onecrazycat: if it's for a home network, dnsmasq might be all you need...
<onecrazycat> JanC:  That's what I'm going with.
<drkmachine> would anyone have a few moments to help me troubleshoot a samba share?
<rallias> I just discovered my apache installation is being used for an http proxy. Can someone assist me in the process of preventing such?
<JanC> rallias: disable mod_proxy ?
<rallias> I don't have it installed
<JanC> it's part of every apache install...
<rallias> er wait... i do, but it was allready disabled.
<JanC> why do you think apache is used as a proxy?
<rallias> 109.230.251.14 - - [20/Mar/2011:07:36:48 -0500] "GET http://119.160.244.96/?login=jokerincal232&passwd=testing HTTP/1.0" 200 455 "-" "-"
<rallias> numerous lines similar to that
<rallias> along with evidence of other exploits such as webdav and phpmyadmin
<rallias> *attempted
<ChmEarl> rallias, the byte count is 455.. likely exactly the size of your default page
<ChmEarl> rallias, do wget http://localhost/   -> 455?
<rallias> 525 bytes
<ChmEarl> everyone gets `vulnerability scans` everyday
<JanC> the size of an error page is likely to be different depending on the URL requested  ;)
<ChmEarl> rallias, do you know how to telnet into your default page?
<JanC> you don't get the default page when there is an error
<ChmEarl> its 200
<rallias> 400 bad request is 301 bytes
<JanC> if you get a 200 response for a non-existing page, that's certainly wrong too
<ChmEarl> give me your IP/domain - I will telnet it
<JanC> rallias: I suppose that IP address is not yours?
<rallias> umm... nope.
<JanC> ah, Yahoo
<rallias> Yep
<rallias> I also have evidence that they're trying to get on IRC, returning a 405 error
<JanC> seems like it originates from a server in Amsterdam
<rallias> I can extract all the IP addresses from it if you want
<ChmEarl> rallias, I also get proxy attempts with 200 returned and they get my default page
<rallias> I'm just in the process of downloading the access.log files
<ChmEarl> welcome to internet hosting
<ChmEarl> the water is fine, jump in
<rallias> oh :/
<rallias> just curious, but is it "legal" to have a colon in a filepath in unix?
<JanC> rallias: only '/' and NULL are not allowed in a file name or directory name
<rallias> ah.
<rallias> So would it be possible to have a file path be /var//?isac
<JanC> a file named "?isac" is certainly possible
<patdk-nb> those are always fun
<rallias> but would that thing be a valid file path?
<patdk-nb> sure
<rallias> i mean the /var//?isac
<JanC> in most cases it would be valid, yes
<rallias> most cases?
<JanC> well, some applications might complain about the double //
<JanC> and depending on where you use it, you might need to escape the ?
<rallias> oh ok, so apache won't b&m?
<JanC> b&m ?
<rallias> b and moan
<JanC> I guess that depends on how apache is configured  ;)
<rallias> under standard ubuntian configuration (with about 20 vhosts)?
<JanC> I've never tested using such filenames  ;)
<patdk-nb> apache normally changes invalid to _ I think
<patdk-nb> anything it doesn't like atleast :)
<rallias> ok
<JanC> and most likely it won't serve anything outside its DocumentRoot(s)
<rallias> wow some people keep out of date dns...
<rallias> ok
<rallias> well... i've tried using .com/../ before...
<JanC> when you use the default file serving stuff, that should not work  ;)
<rallias> ok
<rallias> oh noes someone found my youtube rips folder...
<JanC> lol
<rallias> 173.169.175.37 - - [10/Apr/2011:10:07:37 -0500] "GET /I%20Just%20Had%20Sex%20(feat.%20Akon)_(1080p).mp4 HTTP/1.1" 200 24820 "http://*****
<rallias> :/
<JanC> rallias: did you try using your server as a proxy from home?
<rallias> yeah
<rallias> it didn't work...
<rallias> i feel slightly... er... not as smart as possible.
<rallias> now that i think about it... why do I have port 8080 open...
<rallias> how do I modify the php max run time thing?
<onecrazycat> any good djbdns install guides available for 10.04 Lucid Server?
<patdk-nb_> that's nuts :)
<ChmEarl> session.gc_maxlifetime ?
<onecrazycat> djbdns or dnsmasq:  FIGHT! (I really want opinions thoughâ¦)
<JanC> onecrazycat: for a simple home network it's easy: dnsmasq
<onecrazycat> JanC:  I'm still on the fenceâ¦  I don't want to limit myself in the futureâ¦  what is it that makes dnsmasq better for a simple network?
<patdk-nb_> I thought all the djbdns stuff hadn't been updated for years
<patdk-nb_> dnsmasq is simple, does everything a network needs :)
<onecrazycat> patdk-nb_:  From what I'm reading it doesn't support redundancy in DHCP (failover).
<patdk-nb_> small networks generally don't have multible routers :)
<patdk-nb_> therefor it would be pointless anyways
<onecrazycat> patdk-nb_: for me I want to install a lot of VMs, and even a small VPS at homeâ¦  I'm getting my learn on, and I want this solution to expand with my network (virtual hosts).  You still think dnsmasq will be cool for around 30-50 servers?
<patdk-nb_> dnsmasq could handle that without an issue
<patdk-nb_> all depending on your dns query rate
<patdk-nb_> I would probably go with dhcpd and pdns-recursor, cause that is what I default to
<JanC> it depends on what you want to do and what you want to integrate with
<JanC> if you want to use a tool to manage your VMs that also configures DHCP/DNS, check what it supports...  (I doubt any such tools integrates with djbdns though)
<onecrazycat> It's a home network, so I'm rocking a little linksys router tooâ¦ but i want it virtualized and customizable.
<onecrazycat> It's a learning experience endeavor :)
<Jasonn> I am trying to install openVPN from openvpn.net
<Jasonn> and I get an error message when I try to start the server
<Jasonn> http://pastebin.ubuntu.com/595019/
<CrazyGir> onecrazycat: my suggestion, if you have not yet decided, is to go with what is simple easy, get your learn on, and if you out-grow it in the future, switch
<CrazyGir> you'll learn quite a lot more that way, and the experience won't be lost
<CrazyGir> but more importantly, you won't be tripped up anylonger
<onecrazycat> CrazyGir:  dnsmasq is installed and running :)
<onecrazycat> CrazyGir: â¦ and more importantly, working :)
<CrazyGir> sweet
<CrazyGir> that's fantastic
<CrazyGir> yea, there's a certain amount of time/energy I allow myself to mull over a decision like that
<CrazyGir> afterwhich it's time to get to work
<CrazyGir> so the server flavor doesn't ship with man by default?
<CrazyGir> am I off my rocker?
<van7hu> hello
<van7hu> I am just getting started with ubuntu server
<van7hu> I installed it as LAMP, could I use it for a DNS server now?
<onecrazycat1> van7hu: yes
<onecrazycat1> van7hu:  here's a good rule to rememberâ¦  you can run as many daemons (services) as you want as long as you have the memory, hard drive space, and processor cycles.  That and open ports.  If say, port 80 is already used by Apache, nothing else can use that port.
<van7hu> yeah, thanks
<van7hu> I just asked to ask
<CrazyGir> HAH: motd includes See "man sudo_root" for details.
<CrazyGir> foo@base:~$ man sudo_root >>> -bash: man: command not found
<CrazyGir> this is a vm built with vmbuilder
<CrazyGir> am I missing something?
<CrazyGir> sorry for the n00b question, but I'm from the BSD world where init/rc is a bit different.. how do you get a list of the daemons that start with each runlevel?
<rigved> CrazyGir: afaik, /etc/rcx.d/ has the list of scripts that run at run-level 'x'. those with 'S' are the ones that are started at that run-level.
<CrazyGir> yea, I'm also seeing stuff about upstart, which is cool, but adds complexity to the question
<CrazyGir> :P
<CrazyGir> here's a better question.. I've added ntpd via openntpd, assuming this hasn't been converted to upstart (not showing up in service --status-all), what should I do to ensure openntpd starts on boot and stays up?
<CrazyGir> is it best to create your own upstart init config as described here? https://help.ubuntu.com/community/UbuntuBootupHowto
<rigved> CrazyGir: yes, that seems to be the proper one
<rigved> CrazyGir: see, the link also says that this process has been tested for the latest ubuntu version, 11.04. so, that is the way to go
<CrazyGir> yea, I never know with ubuntu docs though, they're a bit all over the place
<CrazyGir> much more complete than many other linux distros, but not really fully trustworthy either
<rigved> CrazyGir: that may be because sometimes, the docs are not updated for the newer ubuntu versions. but for docs that are, they are the way to go
<CrazyGir> sure, just not what you are used to when coming from BSD ;)
<CrazyGir> http://upstart.ubuntu.com/cookbook/ <--- this is a fantastic example of good quality, but this is not seen across the board
<CrazyGir> well.. sort of. some sections are missing :P
<lucky711x>  having trouble installing ubuntu server 10.10 on seagate cheetah ST39204LC SCSI hard drive using Adaptec 39160 PCI card on channel B, BIOS detects the drive, I did a low level format from the SCSI Utility, it was successful, then I verified the disk, and it passed, I have it set as ID0 and is being detect as so... BIOS sees it but Ubuntu partioner doesnt....hmm?
<CrazyGir> are you stuck with adaptec  hardware lucky711x ?
<lucky711x> yes I am CrazyGir
<CrazyGir> :(
<CrazyGir> are you _sure_ it is supported? (and well)
<CrazyGir> lucky711x: ^^
<lucky711x> yes CrazyGir I have had it detected and install before on the same eqpt
<lucky711x> installed*
<lucky711x> but it wouldnt boot and I did a low level format then tried to install again and no luck now
<lucky711x> CrazyGir, what scsi hardware do you prefer?
<lucky711x> CrazyGir, its weird while im trying to install ubuntu in power cycles on and off
<CrazyGir> lucky711x: by 'supported' I mean to ask if you know this hardware model works well in linux/ubuntu
<CrazyGir> in short, adaptec makes crap hardware as I've seen (see the OpenBSD write ups from a decade ago if interested)
<CrazyGir> I prefer scsi/raid controllers that are well documented for devs to build working drivers
<lucky711x> Yes is it support i forget what driver the kernel uses but it should work just fine
<CrazyGir> 'supported' and 'working well' are not the same
<CrazyGir> especially for 'open' hardware, note my sarcasm enclosing open
<CrazyGir> supposing it does work well, do you end up with anything in dmesg?
<CrazyGir> and / or do you have another card you can confirm as working?
<CrazyGir> and/or can you try an install to a std disk to confirm the rest of the hardware works
<lucky711x> lol well i wish i could get a dmesg but i am still stuck on install
<lucky711x> im trying a low level format again, but unfortunately i keep getting a stop
<lucky711x> i am probably about to boot up my sata drive and run some tools on the drive
<CrazyGir> try other hardware.. in all the various combinations, to confirm what works and what doesn't
<lucky711x> on the scsi drive*
<lucky711x> well i have been working on this for about 36 hours troubleshooting different things, jumpers, settings in SCSIselect utility, settings in bios, formats, you name it, ive probably tried it
<lucky711x> CrazyGir, mind if i pm you?
<CrazyGir> sure
<uvirtbot> New bug: #763467 in keepalived (main) "SIOCGMIIREG errors on e1000e interface" [Undecided,New] https://launchpad.net/bugs/763467
<CrazyGir> any reason why ubuntu-server would be unable to figure out its hostname? even with a proper hostname set in /etc/hostname
<CrazyGir> ah.. a _ is not a valid character for a hostname :P
<Melonking_> Can anyone give me a link to the changes in 11.04 server?
<Melonking> Anyone know the changes? Other than small ui things?
<bsd123123> quick question. If I have dovecot running pop3 plain mode. and I log in remotely, is my password sent totally in the clear
<patdk-nb_> only if you broke docecot's config
<bsd123123> so what encryption is used for dovcot pop3 plain
<patdk-nb_> none, that is why it's called plain :)
<bsd123123> so passwords are sent in the clear?
<patdk-nb_> not unless you break the config :)
<bsd123123> lol
<bsd123123> I can connect to my server using plain and pull mail
<bsd123123> I broke the config?
<patdk-nb_> disable_plaintext_auth = yes, is default
<bsd123123> ah
<patdk-nb_> if so, dovecot won't allow you to connect
<patdk-nb_> so unless you change that, no, you can't
<bsd123123> is there any security advantage between pop3 secure and imap secure
<bsd123123> or are both same secure
<patdk-nb_> heh
<patdk-nb_> use ssl or tls
<patdk-nb_> or both :)
<qman__> they use the same methods to encrypt, if that's what you're asking
<qman__> tls uses the standard port, ssl uses alternate ports
<patdk-nb_> I think he was asking the difference between pop3 and imap, but heh, not enough info :)
<bsd123123> i have it set up for pop3s. I configure my client for pop3 ssl/tls and it works, it sends a cert and connects. So good. but also in my client there is the option for 'normal password' and 'encrypted password'
<bsd123123> when i choose normal I get the cert and connect fine
<qman__> imap is a much better system IMO, especially with people getting email on their phones and several computers and whatnot
<bsd123123> choose encrypted and it says - pop server doesnt support this
<qman__> yeah, don't do that
<qman__> that encryption is weaker than SSL and is deprecated
<bsd123123> lol ok
<qman__> it's how they used to do things before SSL/TLS existed
<bsd123123> right sweet
<bsd123123> I want to pick up roots email - for log reports and whatnot. I can't login directly as root. so in aliases, I add root: user and newaliases
<bsd123123> user is not getting roots email though
<qman__> there is actually a function built in when you set up the email the first time
<qman__> who to deliver root's mail to
<bsd123123> oh
<bsd123123> I don't have to start again do I?
<qman__> I'll see if I can find how to invoke it
<qman__> ah, looks like it was just a frontend to /etc/aliases
<qman__> so you did it right
<qman__> might have to restart postfix
<qman__> bsd123123, ^
<DigitalFlux> Hi Guys
<DigitalFlux> I'm having problems with configuring the puppet client, modifying puppet.conf for the [client] section doesn't seem to be read by the puppet service when it is restart !
<uvirtbot> New bug: #763923 in postfix (main) "package postfix 2.8.2-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/763923
<uvirtbot> New bug: #764004 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/764004
<uvirtbot> New bug: #764014 in net-snmp (main) "*** buffer overflow detected ***: /usr/sbin/snmptrapd terminated" [Undecided,New] https://launchpad.net/bugs/764014
<CrazyGir> hello! I have a few VMs I created with vmbuilder and specified the server kernel release, main and universe repos, etc.. pretty stock stuff for a server, though some things like man seem to be missing.. does this seem correct? and if so, is there a list of differences between ubuntu std and server?
<CrazyGir> dig/dns tools is another
#ubuntu-server 2012-04-09
<Kutakizukari> Is there a way to block port 22 SSH till I need to log in? I know dome9.com does this but looking for the free way if can do.
<KM0201> hmm, not sure
<maxb> Kutakizukari: If you feel it's necessary, you could go with a port knocking approach
<maxb> Alternatively, accept only pubkey-based logins, denying passwords completely, and trust that to be secure enough
<Kutakizukari> was using fail2ban but the bots just grab another ip address and try again.
<maxb> Possibly backed up with a fail2ban approach
<Kutakizukari> is there docs on pubkey-based logins for ubuntu server 10.04 LTS?
<patdk-lap> Kutakizukari, you want a knock solution probably
<patdk-lap> where you hit up a special port y, and it enables access to other port x for that ip for x min
<Kutakizukari> patdk-lap: never heard of it, will look it up. Thanks
<patdk-lap> http://www.shorewall.net/PortKnocking.html
<Kutakizukari> can port y be sniffed out to lead to port x?
<Kutakizukari> will look into it, again thank you
<maxb> Pubkey based SSH is a standard part of OpenSSH. I know it's described in the man pages, no idea if anyone's bothered to write customized documentation for Ubuntu; really there's little to nothing distro-specific
<patdk-lap> not without someone intercepting your traffic, while you do it
<maxb> !info knockd
<ubottu> knockd (source: knockd): small port-knock daemon. In component universe, is optional. Version 0.5-3ubuntu1 (oneiric), package size 26 kB, installed size 168 kB
<patdk-lap> odd, no need for a userbased program, as iptables can do it all itself
<maxb> it can?
<patdk-lap> sure
<patdk-lap> the link above is almost raw iptables commands
<maxb> I've never come across one iptables rule mutating the ruleset itself before
<patdk-lap> I never said 1 iptables rule :)
<patdk-lap> but a collection of 4 will do it, and protect against portscans
<patdk-lap> if you don't care about portscans, 2 rules, the normal accept 22 and the portknock port
<maxb> Interesting. I was not aware of the 'recent' module
<patdk-lap> part of normal ubuntu iptables
<patdk-lap> no xtables needed
<romulobr> hi, i want my server to be able to send emails. I followed ubuntu server guide and successfully (i think) installed postfix with dovecot, but i don't know what to do next, can you help me?
 * pehden is away: I'm busy
 * pehden is back (gone 00:00:01)
<journeeman> Hi all. Trying to delete a node from the MAAS web interface gives an `Internal Server Error'. Anyone else facing this?
<journeeman> cobbler.log shows the "At least one interface needs to be defined" exception being raised. checking my cobbler config
<mmmfungo> hello! i was referred here in an attempt to get my usb ports running at 2.0 instead of 1.1
<mmmfungo> good morning! im having an issue with my usb ports and was hoping for some help...i recently installed a firewire/usb/audio front panel and the ports are only recognized as usb 1.1, even though the board and panel both support 2.0..the output of lsusb and lspci as well as the motherboard and front panel info can be seen here : http://paste.ubuntu.com/921401/ .. lsmod here : http://paste.kde.org/454208/ .. the chipset, according to
<mmmfungo> the manual is an Intel 82801GH 1/O Controller Hub (ICH7DH) and im using 11.10..any help in getting the ports up to speed and running as 2.0 would be greatly appreciated
<wmp> hello, i have problem with 12.04 and repositores
<wmp> i want to install php5.4 from ppa and i have error:
<wmp> Depends: libonig2 (>= 5.2.0) which is a virtual package.
<wmp>             Depends: libqdbm14 (>= 1.8.74) which is a virtual package.
<wmp> where i can found this package?
<sw> !info libqdbm14 | wmp
<ubottu> wmp: libqdbm14 (source: qdbm): QDBM Database Libraries [runtime]. In component universe, is optional. Version 1.8.77-4build1 (oneiric), package size 142 kB, installed size 384 kB
 * koolhead11 thinks everyone is having Easter Fun time
<tash> Is it easy to mount external storage locally to use as your, say, mysql data drive?  I am not sure if fdisk -l will show external storage
<rurufufuss> greetings, is there a command line gui (like that of aptitude) for updating alternatives?
<rurufufuss> (e.g trying to set valgrind to point to the newer version)
<uvirtbot> New bug: #977270 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/977270
<wmp> sw: thx
<aeol> hey, does anyone here work for Canonical?
<aeol> I have been trying to convince my boss (who knows nothing about linux) that we should use Ubuntu in prod instead of Redhat and it seems no one at Canonical can be bothered to respond to my request to purchase their enterprise services
<rockets> Is there a way to apt-get install security updates only
<rockets> aeol, I've contacted canonical sales several times and always gotten an immediate reply sir.
<Pici> rockets: I don't think I understand your question, apt-get should always pull the highest version package available.
<aeol> @rockets how did you contact them? there is no phone number, only a web page to submit a contact request
<romulobr> can you help me to set up an email server to send emails only, i followed the tutorial on ubuntu guide, and things seems to be working, but my client can't send emails.
 * koolhead11 digs url to pass aeol 
<koolhead11> aeol, https://forms.canonical.com/sales/  this might help
<rockets> Pici, I only want to install security updates not general bugfixes or new versions
<rockets> e.g. i only want to install things from hardy-security
<Pici> rockets: Then comment out the updates and backports lines in /etc/apt/sources.list
<rockets> Pici, how is it that unattended updates can install only security updatse
<rockets> but theres no way to do that manually from apt
<hallyn> rbasak: hey, did you get around to running the lxc testsuite on arm 2 weeks ago?
<hallyn> if not, could you, this week? :)
<hggdh> jamespage: do you perform remote Jenkins job submission in the server lab? I am finding that if I pass ?token=... I get a 403
<hggdh> jamespage: if I take '?token=...' out, and go for a basic auth, it works
<wbullock8> can anyone help me with an issue I'm having regarding and IP Address change and using apt-get update
<wbullock8> I changed the IP address and now I can't get apt-get update to connect... but I'm able to see everything on the internet
<wbullock8> the moment I change the IP address back to what it was apt-get update works fine
<wbullock8> any help would be super awesome!
<bluefrog> you change from what to what?
<bluefrog> and how do you change it, what is your dns server and so on. we need ino
<bluefrog> infp
<kirkland> SpamapS: howdy!
<kirkland> SpamapS: curious, still no apache upstart script, eh?
<SpamapS> kirkland: I see no reason for there ever to be one.
<SpamapS> shocking I know
<kirkland> SpamapS: erm?
<SpamapS> but really, apache has a rich init.d script that they maintain perfectly.
<kirkland> SpamapS: okay
<SpamapS> and I don't see apache ever being part of the system plumbing
<kirkland> SpamapS: so, let's say I have a script that I want to run before apache starts
<kirkland> SpamapS: what's the best way for me to do that?  modify the apache init script itself to call me?
<kirkland> SpamapS: or put myself just before them in the init.d list?
<SpamapS> kirkland: start on starting rc RUNLEVEL=[2345] .. will run your script before *all* sysvinit.
<kirkland> SpamapS: hmm
<SpamapS> kirkland: (needs to be a 'task' too)
<kirkland> SpamapS: and I need networking to be up
<SpamapS> kirkland: its up
<kirkland> k
<SpamapS> as of 11.10 anyway
<SpamapS> before that.. you never knew when networking was "up"
<SpamapS> kirkland: apache is less important now anyway. Seriously, I think its day has passed. nginx will *blow your mind* how much better it is.
<kirkland> SpamapS: them's strong words
<SpamapS> yep
<SpamapS> I haven't tried apache 2.4 yet..
<SpamapS> but nginx certainly utterly destroyed 2.2 in every way for omgubuntu.co.uk
<kirkland> SpamapS: yeah, jcastro was raving about it too
<SpamapS> The area where apache will win out is in mods for auth and stuff.. but many of those are making their way into nginx land as well.. so I think its only a matter of time before we see a real shift.
<patdk-wk> I have 2.4 installed on percise to play with
<patdk-wk> but haven't done any performance testing yet
<SpamapS> kirkland: also I'm not as excited about moving every service into upstart. I think its more important that classes of services be moved there, but stuff like apache that just pops up on a port can happily stay in sysvinit land for as long as it makes sense.
<patdk-wk> doesn't that run into dependancy issues?
<patdk-wk> expecially if I need to make sure my fastcgi servers are running before apache
<SpamapS> patdk-wk: why do you need to make sure your fastcgi servers are running before apache?
<SpamapS> what if they are on another host?
<SpamapS> Its a false hope to try and get all daemons started in the right order in a modern system.
<patdk-wk> if they are on another host, apache will retry the connection
<SpamapS> Right
<patdk-wk> if you use a socket file, I think it just errors
<SpamapS> and if they are local, it will retry as well. :)
<patdk-wk> or maybe that was fixed
<SpamapS> patdk-wk: right, fixed.. because thats a bug if it doesn't. :)
<rockets> What is the official way to change the hostname of an ubuntu 10.04 server permanently? I'm seeing so much conflicting advice. I'm seeing edit /etc/hosts, create an /etc/hostname, just use the hostname command (doesn't do it). I'm not sure which I should do.
<SpamapS> patdk-wk: either way, whats more important is that network clients be generous about retries and degrade themselves/report errors properly.. not that daemons are all started in the right order.
<patdk-wk> rockets, lots of changes to do that :)
<SpamapS> Ordering is nearly impossible in a truly distributed system.
<rockets> patdk-lap, What is the "proper" way :P
<patdk-wk> personally? grep -R oldname /etc/
<patdk-wk> and change every file you locate :)
<patdk-wk> it's in 5 places I can think of, in a normal plain install
<rockets> lol
<SpamapS> rockets: the modern way is to have DHCP handing out hostnames, and change it on the DHCP server. :)
<rockets> in other words, it's unmanageable :D
<rockets> SpamapS, yeah well, we don't have dhcp on virtual slices on linode
<SpamapS> how do they do that? do they inject /etc/network/interfaces for you or something?
<SpamapS> I'm genuinely curious.
<rockets> mm
<patdk-wk> well, for most things, just /etc/hosts, /etc/hostname will do it
<rockets> ill pastie my interfaces file for you if you're interested
<patdk-wk> but then you have other configs, like mail server, xmpp server, webserver, ...
<rockets> patdk-lap, yeah but nothing is configured yet
<rockets> its a new host
<patdk-wk> well, then you should only have to touch those two files then
<patdk-wk> then reboot it
<rockets> i just dont want the randomly generated string for a hostname i have
<SpamapS> rockets: no thats ok, I'm just wondering how virtual providers can do it any other way.
<rockets> SpamapS, actually my /etc/network/interfaces contains NOTHING other than loopback
<rockets> maybe they do have some sort of internal dhcp
<SpamapS> rockets: wow.. eth0 isn't even listed?
<rockets> SpamapS, nope
<rockets> I have no idea how they do it
<rockets> its xen though
<SpamapS> weird
<patdk-wk> what kernel?
<rockets> oh wait
<SpamapS> perhaps they jiggered their own startup scripts in
<rockets> im looking at the wrong server
<rockets> lulz
<rockets> hold on
<rockets> yeah it looks like it is dhcp, "auto eth0"
<rockets> iface eth0 inet dhcp
 * SpamapS really hopes virtual host providers fall in line and start using the official Ubuntu cloud images instead of all this weirdness.
<rockets> i dont have ctonrol over the dhcp though
<SpamapS> rockets: gotchya
<rockets> SpamapS, well, this is 10.04 when they had to make their own modified kernel to make it work
<rockets> because it wasnt xenified or something
<SpamapS> rockets: we have 10.04 EC2 images.. EC2 == xen.. so... ?
<rockets> or maybe that was for kvm
<patdk-wk> ya, I use the ec2 kernel on xen
<rockets> this is what slicehost told me, but im using linode now
<SpamapS> meh, well anyway.. no worries. So with dhcp You may have to tell it to not overwrite your hostname
<rockets> SpamapS, nah, /etc/hostname works
<SpamapS> rockets: hopefully that sticks. :)
<rockets> SpamapS, I just tested it.
<rockets> well i suppose my lease hasn't been renewed
<rockets> we'll see hehe
<SpamapS> rockets: reboot would test it
<rockets> SpamapS, i've rebooted several times
<patdk-wk> if it doesn't, go edit /etc/dhcp3/dhclient.conf
<SpamapS> rockets: alright, could you please go delete all the confusing docs you read from the intarwebs kthxbai
<rockets> lol
<uvirtbot> New bug: #977376 in lxc (universe) "lxc ubuntu-cloud template does not properly handle userdata" [High,Confirmed] https://launchpad.net/bugs/977376
<thesheff17> I currently use apt-mirror and manage my own mirror.  I wonder if it is was possible to create a date based mirror where I could just do http://ubuntuMirror/ubuntu/20120904/ and it would only contain those files from that date off the mirror...so basically a rolling snapshot of a mirror.
<adam_g> win 10
<hallyn> utlemming: haven't checked your patch yet, but if you haven't yet, could you roll in the minor change that stgraber has staged at ubuntu:lxc ?
<hallyn> (lunch, biab)
<zul> adam_g: im thinking we should do some more database smarts in the packaging
<adam_g> zul: like?
<zul> adam_g: backup a copy of the database if the schema changes
<adam_g> zul: how does that happen for a populated databse with millions of rows?
<adam_g> or for an external database
<zul> adam_g: i dont know yet
<adam_g> zul: i dont see that happening for 12.04, tbh
<zul> adam_g: well yes not for 12.04
<uvirtbot> New bug: #977313 in openssh (main) "Too many logins - sessions not cleared" [Undecided,New] https://launchpad.net/bugs/977313
<zul> adam_g: its just a gleam in my eye right now
<thesheff17> I would love a way to use source.list with a date of a snapshot of mirror.  I wrote a program that symlinks all of the mirror to a folder in apache but I'm sure certain text files change...it prob should also have db behind it.
<SpamapS> zul: smarts in packaging == fail usually. ;)
<SpamapS> zul: that sounds like something openstack should support.
<zul> SpamapS: *cough* bacula
<SpamapS> as in, if its going to do a schema change, it should have a '--backup' option that does the backup, we shouldn't do it all in the preinst or something.
<SpamapS> that stuff always comes back in floods of apport bugs :-P
<RoyK> something tells me this value is a bit above "normal"   7 Seek_Error_Rate         0x000f   045   045   030    Pre-fail  Always       -       11282972468059
<SpamapS> RoyK: thats a bit above normal, if the saucer section of the Enterprise is only considered "a bit" of the whole ship.
<RoyK> something in the terms of "To say that Richard Mayhew was not very good at heights would be ... It would be like describing the planet Jupiter as bigger than a duck."
<RoyK> drive still works, though
<RoyK> but I would guess replacing it soon, as in tomorrow, might be a good idea ;)
<railsraider> hi guys, my HAproxy went down completely unresponsive and i had to hard boot it, i am trying to figure out why
<railsraider> i have fail2ban, arno-iptables, and chkrootkit installed
<railsraider> all i can see from the logs is that eth0 went promiscuous and i think that accepted all traffic
<sebokie> hello
<sebokie> I have a ubuntu server with nfs running with only 127.0.0.1 allowed for my share
<sebokie> then I create a ssh tunnel between the client and the server as described here: http://nfs.sourceforge.net/nfs-howto/ar01s06.html
<sebokie> however I am not able to mount the nfs share, and I don't get any error message
<sebokie> is it supposed to be logged by the server when someone attempts to mount a nfs share?
<hallyn> jdstrand: http://paste.ubuntu.com/922334/  I assume given the comments in the code, I'm on my own with this failure?
<rockets> Here's a silly question: is there a way to make all subdirectories of a directory inherit the parent's permissions when created? I tried sgid, no dice.
<jdstrand> hallyn: yeah-- why qemu isn't output anything from 'info block' seems like a regression
<hallyn> jdstrand: it does output for info block
<jdstrand> hallyn: I'm confused
<hallyn> I assumed the 'kill monitor; run nc by hand' bit was just not working
<hallyn> jdstrand: if i just run qemu by hand and say 'info block', i get results
<jdstrand> hallyn: but that isn't what the script is doing. it is launching it via livirt, then trying to connect to libvirt's monitor file
<hallyn> jdstrand: i see, i was thinking it failed getting any output at all.  but still, if i do 'info block' by hand, it works.
<jdstrand> hallyn: in fact, based on the weird formatting of the error output, it looks like 'nc -U <libvirt monitor file>' failed
<hallyn> on the bright side, it's the last failing case i think \o/
<hallyn> <frown>
<jdstrand> hallyn: there is a timeout there-- I know I can't run test-qemu.py on a heavily loaded system. maybe the your system was under high load?
<hallyn> jdstrand: hm, ok, i'll try again then, thanks.
<jdstrand> (as in, maybe you are seeing with list-libvirt.py the types of things I would see with test-qemu.py)
<rockets> An especially dumb question - I can't seem to find a regular git client package in the lucid repos. Is it not there? I see a lot of things that refer to git but no actual git
<rockets> ah, git-core
<uvirtbot> New bug: #977498 in tomcat6 (main) "tomcat6-instance-create fails on paths with spaces" [Undecided,New] https://launchpad.net/bugs/977498
<gary_poster> zul or adam_g, I've got an openstack question if one of you have a moment.  For Canonistack, I want the publicDnsName and privateDnsName to have a *.canonistack domain suffix rather than a *.novalocal domain suffix.  That way, with a bit more configuration on chinstrap, devs can set up a .ssh/config stanza that makes everything just work (particularly nice for juju).  AFAICT, that's controlled on the Openstack side
<gary_poster> by nova.network.linux_net's dhcp_domain value, so I asked IS to make that change, along with the resolution bits on chinstrap.  They've done so, and I've tested, and things are not quite working as I hoped yet.  The change does make the vm correctly report its hostname as, for instance, server-8275.canonistack, but publicDnsName and privateDnsName now have no suffix at all, for instance reported as simply "server-82
<gary_poster> 75" by euca-describe-instances.  Is there another openstack setting we can make to get those values to report the *.canonistack names, or is this an openstack bug, or can you suggest some other path to try to find out the answer?
<gary_poster> eh, that was a novel, sorry
<smoser> SpamapS, bug 820699
<uvirtbot> Launchpad bug 820699 in tgt "tgt will be stopped but not restarted on transition from runlevel 1 to 2" [Medium,Confirmed] https://launchpad.net/bugs/820699
<smoser> i was about to open "tgt does not start on installation"
<smoser> is that a dupe of this bug ?
<hggdh> jcastro: there?
<jcastro> yo
<hggdh> jcastro: OK. I already fscked my maas install -- forgot the useruser password...
<hggdh> jcastro: anyway of recovering apart from full uninstall & reinstall?
<jcastro> no clue, I've only done rudimentary set up with it
<hggdh> heh
 * hggdh goes for the reinstall
<jcastro> wait!
<jcastro> we should figure that out
 * hggdh waits
<hggdh> jcastro: another thing -- I installed maas-dhcp, and nothing changed in the dnsmasq config
<hggdh> at least visibly
<jcastro> hggdh: no clue that one either, but here's the first one: http://askubuntu.com/questions/120436/how-do-i-reset-my-maas-username-password
<jcastro> matsubara: any idea? ^^
<hggdh> jcastro: will follow the Q, thanks
<jcastro> "maas changepassword" seems to exist
<hggdh> jcastro: and... it works! -- it does change the password without requiring to enter a current one
<matsubara> hggdh, jcastro: you can flush the db and create a new password
<hggdh> (pretty much like sudo passwd xyz)
<matsubara> well, I guess that's even easier :-)
<jcastro> ah but how do you list users?
<jcastro> without dumping the whole db I think?
<hggdh> yeah, adding an answer to askubuntu now
<hggdh> just a sec
 * jcastro nods
<matsubara> jcastro, not very easy but you can do something like this: http://pastebin.ubuntu.com/922456/
<jcastro> hggdh: ^^ good enough for an answer for now, heh
<hggdh> matsubara: better than 'sudo dumpdata |grep username'
<hggdh> wich is what I used
<hggdh> jcastro: I will edit the answer to add super-matsubara's way of finding an user
<Daviey> hola
<Daviey> How is everyone?
<guntbert> Daviey: welcome - do have a support question?
<guntbert> *do you have ...
<Daviey> guntbert: I hadn't, no.. do you?
<smoser> utlemming, any ideas here: http://paste.ubuntu.com/922462/
<smoser> that is from a us-east-1 instance
<smoser> freaking slow
<guntbert> Daviey: no, are you aware that this channel is not intended for chatter? If yes - my apologies
<zul> lol
<hggdh> Daviey: you got no support question??
<jcastro> he should be kicked out!
<hggdh> LOL
<utlemming> smoser: cloud-front?
<zul> Daviey: you are the weakest link good bye
 * sw hands Daviey the AK47
<Daviey> guntbert: Are you sure this channel isn't for chatter?
<smoser> utlemming, just a download from cloud-images.ubutnuc.om
 * guntbert tries hard to get his foot out of his big mouth :-)
<utlemming> smoser: I'm checking from eu-west-1 right now
<hggdh> oooohhh Daviey gains superpowers, and kills self
<utlemming> smoser: I get pretty decent internet (15Mb/s) and I pull the images this morning at around 200k, so I am wondering if its crossing that small puddle in between New York and the UK
<smoser> well, normally i think its better than that.
<smoser> i'mi using lftp and pget now
<guntbert> Daviey: to answer your last question: according to the /topic I should be sure - listening to some of the regulars here I get doubts :)
<patdk-wk> utlemming, the speed is kind of iffy
<patdk-wk> some days I can get 2-8MB/sec, others I'm happy to even get 100k
<utlemming> smoser: 7.0MB/s in Eeu-west-1
<smoser> utlemming, well...
<smoser> i have strong suspicion that you can't really trust that.
<smoser> that things get cached.
<smoser> ie, if you had run that 2 times, magically the second would be faster.
<utlemming> So we need a European to test my theory
 * patdk-wk builds one
<Daviey> utlemming: I am a European !
<hggdh> no, you are English...
<patdk-wk> swallow?
<utlemming> Daviey: Can you do "wget http://cloud-images.ubuntu.com/server/precise/20120409/precise-server-cloudimg-amd64.tar.gz -O /dev/null" and report the time that it took?
<Daviey> utlemming: European datacentre or homeish adsl?
<utlemming> Daviey: which ever one is less-likely to implement caching and if the DC isn't Canonical or Amazon, that might be the best benchmark
<Daviey> utlemming: Non-Canonial or Amazon, Downloaded: 2 files, 211M in 19s (11.1 MB/s)
<patdk-wk> that all?
<patdk-wk> 2012-04-09 17:15:09 (11.8 MB/s) ashburn,va
<patdk-wk> 2012-04-09 17:16:43 (6.04 MB/s) comcast (maryland) home
<utlemming> smoser: my home slowness is due to a 62% packet loss thanks to L3
<RoyK> L3?
<sw> Daviey: utilised /kick over my AK47! :<
<hallyn> jdstrand: ok, it's simpler than i thought
<hallyn> jdstrand: the _stop_daemon() just does killall -9 libvirt-bin
<hallyn> upstart respawns it :)
<hallyn> hm, no
<hallyn> ok, i need to figure out why it's not going away,b ut second part was,
<hallyn> the monitor isnow json
<hallyn> so 'info block' will give back errors regardless
<jdstrand> oh, that would do it :\
<jdstrand> annoying
<hallyn> yes
<hallyn> jdstrand, but wait... courtesy of our dberrange,
<hallyn> virsh qemu-monitor-command --hmp qatest-i386  'info block'
<SpamapS> smoser: back from long lunch.. looking now
<jdstrand> hallyn: oh, easy enough-- then on release >= 12.04 pass '--hmp'
<hallyn> yup :)
<RoyK> jdstrand: I first read --hmp as something like --hrmpff!
<jdstrand> RoyK: hehe
<ideaman> Anyone: I'm scripting an install in Ubuntu, and having some issues matching a string with sed. Any takers?
<SpamapS> ideaman: just ask, and hang out for a while. Some people read backscroll :)
<ideaman> k
<SpamapS> ideaman: also askubuntu.com and serverfault.com are good places as well
<ideaman> cool thanks
<Patrickdk> the question, we will never know
<ideaman> I'm trying to replace lines 7 and 11 with new text via sed, so I have sed -i 's/old text/new text/7' but anything I try never works...
<ideaman> the best I can get is a global replace /g, which I don't want
<Patrickdk> seems odd way to do it
<ideaman> I'm up for any suggestions
<Patrickdk> '7 c \New line here'
<ideaman> Patrickdk: thanks a million, that's so much easier
<smoser> SpamapS, tgt ?
<SpamapS> smoser: still reading
<smoser> k
<locuse> hi.  i'm putting my 1st ubuntu-servers into production.  i'd like to configure critical-power event recovery (effectively, yank the power cord in mid operation ...) so that after power recovery, the server automatically powers up, trying a maximum of "5" times if unsuccessful.  BIOS is involved, i'd guess, but what are the appropriate pieces on a headless Ubuntu server?
<Patrickdk> locuse, you would need a bios to do that
<Patrickdk> well really probably a bmc
<Patrickdk> and the ones I have only let you do it 3 times, not less, and not more
<Patrickdk> and it requires some kind of os watchdog program
<Patrickdk> and the amount of time that os watchdog program checks in, is fixed
<Patrickdk> I normally turned those things off, cause the bios couldn't boot fast enough, before it would timeout, let along the os starting up
<locuse> Patrickdk: "bmc"?
<Patrickdk> yep
<locuse> acronymitis .... ah, that's Baseboard Management Controller (BMC)
<locuse> hm.  one'd think this'd be a bit more straighforward .
<SpamapS> smoser: I have not forgotten you on tgt..
<SpamapS> smoser: that upstart job is *really* really wrong.
<SpamapS> smoser: that said, the reason tgt is not started on install is that the postinst does not start it
<SpamapS> smoser: 	dh_installinit --no-start -u"start 89 2 3 4 5 . stop 11 1 ."
<SpamapS> smoser: which is intentional
<SpamapS> smoser: remove the args to dh_installinit and that will be fixed
<SpamapS> smoser: also the stop on is wrong.
<SpamapS> as is the start on actually
<miceiken_> How do I make my ubuntu server obtain the correct time and date?
<SpamapS> miceiken_: install the 'ntp' package
<SpamapS> miceiken_: note that ntp will refuse to change the time/date by a large amount (it will just keep the time accurate), so you  may *also* want to install 'ntpdate' and force it in while ntp is not running.
<miceiken_> i just did an "ntpdate ntp.ubuntu.com"
<miceiken_> what about timezones though, does it figure that out by itself?
<SpamapS> miceiken_: you need to set your timezone during install, but yes, NTP always communicates with NTP servers in UTC
<smoser> SpamapS, so how bad is it that that doesn't start ?
<smoser> and how, if you dpeend on it, should you start it ?
<SpamapS> smoser: it affects all users, but has a workaround (manually start it) so I'd call it Medium.
<smoser> well, as you said, its by design.
<SpamapS> smoser: for something that Depends: tgt .. they can workaround by making sure it is started. But I'd think at that point.. just make it start.
<SpamapS> its not so much by design..
<SpamapS> as by the way its always been
<SpamapS> policy suggests that if there is a sane default configuration, a daemon should be started on installation
<SpamapS> not knowing tgt, I can't answer whether that if is true or not
<miceiken_> wow how do I not know this
<miceiken_> how do I output the time
<miceiken_> from the server
<RoyK> date
<miceiken_> great, thanks RoyK
<miceiken_> and thank you SpamapS, my time is all syncronized now :)
<RoyK> date +%H:%M
<RoyK> for instance
<smoser> SpamapS, the daemon will start, will listen on a standard port, and have no targets if queried.
<smoser> so, for my limited knowledge, that is a sane default
<SpamapS> smoser: agreed. Thats probably a bug worth fixing in precise.. whether we do it b4 release or not.. I dunno ;)
<smoser> well, personally, id say if its not fixed before release, then its not fixed in precise.
<smoser> bug 977621
<uvirtbot> Launchpad bug 977621 in tgt "tgt does not start after installation" [Undecided,New] https://launchpad.net/bugs/977621
<smoser> SpamapS, ^
#ubuntu-server 2012-04-10
<SpamapS> smoser: I think we should try to fix both then.
<SpamapS> smoser: seems nova-volume is the only thing that rdeps on tgt
<smoser> interesting.
<smoser> i wonder if it starts tgt
<uvirtbot> New bug: #977621 in tgt (main) "tgt does not start after installation" [Undecided,New] https://launchpad.net/bugs/977621
<uvirtbot> New bug: #977629 in samba (main) "smbd crashed with SIGABRT in rep_strlcpy()" [Undecided,New] https://launchpad.net/bugs/977629
<uvirtbot> New bug: #917906 in nautilus-share (main) "Can't determine shared folders" [Undecided,New] https://launchpad.net/bugs/917906
<smoser> SpamapS, if you want to review: https://code.launchpad.net/~smoser/ubuntu/precise/tgt/lp977621-start-on-install/+merge/101321
<smoser> and feel free to fix the other open bug there also with a better upstart job if you'd like
<smoser> SpamapS, tomorrow perhaps i need your upstart genious help a bit
<smoser> cloud-init seems to be slow to start if networking is up before root filesystem mount (iscsi root)
<brando753> you know I have always manually installed my server files, though using tasksel seems alot easier, is there any reason not to use tasksel? I always have heard its better to install packages manually so Ive never really used it.
<mgw> can anyone point me the right direction as to how to apply a patch while buidling a .deb? Specifically, it needs to be done after configure is called.
<twb> mgw: why after configure is called
<twb> If the answer is "because it edits the makefile", the right solution is to patch makefile.am or configure.ac instead
<mgw> twb, i was asking on behalf of another developer, I think he figured it out
<mgw> ty
<twb> I bet "figured it out" means the wrong way
<mgw> he's applying a patch before configure â it's not our source, so we want to apply minimal patches
<twb> Good
<brando753> you know I have always manually installed my server files, though using tasksel seems alot easier, is there any reason not to use tasksel? I always have heard its better to install packages manually so Ive never really used it.
<twb> tasksel is for noobs
<twb> There is absolutely no reason to use it if you are familiar with apt
<mgw> what's it for? installing collections of packages?
<twb> Basically it's for people who go "can haz mail?" instead of "I need postfix and dovecot please"
<mgw> ok, no wonder i never noticed it
<brando753> ok, but is there a reason not to use it?
<brando753> it can take a while to setup all the packages
<mgw> how many systems are you setting up?
<brando753> and I wonder if it just does the same things automatic
<mgw> if you're setting up more than a few, you'll want to automate it anyway
<mgw> or even if you're setting up one and expect to need to rebuild it anytime soon in a predictable way
<twb> mgw: there is a tasksel prompt at install time
<twb> brando753: all tasksel does is associated a list of packages with a convenient name, like "LAMP server"
<brando753> so why wouldnt somone use it?
<twb> brando753: if you know what underlying packages you want, there is no need for tasksel.  There should not be any harm, either, except maybe it will e.g. install postfix when you wanted exim
<twb> Or install stuff you didn't want at all
<brando753> is it bloated?
<twb> I've just explained to you exactly what it is.
<mgw> any way to install dpkg-scanpackages without the whole dpkg-dev system?
<twb> dpkg-dev isn't that bloated, surely
<twb> Also no
<mgw> yeah, i figure dit out
<mgw> all that's needed is the perl script itself and libdpkg-perl
<mgw> this is for a production system, don't want the developer toolchain on it
<twb> dpkg-dev isn't a developer toolchain
<twb> That's build-essential (i.e. gcc, g++, cpp, etc)
<mgw> it installs gcc
<mgw> The following extra packages will be installed:
<mgw>   build-essential fakeroot g++ g++-4.6 libalgorithm-diff-perl
<mgw>   libalgorithm-diff-xs-perl libalgorithm-merge-perl libstdc++6-4.6-dev
<twb> Recommends: gcc | c-compiler, build-essential, fakeroot, gnupg, gpgv, libalgorithm-merge-perl
<twb> Opt out of it
<mgw> how?
<twb> aptitude -R or apt-get --no-install-recommends
<twb> Or to opt out of specific cases, aptitude install foo bar- baz-
<twb> Actually bar: baz: would be better; otherwise it might uninstall an already-installed bar and baz
<linocisco> hi all
<linocisco> how do you all think about zentyal server?
<mgw> twb: thanks for that tip
<mgw> it works
<lynxman> morning o/
<mgw> lynxman: morning
<lynxman> mgw: morning!
<mgw> I hope you're in europe
<mgw> or somewhere in a similar timezone
<koolhead11> hi lynxman
<lynxman> koolhead11: hey :)
<koolhead11> lynxman, :(
<koolhead11> adam_g, jamespage around?
<koolhead11> when i do sync_db user/tenant gets created, what is the pwd for admin user :P
<koolhead11> *keystone i meant
<sw> what's the best system to use with mirroring users around servers, ldap or ...?
 * koolhead11 modifys user-pwd then :(
<Daviey> sw: ldap is pretty well supported.
<sw> Daviey: I'll give that a shot
 * koolhead11 scratches his head
<koolhead11> adam_g, jamespage am i hitting a bug? why should db_sync create user/role/endpoints
<koolhead11> isn`t it supposed to simply add DB schema
<koolhead11> am i doing something wrong with keystone ?
<koolhead11> gsssssssss
<koolhead11> facepalm
<Geron> Ubuntu and iSCSI. When (if?!) will Ubuntu support multiple initators on a single target?!
<Daviey> Geron: Are you using tgt?
<Geron> tgt?
<koolhead11> sorry guys i had connected wrong db in my keystone.conf and it was already populated with certain tenant/user.
<Daviey> Geron: iscsi?
<Geron> Daviey: yes, iSCSI..
<Geron> I have one machine acting as a target, "sharing" a large drive.
<Daviey> Geron: okay.. i'll come back when you can tell me if you are using tgt.
<Geron> sigh...
<Geron> Cant tell right now (no access to the target machine)
<Geron> But previously when configuring two initiators to use the same target. Only one got read/write access. The other machine got a broken kind of "read only"
<Geron> And I later noticed the "MaxConnections" stuff in /etc/ietd.conf
<Daviey> Geron: Ah, using iscsitarget.. try tgt
<Geron> Which must be set to 1, and to my understanding. This limits the number of initiators per target to 1...
<Geron> Aaah, ok. Will investigate... Using tgt might fix my problem here then?
<Daviey> Geron: We think it's a better target.
<lynxman> Daviey: would it be wise to try to upgrade a production server now to precise? It's my personal one so I don't really mind if something breaks :)
<Daviey> lynxman: yep!  Testing appreciated
<lynxman> Daviey: cool! will do then :)
 * koolhead11 says hi to Daviey :)
<ludo89> Hello, does anyone knows freeradius ?
<ludo89> i need to install it on a wired lan.
<ludo89> without NAS.
<ludo89> can my transparent proxy be the NAS (my transparent proxy intercept port 80 connexions).
<zul> Daviey: do you want a FFE, debdiff, changelog in  a bug report for swift?
<Daviey> zul: all of the above please.
<zul> Daviey: ack
<phaidros> is it possible to have chrooted sftp/scp users (openssh) editing cronjobs/their crontab? a symlink is obviously useless, but is there a way?
<zul> good morning
<rbasak> phaidros: run a chrooted cron. otherwise you might as well not bother chrooting, since a user can enter a cron entry that will run outside the chroot.
<phaidros> rbasak: right ..
<phaidros> thx
<rbasak> smoser: I've been doing some investigation into squid-deb-proxy. I think I get what's going on but it's a bit complicated. Got time to sync?
<smoser> hm..
<smoser> do i have time ? no.
<smoser> do i want to to? yes.
<smoser> give me 5 minutes ? you want to set up a hangout?
<rbasak> OK I'll set one up
<rbasak> smoser: invite sent
<gary_poster> hallyn, morning.  When you've started work...
<gary_poster> My squad is talking about adding a script for ourselves, and we're wondering whether it would be good to have in the general lxc package.  The idea is an "lxc-ip" command.  "lxc-ip NAME_OF_CONTAINER" would return the ip address of the container, so you could do things like "ssh `lxc-ip NAME_OF_CONTAINER`".  The implementation would be exactly like what is in lxc-start-ephemeral right now (looking at the dhcp leases)
<gary_poster> .  This would be an alternative easy way to connect to a container if hooking up the local nameserver is not desired (or even broken--it's been unreliable for us, or at least our setup of it has been).  What do you think?
<SpamapS> gary_poster: tell me again why you're not focusing on improving juju for this?
<SpamapS> gary_poster: juju has juju status for this kind of stuff.. :)
<gary_poster> SpamapS, we are using lxc alone, in addition to using it with juju
<SpamapS> gary_poster: we were talking the other day about adding ephemeral support to the local provider
<gary_poster> SpamapS, cool.  hallyn has some thoughts on refactoring/rewriting lxc-start-ephemeral for 12.10, so maybe that would be a good opportunity to sync up and make sure that the lower-level lxc bits can be usable for juju too
<uvirtbot> New bug: #977765 in nova "Image registration (ec2) is broken using deprecated auth" [High,New] https://launchpad.net/bugs/977765
<uvirtbot> New bug: #977770 in openssh (main) "package openssh-server 1:5.5p1-4ubuntu5 failed to install/upgrade: ErrorMessage: ìë¡ì´ pre-installation ì¤í¬ë¦½í¸ íì íë¡ì¸ì¤ê° ì¤ë¥ 1ë²ì ë¦¬í´íìµëë¤ (dup-of: 349469)" [Undecided,New] https://launchpad.net/bugs/977770
<uvirtbot> New bug: #977783 in postfix (main) "package postfix 2.7.1-1ubuntu0.1 failed to install/upgrade: ErrorMessage: ìë¡ì´ pre-installation ì¤í¬ë¦½í¸ íì íë¡ì¸ì¤ê° ì¤ë¥ 1ë²ì ë¦¬í´íìµëë¤ (dup-of: 349469)" [Undecided,New] https://launchpad.net/bugs/977783
<uvirtbot> New bug: #977795 in mysql-5.1 (main) "package mysql-server-5.1 5.1.49-1ubuntu8.1 failed to install/upgrade: ErrorMessage: ìë¡ì´ pre-removal ì¤í¬ë¦½í¸ íì íë¡ì¸ì¤ê° ì¤ë¥ 1ë²ì ë¦¬í´íìµëë¤ (dup-of: 349469)" [Undecided,New] https://launchpad.net/bugs/977795
<uvirtbot> New bug: #961871 in swift "Use of python-swift on Ubuntu buildd fails, attempts to access /dev/log" [Medium,Fix released] https://launchpad.net/bugs/961871
<uvirtbot> New bug: #977772 in samba (main) "package samba 2:3.5.4~dfsg-1ubuntu8.4 failed to install/upgrade: ErrorMessage: ìë¡ì´ post-removal ì¤í¬ë¦½í¸ íì íë¡ì¸ì¤ê° ì¤ë¥ 1ë²ì ë¦¬í´íìµëë¤ (dup-of: 349469)" [Undecided,New] https://launchpad.net/bugs/977772
<uvirtbot> New bug: #974460 in cobbler (main) "cobbler-ubuntu-import does not check gpg signatures" [High,Fix released] https://launchpad.net/bugs/974460
<hallyn> jdstrand: drat, tried to push my changes to qa-regression-testing, but got http://paste.ubuntu.com/923384/
<jdstrand> hallyn: weird. can you just give me a diff for now?
<hallyn> jdstrand: http://people.canonical.com/~serge/qrt-libvirt-precise-fix.patch
<jdstrand> hallyn: thanks. why the two calls to _destroy_vm()?
<hallyn> d'oh
<hallyn> because i mis-handapplied the patch
<hallyn> (i blame the instance i was working on which had about a minute lag-time to keystrokes)
<hallyn> (cause it can't be *my* fault)
<hazmat> utlemming, thanks
<hallyn> jdstrand: i was considering putting that into the same original function, but it's so much shorter...
<hazmat> utlemming, one more for you if you've got time.. at this point its not critical for precise.. but cloud-init's config doesn't end up running in the cloud-image container due to rsyslog's failure to start in the container
<lynxman> just updated to precise, there's a process that is self executing and sleeping almost eating one of my CPUs http://pastebin.ubuntu.com/923408/
<lynxman> any idea where to start looking at?
<acicula> lynxman: the 0.0 would suggest its not using cpu at all?
<zul> lynxman: fuser?
<ikonia> lynxman: why do you think that's eating your cpu
<lynxman> zul: hmm could be
<ikonia> could be ???????
<ikonia> lynxman: why do you think that is easting your cpu
<lynxman> ikonia: a machine that was 0.05 is now solidly on the 1.00 after reboot
<ikonia> 0.05 where ?
<ikonia> what are you using to measure
<lynxman> zul: any suggestions where to look at?
<lynxman> zul: I reckon this is one of those upstart scripts gone wrong bug
<zul> lynxman:  no idea i would start stracing
<lynxman> zul: the process lasts a second, I'll try to capture one
<ikonia> how can it be eating your cpu if it only lasts a second
<lynxman> ikonia: it's a fork bomb, a slow one though :)
<ikonia> what ?
<ikonia> it's a fork bomb in an init script....please
<ikonia> lynxman: 1.) why do you think this is eating your cpu
<lynxman> ikonia: you clearly don't understand what I'm looking at, stop being so agressive please
<ikonia> 2.) how can something that spikes for a second be "eating your cpu"
<ikonia> lynxman: just explain yourself then
<ikonia> then we can work out what's going on
<lynxman> ikonia: chillax ;)
<ikonia> I am chilled
<ikonia> I'm just asking you for information
<lynxman> ikonia: that is not relevant to the problem
<ikonia> it is
<ikonia> 2.) what are you doing to measure/show this
<ikonia> lynxman: 1.) why do you think this is "eating your cpu"
<ikonia> 3.) how are you rationalising something that's spiking a cpu for a second as "eating" your cpu
<ikonia> then we can understand the problem and move forward
<lynxman> ikonia: no need for your help, thanks
<ikonia> lynxman: then don't ask for help if you can't give basic information to help get it resolved
<lynxman> ikonia: again, stop being so agressive, thank you very much
<lynxman> zul: it's the mysql post-script respawning like crazy
<lynxman> zul: acording to strace
<ikonia> I'm not being agressive, stop wasting peoples time, if you ask for help then refuse to give information to help get it resolved
<zul> SpamapS: ^^^
<lynxman> zul, SpamapS: http://pastebin.ubuntu.com/923424/ (the script) http://pastebin.ubuntu.com/923425/ (the strace)
<hallyn> jdstrand: gah!  as i'd feared, on a diff machine the 'info block' output through json is ordered differently
<lynxman> ikonia: go have a tea and come back later when you acept not jumping to conclusions ;)
<hallyn> so i'll make some more changes to go through piece by piece.  do you happen to know whether you cared about every one of those pieces?
<lynxman> jdstrand: oh btw, I wanted to talk with you re puppet
<ikonia> I'm not jumping to any conculsions, I'm asking for information
<ikonia> lynxman: provide the information
 * lynxman ignores ikonia for the time being
<hazmat> hallyn, is /dev/log containerized.. i was noticing that the app armor profile prevents rsyslog from starting in an lxc container, but it appears to work okay if i disable the profile (no container messages in host)
<zul> ikonia: seriosly?
<hazmat> ikonia, that's a bit over the top
<lynxman> ikonia: abusing power now, great
<ikonia> lynxman: it's really simple, I'm asking you for information, if you don't want to give it that,s fine, just say "I don't know how to give it/don't want to give it" rather than coming up with nonsense about me jumping to conculsions and talking about fork bombs in init scripts
<ikonia> lynxman: if you want help - ask for it and give information, to help people get it resolved
<lynxman> ikonia: and zul has seen my issue and was already helping me solve this one while you were abusing me verbally, with all due respect
<lynxman> zul, SpamapS: This could be the issue I reckon http://pastebin.ubuntu.com/923432/ looks like the upgrade from 5.1 to 5.5 was rocky
<ikonia> lynxman: that's great, so all you need to say is "I think zul has it"
<ikonia> lynxman: I'm not abusing you in the slightest, all I have done is asked you for information
 * zul gets his popcorn out
<zul> ikonia: and then you kicked him from the channel is not abuse at all
<jdstrand> hallyn: bummer. not to hard to fix though with a for loop and search (the test-libvirt.py script should have examples, but others in qrt do too)
<lynxman> ikonia: by not abusing you mean "kicking me out"
<hazmat> hallyn, nm.. it looks like its just the app armor profiel that's causing the issue
<ikonia> lynxman: then stop wasting peoples time
<zul> ikonia: he wasnt thats the point sheesh
<hallyn> jdstrand: yup, i'm looping
<lynxman> ikonia: Was I wasting anyones time? I don't think I have, and I've been active in this channel for the last 1+ years
<SpamapS> sorry what did I miss about the mysql post-start ?
<ikonia> lynxman: the time you've spent active doesn't change anything
<zul> SpamapS: seems to be eating up cpu cycles
<SpamapS> ikonia: kick was over the top. Period.
<lynxman> SpamapS: it cycles over and over and shows itself as a sh proc/self with a sleep 1
<ikonia> SpamapS: you're welcome to your opinion
<zul> ikonia: seriously dude it was very very over the top
<lynxman> SpamapS: also looks like the mysql-server-5.1 package didn't finish deinstalling itself
<ikonia> zul: that's great, thanks
<SpamapS> ikonia: http://www.ubuntu.com/project/about-ubuntu/conduct "When we disagree, we consult others."
<SpamapS> we don't kick them out of the channel.
<ikonia> SpamapS: I wasn't disagreeing
<zul> ikonia: you were being an ass
<ikonia> zul that is uncalled for
<SpamapS> lynxman: oh? mysql-server-5.5 breaks and replaces it, so apt should have fully removed it
<zul> ikonia: well you were
<ikonia> zul: do not insult people
<lynxman> SpamapS: mysql-server-5.1 shows as rc
<hallyn> hamzat: sorry, i missed your q
<SpamapS> lynxman: probably a conffile that wasn't replaced by mysql-server-5.5
<hallyn> hazmat: no, it is not.
<zul> anyways im done with this
<SpamapS> lynxman: can you pastebin dpkg -L of it?
<uvirtbot> New bug: #978107 in php5 (main) "not parsing form data as multidimensional variables into $_POST" [Undecided,New] https://launchpad.net/bugs/978107
<lynxman> SpamapS: hmm let me try to stop and start the process again then, see where it stands, get some more logging
<koolhead11> ikonia, kick was uncalled
<lynxman> SpamapS: sure
<hallyn> hazmat: rsyslogd running int he container will catch syslog(2) calls from userspace,
<ikonia> koolhead11: I suggest you drop it
<hallyn> hazmat: but the syslog system call is not containerized.  yet.  unfortunately
<lynxman> SpamapS: http://pastebin.ubuntu.com/923442/
<hazmat> hallyn, ic, thanks
<hallyn> hamzat: how mcuh of a problem is that for you?
<SpamapS> lynxman: whoa, lots more than I would have expected..
<SpamapS> lynxman: looks though like the logcheck dir is a problem
<lynxman> SpamapS: I can try to run the procedure again and see what it complains about
<SpamapS> lynxman: still /etc/init/mysql.conf should belong to mysql-server-5.5 so thats not "the problem"
<lynxman> SpamapS: yeah that's a secondary one, I do agree
<lynxman> SpamapS: mysqld process won't stop either, it's stuck in the script :/
<SpamapS> lynxman: I do see where the mysql upstart job needs to check for -x on mysqld and exit gracefully if its not there for the 'rc' state .. but you say mysql-server-5.5 is installed?
<lynxman> SpamapS: yes, definitely installed
<SpamapS> lynxman: mysqld may be in a state of flushing to disk...
<SpamapS> that can take a long time
<SpamapS> lynxman: what does 'status mysql' show ?
<lynxman> SpamapS: ah yes finally it did :)
<lynxman> SpamapS: just starting again, as soon as it's started I'll get you the status
<SpamapS> lynxman: the post-start should only run once per respawn.. and if it respawns even remotely fast, upstart should give up on it because of the limit of 2 times in 5 seconds
<hazmat> hallyn, well in this context it prevents juju from just using the ubuntu-cloud template as is so we can ditch our libvirt network usage and container customization shell script.. in particular because rsyslog fails to start in the container, cloud-init's config doesn't run, and juju relies on cloud-init to get the container initialized with juju... there's probably valid work arounds though including just leaving the implementation as is or adjusting
<hazmat> the app armor profile.. i'm not terribly concerned with  the host isolation from the container as a result, as effectively this is already an issue.
<lynxman> SpamapS: mysqld started and it's working, but upstart is not returning to prompt and again in the loop
<SpamapS> lynxman: is mysqladmin --ping not working?
<lynxman> SpamapS: nope :/ you reckon it's a permission problem?
<SpamapS> its running as root, so no
<SpamapS> unless
<SpamapS> you removed the debian-sys-maint user
<SpamapS> that will force mysqladmin ping to fail 30 times and then just give up with exit 1
<hallyn> hamzat: rsyslog shouldn't fail to start ina container i don't think
<hallyn> hazmat: are you running it in libvirt-lxc, or lxc-start?
<lynxman> SpamapS: The user doesn't exist (debian-sys-maint) but never did on my system
<lynxman> SpamapS: this is an upgrade straight from an oneiric default one
<lynxman> SpamapS: doesn't create /var/run/mysqld/mysqld.sock I reckon that's the problem
<hazmat> hallyn, lxc-start
<hazmat> hazmat, if we could use the cloud template (which i think we could if we can get past this) there would be no more libvirt usage by juju.. we currently just use that for ancillary functionality to setup the network, which lxc precise already does atm
<hallyn> hazmat: so just 'lxc-create -t ubuntu-cloud -n p1' should reproduce this?
<hallyn> utlemming: ^ ring any bells?  (I will test as soon as i'm done with qrt)
<utlemming> hallyn: I've confirmed yesterday that cloud-config doesn't start under lxc.
<hallyn> utlemming: well fooi.  it used to.  wonder if apparmor is involved.
<utlemming> hallyn: I was leaning towards apparmor as the cause yesterday, but I ran out of time to dig on it
<hallyn> utlemming: ok, thanks for confirming.
<utlemming> hallyn: apparmor is generally unhappy about a couple of things, like dhcp
<hallyn> hazmat: do you mind opening a bug, mark it high or critical prio and confirmed?
<hazmat> hallyn, sure
<hazmat> hallyn, i reproduce with.. lxc-create -n cloud-unit-x -t ubuntu-cloud -- -r precise -S ~/.ssh/id_dsa.pub -u cloud_init.txt  .. but that's testing the end goal of cloud-init working, the cli invocation you had should reproduce the rsyslog issue, there's another bug that utlemming addressed with the cloud-template itself that needs a fix to be able to run -u..
<hallyn> jdstrand: http://people.canonical.com/~serge/qrt-libvirt-precise-v2.patch just passed for me.
<jdstrand> \o/
<hallyn> but i still can't check it in :)
<jdstrand> hallyn: you still have the _destroy_vm() in there. is that intended? if so, can you comment in the patch why it is needed?
<hallyn> jdstrand: it's there bc self._run_qemu_command_and_kill_vm does it for us in teh other branch, so we need to
<SpamapS> lynxman: debian-sys-maint is created on installation
<SpamapS> lynxman: the socket is created when mysqld starts
<SpamapS> lynxman: unless you change /etc/mysql/my.cnf
<jdstrand> hallyn: in the other branch? you mean yours that you can't commit? can you give me one big patch to get this working for you?
<hallyn> jdstrand: no,
<hallyn> jdstrand: I mean if release < 12.04,
<hallyn> if release > 12.04, we manually talk tot he monitor then kill the vm;  otherwise we call _run_qemu_command_and_kill_vm.  either way the tests expect the vm killed afterward
<hallyn> so we have to kill it manually if release < 12.04
<hallyn> uh, > 12.04
<hallyn> i'll add a comment, then post v3, one sec
<jdstrand> thanks
 * jdstrand was just reading the diff
<lynxman> SpamapS: hmm I'll see what I can do to fix, since my my.cnf has changed a bit I reckon this is not an issue that should be bug reportable then
<hallyn> jdstrand: http://people.canonical.com/~serge/qrt-libvirt-precise-v3.patch
<jdstrand> hallyn: thanks! committed
<jdstrand> hallyn: not sure about the bzr issue-- we have usually kept our trees compatible with earlier releases, which might be a clue if you upgraded your side
<uvirtbot> New bug: #978147 in lxc (universe) "rsyslogd fails to start in cloud template " [High,Confirmed] https://launchpad.net/bugs/978147
<adam_g> koolhead11: im not sure what keystone packages your using, ours do not create any of that stuff
<koolhead11> adam_g, it was my fault. i realized that.
<hallyn> jdstrand: upgraded which?  it's a new precise install (hd crash) if that's what you mean.  i didn't do anything to the bzr tree on purpose
<hallyn> maybe i shou'dve tried in a lucid chroot
<zul> Daviey: swift uploaded
<jdstrand> hallyn: upgraded the tree. I'm using precise with the tree. I am not a bzr expert. I do know that bzr will sometimes ask you to upgrade to improve performance, etc. I was merely suggesting that if you did that, maybe that was the cause
<hallyn> jdstrand: yeah i've seen that q before, but it didn't ask me that (and it's a fresh checkout).  <shrug>
<jdstrand> hallyn: maybe just redownloading the tree would work, or asking in #bzr (iirc)
<hallyn> jdstrand: thanks for pushing it!
<jdstrand> np :)
<jdstrand> hallyn: thanks for working on it :)
<hallyn> jdstrand: oh!  maybe it's bc i did "bzr init-repo qrt; cd qrt; bzr branch lp:qa-regression-testing"
<hallyn> maybe that forces the new format
<hallyn> <facepalm>
<hallyn> hazmat: thx for opening that bug
<hallyn> hazmat: utlemming: stgraber: d'oh!  rsyslog isn't starting bc of /lib/init/apparmor-profile-load usr.sbin.rsyslogd in pre-start
<lynxman> SpamapS: I think I found it, the debian-sys-maintainer user wasn't created because I had already some other users created and the dist-upgrade process, this looks like it stoped the mysql package from creating the debian sys maintainer user
<SpamapS> lynxman: I hope to revamp the mysql packages entirely over the next 2 cycles. They're kind of ridiculously old fashioned and weird.
<zul> SpamapS: im shocked that you called them old fashioned
<roaksoax> smoser: do you have any fix to cobbler in a branch to be merged?
<SpamapS> zul: sorry, "Old school"
<roaksoax> smoser: or can I just go ahead and upload the fix for the tfpt bug
<SpamapS> zul: or would you prefer "ridiculously out of date with modern packaging" ?
<smoser> roaksoax, i just uploaded yesterday.
<zul> SpamapS: back in my day we used magnest for packaging
<roaksoax> smoser: ok ;)
<SpamapS> zul: and speling?
<zul> SpamapS: spelling wasnt taken into account
<siert> on oneiric I have the issue that IPv6 stops working after about two minutes after the boot. I do have autoconf & ra disabled for 'default,all,eth0,lo' ... what could be the cause or what whould be a good starting point for research?
<roaksoax> smoser: so distro-info --supported will also list the development release?
<smoser> yes.
<smoser> strangely
<smoser> :)
<roaksoax> smoser: hehe ok :)
<smoser> it will do that in all of the 6 implementations available.
<roaksoax> smoser: right, but I just wanna make sure that as soon as Q is out, it will automatically detect it
<roaksoax> when doing --suppoerted
<smoser> it shoudl, yes.
<smoser> your maas-improt-isos logic...
<smoser> you should look at that.
<smoser> i'm kind of ocncerned about it failing and starting to use the development release... well, i didnt' really read it, but just be careful ther.e
<ivoks> am i mistaken, or maas doesn't support multiple interfaces yet? it assumes it's running on eth0, right?
<itgeo> hello guys, when i m trying to send email
<itgeo> hello guys, when i m trying to send email from my webserver, its always failling. I can receive and send to people outside of my network
<ivoks> itgeo: have you looked at the logs at all?
<itgeo> ivoks: not yet but i have the undelivery message with me
<uvirtbot> New bug: #899276 in cobbler (main) "Release versions of cobbler don't automatically support the next development release" [Low,Fix released] https://launchpad.net/bugs/899276
<ivoks> itgeo: then check the logs; you also haven't said which MTA you are using
<itgeo> ivoks: I am using iRedMail give me 2min i have to connect to my server I am not at home
<ivoks> i have no idea what iredmail is
<ivoks> and it's not in the archives; not sure how to help you
<itgeo> ivoks: its Postfix, Dovecot, Apache, MySQL, Amavisd, ROundcube, Awstats and Fail2ban
<itgeo> ivoks: http://www.iredmail.org/
<ivoks> what was wrong with mail-stack-delivery from ubuntu?
<itgeo> ivoks: well here is what i received after 24h that i sent my mail from my gmail account http://paste.ubuntu.com/923611/
<itgeo> and this one when i send a mail from my webserver to my gmail http://paste.ubuntu.com/923620/
<hallyn> jdstrand: have you seen http://paste.ubuntu.com/923623/ with test-qemu.py?
<hallyn> (trying reverting to older qemu-kvm to make sure...)
<ivoks> itgeo: this is cause by your mail server configuration
<ivoks> caused
<itgeo> do you have any idea, because when i send user1@itgeo.info to user2@itgeo.info its working
<ivoks> aliases probaby is broken
<ivoks> so it doesn't know how to get username from jamil.slim@itgeo.info
<gary_poster> hallyn, hey.  did you see my question from today, before you started, about us putting together a small "lxc-ip" script for the lxc package?
<hallyn> gary_poster: no, i did not.
<hallyn> is that to insert an ip into the container?
<gary_poster> hallyn, no, to get the ip of a container.  it would extract the dhcp bit from lxc-start-ephemeral
<hallyn> please feel free to open a bug.  do you have a patch by chance? :)
<hallyn> hm
<hallyn> gary_poster: is there any way you can do this another way, i.e. by querying yoru dhcp server?
<hallyn> or preallocaing mac->ip in the dhcp server
<gary_poster> hallyn, well, querying: I don't know of a way other than what we're doing, but I can investigate.  preallocating: the intent of the tool would be to help with arbitrary jobs on a container...a developer tool.  preallocating would be more constraining than what we're looing for
<gary_poster> looking
<gary_poster> the intent would be to abstract the querying question
<gary_poster> we could implement it with the ugly grep now
<gary_poster> and convert it to a query later
<gary_poster> but being able to sat
<gary_poster> say
<gary_poster> "ssh `lxc-ip NAME`
<gary_poster> "
<gary_poster> is an example of the kind of convenience we are interested in
<hallyn> gary_poster: I'm not opposed.  Perhaps we should ask stgraber (as the creator of our current dns setup in precise :) for ideas too
<gary_poster> hallyn, cool.
<hallyn> gary_poster: note that if we add '-q' to lxc's dnsmasq then we can get the ip addr from syslog
<hallyn> but i don't see any way to send just the mapping to a file under /var/run/lxc
<hallyn> gary_poster: I also don't know if it's too late to get this into precise.  did you want it there?
<hallyn> (pretty sure it is, as it's a feature)
<gary_poster> hallyn, yeah, I was wondering about that
<hallyn> do you need it in precise?
<gary_poster> it would be convenient, not necessary
<gary_poster> we can add it to our own packages
<hallyn> jdstrand: re-running got past those errors.  Now only a usb one.  I asssume taht's what you'd filed a bug for before?
<hallyn> gary_poster: cool, thanks.  Yeah please open a bug.  Would be nice to "do it right".  WOudl be useful for non-ephemeral containers too.
<hallyn> gary_poster: btw did you ever look at teh lxc server guide?
<hallyn> it's only in the bzr branch so far as precise one hasn't been posted afaik
<gary_poster> hallyn, cool.  useful for non-ephemeral: agree.  lxc server guide: no, I hadn't seen it.  http://people.canonical.com/~serge/lxc.serverguide.pdf ?
<hallyn> gary_poster: it's merged into lp:serverguide.
<gary_poster> hallyn, cool, will look at it.  thanks for pointer.
<hallyn> (the one on p.c.c is probably out of date)
<gary_poster> ack
<hallyn> cool, I suspect you may have some helpful comments on better ways to do things.  thanks.
<rbasak> SpamapS: bug 968753 please!
<uvirtbot> Launchpad bug 968753 in openssh "ssh crashed with SIGSEGV" [Medium,Triaged] https://launchpad.net/bugs/968753
<hallyn> that sounds bad
<SpamapS> rbasak: so this is just an upload of openssl, not openssh, right?
<rbasak> SpamapS: yes
<rbasak> SpamapS: I wasn't sure what to do with the openssh bug task. I thought it might help people not file dupes
<jdstrand> hallyn: sorry, was in a meeting. I have not seen that-- but it shouldn't happen unless a vm was still running in the bg
<SpamapS> rbasak: sure, I thinkw e can mark that as Invalid though
<rbasak> SpamapS: sure
<hallyn> jdstrand: so you get 0 failures?
<rbasak> SpamapS: or should I have changed the existing bug task to openssl instead, rather than adding a new one?
<hallyn> re-running right now, but i think it was usb camera that caused the error?
<jdstrand> well, let me try. I haven't done it in a long time (haven't prepared an qemu uploads)
<SpamapS> rbasak: no its cool to show the Invalid to make it clear that openssh is a red herring
<jdstrand> virsh list
<jdstrand> heh
<rbasak> SpamapS: ok, thanks!
<hallyn> jjohansen: stgraber: any input on bug 978147?  should we just allow the transition?  or ask rsyslog to not do it in a container?  or create a container-rsyslog domain and ask it to enter that?
<uvirtbot> Launchpad bug 978147 in lxc "rsyslogd fails to start in cloud template " [High,Confirmed] https://launchpad.net/bugs/978147
<jjohansen> hallyn: hrmmm, for this cycle, I would try to keep the diff down so probably just ignore.
<stgraber> hallyn: is there any good reason to prevent rsyslog from starting when apparmor fails to load the profile?
<stgraber> hallyn: if not, I'd drop the pre-start, move the apparmor-profile-load to script and add a || true after it
<jdstrand> rsyslog should not have an enforcing profile
<stgraber> hallyn: that'll even save an extra fork from upstart (as it won't need a pre-start then)
<hallyn> hm
<hallyn> jdstrand: oh?
<jdstrand> stgraber, hallyn: it is supposed to be disabled on boot since /etc/apparmor.d/disable/usr.sbin.rsyslog should exist
<hallyn> interesting
<hallyn> jdstrand: ok so there's probably a bug that prevented that link being made (i'll check) but meanwhile,
<hallyn> what straber suggests is even more useful in that case then right?
<jjohansen> jdstrand: hrmm, I have it loading here, in complain mode
<jdstrand> jjohansen: it doesn't load in a vm here
<hallyn> my laptop has it unconfined
<hallyn> wonder if postinst does anything "interesting"
<jdstrand> /var/lib/dpkg/info/rsyslog.postinst
<jdstrand> $ sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.rsyslogd ; echo $?
<jdstrand> Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
<jdstrand> 0
<jdstrand> but that is postinst, not /lib/init/apparmor-profile-load
<hallyn> jdstrand: so what should be setting the disalbed link?  i don't see it in the package (rules/postinst)
<jdstrand> the upstart job was modified to use /lib/init/apparmor-profile-load (like we normally do) in case the user wanted to enable it
<hallyn> oh preinst
<jdstrand> (that is standard procedure)
<hallyn> jjohansen: /etc/apparmor.d/disable/usr.sbin.rsyslogd exists.  here is the console output from start: http://paste.ubuntu.com/923775/
<jdstrand> fyi:
<jdstrand> $ sudo /lib/init/apparmor-profile-load usr.sbin.rsyslogd  ; echo $?
<jdstrand> Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
<jdstrand> 0
<hallyn> there are complaints about inability to write to /sys/kernel/security/apparmor/.replace
<hallyn> jdstrand: jjohansen: http://paste.ubuntu.com/923780/
<hallyn> (in a container)
<sbeattie> hallyn: yes, rsyslog gets skipped correctly, but tcpdump and and dhclient are failing due to permissions.
<jdstrand> it is the tcpdump profile that is the problem
<jdstrand> (and dhclient, like sbeattie said)
<jjohansen> yep
<hallyn> they are a problem, see http://paste.ubuntu.com/923780
<jdstrand> we ship default enforcing profiles for those
<hallyn> s/,/, but/
<jdstrand> hallyn: can you sudo sh -x /lib/init/apparmor-profile-load usr.sbin.rsyslogd
<jdstrand> it is probably failing on this line:
<jdstrand> [ -w $aafs/.load ]           || exit 1 # fail if cannot load profiles
<hallyn> jdstrand: http://paste.ubuntu.com/923785/
<jdstrand> ah, the next one down
<hallyn> hm.  that shouldn't be -eperm
<jdstrand> that translates to /sys/module/apparmor/parameters/enabled
<hallyn> ok, our profile has
<hallyn>   deny @{PROC}/sys/kernel/** wklx,
<hallyn> but i'd think read would be allowed.  do we need x?
<jjohansen> hallyn: no
<jjohansen> hallyn: err, no read shouldn't need x, and directory traversal x is different than apparmor x
<hallyn> do i need CAP_MAC_ADMIN for that?
<hallyn> i can't read any files under /sys/module/apparmor/parameters
<hallyn> nothing in syslog
<jjohansen> hallyn: CAP_MAC_ADMIN should not be needed for enabled, but is needed for some of the other files
<hallyn> i suspect it just has to do with my hacky /sys/fs/cgroup set of deny's
<hallyn> but i don't understand why
<jjohansen> hallyn: if you suspect apparmor is denying it set audit to noquiet
<B14CKB0X> Can someone help me? How to do to keep MAC address after a reboot of ubuntu server 11.04?
<jjohansen>   echo -n "noquiet" > /sys/modules/apparmor/parameteres/audit
<jjohansen> err make that /sys/module/apparmor/parameters/audit
<hallyn> will do - but can i suggest that apparmor-parser-load should return success if a prfile is disabled, even if it can't check apparmor's enabled status? :)
<jjohansen> hallyn: yeah that does sound reasonable, jdstrand^
<patdk-wk> B14CKB0X, how did you *loose* the mac address?
<hallyn> jjohansen: still no audit msgs, so maybe it's not apparmor!
<B14CKB0X> just need to replace it with a certain order to use Internet
<hallyn> GAH!  jsut powered off the instance istead of the container
<jjohansen> hallyn: well barring bugs any way :/
<hallyn> jjohansen: going to try with all capabilities
<B14CKB0X> and then restart each time you need to switch to an internet
<jdstrand> jjohansen: so we short-circuit /lib/init/apparmor-profile-load right after '[ -z "$1" ]'?
<hallyn> eah that did it
<jjohansen> jdstrand: yeah I think so
<hallyn> jjohansen: either cap_mac_admin or cap_sys_module is needed
<jdstrand> jjohansen: seems reasonable to me. sbeattie-- can you add that to your list of things to do for the next apparmor upload
<jjohansen> hallyn: okay, that is a bug then :(
<jdstrand> hallyn: can you file a bug and assign it to sbeattie?
<jjohansen> hallyn: release critical?
<jdstrand> hallyn: the bug I am referring to is for the short-circuiting
<jjohansen> hallyn: I might be able to sneak a release critical kernel patch in today, otherwise we are waiting for the post release sru
<hallyn> sys_module is needed
<jjohansen> hallyn: the userspace portion can go in today
<hallyn> jjohansen: i think so.
<hallyn> jdstrand: oh
<jdstrand> jjohansen: is the userspace portion even needed with your kernel side fix?
<hallyn> jdstrand: ok, will do
<jdstrand> hallyn: well, hold on
<hallyn> jdstrand: not needed for this particular problem.
<hallyn> though seems sensible...
<jdstrand> well-- maybe
<hallyn> but, under time crunch, ... i'll hold off :)
<jdstrand> it mean it does exit 0
<jdstrand> s/^it/I/
<jdstrand> and would with the kernel fix
<jjohansen> jdstrand: hrmm, well no, iff and thats a big if I can get the patch in, as kt already asked me if I had release critical kernel patches and I said no
<jdstrand> jjohansen: well, this would only fix rsyslog-- there is still dhclient and tcpdump
<jdstrand> jjohansen: so seems the kernel side is the real fix, no?
<jjohansen> jdstrand: but the userspace change should go in regardless because there are other reasons that access may be blocked
<hallyn> jdstrand: those will need package updates.  different problem
<jjohansen> jdstrand: uh, those failing to load won't be fixed
<jdstrand> jjohansen: yeah, but the userspace side only fixes disabled profiles...
<hallyn> right.  but if the package insists it needs an enabled profile, then there is no fix we can do in precise for it
<jjohansen> jdstrand: they can't load because there is no CAP_MAC_ADMIN granted, because the container can not load policy
<hallyn> i'm about to open bugs for dhclient and tcpdump btw
<jdstrand> I'm wondering why this was only noticed just now?
<jjohansen> hallyn: right we need a fix for that, but the only thing the kernel could do would be silently fail profile loads, which isn't good either
<jdstrand> hallyn: you could file those, been then you would have to for everything that ships a profile, no?
<hallyn> jjohansen: or lxc could be allowed to transition
<jdstrand> tcpdump does not use /lib/init/apparmor-profile-load
<hallyn> to those
<hallyn> jdstrand: yup
<jdstrand> it is loaded by the initscript
<jdstrand> this seems incredibly late to be changing 15+ packages
<jjohansen> hallyn: lxc could be allowed to transition?
<hallyn> jjohansen: to dhclient profile, yes
<jjohansen> hallyn: sure it could be allowed to transition, by adding that in the profile but I thought the problem was the other profiles failing to load.
<jdstrand> hallyn: does 'sudo /etc/init.d/apparmor start' exit non-zero?
<hallyn> jdstrand: http://paste.ubuntu.com/923819/
<hallyn> jjohansen: well, actually, it's not a problem.  dhclient runs fine :)
<hallyn> so let's forget about that and just focus on rsyslog/disabled
<hallyn> (sorry)
<hallyn> jjohansen: jdstrand: so sorry, should i open a bug for the kernel piece?  or is that handled?
<jdstrand> wouldn't it be better to have something in /lib/init/apparmor-profile-load and /etc/init.d/apparmor to exit 0 if it is running under lxc?
<hallyn> should i be on #ubuntu-harded for this?
<hallyn> jdstrand: we could do that for now, but eventually of course we'll want to re-enable it
<jjohansen> hallyn: I haven't opened a bug yet, I was thinking of opening one with a kernel and userspace component
<hallyn> when we have stacked profiles
<jdstrand> hallyn: well, eventually containers will be able to load profiles, iiuc
<hallyn> right
<jdstrand> yeah, so this is just for precise
<hallyn> if we do that for precise,
<hallyn> and we fix the kernel for disabled profiles,
<hallyn> will rsyslog still fail to start then bc now the profile is unknown?
<hallyn> or will it check the disabled file inuserspace first
<jdstrand> I guess rsyslog is failing because /lib/init/apparmor-profile-load is exiting non-zero
<hallyn> right, which right nwo is bc it can't check if apparmor is enforcing,
<jdstrand> if we adjsut /lib/init/apparmor-profile-load to exit 0 if in lxc, then it should work fine
<hallyn> yes
<jdstrand> /etc/init.d/apparmor would fail later
<hallyn> ok.  should i open a bug for /etc/init.d/apparmor to do nothing in lxc?
<hallyn> (and submit a patch)?
<jdstrand> and anything upstartified with an apparmor profile would fail
<hallyn> more than it does now?
<hallyn> we knew there would be thinkgs we couldn't do in precise w/out stacked profiles, but the point was that things can run contained by container profile, and not by their own profile
<jdstrand> hallyn: well, it depends on the upstart job. but if the upstart job doesn't have '|| true' after apparmor-profile-load <foo>, then yeah, it would fail exactly like rsyslog
<hallyn> unless we disable the profile
<jdstrand> hallyn: you mean lxc just adds the symlinks automatically?
<hallyn> no not really :)  just thinkin
<hallyn> i prefer to have apparmor-profile-load do nthing in container
<jdstrand> jjohansen, sbeattie: what do you think of apparmor-profile-load and /etc/init.d/apparmor exiting 0 if inside a container for now? it seems to make sense since apparmor doesn't do profiles in a container well now anyway. this would be removed when apparmor does support that
<hallyn> and then we'd need no other fixes at all in precise?
<jjohansen> right now that looks like the best solution
<hallyn> Note I expect other things to break due to the inability to read /sys/module/apparmor/**
<hallyn> but at least ubuntu-cloud containers should work then
<sbeattie> jdstrand: yes, that should be okay, I think.
<jdstrand> hallyn: if we change apparmor-profile-load and /etc/init.d/apparmor, I would be surprised if anything else broke-- nothing should be fiddling around in /sys/module/apparmor/** typically
<jdstrand> sbeattie: would you be able to incorporate tested patches from hallyn in your next upload?
<jjohansen> jdstrand: we can do that if we delay the upload to tomorrow
 * jdstrand doesn't particular care when the upload happens, so long as it is before final freeze
<hallyn> note i'm ducking out soon for kid's practice
<jjohansen> jdstrand: okay, lets plan for tomorrow and I can test tonight
<hallyn> ok
<jdstrand> hallyn: ok, can you file a bug, then supply tested patches updating apparmor-profile-load and /etc/init.d/apparmor?
<mistica> holaaaaaaaa
<jdstrand> jjohansen: well, I was hoping hallyn would do most of the testing :)
<mistica> ;)
<jdstrand> but whatever you guys decide
<hallyn> jdstrand: should i re-use bug 978147 and mark it affecting apparmor?
<uvirtbot> Launchpad bug 978147 in lxc "rsyslogd fails to start in cloud template " [High,Confirmed] https://launchpad.net/bugs/978147
<hallyn> or do you prefer a new bug?
<jdstrand> hallyn: that seems fine. I think you might want to make the title more general
<mistica> bye
<mistica> Â¡Â¡
<hallyn> ok.  thanks.  will hop to.  ttyl :)
<jjohansen> jdstrand: well sure if hallyn can do testing great but /me and still need some time and I would like to give it at least a once over in both a container and outside, just to make sure we didn't break something
<jdstrand> jjohansen: absolutely :)
<hallyn> hm, i'll create a new bug
<hallyn> hm, one q
<hallyn> jdstrand: jjohansen: note that users can have containers run unconfined and with CAP_MAC_ADMIN
<hallyn> do we accomodate that with complicated checks, or just say "if in a container, no apparmor loads' ?
<jjohansen> hallyn: for now I am think just if in a container, no apparmor loads
<hallyn> ok thanks
<hallyn> opened bug 978297
<uvirtbot> Launchpad bug 978297 in upstart "apparmor should quietly return success in a container" [High,In progress] https://launchpad.net/bugs/978297
<hallyn> Daviey: can you add release tags to that?
<balachmar> I am trying to setup postfix using gmail relay. Following this guide: https://help.ubuntu.com/community/GmailPostfixFetchmail
<balachmar> echo 'test mail' | mail -s 'testing this' myemail@gmail.com works fine, however, sendmail -bv myemail@gmail.com does not
<guntbert> balachmar: in what ways does it not work? What do the logs tell you?
<balachmar> guntbert: It seems to be creating the connection  setting up TLS connection to smtp.gmail.com[173.194.65.108]:587
<balachmar> status=deliverable (250 2.1.5 OK m55sm1243768eei.1)
<balachmar> uberNAS postfix/local[4554]: 7191354CF8: to=<myUserName@localhost>, relay=local, delay=0.45, delays=0.11/0/0/0.34, dsn=2.0.0, status=sent (delivered to mailbox)
<guntbert> balachmar: mind you, I have no great knowledge about this configuration (and my last mail sever was configured severl years ago...)
<balachmar> So it seems that it (also) delivers something (other id?) to the local mailbox
<balachmar> No worries, any help or thinking is appreciated
<guntbert> balachmar: the "delay" is an over all value ( if I remember correctly )
<balachmar> yeah, put I don't think that is a problem. as long is it is not 0.45 hours :)
<guntbert> balachmar: in my experience it doesn't pay to obfuscate account names and the lot in a support dialog
<balachmar> point taken :)
<balachmar> but aren't these logs also logged somewhere?
<guntbert> !logs
<ubottu> Official channel logs can be found at http://irclogs.ubuntu.com/ . LoCo channels are now logged there too; for older LoCo channel logs, see http://logs.ubuntu-eu.org/freenode/
<guntbert> but still - 1) there is the extra effort  2) we cannot know if you hide just the crucial error :)
<uvirtbot> New bug: #978301 in apache2 (main) "Apache mod rewrite leads to 404" [Undecided,New] https://launchpad.net/bugs/978301
<hallyn> stgraber: can you remind me, did we decide that inuserspace it's ok to just [-f /run/container_type ], or that we should use /bin/running-in-container?
<stgraber> hallyn: I think it's more likely for us to keep running-in-container in the few next releases than /run/container_type, so running-in-container is safer
<hallyn> stgraber: too bad, was hoping to reduce forking :)
<hallyn> ok thanks, will do that
<hallyn> actually hopefully this hack will be dropped after precise, but still
<balachmar> guntbert: Well I now found out some more. It just seems to be a problem with checking if it should be delivered locally or externally. logcheck is now able to send mails successfully
<balachmar> guntbert: And that was my main goal :)
<stgraber> hallyn: you could use the horribly ugly:
<stgraber> exit() { echo $*; }
<stgraber> . /bin/running-in-container
<stgraber> saves the fork ;)
<guntbert> balachmar: fine - so sometimes a few questions from a "helper" can lead to the right answers from yourself - congrats
<hallyn> stgraber: hm.  pass, thanks :)
<balachmar> guntbert: Yes, that is what I meant with thinking :)
<hallyn> dash messes me up enough as it is
<gary_poster> zul or adam_g are you around for a question about openstack dns names?
<zul> kind of
<gary_poster> zul, thanks.  In canonistack, it would be great to have dns names reported as *.canonistack.  IS changed nova.network.linux_net's dhcp_domain value (/etc/nova/nova.conf:--dhcp_domain=canonistack), which did part of the job it seems.  However, publicDnsName and privateDnsName now have no suffix at all.
<gary_poster> (as opposed to, say, *.novalocal)
<gary_poster> we need the *.canonistack to be reported properly in the dns names.
<zul> gary_poster: right i think it might be something to do with dnsmasq, you might want to talk to canonical-is people
<gary_poster> zul, they did not know and sent me out to do research.  Any other ideas on people to ask?
<zul> gary_poster: i think it might be openstack specific but ill have a look
<gary_poster> thanks
<TylerWhitney> Someone feel like helping me with pptp server?
<RoyK> TylerWhitney: server? why do you use it for?
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<TylerWhitney> Using Ubuntu and install pptp vpn server; mainly to connect to a samba share/internal site on it; works great for those purposes, but cannot connect to the internet through the vpnm
<TylerWhitney> tried iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source P.P.P.P where P is my public IP and 192.168.0.0 is the network of IPs the pptp gives out via dhcp
<TylerWhitney> no avail
<TylerWhitney> oh, also, fwiw I also tried editing /etc/ppp/pptp-config and uncommenting ms-dns and giving it a dns server there as well
<uvirtbot> New bug: #978329 in cloud-init (main) "stack trace in cd_landscape if /etc/landscape is not a directory" [Undecided,New] https://launchpad.net/bugs/978329
<hallyn> jjohansen: i'm about to run out, but i'm having success in containers with
<hallyn> lp:~serge-hallyn/ubuntu/precise/apparmor/apparmor-apparmor-container/
<hallyn> and
<hallyn> lp:~serge-hallyn/ubuntu/precise/upstart/upstart-apparmor-container/
<hallyn> bbl
<jjohansen> hallyn: okay thanks
<uvirtbot> New bug: #978356 in squid3 (main) "squid3 crash at startup with dnsmasq and no networkmanager" [Undecided,New] https://launchpad.net/bugs/978356
<itgeo> hello guys, i need help to set my webserver. I m using iRedmail (its Postfix, Dovecot, apache, mysql, Amavisd, ROundcube, Awstat Fail2ban). In Intranet its working but its not working outside of my network. I cant send email to my gmail account and I cant receive mails on my gmail account from my mailserver
<itgeo> hello guys, i need help to set my webserver. I m using iRedmail (its Postfix, Dovecot, apache, mysql, Amavisd, ROundcube, Awstat Fail2ban). In Intranet its working but its not working outside of my network. I cant send email to my gmail account and I cant receive mails on my gmail account from my mailserver
<patdk-wk> itgeo, what is your domain?
<itgeo> patdk-wk, itgeo.info
<patdk-wk> not good
<patdk-wk> ubuntu.itgeo.info doesn't exist
<patdk-wk> therefor, no email :)
<itgeo> ubuntu.itgeo.info is my hostname
<patdk-wk> that doesn't matter at all
<patdk-wk> I am unable to locate it
<patdk-wk> therefor the internet is unable to locate it
<patdk-wk> therefor no one can send email to you
<patdk-wk> fix your dns
<patdk-wk> what ip address should it be? and I can keep looking for more issues
<itgeo> patdk-wk 76.67.161.227
<itgeo> its because i set ubuntu.itgeo.info as cname, now i set it as dns host
<patdk-wk> ya, cname isn't valid to be reused in other dns entries
<patdk-wk> next issue would be your isp
<patdk-wk> they block incoming port 25
<itgeo> patdk-wk oh ok ok :S i unlocked it from my modem it surprise me
<patdk-wk> lots of isp's block it
<patdk-wk> normally cause they are blocking outgoing port 25
<patdk-wk> but sometimes they actually do mean to block incoming too
<patdk-wk> or maybe they aren't and something else is
<itgeo> oh ok ok
<patdk-wk> but I can't connect to you on port 25
<patdk-wk> so either your isp is blocking it
<patdk-wk> or your firewall or postfix isn't working right
<itgeo> I didnt set a postfix policyd is it because of that ^
<itgeo> i dont have the file /etc/postfix-policyd.conf
<patdk-wk> heh? that is a totally different program
<patdk-wk> that isn't related to postfix
<itgeo> oh ok ok
<itgeo> i though it would be because of that because i even dont know how to turn off the greylist
<RoyK> http://lwn.net/Articles/491516/ <-- oops
<RoyK> any idea if there's a fix available for that yet?
<patdk-wk> royk, making the channel rounds? :)
<RoyK> patdk-wk: had to ask here...
<patdk-wk> I haven't seen anything yet
<RoyK> patdk-wk: I have rather a lot of ubuntu servers
<RoyK> not too many with samba, though
<RoyK> but that crappy old s10 machine with samba from the bronze age may need an upgrade...
<patdk-wk> royk, nothing about it in launchpad yet, so that includes ppa's too
<patdk-wk> probably be done tomorrow would be my guess
<patdk-wk> kind of late for eu today
<RoyK> well, it just turned wednesday...
<RoyK> I doubt a samba root exploit will make me stay awake
<patdk-wk> heh, I have 1 samba server
<patdk-wk> and if someone gets root, they won't get anything they don't already have
<patdk-wk> nothing on that server except samba
<RoyK> nite
<itgeo> the port 421 is smtp+ssh right ?
<patdk-wk> nope
<patdk-wk> mail only uses two ports, port 25 for incoming email
<patdk-wk> and port 587, for user submitted email
<itgeo> ok so i guess i have to use 2525 for smtp
<itgeo> i have a timeout exceeded when i use telnet on my domain
<itgeo> and the port is blocked by my isp even if i have the option to unlock it from my modem
<itgeo> patdk-wk my isp is not blocking 587, do you think i can use it instead of 25 ^
<adam_g> zul: did swift get accepted?
<uvirtbot> New bug: #978419 in squid3 (main) "squid binary package includes /etc/logrotate.d/squid which fails" [Undecided,New] https://launchpad.net/bugs/978419
<Patrickdk> itgeo, for incoming email? from that use a domain other than yours? no
<zul> adam_g: not yet...daviey hasnt accepted it yet
<itgeo> I m sent a mail from my gmail account to my domain mail and its the same, i didnt receive it Patrickdk
<Patrickdk> well, is gmail you? therefor it REQUIRES port 25
<itgeo> well my webserver is itgeo.info. user1@itgeo.info to user2@itgeo.info its working. but me@gmail.com to user1@itgeo.info is not working :S
<Patrickdk> like I said
<Patrickdk> IF the email is coming from someone OTHER than your domain, it won't work, without port 25
<Patrickdk> fix port 25, or no email :)
<Patrickdk> port 25 is REQUIRED for email to work, port 587 is OPTIONAL
<itgeo> i uncommented the line submission inet n       -       -       -       -       smtpd
<itgeo>  in /etc/postfix/master.cf to make it work on 587 but looks like its not working
<Patrickdk> like what isn't working?
<Patrickdk> I can connect to it fine
<zul> adam_g: accepted now
<itgeo> the port is open but i have a time out
<Patrickdk> but that port, submission/587 is only for use by YOU, not anyone else
<itgeo> oh
<Patrickdk> only people with mail accounts on YOUR mailserver will ever use that port
<itgeo> oh ok ok
<Patrickdk> for people OTHER than your and your users, port 25 is required
<itgeo> so the port 25 MUST be open
<Patrickdk> to receive email, yes
<itgeo> is there a way i can change it for another port or make a port redirect ^
<Patrickdk> no
<Patrickdk> if you did, it wouldn't be port 25
<itgeo> ok, so i have to get mailbox option in a compagny or a vps to make it work ?
<Patrickdk> pretty much
<Patrickdk> or find someone that will forward the email to you
<itgeo> what do you think about mail reflector from no-ip http://www.no-ip.com/support/guides/email/blocked_port_25.html
<itgeo> sorry here is the right link http://www.no-ip.com/services/managed_mail/inbound_port_25_unblock.html
#ubuntu-server 2012-04-11
<uvirtbot> New bug: #978458 in samba (main) "CVE-2012-1182: "root" credential remote code execution" [Undecided,New] https://launchpad.net/bugs/978458
<loym> which irc webchat is most featurefull and can be stable under heavy load?
<Ursinha> loym, you mean irc server?
<loym> ya. i need a webchat facility
<loym> for the ircd
<twb> I don't know what that means.
<twb> If you just want a browser-based IRC client, I can't help you.
<Ursinha> twb, I guess he wants to run a webchat service for his irc server
<loym> well. there can be a webchat facility like for example http://en.irc2go.com/webchat/?net=QuakeNet .
<loym> right?
<loym> which irc webchat application is most featurefull and can be stable under heavy load?
<twb> Why not just use that client, then?
<Ursinha> like this http://webchat.freenode.net/
<loym> 2 reasons.
<loym> i dont own freenode.
<loym> and second i need a website facility
<jcastro> there are 2 you could use
<jcastro> alice IRC, and subway IRC
<loym> its for my own network
<twb> Why would the client care what server it's connecting to?
<jcastro> alice is more mature, but subway has a real nice UI
<Ursinha> that's interesting jcastro
<jcastro> Ursinha: I also have charms for both!
<Ursinha> cool!
<Ursinha> twb, because he wants to have his own :)
<Ursinha> I don't see a problem with that :P
<twb> Why?
<loym> ok
<twb> So he can have corporate branding on it or something?
<loym> twb jcastro  i use inspircd  as an ircd
<loym> whats an easy way to log a channels chat. even if you logout as a user
<twb> Deploy a log bot
<smoser> loym, well, lots of people run an irc bouncer or proxy  on  a mostly-all-the-time-up host
<smoser> i use bip
<qman__> in my case, my desktop _is_ a mostly-all-the-time-up host
<qman__> but I use screen to a shell server for my mobile
<loym> qman__,  what do you mean by this but I use screen to a shell server for my mobile
<twb> loym: cellphones change IP all the time, so he can't easily run long-running connections on them.  So instead, he runs them on a "real" machine, and uses SSH and GNU Screen to connect to them
<loym> screen to a shell server for my mobile?
<loym> oh
<qman__> s/to/on
<loym> s/to/on/
<qman__> wrong preposition, I use irssi connectbot on the phone, to the shell server, which runs irssi in a screen
<loym> ?
<loym> i hope irssi make folders of different irc.servers   and put the channel files in those folders
<loym> channel log files**
<qman__> I actually don't log with my irssi, you have to configure it
<loym> qman__,  twb  making irc chats open to general public and search engines will be a nice idea ?
<qman__> but I'm sure it'll configure the way you want, irssi is hugely popular
<loym> hm
<twb> loym: at that point why don't you jsut make a channel on an existing public network
<twb> loym: e.g. /join ##wanktasm -- ta da, you now have your own channel
<qman__> running xchat on the desktop, I set this up in 2006, and, well, inertia
<loym> ya but if i have many good channels like #irssi #google #linux
<loym> qman__,  twb  making irc chats open to general public and search engines will be a nice idea ?
<twb> loym: plonk.
<smoser> SpamapS, around ?
<uvirtbot> New bug: #978507 in tgt (main) "tgt default config should use config.d" [Medium,In progress] https://launchpad.net/bugs/978507
<qman__> so I'm looking for recommendations on software for local backup to USB drive, I would just rsync but I'd like to keep deleted files for a while
<qman__> and get deduplication
<Patrickdk> heh, dedup is hard
<qman__> I use backupPC at work for remote backups, which I guess could work for local
<qman__> but I was wondering if there's a better choice
<twb> qman__: rsnapshot
<Patrickdk> ya, I use backuppc currently
<twb> Or just rsync --link-dest + manual expunge
<Patrickdk> but think I need to change to something else
<qman__> bup looks promising but it's a ways off from production use
<qman__> rsnapshot pretty much looks like what I want
<qman__> thanks
<qman__> I now need to make sure I have less than 3TB of stuff on my source directory
<twb> FWIW my $boss maintains it and we're looking to replace it with something slightly less funky
<twb> Specifically the two key issues I want to address are 1) literal tabs in the config file; and 2) name backups by their timestamp, not daily.N
<qman__> well, this is just my home stuff, going from no backup to a couple 3TB USB3 drives
<twb> qman__: another good trick is to configure udev to run rsnapshot as soon as you plug the drive into the server
<twb> qman__: so all you need to do is rotate the drives and it'll kick off on its own
<qman__> was thinking about dd'ing the filesystem on them so they have the same uuid
<qman__> then automount, scheduled backup
<twb> Or just tune2fs, dude
<qman__> good idea
 * Patrickdk sticks to, zfs send -> tape
<qman__> next time I rebuild it I'll go with zfs or btrfs, but that's a ways off
<qman__> did a raid 6 with hot spare after it failed, and now I'm adding a real backup
<patdk-lap> heh, it took a large push to get me to use zfs
<patdk-lap> it just seemed way too good to be true, some of it is though
<qman__> I've already had three of the new drives go bad
<qman__> first one RMA'd, second one's mid-RMA
<patdk-lap> always fun
<qman__> third when that one shows up
<qman__> fortunately they didn't all die at the same time this time
<qman__> lost everything before
<patdk-lap> I had a raid50 (6 disk) go bad, with 4 bad disks
<patdk-lap> it lasted months though
<patdk-lap> just off the raid cards cache ram
<patdk-lap> and os buffers
<qman__> ha
<patdk-lap> the only thing that killed it, was a reboot
<qman__> my previous raid 5, lost three drives in one day
<qman__> when I built it, I figured the odds were low that they'd die at the same time, and I was horribly mistaken
<patdk-lap> how did they fail?
<qman__> they were ticking
<patdk-lap> been a very long time, since I had one of them
<qman__> they were about two years old when they quit
<qman__> the other five still work
<patdk-lap> for the past 6 years or so, just have bad sectors, or bearing issues
<qman__> not using them in that server, just for miscellaneous use
<qman__> the new ones, the first two had bad sectors, the third just up and died, no longer detects, clicking
<qman__> they sure don't make them like they used to
<patdk-lap> my 2tb drive was unpacked with a bad sector :(
<patdk-lap> the drive refused to remap it
<qman__> said server has a 4GB quantum fireball as /, with many years of service
<patdk-lap> ended up locating that sector, calculating it's lvm offset, luks offset, ext2 offset, and telling ext2 to not use that sector
<qman__> and it'll probably outlast this second set of raid drives
<qman__> as it did the first, and a couple computers before that
<patdk-lap> ya, I have two 8gb disks that are good :)
<patdk-lap> don't own any ide stuff anymore though
<patdk-lap> have 50+ 250gig wd ide drives
<qman__> I originally built it on a tight budget, that's why I used it
<qman__> but it just keeps working
<qman__> no reason to replace it
<twb> qman__: you could arrange an "accident"
<patdk-lap> I couldn't believe the new hitachi 1tb disks I got
<patdk-lap> they where like 1/4th the weight of a normal harddrive
<twb> patdk-lap: wait til you see SSDs
<twb> spinning metal?  fing o der parst
<patdk-lap> twb, what ones? I have 6
<patdk-lap> 10 that is I mean
<twb> patdk-lap: well they're lighter again, is all
<patdk-lap> na, these hitachi drives are almost the same :)
<patdk-lap> my current server builds involve 22 disks, and 4 ssd's
<qman__> it's not big or fast, but it doesn't need to be, it just needs to work, the raid 6 is still the performance bottleneck
<twb> That's because raid6 is a shitty algorithm
<qman__> mine's got 11 in the raid, 1 spare, and the IDE /
<twb> Necessarily so, of course, but I'll stick to raid1 unless I actually need to extra capacity
<patdk-lap> this are raid10 systems
<qman__> next time I put real money into it I'm getting one of those 20+ hot swap 4Us and doing it up right
<qman__> it's in a mid tower right now
<patdk-lap> norco rpc4220
<patdk-lap> 20 disks, and I shove 6 ssd's in the top area
<twb> patdk-lap: how does that 4u hook up to the computer?
<qman__> I started with a microATX emachine and some creative drilling and erector set
<patdk-lap> twb, normal cables?
<twb> So what, a shitload of esata?
<qman__> this case actually fits all the drives, but it's crammed with cables
<patdk-lap> what? who uses esata?
<patdk-lap> sff8087
<twb> patdk-lap: you were talking about having a 4u unit to house all the disks, so I don't see how that would connect to a (presumably separate) rackmount server
 * twb looks up that string
<patdk-lap> easy, install motherboard in case :)
<patdk-lap> plug in sas cable
<patdk-lap> well 5x sas cables
<twb> 5 SAS cables for 20 drives?
<patdk-lap> one sas cable does 4 disks
<patdk-lap> so 5x4 = 20 :)
<twb> Good to know
<twb> My exposure to SAS is mostly "fuck that, SATA is good enough"
<twb> Unless $boss is in "gouge the taxpayers" mode
<qman__> first iteration: http://qman.strangled.net:8080/pics/fileserver/0119080025.jpg    current: http://qman.strangled.net:8080/pics/ryan/fileserver13drives/2011-06-25%2022.42.58.jpg
<patdk-lap> now if you wanted external storage: SC847E16-RJBOD1
<patdk-lap> connect with 2 sff8088 cables (external sas cable)
<twb> "They'll never believe we can run this off a pair of mdadm RAID1'd 2TB SATAs, so we will be using hw RAID5 of four SATA plus another hw RAID1 SATA for the actual real data"
<twb> Sigh
<patdk-lap> hmm, I just run sata over sas cables
<qman__> yeah, that's what I have with my new card
<patdk-lap> keeps the cable clutter down
<qman__> but it actually doesn't keep my clutter down, because they're like 3 feet long
<qman__> and my case needs like 6" cables
<patdk-lap> I have a bunch of 12", 18" and 24" ones
<qman__> that power supply popped the other night, replacing it is going to be a real pain
<patdk-lap> heh, it's not good to run sata over 3' cables
<patdk-lap> oh, 3' is the sata limit
<twb> 3' eh
<patdk-lap> so sas is good for 6' (if using real sas drives)
<twb> Oh for the cable, nm :-)
<ruben23> hi guys any help how do i setup on my ubuntu server apache web with commercial ssl certificates..? any guide
<linocisco> hi
<twb> ruben23: define "commercial"
<linocisco> can ubuntu server make unmanaged switch to managed switch like adding VLAN feature?
<linocisco>  can ubuntu server make unmanaged switch to managed switch like adding VLAN feature?
<kaspir> I can't seem to get ubuntu to share a folder over a network. Do I need to have a server computer to do this?
<RoyK> kaspir: there's no such thing as a 'server computer' ;)
<kaspir> RoyK: A computer running the server edition of Ubuntu if you will
<RoyK> kaspir: ubuntu server is mostly about stripping away unwanted stuff like X, gnome etc
<RoyK> and using a *slightly* different kernel
<fluvvell> You want samba server package running on your computer kaspir
<kaspir> fluvvell: I sudo apt get'd samba and it didn't seem to change anything at all
<koolhead17> jcastro, around
<fluvvell> kaspir, you need to know which folders you want shared on your local network
<kaspir> RoyK: Thx for the explanation
<kaspir> fluvvell: I do. I just want to share one folder over a network. Like a free dropbox just on my network
<twb> IIRC recent nautilus has a context menu "share this folder" which internally uses samba
<linocisco>  can ubuntu server make unmanaged switch to managed switch like adding VLAN feature?
<twb> But questions about that should be directed to #ubuntu unless you specifically have a problem with the samba part
<twb> linocisco: no.
<fluvvell> kaspir, to know is to understand. Much of peoples ideas about server technology is wrongly attained from windows.
<twb> linocisco: unless you can somehow install ubuntu on the unmanaged switch
<fluvvell> kaspir, if you're using ubuntu desktop, you can right click on a folder to access sharing options
<kaspir> fluvvell: unfortunately i have absolutely no knowledge of server
<twb> linocisco: linux *can* perform 802.1Q tagging, but this will not help you unless the other computer(s) can also untag.
<fluvvell> kaspir, join #ubuntu
<kaspir> fluvvell: i did the right click, and it just gave me ghosted options
<linocisco> twb, if all computer network card support vlan tagging, is it ok?
<twb> linocisco: it's an OS issue, not a hardware issue
<fluvvell> kaspir, as twb is suggesting, this is the more dedicated ubuntu-server channel. but pm me
<kaspir> ok sorry guys
<linocisco> twb, i dont understand
<twb> linocisco: and all the OSs would have to be told like "act as if you are on vlan 3"
<kaspir> fluvvell: the list of user online isn't showing up on the right can you pm me plz?
<twb> So if you want a managed switch for security, i.e. to lock some machines into a separate virtual switch segment, this will not help you, because anyone who controls those computers can simply configure them to be on a different virtual segment
<linocisco> twb, if we use cisco managed switches, OS of clients can vary. connected devices are divided according to different  VLANs just through the config on switch
<twb> linocisco: yes, this is the difference between managed and unmanaged switches
<twb> linocisco: if you have an UNmanaged switch, you cannot do much -- only what I described above
<linocisco> twb, this is what  i was thinking to make sure
<RoyK> [  185.040107] bonding: bond0: link status definitely up for interface eth1.
<RoyK> "definetely", "no doubt about that", "sure"
<lynxman> morning o/
<uvirtbot> New bug: #978698 in postfix (main) "sqlite maps are broken in postfix 2.9.1-2" [Undecided,New] https://launchpad.net/bugs/978698
<uvirtbot> New bug: #978708 in puppet (main) "[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989" [Medium,Confirmed] https://launchpad.net/bugs/978708
<jamespage> smb, Daviey poked me about something you needed sponsoring?
<smb> jamespage, that likely is the iscsitarget thing... a sec
<smb> https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/882540
<uvirtbot> Launchpad bug 882540 in iscsitarget "kernel crash whenever it is accessed" [Medium,In progress]
<smb> jamespage, I got a debdiff attached to the bug report that adds a patch backported from the upstream repo
<Daviey> smb: turns out i suck.
<smb> Daviey, Or being overworked :)
<Daviey> smb: something like that i guess :)
<jamespage> smb, OK - looking now
<jamespage> smb: I'm assuming that you have tested this?
<smb> jamespage, not personally as it did not happen in my testing. but comment #7 say it worked for someone affected
<smb> jamespage, For me it still worked (with or without the change)
<jamespage> smb, right-oh - uploading now.
<jamespage> smb, done
<jamespage> pending approval from release team....
<never2far> when i'm trying to do cobbler list i get: httpd does not appear to be running and proxying cobbler
<never2far>  i'm following this tutorial: http://cloud.ubuntu.com/2011/09/oneiric-server-deploy-server-fleets-p2/
<smb> jamespage, thanks. of course. by now
<ikonia> never2far: silly question, but is httpd actually running ?
<never2far> yup
<never2far> root@ubuntu-lan:~# service apache2 status
<never2far> Apache2 is running (pid 2471).
<ikonia> I'm assuming it's using mod_proxy for the proxying ?
<linocisco> ok
<never2far> i haven't changed anything ...just apt-get install ubuntu-orchestra-server
<ikonia> worth looking what it thinks should be doing the proxying
<never2far> ikonia, thank you i'll try to find more info about mod_proxy
<ikonia> never2far: (I'm only guessing it's mod_proxy - but it seems a logical assumption)
<never2far> ikonia, i fixed my problem using dpkg-reconfigure cobbler
<never2far> thx for advices
<ikonia> no problem
<ikonia> never2far: out of interest did anything change in the config ?
<never2far> ikonia, yes the internal ip was a wrong one
<ikonia> ahh
<ikonia> simple enough error
<pawdro> hello, is it possible to install postgresql (v. 8.4) in Pangolin? I suppose I have to do it by manually downloading packages from oneric ?
<pangolin> !crossposting | pawdro
<ubottu> pawdro: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.
<pangolin> pawdro,  you were told that 12.04 is only supported in #ubuntu+1
<Riddell> ec2 question: is it possible to change the security group on a machine after it has been launched?
<lynxman> Riddell: unfortunately it's not possible, you'll have to snapshot it into an AMI or an EBS image and launch a new one
<Riddell> lynxman: hmm those sound like useful things to learn about
<lynxman> Riddell: if your instance is not EBS rooted this is a pretty good tutorial http://alestic.com/2009/06/ec2-ami-bundle
<lynxman> Riddell: have in mind that creating your own AMI will consume space on S3
<Riddell> lynxman: why are some instances EBS and some not? (or is that a question with a complex answer?)
<lynxman> Riddell: it really depends on what you want from your instance, having an EBS root based instance gives you persistent storage, that's good for some kind of machines that are not design to be rebuilt quickly, let's say a database or some kind of complicated app server (as examples)
<lynxman> Riddell: whereas memory based instances don't have persistent storage, so you can spawn a lot of them very quickly and template them up using some solution like juju or puppet or chef, then a regular not ebs rooted based instance is the right thing for you, since if the instance dies and all the data from that instance goes away you don't mind
<Riddell> gosh lots to learn with this cloud stuff
<lynxman> Riddell: lots of little concepts, once you get the gist of all of them it's pretty sweet actually :)
<zul> good morning
<lynxman> zul: morning sir
<Debru> Ubuntu server is just comandline?
<sw> Debru: unless you install a GUI
<Debru> sw: what is suggested for speed, to install ubuntu desktop or server with gui..?
<sw> Debru: it's quite simple. do you need a desktop computer, or a server computer?
<sw> Debru: if you want something minimal, then there's a !minimal version of Ubuntu that might suit you ...
<sw> !minimal | Debru
<ubottu> Debru: The Minimal CD image is very small in size, and it downloads most packages from the Internet during installation, allowing you to select only those you want (the installer is like the one on the !Alternate CD). See https://help.ubuntu.com/community/Installation/MinimalCD
<Debru> sw want somethin what uses less resources and what can be customized to my needs
<sw> Debru: use !minimal then, and install only what you need
<Debru> sw one more question what is difference if i install 10.04 or 11.04? after update to 12.04 both will be supported LTS?
<sw> Debru: 12.04 will be LTS for 5 years (desktop + server)
<ogra_> you can not update directly from 11.04 to 12.04
<ogra_> (needs an update to 11.10 first)
<Debru> yes, but if i update 11.10 to 12.04 will it be LTS?
<ogra_> it will be 12.04 ... which will be LTS, yes
<Debru> ogra_, so i dont see any difference wich version i take now.. :P
<sw> Debru: well one is old, and one is new - quite simple
<Debru> but all can be updated to 12.04 and all get LTS..
<ogra_> one might have different ways to configure stuff than the other
<sw> Debru: 11.10 and upgrade to 12.04 when it's released
<Debru> ogra_, yes, from that side..
<Debru> ok thanks for your help..
<acicula> ipv6 addresses are assigned automatically for my server, but overtime i accumulated 6/7 ipv6 addresses though all with the same shared prefix. anyone who can point me to a doc on ipv6 that explains this behaviour?
<melter> anyone know why on precise server beta 2, when i run "apt-get remove g++", it fails with the error "g++ is already the newest version"?
<sw> melter: #ubuntu+1
<robo_> hello: I'm seeing something strange. cat /proc/swaps shows nothing yet I have a swap partition defined in /etc/fstab. Any ideas on things to check?
<robo_> i guess i can just run swapon, but i'm trying to figure out why it's not showing up, or why it disappeared
<robo_> actually, swapon failed, heh
<jamespage> lamont, is the sqlite fixup for postfix in 2.9.1-3 going to make it for precise final freeze?
<iclebyte> is there a method to disable IPv6 on a specific interface in a machine with multiple nics?
<lamont> jamespage: yes
<jamespage> lamont, \o/ thanks
<lamont> I'll upload it today and ScottK tells me he'll smack it through the process
<lamont> jamespage: if you wanna help me even more, bug 970921 just needs someone  to clone the reporter's main.cf (and fix whitespace cut-n-waste issues), and demonstrate the failure in a chroot, followed by maybe actually figuring out wtf it's doing that
<uvirtbot> Launchpad bug 970921 in postfix "Postfix 2.9.1 Crashing with Signal 6 - Postfix 2.8.5-2 works perfectly" [Undecided,Incomplete] https://launchpad.net/bugs/970921
<jamespage> lamont, lemme take a look
<lamont> I want to have that in there, even if it winds up being in -4 tomorrow or some such
<shauno> iclebyte: you're probably looking for /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
<lamont> jamespage: I'm just a bit timepressed today wrt working on distro stuff
<jamespage> lamont, I'll look at it now while I wait for php5 to build
<lamont> a
<lamont> ta
<robo_> hmm, this is weird. swapon: cannot find the device for UUID=fe038e8e-382e-4828-869e-8de7d86eacf5 and blkid doesn't show the swap partition either. I'm perplexed.
<ikonia> robo_: does fdisk show a swap partition ?
<robo_> ikonia, good call. No it doesn't. I get an error Disk /dev/sdb doesn't contain a valid partition table
<robo_> well, that's why. I wonder what the heck happened
<robo_> ty for that breadcrumb ikonia
<ikonia> not at all, sometimes the obvious stuff is easy to miss
<raubvogel> iptables question: I am trying to check the rule in my forward chain.
<raubvogel> So I do iptables -L FORWARD and my rule shows as "ACCEPT     all  --  anywhere             anywhere"
<raubvogel> Now, I know I have defined I want it to use eth1 and the input and eth0 as output. How can I see that?
<hallyn> stgraber: d'oh.  lxc-init is linked against libapparmor1.  It doesn't need to be.  Fixing that would require splitting out the functions it uses into their own source files I assume.
<raubvogel> NVM -v did the trick
<raubvogel> Well, I see the rule now: ACCEPT     all  --  eth1   eth0    anywhere             anywhere, but it does not work
<gary_poster> hallyn, re lxc-ip: we are tempted to write the script in Python rather than bash.  We expect to call out to host via subprocess (e.g., in Python we will parse the output of "host NAME DNSSERVER").  We can of course do it in bash instead.  Would writing it in Python make it less likely that it could be included in the lxc package?  If so, we'll go with bash.
<ealexmp> hola buenos dias a todos
<ealexmp> alguien me podria ayudar
<ealexmp> no puedo hacer que ubuntu levante con raid1 por hardware
<ealexmp> alguien tiene algun manual paso a paso de como instalar ubuntu server haciendo raid1 por hardware
<Jeeves_> English would help :)
<ealexmp> mi controladora raid es perch700 de dell, tengo un servidor intel xeon de 2.4 el dell es r510
<ealexmp> spok spanish or engleash
<ealexmp> help
<jpds> !es | ealexmp
<ubottu> ealexmp: En la mayorÃ­a de los canales de Ubuntu, se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol entre al canal #ubuntu-es; escriba "/join #ubuntu-es" (sin comillas) y presione intro.
<hallyn> gary_poster: no objections to python :)  or go for that matter
<gary_poster> hallyn, :-) cool
<hallyn> gary_poster: i'd frankly like to rewrite a bunch of it in python or go
<gary_poster> sounds great to me
<ealexmp> ubottu: no sabes de algun manual con raid por hardware para ubuntu
<ubottu> ealexmp: I am only a bot, please don't think I'm intelligent :)
<sw> !sp | ealexmp
<sw> !spanish | ealexmp
<ubottu> ealexmp: En la mayorÃ­a de los canales de Ubuntu, se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol entre al canal #ubuntu-es; escriba "/join #ubuntu-es" (sin comillas) y presione intro.
<ealexmp> what
<ealexmp> someone manual in english
<ealexmp> now yes
<uvirtbot> New bug: #978961 in keystone (universe) "add release note that OpenStack should be used on a protected network (dup-of: 978963)" [High,Triaged] https://launchpad.net/bugs/978961
<uvirtbot> New bug: #978963 in keystone "add release note that OpenStack should be used on a protected network" [High,Triaged] https://launchpad.net/bugs/978963
<xranby> ealexmp: https://help.ubuntu.com/11.10/serverguide/C/advanced-installation.html
<Guest91689> I have forgotten my password and my user name for my samba folder, how to recover?
<tgardner> is there a reason why cobbler precise-x86_64-auto formats root as ext3 ? why not ext4 ?
<smb> tgardner, I suspect that depends on the seeds...
<tgardner> smb, well, yes. but _why_ is it ext3 ?
<smb> tgardner, I think not in mine...
<smb> tgardner, which kickstart template is used on your system?
<smb> Hm, I see there is a server seed using ext3 and the orchestra seed is using ext4
<tgardner> smb, it says this in the web page: /cblr/svc/op/ks/profile/precise-x86_64-auto . Where does that exist on the server? All I can find are /var/lib/cobbler/kickstarts
<smb> tgardner, I usually look at the web interface on the profiles
<smb> tgardner, Doh and -auto would use the ext3 as well... I just use the non-auto version and my own seed... :/
<tgardner> smb, so it ultimately resolves to /etc/cobbler/ubuntu-server.preseed which has ext3 as the root fs format.
<smb> yes
<tgardner> that default seems bogus to me
<smb> tgardner, I wonder whether that is some sort of neglected bastard child config...
<tgardner> smb, the other thing that preseed is missing is $SNIPPET('orchestra_proxy')
<tgardner> or kickstart, rather
<smb> tgardner, It looks quite old actually...
<smb> some late greetings from kirkland... ;)
<lynxman> SpamapS: whenever you're around, found the issue
<SpamapS> lynxman: what was it?
<SpamapS> lynxman: I am at the largest annual gathering of mysql professionals in the world.. so if you need help, I can find it. :)
<lynxman> SpamapS: it was due to a couple of phased out configuration parameters from 5.1 to 5.5, when running mysqld standalone it complains about these config parameter then exits non-zero, upstart doesn't have that in mind and the error was cryptic
<lynxman> SpamapS: oooh have fun :D
<lynxman> SpamapS: maybe it would be convenient to add that to the upstart script somehow? A small config sanity checker of sorts
<zul> SpamapS:  can you go beat oracle for security stuff please :)
<SpamapS> zul: I plan to
 * SpamapS goes to keynotes
<zul> SpamapS:  goody
<lynxman> zul: beating people for security stuff is always the first choice amongst packagers ;)
<adam_g> jamespage: ping
<jamespage> adam_g, pong squid3?
<adam_g> jamespage: yea, given it any more thought? was gonna take a crack at that today with some other packaging things
<jamespage> adam_g, I did quite a bit of thinking but I've not come up with any miracle solutions I'm afraid
<jamespage> whichever way we cut its its not going to work for someone.
<adam_g> jamespage: my original idea was to find the version of squid we're upgrading from, compare on-disk config hash with the hash that was shipped for that version (they arent conffiles so dpkg can't be queried for that, hence that list i showed you last week), and warn users of potential conflicts/problems and to investigate
<adam_g> jamespage: perhaps give them the option of migrating the config to the new location?
<jamespage> adam_g, I think that is the best approach we have - there will still be edge cases where people have not taken -updates....
<jamespage> adam_g, I think we should preserve the old config file if it has been changed - but I don't think we should drop it into the squid3.conf location
<jamespage> I think informing the user that they need to review and update to squid3 is the right way to go in that scenario
<jamespage> good release notes :-) and NEWS.
<adam_g> jamespage: AFAICS, the default config file has is the same for all versions of a distro release and doensn't change per-build
<adam_g> Daviey: thoughts?
<adam_g> ^
<jamespage> adam_g, well that makes things easier
<adam_g> those are the hashes going back to lucid. i can get earlier ones if we need http://paste.ubuntu.com/925109/
<jamespage> adam_g, although I think the opportunity to display information during a release upgrade is somewhat limited.
<Daviey> adam_g: yeah.. a note and release notes is perfect for that IMO
<jamespage> adam_g, Daviey: so I think this is what we are proposing
<Daviey> superb
<jamespage> if hashes match on old file - i.e. default config - all is good in the world - no further action required
<jamespage> if the config has been changed - preserve it but don't overwrite the default config shipped with squid3
<jamespage> does that sounds about right
<jamespage> oh - and write a good release note :-)
<adam_g> jamespage: so forget about popping up a dialague?   i seem to remember thats bad form unless theres actually some choice for the user, eg not a warning
<Daviey> +1
<jamespage> yep
<adam_g> ok
<jamespage> adam_g, put something in NEWS about upgrading from squid2
<jamespage> probably the same text as the release note.
<Daviey> http://www.debian.org/doc/debian-policy/ch-binary.html#s-maintscriptprompt
<jamespage> lamont, I've been scratching at the postfix bug on-and-off all afternoon but I've not been able to reproduce
<micahg> could I get a puppet "expert" to look at https://bugs.launchpad.net/lucid-backports/+bug/978571/comments/2, I just want to know if the comment at the end is something we need to worry about
<uvirtbot> Launchpad bug 978571 in natty-backports "Please backport puppet 2.7.1-1ubuntu3.6 (main) from oneiric-security" [Undecided,New]
<lamont> jamespage: well, that's maybe a good thing... dunno
<jamespage> lamont, hmm - not sure - quite a few people reporting the same issue.
<lamont> jamespage: that was what I did not want to hear
<lamont> I'll spin up a text instance tonight then
<jamespage> lamont, quite a few = 3 people on that bug report....
<lamont> "sufficent" == ">1"
<hallyn> jjohansen: have you had a chance to test the apparmor+upstart changes for containers?
<jjohansen> hallyn: I am going through testing a set of changes including those, so far things look good
<hallyn> jjohansen: ok, thanks
<jjohansen> hallyn: and thanks for doing the patch, I ended up have car issues last night and not getting back until late, so it really saved me :)
<hallyn> i guess thank your car for having the issues now and not in 10 days :)
<sbeattie> hallyn: I've tested a tweaked version of the apparmor init script outside of a container to make sure things didn't break, and incorporated it into what's going to go into the next apparmor upload (today) at https://code.launchpad.net/~sbeattie/apparmor/apparmor-precise
<sbeattie> (I adjusted the reported strings and made the if-level only one deep)
<hallyn> sbeattie: cool, thanks.  suppose we need to beg someone else to dput upstart
<hallyn> cool
<sbeattie> yes, should run it by slangasek, I think.
<hallyn> somehow tests in dash and bash always treat me wrong, so i'm very conservative :)
<sbeattie> ah, heh, that's not a bad thing.
<kaspir> could somebody please help me with a reinstall issue. I installed samba through the terminal and was configuring. I messed up configuration, didn't know how to fix it so I uninstalled, and reinstalled. It still had the messed up configuration so I uninstalled and manually deleted from /etc. Now upon install no folders or files installed in /etc
<rbasak> kaspir: sounds like you need to purge the package rather than just remove it. The former removes configuration files; the latter does not.
<kaspir> rbasak: no i did that
<kaspir> rbasak: sudo apt-get --purge remove samba # command i used
<someone34242> hello
<someone34242> could someone help me with this tutorial
<someone34242> http://ubuntuforums.org/showthread.php?t=236093
<someone34242> i wanna set bind for my domain, but i don't know how
<someone34242> i already buy domain and i have settings for two ip's
<someone34242> how to set those two IP's on my server
<someone34242> ?
<jjohansen> stgraber: heads up, the deny mounts fix will not make freeze, there are some last minute semantic tweaks happening around 'in' and having multiple option= statements on the same line, that necessitate changes in the deny mounts patch as well.
 * jjohansen is really sorry but doesn't see a better option atm
<smoser> utlemming,
<smoser> precise-server builds are failing
<smoser> needs fixing
<smoser> i believe ev is responsible for whoopsie, which is what is causing issues
<utlemming> smoser: looking now...
<smoser> can you chase that for me?
<utlemming> smoser: it was on my todo list today anyway
<utlemming> smoser: working on it
<uvirtbot> New bug: #856067 in txaws "s3/client.py should not depend on epsilon library" [Low,Fix released] https://launchpad.net/bugs/856067
<uvirtbot> New bug: #862595 in txaws "terminate_instances raises NoneType not iterable on machine shutdown with Openstack" [High,Fix released] https://launchpad.net/bugs/862595
<uvirtbot> New bug: #912607 in txaws "zope.datetime should be dropped in favor of dateutil" [Low,Fix released] https://launchpad.net/bugs/912607
<smoser> utlemming, background is that ev recently added whoopsie to the server seed.
<smoser> where recently == after last successful build
<utlemming> ah, okay, I was wondering where that came from
<jkyle> I can't find the equivalent of a netinstall image or a business card image for ubuntu server, are these minimal images provided?
<xr1rr> is there a terminal command for finding out what type of server a website is running
<lynxman> xr1rr: could you be more specific? Type in OS, CPU, memory...?
<xr1rr> lynxman: Yes OS
<xr1rr> i.e. Ubuntu.. Apache
<lynxman> xr1rr: if it's a linux or unix kind /etc/issue should have the version running
<rockets> What's the proper way to set the FQDN of an ubuntu server host? (i cant do it via dhcp in this case)
<rockets> i know i can set the hostname in /etc/hostname but what about the rest of the fqdn
<xr1rr> lynxman: can you get this info from a domain name
<jkyle> xr1rr: nmap
<jkyle> xr1rr: or do you mean from the local shell?
<xr1rr> jkyle: for example if I wanted to find out the server OS of somewebsite.com
<patdk-wk> ask it's webbrowser :)
<rockets> IT IS WEB BROWSER
<lynxman> xr1rr: hostname --fqdn
<xr1rr> patdk-wk: can you explain ;)
<patdk-wk> you can only find out, what they tell you
<patdk-wk> you can attempt to infer all you want though
<xr1rr> ok
<rbasak> jkyle: http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/ or s/precise/oneiric/ or lucid as needed.
<jkyle> xr1rr: nmap
<xr1rr> jkyle: ok i'll try
<jkyle> rbasak: those are netinstalls for pxeboots
<jkyle> xr1rr: http://nmap.org/book/osdetect.html
<jkyle> wait, mini.iso looks promising
<rbasak> jkyle: I'm not sure mini.iso is. I think you can install from that without pxe
<jkyle> streaming those nigh 1gb images over wan for remote installs is overkill
<uvirtbot> New bug: #979223 in etckeeper (main) "etckeeper tries/fails to autocommit on clean trees with shelved changes" [Undecided,New] https://launchpad.net/bugs/979223
<gary_poster> hallyn, I have reason to suspect that sem_open is broken in lxc (ENOSYS).  I need to write a simple C program to verify, but does this wring a bell at all?
<gary_poster> heh, or ring
<hallyn> no, neither
<hallyn> ENOSYS...  is this i386 on amd64?
<hallyn> gary_poster: maybe you need access to /dev/shm?
<gary_poster> hallyn, it is a 4 bit machine; uname -a saus i686
<hallyn> gary_poster: mount | grep shm ?  should have a tmpfs on /dev/shm
<hallyn> awesome
<gary_poster> heh 64 bit machine
<hallyn> host is i686, or only the lxc container?
<gary_poster> mount | grep shm shows nothing hallyn
<gary_poster> host and container are 64 bit
<hallyn> gary_poster: guessing that is the problem
<gary_poster> this is happening locally on my machine and on a ec2 instance
<hallyn> gary_poster: can you add an entry to /var/lib/lxc/<container>/fstab
<hallyn> none /dev/shm tmpfs defaults 0 0 or something
<gary_poster> ack
<hallyn> if that works we'll need to do it in the templates
<gary_poster> hallyn, no initial slash so "none dev/shm tmpfs defaults 0 0" yeah?  trying
<hallyn> good point :)
<gary_poster> hallyn, that fixed it
<gary_poster> hallyn, want me to file a bug just to help out with bookkeeping, or not bother?
<hallyn> gary_poster: thanks, I'll get that fixed in the templates
<gary_poster> cool thank you
<hallyn> gary_poster: sure, that'll look less fishy :)  thanks
<hallyn> (keep the release team from thinking i'm trying to trick them)
<RoyK> WARNING: 27.37ËC > 25ËC <-- Datacentre is getting cozy...
<gary_poster> lol
 * RoyK just got to work and is in a foul mood
<gary_poster> hallyn, bug 974584
<uvirtbot> Launchpad bug 974584 in lxc "Semaphores cannot be created in lxc container" [Undecided,New] https://launchpad.net/bugs/974584
<hallyn> gary_poster: thanks
<gary_poster> welcome
<uvirtbot> New bug: #974584 in lxc "Semaphores cannot be created in lxc container" [Undecided,New] https://launchpad.net/bugs/974584
<hggdh> is there a channel for MAAS?
<hallyn> gary_poster: well fooi.  it's not so simple
<hallyn> stgraber: containers have a problem with /dev/shm.
<stgraber> hallyn: /dev/shm pointing to /run/shm which doesn't exist?
<gary_poster> hallyn, darn
<hallyn> ok
<stgraber> (I saw that case a couple of times but didn't have time to track it down and didn't seem like it was always happening for me)
<hallyn> stgraber: not quite.  /run/shm is fine.  but /dev/shm exists as a file, so the initscript doesn't create it as a symlink to /run/shm
<stgraber> hallyn: oh, that's the source of the issue! what's creating it as a file?
<hallyn> dunno
<hallyn> (sorry, network keeps stalling here)
<stgraber> I can't see any case where it'd make sense for it to be a file, a directory makes sense, a symlink does too, but a file ... besides using it as a target for a bind mount, I don't see what that'd do
<hallyn> stgraber: sorry a regular dir
<hallyn> it's waht debootstrap creates...
<stgraber> hmm, ok, so just remove it and replace with a symlink then?
<hallyn> stgraber: do that where?  in our template?  or in mounted-dev.conf?
<hallyn> curse /run
<stgraber> hallyn: actually the problem is likely initscrips postinst
<hallyn> which should convert it?
<stgraber> hallyn: from what I read in /var/lib/dpkg/info/initscripts.postinst
<stgraber> hallyn: it's a bit unclear really, but there's code in there to ln -sf it as well as code to make it a directory, so I'm a bit confused :)
<thesheff17> do people that maintain the ec2 ami for ubuntu hang out here or is that another room?
<hallyn> stgraber: oh i get it
<hallyn> stgraber: in non-chroot, mount -bind /run/shm to /dev/shm, and /dev will be re-created (so shm go away) on reboot
<hallyn> stgraber: in chroot, don't bother  with the bind mount (bc it wn't go away cleanly) just ln s-sf
<hallyn> question is, why aren't we being treated as a chroot?
<hallyn> so if we got a clean /dev on reboot of container, we'd be fine
<hallyn> (maybe, iiuc :)
<hallyn> oh yeah, and since dev isn't a separate fs from /, it does the mkdir on line 290
<hallyn> 390
<hallyn> thesheff17: you want utlemming or smoser i think
<utlemming> thesheff17: what's up?
<thesheff17> sun-java6-jdk isn't found even though I add partner mirror.
<thesheff17> us-east-1e ami ami-0baf7662
<hallyn> stgraber: oh wait!  mounted-dev never even runs bc we don't mount /dev
<smoser> thesheff17, nothing to do with the mirror unfortunately.
<smoser> but more to do with the partner
<smoser> i think you'll need to call Mr. Ellison.
<gary_poster> heh
<thesheff17> this worked on previous ami :)
<smoser> thesheff17, no. it worked at a previous point in time.
<smoser> https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001528.html
<thesheff17> ah ok thanks
<thesheff17> didn't see thise
<smoser> it sucks.
<utlemming> smoser: thanks, you beat me to that link
<smoser> there are ways around it.
<smoser> but i will leave yo to google that.
<thesheff17> hehe ok thanks
<hallyn> stgraber: it seems like the code starting on line 390 in the psotinst is legacy
<hallyn> the /dev/shm dir/symlink will always exist by then
<hallyn> unless i'm missing some conditional somehwere
<hackeron> hey, I have Lucid installed, I want to upgrade to the next releast, I have Prompt=normal in /etc/update-manager/release-upgrades, I did apt-get update, but do-release-upgrade -d shows No new release found :/ - what am I doing wrong?
<uvirtbot> New bug: #979414 in juju (universe) "juju bootstrap failed - 12.04 beta" [Undecided,New] https://launchpad.net/bugs/979414
<tnachen> hi all, I wonder if someone can help me figure out a problem with libvirt and virsh
<tnachen> currently I'm just trying to run virsh but any virsh command will just hang forever unless ctrl+c
<tnachen> I'm on precise 12.04
#ubuntu-server 2012-04-12
<dougwt> I apologize in advance if this is the wrong place to ask this type of question, but I am trying to setup my first Apache server on Ubuntu and am a bit confused about what permissions I should be using. I've got multiple VirtualHosts setup. Should the document roots be chowned to the user and his group, or do I need to chown them to www-data?
<qman__> dougwt, www-data is what apache runs as, so in order to serve pages, www-data needs read access
<qman__> www-data should not have write access unless specifically required by your application, and when it does, it should be carefully limited
<dougwt> qman__: Thanks. So it'd be fine to keep the document root and it's filed chowned to the user with 755/644 permissions respectively?
<dougwt> its files*
<qman__> yes
<dougwt> great
<dougwt> thanks again
<redact3d> hi anyone guy the latest source of xymon compiled and working?
<twb> Never heard of it
<redact3d> network monitoring system - think nagios but easier to configure
<jamespage> lynxman, do you use racoon?
<lynxman> jamespage: hmm nope :)
<jamespage> lynxman, bah - was hoping to palm something off onto you :-)
<lynxman> jamespage: lol, I used to though, so you can still handle it to me
<jamespage> lynxman, ever see this bug 972786
<uvirtbot> Launchpad bug 972786 in ipsec-tools "racoon does not bind to interfaces brought up afterwards" [Medium,New] https://launchpad.net/bugs/972786
<lynxman> jamespage: will give it a go today :)
<jamespage> ta
<jamespage> lynxman, actually that was not hard to test
<jamespage> works for me in precise
<jamespage> i.e. bind to new interfaces.
<lynxman> jamespage: heh :) it's one of its basic operations, you want to take it then?
<jamespage> lynxman, I don't actuall think its a bug - I could not reproduce with the stock configuration
<jamespage> lynxman, don't worry about looking at it.
<lynxman> jamespage: I'll tackle it after lunch so just let me know :) need to be copywriting now
<jamespage> lynxman, thanks for the offer - I'm sure I'll find something more important for you todo during triage today
<jamespage> enjoy copywriting
<lynxman> jamespage: :)
<lynxman> jamespage: this whitepaper wont update on its own :D
<Barbo91> Hi guys, first of all, sorry for my english, i'm italian xD Now i explain my problem. First of all i'm on a Ubuntu 10.04 server with openssh,ssl and openvpn. I have to join all the clients that connect on the VPN in the same network. I can do it with bridging, am i right?
<Barbo91> someone that can help me? I need help to configuring the bridge :S
<jamespage> Barbo91, I think you either want to look at https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html#bridging
<jamespage> or you might actually want to look at setting your server up as a router
<jamespage> Barbo91, in which case this https://help.ubuntu.com/community/Router might be useful
<Barbo91> hi jamespage thanks for help, going to read that doc! by the way, the thing that i need is to create a "virtual" eth1 to bridge it, i think
<jamespage> Barbo91, really depends on how your network is setup
<jamespage> I do something similar with IPv6 routing
<jamespage> Barbo91, do you just have a single network interface? or multiple?
<Barbo91> jamespage, i got a single network interface. with a static pubblic IP.
<jamespage> Barbo91, have you read https://help.ubuntu.com/11.10/serverguide/C/openvpn.html ?
<Barbo91> jamespage,  my network is that i got a network with all servers on, and i don't want that clients that connect my VPN see those server. I want to create a "dedicated" private network client-to-client...
<jamespage> Barbo91, You might be able todo that with openvpn plus bridges - but ufw might help there as well
<Barbo91> i tried to create a eth 0:0 and bridge it, when i launched the script to create bridge, the interface 0:0 was deleted and the bridge was created on the eth0 and i closed my ssh connection -.- closed out of my own server xD
<Barbo91> jamespage, already got a "hardware" firewall on my net
<uksysadmin> hey all - can anybody here help with maas? I'm getting  a "Bad archive mirror" message but the pxe booted machine seems to be able to get to the right places...
<uksysadmin> (on ubuntu 12.04 b2)
<jamespage> Barbo91, yeah - but the VPN penetrates that so you openvpn server can act as a soft firewall between your clients and your server network
<jamespage> uksysadmin, is that really early during the install process?
<Barbo91> jamespage, yeah ur right! didn't thinked about it O.O thanks!
<jamespage> lamont, would a sync of bing9 1:9.8.1.dfsg.P1-3 be a good idea today?
<Barbo91> jamespage, thanks for all your help, now i'm going to read the docs u linked me then i will write back soon if i need help!! Newbie network administrator here :P
<jamespage> Barbo91, np - you are welcome!
<uksysadmin> hi jamespage - yes its just after the kernel messages and about to commence the install
<jamespage> uksysadmin, wget calls?
<uksysadmin> I've got a console up and can perform the wget it wants
<uksysadmin> yes
<jamespage> uksysadmin, OK - I think I've seen this to - but can't reproduce at the moment
<jamespage> I believe that the wget calls made by the installed route through the squid-deb-proxy on the MAAS server
<jamespage> and its got stuffed in some way I don't understand
<uksysadmin> ok - I'll take a look around
<uksysadmin> jamespage, yes I'm seeing 403 Forbidden messages in syslog...
<akoma1s_> hello, how can I do something like 'if lsacpi | grep VBOX; then set default=3; fi' in grub.cfg?
<uksysadmin> and given my test network falls outside a "localnet" default address range could be the reason
<jamespage> uksysadmin, odd -lemme look at my setup here
<jamespage> uksysadmin, have you got the exact URL that is failing?
<uksysadmin> http://archive.ubuntu.com/ubuntu
<uksysadmin> I can see the wgets going this URI /ubuntu/dists/precise
<jamespage> uksysadmin, does it fail in choose-mirror?  I think that is where I saw the issue
<uksysadmin> yes
<jamespage> uksysadmin, any more info in those 403 messages?
<uksysadmin> just looking through syslog now
<jamespage> uksysadmin, /var/log/squid-deb-proxy might have a bit more in it
<uksysadmin> ah, think I've found *my* issue
<uksysadmin> I've a test setup on my desk on 172.15.0.0/16 network
<uksysadmin> and the allowed ranges start from the expected non-internet ranges
<uksysadmin> technically that range is internet
<uksysadmin> I'll re-ip and redo
<uksysadmin> (I'll add this esoteric range though as a test)
<jamespage> uksysadmin, its quite possible I saw an actual network issue
<uksysadmin> jamespage, I can attest to that though.
<uksysadmin> I tried this on a machine in our datacentre and after a couple of re-tries it worked
<uksysadmin> which is on a valid range
<uksysadmin> (btw - after adding in my new IP range, this is installing)
<uksysadmin> cheers for pointing me to the squid-deb-proxy setup though
<uksysadmin> in fact I was doing this on a couple of machines next to me to see what was up with my datacentre set up
<jamespage> uksysadmin, np
<uvirtbot> New bug: #979758 in nis (universe) "package fails to configure on failing to find /etc/init.d/nis" [Undecided,New] https://launchpad.net/bugs/979758
<lamont> jamespage: I would support that
<jamespage> lamont, ack - I'll do the sync now then
<koolhead11> why we dont`t have memcache as dependency with openstack-dashboard?
<koolhead11> i need a workaround of this https://bugs.launchpad.net/ubuntu/+source/openstack-dashboard/+bug/960070
<uvirtbot> Launchpad bug 960070 in openstack-dashboard "Clicking on links within Dashboard sends me back to log in screen" [Undecided,Confirmed]
<koolhead11> if we are not getting memcache as dep for dash/horizon
<zul> jamespage:  racoon and nis is so 19175
<zul> er...1917
<zul> koolhead11: open up an ubuntu task for it
<koolhead11> zul, sorry 4 dumb question but where should i open ubuntu task? launchpad?
<zul> koolhead11: "Also affects distrobution"
<uvirtbot> New bug: #955054 in horizon "Wrong WSGI path in Ubuntu 12.04 B1" [Critical,Fix released] https://launchpad.net/bugs/955054
<uvirtbot> New bug: #968850 in horizon "intermittent errors and login page" [Undecided,New] https://launchpad.net/bugs/968850
<jamespage> zul, lol
<uvirtbot> New bug: #973941 in glance (main) "Recommend the correct package for the glance client" [Medium,Invalid] https://launchpad.net/bugs/973941
<zul> good morning
<Caribou> pmatulis: around yet ?
<uvirtbot> New bug: #979833 in openldap (main) "package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/979833
<alcuadrado> I have to start "mongod --journaling" as a service
<alcuadrado> is there a way to pass arguments to the executable with the command service?
<uvirtbot> New bug: #979838 in openldap (main) "package slapd 2.4.28-1.1ubuntu4 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/979838
<foo> I have user1 who logs into server and starts a screen. I am user2. as user2, I am root. I sudo su - user1. I do screen -x but I get this: Cannot open your terminal '/dev/pts/0' - please check - any ideas?
<jamespage> roaksoax, around? having a few issues with maas/cobber-web not playing nicely
<roaksoax> jamespage: here, what'ss wrong?
<jamespage> roaksoax, OK - so I'm running maas from the PPA and I also have cobbler-web installed on the same server
<jamespage> was working OK but now I get an error accessing cobbler-web
<jamespage> "[Errno 13] Permission denied: '/var/lib/cobbler/webui_sessions/sessionid8ab2bb421d7efeb891e01e619b6b457e'"
<jamespage> roaksoax, I think I know what it is - the maas wsgi stuff now runs as 'maas' user - but the content of that directory is only r/w able by www-data
<roaksoax> jamespage: uhmmm right. Yeah that might be it
<zul> ummm....why is keystone still in universe?
<jamespage> roaksoax, not quite sure what the best fix is...
<jamespage> zul: maybe no-one seeded it yet :-)
<roaksoax> jamespage: yeah, let me give it a spin
<jamespage> roaksoax, wanna bug for that one?
<zul> jamespage:  partially it was
<roaksoax> jamespage: well I don't know whether we should consider it a bug per se (in either side) because if we have MAAS we should not have cobbler-web isntalled, obviously we are not prevented from using it
<roaksoax> jamespage: but pleas,e ifle one. I think it will go away once we ship cobbler inside maas
 * jamespage shudders
<jamespage> OK
<roaksoax> jamespage: uhmmm so the weird thing here is that only the MAAS wsig should run as MAAS user right?
<jamespage> roaksoax, so maas-http.conf sets the user/group config for the WSGI for the server - not just for maas
<roaksoax> jamespage: exactly so that's the issue
<jamespage> roaksoax, I think so
 * jamespage is not a WSGI expert
<roaksoax> jamespage: did you file the bug?
<roaksoax> jamespage: can you provide me wiht the link please?
<jamespage> roaksoax, doing it now - it was in the queue behind one for juju
<roaksoax> jamespage: cool thanks
<jamespage> roaksoax, https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/979899
<uvirtbot> Launchpad bug 979899 in cobbler "cobbler_web unable to access session data due to conflict with maas" [Undecided,New]
<roaksoax> jamespage: cool thnkas
<uvirtbot> New bug: #979899 in cobbler "cobbler_web unable to access session data due to conflict with maas" [Undecided,New] https://launchpad.net/bugs/979899
<hallyn> stgraber: bug 974584, I'm going to just rmdir $rootfs/dev/shm at end of templates.  Do you have a better idea?
<uvirtbot> Launchpad bug 974584 in lxc "Semaphores cannot be created in lxc container" [High,Confirmed] https://launchpad.net/bugs/974584
<hallyn> (Note, /etc/init/mounte-dev.conf is technically wrong, for anyone who uses /dev on a live system as not a separate fs, but I assume we just say we don't support that non-standard config?)
<zul> Daviey: http://paste.ubuntu.com/926472/
<stgraber> hallyn: that's definitely the easiest and the safest change, go for it
<hallyn> thanks, will do.  do you have any other changes to queue up?
<stgraber> it won't fix existing containers, but we didn't get that many reports of the bug for it to be a concern
<stgraber> nope, I've been doing installer stuff lately, no lxc related stuff
<stgraber> make sure you upload before 21:00 UTC though (final freeze)
<hallyn> today???
<hallyn> i thought ff was ina  week
<zul> ditto
<hallyn> i'll leave the workaroudn noted in the bug for ppl who need it for existint containers
<hallyn> zul: joke's on us https://wiki.ubuntu.com/PrecisePangolin/ReleaseSchedule
<zul> hallyn: are you sure?
<zul> FinalFreeze Apr 12
<hallyn> zul: maybe i misunderstood you.  i thought you meant you had been wrongly thinking like me that it was next week
<zul> hallyn: meh :)
<MoleMan> I believe I am recieving a DOS attack in progress, what can I do?
<Jeeves_> Look the other way!
<MoleMan> doesn't help... vnstat is showing 50Mb/s in and 5Mb/s out compared to my other box which is showing  3.3Mb/s in 8 Mb/s out...
<MoleMan> and I don't want to go ask the host for advice because I know that they have a strict 3 strike policy on DoS attacks, and we've had more than that already...
<zul> contact your isp and get them to cut it off
<Jeeves_> MoleMan: What do you do to receive those attacks?
<MoleMan> god only knows... It's gameservers so I would presume a script-kiddy thats upset at getting banned...
<Jeeves_> Ah
<hallyn> stgraber: lucid containers don't have /dev/shm mounted either.  any objections to my adding it back to /lib/init/fstab.lxc?
<stgraber> hallyn: for lucid => natty it should be safe, we did the /run change in oneiric IIRC
<stgraber> hallyn: though I can't see it breaking on oneiric if added to fstab.lxc there too
<hallyn> fooi
<hallyn> lemme try
<hallyn> oddly, in oneiric /dev/shm is correctly created as a symlink
<hallyn> (but /run/shm isnot mounted)
<hallyn> anyway i guess that's SRU material anyway.  i wasn't thinking right
<hallyn> utlemming: do you have a minute?  lxc-create -t ubuntu-cloud -n cloudo1 -- -r oneiric (and -r lucid) are failing for me?
<hallyn> is that a transient ami error?
<utlemming> hallyn: otp...do you have a paste of the failure?
<hallyn> utlemming: http://paste.ubuntu.com/926586/
<utlemming> hallyn: can you kick me a bug and I'll get this hashed out?
<hallyn> utlemming: ok.  it looks ike the problem is just that the template looks for ubuntu-11.10-server-cloudimg-amd64.img:, but
<hallyn> the tarball has oneiric-server-cloudimg-amd64.img
<utlemming> hallyn: that is what my thought was...the naming between dailies and releases changes
<hallyn> feh!
<hallyn> ok, 1 min for bug #
<hallyn> utlemming: bug 979996
<uvirtbot> Launchpad bug 979996 in lxc "ubuntu-cloud template can't find .img" [Undecided,New] https://launchpad.net/bugs/979996
<hallyn> utlemming: I could try it myself, but with final freeze today am afraid i'll mess things up worse than they are.  at least precise ones work :)
<hallyn> utlemming: thanks
<hallyn> stgraber: http://people.canonical.com/~serge/lxc-shm.debdiff
<uvirtbot> New bug: #979996 in lxc (universe) "ubuntu-cloud template can't find .img" [Undecided,New] https://launchpad.net/bugs/979996
<stgraber> hallyn: you realize this means we won't be able to create a Q container on precise and have /dev/shm working?
<hallyn> stgraber: well not without a patch...  ok I should use the release # and >= 12.04?  how can iget that in bash?
<hallyn> substr($release,0,1) <= o? :)
<hallyn> stgraber: well, my hope would be that we could fix initscripts by q :)
<hallyn> feasible?
<stgraber> hallyn: good point, fixing the logic of ischroot/initscripts in Q sounds like a plan :)
<stgraber> hallyn: can you make sure we have a bug (probably against initscripts) for that so we don't forget about it?
<hallyn> stgraber: shall i mark the current bug as affecting initscripts, and leave it open?
<stgraber> I know we have some shell functions to before_release(a, b) but I don't think we ship that by default or even have a standard implementation of it
<stgraber> probably something to get into distro-info
<stgraber> hallyn: yeah, opening an initscripts task would be good
<hallyn> yeah, standard implementation of that woudl be good
<hallyn> hm, manpage of lsb_release says see also lsb(8), which doesn't exist :(
<stgraber> hallyn: won't your change always print an error message? either because it's not a directory or because it doesn't exist (after the rmdir)?
<stgraber> hallyn: the || true avoids the failure but not the error
<hallyn> stgraber: should I shut it up?
<stgraber> hallyn: or is it running early enough in the bootstrap process that the user won't see it anyway?
<hallyn> no it's at the very end of creation
<hallyn> *I* didn't notice it, but some people do like to file bugs about every msg...
<hallyn> lemme check again
<stgraber> hmm, 2>/dev/null would probably be a good idea then or even: [ -d /dev/shm ] && rmdir /dev/shm || mv -f $rootfs/dev/shm $rootfs/dev/shm.bad
<stgraber> (sorry, should have seen it earlier)
<hallyn> I don't want to go chaining like that and have it be as fragile as mounted-dev.conf
<hallyn> (when i do it slightly wrong)
<hallyn> mind you what you have there *does* look right
<hallyn> stgraber: I do get mv: cannot stat `/var/lib/lxc/p3/rootfs/dev/shm': No such file or directory
<stgraber> right, maybe in two then: [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
<stgraber> and then [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
<stgraber> before the ln call
<hallyn> do you strongly prefer that to 2>/dev/null?
<stgraber> I guess I do, in the sense that if mkdir then fails we won't silence the error
<hallyn> btw, have you kicked my package from the archive? :)  can i re-use the versoin #?
<stgraber> yeah, you can reuse the version number, I'll kick it out of the queue
<hallyn> stgraber: thanks.  I'll wait till you look at the new debdiff after dinner to re-push?
<stgraber> hallyn: upload directly to the queue, I'll review it there
<hallyn> kthx
<ruben23> hi guys any apps can check for HDD bad sector abd blocks..?
<rbasak> ruben23: badblocks. Or smartctl to see what the disk thinks.
<uvirtbot> New bug: #980027 in php5 (main) "package libapache2-mod-php5 5.3.10-1ubuntu2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/980027
<uvirtbot> New bug: #980054 in lm-sensors (main) "package libsensors4 1:3.3.1-2ubuntu1 failed to install/upgrade: conffile './etc/sensors.d/.placeholder' is not in sync with other instances of the same package (dup-of: 951493)" [Undecided,New] https://launchpad.net/bugs/980054
<roaksoax> jamespage: new ppa upload fixes ur issure
<roaksoax> utlemming: still not around?
<utlemming> roaksoax: here
<roaksoax> utlemming: so I wasn't able to get the image even booting (or so it seems)
<roaksoax> utlemming: were you able to look into it further?
<utlemming> roaksoax: okay, I'll see if I can to it. I'm pretty buried right now
<roaksoax> utlemming: alright, not sure whether Daviey needs this for EOD or EOW
<utlemming> roaksoax: EOD isn't going to happen, I have another higher priority issue going on right now
<roaksoax> utlemming: no worries, just let me know when you have something I can test. Thanks! :)
<utlemming> roaksoax: sure, if I get blocked, I'll work the usb stick
<zul> adam_g: patch refreshed?
<adam_g> zul: which?
<zul> glance
<adam_g> zul: yeah, i cherry picked the paches directly from upstream and applied them to -proposed
<zul> adam_g: excelente
<hallyn> utlemming: are you going to be able to look at the lxc-ubuntu-cloud bug in the next few hours, or is that not in the cards?
<hallyn> SpamapS: Uh, combine a cable line unearthed by the builders at the neighbor, and a wildman with a lawnmower in back, and I may end up not online in a few mins.  fyi
<hallyn> the install is going very slowly, though I can't really tell, it migh tjust be my apt-cache-ng mirror or gateway (both of which are my netbook :) slinging data slowly
<SpamapS> hallyn: DOH
<uvirtbot> New bug: #980151 in exim4 (main) "/var/lib/exim4 should be created by exim4-base" [Undecided,New] https://launchpad.net/bugs/980151
<robo_> can someone who's running openjdk on ubuntu 10lts run 'jps' for me and see if it returns the bootstrap PID?
<kees> robo_: does it work if you run jps as root?
<robo_> kees, nope
<robo_> it just returns the pid of the jps program itself
<kees> weird
<zul> kees: no one should use java anyways
<kees> lol
<henkjan> SpamapS: enjoying your time at perconalive?
<uvirtbot> New bug: #980189 in bacula (main) "Database not upgraded while upgrading bacula" [Undecided,New] https://launchpad.net/bugs/980189
<blair> svn 1.6.18 was released today with some repository corruption issues, how do i request an update from 1.6.17 to 1.6.18.  i've opened https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/980087
<uvirtbot> Launchpad bug 980087 in subversion "Update to 1.6.18 to fix fsfs repository corruption issues" [Undecided,New]
<ewingate> how can i tell why my filesystem is in read-only mode
<ewingate> and how can i tell which part of my filesystem is in read-only mode?
<patdk-wk> cat /proc/mounts
<RoyK> ewingate: ls -l will tell you permissions for files/dirs
<ewingate> patdk-wk: thanks thats what i was lookin for!
<patdk-wk> royk, inferrence :)
<ewingate> patdk-wk: any idea how i can tell why it switched to read-only? or how do i get it out of read only? reboot?
<patdk-wk> locally? dmesg
<patdk-wk> only way I know to get it back out, is a reboot
<RoyK> ewingate: usually it remounts to read only if something goes BAD
<patdk-wk> normally goes into readonly mode if there is issues reading/writing to the disk
<patdk-wk> big issues, like, there is no more disk :)
<patdk-wk> or disk didn't respond after 90 seconds
<RoyK> because it's safe to remount to readonly and wait for fsck to sort things out later
<ewingate> ah ok.. so rebooting the server would get me back in business?
<RoyK> hopefully, yes ;)
<ewingate> or it will at least check the disk for errors?
<ewingate> ok thanks
<RoyK> if you don't have console access
<RoyK> it might render the server useless until you get to the console
<Daviey> zul: hey, thoughts on https://bugs.launchpad.net/ubuntu/+source/quantum/+bug/979192
<uvirtbot> Launchpad bug 979192 in quantum "FFE: Separate agent binaries in different packages" [Medium,New]
<zul> Daviey: i think in the long run that will help us for q so do it now
<Daviey> zul: happy with the diff?
<zul> Daviey: yeah
<Daviey> zul: Would ypou be so kind to sponsor ir?
<Daviey> it?
<zul> uh?
<zul> the patch didnt have a changelog
<Daviey> zul: yes, but can you incorporate it? :)
<zul> *sigh*
<zul> yeah i can
<adam_g> http://paste.ubuntu.com/926983/
<adam_g> Daviey: jamespage: ^ that look reasonable for preserving squid conf? waiting on a build to do some last minute dist-upgrade tests
<zul> adam_g:  holy crap dude
<adam_g> zul: eh?
<zul> largish
<adam_g> well, yeah
<zul> dont mind me
<jamespage> adam_g, in the preinst for the squid package?
<zul> Daviey: done
<Daviey> adam_g: i think it's a reasoable	solution.
<adam_g> jamespage: thats in postinst
<adam_g> jamespage: AFAICS, /etc/squid3/ wont be there in preinst
<jamespage> adam_g, yeah - that was what I was wondering
<adam_g> jamespage: but original /etc/squid/ shouldn't have been purged when 'postinst upgrade' is run, will it?
<jamespage> adam_g, maybe - I'd want to test it to be sure :-)
<jamespage> adam_g, we have a transitional squid package right that is built out of squid3 source ?
<adam_g> jamespage: yeah, about to do that.
<adam_g> jamespage: yea
<jamespage> adam_g: if that tests OK I think it looks good.
<adam_g> jamespage: hmm, well it looks like that postinst wasnt called
<adam_g> jamespage: though, the original /etc/squid/ isn't purged either by default. im wondering if we can not even worry about moving the file, since its going to stay there regardless
<jamespage> adam_g, hmm - maybe
<jamespage> actually that would explain a diff bug that I triaged today with regards to the logrotate from squid sticking around post upgrade
<SpamapS> henkjan: it was a lot of fun, but I was just there for 1 day (yesterday)
<adam_g> jamespage: hm
<jamespage> adam_g, is this related to the fact that the package is not tracking them as configuration files?
<adam_g> jamespage: what? the fact that the directory is not removed?
<jamespage> adam_g, sorry brain a little fuddled
<henkjan> SpamapS: ah. i saw al the buzz on twitter in #perconalive
<henkjan> i've been to percona live londen last year
<henkjan> the mysql community is awesome
<adam_g> jamespage: thats okay. since the old squid.conf is never actually purged, we could probably skip maintaining a list of versions+md5's and just put a note at /etc/squid3/README explaingin the transition?
<jamespage> adam_g, if it remains intact then yes that is OK
<jamespage> although I believe that should go into NEWS for the package
<adam_g> jamespage: i can do that
<jamespage> adam_g, http://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-news-debian
<adam_g> jamespage: thanks
<jamespage> I think dch will generate an entry for you :-)
<hallyn> SpamapS: hm, this could be spurious as i've only done one test each, but a 'time find / -type f > o 2>&1' in qemu with rbd took 5.7 seconds vs 4.7 seconds in qemu without rbd
<hallyn> trying again
<hallyn> hoping it has to do with pagecache in host being hot
<SpamapS> hallyn: that would be really odd
<hallyn> yes it would
<SpamapS> hallyn: I was looking at how the different backends are used.. and it seems like they are completely independent of one another
<hallyn> it's somewhat consistent though
<resno> what kinda of server monitoring tools do people use? i was looking at monitorix
<SpamapS> resno: nagios/icinga are good (the latter being a fork of the former), collectd is cool.. statsd+graphite is pretty cool.
<resno> any thoughts on monitorix?
<uvirtbot> New bug: #980290 in facter (main) "In Xen domU, "facter virtual" prints "physical"" [Undecided,New] https://launchpad.net/bugs/980290
<RoyK> !bug 978458
<uvirtbot> Launchpad bug 978458 in samba "CVE-2012-1182: "root" credential remote code execution" [High,In progress] https://launchpad.net/bugs/978458
<uvirtbot> New bug: #980291 in facter (main) "In Xen domU, "facter virtual" prints "physical"" [Undecided,New] https://launchpad.net/bugs/980291
<T3CHKOMMIE> hey guys, i got a bit of a dumb request. I am trying to make a 10 second video of a hole bunch of printlns in terminal. I was wondering if anyone know of a good cat /proc/* command that would spit out a bunch of data for about 10 secnds. any ideas?
<aceat64> Anyone know why the "guided partitioning with lvm" option creates a primary partition (on this server it's /dev/sda1) that looks like it should have been /boot but doesn't appear to be used
<aceat64> https://gist.github.com/2371194
<aceat64> instead /boot is on my lv for /
<SpamapS> hallyn: so, did we break kvm performance or was it an aberration?
<hallyn> SpamapS: i think it ws an aberration.  overall the times with rbd were higher, but i did get one 5 second time.  (only did 4 runs each)
<hallyn> i'm still shocked at how slow the guest install was...
<hallyn> but anyway, if there is a perf regression i'll have to find and fix it :)
<hallyn> next week i'm hoping to do my perf runs
<SpamapS> hallyn: precise-proposed awaits you :)
<hallyn> lol
<jkyle> so we're not supposed to edit resolv.conf by hand...what do we edit? looking at the resolvconf man and it seems things have gotten quite a bit more complex
<stgraber> jkyle: http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
<stgraber> jkyle: short answer is add dns-nameservers and dns-search for your interface in /etc/network/interfaces
<jkyle> I can't use the /etc/network/interfaces file...I'm having to set up my interfaces manually via the /sys/class/net
<jkyle> bugs with bonding in the userland utilities for interfaces
<jkyle> ah ok, so I _can_ edit the resolv.conf.d/head though the file itself has a no edit warning
<jkyle> that'll work
<stgraber> right, because the no edit warning is what becomes the no edit warning of /etc/resolv.conf
<jkyle> ok, so in my original file I have two lines, a search and nameserver declaration
<jkyle> but these are not appearing in my resolv.conf
<jkyle> which is empty cept for ehead
<stgraber> right, original is just there as a backup. resolvconf will only use it if tail is a symlink pointing to original
<stgraber> (which we do automatically on upgrade for setups where we "guess" that dns won't work without it)
<jkyle> cool networkign is up
<jkyle> stgraber: what was the incentive for moving to resolvconf?
<Daviey> zul: we are now tracking stable tree for nova?
<stgraber> jkyle: having a single tool modifying /etc/resolv.conf instead of the 5-6 we had in the past that didn't talk to each other and would end up overwriting the file every time
<jcastro> I suspect our use of "maas effect" will get old after about a month.
<stgraber> jkyle: another incentive was to have it in /run so that you can boot your system in read-only mode
<kklimonda> hum, anyone is using precise on rackspace vps? I'm seeing a weird problem where root partition is mounted r/o and because of some journal issues and I get some funny errors in dmesg
<uvirtbot> New bug: #974592 in glance (main) "Upgrade from diablo to to glance_2012.1-0ubuntu1 failing" [High,Fix released] https://launchpad.net/bugs/974592
<uvirtbot> New bug: #975651 in glance "Image properties that reference image ids are not updated to UUIDs" [Undecided,Fix committed] https://launchpad.net/bugs/975651
<utlemming> hallyn: you still around?
<hallyn> utlemming: not really
<utlemming> hallyn: lol, I'm probably way too late, but I'm submitting a fix for .img bug
<hallyn> utlemming: yeah, final freeze has passed I'm afraid
<hallyn> but we can queue it up for sru in a few weeks
<hallyn> utlemming: of course I'd say there's an argument to be made that the different naming for contents of release vs devel images is a bug in itself
<hallyn> but I assume there is plumbing out there depending on the current naming
<utlemming> hallyn: UDS topic, I believe
<hallyn> ok
<utlemming> hallyn: arosales wanted me to get that consistent and I told him that plumbing was a no go this cycle
<utlemming> there are too many moving parts and people are relying on the current convention
<hallyn> ok (too bad :)
<hallyn> yeah
<hallyn> all right - have a good night
<utlemming> you too
<arosales> be a good thing to keep on our radar for future work :-)
#ubuntu-server 2012-04-13
<jkyle> I've put a series of bonding configurations in my /etc/rc.local. What I'm noticing is that it seems only the first line of them are executed.
<jkyle> what might be causing rc.local to short
<mdlueck> I know Synaptic has a menu choice to force reinstall of a package. Where is the equivalent in aptitude?
<mdlueck> Or must I force reinstall via dpkg?
<qman__> mdlueck, apt-get install --reinstall
<qman__> don't know what it would be for aptitude but it should have an option like it in the manual
<mdlueck> qman__, yes that would work too. No wat via aptitude?
<mdlueck> then I will just apt-get, thanks
<jkyle> stgraber: all good reasons
<zul> Daviey:  yep
<mklappstuhl> Hey
<mklappstuhl> I would like to setup a new Xen guest with 12.04 ... apparently this is not easily possible using the dist option
<mklappstuhl> how would you recommend to do it?
<patdk-lap> mklappstuhl, easy, install 12.04 with the ec2 kernel
<patdk-lap> same way it's been done since 10.04
<mklappstuhl> patdk-lap: I am not using ec2 but it reads like this is not a requirement
<patdk-lap> what are you talking about? you asked for xen, the answer is ec2
<mklappstuhl> patdk-lap: can you point me to some more information?
<patdk-lap> sure, the kernel-ec2 config file
<patdk-lap> apt-get show linux-ec2?
<mklappstuhl> and I dont understand how ec2 is related to the problem and also there is now package as kernel-ec2 or linux-ec2
<patdk-lap> hmm
<patdk-lap> your failing is that ubuntu doesn't maintain a xen base image
<patdk-lap> the next failing is that, xen guest stuff was merged into the kernel
<patdk-lap> and the 3rd is that, ec2 is based on xen
<patdk-lap> therefor, to have a xen compatable image, ec2 is the 1 stop shop
<patdk-lap> who cares if you use amazon or not, you want xen, install ec2 kernel
<mklappstuhl> I know that ec2 builds up on top of xen but
<mklappstuhl> I can install ubuntu versions on my hypervisor .. it works fine with debian and lucid and many others
<patdk-lap> if your using a hypervisor, then you don't need xen support, cause your using qemu
<mklappstuhl> in my understanding the hypervisor is the Dom0
<mklappstuhl> And I am also not looking for "xen-support"
<patdk-lap> for paravirtual
<patdk-lap> for real virtual machines, hvm mode, it uses qemu
<mklappstuhl> I want to install 12.04 as easy as the other debian based distributions by using the --dist flag
<patdk-lap> what --dist flag?
 * patdk-lap doesn't remember any --dist flag
<mklappstuhl> but there are not instructions shipped for the version I am running xen and probably that will take a while since ubuntu 12.04 is not even released
<mklappstuhl> xen-create-image --hostname bla --dist lucid
<mklappstuhl> something like the abote
<patdk-lap> oh, xen-tools, that isn't a part of xen :)
<mklappstuhl> haha okay
<mklappstuhl> but it has xen in its name :D
<aries> Hi
<aries> Thoughts on Webin for ubuntu
<aries> Webmin**
<aries> ?
<twb> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<aries> Really?
<aries> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<aries> Very interesting
<aries> any ideas why this is the case/
<aries> I'm having some issues managing my web sevrer
<aries> any other graphical front ends
<aries> ?
<aries> make my life easier?
<twb> <dpkg> Webmin is a lame web-based interface for unsafe system administration for Unix.  Check it out at http://webmin.com/  Remember, dondelelcaro *hates* webmin.  "i'd rather sit on the floor shoving table knives into live electrical outlets than run webmin on an exposed server."  Removed from Debian post-Sarge, see http://bugs.debian.org/343897 .  The Debian package from webmin.com is of poor quality.  See <free wh
<twb> cp> for alternatives.
<twb> ^^ that's the Debian version of that info entry.
<uvirtbot> twb: Error: "^" is not a valid command.
<twb> You can /msg dpkg to ask about it if you are in #debian
<aries> Perl web host control panel?
<twb> I am not interesting in discussing it with you further.
<twb> *interested
<aries> :(
<aries> how come?
<aries> I guess the commad line way is the best.
<aries> Thanks
<twb> Why does /lib/udev/devices need a loop0 ?
<twb> It is pissing me off because when copied to a solaris/ZFS backup server, I get this:
<twb> $ du --apparent-size /tank/hosted-backup/backups/cybersource/alpha.cyber.com.au:./.zfs/snapshot/2012-03-28T14:05:01Z/lib/udev/devices/loop0
<twb> 9007199254740992        /tank/hosted-backup/backups/cybersource/alpha.cyber.com.au:./.zfs/snapshot/2012-03-28T14:05:01Z/lib/udev/devices/loop0
<twb> I was just going to instruct the backup to be --one-file-system, but it turns out /lib/udev/devices isn't (as I had assumed) a separate pseudofs
<koolhead11> hi all
<lynxman> morning o/
<uvirtbot> New bug: #980682 in bind9 (main) "package bind9 1:9.8.1.dfsg.P1-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/980682
<JoeyJoeJo>  If I go to http://mysite.com, my browser downloads the index.php file instead of displaying it. However if I go to http://mysite.com/index.php, it works correctly. What causes that problem?
<uvirtbot> New bug: #980712 in samba (main) "Package winbind 2:3.6.3-2ubuntu1 failed to install/upgrade: ErrorMessage: subprocess new pre-removal script returned error exit status 143" [Undecided,New] https://launchpad.net/bugs/980712
<airtonix> question about lstp server, i notice that the next version of zentyal (aka zentyal 3.0) will be providing a very nice lstp configuration module for lstp.. so my question is this : 20 workstations running a gnome shell desktop with thunderbird and chrome, libre office etc does the actual video rendering processing happen on the workstation or the server ?
<airtonix> i mean LTSP
<uvirtbot> New bug: #980758 in samba (main) "new buffer overflow attack on samba 3.6.3 -> enables unauthenticated remote root access" [Undecided,Invalid] https://launchpad.net/bugs/980758
<koolhead17> zul, around
<zul> koolhead17: no
<koolhead17> zul, hehe. :)
 * koolhead17 wonders if there has been some major changes in dash yesterday
<koolhead17> dash == horizon
<zul> koolhead17: why?
<koolhead17> zul, because some one told me upgade asks you for DEBUG = False
<koolhead17> and new package python-django-horizon
<zul> koolhead17: ok yes the configuration has changed to turn off debug
<koolhead17> zul, and that breaks the css apparently which it should not.
<zul> what?
<zul> can you please open up a bug then?
<koolhead17> zul, even in my un-upgraded horizon pkg if am doing DEBUG = False  it breaks
<zul> koolhead17: ok can you please open up a bug then
<koolhead17> am doing it right away
<zul> thanks
<zul> koolhead17: if you set it back to True then it works like normal right?
<koolhead17> yes
<koolhead17> zul, https://bugs.launchpad.net/horizon/+bug/980787
<uvirtbot> Launchpad bug 980787 in horizon "openstack-dashboard breaks with option DEBUG =False in config file" [Undecided,New]
<uvirtbot> New bug: #980798 in bind9 (main) "incorrect owner '644' for /etc/bind/named.conf.options" [Undecided,New] https://launchpad.net/bugs/980798
<hallyn> utlemming: for bug 979996, does your fix still work with precise?  doesn't look like it should, becuase you unconditionally switch to $release-*, but in precise it's still ubuntu-12.04* ?
<uvirtbot> Launchpad bug 979996 in lxc "ubuntu-cloud template can't find .img" [High,Confirmed] https://launchpad.net/bugs/979996
<utlemming> hallyn: I tested it...but let me double check again to be sure.
<zul> Daviey: the horizon i did this morning fixes a regression from the last upload
<hallyn> utlemming: while I'm converting lxc-test to pyunit, I'm gogn to add ubuntu-cloud to the tests
<utlemming> hallyn: nice
<hallyn> just playing whack-a-bug with my typos right now :)
<utlemming> hallyn: I just re-confimred the patch works with precise released (beta images) and re-confirmed it works with dailies.
<koolhead17> zul, the fresh upload of horizon add deps of python-memcache and memcahed right ?
<koolhead17> *adds
<zul> no it fixes the regression
<zul> koolhead17: ill get the memcached in for an SRU
<koolhead17> zul, it be cool to have CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
<koolhead17>   line added inside  vim /etc/openstack-dashboard/local_settings.py
<zul> koolhead17: yes i know
<koolhead17> :)
<hallyn> utlemming: so just 'lxc-create -t ubuntu-cloud -n c1' works?
<serue> NAMES #ubuntu-devel
<serue> /NAMES #ubuntu-devel
<serue> /N #ubuntu-devel
<serue> /NAMES #ubuntu-devel
<uvirtbot> New bug: #980902 in lxc (universe) "lxc-destroy -f needs to lxc-wait, or use lxc-shutdown" [Low,Confirmed] https://launchpad.net/bugs/980902
<uvirtbot> New bug: #980905 in lxc (universe) "lxc-shutdown -h calls undefined 'help' function" [Low,Confirmed] https://launchpad.net/bugs/980905
<serue> hm
<serue> oh, sorry for the noise, didn't realize it caches the last channel I wrote to :)
<BluesKaj> I'm having problems with an /etc/rcX.d  startup script ... it's not starting the service , altho I followed the readme instructions for invoking the script at startup. Is the /etc/rcX.d file the right place or have things changed?
<genii-around> BluesKaj: Did you use the update-rc.d script?
<BluesKaj> hey genii-around , I did update-rc.d
<genii-around> BluesKaj: upstart has the /etc/init/rc-sysinit.conf which should still start any old stuff which is still using the init.d way. Is it giving any error message or just not starting at all?
<rbasak> jamespage: I'm getting jenkins.JenkinsException: Error in request. Possibly authentication failed [403] using python-jenkins on an internal jenkins instance with open access. Do you happen to know what this might be? Do I need to create users with permissions?
<uvirtbot> New bug: #980910 in lxc (universe) "Merge 0.8.0~rc1-4 from debian" [Low,Confirmed] https://launchpad.net/bugs/980910
<jamespage> rbasak, auth in jenkins is a bit of a back art
<jamespage> do you have users/perms setup?
<rbasak> jamespage: no, none at all
<BluesKaj> genii-around, it's the no-ip dns app which tracks the dynamic IP automatically ...no error message , but it tries to start kate and fails , then freezes the desktop
<jamespage> rbasak, are you passing any using python-jenkins?
<rbasak> I'm passing None, None
<rbasak> But wait
<rbasak> Looks like others have created some users
<rbasak> jamespage: I have three people but no sign of any passwords or anywhere to set them up
<rbasak> jamespage: where did you say the jenkins PPA was? I'm going to try and upgrade from the oneiric version.
<jamespage> rbasak, ppa:hudson-ubuntu/backports
<rbasak> thanks!
<jamespage> sorry - just been debugging something else
<jamespage> BTW 403's are a guess when it comes to authentication - it might actually be a different issue
<rbasak> hmm
<rbasak> I think I needed to update anyway - the build publisher plugin wasn't working and I'll need that
<uvirtbot> New bug: #980930 in nova (main) "nova client does not respect regions" [Undecided,New] https://launchpad.net/bugs/980930
<raubvogel> When you do "sudo -i" which pam modules are being looked?
<jcastro> SpamapS: what day are you coming to UDS?
<uvirtbot> New bug: #980940 in euca2ools (main) "euca2ools does not respect the --region option correctly" [Undecided,New] https://launchpad.net/bugs/980940
<jcastro> SpamapS: we need to make sure the mysql sessions are on the day you are there.
<jkyle> morning!
<SpamapS> jcastro: Tuesday for sure
<SpamapS> jcastro: thats the day I registered for
<SpamapS> jcastro: I will also try to make it for Thursday
<jcastro> SpamapS: ok and you told launchpad you can only be there on tuesday and mark yourself required?
<jcastro> (on the mysql blueprint?)
<SpamapS> jcastro: yes
<jcastro> SpamapS: have you submitted the blueprint for approval?
<jkyle> few questions on maas. does the maas server just tie into cobbler? can I manage my nodes via cobbler and they'll register with maas?
<SpamapS> jcastro: bug report for launchpad.. need to be able to specify non-contiguous days ;)
<jcastro> SpamapS: yeah, I only care about the blueprint right now, I need to manually schedule it anyway, is it submitted for approval or still drafting?
<SpamapS> roaksoax: ^^ do you know the answer to that?
<SpamapS> roaksoax: re jkyle's maas question
<SpamapS> jkyle: That wouldn't really make much sense.. ;)
<SpamapS> jkyle: cobbler mostly is just used for pxe/pre-seed ..
<jkyle> SpamapS: right, but I was thinking maybe maas got the list of nodes from cobbler's list. currently deleting nodes is bugged
<jkyle> https://bugs.launchpad.net/ubuntu/+source/maas/+bug/978706?comments=all
<uvirtbot> Launchpad bug 978706 in maas "Internal Server Error when deleting a node (interface needs to be defined)" [Undecided,Confirmed]
<jkyle> so, if deleting them with cobbler was registered by maas...it'd be a work around :P
<jcastro> SpamapS: ok it looks like it's on a tuesday: http://summit.ubuntu.com/uds-q/2012-05-08/display
<jcastro> SpamapS: ok good, I just wanted to make sure we weren't scheduling it when you were not there, etc.
<hallyn> phew, debootstraps seem to be failing bc hte archive is updating so fast right now (or something)
<jkyle> ok, I have a maas setup. I entered the mac addresses of a couple of nodes, booted them with pxe enabled. dnsmasq detects them and offers an ip on the right range. But the node never pxe boots
<roaksoax> jkyle: nope you cant
<roaksoax> jkyle: (manage nodes in cobbler)
<roaksoax> jkyle: and do you have several nic's on the MAAS server?
<jkyle> roaksoax: yes, 4 nic's. 2x1gb, 2x10gb with both pairs bonded (one mode 4, one mode 1)
<jkyle> then, each of the bonds have multiple vlan trunks
<jkyle> that's the maas node
<roaksoax> jkyle: ok, so I'm guessing the interface that connects to the external network, or has the default route is not the interface you use for PXE booting?
<jkyle> the clients currently run one bonded pair with no trunking, and the 10gb pair has two vlan's
<jkyle> roaksoax: correct. I noted the default conf is listening on all nics. I'll tweak that later (currently securing it via iptable rules)
<roaksoax> jkyle: ok so the problme might be that MAAS has autodetected the default IP address to be one different from the one you are PXE'ing from
<jkyle> gotcha
<roaksoax> jkyle: so I just filed related bug
<roaksoax> jkyle: but to fix, please sudo dpkg-reconfigure cobbler
<jkyle> that would be here? /etc/maas/maas_local_settings.py
<roaksoax> jkyle: and set the correct IP address for cobbler Boot and PXE Server IP address
<roaksoax> jkyle: and yes, also set the correct IP address for DEFAULT_MAAS_URL
<jkyle> k, I'm very comfortable with dnsmasq, pxe, etc. but wasn't familiar with cobbler
<jkyle> I currently have it on a public ip...reconfigured for https..for convenience
<jkyle> does the DEFAULT_MAAS_URL have to match the address of the primary management ip?
<roaksoax> jkyle: right, but if you sudo dpkg-reconfigure cobbler, it will first prompt you to enter cobbler's password, you can leave that blank
<roaksoax> jkyle: but it will ask you for the IP address for Boot and PXE. This has to be the IP address of the nic on the MAAS srver that the clients can access to for PXE booting
<jkyle> you were correct, it was listening on teh public ip
<roaksoax> jkyle: and DEFAULT_MAAS_URL can be any IP address of the MAAS server *as long as* the clients can access it
<roaksoax> jkyle: obviously it is recommended it to be the samve as above
<jkyle> k, seems practical that this should be my management ip than
<roaksoax> jkyle: exaclty, so, I'll file a bug and fix it so we can easily change that with sudo dpkg-reconfigure maas
<jkyle> now, teh DEFAULT_MAAS_URL seems to be unrelated to the web ui url that apache serves
<Aaronds> Hi, just wondering how I should manage something on my server... I need a user to be able to run a shell script which moves a folder into /var/. However, folder doesn't have the permissions for this by default... Is the only option to basically remove the write protection on that directory?
<jkyle> roaksoax: I wonder if this misconfiguration is related to the bug I linked...I'll test and see :P
<roaksoax> jkyle: aesome, you might wanna run sudo cobbler sync to update the PXE address after changing it with dpkg-reconfigure cobbler
<jkyle> ok, so far. same behavior
<jkyle> I restarted the maas-pserv too
<jkyle> pxe still timing out though
<roaksoax> jkyle: sudo cobbler sync
<jkyle> I did, lemme do it again
 * jkyle cycles server
<roaksoax> hggdh: do you still experience bug #977609
<uvirtbot> Launchpad bug 977609 in maas "MAAS barfs with 'Internal server error' when clicking on Settings" [Undecided,New] https://launchpad.net/bugs/977609
<hggdh> roaksoax: yes, still happens
<jkyle> yeah, still not serving pxe images on that interface
<roaksoax> jkyle: can you pastebin /var/lib/tftpboot/pxelinux.cfg/default ?
<jkyle> I verified the /etc/cobbler/settings:next_server value as the ip of the interface I'm listening on
<jkyle> roaksoax: sure, sec
<jkyle> roaksoax: https://gist.github.com/2378412
<jkyle> log host is set to the public ip, probably not good. the url= arg is st to the proper interface though
 * jkyle wonders where its getting the log host value..it doesn't appear in /etc/cobbler/
<roaksoax> jkyle: if url=...192.168.112.10.. is set correctly, then there maybe something else
<jkyle> that's the correct ip. and dnsmasq is serving the specified mac address an ip
<roaksoax> jkyle: can you check what's in /etc/cobbler/settings in ^server: and ^next_server:
<roaksoax> jkyle: and you should be able to update it by running: sudo maas-import-isos --update-settings
<jkyle> next_server points to the 192.168.112.10 addy
<jkyle> server: points to the 192.168.112.10 addy
<roaksoax> jkyle: ok so run "sudo maas-import-isos --update-settings"
<roaksoax> jkyle: and check that the default file provides the correct IP address
<roaksoax> jkyle: and check if there';s any dnsmasq output when you runn it (as in started successfully)
<jkyle> the default looks good on teh url's..though its log_host is off on a couple of menu items. been watching the dnsmasq logs. nothing looks bad there. it serves up the ip on request
<jkyle> hm, maybe it's a firewall issue. our rules were set up for a more vanilla environment
<roaksoax> maybe, cause if it can get the PXE file, might be DHCP issue
<jkyle> dropping firewall  for a bit
<jkyle> nope, that's not it. same behavior when wide open
<roaksoax> jkyle: can you psatebin the output of sudo cobbler sync?
<jkyle> sure
<uvirtbot> New bug: #975655 in glance "Migration 012_id_to_uuid attempts to convert IDs twice for non-sqlite databases" [Undecided,Fix committed] https://launchpad.net/bugs/975655
<roasted> Question - 11.04, DHCP, I run sudo /etc/init.d/dhcp3-server start, NO error, yet its still - when I run service --status-all
<guntbert> roasted: what do the log say?
<guntbert> *logs
<roasted> guntbert: nothing
<roasted> literally, no errors for dhcp
<roasted> it may be windows related
<roasted> I was just told the server was part of the domain via likewise-open. a controller went down and they shuffled things around, and magically ubuntu stopped working
<roasted> far too werid to be inconvenient timing
<gary_poster> hallyn, the workaround to bug 974584 (rmdir /dev/shm from existing instances) is not working for us (same symptoms, ENOSYS).  I looked at the description of your fix in the upcoming package and made a symlink (rootfs/dev/shm -> /run/shm), but still no fix.  What is the proper workaround?  the mount worked, but I'd like to verify that the new approach also works for us.
<uvirtbot> Launchpad bug 974584 in sysvinit "Semaphores cannot be created in lxc container" [Undecided,Confirmed] https://launchpad.net/bugs/974584
<hallyn> gary_poster: in precise contaienrs?
<gary_poster> hallyn, lucid
<hallyn> gary_poster: i should comment in the bug
<hallyn> in lucid, the fix is to add dev/shm entry to the contaienr's fstab
<hallyn> hold on lemme comment
<gary_poster> hallyn, cool, thanks
<esuave> so im trying to remove a word off mulitple files.. ex: processed_1234, processed_4567..  I just want to remove the processed_ off all the files
<esuave> is this possible?
<chmac> No sysbench in repos for hardy, any suggestions on where to get a .deb?
<jkyle> ok, so the maas stack. What apps provide dhcp & tftp. I'm poking around packages and it looks like dnsmasq for dhcp...but I see the tftpd-hpa package is also installed
<jkyle> so dnsmasq is doing dhcp only?
<chmac> Slammed on the debs from lucid, seems to have done the trick :-)
<chmac> jkyle: I believe dnsmasq is a dns / dhcp server, not sure if it has any ftp stuff, but I really don't know
<jkyle> what I'm seeing when I start cobbler up, is that dnsmasq + cobblerd are started. But tftpd-hpa is not
<jkyle> chmac: tftp, pxe boot :)
<chmac> jkyle: Double dutch to me :-)
<Daviey> adam_g / zul: I just thought, the horizon css issue with Debug.. there is a convention in Django to serve static media through django app server if Debug = True.. This doesn't scale.  What should happen is that /media should be directly served through apache vhost config, bypassing django.  Is this the issue?
<zul> sounds like it
<kaffien> is it possible to shut off a nic so that the link light goes dead on the back of the server?
<kaffien> I'm trying to identify the cord i do not need plugged in
<kaffien> nm ethtool has an id tool i can use.  thanks
<jkyle> this bug now says fixed: released => https://bugs.launchpad.net/ubuntu/+source/maas/+bug/978706?comments=all
<uvirtbot> Launchpad bug 978706 in maas "Internal Server Error when deleting a node (interface needs to be defined)" [Undecided,Fix released]
<jkyle> does this mean the package is updated or I need to pull source down?
<adam_g> Daviey: well spotted. adding an alias to the apache config fixes the issue and lets debug = false. is it worth another upload?
<Daviey> adam_g: yes
<adam_g> Daviey: k
 * koolhead17 is famous today!! :)
<Daviey> koolhead17: trouble maker ! :)
<Daviey> koolhead17: will you be at ODS?
<koolhead17> Daviey, yes sir. very much. am all ser
<koolhead17> set
<koolhead17> Daviey, i mailed you, seems like your mailbox is full or gmail goes to spam folder
<koolhead17> :P
<Daviey> koolhead17: When did you send that?  I've ben somewhat overwhelmed by email this week.
<jkyle> roaksoax: ping
<koolhead17> Daviey, i think last week. I thought better mail you rather troubling you here:)
 * koolhead17 checks his mail box to find send date
<koolhead17> *sent
<koolhead17> Daviey, 3ed apr :)
<Daviey> i suck so bad.
<koolhead17> Daviey, you were busy with release so no issue :D
<koolhead17> i just needed your suggestion 4 head on collision  and if its good. :D hehe
<Daviey> koolhead17: ok, lets catch up next week.
<koolhead17> Daviey, just buzz me whenever you have sometime. We still have around 15 days before UDS :D
<Daviey> koolhead17: sorry, will you be at *ODS*
<koolhead17> lol. no no.
<koolhead17> UDS
<koolhead17> i will be sir
<Daviey> ok, cool
<koolhead17> althought i would have loved to b there TBH :(
<koolhead17> so many awesome peeps coming in
 * Daviey blushes.
<koolhead17> Daviey, and espacially that gartner lady i was interested to meet. cloudpundit :P
<koolhead17> she had so much issue with openstack
<koolhead17> hahaha
<matsubara> jcastro, hey, do you have any docs on how to deploy openstack using juju?
<koolhead17> matsubara, i thought there already was one
<koolhead17> not sure i its on ubuntu server blog page
<koolhead17> adam_g, hi there
<adam_g> Daviey: horizon_2012.1-0ubuntu5
<adam_g> koolhead17: ole
<koolhead17> adam_g, was wondering if we should write a keystone-GUI
<koolhead17> :P
<koolhead17> or keystone browser
<adam_g> koolhead17: hmm
<koolhead17> too lazy to add the values
<adam_g> koolhead17: horizon basically is that
<adam_g> koolhead17: well, for the user at least
<adam_g> koolhead17: initial config, you mean? of endpoints, services, etc?
<matsubara> koolhead17, could you point me to it?
<koolhead17> adam_g, horizon comes once keystone gets done with its action :P
<koolhead17> matsubara, 1 sec
<koolhead17> adam_g, yes
<koolhead17> and we can easily see and modify stuff from our browser
<Daviey> matsubara: i have one
<koolhead17> that way we have complete control on whats happening with keystone
<adam_g> koolhead17: wouldnt be difficult, the keystoneclient library is easy to use stuff
<koolhead17> adam_g, yes sir.
<Daviey> matsubara: as if by magic, https://help.ubuntu.com/community/UbuntuCloudInfrastructure :)
<koolhead17> thanks Daviey for that :P
<Daviey> courtesy of adam_g
<koolhead17> :P
<roaksoax> jkyle: pong
<matsubara> thanks DavidLevin
<koolhead17> adam_g, and for my understanding i added each tenat/service/user/role one by one
<matsubara> err, thanks Daviey
<adam_g> Daviey: disregard that upload, it was rejected?
<uvirtbot> New bug: #981121 in samba (main) "package winbind 2:3.6.3-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/981121
<Daviey> adam_g: i didn't see it hit the queue
<Daviey> adam_g: Ah, is it in ubuntu-server-dev pakcageset?
<adam_g> Daviey: it should be, i uploaded it yesterday
<Daviey> adam_g: don't think it is NOW.
<Daviey> sigh.
<adam_g> whmmv
<jkyle> roaksoax: the problem was the dnsmasq.conf did not specify a tftp-root path
<Daviey> $ edit_acl.py --person=gandelman-a --series=precise --source=horizon check
<Daviey> Adam Gandelman (gandelman-a) cannot upload horizon to Precise
<adam_g> Daviey: where can i get that script?
<roaksoax> jkyle: I see
<adam_g> Daviey: i pushed update to lp:~ubuntu-server-dev/horizon/essex in the meantime
<jkyle> roaksoax: tried to put a tftp-root=/var/lib/tftpboot in the /etc/cobbler/dnsmasq.conf.template, but now it's not expanding the cobbler variables. I assume this is a maas debinstaller issue?
<Daviey> adam_g: lp:ubuntu-archive-tools
<koolhead17> adam_g, did you fixed bug i filed :P
<koolhead17> i had pointed zul about it
<roaksoax> jkyle: maas doesn't really do anything to dnsmasq than just set 3 things, 1. domain, 2. network range, 3. gateway to hand out to the clients
<adam_g> koolhead17: yeah, as daviey spotted the apache config file for that dashboard needed an update
<koolhead17> ooh okey. in order to have disabled DEBUG
<koolhead17> and about the memcached/python-memcache dependency ?
<jkyle> hm, interesting
<adam_g> koolhead17: i didn't see a bug about memcache, but perhaps it should be added too
<koolhead17> adam_g, horizon breaks if it does not have memcached and python-memcache
<koolhead17> let me pastebin what all i found compulsary
<koolhead17> :P
<adam_g> koolhead17: i believe you
<adam_g> but
<adam_g>  python-keystoneclient,
<adam_g>  python-memcache,
<adam_g>  python-django-nose
<adam_g> its listed as a Depends of python-django-horizon
<koolhead17> adam_g, and python-memcache depands on memcached?
<koolhead17> correct me if am wrong?
<adam_g> koolhead17: no, it does not
<adam_g> koolhead17: it Suggests memcache
<adam_g> +d
<koolhead17> adam_g, well then we need to pull in memcached as well
 * koolhead17 rechecks his doc
<koolhead17> adam_g, yes we need memcached python-memcache both and then the local_settings.py with CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
<uvirtbot> New bug: #980956 in glance (main) "No module named MySQLdb from glance-registry" [Undecided,Invalid] https://launchpad.net/bugs/980956
<jkyle> join cobbler
<jkyle> so, with maas...how can I script the adding of nodes? can I use cobbler or is there an api reference?
<roaksoax> jkyle: there's an API you can access with curl
<roaksoax> jkyle: though would be better if you use maas-enlist
<roaksoax> jkyle: so all the nodes in the network will automatically enlist themselves into maas
<jkyle> roaksoax: ah, so you just serve a pxe image that selects teh maas-enlist debian-installer option at boot
<roaksoax> jkyle: yes basically
<jkyle> ok, that'll work
<roaksoax> jkyle: so basically, it pxe boots, downloads an image, maas-enlist-udeb during install, enlists itself into maas, then powers off
<roaksoax> jkyle: and in maas you have to accept the enlistment and it will be ready for you to use
<jkyle> k, so, fixed that glitch in the dnsmasq. now when the nodes boot, it loads up the pxe initrd.gz...................ready
<jkyle> and pauses. I assume it's in a waiting state for provisioning by juju?
<roaksoax> jkyle: what maas version are you using?
<jkyle> lemme check, fresh 12.04
<roaksoax> jkyle: it might be outputting to serial console instead of VGA
<jkyle> ii  maas                             0.1+bzr415+dfsg-0ubuntu2         Ubuntu MAAS Server
<roaksoax> jkyle: ah yes, then the output is to serial console, that's why you are not seeing anythjing on VGA
<roaksoax> jkyle: that's fixed in the latest release
<jkyle> roaksoax: him, it's been there for quite a while..hours
<jkyle> roaksoax: should I pull from the source or use the 12.04 packages?
<roaksoax> jkyle: packages
<roaksoax> jkyle: upgrade to the latest in archive, then run 'sudo maas-import-isos'
<jkyle> yep, there's the updates
<jkyle> hm, looking at the diffs there's a lot of default password and empty password action going on
<roaksoax> jkyle: passwords should be updated automatically, you *must* accept overwritting the config files
<jkyle> ah, good to know
<jkyle> looks like some services failed to come up (I accepted the package changes for all confs)
<roaksoax> jkyle: which one?
<jkyle> rabbitmq failed to connect, I assume it didn't update the password
<jkyle> maas-txlongpoll failed
<jkyle> dpkg: error processing maas (--configure): subprocess installed post-installation script returned error exit status 1
<roaksoax> jkyle: could you pastebin please?
<jkyle> dpkg: dependency problems prevent configuration of maas-dhcp: maas-dhcp depends on maas; however:
<jkyle> ah, sure. sorry bout that
 * jkyle shoulda thunk
<jkyle> https://gist.github.com/2380645
<roaksoax> yeah it seems rabbitmq was stopped on the upgrade
<roaksoax> when it should have been running :S
<jkyle> pulling isos down, I'll try to manually start them up
<jkyle> I didn't think to check the rabbitmq process
<roaksoax> jkyle: it should have been running
<roaksoax> jkyle: in the log somewhere does it show that rabbimq was stopped?
<jkyle> roaksoax: yeah, I'm not going to blame the system. I've been mucking around trying to solve my other issues. not editing files, but bringing services down and upa nd such
<roaksoax> jkyle: ahh, then good to now, I should make sure the services are up before upgrading ;)
<jkyle> only one entry in the shutdown log for rabbit: Thu Apr 12 20:22:55 PDT 2012 - rabbitmq successfully stopped
<jkyle> must've shut it down yesterday some time
<jkyle> that would have been beer and chips in front of the tv work at 8pm hehe
<roaksoax> hehe, yeah either way, I'llmake sure rbabitmq is started on upgrade
<jkyle> roaksoax: you coming to the openstack conference?
<roaksoax> jkyle: yes
<roaksoax> i';ll be there the whole week
<jkyle> ok, so what did I probably break in that upgrade? would a dpkg-reconfigure maas do the trick?
<Tohuw> I'm unable to install sun-java6-jre on 10.04, even though I have the partner repo enabled. I get "no installation candidate". Any ideas?
<Tohuw> http://paste.ubuntu.com/928701/
#ubuntu-server 2012-04-14
<qman__> question about rsnapshot: I've configured it with 7 daily and 2 weekly, what happens when I swap drives? does act like the gap never happened, or does it start over?
<blendedbychris> any reason why after an apt-get purge and an apt-get install of the same package it recreates the config dirs but no files
<krinaonkoder4> Hey testing connection
<krinaonkoder4> Anyone on?
<blendedbychris> no one lurking?
<blendedbychris> trying to figure out how to configure stud
<blendedbychris> well crap
<qman__> !ask | blendedbychris
<ubottu> blendedbychris: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<blendedbychris> eh
<blendedbychris> i'm just ranting
<blendedbychris> any stud users? hehâ¦ setting up stunnel because i am convinced there's no decent documentation on stud.
<qman__> I don't use either, sorry I can't help
<qman__> but details will usually get you better answers
<blendedbychris> just trying to figure out how to get started with either one at this point ....
<koolhead17> hi all
<goddard> would it be bad if I added cron to my "nobody" group?
<knils> hello
<knils> ne one can tell setting up email server in ubuntu
<StevenR_> knils: please be more precise about what you want
<StevenR_> knils: or rather, what you're trying to achieve
<knils> i want to send mail from one pc to other through LAN
<knils> i just configured DNS server in one pc using usuntu server guide
<knils> but the book is specific bout mail server setup
<knils> Stevan:??
<StevenR_> ok... why are you trying to do that? Are you just experimenting, or do you have a set of requirements for business/personal use?
<StevenR_> (there is no wrong answer to that question, it just useful to understand why)
<knils> personal use as my UG project
<StevenR_> so you just want to setup something to take mail from one box and pass it across the lan to another box to a mailbox on that?
<knils> yes
<StevenR_> via SMTP?
<StevenR_> knils: via SMTP?
<goddard> anyone know how to delete all mail messages for a certain user
<goddard> I have 162840 messages
<knils> stevner:how to set up
<StevenR_> knils: well, assuming you want to do this via SMTP, configure an approriate internal domain on your DNS server (with MX records, etc)
<StevenR_> knils: then configure one host as a generic mail server, and the other as the mailbox/mail host for your internal domain
<StevenR_> knils: tbh, the exim4 ubuntu package runs through the basics at install time
<knils> stevenr : i have configure dns with MX records
<StevenR_> knils: well that's step one complete then :)
<knils> stevenr: now i hv installed sendmail
<StevenR_> knils: ok. Any particular reason why you chose sendmail?
<knils> on box with dns server installed
<knils> going threw perl book where in found it
<knils> can i hv your email id to send  . config files to know every thing is ight
<StevenR_> use a pastebin
<StevenR_> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<knils> ok
<StevenR_> (that way, anyone else playing along at home can see it too)
<knils> ok sir
<knils> http://paste.ubuntu.com/929160/
<knils> .local file>>>>http://paste.ubuntu.com/929163/
<StevenR_> ok. using dig, can you resolve names of those and get the right answer?
<StevenR_> knils: and can you resolve other addresses such as google.com through that nameserver (again, test with dig)
<knils> no
<StevenR_> please be more specific
<knils> stevenr: when i disconnect from my internet then i have to give "nameserver 192.168.1.104" to resolve file then "dig tk5cn.info' gives server ip
<StevenR_> why do you need to disconnect from the internet?
<knils> after connecting to internet it updates the resolve file and gives different SERVER ip in dig google.com
<StevenR_> ah. um. yeah, you'll need to force it to use your internal DNS server
<StevenR_> unless you're happy to keep disconnecting/reconnecting
<StevenR_> ?
<knils> ahmmmmmmmmm i m happy to do any thing to make this work
<knils> its a hunch but it do entice my crave of exitement if i fing a ubuntu server guide with step by step events and screenshots for beginners:):)
<StevenR_> well, you probably want to make it work with internet connection then
<StevenR_> so, test it with dig
<knils> no without internet connection
<StevenR_> (use dig @DNSserverIP
<StevenR_> huh?
<knils> http://paste.ubuntu.com/929191/>>>>dig dnsip while being connected to internet
<knils> http://paste.ubuntu.com/929191/
<StevenR_> that paste shows nothing of much use. Please specify your dig command more precisely (read the manpage for dig)
<knils> dns is working fine i can ping both ip and addr......wats next
<StevenR_> setup one box as the mail host for the domain, and the other as a generic mail relay
<StevenR_> (the box you've specified as your MX host in DNS should be the mail host, and the other box the relay)
<StevenR_> the mail relay box should only accept connections from localhost for relaying
<knils> ok
<knils> now i should install sendmail on both client and server
<StevenR_> knils: you could look at exim4, postfix or sendmail to do this
<StevenR_> yes, if that's what you want to use. You're probably going to want the sendmail-cf package with that (it's probably called that, but apt-cache search will probably help if it's not)
<StevenR_> the generic relay will probably require no setup
<knils> sendmail-cf is installed
<StevenR_> ok (that makes it easy to build the config if you need to)
<knils> but i m not able to ping mail.tk5cn.info
<knils> with ip 192.168.1.106
<StevenR_> then your DNS is NOT setup correctly.
<StevenR_> (that's why I wanted you to verify it properly with dig. Sending mail relies too heavily on DNS)
<knils> http://paste.ubuntu.com/929223/
<knils> is my>>>. @            IN     MX 1    mail.tk5cn.info record is fine
<StevenR_> knils: but you need to test it and verify it with dig to prove that it works.
<StevenR_> knils: it looks right, but you need to make sure that your bind (assuming you're using bind) configuration is correct and working.
<StevenR_> to do that, you need dig :)
<knils> yes its restarting fine
<StevenR_> huh?
<StevenR_> what do you mean?
<knils> i can dig tk5cn.info perfectl
<knils> i m using bind9 and its restarting fine
<StevenR_> ok... can each box ping the other one, by IP ?
<knils> yes
<StevenR_> (if bind9 restarts fine, that just means the config is syntactically correct, it doesn't mean it will actually do what you want)
<StevenR_> but you said you can't ping mail.tk5cn.info ?
<StevenR_> you cna ping via IP, but not by name?
<RoyK^> host mail.tk5cn.info ip.of.dns.server
<knils> no i cant ping mail.tk5cn.info not with ip either
<knils> which is 192.168.1.106
<StevenR_> then you have an underlying network issue that you need to resolve
<knils> i can ping ns.tk5cn.info with ip 192.168.1.104
<StevenR_> but you can't ping 192.168.1.106 ?
 * RoyK wonders how on earth that can be relevant to dns
<knils> no
<StevenR_> knils: sounds like you need to check the connectivity on 192.168.1.106
<StevenR_> whichever box that is
<knils> Royk:  http://paste.ubuntu.com/929233/
<RoyK> knils: so, your dns server answers correctly
<knils> Royk: yes
 * RoyK thought there was a dns problem
 * RoyK is slightly confused
<knils> Royk its not pinging 192.168.1.106 ip for mail.tk5cn.info which i gave manualy  in .zone file and in .local file with "PTR"
<StevenR_> knils: can you ping by IP alone (forget DNS for the moment)
<StevenR_> ?
<RoyK> knils: negative dns caching on the client?
<knils> Stevenr: no
<knils> Royk i cant ping from the one i installed dns server
<StevenR_> knils: then look into getting that working (check cables/IP config FIRST) FORGET DNS FOR THE MOMENT.
 * RoyK hands StevenR_ a cookie
<StevenR_> mmmmmm.... COOOOOKKKKIIIEEEEE
<StevenR_> *nom* *nom* *nom*
<knils> .local file>>>  http://paste.ubuntu.com/929163/
<StevenR_> NOT RELEVENT
<knils> .zone file>>>  http://paste.ubuntu.com/929223/
<StevenR_> knils: have you fixed your connectivity problem yet?
<knils> steven:  connectivity is fine
<knils> i dont understand where is the problem
<StevenR_> can you ping 192.168.1.106 ?
<StevenR_> from 192.168.1.104 ? (and vice versa)
<knils> no
<knils> the book i followed says>>>    MX record: Used to define where email should be sent to. Must point to an A record, not a CNAME. IN  mail MX IN A 1 mail.example.com. 192.168.1.13
<knils> Steenr
<StevenR_> if you can't ping between hosts then there's no point in going further
<StevenR_> you need to check and fix the connectivity problem that you appear to have
<knils> i can ping 192.168.1.104
<StevenR_> from where?
<knils> from client and server
<StevenR_> from where precisely?
<StevenR_> I have no idea what your "client" and "server" are
<knils> the one i installed dns is my server
<StevenR_> which is?
<StevenR_> (IP address?)
<knils> and one connected to it with lan cable is client
 * RoyK hands StevenR_ a beer for the effort
<knils> server ip> 192.168.1.104
<knils> client 192.168.1.2
<StevenR_> so what is 192.168.1.106 ?
<knils> 192.168.1.106  is the ip of mail.tk5cn.info "a new record that i gave manually in .zone file"
<StevenR_> knils: can you ping 192.168.1.106 ?
<StevenR_> from 192.168.1.2 or 192.168.1.104 ?
<knils> Stevenr no i cant ping .106
<knils> from any serv or clint
<StevenR_> knils: so which device has the IP address 192.168.1.106?
<StevenR_> knils: making up an IP address in a DNS zone file DOES NOT MAKE IT REAL
<knils> "making up an IP address in a DNS zone file DOES NOT MAKE IT REAL"   yes yes
<knils> tats wat i m thinking
<StevenR_> what?
<knils> the book i followed >> Ubuntu Server Guide :said to do so
<StevenR_> so.. you've made up a mailserver IP address and expect to be able to set up mail on a server that DOES NOT ACTUALLY EXIST?
<knils> yes tat dumb i m
<knils> but i was just following the book
<knils> and it is the prerequisite
<knils> hello
<knils> stevenr:?
<MarKsaitis> Hey! is there a proper quick start guide on how to setup openldap on the latest ubuntu server? HELP
<uvirtbot> New bug: #981637 in samba (main) "package samba 2:3.6.3-2ubuntu2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/981637
<uvirtbot> New bug: #981647 in apache2 (main) "package apache2.2-common 2.2.22-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 255" [Undecided,New] https://launchpad.net/bugs/981647
<pythonirc101> My apt-get update gives me the following errors: http://paste.pocoo.org/show/581361/ -- any ideas how to fix it?
<pangolin> hmm, read only file system does not sound like a good thing
<pabelanger> well this stinks
<pabelanger> E: Internal Error, No file name for libssl1.0.0
<pythonirc101> pangolin:  how do I fix a read-only file system...and how did I get a read only file system in the first place -- suddenly?
<pangolin> pythonirc101, did you have an unclean shutdown?
<pangolin> assuming this is a server and reboots are not usually welcome, but a reboot should fix it.
<pythonirc101> pangolin: trying reboot
<qman__> pythonirc101, pangolin mount --remount o=rw
<qman__> err, no
<qman__> mount -o=remount,rw
<qman__> but if it's mounted read only, it's probably for a reason
<pythonirc101> reboot fixed
<pangolin> pythonirc101, you did the /forcechk thing?
<pangolin> also, don't cross post because it divides the helpers attention and is rude :)
<pythonirc101> pangolin: nope. how can I do that?
<pangolin> pythonirc101, exactly my point, you asked the same question in #ubuntu but missed the response. in any case the issue is resolved.
<pangolin> granted the response was not directed at you.
<pangolin> llutz> L3top: sudo touch /forcefsck && sudo reboot
<qman__> probably want to do that anyway
<qman__> but be aware that if you have a large filesystem it will take a long time
<qman__> my 8.2T raid takes around three or four hours
<pythonirc101> thanks
<pythonirc101> pangolin: I don't have access to the boot screen
<pythonirc101> If I do a forcefsck, does it need user input?
<qman__> no, you just create that file in the root, and if it finds it, it will run an fsck
<pythonirc101> otherwise I'll just get stuck -- since I don't have access to bios or boot time
<pythonirc101> qman__: will fsck need user input by any chance?
<qman__> only if there are errors
<pangolin> that command is run in one line. it creates the file and then reboots the computer, if the file exists it will do a file system check
<qman__> headless server?
<pythonirc101> indeed
<pythonirc101> pangolin: Its a VPS. If the boot needs IO, I'm dead
<pythonirc101> It needs a clean boot
<qman__> uh
<pythonirc101> Since the only way I can access it is ssh
<qman__> your VPS provider should have given you a shell to the local head
<qman__> either through a web interface or an alternate port SSH or something
<pythonirc101> I'll have to ask
<pythonirc101> for now I only have ssh after the server is up
<qman__> that's fine for normal use but they really should give you some kind of maintenance access
<qman__> good providers do
<qman__> or at least free assistance in doing those things
<pythonirc101> I'll delay the fsck once I hear from vps provider.
<koolhead17> hi all
<AlfE_> hello
<AlfE_> my apcupsd daemon does not start at boot up
<AlfE_> it is configured, isconfigured is set to yes, and i can start it from a bash prompt without any problem
<AlfE_> maybe there is some problem with a runlevel
<AlfE_> system is 11.10
<pabelanger> Does anybody know how the mini.iso, from http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/ is built?  EG: which package does it
<jkyle> where can I find the default root pass for a node pxe'd via MaaS?
<RoyK> are you sure it has one?
<jkyle> doesn't there have to be some way to gain shell access?
<Myrtti> well I don't know how different that usecase is, but usually ubuntu in general doesn't have a root password
<Myrtti> so as RoyK asked, are you sure it has one? Perhaps it has a user with sudo access
<jkyle> Myrtti: this would be a special cass. I'm using the MaaS system to pxe boot clients
<RoyK> jkyle: it most probably does not have a root password, but it should have an account with sudo access
<jkyle> either or, mostly looking for what that account and pass might be and were it's stored in the maas etc's
<RoyK> jkyle: /etc/passwd ?
<RoyK> ;)
<jkyle> RoyK: hehe, it's not quite that straight forward: https://wiki.ubuntu.com/ServerTeam/MAAS
<RoyK> saw it...
<RoyK> looks cool, though
<RoyK> perhaps useful for some number crunchers we have at work
<jkyle> the documentation is in need of updating I think
<koolhead17>  Daviey, i finally got it the suggestion pretec just commented on the bug
<koolhead17> am sure adam_g uploaded with the changes he told me :)
<koolhead17> for horizon with DEBUG = False
<pretec> Hi
<koolhead17> hola pretec
<pretec> :)
<pretec> is it possible to reassig a bug in Launchpad to another package? The bug 980787 is assigned to the old source package (openstack-dashboard) and i want to reassign it to the new one (horizon).
<uvirtbot> Launchpad bug 980787 in openstack-dashboard "openstack-dashboard breaks with option DEBUG =False in config file" [Undecided,Confirmed] https://launchpad.net/bugs/980787
<pretec> Huch
<wmp> hello
<wmp> how to check  mon_decimal_point (LC_MONETARY)?
<uvirtbot> New bug: #980787 in horizon "openstack-dashboard breaks with option DEBUG =False in config file" [Undecided,Confirmed] https://launchpad.net/bugs/980787
<RoyK> wmp: how to check what??
<wmp> ok, i have php application
<wmp> and this app use mon_decimal_point (from locale)
<wmp> in 10.04 mon_decimal_point = ","
<wmp> in 12.04 mon_decimal_point = ""
<wmp> and i want check this
<RoyK> how do you check that from the commandline?
<wmp> i dont know how to check this
<RoyK> wmp: a google for mon_decimal_point and php gave me this http://php.net/manual/en/function.localeconv.php
<wmp> yes
<wmp> print_R(localeconv()); give me empty on mon_decimal_point
<RoyK> so... what more do you need? :)
<wmp> emmm, i want to have in mon_decimal_point => ,
<wmp> now i have empty
<wmp> and this break my php app
<RoyK> wmp: it's empty here too with my locale - if that breaks your php app, fix the app!
<RoyK> wmp: and btw, I think this question fits better at ##php
<wmp> RoyK: i run this same code on 10.04 - work good
<wmp> and in 12.04 - dont work ;)
<RoyK> on this 10.04 box
<RoyK> echo '<?php $a = localeconv(); print "mon_thousands_sep is \"$a['mon_thousands_sep']\"\n"; ' | php
<RoyK> mon_thousands_sep is ""
<henkjan> kirkland: congratulations with your 12.04 kirkland release
<henkjan> nice announcement http://blog.dustinkirkland.com/2012/04/kirkland-1204-lts-released-hello-world.html :)
<guntbert> henkjan: thx for sharing - congrats to the kirkland team
<lifeless> SpamapS: if you are around... https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/981955 has me a little wtfing;
<uvirtbot> Launchpad bug 981955 in lxc "lxc-execute does not seem to work in precise" [Undecided,New]
<SpamapS> I am around.. fighting with my printer :-P
<lifeless> its fighting back ?
<SpamapS> lifeless: I've never really tried to use lxc-execute, but that looks pretty cool. :)
<SpamapS> well right now my dist-upgrade is preventing me from printing out the last form needed to get my son registered for summer camp.. :-P
 * SpamapS hopes its just that cups is stopped while packages are configured
<uvirtbot> New bug: #981955 in lxc (universe) "lxc-execute does not seem to work in precise" [Undecided,New] https://launchpad.net/bugs/981955
<lifeless> SpamapS: yeah, so i've got a crazy idea with fuse mounted fs's to track file reads from compiles etc + distribution
<lifeless> however it depends on well, lxc without a full fs
<pythonirc101> pangolin: For some reason, my machine is back in read only mode...!
<ChmEarl> pythonirc101, in 12.04 I had same trouble with a xen VM made with debootstrap. I had to add a symlink in /usr lib64->lib
<uvirtbot> New bug: #981974 in openvpn (main) "package openvpn 2.2.1-8ubuntu1 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 127" [Undecided,New] https://launchpad.net/bugs/981974
#ubuntu-server 2012-04-15
<SpamapS> ChmEarl: thats a bit weird, since Ubuntu doesn't to my knowledge use /usr/lib64
<ChmEarl> SpamapS, do you have an amd64 install? take a look at /usr
<MasterZuFu> is anyone available to assist me with an issue with ip configurations?
<SpamapS> ChmEarl: http://paste.ubuntu.com/930305/
<SpamapS> ChmEarl: no /usr/lib64
<SpamapS> MasterZuFu: I can try, though I'm only here for about 5 more minutes :)
<MasterZuFu> ok. well....right now i'm trying to get a static ip on the server
<MasterZuFu> even though i edited /etc/network/interfaces
<MasterZuFu> and it says that eth0 is not configured.
<MasterZuFu> right now it's on eth2.
<MasterZuFu> i don't even see an eth0, it was there before, don't know what happened to it now...
<MasterZuFu> sudo ifup eth0 doesn't work either.
<JanC> MasterZuFu: eth0 is now named eth2?
<yakster_> sudo ifconfig eht0 up
<yakster_> eth0 up
<MasterZuFu> echo: ERROR while getting interface flags: no such device
<JanC> MasterZuFu: you should probably look at /etc/udev/rules.d/70-persistent-net.rules
<JanC> MasterZuFu: did you change the NIC recently?
<MasterZuFu> i changed a couple things. it's a virtual box server hosted on a windows 764bit box.
<MasterZuFu> i had to change firewall rules to allow all to the specified ip address: 192.168.0.105
<MasterZuFu> but for some reason, my router has given it the ip 192.168.0.103
<MasterZuFu> ooops, those are backwards, it's supposed to be 103, but it gave it 105
<MasterZuFu> and eth0 isn't there anymore, now it's eth2, and eth2 has the wrong ip
<JanC> MasterZuFu: it probably got renamed because you changed the emulated network card type, or because the MAC address changed
<MasterZuFu> O.o?
<JanC> see the file I mentioned earlier where rules are added in case of such changes (and feel free to edit/delete it, I suppose)
<MasterZuFu> uh...ok. one sec
<JanC> /etc/udev/rules.d/70-persistent-net.rules
<Calif> Hi, I'm trying to setup a linux box to accept an ipv4 address, but it takes an ipv6 address anyway
<MasterZuFu> it's got three dif rules in it. don't know what any of these mean.
<MasterZuFu> looks like a mac address though
<Calif> i have a modem running something called dmzplus mode, which dhcp assigns a public ipv4 address, I see the address it's supposedly giving my linux box, but its not the same address on the linux box
<Calif> can anyone suggest how this might be happening?
<Calif> this setup has worked in the past
<Calif> I moved a bunch of equipment around today, and this started
<JanC> MasterZuFu: can you put the contents of that file on a pastebin?
<MasterZuFu> it'll take a sec. it's on a nother computer
<MasterZuFu> http://www.pastebin.com/GRFem6NJ
<ChmEarl> SpamapS, thanks for the paste -- without that symlink my filesys is RO! I don't why the symlink fixes it
<JanC> MasterZuFu: so it seems the VM is still emulating the same hardware, but changed the MAC address a couple of times...
<MasterZuFu> odd. i fix this how? just delete the rules and restart the vm?
<JanC> MasterZuFu: is that the complete line BTW?
<MasterZuFu> uh.....not sure. that's what it shows on my config.
<MasterZuFu> that copy and paste at its prime.
<JanC> copy & paste from what?  âº
<MasterZuFu> from the terminal in the vm to the pastebin in the browsers
<JanC> the lines starting with "SUBSYSTEM" aren't longer than that?
<JanC> I mean, if you are using an editor, you might have to scroll to the right...
<MasterZuFu> oh crap....it is..... O.0 i didn't even see that
<MasterZuFu> uh....crap how do i copy that? O.o
<JanC> use 'cat' or enable wrap in your editor or ...  ;)
<JanC> anyway, remove the lines that currently end in NAME="eth0" and NAME="eth1" then change the remaining line from "eth2" to "eth0"
<MasterZuFu> http://www.pastebin.com/jcVtYQFe
<MasterZuFu> there. that's the whole thing.
<MasterZuFu> so i should just delete the whole thing?
<JanC> MasterZuFu: that would work too, yes
<MasterZuFu> ok let me see how that does.
<MasterZuFu> and then restart the vm?
<JanC> it will generate a new rule automatically then
<JanC> MasterZuFu: I hope it doesn't create a new MAC address every time you restart it?
<JanC> maybe only when you change something about it...
<MasterZuFu> alright. seems that worked. however, i'm still not able to connect to the website hosted on it. local host within thevm works fine.
<MasterZuFu> typing in the ip of the server on the host computer won't bring up the website, neither on a separate laptop.
<ChmEarl> SpamapS, there is no penalty of downside to making /usr/lib64 (symlink), it can only save trouble and avoid problems
<ChmEarl> or downside
<uvirtbot> New bug: #982012 in clamav (main) "package clamav-base 0.97.3+dfsg-2.1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/982012
<tash> isn't there some ubuntu package that mirrors two servers?
<tash> if so, anyone used it before?
<pythonirc101> ChmEarl: fsck has fixed it for the past 4 hours...lemme see if it happens again in 1-2 days. Thanks for the help.
<clu3> I just need a simple FTP server that allows user to upload files, and an easy admin. Which one do you recommend?
<qman__> I recommend not using FTP
<qman__> SFTP is in all ways superior, is easy to configure, and is probably already installed as it comes with the openssh-server
<clu3> qman__, sorry i was away. thanks for the reply
<ZorroT> question: get mouse movement values (esp. x / y delta) to stdout, preferrably w/o x?
<resno> hey ive got a question about sas raid cards
<resno> im looking at buying one off ebay, is there anything i should stay away from?
<RoyK> resno: it probably saves people here a lot of effort if you ask about the particular one instead of asking about all the bad ones
<resno> RoyK: is there something i should avoid?
<RoyK> resno: it probably saves people here a lot of effort if you ask about the particular one instead of asking about all the bad ones
<resno> heh ok
<resno> can you put an sas card into a regular desktop mobo?
<resno> or does it use some kinda special connector?
<resno> ah, i see
<resno> never mind
<RoyK> it's just a SAS board
<RoyK> with SAS connectors
<RoyK> possibly mini-SAS
<RoyK> which should accept SAS drives and SATA drives
<RoyK> possibly a mix
<resno> so, something like this ServeRAID M5014 SAS Raid Card LSI 9620 8i
<RoyK> I use those without the RAID part on a few machines
<RoyK> that is, I have one with RAID-1 setup as well
<RoyK> works well
<resno> im considering going raid 5 when ever drives drop a bit more
<RoyK> but IIRC it lacks TRIM support, which might be suboptimal for SSD use
<resno> ill be going sata drive
<RoyK> but generally, LSI SAS boards are good
<RoyK> I mostly use those without RAID, though, for large storage systems, on openindiana/zfs
<resno> ah ok.. im new to doing this, will it be pretty easy? drive issues etc
<RoyK> it's simple, yes
<resno> and then i can use mdadm for raiding right?
<RoyK> well, either you get a RAID controller with 'hardware' RAID
<RoyK> or you use mdadm
<RoyK> which one to choose is up to you
<resno> yea, i dont want to be dependent on a hardware raid card... if it crashes
<RoyK> if you choose to use software raid, which I _know_ works well, you can probably save a bit by choosing a HBA without the RAID part
<RoyK> software RAID is very well tested - I'd guess something like 95%+ of the NAS products out there, use linux software RAID
<resno> wow, that much
<RoyK> just a wild guess
<resno> sounds good and ill believe
<RoyK> that is, I've never seen one _not_ running linux software raid
<resno> youve got to have like sized drives right
 * RoyK has a few 100TB systems
<RoyK> this one is rather neat http://paste.ubuntu.com/930997/
<RoyK> only ~80TiB, but still
<resno> wow, nice
<RoyK> but on striped mirrors, which is rather fast ;)
<RoyK> and with 2,5TB SSD cache...
<resno> RoyK: you cant run software raid on different sized drives right?
<RoyK> you can, but it's bound to be a mess
<RoyK> generally you should never use differently-sized drives in *any* raid
<RoyK> and there's no such thing as "hardware" raid, it's just the software being on a chip and not in the OS
<resno> fair enough
<RoyK> and - you should avoid using partitions and instead use whole drives in software raid - it eases growing things later
<resno> thats been my plan thus far
<RoyK> and if you want to run software raid, perhaps something like an LSI SAS 9211-8i might be better suited
<RoyK> it has no RAID support (apart from mirroring), but it's affordable and fast
 * RoyK has a few of those controllers
<resno> what dont you have?
<RoyK> dunno :)
<qman__> I'm having a problem with exclude patterns in rsnapshot
<qman__> exclude patterns that work when passed to rsync don't seem to have any effect in the rsnapshot config file
<qman__> http://pastebin.com/jGxgnksi
<qman__> well, fixed that problem, had to remove the quotes
<qman__> would be nice if that were documented anywhere
<qman__> now USB3 is acting up, looks like bug 647973
<uvirtbot> Launchpad bug 647973 in linux "USB 3.0: xhci_hcd WARN: Stalled endpoint" [Medium,Fix released] https://launchpad.net/bugs/647973
<qman__> apparently fixed in 3.2 kernel, but doesn't do me any good on lucid
<qman__> guess I'll just use the USB 2.0 ports for now
<RoyK> qman__: I'd guess a fix might come in a backport?
<qman__> maybe, would be nice
<qman__> not going to upgrade that server for a while
<pangolin> qman__, why not file the bug against 10.04 and see if it gets backported
<Patrickdk> hmm, why not just use the 3.2 kernel?
<qman__> because that would require upgrading to precise
<Patrickdk> since?
<qman__> and the last upgrade, hardy to lucid, didn't exactly go smoothly
<Patrickdk> hmm, there will be a percise to lucid kernel backport as soon as percise is released
<Patrickdk> I've been running 3.0.0 on lucid for awhile now
<qman__> only reason I upgraded from hardy was my new network card wouldn't work with its kernel
<Patrickdk> ya, I'm going be running some tests
<Patrickdk> see if I will upgrade before or after 12.04.1
<qman__> and ever since the upgrade I can't see fscks, my screen is just blank with a cursor until they finish
<Patrickdk> sounds like a video kernel driver issue
<qman__> which is especially troublesome since I have an 8.2TB filesystem to fsck occasionally
<qman__> just have to see if the disk activity lights are on and hope it's working
<JanC> that sounds like a bug
<qman__> it's got something to do with plymouth, but I don't know what exactly
<qman__> because I have a working screen, if I type stuff it shows
<qman__> but my fsck isn't there and no key combinations bring it up
<qman__> just really unhappy about the whole thing, I understand why they created this, but I don't understand why it's on servers too -- I used to just remove quiet splash and get exactly what I wanted, now it's basically impossible
<qman__> spent days trying to figure it out on a different machine and gave up
<blendedbychris> any stunnel users around?
<sm00x> nope
<blendedbychris> Related questionâ¦ do you need both private an public keys do terminate ssl connections?
<blendedbychris> to*
<sm00x> to terminate?
<blendedbychris> decrypt?
<blendedbychris> auth?
<blendedbychris> tern gibberish into non gibberish?
<JanC> blendedbychris: I used stunnel way back when I still used Windows (~10 years ago, I think)
<sm00x> terminate = stop, disconnect, dismantle
<sm00x> at least AFAIR
<blendedbychris> sm00x: http://www.f5.com/glossary/ssl-termination.html
<blendedbychris> it's a common term.
<JanC> you can configure stunnel to do any level of security/auth AFAIK
<blendedbychris> you guys aren't helping :)
<JanC> so basically, it depends on how secure you want to be  ;)
<JanC> but in the most common case, you need a secret key at the server end, and a public key known to the client
<JanC> if you want to be sure the client is really who they say they are, you also need a private key at the client with a an associated public key known at the server end
<blendedbychris> JanC: I'm actually referring to https...
<blendedbychris> http://www.koopman.me/2010/05/stunnel-can-run-multiple-ips-and-certs-in-one-instance/
<blendedbychris> in that configuration there is no private key
<blendedbychris> which is confusing to me
<JanC> blendedbychris: like I said, I used it almost 10 years ago
<blendedbychris> well this question is a bit broad though
<blendedbychris> with https do you need both a public and a private key?
<blendedbychris> in order to terminate the request
<blendedbychris> ah!
<blendedbychris> pem has both private and public keys
<blendedbychris> things you didn't know
<JanC> right, so that config has private keys for each site?
<blendedbychris> both private and public key are stored in the pem
<blendedbychris> makes sense nowâ¦. i was used to calling two files
<JanC> you need a different file at client
<JanC> which only has the public key
<JanC> (or at least a hash of it)
<blendedbychris> ya i assume stunnel just send the public
 * kklimonda is reading about ubuntu orchestra and cringing at the usage rate of the "cloud" world
<kklimonda> what's the current story for deploying and managing ubuntu on servers and desktops in a small business?
<kklimonda> can ubuntu orchestra be reused for that, or is it not enough without paying for landscape? if so, what would be a better approach?
<cwillu> !info linux-image
<ubottu> linux-image (source: linux-meta): Generic Linux kernel image.. In component main, is optional. Version 3.0.0.17.20 (oneiric), package size 1 kB, installed size 36 kB
<cwillu> !info linux-image precise
<ubottu> linux-image (source: linux-meta): Generic Linux kernel image.. In component main, is optional. Version 3.2.0.22.24 (precise), package size 1 kB, installed size 31 kB
<koolhead17> so silent here
<cwillu> it's a sunday afternoon, what did you expect?
<koolhead17> cwillu, :)
<yakster> I know this is the server rm, but does ne one know how to set the default sound card for alsa
<lifeless> !ubuntu | yakster
<ubottu> yakster: Ubuntu is a complete Linux-based operating system, freely available with both community and professional support. It is developed by a large community and we invite you to participate too! - Also see http://www.ubuntu.com
<lifeless> bah
<lifeless> sorry, I don't know the shortcut
<lifeless> yakster: see #ubuntu
<yakster> thxâ¦
<TheBeast> is there a public git repository with all ubuntu packages?
<kklimonda> I don't think do, we use bazaar and LP for that
<TheBeast> ok, sounds good
#ubuntu-server 2013-04-08
<hallyn> geofft: you absolutely may do whatever you like with those, but I would think they'd be way out of date by now.
<hallyn> geofft: if they end up being of help to someone, that'll be awesome :)
<geofft> hallyn: The qemu stuff is pretty out of date, but I'd be surprised if libtpms has changed noticeably.
<hallyn> cool
<hallyn> have fun - good luck and ttyl :)
<asadsnowman> Would anybody be willing to help a pour soul get samba kerberos authentication running?
<aah> possible silly question.  vmware is driving me crazy by grabbing my mouse for my 12.04 server guest VM.  I'm trying to kill all vestiges of mouse-related modules and drivers, so I can blame the vm and not some ubuntu / vm disconnect.  I can easily unload the psmouse module, but not sure what to do about the kmoused process.. and not sure what else I may be missing.
<aah> any hints appreciated
<aah> (and if it's not clear, this is all text mode)
<thejoecarroll> anyone here using duplicity for backups?
<andol> thejoecarroll: Been using it for small scale backups.
<thejoecarroll> andol: have you used it in conjunction with backupninja, by any chance?
<andol> nope
<thejoecarroll> andol: i have some questions about using gpg with duplicity. i haven't needed to use gpg i this way before, so i'm unsure about best practice and and possible implications if i create keys for root to sign and encrypt our backups
<Madkiss> cheers.
<Madkiss> It looks like I can not boot http://uec-images.ubuntu.com/releases/12.04/release/^Cuntu-12.04-server-cloudimg-amd64-disk1.img within an OpenStack Grizzly installation
<Madkiss> panics and tells me that it could not find init
<andol> thejoecarroll: In my usage scenario there weren't much benefit in using a public-private keypair, so I just went with symmetirc encrytpin, setting the duplicity PASSPHRASE environment.
<Madkiss> the 13.04-beta2 image appears to work better
<thejoecarroll> that would probably apply for us too. maybe i'll forgo those options
<smb> Daviey, gcc version looks good now. So the follow-up Xen could go to raring
<Daviey> smb: for giggles, i might retry the i386 build first.
<smb> Daviey, If you really want to see it fail. ;)
<Daviey> smb: Shouldn't it succeed now?
<smb> At least it should fail now with a real error message and not internal error. (the previous upload)
<smb> For that to be fixed you would need to upload the ubuntu3 version I put to chinstrap
<feisar> hi, I'm getting an error mail out to me from the Cron Daemon saying: /bin/sh: 1: -delete: not found
<R1ck> feisar: looks like a syntax error in the script thats executing
<feisar> R1ck: thanks, the subject reads : [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! execdir
<feisar> it's not a custom script I have created
<Haris> Hello all
<Haris> I have a 11.01 box standing on grub rescue> prompt. How do I recover it, such that it boots to OS
<Haris> or moves in that direction
<caraconan> Hi all. Can somebody here share with me server/client config in order to achieve OpenVPN server DHCP push commands to work in an Ubuntu client? Server side log error: http://paste.debian.net/248211/
<Haris> is there a way to check available disk partitions on disk via grub rescue prompt ?
<Haris> or at the grub rescue prompt
<Ryan1013> hello :)
<Ryan1013> is there anyone here who has experience setting up a postfix SMTP server?
<Ryan1013> I've spent 2 days just trying to get my server to send and receive emails from an external host (gmail)
<Ryan1013> it's mainly authentication details I'm stuck on
<feisar> Ryan1013: you want the smtp_sasl_password_maps option
<Ryan1013> hmm I've tried that, but why does that command start with smtp not smtpd? most of my other ones are the latter
<feisar> Ryan1013: this works for me http://pastebin.com/LHQzMhdG
<feisar> Ryan1013: you might want to talk to #postfix
<Ryan1013> ah right thanks
<Ryan1013> will give yours a look over
<patdk-lap> heh?
<patdk-lap> why would it be smtpd? that makes no sense
<Ryan1013> no idea, most of them are..
<patdk-lap> smtpd is for authing incoming connections
<patdk-lap> smtp is for authing outgoing connections
<Ryan1013> ohh
<patdk-lap> and no, most of them are not, there are settins for both
<Ryan1013> that clears that up
<Ryan1013> so the username and password it uses are a linux user? or can I define anything in my password_maps file?
<nihilista> hello, i'm trying to send some data with M2M GPRS module to my ubuntu server, to port 80. when i enter the command "netstat -an | grep :80 | sort" i can see that module did establish connection on same port, but can i see somehow what my server received (i suppose HTTP packet) in details?
<Ryan1013> yus finally got it authenticating
<Ryan1013> thank you!
<Ryan1013> nihilista: you can probably use tcpdump to sniff the packets
<nihilista> Ryan1013, ok thanks i'll try to google tcpdump than =)
<Haris> can I get a copy of the default, out of the box grub.conf for 11.01 ?
<Haris> after it is installed
<Haris> I have scsi/sas or sata disk in this box
<Haris> need to check up the prefix line
<patdk-lap> there is no 11.01
<feisar> Ryan1013: : )
<Ryan1013> feisar: do you know why I might be getting Relay access denied when I try and send an email from an external server to my mailbox?
<Ryan1013> I have smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
<feisar> Ryan1013: try asking in #postfix
<Ryan1013> I tried, ill try again
<ToBHo> Hi, I have a PC running on Ubuntu 10.04 that serves local files via NFS to a Windows Network. Therefore it has to speak with a Kerberos Server. After a reboot it got stuck with the following Message: "NFSv4 id <-> name mapper". I managed to get into a rescue console via Grub. There I was able to disable winbind but not the nfsserver. I really have only very few knoweledge of Linux. Anyone has an idea?
<Jeeves_> ToBHo: You want to disable the nfsd?
<ToBHo> Jeeves_: How? I cannot find it in init.d, only nmbd
<Jeeves_> ToBHo: Are you using the kernel-nfsd?
<Jeeves_> add 'blacklist nfsd' to /etc/modprobe.d/blacklist-local.conf
<Jeeves_> Should prevent the kernel from loading the nfsd-module
<ToBHo> Jeeves_: I do not know
<ToBHo> there is no etc/modprobe.d ...
<ToBHo> never mind the last ... have to get new goggles
<ToBHo> glasses
<shafox> hi , how i can set up locahost mail server so that i can send mails through my localhost . i am on 10.04 desktop
<rbasak> Daviey: http://people.canonical.com/~davewalker/delta.html seems to be an empty file. Please may I have an SLA credit?
<Daviey> rbasak: You'll get a discount from your next invoice.
<Daviey> rbasak: I pretty much killed it off this cycle, i think
<Haris> patdk-lap: Correction: I mean 11.10
<Haris> can I get a copy of the default, out of the box grub.conf for 11.10 ? after it is installed. I have scsi/sas or sata disk in this box. need to check up the prefix line
<JonL> hi can someone give me example cron line to run command every Monday at 06:00
<rbasak> shafox: look at nullmailer, or msmtp. Or for a postfix solution: http://askubuntu.com/q/228938/7808
<shafox> rbasak: do i have to change anything in php.ini settings ?
<davegarath> JonL: `00 06 * * 1 /bin/true'
<shafox> postfix is asking me system mail name, i am going to use this on my localhost. what should i write ?
<noaXess> hey all
<noaXess> i try to config server sender address inside mutt, so server end with a specific email address.. but .muttrc will be ignored from the users dir, where mutt sends mail.. any hint why?
<noaXess> got it...
<zul> hallyn:  heh read libvirt ml
<hallyn> yeah i had reset my git tree and started bisecting for the other request after sending the longer FTBFS patch, now I'm re-resetting it bc they want to see every error in detail
<hallyn> much time wasting going on
<hallyn> oh, feh.  and now i see it's under bad #ifdefs.
<Octavian> gug
<Octavian> I have a problem running kernel 3.8 on 12.04 LTS: the guest kernel is stuck when reseting ata_piix ports.
<Octavian> this did not occur with kernel 3.7
<Walex> Octavian: as a curiosity, this is 3.7/3.8 in the guest isn't it?
<Octavian> I see the guest kernel being stuck in ata_msleep() in ata_sff_wait_after_reset()
<Octavian> Walex: yes
<hachre> Octavian: is that kernel officially available??
<Octavian> hachre: not for you to test.  There are some patches in there, which are not upstreamed yet
<hachre> ah
<Octavian> hachre: I can try to retest without these patches though
<hachre> give it a shot
<zul> hallyn:  lemme know when you worked through the libvirt ftbfs then we can get a FFE for it
<hallyn> zul: i've got a fix for the FTBFS, the thing i'm stuck on is a fix for the domxml to native conversion when no membaloon is specified
<hallyn> it'sa bug introduced after 1.3.0
<hallyn> 1.0.3 that is
<zul> awecome
<zul> jamespage:  enjoy http://people.canonical.com/~chucks/ca/
<Daviey> zul: is that all of grizzly?
<zul> Daviey:  yep
<Daviey> \o/
<jamespage> zul, ceilometer typo in changelog - "   * New upstream release for the Ubuntu Cloud Arhcive."
<jamespage> zul, ditto cinder
<jamespage> zul, glance: +1 - but two versions in that folder
<zul> ack...we need to script this
<jamespage> zul, horizon - OK
<jamespage> zul, keystone: +1
<zul> jamespage:  ceilometer and cinder fixed locally
<jamespage> zul, nova: +1
<jamespage> zul, python-ceilometerclient not needed - already up-to-date
<zul> k
<jamespage> zul, python-glanceclient: +1
<jamespage> zul, python-novaclient: +1
<jamespage> zul, quantum: +1
<jamespage> zul, swift: +1
<jamespage> zul, python-cinderclient update missing
<zul> ok hold on
<jamespage> zul, also need an update for libvirt
<zul> ill get back to you
<zul> jamespage:  cinderclient is there now
<jamespage> zul, lgtm
<zul> jamespage:  libvirt there now as well
<jamespage> zul, looking now
<jamespage> zul, "   * New upstream release for the Ubuntu Cloud Archive." not technically true
<zul> libvirt?
<zul> "New update for the Ubuntu Cloud Archive." better?
<jamespage> yeah
<zul> done
<zul> alright uploading everything to staging
<jamespage> zul, cool - as soon as its built I'll copy to updates
<smb> Daviey, if you had enough giggles seeing the old upload fail for i386, mind uploading the fixed version? :)
<zul> jamespage:  ack
<jamespage> Daviey, can we get a package removed from the Grizzly CA?
<jamespage> do I just need to delete it from the PPA's?
<Daviey> jamespage: src and binary?
<jamespage> Daviey, yep - rtslib can be dropped
<Daviey> smb: ack
<Daviey> jamespage: this will be the first removal, i suspect it might need IS involvement
<Daviey> at least remove it from the PPA first
<jamespage> Daviey, ack
<Diegonat> hi everyone!! Has somebody successfully installed spacewalk on ubuntu?
<Underbyte> good morning
<Underbyte> where can i find doc to set up an LDAP server?
<Underbyte> i noticed that the offical (https://help.ubuntu.com/community/OpenLDAPServer) doc is using SLAPD, which i thought was deprecated
<stgraber> hallyn: lxc 0.9 uploaded to ubuntu
<hallyn> stgraber: excellent
<hallyn> i need to push new qemu and libvirts still
<Walex> Underbyte: depends on the LDAP server, of which there are several. Web searching will be helpful...
<sarnold> Underbyte: there may be useful docs in /usr/share/doc/<packagename>/ for whichever ldap server you're using.. it might not be as nice as a first-time user's walkthrough, but hopefully good
<sarnold> Underbyte: also check the server guide
<tracphil> I have been on an ldap rampage last week and I think I have circled back around to openldap after tring 389 dir server and apache
<tracphil> apacheds
<hallyn> zul: so while that memballoon issue percolates on the list, my recommendation is to assume s390 doesn't exist and just always print out a virito memballoon.  That should be ok for our package right?
<zul> hallyn:  it should
<hallyn> all right let me try building such a pkg
<Aison> i've got a ubuntu server with multiple dvb-s cards
<Aison> but on every reboot, the adapter numbering changes (/dev/dvb/adapterX)
<Aison> how can I fix that? I know I have to create some kind of udev rules, but no idea how :(
<sarnold> Aison: the network interfaces are given persistent names via /etc/udev/rules.d/70-persistent-net.rules
<sarnold> Aison: hopefully you can steal ideas from there
<Aison> sarnold, maybe :P
<Shogoot> so i know i can apt-get remove program... but it is possible to do apt-get remove program* or someting similar to get ridd of all say mysql instlations at once?
<smb> zul, Err, looks like Daviey had not the time to sponsor the ubuntu3 xen package I got on chinstrap. It should fix the i386 ftbs of the last version and adds another bugfix. Maybe you could sponsor it?
<zul> sure which one is it?
<smb> zul, in 4review the -0ubuntu3 one
<zul> k
<smb> Removed the other one now, so there is no confusion
<zul> smb: im only seeing ubuntu1 in the archive
<smb> zul, the ubuntu2 is in proposed still. Maybe because the i386 build ftbsed... doh ok, then I need to re-create it with the larger changes
<zul> klemmenow
<smb> zul, ok should be replaced now
<hallyn> zul: ok, i'm testing http://people.canonical.com/~serge/try1/libvirt_1.0.4-0ubuntu1~ppa1.dsc
<zul> fetching
<zul> smb:  on chinstrap/
<smb> zul, chinstrap:~smb/4review
<zul> hallyn: ill have a look in a sec
<zul> hallyn:  it passed your qa stuff right?
<hallyn> zul: no.  it's passing right now :)
<hallyn> give it 30-60 mins
<zul> smb:  sorry to be a bitch but can you update the debdiff?
<smb> can do
<hallyn> smb: we (zul and I) wont' see you in oakland, is that right?  you're there the first week of may?
<smb> hallyn, Yes that week, you are there before or after?
<hallyn> after
<hallyn> zul: would you like to run any tests with qemu 1.4.1 before I ask for a FFE?
<zul> hallyn:  sure
<smb> zul, check now u1-u3.debdiff
<hallyn> zul: it's in ppa:serge-hallyn/virt
<hallyn> zul: we can chat later about it whe you're done with smb
<zul> hallyn: ack
<smb> I am nearly done... :)
<zul> smb:  done
<smb> zul, cheers
<zul> hallyn:  why that ffe for qemu?
<hallyn> zul: well it has its own fix for bug 1157626, as well as fixes for usb bugs
<uvirtbot> Launchpad bug 1157626 in qemu "Unable to use "virsh migrate" on two hosts after moving to raring" [High,Triaged] https://launchpad.net/bugs/1157626
<zul> *sigh* ok
<zul> jamespage:  ^^^ to keep you in the loop
<hallyn> zul: jamespage: though since libvirt 1.0.4 also fixes it, i'm fine with waiting on qemu
<hallyn> you know what, let's not do the qemu
<hallyn> we've already had final beta...
<hallyn> zul: will libvirt 1.0.4 give you other fixes that you need?
<hallyn> or is it only for the migration failure?
<zul> hallyn:  migration failure
<Daviey> .. migration is essential for this release. :)
<hallyn> now unfortunately i notice that the ffe candidate qemu is the one running in my qa tests right now
<hallyn> Daviey: yes, but it is fixed by *either* enw qemu *or* new libvirt
<hallyn> we don't need both
<hallyn> the difference between the two is,
<hallyn> qemu 1.4.1 is a stable branch.  libvirt 1.0.4 is anything but
<hallyn> so if there is no other reason why we want libvirt, then perhaps we ought to go with qemu update
<zul> Daviey/hallyn:  lemme do some local testing for libvirt here
<hallyn> zul: ok
<jamespage> zul, pls can you consider any impact on cloud archive
<hallyn> all my tests passed, with *both* the new qemu and libvirt
<hallyn> guess i'll downgrade qemu real quick
<zul> jamespage:  yeah ill do some tests with raring/precise
<jamespage> zul, ta
<zul> jamespage:  we should be able to stick it in the openstack-ubuntu-testing ppa shouldnt we?
<sw0rdfish> in a ubuntu VPS openvpn will come automatically installed right?
<Pici> sw0rdfish: no, why would it?
<sw0rdfish> just asking.
<hallyn> roaksoax: oh, did you still need to talk to me about something relating to qemu signture on (idontknowwhatsomemaasrelatedthingithink)?
<n000b> Is it possible to build up an ActiveDirectory with Samba 4 together with an existing MIT Kerberos V infrastructure so that Windows machines could have access via the existing Kerberos accounts?
<roaksoax> hallyn: hey! yes!
<roaksoax> hallyn: so we are tying to find out a way of trying to ensure that a running instance is a virtual one, becuase for MAAS discovery process, a command we use to try to find out if there's IP simply takes forever
<hallyn> roaksoax: and is /proc/cpuinfo containing the string qemu atall reliable?
<roaksoax> hallyn: nope,  ubuntu@cluster1:~$ cat /proc/cpuinfo | grep qemu
<roaksoax> ubuntu@cluster1:~$
<roaksoax> hallyn: oh I see now, QEMU
<roaksoax> hallyn: yeah that works
 * roaksoax wonders why I didn't think of that before
<roaksoax> hallyn: you get some pisco! :P
<hallyn> roaksoax: no thanks :)
<hallyn> i'll take one or two sours and stop there
<hallyn> that was a bad morning
<roaksoax> hahaha
<roaksoax> hallyn: that's why I usually don't drink it
<hallyn> yeah, the dealer usually doesn't
<roaksoax> :P
<hallyn> anyway, hopefully there aren't any cases where that string doesn't show up.  heck lemme check where it comes from real quick
<roaksoax> hallyn: cause I recall having had check /proc/cpuinfo, but didn't recall seeing any QEMU string
<Daviey> roaksoax: Pisco will be most welcome.
<hallyn> roaksoax: doy ou have any arm vms you can check on?
<hallyn> for i386 i see where it's getting that string.  for arm, it's not clear ot me (bc it doesn't have a model_id)
<hallyn> hm, leseee.  rbasak!  do you have an arm vm lying around by chance?
<roaksoax> hallyn: nah cna't have acces to arm
<roaksoax> Daviey: have 2 bottles here waiting for the next gathering
<hallyn> roaksoax: not arm hardware, just a vm.  (i can try to set one up tonight if need be)
<hallyn> roaksoax: do we care about arm vms for maas?\
<roaksoax> hallyn: for us in maas really everything is the same
<hallyn> don't know what that means
<Daviey> roaksoax: Make sure you take your phys kit, team exercise every morning.
<hallyn> what's that, stretch bands?
<roaksoax> Daviey: yeah that's exactly what we need!
<hallyn> how about parkour every morning?
<hallyn> zul will lead the lessons
<zul> uh?
<hallyn> parkour parkour!
<roaksoax> zul: likes climbing up stairs
<roaksoax> like in san diego
<zul> yeah 45 degree slopes with lots of slopes is not my friend
<rbasak> hallyn: you want to know what /proc/cpuinfo looks like inside from inside a qemu emulating arm? I guess I can look into that for you, but I don't have anything handy - I use real ARM machines  :-)
<hallyn> rbasak: yeah that's what i wanted.  ok, thanks. i can run a test tonight to be sure, and warn roaksoax if it doesnt include 'QEMU"
<hallyn> i'd best re-try migration testone more time with that setup just to be sure
<hallyn> migration succeeded.  i do still wonder why i get i/o errors after migration, though apparemtly (as it works for the bug reporter) it's something in my setup
<hallyn> just can't imagien what
<hallyn> jamespage: migrating a vm works ofr me with --copy-storage-all, but when i do it over shared nfs storage, i always ahve disk corruption after migration.  if you could try both of those as well that'd be much appreciated
 * hallyn out - back later tonight
<avid_fan> !sed
<ubottu> The linux terminal or command-line interface is very powerful. Open a terminal via Applications -> Accessories -> Terminal (Gnome), K-menu -> System -> Konsole (KDE), or Menu -> Accessories -> LXTerminal (LXDE). Guide: https://help.ubuntu.com/community/UsingTheTerminal
<avid_fan> !grep
#ubuntu-server 2013-04-09
<monokrome> Hey. Does anyone know how to fix this issue?
<monokrome> http://d.pr/i/OO3w
<monokrome> my hostnames are all accurate, but I can't access a server using it's short name...
<monokrome> the server denies ping requests, but resolving the IP means that the second ping did what I expected
<monokrome> Here's an example taht respects your font size: https://gist.github.com/monokrome/87bb575d75117b09e3a8
<monokrome> Sorry about the other one
<qman__> monokrome, domain/search domain in /etc/resolv.conf
<monokrome> I need to add "domain rentlytics.com" to that?
<qman__> yes, though if you use resolvconf, you have to add it to /etc/network/interfaces to get it there
<qman__> in the form of
<qman__> dns-domainname rentlytics.com
<monokrome> What does Ubuntu server use?
<qman__> 12.04 and up are done the latter way
<qman__> previous versions you just add it to /etc/resolv.conf
<qman__> unless you set up resolvconf yourself
<monokrome> thanks
<qman__> sorry, dns-domain
<qman__> not dns-domainname
<qman__> monokrome, ^
<monokrome> qman__: It's dns-search that worked
<monokrome> Thanks for your help
<Quest> can I NAT instead of port forwarding 80 in my router if i run a httpd server?
<qman__> that depends on your router
<qman__> by NAT I assume you mean 1:1 NAT, since port forwarding is a form of NAT already
<Quest> yes
<Quest>  iam here to know that is NAT an option. if yes, whats the better one and why
<qman__> by port forwarding, you're already using what's known as NAT overloading or masquerading, and is the method by which you can share a single external IP among multiple hosts
<qman__> 1:1 NAT is used when you have more than one IP and want a host to act as though it has its own dedicated IP on the internet
<Quest> hm
<Quest> hm
<qman__> as the name implies, it's a 1:1 mapping, and cannot be shared with any other hosts
<Quest> hm
<Quest> 1:1 Nat will forward all ports then
<Quest> ok
<Quest> out office configuration    DSL    >    router (make NAT maping for server)    >    server    >   switch   >   mulptiple users.   The server is for monitering, prioritizing and limiting traffic. Now we also want an astersk server to also be placed (after the switch and before the the voip cisco phones). We want to moniter voip calls and bandwidth as well. I have been advised by many not to use NAT with astersk. I have read articles on the problems.
<Quest> One other problem is that voip need priority. can the server set priority for viop? Provided that the phones will only be used in LAN. should I proceed or an alternative is suggested?
<qman__> to make VoIP work well, you need QoS on a device that governs both the data and voice networks
<qman__> whether that's your server or router is up to you and what resources you have
<qman__> NAT is doable with asterisk but it's complicated
<patdk-lap> heh? server, router, and switch should all work together for that
<shauno> I honestly think you're reaching the point where you might want to look into hiring someone who's done this before
<qman__> probably
<qman__> asterisk will give you nightmares
<patdk-lap> it does? I thought it was rather fun
<qman__> it is by far the single most painful service I have ever had the privilege of working with on linux
<qman__> the asterisk server at my place of employment has a bug where it randomly thinks someone is still trying to talk to a conference call after it's gone
<qman__> which spams the logs uncontrollably and the only resolution is to restart asterisk
<qman__> our workaround is nightly restarts
<qman__> that was bad enough, now it's occasionally getting into moods where it will just drop any call made from any of the desk phones after 8 seconds
<qman__> rebooting the server is the only solution
<patdk-lap> I haven't used astrisk since 2005
<patdk-lap> but had a nice setup
<patdk-lap> just never needed landlines again, went pure cellphone
<qman__> googling for error messages finds a few dozen people with the same issues, and no answers
<qman__> as is typical for every problem I've run into with asterisk
<patdk-lap> I used astrisk as a pure sip router :)
<patdk-lap> cisco unit handled land lines
<patdk-lap> sip desk phones
<qman__> we used to have a PRI / T1, but now we're all SIP
<patdk-lap> asterisk routed, and also connected to several voip providers
<qman__> and a couple IAX hardpoints
<qman__> sometimes it will join what can only be described as a washing machine to a conference room
<qman__> and we just have to use a different one
<patdk-lap> are you using a timing device? is that still required?
<qman__> the dahdi modules are still there but I'm pretty sure they're unused, the card was pulled
<qman__> unfortunately we can't just start fresh because we've got this whole custom scripting mess piled on top
<qman__> integrates with our ticketing system and oncall rotation and whatnot
<qman__> it was way worse when I started, I was asked to "fix" the phone system as one of my first projects
<qman__> so I built a fresh server and compiled the latest asterisk and stuff, but I had to copy the config and custom scripts over from the old one
<qman__> and having never used asterisk before, I was googling and firing options from the hip
<qman__> before I did that it used to screech or hang up on people, or it'd frequently pick up calls and only have one-way sound
<patdk-lap> that is a range of different issues :)
<patdk-lap> one way sound is normally a firewall issue
<qman__> that's just the tip of the iceberg, I could go on for hours
<qman__> it wasn't in this case
<qman__> one change I made that had a significant impact
<qman__> was disabling as many hardware devices as I could to free up IRQs, and disabling hyperthreading on the CPU
<patdk-lap> ya, lots of timing issues to solve there
<roseysdaddy> anyone know anything about accessing webmin from remote location?
<SlyCracker> I have a question. I am trying to install Ubuntu Server 12.04 on VirtualBox. Whenever I get to "Install and Setup system" It fails everytime.
<SlyCracker> Any suggestions?
<qman__> !webmin | roseysdaddy
<ubottu> roseysdaddy: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Quest> arnt servers better in reportin / limiting/ QoS/ etc traffic that routers?
<patdk-lap> Quest, since when?
<Quest> Iam asking
<qman__> it depends on the router, and the server
<qman__> different products offer different capabilities
<patdk-lap> there is going be a lot of adjusting to either, to limit bufferbloat
<SlyCracker> Can anyone help me with my U-Server installation?
<qman__> SlyCracker, check the md5sum of your iso file against the md5sum on the repository, and make sure you have sane specs for your VM
<SlyCracker> Is there a helpful guide for doing that?
<roseysdaddy> anyone know if you can access Deluge WebUI from a remote location (across the internet)?
<qman__> roseysdaddy, yes
<qman__> SlyCracker, what in particular? to check md5sums, just download it and read the instructions; sane VM specs for a base ubuntu server is 128MB RAM minimum and 4GB disk minimum, add more for your desired software
<roseysdaddy> qman__ I already have no-ip.com DNS directed to my webmin server, do I just need to open the deluge port?
<qman__> roseysdaddy, yes, you need to set up a port forward
<SlyCracker> Oh yes, I have all that checked and vaild. Ran memtests as well. Also cd integrity
<SlyCracker> As well as setup a heft partition for the server. Running it on VirtualBox
<roseysdaddy> would that look like this? "ssh root@myserver.no-ip.org -L 8112:localhost:8112"  ?
<qman__> SlyCracker, what's the last thing you put in before it hangs?
<SlyCracker> Umm, the last thing I do before it hangs is the Aptitude updates and package installs
<qman__> roseysdaddy, that's an SSH tunnel, which is different
<SlyCracker> before that selecting all the features such as PHP, SSH, MySQL, etc.
<qman__> SlyCracker, try not checking anything, and just letting the install finish
<roseysdaddy> how would I open port 8112 from the terminal?
<SlyCracker> Will do.
<qman__> SlyCracker, you can always get back into that menu later by running 'sudo tasksel'
<SlyCracker> Oh.
<SlyCracker> How do I run that task when i have no where to input a command?
<qman__> roseysdaddy, that depends on your firewall, it must be opened there
<qman__> SlyCracker, post-install I mean, after it's done and you've rebooted and logged in
<SlyCracker> Oh
<SlyCracker> :P
<qman__> what's most likely happening is it's trying to download packages from the net and it's taking forever
<qman__> either due to broken sources or broken networking
<SlyCracker> Well I am running through it again. We shall see. Also is there a specific type of virtual disk I should use? I use Virtual Disk Image, there was also Virtual Hard Disk. Is there a preference for this install with VirtualBox?
<qman__> that's mostly a matter of personal preference, if you need to interoperate with different softwares
<qman__> each should work equally well as far as the VM is concerned
<SlyCracker> Ah okay. Thanks.
<roseysdaddy> alright, im so confused
<roseysdaddy> ubuntu says iptables isnt a service
<roseysdaddy> but when i run nmap it shows me the open ports
<qman__> iptables isn't a service, it's a command
<qman__> ubuntu's default firewall is ufw, and by default, it's wide open
<roseysdaddy> how do i check if port 8112 is open?
<qman__> so if your system is being firewalled, you either have some other application that set it up, or you have an additional firewall between your server and the internet
<qman__> netstat -lanp | grep 8112
<qman__> will tell you if any programs are listening
<qman__> running nmap from another host will tell you if it's open, closed, or filtered
<Quest> qman__,  and others, is it usually assumed that a computer router with linux is more good in QoS/filtering/firewalling/monitering/  with many tools like iptraf, iftop, ntop   etc  than a router/switch ?
<qman__> Quest, no, because "a router/switch" does not sufficiently categorize the available hardware
<qman__> better than a $50 consumer piece of hardware, yes
<Quest> qman__,  sorry?
<qman__> better than a cisco or dell or ... router or managed switch, maybe
<Quest> qman__,  sorry? what do you mean. what is better in actuall?
<qman__> Quest, dedicated hardware is available at all performance levels, both better and worse than what is available in a linux system
<Quest> comparing the cost with ther things QoS/filtering/firewalling/monitering/ . which one gives more features?
<qman__> again, you can't make a comparison that generic
<qman__> different products offer different feature levels
<qman__> consumer grade hardware will be slower and less featureful than a linux server configured as a router
<Quest> qman__,  is it truee that a router/switch can be as good in reporting/QoS // / /etc/  etc/ as a Linux full OS can ?
<qman__> more expensive routers and switches can be faster and offer varying levels of features
<qman__> yes
<Quest> oh
<qman__> the main strong point of a linux server filling that role, is adding those extra features on a low budget
<Quest> qman__,  do you know any router make model that is good enough as ntop, iftop, iptraf   QoS  in Linuxe is?
<Quest> qman__,  oh so linux servers do all that of a good router/switch at a cheap cost?
<qman__> yes, but they don't necessarily perform as well
<Quest> hm
<Quest> ok
<Quest> thx
<Quest> Is there a way to remotely(by WAN out side) log in the routers page of 192.168.1.1?
<qman__> dedicated hardware can be accelerated for the given task and be faster than a linux server
<Quest> linux servers are dedicated too. for just routing
<Quest> arnt they?
<qman__> no
<Quest> ok
<qman__> linux is a generic operating system, it has routing features, but it's all running on a standard x86 PC stack
<Quest> well if they just do routing. arnt they
<Quest> hm
<Quest> i see
<qman__> hardware designed specifically for the task is better at it
<Quest>  i see
<Quest>  right
<Quest> qman__,  do you know any router make model that is good enough as ntop, iftop, iptraf   QoS  in Linuxe is?
<qman__> there are lots of them, you need to find one suited to your requirements in features, performance, and load
<Quest> hm
<Quest> Is there a way to remotely(by WAN out side) log in the routers page of 192.168.1.1?
<Quest> so i can moniter traffic
<qman__> not directly, your private addresses only exist locally
<qman__> you will need to open and forward a port
<SlyCracker> Okay, Ubuntu server is installed. Is there a desktop for this or all console based?
<qman__> SlyCracker, it's console only
<qman__> desktops are for desktops
<Quest> SlyCracker,  but you can install a desktop if youwant
<SlyCracker> Well I want it setup for a server, but a gui would be nice.
<Quest> SlyCracker,  but you can install a desktop if youwant . if you mean a GUI
<qman__> you can, but there's not much point; all the server administration is done by command line anyway
<SlyCracker> True.
<Quest> SlyCracker,  install ubuntu-desktop
<qman__> the correct way to manage the server is to use your desktop for the research and web browsing, and SSH in to do the admin
<SlyCracker> How do I get back to that Task Selection screen again then?
<SlyCracker> sudo seltask?
<qman__> sudo tasksel
<Quest> qman__,  know anything about asterisk?
<SlyCracker> Thanks
<qman__> Quest, enough to hate it
<Quest> hm
<Quest> Is there a way to remotely(by WAN out side) log in the routers page of 192.168.1.1?   ------ by this meant the router/switch that is after the dsl line/ dsl modem
<qman__> only if said router has the option to enable it on the WAN port
<Quest> most advance routers like d link and linksys do?
<Quest> one question: to get requests on port 80 of a webserver, 80 needs to be forwarded or NAT 1:1. while asterisk server dont need NAT or port forwarding? as it has problems with NAT?
<qman__> no, d-link and linksys are consumer grade hardware
<Quest> hm
<qman__> and if your asterisk server needs to be accessed from the internet, you need a NAT or a port forward; if not, then you don't
<qman__> by that I mean, if you need phones to register from outside your network
<qman__> if you just have phones on the LAN, and connect to an upstream SIP provider for your lines, you don't need a port forward
<Quest> well.  we need them to down and upload. register . etc. but i heard NAT is not good for SIP
<Quest> or voip
<qman__> it complicates it
<qman__> what I'm saying is
<qman__> if you don't have any phones outside of your LAN, you don't need it
<qman__> meaning desk phones, SIP phone applications, etc
<Quest> yes. its in LAN
<qman__> your server initiates the connection to your SIP provider and doesn't need a port forward to connect to it
<Quest> oh
<Quest> so if the phones are in the LAN . and the network is NATed . i dont need to worry
<Quest> ?
<qman__> yes
<Quest> great
<Quest> but it seems that anyone fromoutside the lan wont be able to connect  remotely to make a call. etc
<qman__> right
<qman__> if you want people to connect to your phone system and make calls, from other places on the internet, you need port forwards or 1:1 NAT
<qman__> such as people taking desk phones home or using SIP applications on their cell phone or laptop
<Quest> and port forward and NAT is not good for voip/sip.
<Quest> so theres a problem. isnt it
<qman__> it works fine, but it's more complicated to configure
<Quest> hm
<Quest> ok.
<Quest> we have 8 ip pool 5/8 usable. our office configuration    DSL    >    router (make NAT maping for server)    >    server    >   switch   >   mulptiple users.   The server is for monitering, prioritizing and limiting traffic. Now we also want an astersk server to also be placed (after the switch and before the the voip cisco phones). We want to moniter voip calls and bandwidth as well. I have been advised by many not to use NAT with astersk. I have r
<Quest> ead articles on the problems. One other problem is that voip need priority. can the server set priority for viop? Provided that the phones will only be used in LAN. should I proceed or an alternative is suggested?
<Quest> by router i mean router/switch.   the server is  a linux ubuntu server
<Quest> qman__,  you there?
<pukeko> Hello i have two samba servers (versions 3.4.7 and 3.6.3) which i wish to keep in sync.. is it ok to just rsync the /etc/samba /var/lib/samba /etc/passwd and /etc/group directories ?
<SlyCracker> is there a way to creat a domain name with the server?
<SlyCracker> or a site where I can use my localhost for a domain?
<SlyCracker> Still new it seems.
<SlyCracker> How do you setup a domain name for localhost?
<SlyCracker> Or use it for a live website?
<vedic> Hello friends, recently while updating the server, I got error in updating grub-pc. Not able to solve it. Need help.
<vedic> dpkg: error processing grub-pc (--configure):  subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing:  grub-pc
<vedic> I managed to solve it
<eagles0513875_> hey guys i need some help i am trying to follow exporting http_proxy envrionmental variable and for some reason either i have the syntax wrong or the site http://askubuntu.com/questions/47379/how-to-use-a-proxy-on-the-command-line is not correct can anyone help me
<sarnold> eagles0513875_: do you have a pastebin handy showing what you've typed and what happened?
<eagles0513875_> hold on sarnold
<pii3> hi
<geekf00> sup
<pii3> why i cannot /etc/init.d/networking restart on ubuntu 12.10
<pii3> ?
<eagles0513875_> sarnold: this is just a single line export http_proxy=http://localhost:2200/curl
<eagles0513875_> im tunneled already in another terminal
<eagles0513875_> which i used ssh -D 22 -p 2200 -i PATH TO KEY USER@host
<eagles0513875_> and it doesnt work
<sarnold> eagles0513875_: is your proxy really http://localhost:2200/curl ??
 * pii3 restart networking
<sarnold> eagles0513875_: I haven't seen a proxy with a path like that before...
<eagles0513875_> no sarnold no its not im using local host and socks at least on my web browser
<sarnold> pii3: was it moved to an upstart managed job? try "service restart networking"
<pii3> thanks
<sarnold> eagles0513875_: try just "export http_proxy=http://localhost:2200/"  then, and leave off the 'curl'
<pii3> sarnold, service networking restart
<eagles0513875_> sarnold: same issue curl is saying couldnt connect to host
<sarnold> eagles0513875_: ohhh, I just finally re-read what you wrote -- are you trying to use a simple ssh port forwarding as an http proxy? that won't work, unless there's a -real- http proxy somewhere.
<sarnold> eagles0513875_: if you just want to use ssh port forwarding, you don't set http_proxy -- you just give the 'local' address, like: curl http://localhost:2200/path/to/whatever
<eagles0513875_> sarnold: thing is this is part of some source code so i dont have control over curl
<eagles0513875_> its not a problem sarnold i can wait till i get home and use the home network instead of my schools
<sarnold> eagles0513875_: you -might- be able to get away with a shell script to replace curl, if you didn't want to wait
<eagles0513875_> sarnold: what do you mean
<sarnold> eagles0513875_: if you do something like : sudo mv /usr/bin/curl /usr/bin/curl.real ; and then write a small /usr/bin/curl shell script that does something like /usr/bin/curl.real -command -line -arguments  http://localhost:2200/path/that/is/requested     you might be able to paper over the problem :)
<eagles0513875_> ahh ok :)
<eagles0513875_> thanks ill try it out
<eagles0513875_> sarnold: this is what i have tunneled into now would i export the same sudo ssh -p 2200 -D 22 -i path to ssh key jaquilina@eagleeyet.net
<eagles0513875_> nm that doesnt work
<Hexch> Hi can someone help me with varnish?
<Octavian> hi
<Octavian> still having problems with KVM on 12.04 LTS
<Octavian> I still see linux guests running with kernel 3.8 (not patched) to be stuck in libata:ata_sff_wait_after_reset() at the time ata_msleep() is called
<Octavian> ata_piix is used
<Octavian> is this a known issue?
<Octavian> guests running with kernel 3.7 did not show this behaviour
<RoyK> Octavian: I'd suggest asking in #virt @ irc.oftc.net
<brendand> not sure if this is the right channel to ask in, but i'm trying to write an upstart job for tool that runs some tests on a fully booted server and was wondering what's the best thing to specify for 'start on'
<rbasak> brendand: are you aware of upstart-events(7)? http://upstart.ubuntu.com/cookbook/#ubuntu-well-known-events-ubuntu-specific
<rbasak> brendand: apart from that, I'm not sure. Might be worth asking on askubuntu.com
<rbasak> (it's a good question)
<hggdh> is bug 1111852 something the server team could look at?
<uvirtbot> Launchpad bug 1111852 in targetcli "targetcli bug - buffered fileio mode not saved across reboots" [Medium,Triaged] https://launchpad.net/bugs/1111852
<Daviey> zul: syncing spice-html5 sounds like a good idea to me
<Diegonat> hi guys... has somebody installed apt-spacewalk ??
<zul> Daviey:  ack
<wickedpuppy> hi guys , I have downloaded Ubuntu 12.10 Server for Cloud. May I know how do I go about using it? Is there any guide?
<RoyK> !guide | wickedpuppy
<ubottu> wickedpuppy: The Ubuntu server guide may be found at http://help.ubuntu.com/12.04/serverguide/C/
<wickedpuppy> Thanks!
<koolhead17> hi all
<koolhead17> wickedpuppy: hey there
<koolhead17> zul: salute
<wickedpuppy> heya koolhead17
<zul> koolhead17:  hi
<koolhead17> zul: do i need to wait for few more days to start using stable grizzly repo?
<koolhead17> fromcl oud archive
<koolhead17> 4 precise
<zul> koolhead17:  no you can use it now
<koolhead17> thanks!!
<jamespage> koolhead17, please read my post to openstack ML - release packages avaliable but not final yet
<wickedpuppy> which part of the server guide can I find the openstack setup?
<koolhead17> jamespage: care to pass me link if you can, my inbox is kind of bombed
<jamespage> koolhead17, https://lists.launchpad.net/openstack/msg22515.html
<koolhead17> thanks jamespage
<hallyn> drat.  package nsf-kernel-server not found, there go my hopes for easy grant money
<ogra_> hallyn, probably if you dont typo it ?
<ogra_> i definitely see it on x86 precise and armhf raring here
<hallyn> ogra_: just a joke
<ogra_> ah :)
<hallyn> ogra_: i mistype that pretty frequently :)
<ixloran> Hi.  I'm running an appliance on Ubuntu 12.04 LTS server.  The server gets regular updates/upgrades.  I received a system notice that:  Apr  9 07:00:21 mail zimbramon[4053]: 4053:err: Disk warning: mail.mydom.com: /boot on device /dev/sda1 at 92%
<ixloran> Checking "/boot", I find multiple installs of OS versions -> http://pastebin.com/JEH2NXCM.
<ixloran> What's the correct/safe way to clean this up, and prevent multiple installs in the future?
<resno> ixloran: this with zimbra?
<ixloran> resno: Hi. Yes.  Is that relevant?
<resno> uhm, not really
<resno> are you thinking 203mb will save you?
<tracphil> http://askubuntu.com/questions/89710/how-do-i-free-up-more-space-in-boot
<ixloran> resno: 'save me'?  not sure what you mean, there
<ixloran> tracphil: thanks ... reading
<hugo_> greetings!
<ruben231> hi guys any idea how do i resize this server setup since its full already ------------> http://pastebin.com/ztNfMnJg
<Quest> what does this means Apr  9 19:05:44 server1 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "fullaccess"
<Quest> Apr  9 19:05:44 server1 lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost=  user=fullaccess
<Quest> Apr  9 19:05:44 server1 lightdm: PAM unable to dlopen(pam_gnome_keyring.so): /lib/security/pam_gnome_keyring.so: cannot open shared object file: No such file or directory
<ogra_> looks like a messed up desktrop install on your server
<ogra_> (and someone trying to log in with the id "fullaccess")
<Fieldy> i'm guessing somebody messed with the pam config, or manually installed things ouside of the package manager
<tracphil> ruben231 it is going to be a pita since the filesystems are not on LVM
<Quest> ogra_,  hm Fieldy  i also have so much similers like this pr  9 19:05:35 server1 lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost=  user=fullaccess
<Quest> am i safe?
<Fieldy> is there a display mangager called lightdm? because :1 implies it's X11 (gui).
<Fieldy> if you're using that, it's something to do with that
<ogra_> lightdm is the default desktop display manager in ubuntu
<Quest> hm
<Quest> and Apr  8 20:31:29 server1 sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.151.198.117  user=root
<ogra_> it shouldnt be installed on a server (at least it isnt by default)(
<Quest> Apr  9 02:32:19 server1 sshd[6361]: Failed password for root from 61.155.62.178 port 39754 ssh2            is some one trying to bruteforce?
<ogra_> thats a "normal" ssh attack ... you will see lots of them on a network facing server ...
<Quest> ogra_,  what is the password of root in ubuntu?  in never set one. and am I safe?
<ogra_> luckily root is locked so you dont have to care (there are ways to quieten that etc if you do)
<Quest> k
<Quest> ogra_,  i have installed fail2ban
<ogra_> yeah, that should help
<Quest> k
<Quest> thx
<Quest> a lot :)
<Daviey> roaksoax: Couldn't bug 1152809 have been handled by breaks/replaces?
<uvirtbot> Launchpad bug 1152809 in maas-provision "Suggests tftpd-hpa instead of Recommends" [High,Fix committed] https://launchpad.net/bugs/1152809
<roaksoax> Daviey: nope, slangasek and I went through it and we couldn't really find a way to get fixed (as in maas would upgrde but some bits would not install due to having that as recommends)
<Daviey> roaksoax: nice.. Anyway, thanks for validating it
<roaksoax> Daviey: we tried everything TBH, breaks/replaces, conflicts/replaces, conflicts, etc, etc
<Daviey> roaksoax: happy times!
<roaksoax> Daviey: indeed!! i want MAAS in already! :)
<smb> zul, Now I got the same bugfix as yesterday for Raring for Quantal and Precise (I thought I'd ignore Oneiric). [bug 1157757] I subscribed ubuntu-sru but for the sponsoring upload I assumed it would be you anyway to have to do it.
<uvirtbot> Launchpad bug 1157757 in xen "[Regression] Stuck CPU1-x when booting as Xen HVM guest on certain Intel hosts" [High,Fix released] https://launchpad.net/bugs/1157757
<smb> Oh and the full set of files is in the "usual" place
<zul> smb:  you would think so
<zul> smb: ill take a look once im done here
<smb> zul, ok cool. thanks.
<Daviey> jamespage: can you postpone you think any not viable for this release please, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-seeded-qa-workflow
<jamespage> Daviey, can I just postpone the whole blueprint?
<Daviey> jamespage: I think some of the easier ones could potentially still be achieved ?
<jamespage> Daviey, I've postponed my assigned workitems as appropriate - I'll ask others todo the same
<zul> smb: dpkg-source: error: cannot fstat file ./xen_4.1.2.orig-qemu.tar.gz: No such file or directory
<Daviey> jamespage: super
<smb> zul, err... that should be the other one and not included... wtf
 * zul shrugs :)
<smb> zul, Yeah seems both somehow became including source. no idea why
<Daviey> smb: I always debuild -S -sa :)
<smb> Daviey, I don't why push around tarballs that are there already... :-P
<smb> zul, oh wait... maybe fooling myself. the changes only has the diff and dsc...
<smb> zul, of course to build it you need the tarballs, but can't you just pull-lp-source the previous version to get it
<zul> k
<jcastro> zul: is someone blogging the cloud archive stuff?
<zul> jcastro:  i do some blogging but havent done any in a while
<jcastro> if no one is I'd like dibs
<jcastro> https://wiki.ubuntu.com/ServerTeam/CloudArchive
<jcastro> Am I missing anything from that?
<zul> jcastro:  please
<ScottK> zul: In what way is adding branding a bug fix?  Why do we need it?  (nginx)
<robbiew> why not?
<robbiew> what's the harm ScottK
<Daviey> ScottK: I asked zul to upload it, to better allow banner fingerprinting between distros
<ScottK> robbiew: Does anything depend on that version string?
<robbiew> are we changing the version?
<ScottK> Yes.
<zul> no we arent
<zul> apache has the same thing
<ScottK> +-#define NGINX_VERSION      "1.2.6"
<ScottK> ++#define NGINX_VERSION      "1.2.6 (Ubuntu)"
<robbiew> 1.2.6 = 1.2.6
<ScottK> It's not a bug fix, so I don't see why we're doing it now.
<Daviey> ScottK: I have minimal concern about this change. We shouldn't spend too much time concerning ourselves with it.
<ScottK> Daviey: OK.  Accept it if you want to.
<ScottK> (you can accept from rejected)
<kirkland> hallyn: ping
<hallyn> kirkland: .
<roaksoax> plars: let me know when you need my help to go over the tests
<plars> roaksoax: ok, maybe this afternoon we could run through them? Did you look through them at least to see if they look sane?
<roaksoax> plars: not yet, send tme the links please
<plars> <plars> http://iso.qa.ubuntu.com/qatracker/testcases/1461/info
<plars> <plars> http://iso.qa.ubuntu.com/qatracker/testcases/1462/info
<plars> <plars> http://iso.qa.ubuntu.com/qatracker/testcases/1463/info
<plars> roaksoax: ^
<roaksoax> plars: thanks
<hallyn> stgraber: i gather you are out today?
 * RoyK gathers everyone's out
<plars> jamespage: I still see this issue with the iscsi testing on today's image. The install seems to go off without a hitch, but on reboot I hit problems when it gets to: "Starting configure network device used by iSCSI root"
<plars> it seems to complete that step - it has [ OK ] next to it at least, so maybe the next step
<stgraber> hallyn: yep, and tomorrow. Back on Thursday, working on European time
<hallyn> stgraber: ok o/
<dparks> Howdy! I asked on #ubuntu a little while ago, but no responseâ¦ am I incorrect in thinking that linux-libc-dev and linux-generic should always create /var/run/reboot-required?
<smokie> hey guys, if i installed LAMP when first installing ubuntu, how can i install a php extension later on ?
<smokie> do i just download php5 source and recompile it again with the extension i want?
<dparks> smokie: you can generally install PHP extensions with the package manager (anything listed by "aptitude search php")
<wildchild22> how can you remove startup scripts from ubuntu server?
<ogra_`> you dont ...
<ogra_`> either remove the service package or put an upstart override job in place, that will prevent it from starting
<sarnold> wildchild22: perhaps this is what you want: http://upstart.ubuntu.com/cookbook/#override-files
<wildchild22> I will look
<ogra_`> s/teh service package/the package of the service you want stopped/
<wildchild22> the problem I have is on my seed box
<wildchild22> it is running rtorrent
<wildchild22> it is running but not accessible by the web
<wildchild22> it keeps saying wrong password and it isnt
<wildchild22> so I need to try and modify the password
<wildchild22> it is runnung lighttpd
<smokie> yeah, but the package manager doesnt show mbstring for PHP
<smokie> thats the thing
<smokie> so i assume i have to compile it from source but im not sure how to do that since i used LAMP when i first installed my ubuntu server
<smokie> so any help would b grateful.. ive been at it for few hours now
<Quest> how to I backup entir hardisk with MBR and everything else. partitions etc (there may be a difference in the backup HD size . it would be definiatiely equal or greater in size than the original HD) ? I want to copy all data and MBR with partition table etc so that if the HD fails. I just plug in the back HD and every thing gets beck as before?
<sarnold> Quest: I think you ought to be able to just dd if=/dev/sda of=/dev/sdb bs=64K -- rplacing device names as appropriate, of course
<Quest> sarnold,  hm... will white / blank space be also copied? and what if the backup HDD is larger in size?  and what if the backkup HDD is smaller is size from the original?
<sarnold> Quest: blank space is also copied. don't try with a smaller destination drive.
<Quest> sarnold,  If dest drive is smaller. it will make the last partitions as smaller i gues?
<sarnold> Quest: if you want to compress blank space and your destination drive is smaller, you can write a filesystem on the destination drive and write to a _file_ using the conv=sparse option -- but that will _only_ find all-zero blocks 4096 bytes or larger and zero those, so it'd only work with a -very- sparse source hard drive.
<Quest> example . original partition 1 100gb partition 2 100gb          backup HD 150GB
<Quest> ok
<Quest> asume the original as full with data
<Quest> 2. asume the original as with half data full
<Quest> what will happen to the backup HDD in both cases?
<sarnold> but yoour file will need to be restored to an actual drive before you could use it for booting..
<Quest> that dd command will make a file? not clone the HDD?
<sarnold> Quest: well, depends in what fashion the source is "half-full" -- if it actually -used- the whole space of the platters, even if not ever full, the sectors would have data on them -- the filesystems won't waste time zeroing blocks when they are freed -- so if you bring it down to 'half full' by deleting files, or even create / delete in a tight loop, it's probably not going to work.
<sarnold> Quest: you can clone drives or create files with dd. it's very flexible :)
<Quest> sarnold,  the command you gave me will create a file or clone the HDD?
<Quest> sarnold,  this one dd if=/dev/sda of=/dev/sdb bs=64K
<sarnold> Quest: it would clone the drive -- it all depends upon the destination filename. if the destination is a block device like /dev/sdb, it'll write to the block device. if the destination doesn't exist (or does exist, as a regular file), it'll write a file
<Quest> i would do that to an HDD so that if my origial fails. i would just plug in the backup HDD and boot
<Quest> sarnold,  can I dd while the system is running?
<Quest> I mean dd when   / is mounted ?
<sarnold> Quest: you can but the resulting filesystem will probably not be usable...
<Quest> why not?
<Quest> why not it will be usable
<sarnold> it won't be consistent.
<Quest> meaning?
<sarnold> you'd have the same problems as if you just yanked the power while the system is running
<Quest> oh
<sarnold> probably replaying the journal and fsck would fix it, but I would not trust my data to that.
<Quest> hm
<Quest> actually its a server and we cant stop it running
<Quest> sarnold,  can I dd the first 512 bytes for mbr and partition table . the use rsync. (both things to a backkup usb external portable drive)? will it boot once the mbr is dd to it with the data by rsync?
<patdk-lap> defently not
<Quest> why
<patdk-lap> the boot info in the mbr is only to boot the boot code
<sarnold> Quest: I would not trust that to boot. if you want a real hot-swap boot, best would be to ocnfigure and install two hard drives, make them both bootable. then get good backups of your data.
<patdk-lap> the partition table is in the mbr
<Quest> Patrickdk,  yes
<Quest> so
<Quest> ?
<Quest> sarnold, hot swap boot?
<patdk-lap> what exactly are you trying to do?
<Quest> patdk-lap,  backup a running system that cant be stoped. need a clone HDD
<patdk-lap> what is it that can't be stopped?
<patdk-lap> a database? or other large file thing?
<patdk-lap> or like a webserver?
<patdk-lap> where it's just static files
<Quest> patdk-lap,  asterisk voip server.
<patdk-lap> ok, so asterisk is the *primary* thing
<Quest> ya
<patdk-lap> but what else is on it?
<Quest> nothin
<patdk-lap> database? sqlite? ....
<Quest> mysql
<patdk-lap> asterisk rarely runs by itself
<Quest> trixbox
<patdk-lap> and how much do you *care* about the mysql info?
<patdk-lap> needs to be accurate?
<Quest> verymuch\
<patdk-lap> then you have only two options I know of
<Quest> ok?
<patdk-lap> you could do a mysql dump, and of anything else that matters for consistancy
<patdk-lap> then backup the system
<patdk-lap> or you could install the whole thing using lvm, and make a snapshot
<patdk-lap> then copy the snapshot
<Quest> how to clone the whole HDD without shuting system
<patdk-lap> that is the easy part
<Quest> with mbr
#ubuntu-server 2013-04-10
<Quest> ^ patdk-lap
<uvirtbot> Quest: Error: "patdk-lap" is not a valid command.
<patdk-lap> you should concern yourself much more with, how to make a backup that isn't corrupted first
<Quest> yes.
<patdk-lap> why do you care about mbr on a backup? that is pointless
<Quest> heres an idea. i will brb in 15 mins. manager call
<Quest> dd the first 512 k data with dd and rsync for all other data?
<Quest> but where to put the data and where the mbr. if both are on same HDD . how the HDD would know which data is in partition 1 and which is on partition 2? do you mean first copy mbr / table . then rsync?
<patdk-lap> well, what your talking about, is not a backup
<patdk-lap> if you want to run raid1, run raid1
<patdk-lap> don't confuse it with a backup
<Quest> patdk-lap,  for doesnt dd mbr + rsync data makes a clone?  raid1 will be an other  HDD running with the system. we want backup in case of crash/ theft/ natural hazards
<patdk-lap> it defently won't
<patdk-lap> it will make something approxamate, but defently not a clone, and defently not accurate
<Quest> why not?
<Quest> why not it will be accurate?
<patdk-lap> cause you fail to understand how harddrives work, and how rsync works
<patdk-lap> I'm sorry, I'm not in the mood to give a 2hour lecture
<Quest> steps: dd mbr copy, formate partitions manually, rsync data
<Quest> patdk-lap,  ok
<patdk-lap> just be happy, you won't have to attempt to restore your system from something made that way
<Quest> sarnold,  any comments?
<Quest> for a running system, steps: dd mbr copy, formate partitions manually, rsync data
<patdk-lap> rsync should never be used on *changing data*
<Quest> at the point where there will be no or minor disk activity
<patdk-lap> sorry, only *no* will not cause corruption
<patdk-lap> minor means you might loose some data, or all data
<Quest> can dd be used then?
<patdk-lap> same issue with dd
<patdk-lap> and it can be worse
<Quest> hm
<patdk-lap> this is what lvm is for
<Quest> then what is the solution for a running system
<Quest> lvm?
<Quest> whats lvm
<sarnold> Quest: http://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)
<blkperl> Quest: https://help.ubuntu.com/12.04/serverguide/advanced-installation.html#lvm
<sarnold> Quest: LVM would help you make an rsync-safe copy of your data, IF you make asterisk quiet and use mysqldump to dump your data. lvm won't let you do the dd backup on a running system either..
<Quest> hm
<Quest> ok. I would study that
<Patrickdk> sarnold, heh? you can do dd with lvm just fine, it's alittle overkill though
<Quest> thx
<Patrickdk> you don't even need to do mysqldump, but you do need to atleast do a lock on the tables
<Quest> sarnold,  blkperl  ^
<sarnold> Patrickdk: .. won't you need to remount ro to ensure the filesystem is in a quiescent state first?
<Quest> i think for the moment until i get hands on lvm, i whould have to sacrifize and shutdown system , the use dd to clone the HDD.
<Patrickdk> sarnold, well, it won't be, that is a given
<Patrickdk> you will loose alittle bit of data changing even with lvm
<Patrickdk> unless the fs can quiescent, I think xfs can
<Patrickdk> but likely journalling is enough to fix that
<Patrickdk> and the stuff you care about, should be quiescent manually, like mysql
<Quest> hm
<Quest> in night. the voip server has no activity...  no calls
<Quest> so no disk activity
<Patrickdk> no calls != no activity
<lifeless> the kernel has support for the fs quiescence
<Patrickdk> there will be sip transactions, keepalives, ...
<RoyK> Quest: oh, not using asterisk, are we?
<Quest> ignorable?
<Quest> RoyK,  yes :)
<sarnold> Patrickdk: heh, I'd rather not rely on filesystem journalling for my own backup systems.. hehe
<RoyK> Quest: http://karlsbakk.net/fun/asterisk-installation.wav
<Quest> RoyK,  its installed an running
<sarnold> RoyK: :)
<RoyK> Quest: sure, I'm just saying I've been working with that pile of (unmentionable) for some years
<Quest> RoyK,  yes
<RoyK> after working with that code for some years and trying to get digium to fix obvious bugs - well - I got a new job
<DanC> I have an LVM vg on 2 disks. I just bought an SSD to replace one of them. I wonder if I want a dedicated vg for the SSD or not
<Josh12> is anyone here familiar with setting up access levels for file access?
<Josh12> hello?
<ia0001> hello why is flash not working on 12.04 lts?
<sarnold> ia0001: what bug number?
<ia0001> it wasnt a bug number
<ia0001> flash just wont start on chrome or firefox
<ia0001> hello
<ia0001> is there some reason ubuntu server will not allow flash player
<ia0001> does it have something to do with firewall or proxy?
<sarnold> well, the server does not have a GUI at all
<sarnold> but if you _have_ installed firefox and flash and either vnc or x11 or something, it ought to work just fine..
<ia0001> its not working
<ia0001> what is vnc or x11
<ia0001> I install ubuntu-dekstop
<sarnold> vnc is a remote graphics protocol; x11 is the usual graphics server
<sarnold> that probably installs x11 :)
<ia0001> ok
<ia0001> that not the problem it doesnt work!
<ia0001> flash doesnt work in chrome or firefox
<sarnold> have you filed a bug report?
<ia0001> i mean ... no one has encountered this problem with ubuntu 12.04 lts?
<ia0001> its not a bug it just doesnt work
<DanC> perhaps you could be more specific? "doesn't work" is not much to go on
<DanC> what did you try?
<DanC> what happened/
<DanC> etc. http://www.catb.org/esr/faqs/smart-questions.html
<sarnold> ia0001: I just tried an updated 12.04 LTS system, flash playback works fine on youtube.com..
 * patdk-lap defently has never encountered this issue in ubuntu-server :)
<patdk-lap> I also have not had that issue on ubuntu-desktop
<acidflash> im trying to modprobe a driver into the kernel, and it keeps telling me that the file doesnt exist, where should i put it for the modprobe to see it? i have tried in /lib/modules/uname -r/
<sarnold> acidflash: did you run 'modprobe' first? (iirc, modprobe -a... but look it up...)
<sarnold> sigh.
<sarnold> I fail.
<acidflash> yes
<sarnold> acidflash: did you run 'depmod' first? :)
<acidflash> depmod -a
<sarnold> again, depmod -a..
<sarnold> hehe
<sarnold> acidflash: I'd have put it under /lib/modules/`uname -r`/kernel/  -- does that make a difference?
<acidflash> let me try
<acidflash> actually it looks like putting it anywhere inside kernel, and then depmod -a worked alright
<sarnold> acidflash: cool, thanks
<acidflash> sarnold: thank you.
<ia0001> anyone had problem where flash isnt working in Ubuntu servr
<RoyK> ia0001: well, for one, I don't use a GUI on my ubuntu servers
<ia0001> 12.04 lts
<RoyK> servers don't come with a graphical interface
<RoyK> so, no, flash doesn't work
<ia0001> flash doesn work
<ia0001> ive gotten it to work before I though
<ia0001> what are you talking about
<ia0001> it shold work its the same thing
<sarnold> ia0001: you may have better success in #ubuntu -- flash isn't a server component
<RoyK> or #ubuntu-desktop
<ScottK> RoyK: User support isn't on topic in #ubuntu-desktop.
<RoyK> ok - sorry
<patdk-lap> ya, it's just normal, #ubuntu channel
<ivoks> is there a ppa of the cloud archive? so i could make my own ppa depend on cloud archive? i did found stagging...
<Katafalkas> Hey,
<Katafalkas> I got mysql running on Ubuntu server. and altho time on Ubuntu is correct - EEST, the mysql time is different. Why is it that mysql takes different timezone to current ubuntu timezone ?
<Jeeves_> https://dev.mysql.com/doc/refman/5.5/en/time-zone-support.html
<sw> Katafalkas mysql> SET GLOBAL time_zone = timezone;
<Jeeves_> Maybe you can see which timezone-setting it has now?
<Katafalkas> mysqladmin variables | grep time , gives time_zone SYSTEM
<Katafalkas> oh
<Katafalkas> and system_time_zone is EEST
<Katafalkas> which is correct
<Katafalkas> ohhh ... craaap ! ok. it is all fine now. nvm :D
<Katafalkas> really sorry to bother
<pii3> hey
<pii3> is anyone here have any experience with openchange server ?
<beck_> hello
<beck_> I have a question about bonding that I could not find info on. Typical we use LACP/802.3ad however for a low budget solution we are stuck using layer 2 switch and active-backup. It seems to work ok until I drop a switch and it never recovers. I suspect I have something wrong with my configuration. Any ideas?
<beck_> I was using https://help.ubuntu.com/community/UbuntuBonding as a reference and I'm running precise
<rsthelord> hey guys!! how do i found out my default network interface? i.e. is it eth0 or eth1?
<ogra_`> route -n
<ogra_`> the first line should be your default route
<rsthelord> can i please pm you?
<ogra_`> just keep it here, there are likely more knowledgeable people than me in the channel if it comes to server
<Walther> Hello! Trying to use apt-dater from my workstation to update&upgrade a ubuntu server, I'm getting ldconfig / not found in PATH errors
<coffeedude> screen -dr
<Daviey> zul: Can you work out a target date when we will do our last grizzly bugfix snapshot for raring, pre-release?
<Daviey> adam_g, jamespage, yolanda, smoser ^
<zul> Daviey:  im queuing up a bunch of backports for stable/grizzly that we should have a look
<Daviey> zul: right.. but i want us to work out a schedule for the last one.
<zul> Daviey:  sure
<zul> Daviey:  i would like to push one out thursday at ods since its always the most quiet day at ODS
<cereal> So I've setup bonding with a bridge.  Everything is working fine except every once in a while on reboot the mac-address changes even though I've set the hwaddress of my bond interface.  This never was a problem before I added the bridge to the setup.  Any tips or suggestions on what to do?  Seems like 25% of the time it uses one of the ethX interface hwaddresses instead.  http://hastebin.com/xacodoride.cpp
<bbrelin> Question for a support person.  If I create a VM using xen-create-image <params> do I then have to do an xm create?  If not, should I be able to see the new VM with xm list?
<bbrelin> Hello?  Any support people in the forum?
<bbrelin> Hello?  Any support people on?
<rbasak> !patience | bbrelin
<ubottu> bbrelin: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com/ or http://ubuntuforums.org/ or http://askubuntu.com/
<bbrelin> Thanks.
<bbrelin> Okay, my new question is.  When I run a xen-create-image and specify a mirror and a dist option, should that not completely install the distro on the VM?
<bbrelin> What I'm finding is that I run the xen-create-image, then do an xm create <config file> and then when I try and do an xm console <domain>,
<bbrelin> I go into the Ubuntu installation screen.
<bbrelin> How do I get xen-create-image to actually do the install of the distro on the VM?
<jamespage> plars, I might have a hint as to what issue you are seeing with iscsi-testing
<jamespage> I've tested OK for amd64 with todays raring image
<plars> jamespage: oh?
<jamespage> plars, there was a bug with the cirrus kvm driver that made it look like the vm froze on boot
<jamespage> confused the hell out of me
<jamespage> it might be back
<plars> jamespage: ah, I remember that going back a ways... iirc it was fixed though at one point
<jamespage> I just switched to vga for one that looked broken and rebooted and its fine
<plars> jamespage: jamespage so you just s/cirrus/vga in domain-iscsi-testing.xml?
<jamespage> well I did it through virt-manager - but that would have the same effect for a new vm
<jamespage> plars, yep - I can see the rrro in the kernel log
<jamespage> cirrus_vram_init: ERROR *****
<plars> jamespage: iirc, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1054129 was the bug that existed on it before
<uvirtbot> Launchpad bug 1054129 in linux "reboot with -vga cirrus can result in broken output" [Medium,Fix released]
<plars> hallyn: know if maybe this has regressed?
<jamespage> plars, http://paste.ubuntu.com/5695831/
<jamespage> smb, ^^
<hallyn> plars: i don't know, no.  the previous 'solution' was just t ohave the kernel not deafult to it right?
<plars> hallyn: don't recall, you may be right. If that's the case then it would explain why this still fails since jamespage scripts specify to use cirrus.
<plars> jamespage: confirmed, changing it to vga makes it work for me here too
<hallyn> plars: yeah i've assumed that -vga cirrus is still broken everywhere and not recommended
<hallyn> if that needs to be raised in priority give me a shout,
<hallyn> but i assume you can't run unity in that anyway, so -vga qxl or -vga vmware is recommended
<plars> hallyn: true
<plars> jamespage: so can we just change that default in your script then?
<jamespage> plars, sure
<hallyn> (not saying i'm happy with that)
<plars> hallyn: yes, but being that it's a kernel video driver issue that still needs to be fixed, it's pointless to block iscsi testing on it
<hallyn> plars: lol, yes it is :)
<hallyn> (yup, i'm running screen -e^Bb inside screen inside screen -e^Yy...  it's ok, i can go a few more levels)
<sarnold> Hallyn's review of Inception: "kinda bland"
<hallyn> "amateurs"
<sarnold> :)
<hallyn> actually i haven't seen it yet.  but i've read enough about it in imgur comments :)
<sarnold> haha
<Siraris> I seem to be locked out of my EC2 instance (something seems to be wrong with my public key).  Is there any way that I can get around this since I can't associate a new key with my current instance?  Or do I have to create an entirely new one
<sarnold> Siraris: are you perhaps using your regular username and not ubuntu -- or the other way around?
<Siraris> sarnold: No sir.  I've been logging in the same way for weeks now ssh -i /pathtokey ubuntu@myip
<Siraris> It just stopped working for no reason
<sarnold> Siraris: darn :(
<Siraris> And AWS support won't respond to me on the forums
<Siraris> Is my only recourse creating a new instance?
<sarnold> I hope not, but I don't know what else to suggest..
<Siraris> Can I attach it to a different instance and check the .ssh directory for ubuntu?
<sarnold> Siraris: you mght be able to use euca-get-console-output to try to see what is output on the console..
<Siraris> sarnold: so I have the messed up volume mounted
<Siraris> sarnold: and it's set to rw for ubuntu/ubuntu
<Siraris> That looks ok right?
<sarnold> Siraris: likely... (I'm not an ec2 expert by any stretch..)
<Siraris> How can I store my new key in the authorized_key file?
<sarnold> Siraris: can you mount it in another instance?
<Siraris> It already is
<sarnold> ah :)
<sarnold> scp your ~/.ssh/id_whatever.pub file to the remote host; cat id_whatever.pub >> ~/.ssh/authorized_keys
<Siraris> Well Amazon generates a pem file
<Siraris> Which is my private key
<Siraris> I need the public key based on that
<zerick> Hi guys, i have the following problem after running apt-get update http://paste.debian.net/248719/
<Siraris> Man, as much as people tout AWS, it's a serious pain in the ass.  It now tells me I have no instances
<zul> adam_g/jamespage:  -S -sa --changes-option=-DDistribution=precise
<zul> erg..
<zul> adam_g/jamespage: http://people.canonical.com/~chucks/ca/
<adam_g> zul, have you built + tested the new JS/CSS?
<Siraris> sarnold: I fixed it.  I generated a new key pair on my local machine, copied the public key into my authorized_keys file and it works fine now.  Incase anyone asks in the future :)
<sarnold> Siraris: excellent :)
<zul> adam_g:  looks ok
<geekbri> so uh.... looks like the openjdk 7 packages in ubuntu server 12.04 have broken /usr/lib/jvm symlinks
<zul> adam_g:  looks ok to me
<adam_g> zul, hmm https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1167512
<uvirtbot> Launchpad bug 1167512 in nova "nova-network fails to start if bindir is not set" [Undecided,New]
<adam_g> zul, do we need to override the defaults in nova/paths.py in nova.conf now? wonder what else is similarly broken
<zul> adam_g: wt..
<kaje> I'm configuring pam to only allow logins from a particular group. I'm following this how-to: http://www.cyberciti.biz/tips/howto-deny-allow-linux-user-group-login.html
<kaje> My concern is that I am basically setting up a whitelist for groups and I want to be sure I'm not going to screw up some built-in user by not including some built-in group.
<kaje> Is there some list of the standard built in groups and what they are used for?
<zul> adam_g: looking
<tonyyarusso> kaje: well, there are built-in users and groups, but they don't "log in", so I think you're fine...
<kaje> Ok, great. Thanks
<tonyyarusso> kaje: The main thing I'm not quite sure about is how it affects cron.
<zul> adam_g: *sigh*
<zul> adam_g: so linux_net changed how it handles nova-dhcpbridge so if its specified in your nova.conf then it bails when someone tries to start an instance
<adam_g> zul, i dont understand
<lolbee> hello
<lolbee> is ubuntu server supposed to boot into a flasing underscore and nothing else?
<adam_g> zul, it looked like the default directory where it would look for something like nova-dhcpbridge has changed, with defaults being set in paths.py
<zul> adam_g:  yeah thats what i meant so if someone has nova-dhcpbridge in their nova.conf then it will bail out
<zul> i was able to reproduce it here
<adam_g> zul, why would nova-dhcpbridge matter? it seems by default its looking for it @ $bindir/nova-dhcpbridge, but bindir=/usr/lib/python2.7/dist-packages/bin/ or w/e
<zul> yeah im not sure still
<zul> its obviously a regression
<Steve____> Hi, is there any way in a .sql file to spool to a file named after the current date? At the moment we spool to a fixed path
<patdk-lap> heh? what is a .sql file?
#ubuntu-server 2013-04-11
<lolbee> How on earth do you install this crap on raid and what is up with 98% of the mirrors not working for quantal?
<lolbee> I installed ubuntu server
<lolbee> no I have no network interfaces
<fluvvell> Somewhere my server install is going astray, the guided partitioning with my drive layout appears to break things. I have an SSD for OS, and two 1TB drives for a RAiD1 array. I could do all this on the command line later, but I want to understand the process from the installer.  Is there a trick to this?
<fluvvell> And, I want to understand LVM, I realise the whys of it all, but is LVM applied before or after Raid configuration?
<fluvvell> Do I allow the installer to setup guided partitioning on the SSD then interrupt it to setup the 1TB raid array manually?
<Alysum> hello - I have a question regarding rsyslog
<Alysum> does *.* - /var/log/syslog  mean log every file under /var/log to syslog?
<andol> Alysum: *.* translates into all facilities and all severities
<andol> Alysum: http://en.wikipedia.org/wiki/Syslog#Facility_Levels
<Alysum> thanks
<Alysum> what's the best way to ignore some custom logs from being logged to syslof
<xnox> fluvvell: usually: raid -> (crypt) -> lvm -> filesystem -> mountpoint
<fluvvell> xnox, Thanks. I'll set up raid1 first.
<fluvvell> I still think there are some deficiencies in the installer
<xnox> fluvvell: in what sense?
<fluvvell> xnox, in the sense that I ran the guided partitioner: Trying to set up a logical solution, a fast SSD OS drive, and stable RAID1 storage drive for samba. A common use for a linux server, but I ended up with a scattered bunch of partitions and no explanation of the logic behind the partition scheme.
<fluvvell> So for clarification, my complaints are specifically around the partitioner, I found the rest of the installer fine.
<xnox> fluvvell: yeah, I see your point....
<Walther> Trying to update & upgrade via apt-dater, I get "dpkg: warning: 'ldconfig' not found in PATH or not executable
<Walther> When using apt-dater to remotely update some software on a ubuntu server, i get "dpkg: warning: 'ldconfig' not found in PATH or not executable". The apt-dater works fine with other servers.
<Siebjee> Hi all, i'm running ubuntu 12.04 LTS, and my eth2 keeps disconnecting it self. ETH2 is a direct link to another server (identical hardware and software). Its a freshly installed server, up-to-date. Anyone can help me figure out what is going on ?
<Siebjee> After a ethtool -r eth2, the link comes up again
<gipzo> Hello. How can I start xserver (with xinit) on ubuntu server, without display? I have 4 TV's connected to server through hdmi-splitter. Sometimes displays are switching off and on again. If xinit was running while this switch-off - everything is ok.
<gipzo> But when I try to start xinit without connected display (I added "1920x1080_60.00" mode to it, so it starts) i have black screen when i reconnect displays
<amal> !cpanel
<amal> oops
<Mikk36-work> Hey
<Mikk36-work> Trying to install vmware tools into the 12.04 lts server, but I'm having an issue with not having the /dev/cdrom available
<Mikk36-work> What am I doing wrong?
<Walther> When using apt-dater to remotely update some software on a ubuntu server, i get "dpkg: warning: 'ldconfig' not found in PATH or not executable". The apt-dater works fine with other servers.
<Mikk36-work> Nevermind, apparently autocomplete didn't work properly for that
<Daviey> zul: I am going to sign us both up to Subject: [Openstack] Summit Runners
<zul> Daviey: ok
<zul> maybe i should read that email before saying ok
<zul> Daviey:  uh no
<rbasak> Could someone please review and sponsor bug 1163927 (puppet bugfixes from Debian) and bug 1164475 (feature regression since precise)?
<uvirtbot> Launchpad bug 1163927 in puppet "indent/puppet.vim required by vim-addons-manager registry but not in package" [Unknown,Fix released] https://launchpad.net/bugs/1163927
<uvirtbot> Launchpad bug 1164475 in bind9 "Missing dependency (libxml2) in raring" [Medium,Triaged] https://launchpad.net/bugs/1164475
<rbasak> No patch pilots in today, and we're pretty close to release.
<Daviey> zul: too late, request sent.
<zul> Daviey:  im not down with that
<Daviey> roaksoax: Uh, has verification failed - bug 1167660 ?
<uvirtbot> Launchpad bug 1167660 in maas "maas-cluster-controller.postinst failing with an unterminated sed error" [Undecided,In progress] https://launchpad.net/bugs/1167660
<roaksoax> Daviey: nit that i know off
<roaksoax> i have been runnin the package without issues
<rbasak> lamont: hi! Any news on bug 1090593? seb128 didn't sponsor my debdiffs because you said you were going to backport the whole zone file instead, but there's been no activity.
<uvirtbot> Launchpad bug 1090593 in bind9 "D.ROOT-SERVERS.NET changing January 3rd 2013" [Medium,Fix released] https://launchpad.net/bugs/1090593
<Daviey> roaksoax: can you confirm with that bug?  It looks potentially bad.
<lamont> rbasak: ah, let me follow up on that with folks.  ISTR that I did the backport, but we just haven't pushed the big red SRU button
<lamont> but I'll need to refresh my brain
<zul> hallyn:  whats the migration bug number again?
<roaksoax> Daviey: thats what im looking at now. matsubara asked me to look at thus last night but the maas team got to it first it seems. but this doesnt make any sense cause otherwise i would have not been able to install maas myself
<rbasak> lamont: thanks! IIRC, your original PPA backports had autotools noise unsuitable for SRU.
<lamont> sounds about rightr
<matsubara> roaksoax, do you test the cluster controller setup locally as well?
<matsubara> because that failure only showed up in the CC integration tests
<roaksoax> matsubara: yes!
<roaksoax> matsubara: that packaging is in raring and raring doesnt have that issue
<roaksoax> you can try install it and reconfigure
<roaksoax> the issue i think is that you are sending a leading space
<roaksoax> which is thw cause of the problem
<roaksoax> but wit
<roaksoax> matsubara: are you preeseding that value?
<magesing> Hi everyone, How can I start x11vnc (or some other vnc server) so that I can see the login screen from a remote host?
<roaksoax> matsubara: or how are you sending it
<matsubara> roaksoax, yes, the preseed had a leading whitespace which I removed.
<roaksoax> matsubara: ok
<roaksoax> Daviey: ^^ leading whitespace was the cause of the issue
<Daviey> right
<matsubara> with the '' quotes, the package install correctly even with the leading whitespace
<matsubara> I mean '$RET' quotes
<hallyn> zul: bug 1157626
<uvirtbot> Launchpad bug 1157626 in qemu "Unable to use "virsh migrate" on two hosts after moving to raring" [High,Triaged] https://launchpad.net/bugs/1157626
<roaksoax> matsubara: and does it work well afterward? no issues if you rexonfigure and change the vvalue?
<zul> hallyn:  thanks
<hallyn> yup
<roaksoax> Daviey: is that something you want fixed now? or shall that just be one maas accepted since this doesnt seem to be a blocker
<roaksoax> s/one/onve
<Daviey> roaksoax: TBH, i haven't grokked the issue
<roaksoax> err
<roaksoax> Daviey: ok is my opinion that it can wait until we release the sru since normal installations wont really be affected and
<Daviey> roaksoax: So this is only an issue on preseeds?
<roaksoax> Daviey: this is only when theres a leading whitespace in that variable
<matsubara> roaksoax, I haven't tried. I'm firing up a vm to test
<roaksoax> matsubara: ok ;)
<roaksoax> matsubara: which imho wouldnt normally happen otherwise we would have seen it looong ago :)
<roaksoax> Daviey: ^^
<Daviey> matsubara: was that value preseedable in the prior release?
<Daviey> it wans't was it?
<matsubara> Daviey, I only tried the CC preseed on quantal and raring
<matsubara> the precise.sru package have it as well, but the precise package does not
<Daviey> matsubara / roaksoax: Right, so if i install from the precise cd (& preseed), i cannot suddenly break by upgrading to this release?
<Daviey> mgz: Hey.  You may know this.. A while ago, i volunteered to NEW review juju-core if it was uploaded this week.  Is that still looking like it will make it?
<matsubara> Daviey, by precise cd you mean not the sru package right?
<mgz> that's the plan, though I'm on a plane tomorrow
<Daviey> matsubara: correct
<mgz> so, m_3 and I need to get the remaining bits done today
<Daviey> mgz: Having /something/ is better than /nothing/.  There is still time to make fixes, but having a first pass would be most useful
<Daviey> mgz: Please, Please consider using gccgo.
<matsubara> ok, then you can't preseed maas-cluster-controller and even if you could, you would have to have a leading whitespace in your preseed to trigger the bug
<Daviey> matsubara: sounds suitably ok for it not to be a blocker, thanks for the confirmation
<Fieldy> hello, in what package can I find smbclient? I already have samba installed however smbclient is not. apt-cache search smbclient doesn't lead me to results that help me figure it out
<Fieldy> yum search smbclient (i'm on way too many systems)
<Fieldy> no wait apt-cache. i just woke up
<matsubara> np
<mgz> Daviey: I think at this point in the afternoon, that may not be tractable.
<zul> Daviey/hallyn/jamespage (or those playing at home): just throwing a debdiff and a build log for the libvirt FFE
<rbasak> Fieldy: it's in the smbclient package.
<Daviey> mgz: I am not happy reviewing alone something that includes static linking.  So it will slow down the process.  I passed through the chain guidance on Go packaging, did it reach you?
<mgz> alas no
<mgz> can you forward?
<Daviey> mgz: hmm, can't find it now.. but https://lists.debian.org/debian-devel/2013/01/msg00702.html .. was useful
 * Daviey ponders, waiting for the netsplit to end
<mgz> :)
<RoyK> sÃ¥ har du mitt tilskudd i samtalen
<RoyK> huh?
<hallyn> zul: thx
<Daviey> mgz: Do you want some help?
<mgz> Daviey: yes, I think so, let me just finish off the python proposal and look at the go stuff again
<smoser> utlemming, around ?
<Daviey> mgz: From a release PoV, something really does need to be in this week IMO.
<smoser> i wonder if you have ever tried using our cloud images under hyper-v
<mgz> Daviey: yup.
<smoser> and would know how to convert successfully a disk1.img (qcow2) to vhd.
<utlemming> smoser: yes, yes, and yes
<smoser> vbox convert ?
<utlemming> smoser: kind of...
<utlemming> smoser: qcow-img convert to raw. Then vbox convert to VHD. And finally vbox convert to fixed size.
<utlemming> smoser: the last step is needed for azure
<smoser> nice.
<smoser> do you happen to have a script that goes directly ?
<utlemming> smoser: the reason for qcow convert to raw first is that Hypver-V doesn't like the qcow VPC
<utlemming> smoser: http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/jenkins_kvm/view/head:/azure_config.sh
<smoser> utlemming, thanks.
<mgz> Daviey: I'm off IRC for the next half hour, but have uploaded python juju debdiff to ffe bug
<smoser> utlemming, can you not go straight from raw to --variant= fixed ?
<utlemming> smoser: not for Azure. It doesn't create the header right, so Azure basically say, "WTF" and you're upload fails. For Hyper-V I've seen it hit or miss.
<benlangfeld> Hey, does anyone here know who maintains the vagrant base box http://files.vagrantup.com/lucid64.box ? I'm trying to find out who I have to beg to update the chef ruby version.
<benlangfeld> sorry, precise64 *
<smoser> utlemming, https://gist.github.com/smoser/5364534
<utlemming> smoser: looks sane
<hallyn> sarnold: is your email the gmail one?  (want to cc: you on a rfc patch for lxc locking)
<Daviey> jamespage: packaging.get_package_origin(package) == 'Canonical' <-- where does that get fulfilled? Is that the Origin field in the UCA Release file?
<sarnold> hallyn: seth.arnold@canonical.com please -- gmail works, but is now out of my usual daily workflow :)
<hallyn> sarnold: gotcha, thanks
<sarnold> thanks hallyn :)
<yousaf> hello
<yousaf> I need to run this command ps -ef | grep oil | grep worker | awk '{print $2}' | xargs kill -9 every hour
<yousaf> how can I set the cron job?
<sarnold> yousaf: you can either place a shell script in /etc/cron.hourly/ or you can edit the crontab of the user of your choice with sudo -u username crontab -e   and add a crontab entry starting with 0 * * * * ps -ef | grep oild | grep ...
<yousaf> which one is prefered?
<Pici> also , pgrep or pkill might work better than your command
<yousaf> i am root
<yousaf> Pici ps -ef | grep oil | pgrep worker | awk '{print $2}' | xargs pkill -9
<yousaf> like that?
<sarnold> yousaf: the /etc/cron.hourly/ feels easier to set up to me, but I think the only guarantee there is that it happens hourly -- not at any specific minute of the hour.
<sarnold> yousaf: so if you want to control at which minute within the hour the task runs, editing a crontab makes sense. if it is good enough to happen every hour, then the directory with script is easier..
<yousaf> I don't need to be specific
<Pici> yousaf: no, like pkill -9 worker   (use pgrep to test whether it matches what you think it should match)
<yousaf> as long as it runs that commands once every hour i am good
<Daviey> adam_g: Subject: [Openstack] Grizzly release packages available in the Ubuntu Cloud Archive <-- last post about having to change the setting, to get a working non ubuntu themed horizon.. is that true?
<jamespage> Daviey, I suspect subdomains of canonical.com
<Daviey> jamespage: I would like to know for sure.
<jamespage> Daviey, I worked that fix through with pitti prior to uploading
<jamespage> and have tested
<Daviey> jamespage: Right. but i'd like to personally understand what changes could break it :)
<Daviey> jamespage: I wondered if it was using the Origin here. http://ubuntu-cloud.archive.canonical.com/dists/precise-proposed/folsom/main/binary-amd64/Release
<mgz> Daviey: fixed meh debdiff, sorry about that
<jamespage> Daviey, yeah - thats where it comes from - just read the code
<jamespage> it backs onto apt python bindings
<jamespage> Daviey, "        origin    - The Origin, as set in the Release file"
<Daviey> jamespage: Okay, that is good to know.  I put Canonical in that field as a stop gap, wuthout careful consideration.  We now know we canot change it
<jamespage> Daviey, well we can change it - but we need to update the check :-)
<Daviey> And more so.. re-mirroring or using the staging PPA will not allow that to work
<jamespage> Daviey, I think its sufficient for the check
<Daviey> jamespage: I think you have a good filter :)
<jamespage> Canonical + ~cloud
<jamespage> Daviey, its been accepted into precise-proposed as well
<Daviey> it has?
<jamespage> Daviey, albeit with a slightly different setup for the older version of apport
<jamespage> Daviey, yep
<jamespage> just got the email
<Daviey> yeah i reviewed it earlier. I was waiting for confirmation on Origin before i accepted it
<Daviey> I see someone else beat me
<jamespage> Daviey, yep
<adam_g> Daviey, that shouldn't be the case. i can try now, though
<Daviey> adam_g: sounded wrong to me, but i wasn't confident stating such - without checking
<adam_g> Daviey, nah, 'dpkg -P  openstack-dashboard-ubuntu-theme' and the vanilla dashboard is fine
<adam_g> Daviey, well actually thats a PPA package, let me try /w what we have in the CA
<adam_g> Daviey, yeah, working okay
<jamespage> adam_g, it should make no difference - I've been twidding between ubuntu and stock themes no problem
<adam_g> jamespage, im wondering if he's just using a pkg version where things weren't compressed okay. i know zul recompressed everything yesterday
<jamespage> adam_g, Daviey: zul's regenerated assets for horizon are not in UCA for grizzly as well
<jamespage> might be
<Marko> hi all!
<zul> i uploaded horizon ubuntu2 to staging and raring yesterday
<adam_g> 1:2013.1-0ubuntu2~cloud0 is what i just tested
<thekev> utlemming/ivoks: https://bugs.launchpad.net/ubuntu/+bug/1150737 - know if there's a new 12.04 AMI that incorporates this?
<uvirtbot> Launchpad bug 1150737 in live-build "live-build causes installation old /sbin/initctl and start-stop-daemon to be installed in Cloud Images" [Medium,Fix committed]
<utlemming> thekev: one should be going out shortly
<utlemming> thekev: there is a build pending right now
<utlemming> thekev: actually, http://cloud-images.ubuntu.com/releases/precise/release-20130325/ should have that fix
<thekev> I see 20130325 on cloud-images.ubuntu.com
<thekev> (/locator/ec2). thanks
<jamespage> Daviey, can you accept apport into raring?
<jamespage> pls
<Daviey> yes
<irv> i'm getting the following: http://pastebin.ubuntu.com/5699212/
<irv> when i try to run update
<Crazy_> Hello! I need help. I've installed Ubuntu Server 12.10, set it up, installed openvpn. I can connect from the lan to the vpn and ping the server (10.8.0.1). I can also connect from outside the network, but i can't ping the server. The network is connected to Internet via a NAT router where I've opened vpn port to the server
<Crazy_> Can anyone help me?
<thekev> you are pinging the nat router
<thekev> or is this after you establish vpn?
<thekev> ok I think that's what you meant.  when you connect from the lan to the vpn, are you also in the same localnet as the server?
<thekev> from outside to the vpn, what routes do you push?
<thekev> netstat -rn on the vpn client
<mgz> Daviey: I've sent an email about the go juju packaging, hopefully it's a correct summary of what's left to do
<thekev> crazy_: I'm afk. sorry, can't wait around
<Crazy_> thekev
<Crazy_> sorry, i didnt't read you
<Crazy_> i was searching in ubuntu forums
<Crazy_> thekev: I've stablished the vpn connection. It's ok
<Crazy_> I don't know what is a localnet, can you help me?
<Crazy_> Hello! I need help. I've installed Ubuntu Server 12.10, set it up, installed openvpn. I can connect from the lan to the vpn and ping the server (10.8.0.1). I can also connect from outside the network, but i can't ping the server. The network is connected to Internet via a NAT router where I've opened vpn port to the server. Can anyone help me?
<Crazy_> Hello! I need help. I've installed Ubuntu Server 12.10, set it up, installed openvpn. I can connect from the lan to the vpn and ping the server (10.8.0.1). I can also connect from outside the network, but i can't ping the server. The network is connected to Internet via a NAT router where I've opened vpn port to the server. Can anyone help me?
<sarnold> Crazy_: no need to ask every ten minutes.. :)
<Crazy_> sarnold: OK. I'm newbie to this forum and to openvpn, so not knowing if anyone could help me. I'll stay quiet and waiting for help. I'm sorry
<sarnold> Crazy_: ah, then welcome to irc :) and good luck :)
<Crazy_> sarnold: thank you!
<ppetraki> hallyn, ping, you think one could setup a maas server from within an LXC instance without any networking issues?
<hallyn> ppetraki: if you bridge the container nic with the host's nic, I would think so
<aandy> hi, i'm running a (very) minimalistic install, which doesn't even support loop. e.g. it says "try using modprobe loop". any idea what i'm suppose to "get", or if i would get it from a apt-get upgrade?
<Pippocaruso> hi guys... One question. What's the best way to send your public rsa key???
<lwizardl> okay so I was on the phone for the last hour with comcast trying to get them to unblock port 25 and all the would do it offer remote admin to change the settings in outlook. So I am going to change services soon but would smarthost work with comcast for email servers ?
<Daviey> mgz: looks good to me
<Daviey> mgz: I do think it's massively unfortunate it seems gccgo is shelved
<mgz> yeah
<mgz> Daviey: if you have any suggestions on how we can do the packaging branch, given it requires multiple source branches, without being revolting, that would be really helpful
<Daviey> mgz: Does my hello world, branch help?
<mgz> Daviey: I don't see that referenced anywhere, can you give me a pointer?
<Daviey> mgz: Sorry, it was OT
<ppetraki> hallyn, thanks
<hallyn> ppetraki: np - lemme know if you hit issues
<Daviey> mgz: Where is the latest juju-core packaging source?
<mgz> what we have is what's used for the ppa, at lp:~dave-cheney/juju-core/package
<mgz> plus m_3's changes for the coinstallability in a seperate branch
<Daviey> ta
<mgz> Daviey: you really need to see https://code.launchpad.net/~dave-cheney/+recipe/juju-core for the current state to make sense
<syncsys_> Can a linux server make a domain with windows clients and use similar like active directory to install sofwares on ALL windows clients?
<Daviey> mgz: A, much better
<Crazy_> Hello! I need help. I've installed Ubuntu Server 12.10, set it up, installed openvpn. I can connect from the lan to the vpn and ping the server (10.8.0.1). I can also connect from outside the network, but i can't ping the server. The network is connected to Internet via a NAT router where I've opened vpn port to the server. Can anyone help me?
<kermit> why would a card not show up in lspci, even though it shows at boot?
<Quest> Can a linux server make a domain with windows clients and use similar like active directory to install sofwares on ALL windows clients?
<tgm4883> Quest, I already told you what you can use to do that
<Quest> k
<Quest>  what hardware that supports tokkens/cards/passwords/ and thumbprint  has integration with linux? and a readymade software for linux is a plus . Need it to log the timings of employees, salaries and hr integrations is a plus
<sarnold> Quest: check this out: https://github.com/Yubico/yubico-pam
<sarnold> Quest: it's a neat way to integrate two-factor auth using e.g. http://www.yubico.com/ or the Google android authentication program
<Quest> thx
<henkjan> Quest: also have a look at duosecurity.com for two factor auth with push notifications to smartphones
<Quest> hm
<Quest> thx
<thasmo> Hi folks! Is it possible to update chef (client/solo) to 10.14+ on a Ubuntu server with apt-get (preferably raring)?
<tok0loshi> Afternoon folks, has anyone got ubuntu/debian preseed to bypass no default route detected ?
<tok0loshi> I have tried d-i netcfg/no_default_route true
<tok0loshi> but no luck
#ubuntu-server 2013-04-12
<ruben231> hi guys anyone have idea what version of Ubuntu-server with packages as php5.1 or php5.2
<ruben231> and mysql 5.1
<bratsche> I thought Ubuntu has had mysql 5.5 for quite awhile now.  No idea about php, never used it.
<bratsche> I think 12.04 is where mysql 5.5 was added.
<ruben231> bratsche: how about mysql 5.1 and php 5.2
<sarnold> php 5.2 was hardy
<sarnold> aka -- out of support next month
<bratsche> mysql 5.1 was before Ubuntu 12.04.  I already said I have no idea about php, I don't use it.
<shankstaBytes> how can i install applications in a chroot
<shankstaBytes> using jailkit
<ruben231> sarnold: what version is hardy..?
<ruben231> ubuntu 10.04 LTS..?
<sarnold> ruben231: 8.04 LTS
<ruben231> sarnold:  how about 10.04 LTS --> does it have php5.2..? and mysql 5.1..?
<sarnold> ruben231: 10.04 LTS has php 5.3
<sarnold> ruben231: 10.04 LTS also has a mysql-dfsg-5.1, version 5.1.67 currently
<ruben231> ok thanks
<semcentro> Boa noite pessoal! nÃ£o consigo enviar a chave pgp pro servidor http://ubuntuforum-pt.org/index.php?topic=104343.0
<semcentro> <semcentro> entrei em contato com o e-mail mas atÃ© agora nenhuma resposta :
<sarnold> semcentro: maybe try #ubuntu-pt ?
<semcentro> (sarnold) nobody respond me in #ubuntu-brasil, so a user indicated me try this # :/
<semcentro> ie here
<sarnold> semcentro: aha :) can you re-state the problem in english? :)
<semcentro> i will try ;)
<semcentro> sarnold- I follow the steps this wiki (http://wiki.ubuntu-br.org/AssinarCodigoDeConduta#criarchave) and in the step two that i send the pgp to key-server i have the error: (gpg: "[key-ID]" not is a key ID:)
<semcentro> i try contact the email ubuntu-br-sp@lists.launchpad.net but nobody respond me
<sarnold> semcentro: aha :)
<sarnold> semcentro: what command did you run?
<semcentro> $ gpg --keyserver keyserver.ubuntu.com --send-key [key-ID]
<sarnold> semcentro: what keyid?
<sarnold> semcentro: if I were to send my key to the keyservers, I would run gpg --keyserver keyserver.ubuntu.com --send-key 9D8D2E97
<sarnold> semcentro: 9D8D2E97 is my keyid, I found it by running gpg --list-secret-keys
<semcentro> yes
<semcentro> gpg --keyserver keyserver.ubuntu.com --send-key [2EB77ACA]
<sarnold> semcentro: okay :) remove the [] -- just gpg --keyserver keyserver.ubuntu.com --send-key 2EB77ACA
<semcentro> ok
<semcentro> haha...so simple sarnold, i'm a mule! thanks. I'll end the process
<sarnold> semcentro: good job translating to english :)
<FracOMac> is asking for some help with my apache config here ok?
<sarnold> I think so..
<FracOMac> err, just found a channel for that, nvm :P
<Guest41429> hi, i play with acl and cant solve my needs
<Guest41429> i want create folder /firebird who own firebird group
<Guest41429> then with winscp (ssh connection) with user igor copy file to ./firebird
<Guest41429> and this new file have get owner and group  - firebird + permissions are 0660
<Guest41429> user igor is memmber of group firebird
<CrazyBird> Hello! I need help with this. I've set up ubuntu 12.10, installed LAMP and OpenVPN. After a bit of set-up work, I can connect to the VPN from the LAN and from outside (Internet). The problem is I can ping the server from the LAN, but not from outside. The server can't ping the client when it is outside the LAN. I have firewall disabled in the server and configured my router to bypass VPN port. What can I do?
<CrazyBird> anyone here?
<CrazyBird> I need help, anyone here?
<Sharetel> Hi, I tried this: apt-get install mod_perl-devel.i386 but got this message E: Unable to locate package mod_perl-devel.i386
<Ng> Sharetel: that sounds like a Fedora/RHEL package name, not an Ubuntu one
<Ng> Sharetel: did you maybe mean libapache2-mod-perl2-dev ?
<Sharetel> Ng: It pertains to a fix for Redmine. I just installed Redmine 2.3.0 and at the last step the Apache failed with these errors which can be seen at http://pastebin.com/UEVudk8x
<Sharetel> is there any similar package for it?
<Ng> wow
<Ng> so that error is saying that some local build of mod_passenger hasn't produced an expected apache module file
<Ng> it doesn't explicitly suggest that you're missing mod_perl headers, but it's possible that there were earlier build failure
<Ng> Sharetel: which version of Ubuntu are you running?
<Sharetel> Ng: It's Ubuntu 12.04.2 LTS
<Ng> Sharetel: so I think I'd probably try "gem install passenger" on its own and check over the full build log to see if there are errors
<Sharetel> Ng: I referred to this site http://grandslam90.wordpress.com/2012/05/22/howto-redmine-2-0-0-passenger-subversion-repositories-in-ubuntu-12-04/ and now stuck at the very last step of resarting Apache...that's when I get the errors, rest all went fine
<Ng> Sharetel: does this find any files?   find /var/lib/gems -name mod_passenger.so
<Ng> if yes, fix the apache config to have the right path. if no, the rest did not go fine, one of the steps failed or was missed (or is just wrong, I guess)
<Sharetel> Ng: Yes, it finds the file /var/lib/gems/1.9.1/gems/passenger-3.0.19/ext/apache2/mod_passenger.so
<Ng> Sharetel: so then fix up the apache config to look for passenger-3.0.19 instead of 3.0.12 and you should be one step closer :)
<Ng> you might want to check the other configs, it looks like the 3.0.12 comes up more than once
<Ng> looking at that blog post
<Sharetel> Ng: The Apache error got fixed, but the site still doesn't come up
<Sharetel> am looking into apache error logs
<Sharetel> Ng: Here's the message in error logs of Apache http://pastebin.com/1yb766RF
<Ng> Sharetel: is your PassengerRoot directive correct?
<Sharetel> Ng: Yes, I fixed that as well, but the site doesn't come up. http://192.168.1.50:3000
<Sharetel> Ng: Apache logs doesn't show anything untoward
<Sharetel> Ng: Apparentlysomething amiss in vi /etc/apache2/sites-available/mysite
<Sharetel> Ng: I was wondering if you could please take a look here and suggest appropriate changes http://pastebin.com/TGAAr8np
<Ng> Sharetel: that vhost is on port :80 so it doesn't seem very likely that it would work on :3000
<Sharetel> Ng: If I go http://192.168.1.50/redmine, it merely brings up the Index of /redmine
<Sharetel> Ng: Has it something to do with ServerName entry?
<Ng> Sharetel: potentially. did you run the apache2ctl -S command I suggested?
<Sharetel>  port 80 namevhost mydomain.com (/etc/apache2/sites-enabled/red:1) Syntax OK
<Ng> Sharetel: put the whole output in a pastebin?
<Sharetel> Ng: here it is http://pastebin.com/SuFysw4k
<Ng> Sharetel: ok so the default vhost for :80 is the "old" file, so yes, this probably is because the ServerName entry doesn't match the URL you're opening
<Ng> you're requesting 192.168.1.50 and apache is looking for "mydomain.com"
<Sharetel> Ng: On this http://grandslam90.wordpress.com/2012/05/22/howto-redmine-2-0-0-passenger-subversion-repositories-in-ubuntu-12-04/ it states to remove the default site. Fearing some odd consequences I merely renamed it
<Ng> Sharetel: if it's in sites-enabled, it's still enabled, regardless of its name :)
<Sharetel> Ng: So do I delete it...the older one?
<Ng> Sharetel: yeah, if it's in sites-enabled it should just be a symlink to a file in sites-available
<Sharetel> Ng: I deleted it, now the browser has http://192.168.1.50/red, and it says Page not found. The page you were trying to access doesn't exist or has been removed. Back
<Ng> Sharetel: I think it was supposed to be /redmine
<Sharetel> Ng: Passenger error #2 An error occurred while trying to access '/var/www/redmine/redmine': Cannot resolve possible symlink '/var/www/redmine/redmine': No such file or directory (2)
<Ng> Sharetel: I can't help but wonder if some better installation instructions would be useful - that blog post doesn't seem to have produced a very useful setup
<Sharetel> Ng: I sincerely all the help you have rendered so far and am not very familiar with all this. Neverthless, am still looking around in Google as well. Thank you so much!
<Diegonat> hi, any alternative to landscape?? Dont tell me puppet
<smb> zul, nag?
<zul> argh!
<zul> doing it right now
<smb> Ahh. :)
<zul> smb:  done
<smb> zul, Thanks a lot
<Diegonat> hi, any alternative to landscape?? Dont tell me puppet
<Enich> I am trying to do some ubuntu server kickstarts,  i would like to be able to define the ipaddress instead of aquireing it via dhcp on startup.   If i do it via     network --bootproto=static --ip=172.16.10.100 --netmask=255.255.255.0 --gateway=172.16.10.1 --nameserver=172.16.10.1 --device=eth0      IT still looks for dhcp, and when it fails, and i press  configure manually, it skipps the manual configuration and starts installing.  so i guess it must be
<Enich> getting the ip information, but for some reason still looks for a dhcp server.   Any idears ?
<Diegonat> /etc/network/interfaces
<diplo> Diegonat: Spacewalk for CentOS, just read their faqs and they support Debian, not sure about ubuntu http://spacewalk.redhat.com/faq.html
<Diegonat> diplo, im using it but its not very good
<Diegonat> i hate ubuntu
<Diegonat> why dont they release landscape opensource?
<Diegonat> ghghhg
<diplo> Money :)
<Enich> Diegonat,  ansible   or is that totally off
<Enich> Diegonat,   was that /etc/network comment for me
<Enich> ?
<Diegonat> Enich, yes
<Enich> Diegonat,   That would be fine after iinstallation, but when im doing a kickstart, i would need to feed the information way before...  The network line i was refereing to actually takes care of /etc/network/interfaces... but im talking while doing a unattended kickstart install
<Diegonat> ah ok sorry i dont know
<diplo> Enich: http://hectcastro.me/2011/11/18/preseeding-ubuntu-server-and-static-ip-addresses.html maybe of help ?
<Enich> i am already doing initrd-inject with args like ip etc.. which dosnt seem to work
<diplo> I missed the bootproto bit sorry
<rystic> hi all. i'm having some trouble understanding how posix permissions interact with ACLs. i've read the man pages and attempted googling around quite a bit, but i'm still running into an issue where my ACL is set to default:group::r-x but new files i create get #effective:r-- which is.... suboptimal. can anyone point me to a good explanation?
<Siraris> Does anyone know how I can clone repositories on my Amazon EC2 instance?
<Siraris> git repositories that is
<Siraris> I generated a ssh key, put the public key on bitbucket, but I'm still getting permission denied
#ubuntu-server 2013-04-13
<semcentro> i have problens to register key-gpg in lauchpad
<lolcat> Hello
<lolcat> Is it impossible to install ubuntu 12.10 to a raid1?
<lolcat> It won't install grub
<lolcat> I even left an empty partition for grub
<orogor> hi here
<orogor> anyone around running kvm ?
<orogor> or doing virtualisation ?
<orogor> hi here
<orogor> anyone around using xen ?
<Iszak> Anyone got guides on securing a ubuntu 12.04 server?
<oeeve> Hi, I'm having some trouble figuring out whats wrong with my sftp server: http://paste.pm/688.js , as you can see I checked to see if sshd was running, and it is.. but only one ssh user, why wont it let any other in?:/ I just get the "unexpectedly closed" message in filezilla
<jgdovin> k so its been a bit since i set up a server and i just set up a new vps with vilayer. i can ssh in but it cannot ping out to any ip or url if you can give me an idea of where to start i would be grateful
<RoyK> jgdovin: if you can ssh in, the routing works, if you then cannot access anything outside, some firewall may be involved
<Cippalippa> hi guys! I need some help. I am trying to write my .htaccess on my server root /var/www/ . I want http://www.test.co.uk/ to redirect to http://www.test.co.uk/vhosts/test/ .How do i need to do??
<patdk-lap> depends
<patdk-lap> exactly what do you want to change/enforce?
<Cippalippa> patdk-lap: why?
<patdk-lap> your example isn't specific enough
<Cippalippa> I want to redirect requests
<patdk-lap> are you sure?
<Cippalippa>  http://www.test.co.uk/ I want to redirect to  http://www.test.co.uk/vhosts/test/  but I dont want the user to see that
<patdk-lap> you want to redirect? or rewrite?
<Cippalippa> rewrite sorry
<patdk-lap> and do you want to enforce the domain? or any domain?
<Cippalippa> my english, my bad
<Cippalippa> what's the difference?
<patdk-lap> well, a redirect will jsut change / to /vhosts/test/
<patdk-lap> it doesn't care about the name
<patdk-lap> do YOU care about the name?
<Cippalippa> yes I care
<Cippalippa> i dont want anybody to see the destination
<patdk-lap> heh?
<patdk-lap> everyone knows the destination
<Cippalippa>   /vhosts/test/ i want /
<patdk-lap> hmm, I didn't ask about that
<patdk-lap> I asked about the www.test.co.uk part
<Cippalippa> yes sorry
<patdk-lap> do you care about that? must that match EXACTLY
<ddsss1> what do u guys use to monitor server load?
<Cippalippa> i want that when the user goes to  www.test.co.uk sees the content in  www.test.co.uk/vhost/test
<patdk-lap> ddsss1, uptime?
<patdk-lap> ddsss1, but what do you mean by server load?
<Cippalippa> patdk-lap: is it clear?
<ddsss1> patdk-lap: server hosts php app. I want to see cpu usage graph overtime, network traffic, hdd usage etc.
<patdk-lap> rewritecond %{HTTP_HOST} ^www\.test\.co\.uk$
<patdk-lap> rewriterule ^/$ /vhosts/test/
<patdk-lap> ddsss1, anything you want sysstat, cacti, munin, ...
<ddsss1> patdk-lap: which ones do peopel most use?
<ddsss1> patdk-lap: which ones do people use most?
<patdk-lap> !poll
<ubottu> Usually, there is no single "best" application to perform a given task. It's up to you to choose, depending on your preferences, features you require, and other factors. Do NOT take polls in the channel. If you insist on getting people's opinions, ask BestBot in #ubuntu-bots.
<Cippalippa> patdk-lap: so RewriteEngine on rewritecond %{HTTP_HOST} ^www\.test\.co\.uk$ rewriterule ^/$ /vhosts/test/    in a file in /var/www.  Is it right?
<patdk-lap> no
<patdk-lap> if your using .htaccess, you will also need a rewritebase too
<patdk-lap> likely rewritebase /
<Cippalippa> patdk-lap: where ?
<patdk-lap> before rewritecond/rewriterule
<Cippalippa> its not working, im doing something wrote
<Cippalippa> patdk-lap: so RewriteEngine on rewritebase / rewritecond %{HTTP_HOST} ^www\.test\.co\.uk$ rewriterule ^/$ /vhosts/test/    in a file in /var/www.  Is it right?
<patdk-lap> for the infomation you provided, yes
<patdk-lap> that also assumes you have the rewrite module loaded, and allowoverrides on
<patdk-lap> but that is all outside the scope of the question
<snufft> hi guys :)
<Koheleth>  can I use grep to search databases?
<RoyK> Koheleth: what database?
<Fieldy> Koheleth: only if the string you are looking for has it in cleartext. your best bet is to query the database properly
<snufft> i'm trying to ssh into my server, but ssh is just sittnig at 'Using username "[usernamehere]".'
<snufft> is there anything i can do from my end?
<snufft> or does the vps need to be restarted at the virtual client end?
<Fieldy> snufft: throw on -vvv to the client and see if there's any clues in the debug output
<snufft> Fieldy: no joke, i've been trying to do something about this for the last hour or so, just as I posted that, it logged me in -_-
<Fieldy> -vv might be enough
<Fieldy> figures :)
<snufft> Fieldy: but thank you for your help :) what does -vvv do anyway?
<Fieldy> sometimes reverse DNS lookups slow down connections (but not THAT much)... add UseDNS no   to /etc/ssh/sshd_config and restart sshd
<snufft> I think mine is MySQL eating all the resources :(
<Fieldy> snufft: -v is verbose output, vv is more, vvv is isnanity
<snufft> hahahahaha, ok. thanks heaps :)
<Fieldy> often you'll get a clue as to what's going on with the output
<snufft> ahhh fair enough :) top is taking ages to return anything now, so it's probably mysql again....
<Fieldy> sounds like a heavily loaded system. i get that on one of my IDS sensors, takes forever to SSH in no matter what
<Fieldy> it's just really weak hardware in that case
<Fieldy> actually getting a shell prompt takes maybe 30 seconds or more
<snufft> mine's taking a bit longer than that :P updwards of 10 mins maybe :(
<Fieldy> yeah that's not normal. and generally a TCP connection will time out after 5 minutes
<Fieldy> it might be time to move whatever's causing all that load off to its own instance, or if the vps is just low on ram and deep in swap, upgrade its plan for more ram
<Cippalippa> is there a default file for ubuntu where iptables rules are saved?
<snufft> it's starting to look like apache...
<Fieldy> snufft: yeah i had a lot of endless pains with apache especially with VPS where lots of ram wasn't always available. one day I tried lighttpd which gets it done with much, much less resources, and that's all I use anymore
<Fieldy> apache can be tuned to use a lot less, but it's not straightforward, and it begins to perform very poorly as you start clamping it down
<snufft> Fieldy: I feel you. I normally run Nginx, but the admin for this server only knows apache, so that's what i use. It's curently has 17 threads going, all with virt of 277mb...
<Fieldy> well, if he wants to stick with it, he'll be faced with paying for a RAM upgrade on the VPS most likely
<Fieldy> or moving other things like sql to another instance
<snufft> bang. apache restarted, site works... is there anything I can do to stop things locking me out of being able to ssh in?
<Fieldy> not really, if the system is getting  hammered, that will continue to be a problem
<snufft> that's a shame :(
<snufft> btw, is your nick from Fieldy of Korn, or somewhere else? :P
<Fieldy> yeah, don't tell them what it means :P
<snufft> hahahahahahahaha
<Fieldy> i couldn't get a gentoo cloak with the longer nick heh
<Cippalippa> is there a default file for ubuntu where iptables rules are saved?
<snufft> i wish they'd let David come back :( head's kind-of back, but it's not the same without David...
<Fieldy> Cippalippa: not that i know of, are you simply looking to have some rules applied at boot or when networking comes up?
<Cippalippa> at the boot
<Fieldy> ok, let me look at my setup, because that's what I do
<Fieldy> i think i just confused myself. that's what i get for having so bloody many different distros / servers. even my notes aren't clear
<Fieldy> Cippalippa: first I created an upstart script, a url describing what that is is at the top of this http://pastebin.ca/raw/2358274
<Fieldy> it calls /root/bin/iptables-and-forwarding.sh which is the raw iptables commands building the ruleset I want. there's probably a better way to do this but it works for me
<Fieldy> noting that I am wiping out any existing rules at the start of that
<GTAXL> Hello, can someone please help me with an apt-get remove problem? :/ http://pastebin.com/YfCV94HU
<maxb> GTAXL: Do you have any packages in hold status, discouraging apt from removing them?
<GTAXL> not sure
<GTAXL> how could I check?
<maxb> dpkg -l | grep ^h
<GTAXL> that outputs nothing
<maxb> Hm
<maxb> Check your package manager state for potential anomalies with 'dpkg --audit'
<maxb> And run dpkg and apt's "clean up after partial installations" routines: 'dpkg --configure -a' and 'apt-get install -f'
<maxb> And then the other thing you could try to attempt to localise the problem would be to attempt removal of fewer packages in one command - e.g. you could try asking for just apache2.2-common to be removed and let apt remove pretty much anything else that depends on apache\
<Lartza> Any gitlab alternatives? Gitorious maybe?
<thasmo|off> Hey there! Does anyone have experience with xdebug?
#ubuntu-server 2013-04-14
<tcb^ll3r> cd /etc
<tcb^ll3r> ls
<tcb^ll3r> lol
<tcb^ll3r> sry
<antix> cat /etc/passwd
<tcb^ll3r> what should DSHELL be in adduser.conf to deny shell access?
<tcb^ll3r> i set it to /sbin/nologin , but that makes ubuntu gods angry
<judas> using exportfs only gives the client 'access denied'
<judas> although entries in exports work fine
<Rarrikins> If /tmp isn't writeable and I reboot, will I still be able to log in remotely via SSH?
<Merkidemis>  Can someone help me with an error? I am trying to do an apt-get update on my lucid server and get the following: W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/Release.gpg  Could not connect to archive.ubuntu.com:80 (2001:67c:1360:8c01::1a). - connect (101 Network is unreachable) [IP: 2001:67c:1360:8c01::1a 80]
<Merkidemis> Hello?
<cfhowlett> Merkidemis, I see you ... perhaps it's SysAdmin coffeebreak?
<Merkidemis> it is early on a sunday...
<andol> Merkidemis: Having a broken IPv6 connectivity?
<andol> Merkidemis: At least myself I have no problem talking http over ipv6 to that address.
<Merkidemis> andol: probably, though I'd be fine if apt would just use IPv4
<Merkidemis> andol: I have tried changing gai.conf, commenting the ailias in modprobe.d/ailiases, adding entries to hosts to map the URL to the IPv4 address, adding lines to sysctl.conf to disable IPv6 (which results in a 97 protocol not supported error)...
<Merkidemis> andol: the machine currenlty has a Link IPv6 address, but I can't ping6 anything (network unreachable error).  Like I said, if I could get APT to use IPv4 I'd be happy
<Merkidemis> Can someone help me with an error? I am trying to do an apt-get update on my lucid server and get the following: W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/Release.gpg  Could not connect to archive.ubuntu.com:80 (2001:67c:1360:8c01::1a). - connect (101 Network is unreachable) [IP: 2001:67c:1360:8c01::1a 80]
<wickedpuppy> archive.ubuntu.com is up though
<wickedpuppy> I can ping
<wickedpuppy> can you?
<packetfrog> ./etc/network/interfaces might not be setup right
<Merkidemis> yes, I can ping it just fine over ipv4
<Merkidemis> Here is my interfaces:
<Merkidemis> auto lo
<Merkidemis> iface lo inet loopback
<Merkidemis> # The primary network interface
<Merkidemis> auto eth0
<Merkidemis> iface eth0 inet static
<Merkidemis>         address 192.168.10.250
<Merkidemis>         netmask 255.255.255.0
<Merkidemis>         network 192.168.10.0
<Merkidemis>         broadcast 192.168.10.255
<Merkidemis>         gateway 192.168.10.1
<packetfrog>  apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $key ; done
<packetfrog> then update
<packetfrog> again
<packetfrog> ;'/
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Merkidemis> one sec
<RoyK> pastebin ifconfig output too
<RoyK> seems it's trying to reach an IPv6 address and you only have IPv4 configured
<cyberglyph> hey guys i have a old p4 1.6ghz and I want to use it to do a proxy server they said server is the best but I don't know command line any ideas or is it possible to do being Im a noob?
<Merkidemis> packetfrog: copied the above into a bash script, ran it, then tried doing an update again. Same errors
<patdk-lap> cyberglyph, it's easy enough, but you will have to use cli, no matter what
<packetfrog> copy/paste to terminal and hit enter
<patdk-lap> so might as well start learning
<packetfrog> tell me what it says
<packetfrog> cyberglyph, google for a tutorial "ubuntu proxy server tutorial" or whatever    read it   if you think you can, you can.
<Merkidemis> packetfrog: trying again, one moment while it tries the connections
<Merkidemis> packetfrog: still getting Err http://archive.ubuntu.com lucid-updates Release.gpg
<Merkidemis>   Could not connect to archive.ubuntu.com:80 (2001:67c:1360:8c01::18). - connect (101 Network is unreachable) [IP: 2001:67c:1360:8c01::18 80]
<qman__> cyberglyph, you will have to use the command line to set up the server software regardless if you have a GUI installed, because that's how it's done; there are no GUI tools to do it for you
<qman__> cyberglyph, installing a GUI on the server end is therefore a waste of resources and a potential security vulnerability
<cyberglyph> ok thats cool but i don't know command level stuff so I would be wasting my time with the server or should I try to learn a little to get up and going
<qman__> you should try to learn, it's not that hard
<packetfrog> cyberglyph, You dont need to learn any of it.
<packetfrog> It is not going to make you anonymous by running a proxy server in your home network
<qman__> there are other reasons to use proxies, such as caching/optimization and authentication
<packetfrog> Not that he wants
<packetfrog> or asked about anyhow
<packetfrog> Merkidemis, You can ping that host right?
<Merkidemis> via ipv4, yes
<Merkidemis> packetfrog: ttl=47, average time is 140 for each ping
<packetfrog> Do you have a firewall running?
<Merkidemis> packetfrog: never set one up on here, let me double check the router
<Merkidemis> packeetfrog: firewall disabled on router, iptables -L shows: Chain INPUT (policy ACCEPT)
<Merkidemis> target     prot opt source               destination
<Merkidemis> Chain FORWARD (policy ACCEPT)
<Merkidemis> target     prot opt source               destination
<Merkidemis> Chain OUTPUT (policy ACCEPT)
<Merkidemis> target     prot opt source               destination
<packetfrog> Is this on going? or just a new issue?
<Merkidemis> packetfrog: new in that I haven't tried to do an update for a long time.  All my other services that I have running, namely my mediatomb server, still works just fine.
<packetfrog> Merkidemis,  Can I PM you?
<packetfrog> I do not feel like pastebinning
<Merkidemis> sure thing
<Merkidemis> packetfrog: plugging directly into the router (bypassing the switch) "fixed" the problem and allowed me to do updates
<herman__> does anyone know how to set apache to return an https connection?
<Merkidemis> packetfrog: and of course after the update and upgrade I can't ssh into it anymore
<catphish> i'm having trouble with vlan traffic since a kernel upgrade, i'm seeing outgoing traffic from bond0.3 being transmitted on bond0, but incoming traffic (identified by tcpdump as vlan3) isn't being copied to bond0.3
<catphish> is there a way to run 10.04 with a much newer kernel? there seem to be bugs in both 3.0.0-32 and 2.6.32-46
<patdk-lap> you can run it with any kernel you want
<patdk-lap> at some point you will hit libc issues, and other utility issues
<patdk-lap> but it is probably going be just fine, cause 10.04 isn't that old
<catphish> what would be the best approach? is there a ppa i can look to?
<patdk-lap> you could
<patdk-lap> but why bother using a ppa?
<catphish> simplicity
<catphish> unless there is a trivial way to compile a kernel with appropriate drivers, i haven't done it for years
<patdk-lap> I don't understand how using a ppa is easier than not doing anything
<patdk-lap> linux-image-server-lts-backport-maverick - Linux kernel image on Server Equipment.
<patdk-lap> linux-image-server-lts-backport-natty - Linux kernel image on Server Equipment.
<patdk-lap> linux-image-server-lts-backport-oneiric - Linux kernel image on Server Equipment.
<patdk-lap> odd I couldn't locate a precise backported one
<catphish> i'm not sure what versions those refer to
<patdk-lap> 10.10, 11.04, 11.10
<patdk-lap> really, just ask your computer what they are
<catphish> i mean kernel versions, i assume whatever currently ships with those releases
<catphish> i'd really like the precise kernel
<catphish> as i know that works
<patdk-lap> serialy use apt-cache show
<patdk-lap> heh? upgrade to precise then
<patdk-lap> why bother sticking iwth 10.04?
<catphish> i intend to upgrade
<catphish> but in the meantime, i'm looking to avoid a couple of specific bugs
<catphish> i'm sad that the bugfixes haven't been backported, but i guess they're not common enough
<patdk-lap> what bugfix?
<catphish> 2.6.32 has a bug that causes some systems to crash after 200 days
<patdk-lap> heh? that is not very descriptive at all
<patdk-lap> and I have not see nthat, with many systems running for much longer than that
<catphish> only some systems are affected
<catphish> unfortunately almost all of mine
<catphish> i think it affects specific CPUs with virtualization enabled
<patdk-lap> well, all my systems have vt enabled
<patdk-lap> though I only have 1 amd system
<catphish> i know it's intel specific
<patdk-lap> well, there isn't anything I can do, unless you can point to this bug, or bugfix
<patdk-lap> as your groping around with very general ideas, and no idea what is going on
<catphish> patdk-lap: i don't understand, are you an ubuntu maintainer?
<patdk-lap> define that
<catphish> ok, well since you seem to care, the bug is described in detail here: http://www.novell.com/support/kb/doc.php?id=7009834
<catphish> not sure what version it as fixed in the upstream kernel
<catphish> upgrading to linux-image-server-lts-backport-oneiric fixes it, but also introduces broken vlan support on my NICs, i could try linux-image-server-lts-backport-natty, i'll just need to verify that it contains the fix for the crash
<patdk-lap> hmm, tsc unstable, that seems to be an issue
<patdk-lap> I don't have any system with that
<catphish> not sure if it's also this bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/805341
<uvirtbot> Launchpad bug 805341 in linux "sched clock overflows in 208 days (i386 and amd64)" [Undecided,Fix released]
<catphish> seems more specific
<patdk-lap> same issue
<patdk-lap> This was fixed in Lucid already in: 2.6.32.50
<patdk-lap> According to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/902317
<uvirtbot> Launchpad bug 902317 in linux "Lucid update to 2.6.32.50 stable release" [Undecided,Fix released]
<catphish> that thread claims that its fixed in lucid
<patdk-lap> hmm. 2.6.32.38
<patdk-lap> 2.6.32-38 ubuntu kernel version
<catphish> well my issue occurs in vmlinuz-2.6.32-46-generic
<patdk-lap> but what is your issue?
<patdk-lap> you have a panic?
<patdk-lap> so we can be sure it's the *same* issue?
<catphish> no, it's a slowdown
<catphish> it leaves hosts pingable, but useless
<patdk-lap> well, different issue is different
<catphish> ok
<catphish> i'll have to look harder for related bugs them
<catphish> *then
<catphish> just looking for logs now
<catphish> all i see in the logs is a lot of blocked processes
<catphish> eg. INFO: task cron:1709 blocked for more than 120 seconds.
<catphish> i do have constant_tsc and nonstop_tsc
<dream_> hello how do i fix server 10.04 lts, system broke while trying to upgrade
<dream_> server cd with fix option didnt work for me as i couldnt choose right options as i didnt want my partition to be destroyed
<catphish> another question might be why bnx2+bridge+vlan is broken in 3.0.0-32-generic, but that's not somewhere i'm focusing
<catphish> patdk-lap: thanks for all your help, i believe i was mistaken, and the bug has now been patched in linux-image-2.6.32-38-server on lucid
<Patrickdk> if your system remains up, but slow, it's not that bug
<Patrickdk> it's something else
<catphish> (assuming my bug is the same, which i'm convinced it is)
<catphish> oh, perhaps i'm mistaken then
<catphish> :(
<catphish> same cpu flags, same timeframe
<Patrickdk> yes, that tsc thing might be affecting other things also
<Patrickdk> and that might still need to be fixed
<catphish> the ubuntu bug mentions "BUG: soft lockup - CPU#1 stuck for 17163091968s"
<catphish> that doesn't sound like a panic
<Patrickdk> the suse one was a panic
<catphish> it was, but the ubuntu one is a soft lockup
<Patrickdk> that softlockup would be it just noticing the time jump
<Patrickdk> it didn't really lockup
<catphish> "Other problems caused by this overflow include task scheduler unfairness. softlockups ('stuck for 61s!') are observed in 210~220 days after reboot but I've not yet succeeded to explain the logic."
<catphish> can't be sure but it certainly all seems related
<catphish> my dsl has slowed to such a crawl i can't work any more
<catphish> i will most likely upgrade everything to 2.6.32-46 and plan a proper 12.04 migration within the next 200 days in case
<catphish> thanks again for your help Patrickdk
<Patrickdk> too hard to backup and do a test upgrade?
<Patrickdk> my upgrades from lucid to precise have gone extreemly well
<catphish> i prefer reinstall and data restore
<catphish> but that's fine
<dream_> how do i reinstall 10.04 without losing data and w/o repartitioning?
<dream_> my system broke
<catphish> the installer should let you do that, but i'd be worried about my data in doing so
<catphish> just mark the root partition as the root partition and select not to format it
<dream_> it asks for partitioning always which will result in losing data :(
<Patrickdk> no it does not
<catphish> it asks for partition information, but doesn't make you change anything
<dream_> so if i try to upgrade it keeps all info on HD?
<dream_> burnt the new version
<dream_> lemme try with that
<zastaph> I think this is more an ubuntu issue than vagrant so i'll ask for advice here: https://github.com/mitchellh/vagrant/issues/289
<zastaph> i tried the 2 lowest suggestions, but they didnt help.. it still fails on apt-get -y upgrade with Errors were encountered while processing: grub-pc
<zastaph> because it wants to do package configuration which is not easy from vagrant
<KatyPerryX420> #freenode said try  here so here's what's going on ok so i just have installed the hybrid irc server for ubuntu 12.04 thru ssh and i need help setting my message of the day and conniction info it's running on a remote server
<KatyPerryX420> brb just pm me
<KatyPerryX420> so how would i go about what i need to do
<packetfrog> what ircd software?
<KatyPerryX420> uh hybrid irc and i need to set up a hybserv to talk to the hybrid irc
<KatyPerryX420> not much command line exp in linux as i mainly just use windows 7
<packetfrog> http://www.the-tech-tutorial.com/?p=709
<packetfrog> live long and prosper.
<Merkidemis> packetfrog: so, if I change the static ip from 192.168.1.250 to 192.168.1.25 everything is fine, and it can be on the switch.  I do so love networking....
<packetfrog> LOL
<packetfrog> Nice! At least you got it done..
 * packetfrog claps
<KatyPerryX420> packetfrog: i've looked at that tut and another one and i'm just not catching on
<packetfrog> KatyPerryX420, Then you should likely find something else to do with your time. pretty straight forward... :p
<packetfrog> or hire a sysadmin to do it for you
<packetfrog> :P
<nigelb> Hi! Is there an easy way to get the ip address of my lxc container?
<zastaph> I don't know how many times i've visited ubuntuforums.org with a post that said [SOLVED] and didn't find the solution :)
#ubuntu-server 2014-04-07
<jamescarr> installing lxml via python-pip and I'm getting this on ubuntu saucy "/usr/bin/ld: cannot find -lz"
<jamescarr> any ideas?
<jamescarr> apt-get install zlib1g-dev
<cfhowlett> jamescarr repo enabled?
<lordievader> Good morning.
<dwarder> my LAMP installation 'hanged' on 'Configuring mysql-server-5.5' at 72%
<dwarder> should i kill it?
<RoyK> I don't get it. my server is spending time swapping long before it's used its memory. setting vm.swappiness=1 "fixed" it, but it'd be nice if linux were a wee bit smarter
<caribou> rbasak: ping
<rbasak> caribou: pong
<caribou> rbasak: quick question : is there a way with uvtool to remove one of the downloaded cloud-images ?
<caribou> rbasak: like I have trusty i386 & amd64 & I want to remove i386
<rbasak> caribou: not currently supported, unless simplestreams can rotate it out based on some filter.
<rbasak> caribou: you can hack it quite easily though
<caribou> rbasak: yeah, I suppose I could go & delete the file once I can identify it
<rbasak> caribou: remove the corresponding metadata file in /var/lib/uvtool/libvirt/metadata (I think?) then sync.
<caribou> rbasak: ok, will do.
<caribou> rbasak: I'm also thinking of 'proposing' a "uvt-kvm create --wait" that would call the uvt-kvm wait from the create option
<caribou> rbasak: I need to take a few minutes to look into it
<rbasak> caribou: that's a great idea. I filed bug 1301412 last week. I think your solution is maybe better. Or perhaps we need both.
<uvirtbot> Launchpad bug 1301412 in uvtool "uvt-kvm wait ... && uvt-kvm ssh ... is inconvenient and repetitive" [Wishlist,Triaged] https://launchpad.net/bugs/1301412
<caribou> rbasak: yeah, maybe both can be useful and/or complementary
<rbasak> caribou: also, how about a -l|--login option on the create subcommand that implies --wait and also does ssh to defaults?
<caribou> rbasak: could be useful indeed
<rbasak> caribou: let me put this all into that bug
<caribou> rbasak: ok, I'll subscribe to it
<dwarder> PHP Fatal error:  Call to undefined method mysqli_result::fetch_all()
<dwarder> how do i fix this
<dwarder> phpinfo() shows that mysqli is loaded
<rymate1234> <rymate1234> i have an ubuntu 12.04 server running with an x11vnc remote desktop thing
<rymate1234> <rymate1234> how do i make the resolution higher than 1024x768
<rymate1234> nvm
<jamespage> roaksoax, smoser: soooooo.....
<jamespage> roaksoax, smoser: I just upgraded to the lastest maas on 14.-4
<jamespage> and I *think* the grub install is failing in the fast-path installer - I've tried on precise and trusty installs and I get the same issue
<jamespage> roaksoax, smoser: how do I debug this?
<roaksoax> jamespage: ssh into the fastpath and look whats wro g
<jhobbs> jamespage: you can prevent the target system from rebooting after install by editing /etc/maas/preseeds/curtin_userdata
<jhobbs> there are a couple of lines "power_state:\n   mode: reboot" you can comment out
<zul> jamespage:  im going to start uploadling to saucy-proposed
<roaksoax> jamespage: first, though restart the cluster controler and try again
<jamespage> zul, you can't
<jamespage> roaksoax, I already rebooted
<zul> jamespage:  i cant?
<jamespage> zul, the nova sru is still blocking you
<zul> jamespage: oh...yeah....
<roaksoax> jamespage: check that fastpath is accesing the correct ip address for the cluster
<jamespage> roaksoax, OK
<roaksoax> to download the root.tar
<roaksoax> gz
<jamespage> roaksoax, I watch the console - that's all happening OK
<jamespage> the failure is quite late in install
<roaksoax> jamespage: then probably curtin issue. yeah access the image and investigate why it fails. i think issues were reported but then magically fixed
<jamespage> roaksoax, OK - trying now
<jamespage> roaksoax, I should just be able to SSH to the FPI right?
<jamespage> no extra incantation required?
<roaksoax> jamespage: you need the ephemeral backdoor
<roaksoax> you need to activate it
<jamespage> roaksoax, ?
<roaksoax> jamespage: https://lists.launchpad.net/maas-devel/msg00808.html
<jamespage> roaksoax, is that still applicable with the new boot-resources stuff?
<roaksoax> smoser ^
<roaksoax> jamespage: the process is of course, the paths, no
<jamespage> roaksoax, yeah - got it
<jamespage> roaksoax, OK - I'm backdoored
<jamespage> roaksoax, well I was - juju just terminated me
<roaksoax> jamespage: bummer! yeah juju now terminates you if deployment doesn't get completed, which sucks for debuggin
<smoser> jamespage, https://bugs.launchpad.net/curtin/+bug/1303617
<uvirtbot> Launchpad bug 1303617 in curtin "pc-grub install path broken in curtin" [Critical,Confirmed]
<smoser> fix is just now uploaded.
<smoser> you can apply revno 125 to trunk
<smoser> er... you can cherry pick that to your local maas installation and it should fix it.
<smoser> i just uploaded.
<jamespage> smoser, ok
<jamespage> smoser, I'll stop debugging - that looks like my problem
<jamespage> smoser, ok - I'm being dumb
<jamespage> curtin is not installed on my maas box?
<smoser> jamespage, python-curtin
<smoser> jml, shoot. you actually need the curtin-common
<smoser> s/jml/jamespage/
<smoser> sorry jml
<jamespage> smoser, I got there in the end
<jamespage> :-)
<tmwsiy> Hi I have a super micro server that I am attempting to install 12.04 server on. Everything goes fine with the install and then when it comes up to boot I get the grub menu but then if you select the regualr kernel option nothing happens. Funny thing is that if I select recovery console and then resume boot everything appears to work fine. any ideas as to how I can get grub to work properly from the start?
<patdk-wk> tmwsiy, likely need nomode or other video options to the kernel
<zul> jamespage:  cinder rc2 is available
 * jamespage leaps for joy!
<jamespage> zul, great - are you on it? or shall we let coreycb ?
<zul> jamespage:  im on it
<zul> jamespage:  just doing a local build now
<jamespage> zul, ack
<zul> jamespage:  https://code.launchpad.net/~zulcss/cinder/2014.1.rc2/+merge/214565
<jamespage> smoser, that fixed me up - thanks!
<hxm> hello, I have some irc logs in unrecognized encoding
<hxm> i use file to know which encoding is and it says 'data'
<hxm> can I just use iconv -f data -t utf-8 ?
<hxm> or it will make it worse
<shreezbot> Any of you guys know of a way to completely manage virtual machines in KVM from the command line?  I'm running it on a headless server machine that I don't have GUI access on...
<shreezbot> I can get a vm created and started, but I can't seem to connect to it to install the operating system...
<forex> hello!
<forex> how I can install gnome with RDP on Ubuntu 13.10
<forex> 64 bit
<bekks> Install gnome and a rdp client.
<forex> bekks:  its remote server
<forex> i heard its a bit tricky
<sync0pate> forex, are you asking how you'd install gnome while you're logged in with RDP?
<forex> sync0pate:  there is remote ubuntu server
<forex> i with to access it via rdp
<forex> so I realise I would have to apt-get install gnome
<sync0pate> how do you access it at the moment?
<patdk-wk> yuk
<forex> ssh
<patdk-wk> access via rdp is a huge hack ontop of a hack
<patdk-wk> just use vnc or nx
<forex> patdk-wk: so what do u use to access GUI?
<sync0pate> any particular reason you wanna rdp in?
<patdk-wk> personally? I don't do gui
<jpds> forex: We don't particularly use GUIs.
<patdk-wk> I mean, why exactly would I need one?
<sync0pate> ssh is generally better
<forex> sync0pate: use GUI to install VM with Windows :D
<forex> and OSX
<jpds> forex: https://help.ubuntu.com/community/ServerGUI
<patdk-wk> forex, no need for gui for that
<sync0pate> but vnc seems to work better than rdp
<patdk-wk> sync0pate, the rdp works by talking ontop of vlc
<lordievader> forex: libvirt can run a vnc server for your vm's, no need to have the host run something X related.
<patdk-wk> vnc I mean
<forex> lordievader: hmmm how libvirt can do it?
<forex> sounds interesting
<jpds> forex: Use 'virt-install' to provision a VM.
<jpds> forex: virt-install --graphics vnc,listen=0.0.0.0
<jpds> forex: Those are the flags to enable a VNC server tunneled to the virtual machine.
<forex> yes I see
<jpds> forex: You will need the other flags for the VM, disk, memory, etc.
<forex> i like gui alot I admit :D
<forex> and its handy and fast hehe for some tasks
<sync0pate> I wouldn't abandon the GUI on my desktop
<sync0pate> personally
<sync0pate> but I never use it for servers
<jpds> forex: Just install virt-manager on your desktop.
<forex> well its website - 0 emails 0 cc data
<forex> :D
<jpds> forex: And connect to the libvirt socket on the server with ssh.
<forex> i like gui I get idea of command like yet I love love visuals
<forex> even on server
<forex> :D
<forex> its pleasing
<jpds> True, but noone serious about their server farm would use a GUI. ;-)
<patdk-wk> they would use powershell!
<zul> Daviey:  hey there is a cinder rc2 in the queue as well
<forex> http://seb.so/vnc-from-boot-without-logging-in-ubuntu-lubuntu-xubuntu-and-mint-lmde/
<forex> interesting idea :D
<sarnold> forex: nice documentation, I've wondered about "vnc into existing X" vs "vnc in and create a new X" -- it's nice to see it documented here :)
<moparisthebest> is there a way to troubleshoot booting problems on a remote headless server?
<moparisthebest> I install some packages, reboot, and it won't come back up
<moparisthebest> I can boot a 'rescue system' to mount the filesystem after the fact and such, and reboot, but I can't figure out whats stopping it from booting?
<sarnold> moparisthebest: best is soemthing like serial console or an "integrated lights out" management interface on the server
<moparisthebest> can I setup and connect to a serial console over the network?
<sarnold> moparisthebest: there are some serial console servers, sometimes even integrated into power strips :) wonderful things
<forex> so sarnold I install gnome then vnc and then I follow that howto right? :D
<sarnold> forex: looks like it :) hehe
<forex> :)))
<jamespage> zul, https://code.launchpad.net/~james-page/neutron/rc1-fixes/+merge/214582
<forex> i wonder why add-apt-repository ppa:gnome3-team/gnome3-next  is not working
<jamespage> zul, I'm still not sure that the l3/vpn agent stuff is right but I can't track down anyone to tell me authoratively
<forex> bizzare
<forex> I decided while I am at it install latest gnome :)
<zul> jamespage: +1
<lordievader> patdk-wk: Hihi, ps, haha
<jamespage> zul, ok merged
<pmatulis> hallyn_: need any testing for bug 1286500 ?
<uvirtbot> Launchpad bug 1286500 in virtinst "Can't perform an HTTP VM install with virt-manager" [Medium,Confirmed] https://launchpad.net/bugs/1286500
<jamespage> zul, I think the two agents do overlap - I can quite happily run stuff that relies on l3-agent with just the vpn-agent running
<lordievader> forex: It's good to get a habit of managing your servers through the command line :)
<zul> jamespage:  ack..
<hallyn_> pmatulis: I think this needs to wait until we can merge the next version (which needs a few MIRs).
<hallyn_> I disagree with comment #4, btw.  you can d/l an iso this is does not render essential functionality broken
<mdeslaur> hallyn_: have you had anyone reporting issues with qemu segfaulting?
<hallyn_> mdeslaur: no
<hallyn_> mdeslaur: other than -ppc
<forex> Adding group `nopasswdlogin' (GID 110) ...
<forex> hmm
<forex> why no passwd :D
<forex> o well
<forex> nearly there
<forex> login works fine however then remote desktop goes back to login screen
<forex> :)
<forex> GConf-WARNING **: Client failed to connect to the D-BUS daemon: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
<hallyn_> mdeslaur: any more details?  are you easily able to reproduce that?
<mdeslaur> hallyn_: still poking at it...looks like quantal i386 guest with the vmvga driver causes it
<mdeslaur> hallyn_: but still testing
<forex> ::)))
<forex> magical ubuntu
<elliotd123> Ubuntu server 12.04 doesn't seem to detect my SATA FDM, any idea if they're supported in 14.04?
<patdk-wk> sata fdm?
<patdk-wk> if it's sata, the issue is, your sata chipset
<elliotd123> That makes sense that it's a chipset issue, it doesn't detect the network interfaces either...
<bitfury> hey guys, what's the default MTA in ubuntu 13.10?
<bitfury> still postfix?
<lamont> bitfury: yep
<lamont> and 14.04, too
<bitfury> lamont, do you know if it gets automatically removed when installing sendmail or any other MTA?
<lamont> bitfury: by policy, the MTAs all conflict with (and provide) mail-transport-agent, so you cannot install more than one at a time
<lamont> unless you do it in a chroot, of course.
<lamont> bitfury: see, for example, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307186
<uvirtbot> Debian bug 307186 in postfix "Postfix conflicts with sendmail" [Wishlist,Open]
<lamont> that'd be in the "wontfix" category, since the change it asks for would be a release-critical, policy-violating bug
<bitfury> lamont, thanks
<zul> Daviey:  ping can you review cinder rc2 please
<Daviey> zul, done
<zul> Daviey:  thanks
<forex> hmmm
<forex> I installed xrdp - it says connected
<forex> and closes window :D
<forex> bizzare?
<bekks> Nope. Dont use RDP but vnc or nx.
<forex> xrdp seems to be supporting vnc too
<justizin> anyone know if there is a backport of openssl available for 1.0.1g, or otherwise addressing the heartbleed problem?
<bekks> forex: Keep i mind that both rdp and vnc arent secure.
<forex> in which way?>
<bekks> forex: In every way.
<forex> well means they are good
<forex> whats with gui fobia
<forex> :)))
<bekks> forex: Thats nonsense. RDP and VNC arent secured, they arent encrypted, vital data is transferred as plain text.
<forex> wtf
<forex> vnc can run via ssh
<forex> rdp probably too
<bekks> which doesnt magically make vnc and rdp secure - all it does is encapsulating vnc/rdp into a secure ssh transport.
<forex> vital data is transferred as plain text.
<forex> :D
<forex> then its secured
<bekks> Just use nxm, which does all that automatically.
<bekks> *nx
<forex> sounds fine
<forex> it  it can work out of box and secure then its good find :D
<forex> NX is an exciting new technology for remote display. It provides near local speed application responsiveness over high latency, low bandwidth links.
<forex> awesome!
<pmatulis> hallyn_: re MIRs, i'm not sure i follow.  are you saying bug 1286500 will go unfixed for trusty?
<uvirtbot> Launchpad bug 1286500 in virtinst "Can't perform an HTTP VM install with virt-manager" [Medium,Confirmed] https://launchpad.net/bugs/1286500
<forex> bekks: so there is open source and paid version or just paid?
<forex> reading on it now :D
<hallyn_> pmatulis: it may, yes.
<pmatulis> wow, ok.  virt-install is a main way for using preseeding
<hallyn_> i'm looking into 1304008 right now, i can look some mor einto that one after,
<hallyn_> pmatulis: but you can preseed and use virtinst with an iso,
<pmatulis> hallyn_: oh, i can't find how.  --location (preseeds) doesn't work with --cdrom (iso)
<hallyn_> pmatulis: i had to look quite awhiel to even find an http location tht worked,
<hallyn_> hm
<hallyn_> pmatulis: can you add the precise command line you use to the bug report?
<hallyn_> i'll see what i can do
<hallyn_> since cgmanager is'nt currently blowing up in my face :)
<pmatulis> hallyn_: i'll do it now
<hallyn_> thanks
<hallyn_> pmatulis: (not seeing it in that bug yet, assuming im' looking in the right place)
<atpa8a> hmm
<atpa8a> what's the deal with ping: icmp open socket: Operation not permitted. in 14.04?..
<sarnold> atpa8a: please dmesg | grep DENIED | tail
<sarnold> (and pastebinit if there's more than one or two lines :)
<atpa8a> sarnold: none!
<sarnold> atpa8a: do you have auditd installed? check /var/log/audit/audit.log to see
<atpa8a> i don't have that...
<atpa8a> this is a clean brand new install
<sarnold> atpa8a: drat. well, that is itself fine. it just means that my theory doesn't help you :/
<atpa8a> :)
<atpa8a> thanks anyway
<atpa8a> apparently ping is missing -s...
<nextdoorwarren> Hey guys, I am really sorry but this OpenSSL Vuln, all the releases I find say 1.0.1f is the new version I need, however I am new to the ubuntu space, and I see the version with ubuntu is labeled when I do dpkg as 1.0.1-4ubuntu5.11
<nextdoorwarren> is that the f version?
<atpa8a> now... is this just a bug or "by design"?..
<Patrickdk> nextdoorwarren, learn how distros work
<Patrickdk> you don't *upgrade* to a patched version, you apply the patch to the current version
<Patrickdk> so no, it is not the f version, it is the pre-a version
<atpa8a> which was the channel for development stuff?..
<Patrickdk> and if you only see 5.11 you need to do an update
<nextdoorwarren> @Patrickdk thanks
<Patrickdk> nextdoorwarren, http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html
<uvirtbot> Patrickdk: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
<bekks> nextdoorwarren: which ubuntu release are you on?
<nextdoorwarren> 12.04 LTS
<xibalba> how would i block port X that isn't coming from within my LAN network 10.10.10.0/24
<xibalba> with iptables
<mgw> what might cause apt-get update to fail with this error: Reading package lists... Error!
<mgw> xibalba, do you need to block a specific port?
<xibalba> yes, port 111
<xibalba> rpcbind
<mgw> I prefer to block everything except what is explicitly permitted
<mgw> iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
<xibalba> right the ASA is blocking everything else. personally i hate the ASA
<mgw> as your lst rule
<sarnold> mgw: there's nothing else nearby to suggest what the error might be? o_O
<mgw> not nearby
<mgw> maybe in some log somewhere
<mgw> sarnold: ^
<sarnold> mgw: bleh. well, you can probably just get away with deleting all the lists in /var/lib/apt/lists/ and trying again
<Patrickdk> out of diskspace? disk readonly?
<mgw> Patrickdk: one of the systems has /run full (fixing that) but the other has plenty of space
<mgw> sarnold: That's safe?
<Patrickdk> yes, it will just redownload and rebuild
<Patrickdk> hmm, /run filling up, kindof strange
<axisys> so I guess we need to wait until newer version openssl pkg available?
<Patrickdk> axisys, sure, like 2hours ago
<sarnold> mgw: yes, the next time you apt-get update they'll be redownloaded. no big deal there.
<mgw> Patrickdk: not strange, i had a big core file in there
<axisys> Patrickdk: I knew I am late in the show..
<Patrickdk> mgw, odd to have core files :)
<mgw> axisys, new packages were released today
<axisys> mgw: for precise ?
<mgw> sarnold: those cover today's security notice, right?
<mgw> yes
<sarnold> mgw: yes
<Patrickdk> axisys, all my 12.04 have updates packages
<Patrickdk> 5.12
<Patrickdk> next would be rotating all your ssl certs :(
<mgw> sarnold: different topic - should we be upgrading anything other than openssl and libssl to cover that exploit?
<axisys> so sudo apt-get install openssl ?
<axisys> Patrickdk: ^
<Patrickdk> libssl
<axisys> Patrickdk: right.. we have few ssh keys
<sarnold> mgw: restarting your services is a must, regenerating your keys is a good conservative step.
<Patrickdk> ssh isn't so much an issue
<Patrickdk> as it has both the static key and the hourly rotated key
<Patrickdk> that is what that split key is suppost to stop
<beisner> atpa8a, sarnold: regarding ping, bug: https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1302192
<uvirtbot> Launchpad bug 1302192 in iputils "ping is not setuid root" [Undecided,Confirmed]
<Patrickdk> but still, wouldn't hurt to do also
<axisys>  sudo apt-get install libssl
<axisys> Package libssl is not available, but is referred to by another package.
<sarnold> beisner: awesome! :) thanks
<Patrickdk> axisys, you failed to apt-get update
<axisys> oops! always make that mistake
<axisys> still same error after the upgrade
<mgw> libssl1.0.0
<mgw> is the package on ubuntu 12.04
<mgw> axisys: ^
<mgw> sarnold: should I wipe out lock and partial too, or just everything else in that dir?
<axisys> mgw: that worked
<axisys> $ openssl version
<axisys> OpenSSL 1.0.1 14 Mar 2012
<Patrickdk> oh ya, it is
<Patrickdk> heh
<axisys> shouldn't it be higher ?
<Guegs_> You guys talking about the Heartbleed bug?
<sarnold> mgw: normally just "everything else" works for me, but I haven't seen the specific thing you've got
<Patrickdk> axisys, no, it shouldn't be HIGHER
<Patrickdk> I dunno how many times I must explain that
<axisys> Patrickdk: may be in /topic :P
<sarnold> Patrickdk: we've got an url for that :)  https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
<Patrickdk> sarnold, ubibot token for it?
<sarnold> Patrickdk: dunno.. I don't know our bot vrey well
<Patrickdk> neigher do I
<sarnold> Patrickdk: and when people complain, the debian one too :)  https://www.debian.org/security/faq#version
<axisys> apt-cache policy libssl1.0.0 does not say anything either.. I will read that url
<Patrickdk> 1.0.1-4ubuntu5.12 is the fixed version, axisys
<Patrickdk> this is what reading cve's are for
<mgw> sarnold: same error â
<mgw> Fetched 20.3 MB in 10s (1,871 kB/s)
<mgw> Reading package lists... Error!
<Patrickdk> http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html
<uvirtbot> Patrickdk: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
<sarnold> mgw: hrm, could try removing the locks and partial at the same time? :(
<axisys> I am going to have to prove someone in security that it is not running a exploited version.. would be nice if some says somewhere about this
<Patrickdk> axisys, I just posted it
<Patrickdk> you point them to the CVE I just posted
<Patrickdk> then you show them, dpkg -l | grep libssl
<mgw> sarnold: still getting the error
<mgw> I wiped everything in /var/lib/apt/lists
<Patrickdk> sarnold, stupid bot isn't even following the ubuntubots instructions
<sarnold> mgw: nuts. time to bring out 'strace' to try to figur eout what's going on :(
<sarnold> Patrickdk: hrm, I don't even know who to turn to for more information on the bot
<Patrickdk> soren hansen
<sarnold> axisys: make sure that your versions as reported by dpkg -l *ssl* match the version numbers recorded here: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html
<Patrickdk> oh wait
<uvirtbot> sarnold: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
<Patrickdk> I should be talking to the *OTHER* bot
<Patrickdk> damn it too many bots
<sarnold> haha
<axisys> Patrickdk, sarnold : thanks a lot
<Patrickdk> sarnold, there isn't one, closest is
<Patrickdk> !latest
<ubottu> Packages in Ubuntu may not be the latest. Ubuntu aims for stability, so "latest" may not be a good idea. Post-release updates are only considered if they are fixes for security vulnerabilities, high impact bug fixes, or unintrusive bug fixes with substantial benefit. See also !backports, !sru, and !ppa.
<Patrickdk> but that doesn't really doesn't read right for this case
<sarnold> Patrickdk: yeah, it's not bad but not perfect
#ubuntu-server 2014-04-08
<Patrickdk> just made one, if it is approved
<pmatulis> hallyn_: there now.  i was trying to use other variations in order to continue using preseed.  still not done but i sent in the command i used to get my previous bug comment
<fun69> hey folks
<fun69> :)))
<fun69> I installed nomachine to connect to ubuntu server running gnome - connecting from win7 machine - yet to get full screen
<fun69> any advice?
<fun69> how to make it full screen :)
<sarnold> fun69: windows things often use alt+enter to full-screen
<sarnold> or they did back in winnt 4.0 days :) heh
<fun69> sarnold: i get full screen but actual ubuntu machine in it is small
<fun69> lol
<sarnold> fun69: change the 'resolution' of your X server?
<fun69> hmm sarnold u mean change it somewhere in ubuntu?
<fun69> at this stage I am bit like umm
<fun69> :d
<fun69> :)
<hallyn_> pmatulis: man the code has just totally changed - moved to different filenames and reorg'd.  i may push the debdiff that i said didn't fix it anyway and investigate the next failure differently
<pmatulis> hm
<sarnold> fun69: yeah, there's gotta be something that says how large to make the display, right?
<fun69> sarnold: ok its seems nomachine win for some reason sets diff resolution
<fun69> checking how to change it :D
<sarnold> fun69: woo :) have fun
<fun69> 1680x1050 1024x768
<fun69> nr 2 is that nomachine resolution :D
<fun69> https://www.nomachine.com/forums/forums/topic/how-can-i-get-higher-screen-resolution
<fun69> lol
<sarnold> fun69: I have a feeling that titan and dallas just didn't understand each other
<fun69> same :D
<fun69> I just checked nomachine node in gnome - it says no clients connected
<fun69> hmm I wonder if they have irc room
<fun69> nope :D
<hallyn_> pmatulis: (not that you wanna follow this play-by-play, but) it appears commit 101f176ae4e15d019b570ad5b37794e4bb1fd8ce in libvirt may have something to do with the problem i'm having
<atpa8a> beisner: thanks! found the same
<atpa8a> setcap solved it
<pmatulis> hallyn_: i just wish i could help in some way.  lemme know if you want me to test anything.  so far, this would be a terrible bug to have
<atpa8a> ok... so... i don't think it's ubuntu (it's the router likely) but until i ping the 14.04 box from one of the other boxes, the 14.04 box cannot ping the gateway...
<hallyn_> pmatulis: thanks, i just need to figure out who isn't happy with what they're getting, and give them what they want...  hopefully i'll find it before mid-day tomorrow.
<atpa8a> after any reboot that is
<hallyn_> hm, the object being passed in is not a stream class
<fun69> :)))
<coderanger> Can anyone confirm that the openssl 1.0.1-4ubuntu5.12 package is safe?
<coderanger> The output from openssl version -a and some other markers point to it possibly being cranky
<sarnold> coderanger: yes, that's the fixed version: http://www.ubuntu.com/usn/usn-2165-1/
<coderanger> built on: Tue Jun  4 07:26:06 UTC 2013
<coderanger> Also the local CHANGELOG.gz has no entry for the fix
<Patrickdk> the changelog does too
<Patrickdk> your reading the wrong thing
<Patrickdk> cause that is the 5.11 package
<Patrickdk> not 5.12
<coderanger> Nah, figured it out
<coderanger> need to upgrade libssl1.0.0 as well
<Patrickdk> oh hell, not even 5.11
<Patrickdk> that is older than crap
<thumper> stgraber, hallyn_: any idea why on a precise aws image, I get this: $ ubuntu-cloudimg-query trusty released amd64 --format '%{url}\n'
<thumper> confused by argument: trusty -- when trying to create a trusty ubuntu-cloud image?
<stgraber> probably because
<stgraber> ubuntu-cloudimg-query on precise uses some hardcoded list
<stgraber> also unless that changed recently, trusty isn't marked as "released", you'd need to use "daily" at the moment
<thumper> stgraber: hmm... that same line works on my trustry machine
<thumper> https://cloud-images.ubuntu.com/query/trusty/server/released-dl.current.txt
<stgraber> ah right, final beta counts as released
<hallyn_> i think even alpha did
<hallyn_> oh maybe not
<thumper> the problem is people creating precise machines with juju then trying to create trusty lxc containers on them
<thumper> the lxc is updated, but it is using ubuntu-cloudimg-query to find the image
<thumper> which fails
<thumper> any idea which package provides that executable?
<hallyn_> utlemming: smoser: ^ are those the right arguments for ubuntu-cloudimg-query, and should they work on precise?
<thumper> and if we can update it?
<hallyn_> you mean ubuntu-cloudimg-query?  that's cloud-image-utils.
<thumper> I wonder if that is in the cloud-tools archive
 * thumper goes to make coffee
<hallyn_> pmatulis: eureka, found it.  will push a fix tonight
<stgraber> hallyn_: "eureka, found it", that's a pretty redundant statement :)
<hallyn_> admittedly
 * hallyn_ looks around for his old greek prof
<hallyn_> nowhere to be found - i'll just wait for this to be forgotten on the internet
<hallyn_> chuckle
<hallyn_> drwxrwxr-x 13 501 501 4096 Mar 23 22:45 /usr
<hallyn_> this probably is not good
<stgraber> who's 501:501?
<hallyn_> not in /etc/group
<hallyn_> or passwd
<stgraber> fun
<hallyn_> i did just purge apache2, maybe that did it
<hallyn_> or, it was openssl and being on ipv6
<stgraber> both seem rather unlikely
<hallyn_> you're telling me not to pull out the gasoline and lighter just yet?
<stgraber> :)
<hallyn_> stgraber: oh hey, do you happen to know exactly how/when users get added to group sudo during an install from iso?
<hallyn_> the problem is, when users install libvirt using tasksel, libvirt-bin.postinst is not placing the initial user into grou plibvirtd - presumably bc he is not yet in group sudo.
<hallyn_> i'm wondering whether marking libvirt-bin as Pre-Depends: sudo would solve it
<hallyn_> (hard to test without making a new iso)
<hallyn_> hm, i suppose the question would be how/when the user gets created.  presumably at end of install.  Pre-Depends would not then help.
<stgraber> user-setup would be the one adding the user to the group I suspect
<stgraber> and indeed, user creation happens very late in d-i, after packages are installed anyway
<hallyn_> so there's really nothing libvirt can do, apart from writing some sudo hook?
<stgraber> user-setup-apply does it and it's called from finish-install.d
 * hallyn_ looks at user-setup src
<stgraber> so you could patch user-setup-apply to detect and deal with libvirt membership which may be very well be the easiest there. Otherwise you can also document that people doing that kind of preseeded installs should set passwd/user-default-groups to include libvirtd
<hallyn_> setting passwd/user-default-groups would be done using preseed?
<stgraber> yeah. You could also ship a hook which would do it but that'd require introducing a new udeb just for that.
<stgraber> so if you mostly care about people doing automated deployments, documenting the preseed option is probably the way to go. If you care about people simply doing a standard install from media and selection libvirt in tasksel, then you probably want to go the user-setup route.
<hallyn_> well i don't know that anyone does standard install from media that way any more, but it is pretty easy to do...  hm.
<hallyn_> stgraber: thanks, i'll mark down both options for now and sleep on it :)
<jamescarr> is the heartleed bug fixed on 12.04?
<cdown> Is it expected that there is no patched version of OpenSSL to fix CVE-2014-0160 in the repositories? At least on the NL mirrors, I have no upgrade path available from 1.0.1c-4ubuntu8.2.
<uvirtbot> cdown: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
<cdown> That is on 13.04.
<cdown> Wait, 13.04 is out of support.
<cdown> Never mind me, time to upgrade...
<RoyK> https://www.openssl.org/news/secadv_20140407.txt
<RoyK> http://filippo.io/Heartbleed/
<lordievader> I think the openssl in Saucy is already patched: https://launchpad.net/ubuntu/saucy/+source/openssl/1.0.1e-3ubuntu1.2
<kikimeter> do you know the frequency of the update for the ubuntu mirror ?
<kikimeter> an apt-get upgrade on ubuntu 13.10 dont update openssl
<RoyK> kikimeter: did you run the test I posted above? http://filippo.io/Heartbleed/
<kikimeter> yes
<kikimeter> I pass the test :(
<RoyK> well, if you passed, what's the problem? ;)
<kikimeter> my english should be bad
<kikimeter> I have to update my openssl on my server
<kikimeter> I have the 1.0.1e
<kikimeter> An apt-get update && apt-get upgrade should fix the version of openssl
<kikimeter> my unattended-upgrade did nothing
<kikimeter> and apt-get update && apt-get upgrade say everything ok
<kikimeter> So maybe the mirror (french mirror) are not up to date right now
<lordievader> RoyK: Can't say I've tested it, I'm afraid, don't run an https server here.
<RoyK> k
<RoyK> bug affects ssh too, though
<RoyK> but don't know a test for that
<xperia> hi. i am trying to configure mysql to use a partition as raw device for storing the data. in /etc/mysql/my.cnf i have this line here
<xperia> innodb_data_file_path = /dev/sda3:268435456000newraw ownership of /dev/sda3 was changed to mysql:mysql
<xperia> when i try to start mysql however i get allways the error message => 140408 10:36:11  InnoDB: Operating system error number 13 in a file operation.
<xperia> InnoDB: The error means mysqld does not have the access rights to InnoDB: the directory. InnoDB: File name /dev/sda3 InnoDB: File operation call: 'open'. InnoDB: Cannot continue operation.
<xperia> What is here the Problem? I have set up the permission right but mysql fails still to open the /dev/sda3 to use it as raw device. Where is the Problem and how can i fix it?
<mardraum> xperia: any apparmor errors?
<xperia> mardraum: thanks a lot for the reply. here is the error line =>  kernel: [ 2527.331188] type=1400 audit(1396946978.024:79): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/dev/sda3" pid=9561 comm="mysqld" requested_mask="rw" denied_mask="rw" fsuid=118 ouid=0
<bekks> xperia: apparmor denies raw access.
<bekks> xperia: Either lower that mysql profile security, disable it, or edit the profile.
<xperia> bekks: yeah going to change then apparmor profile
<xperia> mardraum	: bekks	: finally i could solve the problem but there is a new problem with reformating the raw device partition by mysql. based on parted information i set the size of the partition as 268435456000 Bytes. For some strange reason however mysql stops the formating of the device before the end
<xperia> 140408 11:00:02  InnoDB: Setting file /dev/sda3 size to 256000 MB InnoDB: Database physically writes the file full: wait...
<xperia> InnoDB: Progress in MB: 100 .... 15600 Exit
<xperia> asking me if the problem has to do with the EXT4 Filesystem. Erasing the Partition and retrying.
<bekks> raw device access never has anything to do with a filesystem.
<bekks> Either you put your files on a filesystem, or you are using raw devices.
<bekks> Thats basically why it is called "raw device access".
<xperia> bekks: yeah but how can i tell mysqld the right size so it does not stop the reformating of the raw device. i used parted to get the size in Bytes and told mysql to use that size. after erasing of the partition mysql was able to format 100GB more Space in the partition now but it still stoped the proces and failed to start.
<xperia>  
<pmatulis> morning
<jamespage> zul, could you do the honours for a new libvirt for the CA please (icehouse)
<jamespage> zul, working on a new point release for ceph right now
<zul> jamespage:  yep
<jamespage> zul: ta
<jamespage> zul, i've pushed cinder and swift through to updates btw
<smoser> stgraber, thumper, apt-get install distro-info
<smoser> and that fixes the hard coded list.
<smoser> we can sru a touch to that package to know about trusty though.
<zul> jamespage:  cool thanks
<ice9> if I need to upgrade an application for security fix but it's package is not ready yet in the repo, what should I do, install it from source? but then how do I keep tracking with recent version?
<ice9> in the future
<rbasak> hallyn: does bug 1302724 need attention before Trusty's release? It's not clear to me.
<rbasak> zul: ^^
<uvirtbot> Launchpad bug 1302724 in libvirt "libvirt 1.1.1 wasn't compiled with LXC support" [Undecided,New] https://launchpad.net/bugs/1302724
<pmatulis> hallyn: virt-install is looking good!
<rbasak> jamespage: do you know why unbound has ~ubuntu-server subscribed? I don't see it seeded.
 * rbasak is wondering about the priority for bug 1303477
<uvirtbot> Launchpad bug 1303477 in unbound "unbound default configuration only works after reload" [Undecided,New] https://launchpad.net/bugs/1303477
<jamespage> rbasak, gaughen added it - unbound and strongswan just got accked for MIR
<rbasak> Ah
<jamespage> rbasak, still it might need seeding in the server-supported seed
<rbasak> I was party to that email, but had forgotten. Thanks!
<zul> rbasak:  dont think so ill double check
<rbasak> jpds: could you take a look at bug 1303477 please? Is this important?
<uvirtbot> Launchpad bug 1303477 in unbound "unbound default configuration only works after reload" [Undecided,New] https://launchpad.net/bugs/1303477
<rbasak> It _sounds_ like a fundamental and important issue to me, but I haven't confirmed it.
<zul> rbasak:  yeah thats fixed in an SRU i just havent backported it to the CA yet
<rbasak> zul: ah, thanks. I found bug 1287232. This one is a dupe of that one then, right?
<uvirtbot> Launchpad bug 1287232 in libvirt "/usr/lib/libvirt-lxc.so missing from libvirt-dev" [High,Fix committed] https://launchpad.net/bugs/1287232
 * rbasak marks it so
<zul> rbanffy:  yes
<zul> effing autocomplete
<zul> rbasak:  yes
<rbasak> OK, thanks!
<rbanffy> You woke me up, zul ;-)
<zul> jamespage:  libvirt uploaded...just going to go fix havana
<jamespage> zul, ta
 * smb squeals at hearing libvirt upload from zul
<smb> ubuntu10 would be ok, I saw that already. :)
<jpds> rbasak: The odd thing about that bug is that it's related to saucy.
<rbasak> jpds: does it affect Trusty also? Or is it fixed now?
<jpds> rbasak: Trusty should be working fine.
<jpds> I'll spin up a test VM just to be sure.
<rbasak> jpds: thanks!
<jpds> rbasak: Trusty did have an issue that I fixed yesterday: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1303088
<uvirtbot> Launchpad bug 1303088 in unbound "unbound-checkconf fatal error" [Undecided,Fix released]
<rbasak> I tried to confirm bug 1303477 the other day, but I got confused results.
<uvirtbot> Launchpad bug 1303477 in unbound "unbound default configuration only works after reload" [Undecided,New] https://launchpad.net/bugs/1303477
<hallyn> pmatulis: excellent
<hallyn> rbasak: I'm confused.  is it really a bug?
<rbasak> hallyn: zul resolved it as a dupe now.
<rbasak> (fixed in Trusty, AIUI)
<hallyn> rbasak: ok, thx
<zul> rbasak:  thanks
<batok> Is openssh server affected by heartbleed bug?
<jrwren> no.
<jrwren> openssh doesn't do ssl over tcp directly.
<batok> tks jrwren
<jpds> rbasak: Yeah, works fine for me on trusty.
<rbasak> jpds: thanks for testing! Do you mind commenting and marking https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1303477 as Fix Released then, please?
<uvirtbot> Launchpad bug 1303477 in unbound "unbound default configuration only works after reload" [Undecided,New]
<jpds> rbasak: Done.
<rbasak> Thanks!
<zul> coreycb:  hey do you have keystone rc2 yet?
<coreycb> zul, still building.  tests are taking a long time.
<zul> coreycb: ack
<jamespage> zul, foobar - can't get docker to work today
<jamespage> zul, trying on something other than my laptop...
<jamespage> kirkland, the ubuntu orange in the byobu status bar really hurts my eyes :-)
<zul> jamespage:  docker is foobared?
<jamespage> zul, neither the upstream packages or the latest in debian can stop/kill running containers
<jamespage> I can start them OK :-)
<jamespage> zul, hmm - seems to be a 0.9.x issue
<zul> jamespage:  lovely want me to have a look?
<jamespage> zul, sure - but don't put it higher than openstack
<jamespage> zul, the 0.8.1 we have in archive is OK - but that is using the lxc package for cgroups interaction
<jamespage> zul, 0.9.0 upwards uses libcontainer to interact directly
<jamespage> I suspect that is where the issue lies
<jamespage> kirkland, fyi and I know you are interested in docker ^^
<zul> jamespage:  cool lemme talk to eric and see if he has seen it
<jamespage> zul, +1
<zul> jamescarr:  he hasnt seen it
<zul> jamespage: he hasnt seen it but he hasnt played much with 0.9.1
<jamespage> zul, get the same with 0.9.0
<zul> jamespage:  gimme a sec wanna try something first
<jamescarr> huh
<zul> jamespage:  hmm...i cant even start a container
<jamespage> zul, with 0.9?
<zul> 0.8.1
<zul> the version in trusty
<jamespage> zul, oh - that's OK for me
<jamescarr> how can I tell if the openssl version I have installed has the fix???
<Pici> !sslbug
<ubottu> A fix for the recent OpenSSL vulnerabilities (CVE-2014-0076 & 0160) has been pushed to the Ubuntu repositories, see http://www.ubuntu.com/usn/usn-2165-1/ and http://heartbleed.com/ for more information.
<uvirtbot> ubottu: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076)
<ubottu> uvirtbot: I am only a bot, please don't think I'm intelligent :)
<uvirtbot> ubottu: Error: "I" is not a valid command.
<Pici> hmm.. thats annoying.
<zul> jamespage:  where did you get 0.9 from?
<jrwren> great, the bots are talking.
<jamescarr> how can I tell if the 1.0.1 version of openssl I installed is patched?
<jamespage> zul, I pulled it from debian and built it AND i tried from the upstream repositories
<jamespage> jamescarr, apt-get changelog openssl
<jamespage> check the fix is in the version you are using
<zul> jamespage: ah ok
<jamespage> zul, one sec - have a hint from upstream
<jamespage> apparently apparmor profile needs a fix
<zul> jamescarr:  ah
<DefunctProcess> hey guys I need some recommendations for some server apps with slick web interfaces for admininstration.  I need a VPN,FTP,PROXY,SAMBA....
<DefunctProcess> no love?
<cfhowlett> !patience|DefunctProcess
<ubottu> DefunctProcess: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<jrwren> DefunctProcess: it is an area lacking IMO
<jrwren> DefunctProcess: and we linux types tend to love cmdline and text files for config
<jrwren> DefunctProcess: and with things moving to cloud more, we are moving toward not administering single servers, but services which may be on many servers, so admin for that becomes - different.
<jrwren> DefunctProcess: once you look at it that way, juju-gui might be the gui you want :)
<i_am_good> I am getting "grub-install failed /dev/sdf FATAL ERROR" during installation. Every time it's failing when it gets to GRUB. I chose to use guided partition (entire disk). What am I missing?
<DefunctProcess> webmin.... webmin has a frontend for proxy, ftp, samba and vpn
<zul> jamespage: yeah that fixed it for me
<jamespage> zul, me to
<cfhowlett> !webmin|DefunctProcess
<ubottu> DefunctProcess: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<jamespage> I had to scrub the existing docker profile first tho
<zul> jamespage:  should we bump docker.io in trusty then?
<zul> with the patch
<DefunctProcess> what is the successor then? juju-gui as suggested?
<jamespage> zul, I've been waiting for a FFe for two weeks now
<zul> jamespage:  oh maybe bug daviey then
<jrwren> certainly not.
<jrwren> and I did not mean to suggest juju-gui as an alt. I'm suggesting rethinking hte entire need for such a tool :]
<DefunctProcess> jrwren: i cannot demo juju as my browser at work is not supported, care to give a breif summary?
<jrwren> DefunctProcess: cloud orchestration tool.
<DefunctProcess> jrwren: does this mean the services must be running in the cloud or can i run them locally?
<jrwren> DefunctProcess: there are some backends which can run local.
<jrwren> DefunctProcess: it will definitely be a mindshift. its is NOT a server admin tool.
<DefunctProcess> jrwren: this is not what i want, but I appreciate your help.
<jrwren> DefunctProcess: sorry for confusing. gl.
<zul> jamespage: https://bugs.launchpad.net/nova/+bug/1304107
<uvirtbot> Launchpad bug 1304107 in nova "Libvirt error launching instance - Device 'virtio-net-pci' could not be initialized" [Undecided,New]
<jamespage> zul, OK - can you confirm that? I did not see issues on trusty yesterday
<zul> jamespage: ill try
<coreycb> zul, jamespage : https://code.launchpad.net/~corey.bryant/keystone/2014.1.rc2/+merge/214793
<jamespage> hallyn, what's your take on the state of bug https://bugs.launchpad.net/nova/+bug/1254872
<bijoo_> Hi, how to reproduce the heartbleed bug?
<uvirtbot> Launchpad bug 1254872 in libvirt "libvirtError: Timed out during operation: cannot acquire state change lock" [High,Fix committed]
<jamespage> do we have enought to say that's good for acceptance yet?
<bijoo_> Everyone's clamoring but no steps.
<hallyn> jamespage: i think so...  my impression is there's another bug but this did solve one.
<zul> coreycb: looks good to me
<coreycb> zul thanks
<zul> coreycb/jamespage: keystone rc2 uploaded
<RoyK> hi all. trying to install rrdcached on precise64, but it just fails with a segfault when attempting to start: http://paste.ubuntu.com/7222097/. Can't see any issues with anything else, and if it were a memory issue, I *would* have seen more processes crash after a couple of reboots etc...
<jgornick> Hey guys, are there any extra steps other than upgrading to fix the latest openssl fix? Do I need to regenerate SSH keys?
<jgornick> I'm also running 12.04.
<batok> how can I upgrade openssl in 13.04?
<cfhowlett> !eol|batok
<ubottu> batok: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<cfhowlett> batok 13.04 has reached end of life.  see above
<patdk-wk> jgornick, no
<batok> cfhowlett is it possible to upgrade an aws ec2 instance 13.04 to a supported version?
<jrwren> jgornick: ssh keys are fine.
<jgornick> patdk-wk: Ok, I would only have to regenerate any SSL certs that are used for the site?
<patdk-wk> yes, smtp, imap, pop, https, ftps, ...
<cfhowlett> batok my advice is to upgrade your OS to a supported version: 12.04, 13.10, hell, even the 14.04 beta preferable to running an unsupported OS
<jgornick> patdk-wk: Thank you.
<batok> tks cfhowlett
<jgornick> After upgrading and restarting Apache2, if I run
<jgornick> ... crap...
<jgornick> After upgrading and restarting Apache2, if I run "ls -l /proc/*/fd | grep ssl.*(deleted)" it still shows that apache2 ssl_mutex is deleted. Any thoughts? I'm performing steps from: http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl/444905#444905
<uvirtbot> jgornick: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
<batok> How can I upgrade, with sudo apt-get upgrade or running do-release-upgrade script?
<cfhowlett> batok do-release-upgrade
<batok> as sudo?
<ryan_turner|MTW> Is it a wise decision to install ubuntu 12.04 today and update to 14.04 once released, or install 12.04 and then once 14.04 is released, wipe&reinstall?
<JediMaster> hi all, I'm doing a do-release-upgrade on a 13.04 ubuntu-server install to get it to 13.10 to get the latest openssl/ssh vulnerabilities patched
<batok> cfhowlett sudo do-release-upgrade or without sudoÂ¿
<JediMaster> the do-release-upgrade got stuck for 10 minutes updating the /etc/mysql/mysql.conf file then carried on going, it's now been sitting for nearly 30 minutes doing: Removing any system startup links for /etc/init.d/rpcbind ...
<cfhowlett> batok with
<JediMaster> I can see there are 40 zombie processes (there were 0 when it started)
<Daviey> mdeslaur: Hey, CVE-2014-0076 on ~ubuntu-security CVE tracker has a Priority of Medium.  Is that accurate, if so - how did you come to that?
<uvirtbot> Daviey: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076)
<Daviey> Oh forget that. Looking at the wrong one. :)
<JediMaster> 50 zombie processes, still waiting on that rpcbind system startup link for 30+ minutes now
<JediMaster> you can't kill zombies right? =)
<JediMaster> got a bunch of defunct processes who's parent process ID are now 1
<alex-foo> i'm not seeing an openssl 'heartbleed' fix for 10.04 LTS yet -- is it coming?
<Pici> alex-foo: it is not applicalble for 0.9.8
<alex-foo> oh, so it was never vulnerable! phew
<alex-foo> thanks!
<Pici> np
 * koolhead17 looks around
<mdeslaur> Daviey: they're basically all medium...it's the priority that we fix them, not a severity or anything
<koolhead17> zul: jamespage hazmat Daviey jcastro adam_g ^^ hellos
<Daviey> mdeslaur: Yeah, thanks :)
<jamespage> hey koolhead17
<koolhead17> jamespage: how are things? anything needed for 14.04 from my side :)
<jamespage> koolhead17, ok
<jamespage> koolhead17, as always testing testing testing!
 * koolhead17 looking forward for the baked 14.04
 * hazmat prefer bbq 
<koolhead17> hazmat: depands with or without juju :P
<zul> jamespage:  hey we are doing another upload for libvirt fyi
<zul> https://bugs.launchpad.net/nova/+bug/1304107/comments/8
<uvirtbot> Launchpad bug 1304107 in qemu "Libvirt error launching instance - Device 'virtio-net-pci' could not be initialized" [High,Triaged]
<xibalba> hey everyone, is there going to be a pkg update for opeenssl shortly?
<patdk-wk> xibalba, what for?
<xibalba> the heartbleed stuff
<patdk-wk> heh?
<patdk-wk> that is old news
<patdk-wk> or, why would there need to be ANOTHER pkg update for it?
<xibalba> disable heartbeat?
<patdk-wk> !usn
<ubottu> usn is Please see http://www.ubuntu.com/usn for information about Ubuntu security updates.
<patdk-wk> xibalba, did you bother to read that url yet?
<xibalba> this one specifically no
<patdk-wk> as the pkg fixed heartbleed over 16hours ago
<patdk-wk> I dunno what your asking about
<xibalba> well i'm just waking up
<xibalba> =D
<patdk-wk> isn't it normal to check if a fix was already sent to the public, before asking for one?
<xibalba> i'm sure it is
<xibalba> by that measure i'm abnormal
<patdk-wk> better yet, normal to check if your system already automatically installed the security update, before asking where it is :)
<xibalba> no i dont have mine autopatch
<smoser> hallyn, did you fix that fd leak in cgmanager ?
<hallyn> what fd leak?
<hallyn> oh, yeah
<hallyn> well it wasn't fixed in cgmanger, it was fixed in logind
<hallyn> by stgraber :)
<hallyn> there is some new defensive behavior in cgmanager upstream but not in trusty to make this harder to happen in the future...
<xibalba> hmm my apt-get upgrade brought me to version : OpenSSL 1.0.1f 6 Jan 2014
<patdk-wk> xibalba, and?
<smoser> hallyn, thanks.
<xibalba> f is still vulnerable
<patdk-wk> xibalba, did you even BOTHER to read that url?
<hallyn> smoser: hopefully that box is no longer having that issue?
<patdk-wk> !usn | xibalba
<ubottu> xibalba: usn is Please see http://www.ubuntu.com/usn for information about Ubuntu security updates.
<smoser> hallyn, was just curious. handnt seen it.
<patdk-wk> !securityupdate
<patdk-wk> !securityupdates
<hallyn> ah cool.  ok - ttyl
<patdk-wk> xibalba, who said 1.0.1f is insecure?
<xibalba> https://www.openssl.org/news/secadv_20140407.txt
<xibalba> Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
<xibalba> 1.0.1f and 1.0.2-beta1.
<patdk-wk> xibalba, and they are running ubuntu?
<patdk-wk> or, do they specify what ubuntu versions are vaunerable?
<xibalba> this is just openssl's version number
<xibalba> the ubuntu one doesn't match?
<patdk-wk> xibalba, and what do their versions numbers have to do with ubuntu's?
<xibalba> haha are you a troll dude?
<smoser> xibalba, what patdk-wk and others are saying, is that if you have ubuntu packages up to date, then you are not vulnerable.
<patdk-wk> xibalba, you refuse to read ubuntu's infomation
<patdk-wk> you are taking infomation, out of context
<xibalba> ubuntu's version # for openssl does not match openssl's versoin #s?
<patdk-wk> in this case, not related to ubuntu
<smoser> in all supported ubuntu releases, the newest openssl is not vulnerable to that CVE.
<smoser> ubuntu patches existing versions, it does not release new upstream versions.
<xibalba> ahhhhh
<smoser> this is common behavior amoung distros
<xibalba> ok i was expecting it to match the same #
<patdk-wk> therefore 1.0.1f in ubuntu != openssl 1.0.1f
<xibalba> gotcha
<patdk-wk> and if you read ubuntu's security info about this
<patdk-wk> it would tell you the version in ubuntu that is secure
<xibalba> right i just didn't think that was right
<jamespage> zul, hallyn: ack
<jamespage> I'll hold off promoting anything to -updates just yet
<hallyn> ?
<hallyn> waht's that pertaining to?
<zul> hallyn:  cloud-archive
<hallyn> ok
<jvargas> Hi
<jvargas> Does 13.04 have patch for heartbleed bug?
<patdk-wk> 13.04 doesn't even exist
<ogra_> all supported releases that need it got it yesterday
<patdk-wk> jvargas, http://fridge.ubuntu.com/2014/01/28/ubuntu-13-04-raring-ringtail-end-of-life-reached-on-january-27-2014/
<jvargas> thanks patdk-wk, just noticed
<tasslehoff> do security updates get automatically installed? I seem to have openssl 1.0.1-4ubuntu5.12 already
<patdk-wk> if you setup automatic install yes
<patdk-wk> but installing security updates, doesn't restart your programs, to make use of the update
<tasslehoff> patdk-wk: I know. rebooting in progress :)
<sarnold> tasslehoff: see if you have the unattended-upgrades package installed
<tasslehoff> sarnold: I do. It does nothing when run.
<sarnold> tasslehoff: that's probably because it ran a cronjob when you weren't looking :)
<tasslehoff> sarnold: I see security is uncommented in 50unattended-upgrades
<tasslehoff> all is well then. just need to decide if I should generate new keys
<xibalba> any of oyu guys using MaaS?
<RoyK> !ask | xibalba
<ubottu> xibalba: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<xibalba> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<xibalba> !uselessresponses
 * xibalba did not ask to ask
<RoyK> xibalba: well, this is just a place with a lot of people sharing the same operating system. we have no obligation to help, but we can. that !ask thing is just about that - just ask if you have a problem, and please describe in detail. someone might just know
<xibalba> i just wanted someones opinions/experiences on trying out the MaaS stuff
<xibalba> i like the concept
<xibalba> haven't tried it out yet. might try it out w/some virtual machines
<sarnold> to the extent I've tested maas while doing security updates for it I thought it looked neat
<No_one_a1_all> Hi, incredibly stupid question, here. Will using `sudo reboot now` (note the "now") cause a system to hang on reboot?
<No_one_a1_all> Because, as I understand, /sbin/reboot does not accept cli arguments
<No_one_a1_all> (unlike shutdown)
<patdk-wk> No_one_a1_all, yes, it will
<No_one_a1_all> patdk-wk goddammit WHY
<pmatulis> i just tried on precise, came up fine
<No_one_a1_all> patdk-wk: `shutdown -r now` is, like, second nature. Why why why why. I lost 1:40 of downtime to my own ignorance. This is so not fair.
<No_one_a1_all> what about... 13.10?
<patdk-wk> shutdown != reboot
<pmatulis> No_one_a1_all: dunno, try it
<No_one_a1_all> I already did, and had a system hang.
<No_one_a1_all> this is so bogus. Second time I've fallen into this trap.
<pmatulis> No_one_a1_all: file a bug, i'm surprised the command was processed tbh
<No_one_a1_all> Apparently a bug report has already been filed, and a fix implemented. https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1174272
<uvirtbot> Launchpad bug 1174272 in upstart "'reboot now' reverting to maintenance mode" [Undecided,Fix released]
<patdk-wk> oh, it was fixed
<No_one_a1_all> Except it wasn't, apparently
<No_one_a1_all> yeah, Ubuntu 13.10 is what we're running, and just "boom". Server disappeared until we hard-rebooted it.
<No_one_a1_all> *sigh*
<pmatulis> regression maybe.  test other releases.  except precise, as i just tested it
<No_one_a1_all> I don't have any other releases to test. Oh, well.
<lstefani> hello.
<lstefani> how I can allow port 80 on iptables?
<lstefani> iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT  --
<pmatulis> yes, trusty is borked too
<No_one_a1_all> well that's just excellent.
<pmatulis> No_one_a1_all: you should have commented on the bug about Saucy.  get with the program
<No_one_a1_all> pfah
<No_one_a1_all> I'm not a sysadmin. I know approximately as much about sysadminning and creating bug reports as a monkey knows about ice-skating
<pmatulis> No_one_a1_all: can be as simple as "This affects Saucy" - provide a screenshot for bonus points
<pmatulis> No_one_a1_all: like i did for 14.04
<No_one_a1_all> link
<sync0pate> anyone know of a good tutorial to learn iptables?
<pmatulis> No_one_a1_all: the one you gave us
<No_one_a1_all> Oh, that one...wasn't closed or "resolved" or anything? I have no idea how these bug trackers work
<No_one_a1_all> pmatulis: sorry to bug you again, but under "also affects distribution/package", what would I enter to indicate 13.10?
<No_one_a1_all> wait, nevermind.
<zul> coreycb: i got ceilometer rc2
<coreycb> zul, ok anything else you want me to take?
<zul> not yet :)
<zul> jamespage: https://code.launchpad.net/~zulcss/ceilometer/2014.1.rc2/+merge/214829
<jamespage> zul, aside from my fullstop in the middle of a sentence niggle +1
<tgm4883> Regarding the heartbleed bug, I just want to confirm that all openssl < 5.12 is affected. The writeup only states it's 5.11
<batok> Is 14.04 going to be a supported version?
<Patrickdk> tgm4883, only if it starts with 1.0.1
<Patrickdk> batok, supported version of what?
<batok> I mean like 13.10 where there are still packages available and not 13.04
<Patrickdk> batok, oviously, you don't know what supported means
<Patrickdk> 13.04 was supported
<Patrickdk> the same support for 13.10 also
<Patrickdk> exactly how was 13.04 not supported?
<mgw> batok: https://wiki.ubuntu.com/LTS
<batok> theres is no patch to fix de openssl bug in 13.04
<Patrickdk> batok, 13.04 was released on april 2013, it was said, long before it's release, it would only be SUPPORTED for 9 months
<Patrickdk> 4+9=13, so in jan it was unsupported
<Patrickdk> guess what will happen to 13.10 after 9months
<batok> I didnât know that Patrickdk tks
<Patrickdk> batok, release notes are required reading
<tgm4883> Patrickdk, ok, that is what I thought. And my understanding is they get full access to the private key of the server allowing an attacker to setup a server pretending to be us. Is that correct?
<zul> jamespage:  ack..ill get libvivrt ubuntu11 in the cloud archive as well in a couple of secs
<Patrickdk> tgm4883, no
<tgm4883> I'm just trying to gauge how much fixing my team needs to do here
<Patrickdk> they get access to 64k of ram
<jamespage> zul, +1
<Patrickdk> that 64k of ram could be ANYTHING
<Patrickdk> could be the ssl private key
<Patrickdk> could be your root password
<Patrickdk> could be anything
<tgm4883> hmm
<Patrickdk> now, it would be inlikely your root password would be in the ram area accessable by that app
<Patrickdk> but possible
<mgw> is there any sign that this bug has been exploited?
<tgm4883> Patrickdk, I guess I'm just confused by the writeup on the website then, specifically "Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication."
<Patrickdk> tgm4883, yes
<tgm4883> Was it just random they got the secret keys, or am I thinking of something different than what they mean by secret keys
<Patrickdk> without doing anything other than making a tcp connection
<Patrickdk> they could steal ANYTHING in ram
<tgm4883> so it was just random that they got the keys... That's still pretty bad and makes me want to rekey everything
<Patrickdk> tgm4883, that is why it says, to rekey everything
<tgm4883> mgw, the exploit leaves no signs on the server. You wouldn't be able to tell
<tgm4883> Patrickdk, thanks for the info, I'll get my team on replacing al of that
<Patrickdk> ya, lots of fun :)
<Gargoyle> Hi.
<Gargoyle> Is there an official "ubuntu/debian way" to regenerate ssh keys? With dpkg-reconfigure or something?
<Patrickdk> Gargoyle, sure, but why do you need to?
<Gargoyle> Patrickdk: Hearbleed
<Gargoyle> Heartbleed*
<Patrickdk> what does hearbleed have to do with ssh?
<Gargoyle> The keys are generated by openssl
<Patrickdk> Gargoyle, so?
<Patrickdk> generated by != compromised
<Patrickdk> did you serve up those keys via your website?
<Gargoyle> So are SSH keys safe? do we only need to regenerate SSL certificate keys?
<Patrickdk> did you email them?
<Patrickdk> yes
<Gargoyle> Ok. Thanks.
<Gargoyle> If you have a public key out in the wild - like on github - would that be a risk?
<a|3x> hi
<a|3x> is there going to be openssl security patch for the heartbleed bug for raring?
<sarnold> a|3x: no, raring has not been supported since january.
<sarnold> a|3x: https://wiki.ubuntu.com/Releases
<a|3x> lets see, i guess i would need to upgrade
<sarnold> please do :)
<mgw> anybody using lxc with lvm backing and snapshots? I'm having an issue creating a clone with a different size fs than the original
<hallyn> mgw: oh, hey.  didn't see it here :)  lemme know what you end up doing, am interested what others are using
#ubuntu-server 2014-04-09
<zul> jamespage:  when you get in https://code.launchpad.net/~zulcss/horizon/2014.1.rc2/+merge/214856
<resno> how do you restart the network manager in 14.04?
<resno> /etc/init.d/networking just sits
<resno> service network-manager restart just sits
<sarnold> resno: hah, don't run that. that's a recipe for killing your machine
<sarnold> resno: why is network-manager on your server in the first place?
<resno> i dunno, im just trying to get my static ip :(
<resno> it didnt do anything
<resno> so i tried just interfacing directly with ifconfig
<resno> heh, rhetorical question and run ftw :)
<sarnold> resno: the 'best' way to configure networking on servers is to edit /etc/network/interfaces and once it is set up correctly 'ifup eth0' or whatever
<resno> ah ifup now?
<sarnold> resno: yeah. and when you've got some time, figure out what dragged network-manager onto your machine and do your best to get it back off :) it's tolerable (barely) for laptops but servers deserve better :)
<resno> so, hopefully im not in a lost state
<resno> my ip is somehing i dont expect and "ifup eth0" says interface already configured
<sarnold> hrm
<sarnold> is it one of the 169.xxx whatever "local" network addresses?
<resno> ah, there we go
<sarnold> or did you get assigned a DHCP from your pool? :)
<resno> ifdown then ifup :)
<sarnold> \o/
<resno> is the upstart not used anymore?
<sarnold> ifdown doesn't always manage to clean things up depending upon changes you may make to /etc/network/interfaces -- nie that it did the job this time
<sarnold> resno: check out /etc/init/network* -- there's a huge pile of interacting scripts to manage networking :/
<sarnold> resno: thankfully ifup/ifdown has continued to work even in the upstart age :)
<resno> ah ok.
<Cinos> Is the fixed OpenSSL (1.0.1g) available for Ubuntu Server? Trying to upgrade tells me it's the latest version, although it's showing up as being 1.0.1c
<mwhudson> which series?  it's not necessarily been updated to 1.0.1g everywhere, but the fix has been ported everywhere it was needed
<mwhudson> afaik
<Cinos> Series?
<Cinos> How do I check that
<shauno> http://www.ubuntu.com/usn/usn-2165-1/   if your installed version matches the versions listed at the end, you're cool
<Cinos> So I don't need to upgrade my openssl if I'm using those versions?
<Cinos> I have 12.10
<cfhowlett> Cinos dude!  12.10 is end of life and no longer supported = and you're stressing ssl?  upgrade, dammit!
<sarnold> cfhowlett: heh, 12.10 has another mumble-weeks life left
<cfhowlett> !12.10|sarnold
<ubottu> sarnold: 12.10 (Quantal Quetzal) was the 17th release of Ubuntu. Download at http://releases.ubuntu.com/12.10/ - Release Notes: http://www.ubuntu.com/getubuntu/releasenotes/1210
<sarnold> cfhowlett: it's 13.04 that's been dead..
<Cinos> How would I even upgrade?
<cfhowlett> sarnold d'oh!  okay then.  I mis-spoke.  sorry, cinos
<sarnold> cfhowlett: sudo apt-get update && sudo apt-get -u upgrade  :)
<Cinos> One of my servers is showing as being 12.04
<sarnold> Cinos: 12.04 is an LTS release, it will be supported for another three years :)
<Cinos> ah
<cfhowlett> Cinos 12.04 has 5 years support, but current is 12.04.4 so : sudo apt-get update && sudo apt-get dist-upgrade    will bring you current
<Cinos> okay
<Cinos> I do that regularly
<cfhowlett> sarnold : 5 years
<sarnold> Cinos: but for your 12.10 machine, pay attention to its end of life when it comes; probably sudo do-release-upgrade will do the right thing, but pay attention when it happens
<Cinos> okay
<Cinos> Anyway, so should I just be fine with the current version of OpenSSL that I have?
<sarnold> Cinos: have you rebooted or restarted all your services after installing the update?
<Cinos> It hasn't installed any updates
<sarnold> Cinos: you may also wish to regenerate private keys and assume they have been compromised; perhaps expire web sessions, etc..
<Cinos> apt-get update && apt-get upgrade just returns that there are no packages to update
<cfhowlett> Cinos apt-get dist-upgrade
<sarnold> Cinos: and dpkg -l libssl* returns those right versionnumbers?
<Cinos> Same result
<Cinos> one sec
<Cinos> nope, it's showing 1.0.1c and 0.9.8o
<sarnold> Cinos: ah, sorry, I forgot that dpkg cuts off version numbers :( try dpkg -l libssl* | cat
<sarnold> that'lltrick it into showing the full width output
<Cinos> it's showing the full length
<Cinos> I see things like "1.0.1c-3ubuntu2.7"
<mwhudson> right
<mwhudson> that's what sarnold is asking for :)
<Cinos> ah
<sarnold> yay, 3ubuntu2.7 is the 'fixed' version at http://www.ubuntu.com/usn/usn-2165-1/
<mwhudson> you can see here that this version includes the fix: https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7
<mwhudson> so this isn't version 1.0.1g it's version 1.0.1c + fixes
<Cinos> ah, so no need for me to panic
<Cinos> I haven't upgraded since before today
<sarnold> Cinos: you may have the unattended-upgrades package installed
<Cinos> hm
<sarnold> Cinos: that will install security updates periodically; but this update also requires restarting affected services and since so many things use openssl, we've just recommended rebooting.
<BasedGeek> hey folks anybody know anything about running a gopher server?
<BasedGeek> pygopherd to be specific?
<sarnold> I can't believe I call myself a neckbeard without having run a gopherd myself.
 * BasedGeek sighs deeply
<sarnold> heh, looks like an awesome tool :)
<hallyn> gopher!  oh  how i miss gopher
<BasedGeek> any tips on running pygopherd?
<valeech> hello! is this a good channel to get help with MaaS and JuJu?
<[ghost]> im running ubunut server 12.04 i'm trying to setup openvpn to connect to my server remotely. internal connection works i just can't connect to the internet. i tried bridge but no luck any suggestions.
<lordievader> Good morning.
<hadifarnoud> how can I just update SSL?
<hadifarnoud> I mean openSSL
<cfhowlett> hadifarnoud is this for the heartbleed issue?
<hadifarnoud> yes cfhowlett
<cfhowlett> hadifarnoud according to the discussion in main channel, the upgrade has already rolled out on supported versions, although the version doesn't display the new number.    do sudo apt-get upgrade
<cfhowlett> hadifarnoud ask in #ubuntu for more info
<hadifarnoud> cfhowlett: that's the thing. I don't want to upgrade anything else
<cfhowlett> hadifarnoud ask in #ubuntu for more info
<rbasak> jamespage: I think I need to flag bug 1302192
<uvirtbot> Launchpad bug 1302192 in iputils "ping is not setuid root" [Undecided,Confirmed] https://launchpad.net/bugs/1302192
<rbasak> jamespage: seems pretty critical to me. Everyone uses ping.
<rbasak> jamespage: something to do with the way ISOs are built maybe?
<jamespage> rbasak, maybe - that might be installed in the image-bit of the installer
<jamespage> rbasak, can you give cjwatson a ping about this?
<rbasak> Will do
<jamespage> beisner, roaksoax: is maas now functional from the ISO?
<jamespage> reference bug 1298559
<uvirtbot> Launchpad bug 1298559 in maas "Internal Server Error after installing MAAS from Trusty daily ISO" [Critical,In progress] https://launchpad.net/bugs/1298559
<zul> jamespage:  https://code.launchpad.net/~zulcss/horizon/2014.1.rc2/+merge/214856
<jamespage> zul, +1 on horizon
<Siebjee> when is the new openssl version 1.0.1g being released as ubuntu package ?
<bekks> Siebjee: It was released two days ago.
<Siebjee> I don't see it in the repo on packages.ubuntu.org/
<Siebjee> for any release
<bekks> Siebjee: http://www.ubuntu.com/usn/usn-2165-1/
<bekks> Siebjee: The version was not bumped, the fix was applied.
<rbasak> kirkland: are you planning to take care of bug 1304777?
<uvirtbot> Launchpad bug 1304777 in pollinate "entropy.ubuntu.com SSL certificate needs to be updated" [Undecided,New] https://launchpad.net/bugs/1304777
<rbasak> kirkland: also, what implications does a server cert change have, OOI? Does this break pollinate? I don't see any fallback.
<rbasak> Why does it not default to using the PKI?
<caribou> Is it a total waste of my time to try to use juju's local provider to deploy openstack ?
<zul> jamespage:  neutron rc2 is out do you want me to take it?
<jamespage> zul, sure
<jamespage> caribou, you can do it but you have to use the juju add-machine --to kvm:0 to create instances for nova-compute, quantum-gateway and other bits
<jamespage> caribou, see hazmat's email to the juju ML
<caribou> jamespage: ok, thanks I'll look for that
<caribou> jamespage: is hazmat's email in a recent thread ?
<cfhowlett> filippo.io/heartbleed/   asks for a hostname to test vulnerability - how do I proceed
<patdk-wk> dunno, ubuntu doesn't run that website
<cfhowlett> patdk-wk how/where can I test the heartbleed patch?
<alex88> cfhowlett: put the hostname?
<cfhowlett> alex88 what hostname might we normally use for testing such as this?
<alex88> cfhowlett: the hostname of the server you want to check for that bug
<alex88> well, the endpoint more than the server
<cfhowlett> alex88 got it.  thank you.
<alex88> np
<jamespage> caribou, 'fast containers & dev workflow with juju 1.18'
<caribou> jamespage: ok got that. I also found a blog post from stokachu who talks about it
<beisner> jamespage, roaksoax: as of yday's iso, no.
<jamespage> beisner, hmmm
<beisner> jamespage, will be kicking off that and other amd64 iso test runs shortly
<jamespage> beisner, ack - lemme know if that fails asap - we need to get that nailed before FF IMHO
<beisner> jamespage, ack, I agree.  if the feature is on the menu, we should make sure it works.  alt would be to rm the menu item and force install via apt.
<jamespage> roaksoax, do you have time to work on this?
<roaksoax> jamespage: on what exactly? the bug from maas iso install?
<jamespage> roaksoax, yes
<roaksoax> jamespage: i can try to look at it tonight
<jamespage> roaksoax, I need a definate
<jamespage> this is a critical release bug
<roaksoax> beisner: do you have the link for the ISO you are testing?
<beisner> hi roaksoax.  yep it's the daily build.  http://cdimage.ubuntu.com/ubuntu-server/daily/current/     http://cdimage.ubuntu.com/ubuntu-server/daily/current/trusty-server-amd64.iso
<roaksoax> jamespage: i'll give it a look now and let you know
<jamespage> roaksoax, thanks
<zul> jamespage:  https://code.launchpad.net/~zulcss/neutron/2014.1.rc2/+merge/214947
<jamespage> zul, +1
<zul> jamespage:  we should be fine in the icehouse CA now (libvirt regression from yesterday)
<jamespage> zul, looks weird but works OK "pc-i440fx-trusty"
<jamespage> lol
<zul> jamespage:  yeah
<zul> jamespage:  rhel does the same thing apparently
<zul> jamespage:  ceilometer testsuites have been disabled for the longest time so im whipping that back into shape
<jamespage> zul, ok - but I remember they depend on a running MongoDB - is that still true?
<zul> jamespage:  oh hell yes
<zul> jamespage:  im just gonig to get the tests to use sqlite by default
<jamespage> zul, OK
<zul> we are also missing a dependency on oslo.vmware as well
<kirkland> rbasak: I've opened an RT
<rbasak> kirkland: AIUI, it's the package that needs fixing, no?
<rbasak> With the pem embedded in it? That bug came from IS.
<kirkland> rbasak: yes
<kirkland> rbasak: okay, updating now...
<rbasak> kirkland: OOI, why aren't you using PKI by default?
<kirkland> rbasak: https://docs.google.com/presentation/d/1wj2HNoFguP6JycBB-uDHQKACyQQuEacjaK68cWQxTE0/edit#slide=id.g2b85e07b3_367
<kirkland> rbasak: slide 48
<kirkland> rbasak: sorry, slide 45/46
<rbasak> kirkland: I see, OK. I suppose the trade-off is that older cloud images will now never successfully pollinate? That strikes me as a potential attack vector in itself, though I suppose no worse than a DoS.
<kirkland> rbasak: it is a calculated tradeoff, unfortunately
<rbasak> Understood. Fair enough.
<kirkland> rbasak: the good news is that the bundled cert is actually working as designed :-)
<kirkland> rbasak: ie, we changed the cert on the server (for a very good reason)
<kirkland> rbasak: and now pollinate is appropriately "failing"
<kirkland> rbasak: and, fwiw, you can certainly manually override pollinate's options, and disable the --cacert /etc/pollen/cert.pem --capath /dev/null options
<beisner> jamespage, roaksoax:  confirmed 'internal server error' is result of maas install from trusty 2014-apr-09 daily ISO.  bug: https://bugs.launchpad.net/ubuntu/trusty/+source/maas/+bug/1298559
<uvirtbot> Launchpad bug 1298559 in maas "Internal Server Error after installing MAAS from Trusty daily ISO" [Critical,In progress]
<jamespage> zul, promoting proposed->updates for icehouse
<jamespage> zul, ceph will follow shortly
<jamespage> zul, in ceilometer?
<jamespage> <zul> we are also missing a dependency on oslo.vmware as well
<aliesky> Hello everyone
<aliesky> I have a question about networking and dns-nameservers
<zul> jamespage:  yeah python-oslo.vmware is missing as a build-deps, pydist picks it up anyways
<aliesky> I have a PC with two NIC, each NIC with a different network, and each network have it's own DNS Servers
<aliesky> how to configure both nameservers?
<aliesky> do I need to declare them separately in the network.conf file?
<bekks> there is no network.conf file. There is /etc/network/interfaces and you declare both on one line.
<bekks> aliesky: https://help.ubuntu.com/12.04/serverguide/network-configuration.html
<aliesky> bekks: sorry, my bad
<aliesky> bekks: but each network interface have it's own configuration, and I can declare dns-nameservers in both
<jrwren> aliesky: you cannot. dns does not work that way
<jrwren> aliesky: choose one to prefer.
<aliesky> jrwren: so i just put the dns-nameservers in one card?
<bekks> aliesky: define them on the interface with the default route.
<aliesky> bekks: got it, thanks
<jrwren> aliesky: like bekks said, put nameservers under each correct interface, so that if one interface is down your resolv.conf will get written to use the up interface
<aliesky> jrwen: then the main config will be the one in the preferred card, unless it be down, correct?
<jamescarr> where does /usr/share/dict/words come from?
<jamescarr> is there a package for it?
<rbasak> jamescarr: $ dpkg -S /usr/share/dict/words
<rbasak> diversion by dictionaries-common from: /usr/share/dict/words
<rbasak> diversion by dictionaries-common to: /usr/share/dict/words.pre-dictionaries-common
<ogra_> jamescarr, dpkg -S /usr/share/dict/words
<rbasak> wamerican, dictionaries-common: /usr/share/dict/words
<jamescarr> thanks
<jrwren> alex88: there is no such thing as a preferred interface.
<alex88> jrwren: wut?
<alex88> oh nm, it wasn't for me :)
<jrwren> alex88: sorry, misdir
<jrwren> aliesky: there is no such thing as a preferred interface.
<semiosis> jdstrand: jamespage: sarnold: any update re: the glusterfs MIR?  LP bug 1274247
<uvirtbot> Launchpad bug 1274247 in glusterfs "[MIR] Glusterfs" [Undecided,Confirmed] https://launchpad.net/bugs/1274247
<jdstrand> semiosis: sarnold is performing it now. I imagine it will be completed today or tomorrow
<semiosis> thats great! thanks
<jamespage> semiosis, jdstrand: that could be late for enabling the support in libvirt
<jamespage> hallyn, zul: ^^
<zul> jamespage:  apparently you need qemu support as well
<jamespage> \o/
<zul> jamespage:  too late imho
<jamespage> jdstrand, semiosis: I'll defer to zul and hallyn for an opinion on timing
<zul> hallyn:  too late imho
<semiosis> only qemu needs glusterfs support enabled.  afaik libvirt doesnt need anything special
<semiosis> well thats to be expected
<semiosis> only been waiting 2+ years for this MIR, what's another 6 months right?
<semiosis> disappointed that this was stalled pending security review for 6 weeks and only got looked at after it was too late
<semiosis> 6 weeks!
<zul> semiosis:  yes well the security team is a bit overworked we love them anyways
<semiosis> i can relate
<semiosis> I appreciate all your efforts
<hallyn> yeah that is really too bad.  but we can enable it in a ppa at least
<hallyn> tbh i got the impression from patches rolling by that glusterfs in libvirt had some issues still, but if i'm not mistaken on that then enablnig it lets us help stabilize it...
<hallyn> zul: can you reproduce bug 1305191 ?  (I suspect it has something to do with the change in machine type name from trusty to pc-i440fx-trusty, maybe he upgraded qemu packages between install and first boot??)
<uvirtbot> Launchpad bug 1305191 in virt-manager "virt-manager can not create new virtual machine" [Undecided,New] https://launchpad.net/bugs/1305191
<beisner> hallyn, zul:  I'm upgrading my trusty virt machine host (it's a week old), then will also put some cycles into bug: 1305191
<hallyn> beisner: great, thx
<zul> beisner:  cool thanks
<zul> hallyn:  yep right after i try to fix samba
<hallyn> zul: may?
<hallyn> sorry,
<zul> hallyn:  no worries
<zul> beisner:  should show up here when it builds https://launchpad.net/~zulcss/+archive/samba
<beisner> hallyn, zul: unable to reproduce bug 1305191 on up-to-date trusty
<uvirtbot> Launchpad bug 1305191 in virt-manager "virt-manager can not create new virtual machine" [High,New] https://launchpad.net/bugs/1305191
<zul> beisner:  sweet
<hallyn> beisner: phew.
<hallyn> maybe i should've kept 'trusty' as an alias to the new type
<Shutterstrom> Good evening. Just a quick question: what happens with my settings in config files when using apt-get upgrade? Are they lost or will the system try to merge old and new settings?
<bekks> Shutterstrom: Personal configs are unchanges, global configs are asked to be modified on a per file basis.
<Shutterstrom> say that I have done some edits in the config file for sshd and if the program gets upgraded, will theses changes be overwritten or till this be taken care of when using apt-get.
<bekks> Shutterstrom: global configs are asked to be modified, personal configs are left unchanged.
<Shutterstrom> bekks: Thanks! Well, I haven't encountered this yet, but the thought have struck me. But now I know. Thanks!
<hallyn> oh, can't ahve multiple aliases, so that woudn't work
<t_dot_zilla> did ubuntu push the updated version of openssl to 12.04 yet?
<mdeslaur> t_dot_zilla: we did on monday. see http://www.ubuntu.com/usn/usn-2165-1/
<funcoland1> i'm having an issue with the trusty PXE install. it gets to a point where it's looking for the "trusty-updates" repository to get some packages I guess? and it hangs with a 404. i don't understand why it's triyng to reach out to it
<funcoland1> it's looking for http://<mypxeserver>/Ubuntu-Trustyx64/dists/trusty-updates/Release then blam.. 404 and hangs for 10+ minutes. the installation does continue after that long period however.
<bekks> 404 is pretty obvious, isnt it?
<funcoland1> yeah it can't be found.. it's looking for trusty-updates though which isn't on the disc
<funcoland1> i don't know maybe there's a preseed command that says "don't look for trusty-updates" ?
<bekks> ship a customizes sources.list then.
<jpds> Maybe you should just make your server sync trusty-updates ?
<jpds> There's nothing there but it's going to need it... eventually.
<funcoland1> i guess that is an option to just sync that entire directory or even repository to the server,  but i mean all of the before generations of ubuntu i've been able to do PXE installs off of with files that were included on just the disc
<jpds> Right, sounds like you're missing trusty-updates.
<xpistos> Hey all. how do I remove medibuntu stuff from my server list?
<bekks> xpistos: you can use ppa-purge
<xpistos> bekks: ppa-purge medibuntu or do I need to find a specific ppa
<bekks> xpistos: you need to specify the ppa name
<xpistos> bekks: 10-4 Thanks.
<bekks> xpistos: ?
<xpistos> bekks: It means "acknowledged"
<bekks> ah :)
<xpistos> bekks: I don't have a medibuntu listed in my sources.list file? but I know it is there cause when I try to update they fail out
<xpistos> oh wait. I see it now
<justizin> xpistos: check /etc/sources.list.d/
<justizin> oh, you found it ;d
<xpistos> justizin: I didn't have anything in sources.list.d
<xpistos> I found a item in sources.list and then commented it out
<bekks> xpistos: No you have to remove all packages that where installed from that ppa
<xpistos> bekks: I will make sure to do that as well.
<kyloor> Hey all. I have two servers each with three spare 1Gb NICs. I'd like to transfer data between them, but my switch doesn't support bonding. Any suggestions on how I can use all three without having to manually divide up the copy operation?
<kyloor> I can actually directly connect NICs from server to server.
<ikonia> kyloor: there is no benifit to what you want to do
<ikonia> if your switch doesn't support bonding, it probably won't deal with 6 x 1gb interfaces maxed out anyway
<Cinos> I have lost my root password. I'm assuming the only things I can do from here are reinstall or manually edit the passwords file somehow, right?
<bekks> !password
<ubottu> Forgot your password? See https://help.ubuntu.com/community/LostPassword What's the root password? See !sudo. Don't see *** in password prompts? That's normal. Sudo doesn't ask for your password? It remembers you for several minutes. Please use strong passwords, see https://help.ubuntu.com/community/StrongPasswords
<makara_> Cinos, mount the disk onto another PC, or LiveCD in and chroot to create a new user
<sarnold> bekks: heh, cool, that's usefull :)
<Cinos> Thank you
#ubuntu-server 2014-04-10
<jrwren> am tip:  echo BYOBU_PYTHON=python >> .byoburc   to prevent byobu from running python -c 'import snack' EVERY time it refreshes status line
<jrwren> I have a LVM LV snapshot which is not mounted, yet I cannot delete it.
<jrwren>  Logical volume datavg/mirrored-snapshot-monthly contains a filesystem in use.
<Guest82354> hello all!!
<dpb1> oftc
<lazyPower> https://bugs.launchpad.net/qemu/+bug/1305402
<uvirtbot> Launchpad bug 1305402 in qemu "kvm fails to start 'trusty' machines" [Undecided,New]
<hallyn> lazyPower: please stop and restart libvirt-bin, that should fix it (assuming both qemu and libvirt are uptodate)
<lazyPower> hallyn: it looks like the machine names were incorrect from what it was expecting. I had some machines that didn't get an updated flag. I updated teh bug with my findings
<lazyPower> they had just 'trusty' as the designation, and it wanted pc-i440fx-trusty
<lazyPower> not sure if virt-manager is to blame, or the update...
<hallyn> lazyPower: no, I am to blame - in previous version the machine type was just 'trusty'
<hallyn> libvirt was udated to handle that, but then that messed people up who were using newer qemu with older libvirt (in ppas)
<hallyn> so we renamed the machine type
<lazyPower> ah, ok. weird that 2 of my machines had a proper machine type while the rest were just trusty.
<hallyn> probably depends on when they were created
<hallyn> zul: ^ we may just want to re-introduce the libvirt patch for a bit?
<hallyn> or, release-notes it
<lazyPower> wasn't a big deal here. Only 7 VM's to virsh edit here.
<lazyPower> but i can see this being a larger issue at scale for anyone using libvirt with "stale" machines
<hallyn> right
<lazyPower> hallyn: thanks for taking a look at the bug though. Hope this helps.
<hallyn> lazyPower: having the bug open shoudl help guide others who run into it, so thanks for that
 * hallyn out
<Kiongku> hi wondering anyone experience on working with a personal server in zotac aq01 boxes? or even maybe the newer aq02
<sarnold> oh that's cute :)
<Kiongku> :?
<sarnold> aq02
<Kiongku> you just saw it online :P? or you tried it before
<sarnold> Kiongku: never heard of it before, but the photos and specsheets look nice
<Kiongku> hahaha hong kong.. space is premium :)
<sarnold> :)
<lordievader> Good morning.
<jamespage> zul, want me todo nova rc2?
<rbasak> rcj, utlemming: bug 1305418 looks critical to me. On Saucy?
<uvirtbot> Launchpad bug 1305418 in walinuxagent "Broken SSHD configuration on Ubuntu 13.10 with latest walinuxagent update" [Undecided,New] https://launchpad.net/bugs/1305418
<jamespage> rbasak, morning
<jamespage> zul, coreycb_: https://code.launchpad.net/~james-page/nova/rc2/+merge/215130
<jamespage> or infact rbasak
<jamespage> ^^
<rbasak> o/
<jamespage> rbasak, just a new rc - running the package build including unit tests right now
<rbasak> jamespage: lgtm, though I'm not sure what exactly to review there!
<jamespage> rbasak, its really just a formality - I'd normally just push that as a trivial
<jamespage> rbasak, so long as I have the right bug and don't have any typos +1
<rbasak> I did indeed check the changelog entry very quickly, and followed the bug link :)
<jamespage> rbasak, excellent
<rbasak> Uh, s/quickly/carefully/ is what I meant. It was also quite quick :)
<Voyage>  I cant see ubuntu as an operating system in ec2 of amazon while i create a volume or instance.?
<hxm> how to add various directories to a webdav <Location> ?
<hxm> i created a webdav, added a Location added some ln -s files to there
<hxm> when i want to create a directory in that symlink i get an error
<hxm> i was able to create the directory but not to change the name
<hxm> im in macos to ubuntu server
<zul> jamespage/coreycb: i got heat
<jamespage> zul, ack - I'm working on a fixup for vpn/l3 conflicting
<jamespage> in neutron
<zul> jamespage:  cool beans
<coreycb> zul, anything else left?
<zul> coreycb: there is always more ;)
<coreycb> zul, :)
<zul> coreycb: there is a glance rc2 probably still
<zul> jamespage: it looks like your swift patch got merged
<coreycb> zul, I'll keep an eye on glance
<jamespage> zul, \o/
<zul> jamespage: need to go fix ci packaging now :P
<rostam> HI I am using 12.04 LTS. The openssl pkg version is 1.0.1. I like to use the later version which is provided by 13.xx . How could I upgrade this pkg? thx
<jamespage> rostam, why?
<rostam> jamespage,  It has a better TLS support according to our development team. If this is not the case please let me know. Thx
<rbasak> rostam: I suggest that you use 13.xx then.
<rbasak> (13.10 is the only 13.xx that is still supported)
<rostam> rbasak,  we need to stick with LTS , So is there a site that has backported 13.10 version of openssl to 12.04 LTS ?
<patdk-wk> rostam, what is the *problem*?
<rcj> rbasak, Looking at bug #1305418.
<uvirtbot> Launchpad bug 1305418 in walinuxagent "Broken SSHD configuration on Ubuntu 13.10 with latest walinuxagent update" [Undecided,New] https://launchpad.net/bugs/1305418
<rbasak> rostam: I'm not aware of one. Are you aware of https://wiki.ubuntu.com/UbuntuBackports? OpenSSL is a pretty core package though, with many reverse dependencies. A backport seems unlikely.
<patdk-wk> can't believe there is that much of a difference from 1.0.1 and 1.0.1f
<rbasak> rostam: why are you sticking with the LTS? I think that the recent openssl vulnerability demonstrates that using an unsupported openssl is far worse than using a non-LTS.
<patdk-wk> but with lts in 2 weeks, why really bother?
<cfhowlett> 1 week ...
<zul> rostam:  or you could wait a week and use the next lts that is out next week
<rostam> All, Thank you so much. I got very valuable help here. So I will wait one week for next LTS.
<zul> jamespage:  https://code.launchpad.net/~zulcss/heat/2014.1.rc2/+merge/215165
<jamespage> zul, -1 wrong bug
<jamespage> zul, gah - this l3/vpn thing is awkard; the vpn-agent needs all of the bits from the l3-agent package apart from the upstart config and the binary
<jamespage> zul, as a minimal change I might move bits into neutron-common (filters and config) and then have the binary and the upstart config in the -agent packages
<jamespage> how does that sound?
<tiblock> Hi. I try to config "log2ban" script and i dont like how it works. I want ban IP if it requests more than 40 requests per minute. But log2ban logic is that - 1 minute count requests and then ban. So you can send 100000 requests and will be banned only in 60secs. And that is problem when you have 97000 bots with 3 requests/sec. Anybody have experience with "log2ban"? Maybe i do something
<tiblock> wrong?
<zul> jamespage: erp...fixed
<zul> jamespage:  sounds good to me
<bekks> tiblock: How about using fail2ban? It will ban clients after three attempts, e.g.
<tiblock> bekks, as i know fail2ban is about SSH, but log2ban is for HTTP DDoS/flood/bruteforce
<bekks> ah ok
<ihre> fail2ban just uses regex on logfiles to determine bans/blocks iirc, so it could also help against bruteforce/flood/???/dovecot
<tiblock> bekks, ihre, yeah, i google and fail2ban may be solution. Thank you.
<ihre> note, the default repositories contains a pretty old version of f2b
<Voyage> how I can be sure if tomcate is started?
<Voyage> how can i be sure that it is running  http://pastie.org/9070315      I dont see it in nmap localhost nor on localhost:8080
<zul> jamespage: heat fixed
<jamespage> zul, if you use debcommit it will auto-generated --fixes on the bzr commit and then the MP references then directly btw
<jamespage> zul, +1
<jamespage> zul, oh actually
<jamespage> bug 1296912
<uvirtbot> Launchpad bug 1296912 in heat "python-qpid-python package does not exist in precise" [Undecided,New] https://launchpad.net/bugs/1296912
<jamespage> zul ^^
<jamespage> zul, three of those - just de-duped them all
<jamespage> zul, can you check it out please? its a UCA issue
<patdk-wk> heh? fail2ban comes with dovecot rules by default
<zul> jamespage:  ack
<jamespage> zul, just working on the upgrade testing for the neutron re-jig
<tiblock> just for the record, "fail2ban" will not work. Its good for very fast flood, but yesterday i was attacked by 50 requests/60 sec. Legit users requests static content faster. "log2ban" uses custom function to generate ID of attacker and i can use my own algorithms for detection. For example random hosts "39p6jml1s42lz.com nd02386x93477v.net s30l9m0i4ds.com 6o21b81yy94.com" and "POST /".
<tiblock> So i will search guy who have experienge with log2ban.
<jtv> I suppose they'll always look for a way around effective defences.  I must say fail2ban has done me a lot of good over the years.
<zul> jamescarr:  looking
<patdk-wk> well, blocking via access logs, is very very hard
<jamespage> zul, coreycb: https://code.launchpad.net/~james-page/neutron/vpn-l3-fixup/+merge/215178
<zul> jamespage:  +1
<zul> jamespage:  heat fixed as well
<jamespage> zul, looking
<zul> jamespage:  why didnt the adt tests pick up on this for heat i wonder
<jamespage> zul, I think its OK in 14.04
<jamespage> zul, OK - uploaded neutron - thanks for the review
<zul> jamespage:  actually its in the requirements.txt so pydist will add it anyways...best remove it for now and then we rethink qpid after trusty is out
<jamescarr> zul: huh?
<jamescarr> oh
<jamespage> zul, bah - can you ack http://paste.ubuntu.com/7230905/
<jamespage> otherwise that there vpn agent won't work to well
<zul> jamespage:  hah ok +1
<zul> jamespage:  mind +1 heat while you are at it
<jamespage> zul, approved but can you shift the fullstop after the bug reference - being super niggly today
<zul> jamespage:  sure
<rsmarshall> hey all
<rsmarshall> i'm a bit screwed on a cloud server i have and can't get root access after stupidly deleting the wrong key
<rsmarshall> and the grub boot line changes don't seem to work
<patdk-wk> what is a cloud server?
<rsmarshall> well vm
<rsmarshall> ;)
<rsmarshall> i have console access but the lost password instructions point to things i can't seem to see
<rsmarshall> i get the grub menu up, press e and have the boot code, but must not be putting things in the right place
<tmwsiy> are you pressing ctrl-x or f10 after making the change?
<rsmarshall> yeah i just get back to the login prompt
<tmwsiy> what cloud vendor?
<rsmarshall> brightbox
<rsmarshall> talking with one of their guys atm
<rsmarshall> these things always happen when i'm behind on deadlines lol
<tmwsiy> you have to also hold down shift to get into recovery console
<tmwsiy> I guess you are doing that
<rsmarshall> yeah did that, it prompted my for a root pass which i don't have
<rsmarshall> me*
<rsmarshall> so then tried lost password options which say press e on the boot option and edit that
<rsmarshall> can't seem to edit it correctly
<tmwsiy> well you have to edit the boot line and then somehow get it to continue boot otherwise it will revert to whatever it was before next boot
<tmwsiy> unless you can run update-grub which if you could do that we would not be here :)
<rsmarshall> yeah tried changing the boot line where it says ro to rw and adding a shell init, it just got stuck on boot commands then
<Geeky_Vin> Hi There, I am struggling to config my ubuntu-server with my wifi can any1 hemp me pls.
<tmwsiy> I think you can just add single to the end of the boot line and then f10
<tmwsiy> and manually do the rw remount
<rsmarshall> yeah added that and ctrl-x and it just went back to login prompt
<tmwsiy> well i dont have a brightbox account and not sure of their security setups or I would try to help figure it out
<Geeky_Vin> does any1 know how to connect the ubuntu-server system with a wifi router, kindly help me.
<tmwsiy> does the device show up ?
<tmwsiy> lshw -C network
<rbasak> Geeky_Vin: there are some examples of how to set up /etc/network/interfaces in /usr/share/doc/wpasupplicant/README.Debian.gz
<Geeky_Vin> @tmsiy: Thank you for ur response, I can see the device.
<Geeky_Vin> @rbasak: I tried them with no success, thank you anyway.
<tmwsiy> not sure about what security protocols you are trying to use but this looks like it mentions a good number: http://ubuntuforums.org/showthread.php?t=571188
<Geeky_Vin> but I see *-network DISABLED in the first line, is that suppose to be like that?
<tmwsiy> yeah that is probably not a good thing :)
<Geeky_Vin> how do i enable it?
<tmwsiy> is there a button on the device to turn it off/on?
<tmwsiy> or it could not be set to managed in netowrk manager
<tmwsiy> assuming you are using network manager
<tmwsiy> /etc/NetworkManager/nm-system-settings.conf should tell you
<Geeky_Vin> that conf file seems to be empty
<Geeky_Vin> wait a sec I did ifconfig wlan0 up
<Geeky_Vin> now the nwtwork is enabled
<tmwsiy> and you can connect to AP?
<Geeky_Vin> I'm sry I'm a newbie to this, how do I chk that?
<rsmarshall> tmwsiy: which config do i edit to allow password based login until i can readd my key?
<rsmarshall> have a login now but only via the cloud terminal
<tmwsiy> rmarshall: /etc/ssh/sshd_config is the file and PasswordAuthentication yes is the option you want to change
<rsmarshall> just did that actually :) and it still says public key is the problem
<tmwsiy> don't know if you can get there from where you are now though
<rsmarshall> i also restarted ssh
<tmwsiy> wait if you are able to edit files as root what is the problem?
<rsmarshall> i'm on the cloud terminal, want to ssh in from my local machine
<rsmarshall> so need to replace my key but can't past it in there lol
<rsmarshall> and it's a big long to do manually
<ziyourenxiang> rsmarshall: ssh -v to see the protocol action
<tmwsiy> you should be able to edit whatever keys you need in the files in  /root/.ssh/ right?
<tmwsiy> GeekyVin: are you logging in to a gui?
<rsmarshall> yeah but can't paste into the terminal, so was going to log in locally with password and then set it back to the key
<Geeky_Vin_> I'm logged in to the chat in a GUI
<tmwsiy> rmarshall: put it on a web server real quick and pull it down with wget and delete
<tmwsiy> ok so what happens when you try and configure wireless with the nm-applet?
<rsmarshall> ah nice idea
<Geeky_Vin_> Yes, I'm logged into the chat in a windows-7 machine, my server is a ubuntu-server 13.0 version
<Geeky_Vin_> when I try wpa-supplicant -Dnl80211 -iwlan0 -c./wpa.conf I get wlan0: Failed to initiate AP Scan
<rsmarshall> sorted it thanks tmwsiy  :)
<Geeky_Vin_> @tmwsiy: do u hav any idea how shld I process, pls.
<rsmarshall> tmwsiy: for ftp am i best setting up vsftpd?
<bekks> rsmarshall: yeah, thats the most easy one.
<rsmarshall> bekks: just installed it via ansible and when i try vsftpd in terminal it says it's not set as the correct user
<funcoland11> hello, can anyone tell me why i can't see any packages when i browse to http://us.archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/ ?
<funcoland11> however, my servers seem to be able to download them just fine via apt-get
<bekks> rsmarshall: I never used ansible and all my vsftpd instance do work fine.
<rsmarshall> do i need to add users to a group?
<rsmarshall> i have a user setup and vsftp installed
<rsmarshall> can't connect to the server with the user i setup
<rsmarshall> when i run vsftp i get 500 OOPS: could not bind listening IPv4 socket
<bekks> rsmarshall: thats totally different from "the user isnt in a group".
<bekks> rsmarshall: vsftpd cannot bind to the port configured.
<rsmarshall> yeah wasn't sure the user was but it seems this is the issue
<rsmarshall> sorry
<rsmarshall> yeah not sure how to fix it, is it as there is another service on the port?
<rsmarshall> meant to be going home 10 mins ago lol
<bekks> rsmarshall: The user isnt the issue.
<bekks> rsmarshall: vsftpd cannot bind to the port configured.
<rsmarshall> yeah thanks, i am trying to work out how to solve that problem
<rsmarshall> actually i'd like to change it's port to a none standard one
<bekks> Find out what is listening on that port.
<rsmarshall> how do i do that?
<bekks> lsof -i
<bekks> sudo lsof -i actually
<bekks> And unless you are root, you cannot bind to a port < 1025
<rsmarshall> not sure from that display
<rsmarshall> vsftpd    2727          root    3u  IPv4  14531      0t0  TCP *:ftp (LISTEN) is listed
<bekks> So it is already listening.
<bekks> Running as root.
<rsmarshall> does that mean standard ftp port?
<tmwsiy> Geeky_Vin: try this and let me know where you have issues https://help.ubuntu.com/community/WifiDocs/WirelessTroubleShootingGuide
<bekks> rsmarshall: Yes.
<rsmarshall> i can't connect though
<rsmarshall> appreciate the help bekks , just want to go home now lol
<rsmarshall> i can as soon as i can connect to this
<rsmarshall> :)
<rsmarshall> server refuses connection
<rsmarshall> in general, could it be a closed port?
<rsmarshall> opened port 21 i think, but nothing
<bekks> rsmarshall: Stop vsftpd, ensure it is stopped, and start it again. Check for errors. Check the firewall is open on both the data and the control port.
<rsmarshall> i did iptables -A INPUT -p tcp --dport 21
<bekks> source port is needed as well.
<bekks> For output, though
<rsmarshall> sudo ufw enable ftp? found something about using ufw
<bekks> Yes.
<rsmarshall> still nothing
<bekks> try "telnet 127.0.0.1 21" from the server itself, in a new terminal.
<rsmarshall> i can't connect at all since running that command
<tmwsiy> if you can get back in I would just do a sudo ufw disable to completely eliminate firewall as an issue
<bekks> rsmarshall: since running which command?
<tmwsiy> and then correct your rules if that is the problem :)
<rsmarshall> if i can get back in tmwsiy
<rsmarshall> the ufw command bekks
<tmwsiy> can you do the console thing like you were before?
<rsmarshall> nope
<tmwsiy> well that sucks
<rsmarshall> now i can
<rsmarshall> rebooting now
<rsmarshall> after ufw off
<rsmarshall> i just want to go home lol
<rsmarshall> ok now i can get in
<rsmarshall> so need to get ftp working still
<rsmarshall> tmwsiy: many beers will be yours (should we ever meet) if you can fix my ftp woes ;)
<tmwsiy> haha: sounds like you need a beer for sure
<rsmarshall> damn right lol
<rsmarshall> other dev is on hol and he normally does all this, i'm still learning more on the server side
<rsmarshall> all been fine until now, provisioned with ansible and set the rest up, can't get this damn ftp to connect
<rsmarshall> just want to go home and have a beer ;)
<rsmarshall> it's vsftpd
<rsmarshall> any ideas?
<tmwsiy> what happens when you try to connect using the telnet method from localhost with the firewall off and the service started?
<rsmarshall> Trying 127.0.0.1...
<rsmarshall> Connected to 127.0.0.1.
<rsmarshall> Escape character is '^]'.
<rsmarshall> 500 OOPS: vsftpd: both local and anonymous access disabled!
<rsmarshall> Connection closed by foreign host.
<rsmarshall> can't connect at all
<rsmarshall> must be some port issue
<rsmarshall> but can't work it out
<tmwsiy> 500 OOPS: vsftpd: both local and anonymous access disabled!
<tmwsiy> that is your answer
<rsmarshall> yeah but i want to connect externally
<tmwsiy> well the telnet thing is just to test the port connectivity
<tmwsiy> you can try the same thing from a remote host
<rsmarshall> trying now with local on
<rsmarshall> and it's just hanging
<rsmarshall> Trying 127.0.0.1...
<rsmarshall> Connected to 127.0.0.1.
<rsmarshall> Escape character is '^]'.
<rsmarshall> 220 (vsFTPd 2.3.5)
<rsmarshall> then stops
<tmwsiy> that is correct
<tmwsiy> its working
<tmwsiy> its waiting for a command
<rsmarshall>  right, but it doesn't tell me much
<rsmarshall> in the sense i'm not sure what to do enxt
<rsmarshall> next
<bekks> rsmarshall: start a ftp client and try connecting from another machine.
<tmwsiy> you can test like this too: wget --user=user --password='myPassword' ftp://yourserver
<rsmarshall> tried that, refuses connection
<tmwsiy> well a full path to a file on your server
<bekks> telnet ipofyourhost 21
<tmwsiy> bekks: that works
<rsmarshall> Trying 109.107.38.204...
<rsmarshall> Connected to cip-109-107-38-204.gb1.brightbox.com.
<rsmarshall> Escape character is '^]'.
<rsmarshall> Connection closed by foreign host.
<bekks> Then it isnt a ftp issue, but most likely a ftp client configuration issue.
<rsmarshall> ok
<rsmarshall> still no clue how to fix it :(
<bekks> then provide a screenshot of your client connection settings for that host (and omit the IP if it is an internet reachable host)
<tmwsiy> what happens when you try the wget method?
<rsmarshall> seems to work
<rsmarshall> all i did was install vsftpd, nothing none standard
<bekks> rsmarshall: "seems to work"? Does it work "yes/no"?
<rsmarshall> wget does
<bekks> then provide a screenshot of your client connection settings for that host (and omit the IP if it is an internet reachable host)
<rsmarshall> how do i get those connections?
<tmwsiy> what ftp client are you using?
<bekks> Well, what are you typing into your client to connect to your server?
<rsmarshall> ftp client to connect? filezilla and ftp from command line
<bekks> Then what are your filezilla connection options?
<rsmarshall> normal ftp, user and pass, port
<rsmarshall> command line is just ftp ip
<rsmarshall> should then ask for username and password
<bekks> rsmarshall: Screenshot.
<bekks> rsmarshall: I am not going to ask for a 4th time.
<rsmarshall> https://www.dropbox.com/s/wz8s3a8efryqwfl/Screen%20Shot%202014-04-10%20at%2018.07.30.png
<rsmarshall> ah hang on
<rsmarshall> https://www.dropbox.com/s/4u7bw8wp5mczvpz/Screen%20Shot%202014-04-10%20at%2018.08.37.png
<bekks> rsmarshall: Host "4" is an invalid IP.
<rsmarshall> yeah i removed the ip
<rsmarshall> and when taking a screenshot it ended up in there when i mispressed a key
<bekks> AH :)
<rsmarshall> on a mac it's command shift 4 lol
<rsmarshall> i just want to go home lol :(
<tmwsiy> so what happens with this?
<rsmarshall> refuses connection
<tmwsiy> and this is the machine that you can successfully use wget from?
<rsmarshall> yeah
<tmwsiy> weird
<bekks> rsmarshall: Can you screenshot the other connection options tabs please?
<bekks> rsmarshall: And can you ensure you are not using any form of proxy in filezilla?
<rsmarshall> i'm not, thing is command line ftp doesn't work either from my machine to the server
<bekks> thats why I am talking about filezilla.
<tmwsiy> wget is a commadn line ftp client :)
<rsmarshall> https://www.dropbox.com/s/3ia0h3iewf5oomc/Screen%20Shot%202014-04-10%20at%2018.15.02.png
<rsmarshall> oh hang on
<rsmarshall> wget was from the wrong tab lol
<rsmarshall> that was on the machine itself
<rsmarshall> just tried from a local vm and it won't connect
<tmwsiy> then something other than the firewall on your machine is blocking it if you have run sudo ufw disable
<rsmarshall> yeah just not sure what
<tmwsiy> are you using the brightbox router/firewall service?
<rsmarshall> not that i know of
<tmwsiy> http://brightbox.com/docs/guides/cli/firewall/
<tmwsiy> dont know if that is your problem but it seems like something like this to me
<tmwsiy> either way I dont think ubuntu is your issue
<sync0pate> does anyone know a good way of indexing and searching files on a windows share?
<sync0pate> from a ubuntu server
<tmwsiy> sync0pate: locate?
<sync0pate> ?
<sync0pate> how would you get it to index a share?
<RoyK> just mount the share
<tmwsiy> http://www.linfo.org/locate.html
<sync0pate> and it'd automatically index it?
<tmwsiy> yep
<sync0pate> it's.. that easy?
<tmwsiy> should be :)
<tmwsiy> it runs once a day by default I believe
<RoyK> sync0pate: it normally runs at night, so better run updatedb after mounting
<sync0pate> well, I'll be simultaneously relieved and really pissed off if it's that simple
<RoyK> lol
<tmwsiy> sync0pate: the best solutions are often like that :)
<sync0pate> and.. I guess I can just search that mount with /samba/mount/*filename.ext
<sync0pate> or similar
<RoyK> man locate
<tmwsiy> you can just do an extra | grep /samba/mount on the end
<RoyK> it's got some filters, the rest can be done with grep/sed/awk
<sync0pate> yeah but tmwsiy I'm working with some huuuuge shares here
<sync0pate> so I don't want to have to find everything and then grep through it
<sync0pate> if I can avoid it
<tmwsiy> once it indexes it will be fast
<tmwsiy> does not read filesystem but the database it gerneates
<rsmarshall> it was the damn firewall
<tmwsiy> you can probably do it with a filter directly to locate
<sync0pate> yeah cool..
<tmwsiy> as well
<RoyK> sync0pate: --regex is nice
<sync0pate> RoyK, yeah just found that
<sync0pate> I think I've only ever used locate for "locate php.ini"
<sync0pate> heh
<RoyK> hehe
<sync0pate> (because I'm somehow *never* editing the right one..)
<rsmarshall> i broke it again tmwsiy
<rsmarshall> lol
<rsmarshall> switched off anon access and local and now i can't connect
<Geeky_Vin_> @tmsiy: IK followed this article http://unix.stackexchange.com/questions/92799/connecting-to-wifi-network-through-command-line and my WiFi is working now! Thak you!
<RoyK> sync0pate: I wrote this small thing to index everything in a tree with both filenames, dates and the files' checksums to check for duplicates - it should be easy to extend that to do a lot more https://github.com/rkarlsba/dupious
<Geeky_Vin_> @tmsiy: let me knw when u come to India, I'll buy u a pint.
<Geeky_Vin_> ;)
<sync0pate> RoyK,  perl :-|
<RoyK> perl <3
<sync0pate> never used it
<sync0pate> delphi, C, java, C#, php..
<RoyK> well, it's not hackish perl
<RoyK> I try to code so it's understandable
<sync0pate> yeah it doesn't look ridiculous
<sync0pate> I think locate will serve me fine for now tbf
<RoyK> probably
<sync0pate> any idea about indexing file *contents* ?
<sync0pate> I've looked at solr
<tmwsiy> Geeky_Vin: aawesome!
<RoyK> afaik solr is one of the best there
<sync0pate> I got it set up, and added a file
<sync0pate> but I can't see any way to just index a dir
<RoyK> we use it rather a lot at work
<sync0pate> other than doing that manually
<sync0pate> I mean I kinda gave up because I'm not being paid for that part, it was just curiosity and I had real work to do
<RoyK> you can run an index update IIRC, but there are som bugs there :P
 * RoyK doesn't work with solr, but has spoken to people at work who do
<sync0pate> but man, finding solr documentation is difficult
<sync0pate> and when you find it it's seriously obfuscated, and seemingly 90% version-specific
<RoyK> heh - hope it's not in the land of RTFS
<rsmarshall> now i have 500 OOPS: vsftpd: both local and anonymous access disabled!
<tmwsiy> sync0pate: I would not discount just piping the output through grep until you try it for directory filtering
<RoyK> rsmarshall: why do you use ftp?
<rsmarshall> i don't want to lol
<rsmarshall> some legacy system a client has for sending data files to the server
<rsmarshall> for products
<rsmarshall> i asked for sftp and keys, but no
<rsmarshall> feel my pain RoyK ;)
<RoyK> know it already :P
<rsmarshall> should i turn chroot user on?
<rsmarshall> to restrict them to their home directory? seems a good option
<RoyK> tell them to use tftp over the open internet instead :P
<RoyK> you can configure vsftpd with chrooting
<RoyK> should be fairly secure
<tmwsiy> as secure as ftp with plain text auth can be :P
<RoyK> but then - vsftpd sucks rather badly at TLS, so the passwords will be sent in cleartext
<rsmarshall> hmm tirned it on and now it sends them to the server root
<RoyK> some issues with proftpd on that part as well, with certain clients
<rsmarshall> how do i restrict them to their home? chroot_local_user seems to do that
<rsmarshall> but it doesn't
<bekks> then you did not setup it correctly.
<bekks> For me, it does.
<rsmarshall> yeah figured that ;)
<funcoland11> hey guys can anyone tell me why i can download packages off of the ubuntu archive from a server but if i browse to them directly i can't see them? i only see like Release.gpg, release, packages.gz ?
<rsmarshall> i just turned on the option
<funcoland11> i'm talking about if i go to the archive with my web browser
<rsmarshall> bekks: how do i set the chroot directory for the user?
<funcoland11> i guess that's just the way apache is configured so the package listing doesn't work via web browser?
<RoyK> rsmarshall: normally that's the user's homedir
<rsmarshall> doesn't seem to be atm
<sarnold> funcoland11: look in the pool/ directory
<bekks> rsmarshall: https://help.ubuntu.com/community/vsftpd
<sync0pate> what format does the regexp have to be in for locate --regex?
<RoyK> sync0pate: I guess standard posix regex - not perl regex
<sync0pate> that's what I guessed, can't seem to get it working. hmm.
<rsmarshall> bekks i have : # 1. All users are jailed by default:
<rsmarshall> chroot_local_user=YES
<rsmarshall> chroot_list_enable=NO
<funcoland11> sarnold: ahh i see packages now. so i guess those files like packages.gz only reference the packages under this pool/ dir?
<rsmarshall> ah
<rsmarshall> seems filezilla was remembering a previous connection and showing me a folder even though i didn't have access
<rsmarshall> right that's it, i'm off home
<rsmarshall> thanks all for your help, especially bekks and tmwsiy for their patience
<RoyK> sync0pate: same here - seems the regex there is rather faulty
<sarnold> funcoland11: exactly
<RoyK> sync0pate: just what I tried to produce with locate
<sync0pate> yeah.. weird
<RoyK> http://paste.ubuntu.com/7231754/ <-- anyone that knows what's wrong with this regex? or is mlocate broken?
<delinquentme> so I've changed my keyboard shortcuts 3 times now ... and on rebooting .. they continually are getting erased ... what should I fix here?
<RoyK> delinquentme: keyboard shortcuts? on a server?
<sarnold> RoyK: hrm, on my saucy laptop I get different output http://paste.ubuntu.com/7231782/
<delinquentme> I know RoyK however I've asked 3 times and people in #ubuntu are useless
<RoyK> delinquentme: this is about server stuff ;)
<RoyK> sarnold: which version?
<delinquentme> Ok so where are profiles for a user saved ?
<sarnold> RoyK: 0.26-1ubuntu1
<lazyPower> Does the ceilometer openstack charm spin up a HTTP instance by default with the administrative gui?
<sync0pate> RoyK, does locate not index the  /home dirs?
<RoyK> sarnold: which distro version is this?
<sync0pate> mine seems not to be..
<lazyPower> i've never tried to manage openstack outside of just using the horizon dashboard, so i'm really unfamiliar with the landscape.
<sarnold> delinquentme: ~/.profile ? what are you trying to do?
<RoyK> sync0pate: did you run updatedb as root?
<sync0pate> no.. should I?
<sarnold> RoyK: 13.10, saucy
<RoyK> ah
<sync0pate> I ran it as the user who's home dir isn't being indexed though..
<RoyK> I'm on 12.04 on this box
<RoyK> sync0pate: don't know - sorry
<sync0pate> I'm on 13.10 too though.. I get the same as you RoyK
<RoyK> sync0pate: do you have anything in those tmp dirs like /var/tmp?
<RoyK> just came to me I ran this on a RHEL box with a far older locate version :P
<sync0pate> yeah
<sarnold> RoyK: ahhhhhh :)
<sarnold> i just got a 12.04 vm spun up and tested and it seemed to work fine too
<sync0pate> so I'm running updatedb again
<RoyK> ok :)
<sync0pate> as root
<sync0pate> so maybe that's what was wrong, we'll see
<sync0pate> takes a while huh!
<delinquentme> is there a specific channel on freenode for ubuntu dev?
<delinquentme> sarnold, apparently this is a OS-wide bug.
<RoyK> #ubuntu-dev
<delinquentme> its empty
<RoyK> hm
<sync0pate> ok it seems to be working on other dirs now, just the home dir, which I don't really need anyway
<sync0pate> thanks :)
<sarnold> there's an #ubuntu-devel but I suspect they'll ask you the same questions -- what is a keyboard shortcut? how are you setting it? how does it not work? ..
<RoyK> sync0pate: #ubuntu-devel
<sync0pate> ?
<RoyK> sorry - that was for delinquentme
<RoyK> delinquentme: see above
<RoyK> sarnold: touched /var/tmp/asdf and did an updatedb and it worked well
<sarnold> RoyK: woo :)
<RoyK> seems the old mlocate in RHEL6 is broken
<patdk-wk> I always uninstall mlocate, no need for it to use up disk i/o on my servers
<RoyK> wonder how RH survives - late with critical fixes and lots of crap
<sync0pate> ok weird question but
<sync0pate> I've occasionally encountered resistance to using ubuntu as a server
<sync0pate> from clients
<sync0pate> but I can never get a straight answer as to why
<sync0pate> any ideas?
<RoyK> they've probably learned from marketing that ubuntu is a hack
<sync0pate> from marketing?
<RoyK> from the FUD guys
<sync0pate> from ubuntu's marketing? :)
<RoyK> but still, in risk of getting kicked out from here, I've turned back to Debian because of issues not being fixed. Seems to me the move to upstart wasn't the best of things
<sync0pate> ugh, that's the one thing I've had trouble with actually
<sync0pate> on one of my vps upstart just stopped working
<RoyK> bingo
<sync0pate> no idea why
<RoyK> so - I went back to debian - it just works
<RoyK> I still use ubuntu for desktop things, though
<sync0pate> I still occasionally have to use windows :(
<RoyK> so do I, at gunpoint
<sync0pate> it feels like living in the past
<sync0pate> luckily our government has paid so much to microsoft to continue supporting xp
<sync0pate> :'(
<RoyK> sync0pate: "our government" as in "Murrica"? ;)
<sync0pate> no, I'm in the UK
<RoyK> k
<RoyK> it's hardly any better here (in .no)
<xibalba> anyone here using btsync?
<tcstar> i have a web log that is of type "combined"...  i know i can use https://gist.github.com/tcstar/51eabdfe21c88be0a6dc to get the results listed...  but how can i modify that to get the actual browser name?
<tcstar> and maybe by version of that browser too
<tcstar>      1 Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11A465 [FBAN/FBIOS;FBAV/6.7.2;FBBV/603804;FBDV/iPhone5,2;FBMD/iPhone;FBSN/iPhone OS;FBSV/7.0;FBSS/2; FBCR/Verizon;FBID/phone;FBLC/en_US;FBOP/5]
<s3ri0us> hey guys for all static sites does would I be looking at RAM or CPU for best benefits?
<tgm4883> rbasak, might you be able to give the Mythbuntu team (me) a pointer on why the default Apache2 website in 14.04 makes mythweb unavailable?
<tgm4883> (daviey made me do it)
<xibalba> s3ri0us, you serious?
<sync0pate> so, still having trouble with locate
<sync0pate> locate -r '/var/web/.*'
<sync0pate> works
<sync0pate> but
<sync0pate> locate -r '(/var/web|/home/user).*'
<sync0pate> doesn't
<monokrome> Hey. I have a number of Ubuntu server machines, and after `apt-get update && apt-get upgrade && reboot` followed by `apt-get update && apt-get dist-upgrade` - I seem to still be running openssl version 1.0.1e
<monokrome> Is there not a version of OpenSSL that isn't affected by heartbleed in Ubuntu yet?
<TJ-> The updates have been published; check that the installed versions are still supported by security upgrades, and that the APT mirror those systems uses isn't out-of-sync with the primary repos
<mdeslaur> monokrome: you should have version 1.0.1e-3ubuntu1.2 of the packages
<monokrome> mdeslaur: It says OpenSSL 1.0.1e 11 Feb 2013
<mdeslaur> monokrome: where does it say that?
<monokrome> Did Ubuntu backport the fixes?
<monokrome> $ openssl version
<mdeslaur> monokrome: yes, we backported the fixes
<monokrome> oic
<mdeslaur> monokrome: use "openssl version -b"
<monokrome> built on: Mon Apr  7 20:33:19 UTC 2014
<mdeslaur> monokrome: congrats, you are secure
<monokrome> WHy would someone backport the fixes instead of just updating OpenSSL? If there's enough room for error in the portion of code affected by this, then why would it be a realistic solution to backport more changes into it instead of updating to the original fixed version?
<monokrome> I realize why Ubuntu changes packages, but this seems like a place where that wouldn't be wanted
<mdeslaur> monokrome: because the new version of packages introduce new bugs and incompatible changes
<mdeslaur> monokrome: testing a 4 line patch is pretty easy, testing a whole new version can take days/weeks
<mdeslaur> monokrome: believe me, if simply updating to the latest upstream were a viable solution for packages, it's what all the distros would do
<monokrome> mdeslaur: I see
<monokrome> That surely makes sense, but still a bit concerning.
<pmatulis> the new apt in trusty is refreshing
#ubuntu-server 2014-04-11
<mwhudson> if you've just deployed an openstack for testing purposes, is there some easy way to get some images into glance?
<adam_g> mwhudson, grab the *-amd64.img or *-i386.img from http://cloud-images.ubuntu.com/trusty/current/
<adam_g> mwhudson, install python-glanceclient, source your OS credentials and run: glance image-create --name trusty --disk-format ami --container-format ami --is-public True --file $path_to_img
<mwhudson> adam_g: is there some cli tool for doing that?
<mwhudson> ah ok
<adam_g> mwhudson, https://launchpad.net/simplestreams is a project that provides the ability to pull ubuntu images and sync to your glance server automatically
<mwhudson> oh right
<mwhudson> i think i even knew that, somewhere...
<semiosis> sarnold: ping?
<sarnold> hey semiosis
<sarnold> semiosis: ah, very nice bugzilla bug. Thanks :)
<arrith> is there a standard way to have different 'views' of a directory, basically excluding certain files and directories? this is to provide different virtual machines guests different files, some of them shared
<sarnold> arrith: not easily; check out the 'shared subtrees' support in the linux kernel
<sarnold> arrith: Documentation/filesystems/sharedsubtree.txt
<arrith> sarnold: ah neat thanks
<arrith> iirc i read about a feature like this somewhere, and i think it was something about some plan 9 9p file sharing protocol thing
<sarnold> arrith: very similar indeed; plan9 apparently used 'bind mounts' all over the place; you'll do something very similar here, mount --bind but with some 'unshare' stuff beforehand..
<sarnold> arrith: oh, hrm, you mean 9p specifically? maybe. I don't know enough about it. :(
<arrith> yeah unshare sounds great. i mean i figure there's probably a way to exclude with nfs but this is all on one machine, so that isn't as lightweight as i would prefer
<hallyn> in fact, the unshare syscall came about precisely for pam modules to be able to use CLONE_NEWNS to provide polyinstantiated directories for mls.
<hallyn> before that you had to clone.  which was useless in pam.
<hallyn> (polyinstantiated dirs being sort of what you want)
<arrith> ah that's a good search keyword
<arrith> i'm finding a lot about namespaces
<arrith> seems the most straightforward is maintaining links, bind mounts, or rofs-filtered
<arrith> http://askubuntu.com/questions/44925/how-can-i-create-a-filesystem-view-of-a-folder-that-excludes-certain-files
<lerra> Hi, I have a netinstall setup based on preseed and 12.04.4, a new laptop I have does not have it's nic present in debian installer. So i tested a 12.04.4 livecd and the nic comes up there so the kernel supports it. When I create my own alt 12.04.4 cd with the preseed on it it gives the same error that it cant find the nic but when I use the normal preseed it seams like the nic works but in a later stage of the instal
<rbasak> tgm4883: are you aware that Apache has moved its default directory to /var/www/html? Some changes in config files are accordingly needed.
<lordievader> Good morning
<joren> Hey, anyone happen to know how to get a dell r610 to pass the disks off to ubuntu for software raid? I've traid everything I can think of at this point...
<sheptard> what raid card
<joren> PERC 6/i? I thought I saw something saying it was part of the iDRAC6 stuff, I think it's just a random onboard card
<joren> but I'll try and dig up more details.
<joren> RAID CONTROLLER	 PERC 6i w/ 256MB BATTERY BACKED CACHE
<joren> actually, I guess if it's got the battery backup maybe I want to use the perc
<rabbel> Hey guys. Did anyone ever tried to run an ssh tunnel (reverse) into the background?
<rabbel> If I try it, my tunnel keeps disconnecting immediately
<rabbel> If I run it in the foreground, it just stays there and does not disconnect...
<joren> rabbel, can you just stick it in a screen?
<rabbel> joren: is that the only solution?
<joren> probably not, but it's not something I've tried.
<tiblock> Hi. I have debian's init script, will it work in ubuntu?
<lordievader> tiblock: Yes. At least the scripts I wrote do :)
<tiblock> lordievader, thank you
<RoyK> rabbel: I run them in the background
<hadifarnoud> I see some services were not affected by heartbleed bug. is it just because of OpenSSL version, or they use an alternative (if there is any)?
<bekks> hadifarnoud: All libssl version unaffected and services using them arent affected.
<hadifarnoud> bekks: so libssl is the alternative
<bekks> hadifarnoud: No. libssl is part of openssl.
<bekks> hadifarnoud: And the libssl component is/was affected.
<bekks> !sslbug | hadifarnoud
<ubottu> hadifarnoud: A fix for the recent OpenSSL vulnerabilities (2014-0076 & 0160) has been pushed to the Ubuntu repositories, see http://www.ubuntu.com/usn/usn-2165-1/ and http://heartbleed.com/ for more information.
<Patrickdk> hadifarnoud, curl wasn't affected
<Patrickdk> hadifarnoud, and the *issue* is not limited to services
<hadifarnoud> Patrickdk: did not know that.
<Patrickdk> wget is affected
<Patrickdk> php is affected
<Patrickdk> any client or server that uses ssl/tls, is affected
<hadifarnoud> Patrickdk: all VPNs. shit, that's huge
<Patrickdk> if your browser uses openssl, and connects to a server, that server could compromise you
<Patrickdk> not all vpn's
<Patrickdk> it's limited to ssl/tls vpn's
<mardraum> not even most vpns, heh
<Patrickdk> ipsec is not compromised, pptp is not
<Patrickdk> ppp I mean
<hadifarnoud> Patrickdk: openvpn is I guess
<Patrickdk> yes
 * Patrickdk doesn't know any browsers that use openssl though
<hadifarnoud> Patrickdk: IE probably :D
<hadifarnoud> I did upgrade all packages. version is still 1.0.1 but hopefully it has patched
<Patrickdk> dpkg -l | grep libssl
<Patrickdk> then compare that version with the openssl entry from
<Patrickdk> !usn
<ubottu> usn is Please see http://www.ubuntu.com/usn for information about Ubuntu security updates.
<hadifarnoud> ubottu: I do have affected version (1.0.1-4ubuntu5) but apt update&upgrade says nothing to update
<ubottu> hadifarnoud: I am only a bot, please don't think I'm intelligent :)
<hadifarnoud> nevermind. I have the patch.
<moparisthebest> how can I add another ipv6 address to a running machine?
<moparisthebest> I added a 'iface eth0:1 inet6 static' block in /etc/network/interfaces and ran /etc/init.d/networking restart
<moparisthebest> but that didn't do it
<rbasak> Don't restart networking. That can break things (eg. in Trusty).
<rbasak> ifdown the interfaces you want to change, edit /etc/network/interfaces, then ifup the interfaces you changed.
<rbasak> I'm not sure if this is the cause of your problem or not.
<rbasak> (I hope it's self-evident that ifdown will disconnect you if you run it over the interface you're taking down)
<moparisthebest> yea it's on a remote machine with only one interface, so I can't really do that :/
<moparisthebest> this is 12.04 Precise btw, if that matters
<zul> coreycb: glance rc2 should be out today (hopefully) do you want to handle it? ill handle swift rc2 if its out today
<coreycb> zul, sure sounds good
<jamespage> clre
<jamespage> coreycb, zul: https://code.launchpad.net/~james-page/swift/fixup-upgrades/+merge/215423
<jamespage> zul, that can go with the swift rc2 imho
<jamespage> but lets get it pushed into the lab so we can test it
<zul> jamespage:  done...merged it as well
<zul> jamespage:  wait...hold on...my tarmac is broken...gimme a sec
<coreycb> jamespage, +1 thanks!
<jamespage> coreycb, that appears to be my achilles heal this cycle
<jamespage> coreycb, got one wrong in neutron yesterday as well
<tgm4883> rbasak, yea we noticed that, but wouldn't a different site still be in a different folder under /var/www (eg. /var/www/mythweb ) ?
<rbasak> tgm4883: I can only guess here. Can you tell me what exactly is broken?
<tgm4883> rbasak, just a sec, I just woke up and am reading backlog from last night. superm1 may have fixed it late last night
<tgm4883> rbasak, I can't get him now, but looking at his comments and his commit it looks like it's fixed. Thanks for looking, sorry to bother you
<rbasak> tgm4883: np
<DevilsOwn> Hello! How are ya'll
<rabbel> 12:42:50 < RoyK> rabbel: I run them in the background > I managed to do it, with -N and -f :-)
<DevilsOwn> How do you guys have a GUI during install and none after install?
<patdk-wk> no
<patdk-wk> there is no gui
<jibel> could anyone have a look at bug 1306575 found during an upgrade test from Precise to Trusty ?
<uvirtbot> Launchpad bug 1306575 in nova "package nova-common 1:2014.1~rc2-0ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [High,New] https://launchpad.net/bugs/1306575
<jibel> the base system was Precise amd64 + all the package in main
<DevilsOwn> How do you guys have a GUI during install and none after install
<patdk-wk> there is no gui
<verdeP> how do I create a named fifo pipe? like say I have some program that constantly outputs stuff to stdout and I want to pipe it to some command that will take that output and make a file in /tmp/fifopipe that I can access that stream from, so I can use it as a file name for daemons etc...but the file is just an access point to the pipe, like it doesn't grow in size
<DevilsOwn> but I can use the mouse and see colors and logos during the boot process for the first time... what is that then?
<Pici> verdeP: have you looked at the mkfifo manpage?
<patdk-wk> DevilsOwn, in what version?
<patdk-wk> I didn't see that at all even in trusty
<verdeP> Pici: ah looking now ^^
<DevilsOwn> Ubuntu Server 11.04 onwards
<patdk-wk> hmm, not in my trusty iso's
<patdk-wk> pici, you mean mknod?
<DevilsOwn> trusty as-in which numerical version?
<patdk-wk> 14.04
<patdk-wk> and I know there isn't a gui in 12.04, installed that millinos of times
<RoyK> rabbel: mhm
<DevilsOwn> aah... but every server version from 11 through 12 that I have used has the GUI during install with a purple background and message boxes and choose what to install questions?
<patdk-wk> that isn't a gui, that is ncurses
<DevilsOwn> aha completely ncurses?
<Pici> patdk-wk: I didn't, but that should work just as well. They look to have very similar arguments.
<DevilsOwn> does ncurses let'cha use the mouse?
<patdk-wk> no
<rbasak> Is it ncurses, or whiptail+newt? Anyway, same concept.
<patdk-wk> gpm would
<rbasak> There is some mouse support in terminals. I've seen an urwid-based package use it.
<rbasak> No idea about the current installer.
<verdeP> oh mknod looks nice as I can buffer it a bit, which could be really useful as this will be for streaming audio
<DevilsOwn> and is it a custom made installer?
<rbasak> It's based on Debian's installer.
<DevilsOwn> cool! thanks guys! tata for now!
<verdeP> meh :( the command I pipe to it just says broken pipe /:
<verdeP> I tried like command | mkfifo somename, then I also tried mkfifo somename then command | somename
<verdeP> the docs are really sparse for both mkfifo and mknod btw xD
<verdeP> and they don't explain the [Major][Minor] arguments either for mknod
<verdeP> could I use >> to my named fifo? o.o
<patdk-wk> major/minor aren't use for pipe
<verdeP> odd if I go tail myfifo for e.g., it causes the program that I'm >> from to start, but as soon as I stop accessing that file, the program says broken pipe
<verdeP> so like something has to be reading the pipe for it to use it?
<patdk-wk> did you read the man page
<verdeP> yes I know they are for block device
<verdeP> and yes I did
<patdk-wk> minor/major MUST NOT be used when using type p FIFO
<verdeP> I know
<verdeP> wtf
<patdk-wk> tht isn't how you use a pipe
<patdk-wk> | pipes to a program
<patdk-wk> you need to use >
<patdk-wk> mkfifo somename; command > somename
<verdeP> how do I make the command think the pipe is always being accessed? cause I just tried with a single > and it does the same thing
<patdk-wk> it can't
<patdk-wk> it's a fifo
<patdk-wk> first in, first out
<patdk-wk> you can't put more in, tillyou take some out
<patdk-wk> if you wanted it to think it was always being dumped, use /dev/null
<verdeP> if I send it to /dev/null, can I still sample the output with another program at the same time?
<zul> coreycb/jamespage: ok glance uploaded to saucy-proposed
<verdeP> or transparently switch to another program taking the output and back to /dev/null when it doesn't need it, so the original command always keeps sending
<jamespage> zul, saucy?
<zul> jamespage:  yep
<zul> jamespage: 2012.2.3
<verdeP> I mean the program does give me the option to write out just as a file, but that file will get really huge, if I could just keep deleting part of the file...idk /: not sure the best way to handle this
<verdeP> its all live streaming stuff
<jamespage> zul, okies
<verdeP> and I don't want to record more than whats needed for buffer
<jamespage> zul, Daviey was wanting for something todo earlier so I pointed him at you previous uploads :-)
<zul> jamespage:  cool...thanks...yeah unemployment must suck ;)
<verdeP> hmm I still see a way to do it, I'll just add the named fifo to my ffmpeg server config, then only start the server after I use command >, thanks patdk-wk and Pici
<moparisthebest> I added a file /etc/init/deluged.conf
<moparisthebest> and made a symlink /etc/init.d/deluged -> /lib/init/upstart-job
<moparisthebest> however, everytime I do anything with it, it says 'start: unrecognized service'
<moparisthebest> do I need to do something else? never added an upstart job before
<baggar11> Anyone have a good PPA on 12.04 for Libvirt backports?
<bekks> baggar11: There are quite a few: https://www.google.de/search?client=ubuntu&channel=fs&q=ubuntu+precise+ppa+libvirt
<baggar11> bekks: You have experience with any?
<bekks> baggar11: No. I am using vbox since ages.
<baggar11> bekks: libvirt supports vbox too :)
<bekks> It wants to. All vital functions are unsupported or buggy.
<bekks> Thats why I am not using it, since I dont need another layer between me and vbox when scripting vbox using VBoxManage, which works remotely, as well.
<DevilsOwn> how do the devs create the ISO for Ubuntu Server?
<jrwren> afaik, they don't. some automated system does it.
<DevilsOwn> I have a heavily customized version of the server with asterisk configured, how do I convert it into an ISO?
<DevilsOwn> I have a heavily customized version of the server with asterisk configured, how do I convert it into an ISO?
<jrwren> http://askubuntu.com/questions/83617/can-i-build-a-ubuntu-iso-from-a-manifest
<jrwren> DevilsOwn: ^^
<DevilsOwn> thanks mate le'mme check that... appreciate it
<DevilsOwn> If I customize the LiveCD will it be persistent also?
<jrwren> anyone every use iptables match-set ?  it seems to not be matching for me.
<jrwren> ah, src,dst is and not or.  ipset & iptables match-set works
<jdstrand> zul: fyi, commented in the heat MIR
<zul> jdstrand:  cool thanks
<Havenstance> trying to install grub on a system with a RAID1 config it fails every time. says nothing but executing "grub-install /dev/sdb' failed this is a fatal error
<Havenstance> 13.10 server
<Havenstance> do i have to do a separate boot partition outside of the Software RAID1?
<zul> jamespage: when you get a chance can you have a look at some heat fixes based on the MIR review https://code.launchpad.net/~zulcss/heat/heat-mir/+merge/215494
<smoser> roaksoax, have you (or will you) uploaded maas ?
<rostam> hi I am using 12.04 LTS and running tftp-ha on my ubuntu box. How could I enable the log messages on tftp-hpa? thx
<GrueMaster> Has anyone actually tested the trusty daily amd64 server image on an actual server?  Partman had no clue as to the 120GB sata drive in my Intel servers (I tried a few different off-the-shelf systems).  Saucy found them just fine (even if it did install grub to the usb flash drive used for image installation).
<GrueMaster> I'd file a bug, but since this was a failed install, I don't have any (wouldn't know what to file on anyways - always get the wrong packages).
<GrueMaster> *any log files (ment to say).
<sarnold> GrueMaster: I'd try filing against debian-installer, lacking any better ideas..
<sarnold> GrueMaster: if the desktop installer also fails, that's the ubiquity installer
<GrueMaster> I understand that.  My main issues (aside from the obvious bugs) is that my bug reports, no matter how detailed, almost always get rejected without logs.  Kind of frustrated witht he whole bug filing process (still).
<GrueMaster> If I get a chance next week, I'll try to get a screen capture and file one.
<sarnold> GrueMaster: completely understood
<sarnold> GrueMaster: can you fire up another console while running the installer to run the ubuntu-bug command? it may be able to capture some logs
<GrueMaster> I'll see if I can.  It will be a little while, as I am busy with something else atm.  (more "gotta have this now" crap).  :P
<sarnold> GrueMaster: man it's too nice a friday afternoon for -that- :(
<GrueMaster> I'm hoping to finish by 4, tee off at 5.
<sarnold> wooooo
<hallyn> smb: i rudely subscribed you to bug 1218959.  IIUC backporting those two commits to every post-3.5 kernel would fix the bug.  (and be much better than working around it with a udev script, since udev script will miss custom-made bridges)
<uvirtbot> Launchpad bug 1218959 in libvirt "KVM virbr# no longer forwards multicast traffic by default (U12.04)" [High,Confirmed] https://launchpad.net/bugs/1218959
<Kihokki> I'm going to give ssh access to few users but how do I prevent them browsing each others homedirs? Just chmod?
<sarnold> Kihokki: that's probably the easiest approach
<Kihokki> sarnold: chmod 0750 fits for this purpose?
<sarnold> Kihokki: assuming your users do not share groups, yes
<Kihokki> sarnold: thanks, I'll try this
#ubuntu-server 2014-04-12
<rostam> HI I have a ubuntu system with two network interface, eth0 connected to cloud, eth1 connected to private network with  IP address 169.254.0.1. From devices connected to eth1 I like to access outside world through eth0. What should i do? thx
<sarnold> rostam: look for "masquerade howto" or "nat howto" -- you'll need to configure your system as a Network Address Translation firewall
<rostam> sarnold,  thanks
<matkam111> Hey I was wondering if anyone knew what log I could look at  to see whats changing permissions on a file
<matkam111> Essentially something is changing them perms on a few of my files almost immediately after i modify them to what I need
<hallyn> matkam111: if they are devices then it's probably udev.  but there's no central log.  you might try pyinotify.
<matkam111> hallyn: you may no about this. I'm trying to setup a foreman smart proxy to prevision a device but it seems puppet (or something else) is constantly changing certain file perms that foreman requires
<matkam111> know*
<hallyn> sorry, fraid i don't, but now that you've mentioned puppet chances are someone will come by who does
 * hallyn out
<coalbe> hello all! could someone direct me on how to enable or fix unicode? seeing a tone of strange chars when using tmux
<lordievader> Good morning.
<cfhowlett> lordievader morning?  no ... but greetings, anyway.
<lordievader> Hey cfhowlett, how are you?
<cfhowlett> lordievader no complaints here :)
<lordievader> :)
<bjensen82> how do I regenerate conf files for exim4? I tried removing and reinstalling the package without any luck
<mega2> how do i increase the partition in server 10.04
<dcosnet> parted
<lordievader> mega2: For the root partition you need to boot a live-cd.
<mega2> have usb
<mega2> used gparted but lvm is locked and wont let me resize
<bekks> mega2: Then disable swap, and it will be unlocked.
<mega2> can i do that in gparted
<lordievader> LVM support live extends :D
<bekks> mega2: Yes.
<mega2> ok thanks
<bekks> lordievader: If it isnt locked, yes. ;)
<bekks> If the volume isnt locked, to be specific.
<lordievader> bekks: Guess I havend faced a locked volume yet ;)
<mega2> there is a key simble next to it
<bekks> lordievader: Then try to operate on an active swap volume ;)
<mega2> i have colned my server to a bigger hd
<lordievader> Nah, I'd rather not.
<bjensen82>  where can I find a guide for setting up exim4 with a smart host?  Im using mandrillapp
 * RoyK just uses postfix - can't beleive why exim is standard
<FrEaKmAn_> hi all.. if I have an app which stores data.. where should I store data? what is best practice? /var, /home ?
<rbasak> FrEaKmAn_: what sort of data, and what sort of app?
<rbasak> FrEaKmAn_: http://www.pathname.com/fhs/pub/fhs-2.3.html is best practice.
<rbasak> Probably not /home as it's a system wide thing.
<rbasak> I use /var/local for stuff I've installed in /usr/local or otherwise configured directly myself, but I don't see that in the standard.
<rbasak>  /srv for data served by the system.
<paradisee_> o/
<paradisee_> hello everyone, im trying to remove postfix on kubuntu 13.10, but it doesn't let me do it..any tip?
<rbasak> !details|paradisee_
<ubottu> paradisee_: Please elaborate; your question or issue may not seem clear or detailed enough for people to help you. Please give more detailed information, errors, steps, and possibly configuration files (use the !pastebin to avoid flooding the channel)
<paradisee_> sudo apt-get remove postfix
<paradisee_> it says: interrupted
<paradisee_> http://dpaste.com/
<paradisee_> http://dpaste.com/1777472/
<_1_mindfire2> hallo :)
<SysTom> Hi, I changed the IP on an Ubuntu server, and now I'm seeing "Host x.x.x.x is not allowed to connect to MySQL server"
<SysTom> (the x.x.x.x being the local IP)
<SysTom> Grants are assigned to the localhost
<SysTom> What obviously step am I missing to fix this?
<SysTom> *obvious
<sheptard> are you talking to mysqld on localhost or the internal ip
<SysTom> meh
<SysTom> just changed it to 127.0.0.1
<SysTom> and now it's working, I guess that makes sesne
<SysTom> It wasn't set to that before though, hey-ho.
#ubuntu-server 2014-04-13
<stoned> hi
<stoned> how do you enable TLS 1.2 for apache in 10.04 LTS
<stoned> Lucid
<bekks> stoned: Like this e.g.: http://blog.joefallon.net/2010/08/configure-tls-and-ssl-in-ubuntu-10-04-lts/
<stoned> thanks
<stoned> aptitude install openssl
<stoned> ok
<stoned> well see, this is where the problem lies.
<stoned> The packages are too old.
<stoned> I should have asked a different question
<stoned> hang on let me rephrase my question
<stoned> I am on ubuntu Lucid server LTS. I am on the distro's latest apache httpd w/ mod ssl and the distro's openssl and openssh packges.
<stoned> They don't provide TLS 1.2 but only TLS 1.0
<stoned> I need to get openssl (latest patched version I suppose) in order to tet the TLS 1.2 extentions
<stoned> So I am looking for open ssl and open ssh server/client packeages (possibly backported)
<stoned> I am on open ssl 0.9.8k
<stoned> I need a newer updated version as well as I need openssh 5.7+
<bekks> !sslbug | stoned
<ubottu> stoned: A fix for the recent OpenSSL vulnerabilities (2014-0076 & 0160) has been pushed to the Ubuntu repositories, see http://www.ubuntu.com/usn/usn-2165-1/ and http://heartbleed.com/ for more information.
<bekks> Write less, read more :)
<stoned> 0.9.8k is not affected by heartbleed.
<stoned> Also, I am aware that the bugfixes have been pushed out.
<stoned> since Lucid has only 0.9.8k which is not affected by heartbleed, there is no updated openssl for Lucid.
<bekks> you already said that.
<stoned> How about you don't say inflammatory things to people.
<stoned> bekks, alright, find me the latest openssh and openssl packages for lucid
<stoned> I need openssh 5.7+ for lucid
<bekks> Uh, you think someone providing informtion is inflammatory. Let's see how inflammator someone is who doesnt speak with you anymore.
<stoned> yak yak yak
<stoned> worst come to worst I'll build from source myself
<stoned> :)
<stoned> <- former DD who is stuck managing an ubuntu server for someone
<stoned> I wouldn't touch ubuntu w/ a 100 foot pole
<stoned> absolute garbage distro.
<stoned> I was just hoping someone has already backported it
<stoned> if not no big deal, be built in a little while.
<stoned> lol, I'm looking for packages and he's telling me a link to how to setup it up, hahaha. Brilliant. Classic example of the oh-so-wonderful Ubuntu support.
<stoned> Spot on.
<bekks> classic example of the ranting troll in ubuntu. ignore set.
<stoned> lol, a debian dev a troll.
<stoned> Hahaha omg.
<stoned> you're THAT guy.
<stoned> :)
<stoned> Welcome to who you are.
<lordievader> Good morning.
<stetho> Morning all. I'm having trouble finding the answer to something I know is simple. I'm PXE booting precise/saucy with a preseed file. The machines get their name using DNS/DHCP and then wait for me to press return to carry on - everything else then carries on without intervention. Does anyone know the preseed command for "use the name you get from DHCP"?
<maveas> Anybody else having a problem with missing log files? Ie. /var/log/messages haven't been written to since monday the 7th of april on my server. Any ideas?
<mortrca> Dovecot seems to be crashing on me again and again. Every time I start it (service dovecot start) it appears to start normally, but if I check the status of the service, it says it isn't running. I have checked the log files for anything that might explain this, but there is nothing, absolutely nothing in the logs from Dovecot. Without any logs, I don't have any idea how to debug this. Does anyone have a suggestion?
<mortrca> Oh, and according to "doveadm log find", the log files do exist, so I don't think that's the problem. There just isn't anything to read in the logs
<bananapie> Sometimes I have to compile software for my servers. Should I be building packages even when I am only installing the software on one server?
<bekks> Sure
<lordievader> bananapie: If you want apt/dpkg to be able to track it, yes.
<bananapie> a while ago I was yelled at for using checkinstall to make packages for easier tracking. So that means I have to manually create the debian folder and all it's files each time ?
#ubuntu-server 2015-04-06
<ircfox> how do I change the default ssh port 22 to another?
<verdeP> edit the config file in /etc
<verdeP> i dont see the point though
<verdeP> then restart the service of course
<lordievader> Good morning.
<strikov> rbasak: \o/
<chanced> I'm setting up a home server for a file server and a dev box but I'm stumped with whether or not my DD-WRT should be the one to handle DNS / DHCP or if it should act as a pass-through to the server.
<teward> chanced: dd-wrt is your router that controls data flow to the internet and such?
<chanced> teward: yea
<teward> chanced: and this isn't behind a NAT interface in a VM, it's on an actual server connected to said router?
<chanced> baremetal to said router
<teward> it should be handling the DHCP then, unless you set static IP.  as for DNS, either the router can forward it out to the net or you can just let the data pass right outside, although if the server is going to be web facing i'd be careful letting it just pass right out to the net
<teward> if it's staying behind NAT/port forwarding then whether it reaches out for DNS to servers its set for or if it goes via your router, not sure if it matters
<chanced> it does, thanks
<teward> it does what, web facing, or...?
<chanced> matters
<chanced> i hadn't considered the concerns there; i was tempted to expose a number of the services but I'm second guessing that
<teward> mmm
<beanbag> I have a bdr solution from datto that uses a ubuntu 10.04 image but uses a 3.0.0 kernel
<beanbag> lsi has a sas driver for 3.0.0 kernel but it's for ubuntu 11
<beanbag> any reason it wouldn't work
<sarnold> beanbag: man, both ubuntu 11.04 and 11.10 have been unsupported for ages; is there any reason why you can't run ubuntu 12.04 LTS or 14.04 LTS?
<beanbag> yes
<beanbag> because that's what datto is using for their backup device os installer
<beanbag> im trying to get the lsi kernel module installed on the installer usb stick and when I try to insmod the .ko file I get invaLID MOdule
<beanbag> I wasn't sure if you needed something more than kernel version to match
<sarnold> modules need to be compiled for the exact kernel configuration / sources used; there's some slight amount of "fuzz" to it, but it's insanely picky. your best bets are either (a) compile the module yourself against the kernel you want to use (b) use the exact kernel that they used when they compiled the module..
<sarnold> note that ubuntu 10.04 will no longer be supported in a few weeks; it EOLs very soon..
<beanbag> I think once the system is installed they update with a newer image
<beanbag> I know how old and outdated it is
<beanbag> I guess you can't modprobe .ko files
<sarnold> insmod
<beanbag> so I can't test before I load the initrd
<beanbag> insmod
<beanbag> I mean
<beanbag> I tried on the defgault one and still got invalid module format
<beanbag> so that's not the issue
<beanbag> nm it is the issue
<beanbag> hmm
<beanbag> looks like the installer has a full os on it that can compile
<_1_Dre2> yow
#ubuntu-server 2015-04-07
<MrMurdok> For load balanced web servers can you set the PTR records the same for each?  Also, does this apply for virtual IPs?
<sarnold> what is a virtual ip?
<Patrickdk> one that starts with 256?
<MrMurdok> ok have a good day
<Patrickdk> not sure why they need a ptr at all
<Patrickdk> and now we never will know
<sarnold> man that's gonna drive me crazy :)
<kemmler> If I have a .deb that someone else created and is hosting on a custom repo, can I backport that without the .dsc or source files or am I going to need to recreate the package for the release I need?
<sarnold> it might work, but be careful of installing packages from unknown sources, they get to run pre and post install scripts as root.
<kemmler> Well I intend to go over everything very carefully before deploying. I'm just unsure about how to go about it because the toolchain is wrong so it simply won't install, i'll need to rebuild, and backportpackage seems to only want to use official repos
<tmontney> I'm having a problem.
<tmontney> I installed Ubuntu Server 14.04 from a flash drive, but it won't boot to the server without my flash drive.
<tmontney> It's as if I installed the server to the flash drive (from the flash drive), but I know I didn't.
<tmontney> Without my flash drive, all I get is a blinking underscore.
<tmontney> I've installed Ubuntu before with a flash drive, but never had this issue.
<bearface> tmontney: grub was probably installed to the flash drive
<tmontney> hm
<tmontney> how would I reinstall it?
<bearface> 'sudo grub-install /dev/sdX'  X being the correct disk.. you can do this when booted (using the usb stick to boot into the system)
<tmontney> Bah, now I have another problem before I can get to that.
<tmontney> Installed NFS, DHCP, and TFTP then restarted the server.
<tmontney> "Waiting for network configuration" is what I'm getting.
<tmontney> I know the issue is Interfaces related, but I can't get to edit it.
<tmontney> never mind it finally booted.
<tmontney> hm didn't see to wrok.
<tmontney> I have sda1 as EXT4 and sda5 as SWAP
<tmontney> I installed grub to SDA1
<tmontney> but got "File system ext2 doesn't support embedding"
<tmontney> and  "embedding is not possible grub can only be installed in this setup by using blocklists"
<lordievader> Good morning.
<tmontney> Still night time for me.
<lordievader> Installed grub to sda1? As in the partition rather than the disk?
<lordievader> tmontney: ^
<tmontney> It seems grub was installed to sdb
<tmontney> my flash drive
<tmontney> If my flash drive is unplugged, grub doesn't appear and nothing happens.
<OpenTokix> tmontney: boot on a livecd, and "repair" your ubuntu
<lordievader> tmontney: Don't install it to a partition, install it to the disk.
<tmontney> Right, I wasn't intending to do that. I usually install Ubuntu from a flash drive.
<tmontney> For whatever reason it installed incorrectly.
<tmontney> Alright I'll make a new livecd
<tmontney> Ugh, I'm just having problem after problem. Normally things go pretty smoothly.
<tmontney> I have two NICs, and they show up with ifconfig -a
<tmontney> but they're both down despite a link light
<tmontney> originally my PCI NIC was named p5p1, but I found a way to bring back the eth naming convention
<OpenTokix> tmontney: the p5p1 naming in persistent, ethX is not
<lordievader> ^ that, bios naming is actually quite nice.
<lordievader> No longer having to mess with udev rules to get the right name.
<OpenTokix> tmontney: Thats why they changed it - quite annoying, but unless  you have legacy scripts that use ethX naming, get used to it
<OpenTokix> lordievader: yes
<OpenTokix> lordievader: but when you have buggy scripts, it is quite annoying.
<OpenTokix> lordievader: I have a script that takes "First interface from ifconfig" ;)
<lordievader> Yeah, most things here still run with eth naming conventions.
<OpenTokix> lordievader: and for the pX naming, lo is the first - hehe
<tmontney> Well I already changed it thinking it'd solve my issue lol.
<tmontney> regardless neither one of my NICs think they're plugged in
<tmontney> no matter if they're auto or static
<OpenTokix> And you have firmware installed?
<tmontney> firmware?
<tmontney> did you mean software/drivers/packages?
<lordievader> tmontney: Don't they detect the cable or are they simply down?
<tmontney> my link light is on
<tmontney> ifconfig only shows lo
<tmontney> ifconfig -a shows eth0 eth1 and lo
<lordievader> tmontney: What does 'ip link' say?
<lordievader> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<tmontney> eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether (MAC ADDRESS OMITTED) brd ff:ff:ff:ff:ff:ff
<tmontney> eth1: <BROADCAST, MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether (MAC ADDRESS OMITTED) brd ff:ff:ff:ff:ff:ff
<lordievader> Meh, they are just down. 'sudo ip l s ethX up'
<tmontney> Aw, didn't do it right sorry. http://paste.ubuntu.com/10759672/
<lordievader> Probably weren't configured to be brought up.
<tmontney> Odd.
<tmontney> I've installed Ubuntu Server quite a few times now and I haven't had that happen.
<tmontney> Although I never had multiple NICs.
<tmontney> Thanks.
<lordievader> tmontney: Check /etc/network/interfaces
<tmontney> Oh I've been playing with that.
<tmontney> I'm trying to test my NFS server.
<tmontney> every restart they're set to down again
<lordievader> Are they configured to start?
<tmontney> don't know
<tmontney> that was brilliant of me
<tmontney> I commented out auto eth1
<tmontney> thinking it referred to DHCP
<OpenTokix> =)
<lordievader> There you go ;)
<YamakasY> which locales do we need on a server ?
<OpenTokix> YamakasY: the once you use
<YamakasY> so only US actually ?
<OpenTokix> YamakasY: I have en_US, en_US.UTF-8, sv_SE and sv_SE.UTF-8 on mine, since I am swedish
<OpenTokix> en_US and en_US.UTF-8 should be sufficient
<YamakasY> yap, I need NL than
<YamakasY> OpenTokix: swedish woman are nice :D
<lordievader> en_US.UTF-8 suffices in most cases.
<OpenTokix> YamakasY: how is that relevant at all?
<YamakasY> OpenTokix: you need to speak the right locale for it :)
<YamakasY> lordievader: yap
<YamakasY> but I see when I reconfigure I don't get any php5-fpm errors in puppet again
<YamakasY> weird
<tmontney> Figured it out.
<tmontney> Somewhere I found iface p5p1 inet manual was the correct syntax.
<tmontney> Just realized it's static not manual
<OpenTokix> manual is another setting
<tmontney> which is why I was getting an APIPA ipv6 address
<Quoexl> anyone alive?
<OpenTokix> Yes
<OpenTokix> I might also be OpenTokix from 6th sense, and then you are dead too.
<rbasak> strikov: are we ready to release Juju to Vivid in bug 1416051?
<rbasak> kickinz1: free to talk about Docker?
<kickinz1> rbasak, yes
<rbasak> kickinz1: please can you make the two corrections doko asked for last week?
<rbasak> kickinz1: IIRC, one was the build-dep for powerpc(?) and the other was my mistake in the selection of gccgo in debian/rules.
<strikov> rbasak: I think so. Curtis carried out all the necessary testing procedures. I'l' discuss it with pitty on #ubuntu-devel now. He is the right person for this, right?
<rbasak> strikov: yes. Also you can remove the block-proposed tag in the bug. That tag and the dep8 test failure in http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html are the two things blocking it from Vivid right now I think.
<kickinz1> rbasak, OK, I'll do (was re-reading backlog)
<YamakasY> how do I test uattended auto upgrade ?
<OpenTokix> YamakasY: What do you want to test, if it works on your system?
<YamakasY> OpenTokix: yap
<OpenTokix> YamakasY: to make it 100%, you need to take a snapshot of your system, upgrade and verify
<YamakasY> OpenTokix: upgrade how ? is that not triggered ?
 * YamakasY doesn't get it
<kickinz1> rbasak, sent you the new patch. Refreshed format-patch files.
<rbasak> Thanks!
<YamakasY> I need to check if my crondayly for apt is runned
<OpenTokix> YamakasY: check your log?
<YamakasY> OpenTokix: I can ru it manually ?
<YamakasY> that apt ?
<OpenTokix> YamakasY: yes, just take the command part from your cronline, and run it
<YamakasY> I can just do /etc/cron.daily/apt ?
 * YamakasY needs to get back to cron again after years :D
<OpenTokix> YamakasY: no, the command inside the that script
<YamakasY> ok
<YamakasY> which part, that is the question... apt get update and so n just works OK
<OpenTokix> YamakasY: I would safely assume it works
<YamakasY> OpenTokix: I'm quite sure it doesn't as my kernels are not removed after an upgrade
<OpenTokix> YamakasY: they never are
<YamakasY> OpenTokix: and when I do an apt-upgrade I still get lots if packages that are installable... mhh I think only security upgrades are done
<lordievader> YamakasY: apt-get autoremove might do that.
<YamakasY> lordievader: it does indeed
<YamakasY> but I want to have that cronned
<lordievader> YamakasY: No apt-get upgrade doesn't have a lot of rights, take apt-get dist-upgrade if you want something with full permissions.
<OpenTokix> YamakasY: Ithink there is some settings for unattended
<YamakasY> lordievader: I'm using puppet @ that part... so I'm kinda bound to it for 300 servers
<YamakasY> OpenTokix: I have that set on 1
<OpenTokix> YamakasY: you dont want to remove kernels automatically
<YamakasY> OpenTokix: I want to, really
<OpenTokix> YamakasY: ok
<YamakasY> and I want a Porsche 911 GT3 RS too!
<OpenTokix> ok
<YamakasY> maybe I can apt-get that
<YamakasY> strange
<YamakasY> nah weird
<lordievader> ?
<YamakasY> I just want my server to have latest packages
<YamakasY> on cron based
<lordievader> YamakasY: So add that to cron?
<OpenTokix> YamakasY: http://pastebin.com/WwdWUcGc <-- There is your script
<OpenTokix> YamakasY: it will also break your servers down the line, but have fun =)
<YamakasY> OpenTokix: erm, why would it ?
<lordievader> Because it says yes to everything.
<lordievader> In these cases you want cron to mail you the output. So you can see if apt/dpkg has broken stuff.
<YamakasY> lordievader: oh that
<YamakasY> I would like to hold my own configs
<OpenTokix> YamakasY: it does
<OpenTokix> force-confold
<strikov> rbasak: regarding slapd bug: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353
<strikov> rbasak: i have debdiffs for both precise and trusty
<strikov> rbasak: i did a research on CVE attached to the bug and came to conclusion that it was attached incorrectly
<strikov> rbasak: this CVE is about a different thing and I have no idea why it was attached
<rbasak> strikov: agreed and removed.
<YamakasY> OpenTokix: thanks tho
<YamakasY> and lordievader
<joners> would anyone be able to give me a hand securing a folder in apache on 14.04?
<joners> ive setup a squid proxy and configured sarg to generate reports every hour and id like to restrict access to the squid reports page using a simple username and password
<OpenTokix> joners: Beck.Sjukhusmorden.2015.SWEDiSH.720p.HDTV.x264-xD2V/Beck.Sjukhusmorden.2015.SWEDiSH.720p.HDTV.x264-xD2V.srt
<OpenTokix> ups =)
<OpenTokix> joners: https://wiki.apache.org/httpd/PasswordBasicAuth
<OpenTokix> wrong paste =)
<joners> thanks for the link, tried that one but afraid im not getting anywhere with it :/
<joners> seems there were some changes in ubuntu's apache implimentation
<OpenTokix> joners: ok, what is your problem?
<OpenTokix> joners: I doubt it
<OpenTokix> joners: is your auth modules enabled?
<joners> yes it appears to be
<OpenTokix> joners: what does you error logs say?
<joners> afraid im a complete noob when it comes to apache
<joners> two seconds ill see if i can get a paste of them
<OpenTokix> joners: ok, I am not - so, what does you error logs say?
<joners> sorry for the delay, there are only a couple of errors in there. Most are saying "AH01615: need AuthName: /squid-reports/"
<joners> the squid-reports directory is what im trying to secure
<joners> Would it be worth me noting what ive done in order?
<OpenTokix> joners: Can you pastebin your configuration where you have the authblock?
<OpenTokix> joners: And you have created the user, and restarted apache?
<joners> yes, created the user as per the guide in the link you sent over https://wiki.apache.org/httpd/PasswordBasicAuth
<joners> created the htpasswd directory and password file, added a user in there which i can see.
<joners> this was the default apache2 config file
<joners> http://paste.ubuntu.com/10762658/
<OpenTokix> and the site?
<joners> just getting that now
<joners> this would be the default configuration file in the sites-enabled directory right?
<OpenTokix> might be, if you have added your block there
<joners> i havent added anything there yet, this is the bit im trying to do
<OpenTokix> joners: you can add it for the entire / if you want to
<joners>  http://paste.ubuntu.com/10762760/
<joners> sorry about the wait!
<joners> The error i get when I restart Apache is "Syntax error on line 216 of /etc/apache2/apache2.conf: Syntax error on line 41 of /etc/apache2/sites-enabled/000-default.conf: </Directory> directive missing closing '>'" which points directly to the line ive edited.
<joners> I cant see any missing '>' though
<lordievader> joners: Does line 41 correspond with line 41 of your paste?
<joners> yes
<lordievader> Ah yes, on line 41 change </Directory> to <Directory>
<joners> ok ill give that a shot now
<joners> success! god dam typos!
<joners> thank you for your help. :)
<mgagne> hallyn: can I get an update on bug #1425619 ?
<hallyn> yes it's in comment #6
<hallyn> in another week or so we'll drop the other pending SRU and then we can push the one for bug 1425619
<hallyn> yup
<hallyn> wrong chan :)
<hallyn> stgraber: oh.  hm.  Now so long as a container is running systemd, we know it must have lxcfs (or cgroup mounts), so libvirt can just not use cgmanager in that case right?
<hallyn> So really, in vivid's cgmanager we can/should just drop the cgmanager usage?
<stgraber> I'm failing to understand the question
<hallyn> we have a custom patch in libvirt to use cgmanager for cgroup stuff, so that it can run in containers
<hallyn> i'm saying that in vivid we can drop that patch
<stgraber> not sure you can, lxcfs doesn't apply to the host, just to the containers
<stgraber> so you still won't have /sys/fs/cgroup/<controller> on the host
<hallyn> we won't?
<hallyn> doesn't systemd mount those?
<stgraber> oh yeah, nevermind
<hallyn> and actually i think libvirtd talks to systemd when it can for cgroup stuff
<stgraber> so yeah, if the only use case for that patch was to be able to run libvirt inside a container, then the patch can be dropped thanks to lxcfs
<hallyn> now if someone installs upstart in a vivid container they may have trouble,
<hallyn> that was the only reason, yeah - for adt i think :)
<stgraber> if it's not too much trouble, I'd probably keep it around for 15.04 and drop in 15.10 or so (certainly for 16.04)
<hallyn> cool - i *would* update it, but it would reuqire quite a few updates and doesn't seem worth the fragility
<stgraber> so that if someone has to revert to usptream somehow it'll still work. By 15.10 we should be so dependent on systemd for the various jobs that reverting to usptart likely won't be much of an option for users
<hallyn> the troubles are:  (1) having to deal with comounted containers, (2) having to deal with libvirt being confined to a non-/ cgroup by systemd,
<hallyn> but juju folks might have trouble i guess
<stgraber> hmm, I guess if someone was to deploy a compute node inside a lxc container with juju, they'd run into that problem
<hallyn> i also considered having libvirt not use cgmanager when pid 1 is systemd, but then if there are regressions in the cgmanager code we'd have trouble finding them
<Phibs> anyone know where icehouse went? http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/
<Phibs> certainly supported on 14.0.4
<Phibs> but totally missing/gone
<sarnold> Odd_Bloke,bigjools, ^^^ see Phibs's question ..
<beanbag> so
<beanbag> what all do I need to do to add a compiled scsi module to a existing system that can't boot because the installer didn't add the module
<beanbag> I already went into the directory on the hard drive and added the module to lib/modules
<beanbag> did chroot and ran depmod -a
<beanbag> then did mkinitramfs
<beanbag> ugh
<beanbag> I can't figure out this fucking thing
#ubuntu-server 2015-04-08
<Mouzz> Is there a way to specify a preferred dns server which is always used/tried first? I use one internal dns server (which resolves local names and redirects other requests to a public dns) and a public dns for when the nternal one is unreachable. The problem now is that Ubuntu seems to be switching to the second (public) dns I have entered in NM...
<coreycb> Phibs, icehouse is in main for 14.04, so it's not in the cloud archive
<coreycb> Phibs, icehoues is in the cloud archive for 12.04 though
<arcsky> i did apt-get update && upgrade, i have still OpenSSL 1.0.1f  which are vulnerable
<rbasak> arcsky: distributions backport security patches. To verify if a particular vulnerability is fixed, you need to examine the package version number.
<arcsky> rbasak: for example i have bash 4.3. and found this: http://www.cvedetails.com/cve-details.php?t=1&cve_id=+CVE-2014-7169
<arcsky> do i have to dig deeper?
<rbasak> arcsky: go to http://people.canonical.com/~ubuntu-security/cve/
<rbasak> arcsky: enter the CVE
<rbasak> arcsky: that will show you the status in Ubuntu. If fixes have been released, you will see the corresponding package version numbers. Then check that you have at least those package versions installed.
<rbasak> arcsky: or, just make sure that you have the security repositories in your sources.list and that you keep up to date.
<arcsky> rbasak: nice thanks for that url!
<Patrickdk> you should have something like, 1.0.1f-1ubuntu2.11 that is not vaunerable, not 1.0.1f
<arcsky>  1.0.1f-1ubuntu2.11 i have te
<arcsky> ye*
<arcsky> The requested URL /~ubuntu-security/cve/pkg/1.0.1f-1ubuntu2.11.html was not found on this server.
<YamakasY> anyone running a newer version of php on 14.04 ?
<YamakasY> standard is 5.5.9
<BlackDex> YamakasY: Running php 5.6.7-1 currently using https://launchpad.net/~ondrej
<YamakasY> BlackDex: works OK ?
<BlackDex> YamakasY: Yea works nice, no problems with it.
<BlackDex> I have it combined with nginx and fpm
<YamakasY> BlackDex: mhh my ubuntu apt-get upgrade doesn't see them
<BlackDex> have you added it with add-apt-repository ?
<BlackDex> and then did a apt-get update?
<YamakasY> yes
<BlackDex> Strange. With my server it whas just as simple as that
<YamakasY> might be a puppet issue
<BlackDex> Ah!. LoL that could be. That puppet fixed versioned them
<BlackDex> YamakasY: check it with something like this apt-cache policy php5
<YamakasY> BlackDex: yap might be indeed
<YamakasY> BlackDex: can I change that ?
<BlackDex> YamakasY: The best way to change that is to change the puppet config
<BlackDex> And even let puppet add the other repo so that it will be correctly configured when puppefied again
<YamakasY> BlackDex: I know, but this is just a wrapup test
<BlackDex> Ah! then just do this. `apt-get install php5=5.6.7+dfsg-1+deb.sury.org~trusty+1
<BlackDex> That will overrule the pin
<BlackDex> To check for which versions you can install do: `apt-cache madison php5`
<YamakasY> heh, puppet makes my life too easy
<YamakasY> doesn't override
<YamakasY> it says it installs php5 but it doesn't
<Blueking> got access gateway replaced. today. Got home today after work   it seems  ip address on linux box connected to access gateway wasn't updated, and needed to do service networking restart to force pc/ubuntu to update eth0 (interface connected to access gateway)   not sure if it's hardware(mobo) or ubuntu that doesn't update itself auto ? what to check out  whats not working properly ?
<lordievader> Blueking: Does it do DHCP? Long lease time out?
<Blueking> eth0 should get ip from access gateway (ISP' property), dhcpd runs on eth1
<Blueking> lordievader
<lordievader> Can still be a long lease time.
<Blueking> long lease time given by access gateway or lordievader ?
<lordievader> If that is the one who gives out the leases, yes. Could be a reason. I'm not saying that is the reason. Just a suggestion.
<Blueking> what should I do about lease time when I am using linux box as router ?
<Blueking> lordievader  aren't there any sense function on ethernet interfaces ?
<lordievader> Blueking: As long as they are connected they don't care.
<lordievader> If that means you have a correct ip or not, they don't know.
<Blueking> lordievader  got new access gateway today,  the new ip wasn't replaced before I logged on linux and 'service networking restart'
<YamakasY> mhh I need to override this pinning
<Blueking> lordievader  linux box had been online for 16 months  without any issues/problems, but last 2 weeks  net hes dropped out 1-2 times a day
<YamakasY> Blueking: that means you need to buy a new one :P
<Blueking> buy new what ?
<Blueking> YamakasY ?
<YamakasY> server :)
<Blueking> naw   supermicro mobo with xeon cpu and ecc ram shouldn't die that fast  not even 2 year old
<Blueking> YamakasY
<lordievader> Blueking: Investigate why the network connection is dropping out ;)
<Blueking> I suspected it was old access gateway that was reason
<Blueking> I'll check if there are any bios updates to mobo
<lordievader> Randomly updating the bios isn't proper trouble shooting.
<lordievader> Investigate why the network connection is going down. Check logs. Run tests. Try the reproduce the problem.
<SuperMX> hello! is someone interested in hearing about a strange phenomen?
<SuperMX> i have an ubuntu server 14.04 and when i turn it off the next day it won't boot (only dots on the screen, grub doesn't open up)
<SuperMX> then in the morning when i use a live cd with fsck and then reboot the server it works again until i reboot it again.... this happens now everytime
<hamdi_1984> @SuperMX is it a virtual machine ? what fs type ?
<SuperMX> no its an old acer computer from my uncle... windows xp used to run on there. so there is the bootable fat32 partition and then the linux fs with ext
<hamdi_1984> ext 2 3 or 4
<SuperMX> i am quite sure its ext3
<SuperMX> maybe i am doing something wrong with the shutdown
<hamdi_1984> well why don't try to check and repair ur partitions ?
<hamdi_1984> u can use gparted for that
<SuperMX> i always used fsck, should i try with gpart?
<hamdi_1984> yeah definitely I prefer gparted
<SuperMX> i thought that fsck repairs the fs as well
<SuperMX> ah ok, i will try that
<SuperMX> thank you :))
<hamdi_1984> gparted is easier and will show u useful info about what's wrong with ur partitions
<hamdi_1984> then may be u need to reinstall grub
<SuperMX> hmmm ok
<SuperMX> so it will be definitly the fs
<hamdi_1984> I think so
<SuperMX> because when grub doesn't start it has nothing to do with ubuntu
<hamdi_1984> true
<hamdi_1984> do u have ur data backed up ?
<SuperMX> a website is running on it, but this partition seems to be ok
<SuperMX> but, yes i should back it up :)
<SuperMX> thank you for your response and sorry if i wasn't technically exact
<lordievader> Gparted probably calls fsck, so using fsck is fine.
<lordievader> Perhaps it is a good idea to check smart data.
<smb> hallyn, zul, anyone having a pending upload to vivid qemu in the works? if not I would soonish push a small one
<zul> smb:  i dont
<hallyn> me neither
<smb> ok. ta
<lucidguy> Raid Question.  Can you assemble a raid 60 with uneven amount of drives, for example 11?
<bekks> No.
<bekks> Erm on moment - uneven drive count, and RAID6?
<bekks> Are you testing on how to horribly slow down a system? :)
<lucidguy> I have a 12 disk system, need as much storage as possible with a good amount of stability.
<bekks> Which drives?
<lucidguy> 6tbSATA
<bekks> Do you have a RAID controller?
<ObrienDave> freeNAS ;P
<sarnold> lucidguy: sounds like a problem tailor made for zfs, using one 11-disk raidz3 vdev
<bekks> Yeah.
<lucidguy> bekks, yes PERC H730P
<lucidguy> Raid05 supports uneven amount of drives?
<jrwren> I'd start with workload. e.g. running RDBMS or other? make sure IO needs are met, and if they are, then go full raid6... or... PERC... then use built in PERC raid5 :)
<lucidguy> raid50
<bekks> Uneven drive counts dont make sense for striping.
<lucidguy> dont make sense? but you can raid 5 on three disks.
<bekks> Yeah. So double that count.
<lucidguy> Gotcha: So raid5 and raid6 can support uneven drive counts, but not 50 or 60
<lucidguy> Makes sense
<lucidguy> So I could go a full 12 disk raid 60, gives me 4 disk fault insurance, over raid6 2 disks.
<bekks> USe two hotspares and a single RAID6.
<lucidguy> Why does this site/app allow me to setup 11 disk raid60.. should error/note.. https://www.icc-usa.com/raid-calculator/
<bekks> Ask that site? :)
<bekks> Even if it is possible, it doesnt make any sense.
<lucidguy> So its just silly, and misleading right?
<bekks> Correct.
<bekks> RAID calculators calculate things, they do not tell you "that looks good" or "thats quite stupid".
<sarnold> zfs would let you do that with two vdevs, 5disk raidz2 and 6 disk raidz2, but the tools would ask you for comfirmation before creating it, since it would be unbalanced; writes would prefer the six-disk raidz2 vdev first, since it has more free space
<sarnold> but if you could get twelve disks and do two raidz2 vdevs of six disks each you'd see more even writes and thus better available iops..
<lucidguy> sarnold, I have a decent raid controller, no zfs required.
<bekks> ZFS is not a replacement for a RAID controller.
<lucidguy> I know, but ideal for when you don't have one.
<rberg> are you talking about formatting a hardware raid array with zfs?
<sarnold> lucidguy: most raid controllers won't do compression or checksumming..
<bekks> Or deduplication.
<lucidguy> zfs is great when you have a whole lot of disks.
<lucidguy> no?
<bekks> Which you have.
<lucidguy> 12 is not alot
<bekks> Depends on the point of view.
<rberg> zfs does like to control the entire stack.. so HW raid isnt a great choice unless its the only choice :)
<lucidguy> This is a 12 disk NFS server.. raid controller over not with zfs makes more sense
<rberg> some people with hardware raid cards (without jbod support) set each disk as a 1 disk raid 0 and then make the zraid with those
<sarnold> yeah if you were to go zfs you'd want to stick your  raid controller in hba mode..
<lucidguy> Then why bother with a raid controller?
<rberg> exactly
<sarnold> yes :)
<lucidguy> With my setup/needs you should get better results with a raid controller over zfs
<bekks> Because you believe in that or because you actually tested it?
<lucidguy> I believe in that.  ZFS has an overhead on the CPU.  zfs performs well with fast flash/ssd memory for log/cache.
<bekks> Belief is a good sign for religion, but absoluty useless when it comes to technology.
<lucidguy> IS my statement not a fact?
<bekks> You stated technical facts that do not imply that your RAID controller is faster, actually.
<sarnold> you may see better performance on some benchmarks using xfs on hardware raid than using zfs on an HBA.. but you'd lose the compression, checksumming, snapshots, etc. it's all tradeoffs.
<lucidguy> sarnold, I agree with that.  We will be using XFS also.
<rberg> with a hardware raid card I would do hardware raid.. with a hba I would probably do md raid.. I had issues with the zfs module building reliably in the past
<lucidguy> I have an x4500 thumper running ubuntu with ZFS.
<sarnold> lucidguy: ooooooo
<sarnold> those are impressive machines even today, hehe :)
<lucidguy> It was quite the ZFS learning experience for me.
<lucidguy> My 8 year old 60 disk jbod server lost all of its storage a few days ago due to a simultaneous dual disk failure.  Hence my interest in going raid6 or 60.  Im interested in 60 due to the increased speed and better performance.
<bekks> So you lost more than two disks on one side of the RAID60?
<lucidguy> not this was a raid50 system
<patdk-wk> maybe you should ask mdadm?
<rberg> in the case you are still ok because the other raid 5 still has all the data right?
<rberg> I dont have much exp with nested raid levels
<lucidguy> rberg, nope because one of the single spans lost two disks.
<rberg> ohh no.. I think I played out a 05 setup in my head..
<bekks> lucidguy: So you used 50 setup consisting of two 30-disk parts?
<lucidguy> one raid 50 was 28 disks by 4 spans of 7
<jrwren> all DAS or was it iscsi/fc?
<lucidguy> direct
<lucidguy> I think ive decided.  11 disks total, 10 for raid60 and the 11th a hot spare
<patdk-wk> why the switch from zfs to raid though?
<lucidguy> There is no switch, just getting a box with raid.
<patdk-wk> what kind of usage will it be having on it?
<lucidguy> one large xfs volume exported via NFS.  About 30+ hpc workstations will be using it for storing large images etc.  The build is restricted to a budget of around $15k
<patdk-wk> large images?
<patdk-wk> seq accesses? random accesses?
<patdk-wk> mainly reads? or writes?
<lucidguy> a mix
<lucidguy> mainly sequential
<lucidguy> large images as in MRI scans of brains etc.
<patdk-wk> so really reads
<patdk-wk> as writes would be limited to the speed and quanity of scanning machines
<patdk-wk> you could probably go much larger than 11 disks per set
<patdk-wk> as long as you feel you have enough parity disks to handle failures
<patdk-wk> but you had two disk failures
<patdk-wk> if raid6 has two disk failures, you will no longer know if your data is accurate anymore, or got corrupted
<jrwren> i'm lazy. I'd do 11 drives, one raid6, 1 hot spare. :p
<patdk-wk> make sure you do daily scrubs
<patdk-wk> and setup email alerts
<katco> any app armor experts around?
<patdk-wk> depends
<patdk-wk> !ask
<patdk-wk> bot be broken
<katco> hehe
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<katco> i have a log with what appears to be an issue with app armor+lxc, but i'm afraid i don't know what i'm looking at: https://bugs.launchpad.net/juju-core/+bug/1441319
<katco> log: https://bugs.launchpad.net/juju-core/+bug/1441319/+attachment/4369706/+files/container.log.gz
<katco> "      lxc-start 1426805367.662 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - failed to change apparmor profile to lxc-container-default"
<katco> it's not the first error, but it's the one that sticks out to me
<sarnold> katco: if you think apparmor is involved, please also attach a gren DEN /var/log/syslog or /var/log/audit/audit.log (If you're using auditd)
<katco> sarnold: this is a ci server, i'll have to see if i can get those. i was hoping for an opinion to point me in the right direction before spiking too far in one direction.
#ubuntu-server 2015-04-09
<thumper> hallyn: hey there
<thumper> hallyn: still around?
<thumper> hallyn: I'm looing into the lxc template failing to stop issue on trusty with juju 1.22 with katco
<thumper> hallyn: looking through the log files, it became obvious that the problem was intermittent with many other lxc containers and our template mechanism working on other machines
<thumper> hallyn: so the race condition option seems most likely
<thumper> hallyn: however I'm not entirely sure what we are racing with...
<hallyn> thumper: well, whatever does the first lxc-create or lxc-start, can you have it do a 'ps -ef' and 'sudo aa-status' and 'dpkg -l'?  Question is whether package install is complete, and if not why not.
<linocisco> hi all
<linocisco> i have ddns registered at no-ip.com. I have no registered domain
<linocisco> i want to setup webserver on virtualbox using dynamic dns. what do I do?
<tash> when I run this from the CLI: curl http://myurl/cgi-bin/my-file.pl it returns a string "ok" which I expect. But, when I put that into a shell script like this: REQUEST=`curl http://myurl/cgi-bin/my-file.pl`  print $REQUEST   it spits this out: Error: no such file "ok"
<tash> can anyone explain why it doesn't just show "ok" when I run it from a script, rather than display an Error
<excalibr> tash, print?
<excalibr> you want echo or printf if that is shell script
<tash> yeah, lol
<tash> i actually realized that after I put that here...I've been working on perl scripts and shell scripts today and got some syntax confused
<tash> pffff, thx excalibr
<brianw> using ubuntu 14.04 on (2) physical machines to host my glusterfs backup & lxc host for samba ad/dc containers & glusterfs/ctdb/samba DFS server containers. Each physical machine can run the network without the other. When the other comes back online, all is synced...
<brianw> Lovely!
<brianw> I just wish glusterfs supported btrfs backend with snapper support.
<lordievader> Goodmorning.
<excalibr> Upstart question, in script stanza, do your codes in it always get executed when you start/stop your upstart job?
<excalibr> never mind
<voidfire> anyone able to help me? tryin to setup vhosts like cpanel (per user)  in ubuntu
<voidfire> tried manually. tried with webmin.. i dont know what im missing. I get forbidden eerors as well as I have fiddle with the permission of the  said user folder to try stuff out
<lordievader> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<lordievader> voidfire: ^ is likely why you get those errors.
<voidfire> but I was trying first manually :/
<voidfire> i tried throught webmins after I failed my self
<voidfire> but thanks for your input..its better than nothin
<voidfire> shall I go with ISPconfig3?
<lordievader> Just pointing out what I know ;)
<voidfire> tell me more of what you do know :)
<voidfire> pweasee
<lordievader> What are you trying to do exactly?
<voidfire> im setting up 2 new ubuntu 14.04 servers (vps)
<voidfire> i want inside one of them to make virtual hosts  on apache for every user
<voidfire> so each user will be able to develop php/html and serve those files from /home/$USER/public_html
<voidfire> similar to what a cpanel server does
<voidfire> i know , ive googled for the matter but each article shows different proccess or misses steps and Im puzzled
 * voidfire is confused
<lordievader> http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
<voidfire> ive enabled that module
<voidfire> lets read up
<lordievader> voidfire: That should be all, then you should be able to acces http://localhost/~username/
<voidfire> kay , thanx
<frobware> anybody aware of dpkg SEGV issues on arm64 since Monday this week?
<Odd_Bloke> frobware: On vivid?
<frobware> Odd_Bloke, trusty
<frobware> Odd_Bloke, I went back to http://cloud-images.ubuntu.com/trusty/20150313/trusty-server-cloudimg-arm64-disk1.img which is OK for my test case (installing devstack)
<mgz> rbasak (or someone) licencing question:
<mgz> we're currently removing some files from our tarball when building juju because they come from a w3c testsuite
<mgz> looking at their docs again today, they now seem to offer 3-clause bsd as an option as well as their own non-free licence
<mgz> so is bundling w3c test suites okay now?
<strikov> mgz: very good point; i don't know the answer (need to think about it) but i just figured out that we *include* this testsuite as src/golang.org/x/net/html/charset/testdata/
<strikov> mgz: we now have two copies of pretty the same code (maybe different versions) at golang.org/x/net and code.google.com/p/go.net/
<mgz> strikov: so, the juju tarball we build explictly strips that
<mgz> but the move is why I'm looking at it again :)
<strikov> mgz: i found it in the tarball for 1.23-beta3
<strikov> mgz: it removed from code.google.com/p/go.net/ but not from golang.org/x/net
<mgz> >_<
<strikov> mgz: do you know the reason why we have two versions of the same code?
<mgz> code.google.com is shutting down, so everything is moving
<mgz> I suspect not all things have moved the import over yet
<strikov> mgz: origin link in the testdata/ folder doesn't work for me; what is the origin repo for these tests?
<jelly> hi, is 15.04 server going with systemd as default init or is that delayed?
<mgz> strikov: looks like it's that url s/repository\///
<mgz> wait, other way around
<mgz> add repository in, after tests/ in the path
<strikov> jelly: systemd is default for vivid
<strikov> mgz: ah, thanks; i was confused by the fact that they call them the-input-byte-stream-***
<strikov> mgz: do you mean this by saying about bsd license: http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231
<strikov> mgz: sorry, found right one
<mgz> strikov: I was reading the "licenses for w3c test suites" page
<rbasak> mgz, strikov: sounds OK, as long as the version you're shipping was released under the 3-clause bsd license as an option. I trust strikov will take care of checking that :)
<strikov> mgz: rbasak: how about changing README in the tests folder to include 'all *.html files' are (c) by w3c and the following license applies <license from http://www.w3.org/Consortium/Legal/2008/03-bsd-license.html>
<mgz> strikov: I'd like to do that, as an upstream patch at least
<mgz> having a readme with a dead link and no mention of licencing at all is dumb
<strikov> mgz: do you plan to file upstream bug to google or I need to do that?
<mgz> strikov: I can
<strikov> mgz: ok, thanks; ping me please when done so i can track it (i need to include a link to the bug to debian/copyright)
<faylite> I get lots of lag while using ssh on a local network, 1-10 seconds of delay when typing etc. Any suggestions, it's a server on the same local network as me.
<faylite> And it's connected to wifi......
<lordievader> Bad wifi connection? Long latency?
<faylite> Any commands to measure it? Probably bad connection but I'm not sure.
<lordievader> faylite: /proc/net/wireless can tell you.
<faylite> Not sure what's good or bad,  wlan0: link:58.  level:-52.  noise:-256
<faylite> Ok nvm looks like the signal is pretty bad and unstable, guess I'll try plugging in the Alfa
<lordievader> Link level isn't optimal.
<strikov> mgz: i just updated the bug; imo, we need to remove this testsuite from 1.23 tarball; we will return it back but only when golang guys fix the issue upstream
<strikov> mgz: i don't want to be in a position when we have 1.23 release but we can't package it because golang upstream doesn't fix it yet
<mgz> strikov: sure
<strikov> mgz: thanks
<mgz> strikov: what's the tarball you are looking at? because it really should ahve the old location stripped already
<strikov> mgz: yes, old location is stripped; i'm talking about new location
<strikov> mgz: i.e. we need to remove both :)
<mgz> okay, I have that change done, will propose now
<strikov> mgz: awesome
<caribou> utlemming: ping,
<utlemming> caribou: pong
<caribou> utlemming: just saw your MP for the cloud-init sosreport plugin, thanks !
<utlemming> caribou: :)
<caribou> utlemming: the only thing is that I will not merge it from bzr as I would prefer to have it upstream first
<caribou> utlemming: do you have a github account ?
<caribou> utlemming: this way, it will benefit to all distros
<utlemming> caribou: ah, sure. What is the github project I need to fork?
<utlemming> caribou: I'll be happy to submit it up that way
<caribou> utlemming: https://github.com/sosreport/sos
<caribou> utlemming: or I can do it for you if you're too busy
<utlemming> caribou: meh, I'll do it...its simple and I should really be playing in the Github community more
<caribou> utlemming: just make sure that your commit log starts with  [cloud-init] & add the signoff thingy
<caribou> utlemming: just have a look here : https://github.com/sosreport/sos/wiki/Contribution-Guidelines
<caribou> utlemming: so bryn doesn't send you back there. It mostly sums up to the two things I mentionned
<caribou> utlemming: I worked on this a while back; sent a few emails then it fell in my todo blackhole
<utlemming> caribou: done, https://github.com/sosreport/sos/pull/548
<caribou> utlemming: yep, just got the email. Thanks a lot. I'll get it in ubuntu once it's in
<utlemming> caribou: great :)
<excalibr> Can someone help me with Upstart? Why does 'read' behave unusually in *-stop script stanza?
<excalibr> I have these 2 lines in post-stop script block
<excalibr>     read -r ppid < /var/log/dnscrypt-resolvers_1.log
<excalibr>     touch /tmp/dnsc1_$ppid
<excalibr> and when I stopped the job, the filename created in /tmp was dnsc1_[NOTICE]
<lordievader> excalibr: what is in dnscrypt-resolvers_1.log?
<excalibr> lordievader, /facepalm. I just realized that I made a stupid mistake when writing the filename. It meant to be a pidfile but it looks here something still caused it to fail
<excalibr>     read -r ppid < ${PID_FILE_PRIMARY}
<lordievader> ;)
<excalibr>     touch /tmp/foobar_${ppid}
<lordievader> Why throw it through read? 'touch /tmp/foobar_${PID_FILE_PRIMARY}'?
<excalibr> stop: Job failed while stopping
<excalibr> it gave me that when I stopped the service
<excalibr> and dmesg output:
<excalibr> [83429.323424] init: dnscrypt-proxy post-stop process (10894) terminated with status 1
<excalibr> lordievader, Im interested with the file content
<excalibr> not the file itself
<lordievader> Could you pastebin the full script?
<excalibr> lordievader, it works though if I wrote it this way: ppid=`cat $PID_FILE_PRIMARY`; touch /tmp/foobar_${ppid}
<lordievader> I really have no idea what you are trying to accomplish.
<excalibr> lordievader, http://pastebin.com/raw.php?i=KW4X9ZKF
<lordievader> Could you explain what you are trying to accomplish?
<excalibr> lordievader, I had this line earlier in the post-stop block: if { read -r ppid < ${PID_FILE_PRIMARY}; } 2>/dev/null  but oddly that didnt work so now this line was reduced to just that short read -r ... code. Basically I want to dig why the built-in read command failed
<lordievader> So, run it manually?
<excalibr> If I run that piece of code manually in interactive dash/bash shell it works just fine
<lordievader> What does the upstart log say?
<excalibr> where is the log file
<lordievader>  /var/log/upstart/
<excalibr> I dont see a log file for the upstart job in the dir
<excalibr> I was wondering about this as well
<lordievader> ttp://upstart.ubuntu.com/wiki/Debugging
<lordievader> http://upstart.ubuntu.com/wiki/Debugging
<jathan> Hello ubuntu-server chanel
<lordievader> o/
<jathan> Can someone tell me please which could be a good hardware characteristics for a Lidrectord implementation with Ubuntu Server 14.04 for an operation that will be attending between 200 and 1 milion requests per day?
<Guest42674> hi
<XIaah> does anyone have a few minutes for a few quick questions for a noob about linux servers?
<lordievader> XIaah: Shoot
<joren> Hey, has anyone else ran into missing ca certs on ubuntu server recently? The install I did is pretty minimal (from preseed) so I'm wondering if there's just a package or something I'm missing. Wget and python are both having trouble with some *fairly* common keys.
<XIaah> thanks lordievader, im doing a project at the moment using a dns, http and msql server and going to use a client to "hack" the servers to gain information from them and try to patch the weaknesses in them. i've obviously got apache2 installed on the http with and mysql on the mysql server. however i'm slightly unsure on where the best place to install myphpadmin and wordpress (wordpress
<XIaah> must be used for the sake of project) would be? would it be on the apache server as i read that it needs to have permission to access apache2. or would it be best to install it on the mysql server? i hope thats clear enough its been a very long day!
<XIaah> everywhere i've looked so far just points towards LAMP and installing everything on the same server, which in my case isn't possible as i need to use 3 individual servers
<lordievader> XIaah: Those things are usually placed in /var/www if that is what you mean.
<XIaah> yeah
<sarnold> joren: apt-get install ca-certificates, that ought to be a good start
<joren> sarnold, that's on there. some ssl works, some doesn't. I was hoping there might be another package missing but maybe it's something else
<XIaah> lordievader would you  recommend installing wordpress and myphpadmin along side apache2?
<sarnold> XIaah: you could look into the juju charms for wordpress, apache, and mysql, they'll know how to configure those services to run on different computers
<XIaah> sarnold juju charms? :o
<sarnold> joren: can you share a specific site that's failing to verify?
<sarnold> joren: maybe run it through the qualsys ssl checker..
<joren> running now, https://api.xero.com/ for one
<sarnold> XIaah: see e.g. https://jujucharms.com/mysql/trusty/24
<XIaah> i'll look into it, thanks sarnold !
<teward> anyone here use reprepro willing to give me a hand with something?
<lordievader> XIaah: You need something to serve those pages ;)
<teward> i need to get two versions of the same source package into a repository that is explicitly named what i want, say, 'nginx-mainline' or 'nginx-stable'
<teward> and within that it needs to support ubuntu versions trusty, utopic, vivid, and debian repos as well.  any sane way to execute this
<XIaah> lordievader what do you mean?
<lordievader> XIaah: Apache is a web server, wordpress/phpmyadmin are web pages.
<XIaah> lordievader: i'll have a dns running to support them also
<jvwjgames> Hi i am trying to find my private key
<jvwjgames> where is it stored
<jvwjgames> i used openssl to generate a key
<jvwjgames> but can't find the key
<genii> cwd
<teward> jvwjgames: /home/$USER/.ssh/
<teward> jvwjgames: the default is id_something - id_rsa for an RSA key, etc.
<jvwjgames>  openssl req -nodes -newkey rsa:2048 -keyout ...
<teward> jvwjgames: those files contain the private keys; the id_something.pub file is the public key
<jvwjgames> this is the command i used
<teward> jvwjgames: oh wait, nevermind, i failed
<teward> that command is only part of it, but -keyout should say what the filename is
<teward> it'd then be in your current working directory
<teward> (the directory you were in when you ran the command)
<teward> FYI I can't read
<teward> xD
 * teward is tiredish
<jvwjgames> i forgot to speok found it
<jvwjgames> ok i found it
<jvwjgames> where is the ssl config file for apache 2 i can't find it
<jrwren> jvwjgames: you can find it yourself: grep -ri ssl /etc/apache2
<jrwren> jvwjgames: looks like it is split across files in mods-enabled and sites-enabled
<joren> It really does just seem like ubuntu is missing some important ca cert. it's working just fine on an arch machine and not working a few ubuntu servers
<sarnold> joren: we really just repackage and ship the mozilla certs.. we don't want to be in the business of auditing CAs ourselves..
<joren> I see
<maxb> what exactly fails?
<joren> wget https://api.xero.com
<joren> for one
<joren> openssl s_client -showcerts -connect api.xero.com:443
<joren> show's "unable to get local issuer certificate
<joren> er, with -CApath /etc/ssl/certs/
<jrwren> joren: I hate to say WFM, but... :)
<joren> :( maybe it's really a man in the middle :D
<maxb> I do see it fail for me on vivid
<maxb> though I can't quite work out why
<jvwjgames> how do i convert a cert to X.509 PEM
<jrwren> me too, works on trusty, fails on utopic  interesting
 * joren on trusty here
<joren> failing on at least 3 installs
<joren> :/
<jrwren> /etc/ssl/certs/Entrust.net_Secure_Server_CA.pem is on trusty and not utopic
<jrwren> likely the cert was revoked for a reason?
<jrwren> maybe because its a 1024 bit signing cert?
<sarnold> jrwren: can you dpkg -S that on both systems? I thuoght the certs should be identical on all: https://launchpad.net/ubuntu/+source/ca-certificates
<joren> I've got the Entrust.net_Premium_2048_Secure_Server_CA.pem but I'm missing that one that jrwren just mentioned. This gets me a bit closer :)
<jrwren> sarnold: 20130906ubuntu2 on this not-updated trusty.
<jrwren> here it is, phasing out 1024bit signing keys: https://blog.mozilla.org/security/2014/09/08/phasing-out-certificates-with-1024-bit-rsa-keys/
<jrwren> and https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes
<sarnold> I don't thinkt hat's it though, qualys reports their cert and all certs above it in the chain are 2048. but they also report they are using sha1.. I wonder if that's related?
<jrwren> sarnold: I can confirm that the missing file which I mentioned has the same fingerprint mentioned in those NSS release notes.
<joren> jrwren, how did you find that that was the missing file? I've got one other site  failing that I'd like to investigate a bit too, it's failing on a verson of ca-certificates that works with api.xero.com
<jrwren> joren: I saw the name entrust so I ls /etc/ssl/certs/*trust* on a trusty and a utopic. Lucky guess.
<joren> cool cool
<jrwren> joren: but, I am not sure that is the problem.
<jrwren> I'd have excpect to see that cert as on in the chain in the output of that s_client command, and it is not
<jrwren> i'm afraid i went down the wrong path on this. sorry.
<joren> idk, seems logical to me. the ubuntu servers are missing a "USERTrust*" certs as well which would explain the other site.
<joren> Maybe I should just get a different cert bundle from a trusted source
<sarnold> you could download just their specific CA cert and use --ca-certificate=FILE
<jrwren> joren: these certs were removed for good reason and without seeing them in that chain, there is no reason to believe adding the cert will fix the problem.
<jrwren> joren: also, I do not think "unable to get local issuer certificate" is an error. I get that for google.com and yahoo.com
<joren> I get "Verify return code: 0 (ok)" instead of the local issuer thing :/
<joren> using that missing cert with --ca-certificate does indeed work. Which I had actually downloaded from Entrust yesterday.
<joren> I guess I'll probably just do that, or add Entrust's full cert bundle, and maybe urge xero to get their key's resigned to that 2048 CA key if they can
<joren> unless I'm missing something.
<jvwjgames> where do i pu the chiper options in apache
<jvwjgames> i can;t find the file
<teward> jvwjgames: in your site configs, IIRC
<teward> httpd.conf theoretically, but i don't know where that is on Ubuntu, as I use nginx instead :P
<joren> jvwjgames, /etc/apache2/monds-enabled/ssl.conf is where I'd probably put it.
<jrwren> jvwjgames: /etc/apache2/mods-available/ssl.conf
<jrwren> jvwjgames: see SSLCipherSuite is there by default
<joren> btw, thanks jrwren and sarnold for your help.
<teward> what they said :0
<jvwjgames> thanks guys
<jvwjgames> >:(
<jvwjgames> why
<jvwjgames> https://www.ssllabs.com/ssltest/analyze.html?d=jvwjgames.net
<jvwjgames> This server accepts the RC4 cipher, which is weak. Grade capped to B.
<jrwren> jvwjgames: http://blog.rlove.org/2013/12/strong-ssl-crypto.html  I follow that.
<jvwjgames> any ideas
<teward> jvwjgames: you have the rc4 cipher somewhere
<jvwjgames>  SSLCipherSuite AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5:!RC4
<teward> but without your cipher strings we can't really tell
<teward> did you reload the configuration when you hanged it
<teward> changed*
<jvwjgames> SSLHonorCipherOrder on
<jvwjgames> yes
<teward> yeah i was running the cipher test :p
<teward> jvwjgames: i think it's missing this cipher in that config, but IDK why - ECDHE-RSA-RC4-SHA
<teward> i just ran a cipherscan of your domain from here, and that's the only rc4 cipher still in use
<teward> probably why it triggered
<jvwjgames> so just add it
<teward> see, https://cipherli.st/ is a little more 'accurate' to the cipher strings that you should probably use - it doesn't include the MEDIUM ciphers and won't trigger the RC4 error, but meh
<teward> not that i endorse that list
<jvwjgames> hmm intresting
<jvwjgames> i had two lines for cipher settings
<jvwjgames> and apache2 didn't complain
<jvwjgames> maybe why it was still triggering
<jvwjgames> retesting
<teward> well it shouldn't, you *can* override ciphers for specific sites, IIRC.
<teward> nope still triggering :P
<teward> (make sure to refresh your configs every time)
<jvwjgames> ok i just copied and pasted the config from that site you gave and i am now retesting
<jvwjgames> and yes i did a reload and even a restart
<jvwjgames> of the apache2 service
<teward> you might have something overriding it elsewhere in other configs, but IDK where that'd be.
<teward> (I'm not an Apache expert)
<jvwjgames> ok
<joren> grep -R SSLCipherSuite /etc/apache2/
<joren> ?
<joren> I just changed mine to "SSLCipherSuite AES256+EECDH:AES256+EDH" and it got rid of the RC4 thing for me. We've been using that on our public site for a while now
<jvwjgames> ok retesting
<teward> joren: yeah that's a strong ciphersuite, although iirc that limits to TLSv1.2 but don't quote me on that
<teward> mmm it has older ones, too, nevermind.
<teward> the only problem is if you need the 128 strength ones in which case time to expand
<jvwjgames> hmm
<jvwjgames> still don't work
<joren> did the grep reveal any  other SSLCipherSuite lines? do you have the symlink at /etc/apache2/mods-enabled/ssl.conf?
<joren> heh, that guy Robert Love has the same last name as me :)
<joren> I'm waiting for the .love tld to come out :D
<jvwjgames>  The apache2 configtest failed. Not doing anything.
<jvwjgames> Output of config test was:
<jvwjgames> apache2: Syntax error on line 219 of /etc/apache2/apache2.conf: Syntax error on line 163 of /etc/apache2/sites-enabled/default-ssl.conf: </IfModule> without matching <IfModule> section
<jvwjgames> Action 'configtest' failed.
<jvwjgames> The Apache error log may have more information.
<jvwjgames> nevermind fixed it
<jvwjgames> :D
<jvwjgames> guys
<jvwjgames> look
<jvwjgames> https://www.ssllabs.com/ssltest/analyze.html?d=jvwjgames.net
<jvwjgames> joren: look
<jvwjgames> teward: look
<joren> Congrats
<jvwjgames> i had tones of cipher settings in diffrent places i commented them out and put the chiper settings in apache.conf and it worked
<teward> jvwjgames: your OCSP is borked, but i think that's Comodo's fault
<joren> you're getting allot less cipher suite mismatches than me
<jvwjgames> i am
<jvwjgames> hmmm
<joren> I think it's a good thing ;)
<jvwjgames> thanks for your help guys
<joren> Anyone know if there SSLCertificateChainFile thing is supposed to take care of missing local ca certs? I started investigating the server I have access to that's failing wget but  ssl labs certainly isn't telling me there are any issues
#ubuntu-server 2015-04-10
<YamakasY> morning anyone running percona 5.6 ? I have dependency issues with it
<lordievader> Good morning.
<ochoroch> lordievader: Good Morning ...
<lordievader> o/
<ochoroch> ;-) ...
<rbasak> kickinz1: looking at Docker now. Can I see the format-patch output or your git tree please? Is this up-to-date on docker-dev?
<kickinz1> rbasak, I think so let me check
<kickinz1> rbasak, docker-dev up-to-date
<LeMike> Hello . What do you do when a message comes in, that you send packages to a arbitrary control server? They only give you the source IP which is the firewall. That is like searching the needle in a haystack.
<lucidguy> Putting together an NFS server.  12x 6TB disks via raid controller/raid60.  XFS filessytem.  Will only serve as an NFS server, do I bother with anyont more then 8GB of ram?
<OpenTokix> lucidguy: That is more depended on the amount of clients
<lucidguy> Probably around 60 clients
<OpenTokix> Then 8G should be more then enough - however, the more ram you have - the more will get cached in ram
<OpenTokix> will speed up reads
<OpenTokix> I guess it wil be on 1Gbps?
<lucidguy> Yes.
<OpenTokix> more ram is always more ram for cache, but I think 8G will be sufficien t
<lucidguy> I agree
<patdk-wk> I would be more concerned about writes to the raid60
<patdk-wk> and our stripe size
<patdk-wk> to determine how much ram you need, overtop of your working set size
<rbasak> kickinz1: failed to build on powerpc: https://launchpadlibrarian.net/202757945/buildlog_ubuntu-vivid-powerpc.docker.io_1.5.0~dfsg1-1ubuntu1_BUILDING.txt.gz
<rbasak> I don't know if we care or not.
<kickinz1> rbasak: I don't know either.
<hallyn> stgraber: lxc in vivid still needs commit 89a4ec737e97fdf2856fda94b816875e98155c82
<excalibr> Upstart question again, why is it job with script stanza only eventually goes into stop/waiting state after being started?
<excalibr> while with pre/post-start, it remains in start/running and block further start invocation once started
<stgraber> hallyn: did you talk to wgrant? he pinged me about that very issue last night :)
<stgraber> hallyn: anyway, I plan on tagging 1.1.2 today which will include this
<Voyage> HI
<Ameurux> hello
<hallyn> stgraber: no, i was just checking to see if my running-in-container update fully fixed nested lxc
<hallyn> excellent, thx
<strikov> rbasak: https://bugs.launchpad.net/ubuntu/trusty/+source/openldap/+bug/1103353
<strikov> rbasak: won't fix it please
<strikov> rbasak: issues mention at #19 seems to happen only when you install this package over your own one built against openssl not gnutls
<strikov> rbasak: which means that my point at #18 is still valid
<rbasak> strikov: done
<strikov> rbasak: tnx
<strikov> rbasak: i'll put a final note there in a minute
<strikov> rbasak: ah, you put one already, thanks!
<rbasak> :)
<lucidguy> Raid question.  12 disk raid10 array.  Technically I can lose a total of 6 disks and the array will stay online.  What if I loose two disks of the same pair?  Array is gone?
<teward> stupid question, and I think rbasak and sarnold may want to weigh in, but would anyone hate me if I made a catch-all bug for "Can I get somemodule added to nginx?" (where somemodule is any module the community wants)
<teward> (it'd apply to my ppas project where I do bugtracking on the staging PPAs, the nginx project on LP, and the Ubuntu package)
<teward> the only reason I asked is because I've seen this request a thousand times in my email or in Debian, and want a catchall down here that says Debian should include it first, or at least get a voice
<teward> (same idea of including a new package somewhere, in that it's easier to get it into Ubuntu via Debian)
<rbasak> teward: sounds like you actually want an FAQ entry or template standard response instead of a bug itself?
<rbasak> teward: I don't think anybody will object if you manage nginx bugs how you please though. We appreciate that you do look after them.
<gQuigs> is there a way to get changelogs from the ubuntu cloud archive without installing it?  (like packages.ubuntu.com or launchpad ppas)
<teward> rbasak: considering the number of feature reqs in Debian, yes.
<teward> rbasak: I should set up a wiki page for NGINX xD
<rbasak> gQuigs: I think they're managed in bzr somewhere? If so you could find that in a browser somewhere. I don't know where that might be though. Does Vcs-Browser point to anything on an installed package?
<teward> rbasak: the big idea here is we don't want to *increase* the delta between debian and Ubuntu, so... since i see the requests *way* too often, thought I'd preempt em.
<teward> rbasak: done though :)
<mpanetta> Hey peeps, quick question.  My google foo has failed me on this one, so hopefully someone can help...
<mpanetta> I have a question that google is failing me on...  How do I have 2 separate DHCP configured interfaces (eth0, eth1) and only set the resolv.conf entries for eth0?
<mpanetta> eth1 keeps overwriting resolv.conf when it comes up, with info that is not valid :(
<sarnold> mpanetta: maybe uninstall resolvconf and manage it yourself?
<mpanetta> I don't seem to have resolveconf installed.  At least the dir does not exist in /etc
<concord> Just upgraded a VM server to v15.04 and VMware tools doesn't seem to like systemd.  Install is failing.  Any tricks?
<sarnold> mpanetta: check dpkg -l resolvconf
<mpanetta> sarnold: says un, so not installed
<sarnold> mpanetta: aha
<mpanetta> hmm, I think dhclient may be editing it for me?
<mpanetta> I could chatrr it +i I suppose
<mpanetta> er chattr
<mpanetta> Seems kinda like a hack tho
<teward> in theory you could set dns-nameservers for both interfaces in /etc/network/interfaces to be the DNS servers you want... but, no guarantee.
<teward> i'd test but i have to finish updating my VM labs :p
<mpanetta> teward: Yeah, it seems to ignore that
<sarnold> there may be a way in /etc/network/services to set what you like.. I've never had to fight this one though, I'm running short o nideas fast
<teward> mpanetta: which release is this
<teward> 14.04? etc.
<mpanetta> I've read that I can disable the dhclient from requesting that info, maybe that will help...
<mpanetta> teward: Yes 14.04
<sarnold> I know that the protocol allows it, whether the config files make it easy is another matter :)
<mpanetta> Actually let me try that...
<mpanetta> sarnold: We are about to find out ;)
<mdeslaur> My guess would be to list the specific interfaces in their own section in /etc/dhcp/dhclient.conf
<mdeslaur> and not request  domain-name-servers for the interface you don't want
<concord> Ubuntu server has switched to systemd, no?  Now I'm unable to install vmware-tools.  Getting the following error: "initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused"  Any help?
<mdeslaur> or, alternatively, just add a global "prepend domain-name-servers 8.8.8.8;" in there
<mpanetta> Woop ok removing dns-servers and so forth from the request line in dhclient.conf fixed it
<sarnold> concord: please file a bug against the vmware-tools package, add the systemd-boot tag to the bug
<mpanetta> teward: sarnold mdeslaur: thanks for the help!
<concord> sarnold: this is a package from vmware, not an ubuntu package
<concord> I'm trying to install in server v.15.04
<sarnold> concord: hunh, I thought it was in our archive these days
<concord> Yea?
<concord> Hmmmmm
<sarnold> concord: Y
<sarnold> concord: https://launchpad.net/ubuntu/+source/open-vm-tools
<concord> sarnold: I will give that a try, this is vSphere 5.0.0, shouldn't matter?
<sarnold> concord: sorry, no idea there
<concord> sarnold: thank you!
<sarnold> concord: if it doesn't work out and vmware doesn't get around to fixing it soon enough, I think upstart will still be available as a fallback https://wiki.ubuntu.com/SystemdForUpstartUsers#Switching_init_systems
<teward> sarnold: concord: vmware-tools i think won't build under the later kernels in 14.10 and later
<teward> although they updated vmware-tools lately from the vmware tools ISO, and I haven't tested since
<teward> open-vm-tools should work for most of the functions otherwise though
<concord> teward: sarnold: I have installed the package and vCenter reports that HA is up and running, although it does clearly say that vmware tools are "3rd-Party/Independent" and not genuine VMware so I'm guessing support is out the window. But hey ... that's what you guys are for!
<concord> :)
<sarnold> concord: interesting, they asked for the packages to be moved to main..
#ubuntu-server 2015-04-11
<karlhewer> need som advise plz
<karlhewer> Is this the right place to get some advise?
<karlhewer> Just need to chat with a server wiz for 2 mins
<bekks> Starting to ask your actual question would be a good beginning :)
<karlhewer> Ahh
<karlhewer> Rite o
<karlhewer> Just want to know if sharing folders, files from my server to wan pcs
<karlhewer> Is the best way to go about this with openvpn and samba?
<karlhewer> Or is there a standard way that is preferd
<bekks> "wan pcs" are Windows clients only?
<karlhewer> Sorry
<karlhewer> Over the internet
<lordievader> Good morning.
<karlhewer> google has all the answersi know but there is conflicting answers
<bekks> "wan pcs" are Windows clients only?
<karlhewer> i want to be able to share my folders n files from my server to friends pc's over the internet
<karlhewer> Im doing it localy through samba
<lordievader> karlhewer: You'd do good in answering bekks question.
<karlhewer> oh thats a question
<karlhewer> Lan = local area network, wan = network over the world wide web
<karlhewer> I think
<bekks> The question mark indicates a question, yes.
<bekks> Are the wan computers Windows clients, or smart phones, or whatever?
<bekks> I do know what a WAN is.
<karlhewer> Oh
<lordievader> I don't think the question was about the wan part, but about the Windows part.
<karlhewer> Mainly windows clients
<bekks> Mainly?
<karlhewer> Smart phones will be local only
<bekks> What are the other WAN clients?
<karlhewer> Most of the clients will be windows at friends houses
<bekks> What are the other WAN clients?
<karlhewer> Other clients will be android os
<karlhewer> Maybe apple phones but i dont care about them as long as windows and android can see my server shares from wan ill be happy
<lordievader> I'd say ipsec + samba.
<karlhewer> Ok would that still be the best option if i was creating a openvpn anyway
<lordievader> Not sure if openvpn supports tunneling samba. Openvpn is application layer.
<karlhewer> Ok thats what i was unsure about
<karlhewer> anyone else got any veiws on how i should set this up
<karlhewer> Would u experts say its ok to run samba through openvpn to wan windows clients
<karlhewer> Or is there a much better way
<lordievader> I get the feeling it won't work. But please do investigate.
<maxb> I don't see why it couldn't work, but CIFS + WAN == Horribly Slow, usually
<karlhewer> Slow.... how much slower
<karlhewer> what is the common practise to share folders through wan, while still being mounted on the windows network tree at boot
<maxb> In my experience it's *highly* dependent on the latency between client and server
<maxb> My common practice is to not use Windows :-)
<karlhewer> Ikr
<karlhewer> I would dedicate my home to linux if the game suport was there.. and my friends are to lazy to learn a new os
<maxb> You can probably get CIFS to work OK within a country, provided the client's internet connection isn't too terrible.
<maxb> Transatlantic CIFS however, will be nasty
<karlhewer> we all have fibre internet and gigabyte lans
<karlhewer> And small country, new zealand
<StathisA> good evening...this cron job does not start: "/usr/bin/rsnapshot hourly >> /home/user/detailed_logs/hourly_$(date +%Y%m%d_%H%M%S).log 2>&1". I suspect its because the "space" between "date" and "+"...is there another way to do it so that it runs? - this works fin in the cli, but in cron it does not start
<lordievader> StathisA: What does the logs say about it?
<StathisA> var/log/syslog: CRON[1386]: (root) CMD (   /usr/bin/rsnapshot hourly >> /home/st4t1c/detailed_logs/hourly_$(date +)
<StathisA> just that
<StathisA> no errors
<lordievader> The file is not created?
<lordievader> Ah, that command misses things ;)
<StathisA> yes
<StathisA> the command in the cron job is full and working in the cli
<lordievader> StathisA: What I mean is the command in the logs is missing things. That is likely your problem.
<StathisA> but somehow when the time comes, cron cannot "read" it fully, and i suspect it "stops" in the "(date +" portion
<lordievader> Likely lack of escapes.
<lordievader> Try "/usr/bin/rsnapshot hourly >> /home/user/detailed_logs/hourly_$(date '+%Y%m%d_%H%M%S').log 2>&1" as a start.
<StathisA> let me try that, thanks
<StathisA> " CRON[1554]: (root) CMD (   /usr/bin/rsnapshot hourly >> /home/user/detailed_logs/hourly_$(date '+)"
<StathisA> not files yet
<StathisA> no*
<lordievader> Escape the '%', then.
<StathisA> like how?
<lordievader> \%
<StathisA> hmmm
<StathisA> with or without single quotes?
<StathisA> how can this work in shell and not in cron..:-S
<lordievader> Likely different parsings.
<StathisA> CRON[1586]: (root) CMD (   /usr/bin/rsnapshot hourly >> /home/user/detailed_logs/hourly_$(date '+%Y)
<StathisA> thats the syslog with \%
<lordievader> Err, how does the script look like now?
<StathisA> "/usr/bin/rsnapshot daily >> home/user/detailed_logs/daily_$(date '+\%Y%m%d_%H%M%S').log 2>&1"
<lordievader> Yeah, I ment escape all the %'s.
<StathisA> ok i'll try, doh ><
<StathisA> heh, it started now ><
<StathisA> thanks a lot!
<lordievader> ;)
<SuperMX> Hello everyone, I recently have a problem with my ubuntu 14.04 server, now i was able to narrow the problem down
<SuperMX> i always shut down the server by just tipping the power off key, but the next time I try to turn it on again there are just points oon the screen and even the bootloader doesn't start
<SuperMX> so its it either because there is a problem in the poweroff procedure or it's because of the FAT32 filesystem (it's a quite old computer)
<SuperMX> ok, now i just typed in "poweroff" and then started it again, this doesn't work either
<SuperMX> in then always use a live cd to fsck the /dev/sda
<Overand> Does anyone have ideas on the 'right' way to set the umask for the 'backup' user?  that user uses /var/backups as home, /bin/sh as shell
<pmatulis> Overand: tell the user's shell what umask to use
#ubuntu-server 2015-04-12
<jvwjgames> Hi how do i make a python program continue to run even after i close the console
<sarnold> jvwjgames: a few ways, use screen or tmux if you want to come back to it later, perhaps from another terminal or ssh/mosh session
<sarnold> jvwjgames: you could use nohup /path/to/program.py &  -- which willbackgronud it and tell it to ignore the HUP signal that would be sent to it when the shell dies
<jvwjgames> ok
<sarnold> jvwjgames: you could convert the program to run as a daemon, thuogh that takes some real work
<sarnold> jvwjgames: or youj could run it via cron or upstart or something
<jvwjgames> ok
<jvwjgames> cause it is an irc bot used only for my irc server i have hosted on my servers
<jvwjgames> and it is annoying to see the irc bot on the channel then i close the shell and then have it say jvwjgames-bot (~willie@127.0.0.1) has quit IRC (Quit: bye.)
<sarnold> jvwjgames: since it's a service you want running all the time, I'd suggest the upstart job then :)
<sarnold> http://upstart.ubuntu.com/cookbook/
<dasjoe> I'd probably just launch it in a tmux, or simply nohup it
<jvwjgames> hmm
<jvwjgames> i installed willie but can't find it
<jvwjgames> and yes i used locate but no resultes
<sarnold> locate's database is only updated at 4am or something uless you run a manual updatedb ...
<sarnold> if you installed willie via dpkg, dpkg -S willie ought to help
<jvwjgames> found it thanks
<jvwjgames> but i looked in the directory that it siad it was in but it is not there but i can still access it
<jvwjgames> it might be because it is .willie
<sarnold> ls -a
<jvwjgames> is there a way to use nohup but run it as a non root user
<jvwjgames> Error: Do not run Willie with root privileges.
<sarnold> jvwjgames: nohup writes the output from the command you run to a file named nohup.out in the current working directory
<jvwjgames> ok
<sarnold> jvwjgames: so you need to either (a) fix the ermissions in the current working directory or (b) change the current working directory to where you want the log written and permissions will make sense
<jvwjgames> ok
<jvwjgames> also with nohup will it also ignore crt +c
<sarnold> right, the process is no longer attached to a terminal
<jvwjgames> hmm well it didn't work
<jvwjgames>  nevermind fixed it
<jvwjgames> sarnold: can i pm you
<sarnold> jvwjgames: I'm leaving in about five minutes.. channel would be best, that waysomeone else can pick up when I leave
<jvwjgames> ok
<jvwjgames> i was going to have you connect to my irc server really quick but i can do it later
<sarnold> aha :) good luck testing it jvwjgames :)
<jvwjgames> is there a way to make a user have write privlages on a dir that is already owned by root
<jvwjgames> hmm i need help with something else
<jvwjgames> qwebirc requires twisted (at least 8.2.0), see http://twistedmatrix.com/
<jvwjgames> python-twisted is already the newest version.
<jvwjgames> python-twisted-bin is already the newest version.
<jvwjgames> python-twisted-core is already the newest version.
<jvwjgames> python-twisted-mail is already the newest version.
<jvwjgames> python-twisted-names is already the newest version.
<jvwjgames> python-twisted-runner is already the newest version.
<jvwjgames> python-twisted-web is already the newest version.
<jvwjgames> python-twisted-words is already the newest version.
<Power_Super> Hi on a server lets say one of the cgi scripts uses a csv file to read / write some data, where should this csv file be
<Power_Super> in the same place as the index.html etc or in cgi-bin
<jvwjgames> sarnold: you there]
<delinquentme> at current /mnt is owned only by root ... will it mess things up if I add additional users who can write to this ?
<neosilver-gk> hallo
<neosilver-gk> I've get a problem with my Teamspeak 3 movement to a new vServer. The installation was fine and without any error, but ca. 25 minutes after starting the server it crashes and write just a small error in the apport.log .
<lordievader> Good morning.
<Exagone313> Hello, I try to install "awesome" on Ubuntu server. First, I installed the package awesome, and after reboot I had a tty. So I installed lightdm, reboot, and I see the GUI of Unity connection, and when I write my password, it says "failed to start session". Also, I've a resolution problem that I didn't have before installing lightdm, both on tty and lightdm interface. My screen is like...
<Exagone313> ..."zoomed". What can I do? Thanks for helping.
<lordievader> Blegh, a gui on a server.
<lordievader> Exagone313: Anyhow, what videocard/driver do you use?
<Exagone313> it's not a server
<lordievader> Exagone313: Then I suppose your question is more fruitfull in #ubuntu.
<Exagone313> AMD RADEON HD 6450	
<Exagone313> and the processor is an i3
<Exagone313> they sent me here
<lordievader> That is odd. Server guys hang around in here. They usually dislike desktops...
<lordievader> Exagone313: What driver are you running though?
<Exagone313> the default one
<Exagone313> it's a fresh install
<Exagone313> I just installed awesome and lightdm packages
<Exagone313> I restart, I remove lightdm to install only lightdm-gtk-greeter, maybe it will work
<lordievader> Exagone313: You do get lightdm?
<Exagone313> it appears, yes, but I can't log in it
<Exagone313> within it
<Exagone313> "failed to start session"
<lordievader> Right, that is a Unity problem (or lightdm). Really has nothing to do with Ubuntu Server.
<Exagone313> I don't want to install unity, that's the point
<lordievader> And since I know nothing about Unity I cannot help you.
<Exagone313> I want to install awesome
<lordievader> Then it is a problem there. Still not with Ubuntu Server.
<lordievader> For a hint on the problem, check the logs.
<nszceta> what do you guys use to host personal repositories of your own custom packages?
<nszceta> ? https://help.ubuntu.com/community/Repositories/Personal
<jvwjgames> sarnold: Hi how are you
<Crossfire0mega> anyone know anything about Ubuntu MAAS server?
#ubuntu-server 2016-04-11
<conrmahr> What's a good BT service for Trusty?
<conrmahr> I've installed Transmission.
<inteus> I use rtorrent
<conrmahr> inteus: What's your permissions on the temp and download folders
<conrmahr> i'm having problems with Transmission-daemon and permission denied errors
<inteus> 775
<inteus> that way the user and group can write and execute
<conrmahr> which user do you have set for the directory?
<inteus> it doesn't matter as long as the rtorrent user is in the same group
<conrmahr> what if you want other users to be able to r/w those folders?
<inteus> so I have a seperate user for rtorrent, but the temp and download folders are owned by another user
<conrmahr> like plex and samba
<inteus> as long as they're in the same groups 775 will work
<conrmahr> how can i check who's in what group?
<conrmahr> i probably need to make a "share" group or something and throw all the users in there, right?
<inteus> "groups <username>"
<inteus> yeah. I think I named mine "media" or something like that
<inteus> I don't have much experience with transmission though
<conrmahr> well I'm pretty sure it's because i've messed up the user:group directory settings
<inteus> heh
<conrmahr> probably has nothing to do with transmission
<conrmahr> also is this correct to change all files/folders to 755
<inteus> as long as tranmission can write to the dir and plex can read the dir you should be good
<inteus> yeah
<conrmahr> $sudo chmod -R 0755 /data
<inteus> chmod -R 755 data/
<inteus> chmod -R 755 /dir/
<conrmahr> should i do that first or chown?
<inteus> shouldn't matter which you do first
<inteus> Hope that helps. I gotta run. :)
<conrmahr> it has
<conrmahr> Still can't get transmission to work.
<conrmahr> *sad trombone*
<sivir> whats wrong with your transmission
<sivir> ah was just while back, I can try to help u with that as soon as I get on my pc
<conrmahr> permissions errors
<conrmahr> Error: Permssion denied
<conrmahr> sivir: where did you go?
<lordievader> Good morning.
<cpaelzer> jamespage: as a heads up while the old openvswitch-dpdk crash with too much vhost_user ports issn't fixed I found another one when attaching more than 20 active ports
<cpaelzer> jamespage: could be the same with the fd's >1023 but not sure yet
<cpaelzer> jamespage: so far just FYI, you will see a bugpop up in case I can't identify a setup issue in my side
<jamespage> cpaelzer, thanks for the headsup
<jamespage> cpaelzer, hey in other news: I got openstack running under lxd on the s390x - instances booting and networked+++
<cpaelzer> jamespage: you're a pro - great
<cpaelzer> well you literally are so that might not be praise I intended :-/
<jamespage> cpaelzer, I needed rharper to point out I was trying to boot an amd64 image - and then it was all good...
<cpaelzer> jamespage: oh really such a complex thing
<jamespage> cpaelzer, well there where a few other niggles
<mwhudson> jamespage: file a bug on qemu-x86-static!
<jamespage> but nothing major
<cpaelzer> jamespage: I'm sure
<cpaelzer> jamespage: but that means you can do your deploy without real 2nd level virt
<cpaelzer> that should save time and space
<jamespage> cpaelzer, well its a useful benchmark for now
<jamespage> cpaelzer, really need to test multi-unit
<jamespage> cpaelzer, manual provider is an option but not something we can automate usefully for CI...
<jamespage> usefully/easily...
<cpaelzer> jamespage: have you decided on the vhost_user socket permission thing - will it become a libvirt solution?
<jamespage> cpaelzer, I don't think final solution is decided yet but I can work-around for the time-being
<jamespage> cpaelzer, I'd really like libvirt to fix the socket permissions in the same way it fixes disk image perms
<frickler> jamespage: found another one in the vaults: https://bugs.launchpad.net/ubuntu/+source/erlang/+bug/1374109 still affects xenial, our hardening team would be very happy if we could get that fixed
<ubottu> Launchpad bug 1374109 in erlang (Ubuntu) "epmd does not support binding to an IPv4 address anymore" [High,Confirmed]
<jamespage> frickler, oh that is a tricky one...
 * jamespage looks again at that
<jamespage> frickler, realistically that's not going to get resolved before 16.04 release IMHO
<jamespage> there is a proposed patch kicking around upstream, but AFAICT that's not been accepted and changes the command line options...
<jamespage> if I backout the change that enables IPv6 support, I break a whole other subset of users in a very hard way...
<jamespage> frickler, I understand the position of your hardening team; my only suggestion is to iptables disable access on interfaces that you don't want enabled...
<frickler> jamespage: I certainly would not advocate disabling IPv6 on anything
<jamespage> frickler, the correct fix is probably the one kicking around as a patch, but I'm reticient to pull that into Ubuntu until its been agreed that's the right way forward...
<frickler> jamespage: understood, so I'll try so find out what's been happening upstream and maybe get something moving there
<jamespage> frickler, yeah - I'll nudge the server team on trying to get some motion on that as well
<frickler> jamespage: great, thx
<jamespage> frickler, btw are you going to the austin summit?
<frickler> jamespage: no, last one I did was vancouver
<sbv> guys, at the moment openstack-install script is incompatible with MAAS 2.0 due to api 1.0 being deprecated
<sbv> does anyone know if this going to be fixed anytime soon please?
<jamespage> ddellav, coreycb: I got fed up testing old swift in xenial so I fixed the autopkgtest failure and uploaded...
<jamespage> changes pushed to git
<coreycb> jamespage, thanks
<Capprentice> How much CPU will LM-SENSORS consume if I run them on a CACHING server to monitor CPU and MB temp via SNMP ?
<pmatulis> morning
<jamespage> coreycb, smoke testing mitaka-staging with mind to a promotion to -proposed
<coreycb> jamespage, cool
<jamespage> coreycb, ddellav: mitaka-staging smoke tested OK - promoting to -proposed and then onto -updates
<coreycb> jamespage, sounds good thank you
<paulp234> anyone here?
<Pici> maybe
<ddellav> jamespage ok great, thanks
<wunderhacker> hello , i am trying to install wordpress based on this guide https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-ubuntu-14-04 and i did everything and its still showing the default Apache page please help
<teward> wunderhacker: make sure to torch your browser cacne
<teward> cache*
<teward> because that tends to be the evil thing that causes this to be seen
<wunderhacker> ok thanks
<teward> though, I suggest using a different doc root than /var/www/html; maybe a 'wordpress' subfolder in there, given the evils I have seen with some webserver packages messing with the docroot poorly
<teward> and then adjust Apache accordingly
<wunderhacker> ok
<teward> wunderhacker: but at the very least, erase your browser cache and try again ;)  that usually is the cause for evils like what you described
<wunderhacker> ok, i fixed it problem was forgot to delete the default index.html file. thanks!
<hallyn> pmatulis: https://jujucharms.com/docs/master/config-LXD - it probably tells me right in there, but which version of juju do i need to instal lfor that to work?
<hallyn> cause the juju bootstrap command is saying it doesn't know --config
<pmatulis> hallyn: hi
<pmatulis> hallyn: looking
<pmatulis> hallyn: are you using ppa:juju/devel ?
<hallyn> pmatulis: nope.  i'm on xenial
<pmatulis> hallyn: better use it
<pmatulis> hallyn: what does 'juju --version' say?
<hallyn> pmatulis: 1.25.0-xenial-amd64
<pmatulis> hallyn: eww, best use the PPA
<pmatulis> it's at 2.0-beta3
<hallyn> pmatulis: ok, yeah i *thought*i should have 2.0.  thx
<hallyn> pmatulis: can you add that to that doc?
<pmatulis> hallyn: it's not a juju install doc but more a how-to-configure-lxd to work with already installed juju
<devster31> any elegant way to make this: sed '/^[#;]/ d' | sed '/^\s*$/ d' | sed '/^remote/ d' a single command?
<pmatulis> hallyn: this quickstar/getting-started is best for new users: https://jujucharms.com/docs/devel/getting-started
<hallyn> pmatulis: ..  may be, but it's what google sent me when i looked up 'juju lxd'
<sdeziel> devster31: sed '/^\([#;]\|\s*$\|remote\)/ d' ?
<hallyn> devster31: or just sed -e 'cmd1' -e 'cmd2' -e 'cmd' ...
<sdeziel> that works or you can use: sed 'cmd1; cmd2; cmd3'
<devster31> thanks, they all work
<hallyn> a veritable menu of options
<hallyn> pmatulis: with that ppa i still have 1.25
<hallyn> oh, juju2
<pmatulis> hallyn: no end to the pitfalls huh? ;)
<hallyn> pmatulis: yeah, but also the doc says use 'juju bootstrap' but i have to use 'juju2 bootstrap'
<hallyn> i assume that's temporary
<pmatulis> hallyn: ha, weird, update-alternatives
<hallyn> and then i had to install lxc1, but that's even more temporary
<pmatulis> hallyn: afaik, more pitfalls await you with using juju+lxd
<pmatulis> hallyn: unless stuff is fixed i had to remove lxc1 (and any deps), edit /etc/default/lxd-bridge, and dpkg-reconfigure lxd (and point to that briddge)
<pmatulis> i reverted to lxcbr0
<pmatulis> i'm pretty sure i had to throw in 'sudo systemctl stop lxd-bridge.service && sudo systemctl restart lxd.service' somewhere
<pmatulis> hallyn: do you know why my fresh Xenial LXD host does not boot properly (some network issue) after having simply done 'lxc launch ubuntu:' ?
<hallyn> pmatulis: ...  no ...  you're saying the *host* does not reboot after that?
<pmatulis> hallyn: right. this happened to me last week. consistently. it happened again. i figured it would work itself out but evidently not
<pmatulis> i know there were some juju lxd problems and i figured a lot was in flux so didn't keep digging
<pmatulis> hallyn: basically it looks like the host's network interface doesn't come up properly
<hallyn> pmatulis: how does it fail?  does it hang for 2 minutes waiting for auto interfaces?
<pmatulis> hallyn: it might be easier for you to just try it out. new xenial instance + the lxc launch command
<hallyn> ugh shoulda done that on a local kvm rather than a remote openstack instance
<dmsimard> smoser: heya, re: http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/revision/1189?start_revid=1189
<dmsimard> smoser: I'm really interested in a rhel-compatible implementation of that network_data.json support
<dmsimard> Is it in the pipe yet? :)
<pmatulis> hallyn: did you reproduce it?
<hallyn> pmatulis: bug 1569064
<ubottu> bug 1569064 in systemd (Ubuntu) "systemctl wants to configure interfaces it shouldn't (lxdbr0)" [Undecided,New] https://launchpad.net/bugs/1569064
<pmatulis> hallyn: ok then, i'm not going mad
<hallyn> pmatulis: no, but odd that i can't reproduce it even with multi-core local kvm guest
<pmatulis> hallyn: ok, so just with o/s instances?
<hallyn> yeah.  i assume that's spurious....  though maybe not
<hallyn> i'm hoping pitti has some insight
<jvwjgames> I am trying to get a serial connection over Bluetooth to work but it is timing out
<jvwjgames> The server pairs with my phone but then unpairs
<jvwjgames> After a few seconds
<jvwjgames> Anyone know why
<sarnold> you may have better luck in #ubuntu
<jvwjgames> Ya but this is a server I am on
<sarnold> sure, but server people don't usually do bluetooth things. you'll find more knowledgable people in desktopland.
<jvwjgames> Ok
<jvwjgames> Thanks
<sarnold> good luck :D
<hallyn> pmatulis: stgraber: d'oh!.  in the case where it fails lxdbr0 does have an ipv4 address
<hallyn> in the case where it boots, it does not
<stgraber> hallyn: does that IP conflict with any other subnet on that host?
<hallyn> stgraber: i don't think so....
<hallyn> nothing responds
<hallyn> adding an ipv4 address to the uvt-kvm vm doesn't make it fail still though
<pmatulis> hallyn: do you have access to Horizon? if you set a password (sudo passwd ubuntu) before you can get a console
<pmatulis> *before reboot
<hallyn> hm, i'm not sure whether i do.  i'll check
#ubuntu-server 2016-04-12
<hallyn> pmatulis: no, i should be able to, but it just doesn't seem to work.
<cpaelzer> rbasak: you might still be asleep, but if I would thank you just once every 100 times I'm happy about uvt I'd still call you twice a week
<cpaelzer> rbasak: big thanks for that tool
<rbasak> cpaelzer: np. I need to find some time to polish it up :-(
<lordievader> Good morning.
<stemid> 25G     /var/log/lastlog on a server installed 3 months ago, one local user.
<stemid> wtf
<stemid> just running last gives me 467 lines
<stemid> it's an ubuntu 14.04 acting as a galera arbitrator.
<stemid> and this has nothing to do with sparse files, it actually uses 25607496 kB on disk.
<pmatulis> hallyn: weird. i got one on my cloud but the thing eventually froze up
<pmatulis> stemid: sounds like a party
<pmatulis> hallyn: lemme know if i can help debug
<smoser> dmsimard, join #cloud-init and ping harlowja. he might be persuaded to do so. also spandhe might be able to.
<DammitJim> for the version of tomcat7 that installs from Ubuntu repos... what causes the catalina.out to be rolled over to catalina.out.1?
<dmsimard> smoser: thanks
<hallyn> pmatulis: smoser: i'm sort of wondering whether cloud-init+systemd+lxd-bridge are having a bad interaction
<hallyn> but i've made no progress :(
<smoser> hallyn, well, probably not wrt the no_seed that you foun
<hallyn> smoser: no, those are mutually exclusive
<hallyn> but both uvt-kvm and openstack are using xenial cloud images, but in one i get networking hang (nova) and the other boots fine (uvt-kvm) with a lxd container running
<SaltySolomon> Hi
<Blueking> any good with dual xeon configuration for home use, fileserver. vpn , multistream videos to 5-6 pc's in house +++
<patdk-wk> that sounds like you need a really really fast drive array, or ssd
<madwizard> You could try zfs mirrors with ssd as l2arc
<madwizard> the second level cache
<madwizard> since its xenial
<madwizard> Although for 6 pcs l2arc may be an overkill
<qman__> yeah, l2arc won't help much with streaming either unless they're streaming the same content
<qman__> more, faster drives will do better
<sdeziel> l2arc doesn't use mirrored drives
<Blueking> patdk-lap  I have hardware raid card
<madwizard> sdeziel: uhm?
<madwizard> sdeziel: Explain
<sdeziel> the l2arc is made to sustain the loss of any drive without issue
<madwizard> sdeziel: l2arc is a cache
<qman__> he didn't say mirror the l2arc
<madwizard> Also
<qman__> he said use drives in mirrored configuration and add l2arc
<madwizard> You *can* mirror l2arc
<madwizard> Depends on usecase
<madwizard> But fast drives set up as mirror vdevs would do the trick
<qman__> yeah
<Blueking> people talk about VM is it about virtual sumthin ?
<qman__> my file server has 30 WD Red drives in mirrored ZFS configuration and has no trouble saturating gigabit reads
<madwizard> Blueking: VM is usually a Virtual Machine
<qman__> 20*
<madwizard> qman__: Nice
<sdeziel> madwizard: yes I nkow that l2arc is a cache and that's exactly why mirroring it would be odd
<Blueking> people uses vm for homeuse ?
<madwizard> sdeziel: I've seen such deployments
<qman__> writes are slower, varies by compression but usually around 35MB/s
<qman__> but I'm also using dm-crypt and old Opteron CPUs
<madwizard> qman__: writes to zfs mirrors are slower. Visibility depends on hardware and workload, yes
<sdeziel> madwizard: sounds like a waste of SSD/speed
<qman__> without the encryption I'd expect it to go full speed
<jrwren> its pretty easy to saturate gigabit reads on sequential IO. :p
<qman__> 4 cores without AES accelleration definitely limits performance
<madwizard> sdeziel: Some customers want to keep having hot cache despite ssd failure
<madwizard> sdeziel: All depends on your business case
<sdeziel> madwizard: true. I didn't know it was possible to set it up like that. Thanks
<madwizard> np
<madwizard> I suspect it's a rare case
<sdeziel> madwizard: man 8 zpool needs an update then. It clearly states that "cache" devices cannot be mirrored or part of raidz
<madwizard> sdeziel: Hm. Or the functionality was removed.
<madwizard> sdeziel: I wonder if I still have a vm where I can test
<sdeziel> madwizard: my SSD buget doesn't even allow me to consider such setup anyways ;)
<madwizard> Oooorrrr
<madwizard> I might be mistaken after all
<madwizard> sdeziel: I would try it on files :)
<madwizard> sdeziel: You don't need ssds to test a command
<sdeziel> madwizard: I know but I was saying I won't even need to have redundant SSD backed caches
<qman__> it really wouldn't make sense with SSDs, since they fail after a certain amount of writes
<patdk-wk> l2arc won't help at all for streaming workloads
<qman__> they're more likely than HDDs to fail simultaneously given the same load
<patdk-wk> it's unlikely that data will even move from arc to l2arc
<madwizard> patdk-wk: Yeah, come to think of it
<patdk-wk> it will be very hit and miss
<patdk-wk> but the issue with multible streaming workloads is, it becomes really really random
<patdk-wk> cause it constantly has to keep seeking
<madwizard> Poor, poor read thread :(
<qman__> yeah, the best solution for that is just a bigger raid 10 / zfs mirror setup
<madwizard> Can't find what it's looking for, constantly seeking
<patdk-wk> and raidz will NOT help
<qman__> or going all SSD
<patdk-wk> raid5/6 can somewhat help
<madwizard> patdk-wk: What is the difference?
<patdk-wk> raidz has to read from ALL disks for each read
<patdk-wk> raid5/6 only read the disk needed, assuming stripe size is large enough
<madwizard> okay
<madwizard> thnx
<qman__> to see any advantage from that though, you generally need an expensive RAID card
<qman__> on cheap cards and software RAID the gains are slim
<qman__> and the problems with raid 5/6 far outweigh that benefit in my opinion
<patdk-wk> no, you can easily see an advantage without an expensive raid card
<patdk-wk> the expensive raid card causes the advantage only when doing writes, when you have bbwc
<patdk-wk> for reads the advantage will be there, anyway you look at it
<patdk-wk> just you get no protection on reads, like you would have using zfs
<teward> jgrimm: you asked for an update?
<teward> i apologize for not speaking up earlier - internet evils are evil
<jgrimm> teward, i was just giving you an opportunity since I saw you had joined the meeting.
<teward> jgrimm: not for lack of trying, Internet came back but died again
<teward> jgrimm: nothing other than 1.9.14 landing finally
<teward> with HTTP/2 enabled
<jgrimm> no worries. thanks!!
<teward> yep
<max3> can someone help me out? no matter what i do i cannot get ldap to start. it keeps throwing 570d37b7 main: TLS init def ctx failed: -1
<max3> i've tried all sorts of permissions schemes on the ssl certs
<sarnold> max3: is there anything else more informative in the logs?
<max3> nope
<max3> just the memory address of the call
<max3> 570d37b7 main: TLS init def ctx failed: -1
<max3> from googling around it's apparent this is because of permissions on the certs
<tarpman> max3: that is one possible cause, not the only one
<tarpman> max3: you could confirm with strace whether it's actually trying to open the cert file you expect, and what the return code from that is
<pmatulis> max3: you can also temporarily remove TLS and see
<max3> well when i comment out olcTLS*CertificateFile in cn\=config.ldif it starts
<max3> so smoking gun i think
<max3> although strace is a good idea
<tarpman> max3: as far as permissions, don't forget to consider the directories containing the certs, as well as the files themselves
<max3> i have
<max3> in fact it shouldn't be an issue because the error occurs even when i try to start slapd as root
<tarpman> right. likely not permissions, then
<tarpman> a couple of other stabs in the dark:
<tarpman> the private key needs to not be encrypted - i.e. no passphrase on it
<max3> as far as i can tell it's not
<tarpman> if you have an olcTLSCipherSuite setting, check that it's a valid gnutls priority string - and not e.g. an openssl ciphers string
<max3> no ciphersuite
<tarpman> sigh. pin-the-tail-on-the-tls-config-issue is no fun :|
<max3> yes
<sdeziel> max3: I'd check if the key matches the cert. I compare the modulus to be sure
<tarpman> yeah, worth checking that you can run gnutls-serv with the same cert and key and connect to it
<max3> i'm looking at strace output
<max3> just to test i put the ca cert in /tmp/
<max3> yet i get open("/tmp/cacert.pem", O_RDONLY)       = -1 ENOENT (No such file or directory)
<max3> but i also get open("/etc/pkcs11/pkcs11.conf", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) which i guess is from a package i have not installed
<patdk-wk> apparmor?
<max3> god damn it
<max3> indeed
<max3> i don't know how i missed that
<max3> in dmesg
<max3> lol it's clear as day
<max3> apparmor="DENIED" operation="open" profile="/usr/sbin/slapd" name="/tmp/gw-01-private.key"
<max3> lol
<max3> thanks patdk-lap
<max3> thanks patdk-wk
<sarnold> apaprmor shouldn't cause ENOENT errors
<max3> well
<max3> actually sarnold you're right. i'm still getting the same error in strace
<max3> i am le dumb
<fullstop> Hi all.  Where would be the right place to ask about the inclusion of a root certificate?  Does that fall more into debian-land?
<sarnold> fullstop: what's the goal?
<sarnold> fullstop: talking with mozilla may be quickest, iirc their certificate store is The Source for the ca-certificates package
<fullstop> sarnold: the certificate bundle does not contain StartSSL's extended validation root.
<fullstop> sarnold: it actually looks like mozilla's cert store does contain it.
<fullstop> in short, chrome/chromium on linux will never show a "green bar" for any startssl ev cert.
<fullstop> maybe I'm completely wrong here, but that's where I got after talking to chromium people.
<sarnold> fullstop: if you would, please https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+filebug  -- that'll get it to the right people
<sarnold> fullstop: bonus points if you can show it in the mozilla bundle :)
<fullstop> I'll try to dig that up.
<sarnold> fullstop: thanks!
<genii> Is there any way for a PXE server to know the architecture of a client machine so it can feed the correct binary for that platform?
<nacc> genii: yes, iirc, well, over dhcp there is
<genii> Documentation on the subject seems sparse
<nacc> pxe-system-type, iirc?
<nacc> genii: option pxe-system-type code 93 = unsigned integer 16;
<nacc> then, you can do, .e.g
<nacc> if option pxe-system-type = 00:06  for x86, 00:07 for x86_64
<nacc> genii: https://tools.ietf.org/html/rfc4578#section-2.1
<genii> Apologies on lag, work required me for a bit...
<nacc> genii: that only seems to cover the x86 family, though, do you need to do more architectures than that? not sure if, e.g., powerpc provides a differn value (should be debuggable)
<genii> PXE system is currently based on dnsmasq
<genii> nacc: Ideally one server for x86,x86-64, PPC, ARM, and MIPS
 * genii gets back to reading
<nacc> genii: ok, dnsmasq should be able to see the same option, i think
<nacc> genii: not sure if those other archs have appended to the above list in their pxe env, unofficially
<nacc> genii: iirc, power does something specific, but i can't reacall
<genii> Yeah, also PPC has little-endian and big-endian types
 * genii makes more coffee
<genii> Interesting, there seems to be an #isc-dhcp channel on Freenode
<nacc> genii: right, that's a good point
<nacc> genii: i don't believe the BE implementations support PXE, fwiw
<drab> hi, trying to install 1604 from pxe and getting an error about "kernel modules not found on mirror"
<drab> exactly the same as this guy: http://askubuntu.com/questions/754947/how-to-fix-no-kernel-modules-were-found
<drab> unfortunately no answer there, someone else is saying to be having the same problem installing from USB
<drab> so this doesn't seem to be pxe related, which indeed it shouldn't, the installation is well in progress
<drab> any thoughts?
<sarnold> drab: try hitting control+alt+ f2..f7 to see if there are more explanatory error messages on another terminal
<sarnold> drab: check also the logs, there may be more debugging info there
<ShaRose> Trying to get ulimit -n to work for all users, edited /etc/security/limits.conf to have * soft/hard nofile 200000 and /etc/pam.d/* to have session required pam_limits.so. Default is still 1024 soft and 4096 hard, UNLESS I go su $USER, after which it works.
<ShaRose> Trying to avoid adding su $USER to every script because I really, really shouldn't have to use that kind of a hack.
 * ShaRose is debating whether he should just shrug and add su $USER into /etc/profile :P
<ShaRose> well that at the whole 'enter your password' deal
<randymarsh9> ShaRose: if it's stupid and it works it ain't stupid
<randymarsh9> ;)
<ShaRose> it don't if the user has a password and it's in a script :P
<ratrace> ShaRose: not sure I understand your problem. If you log in as a user, do you see the limits you've set in limits.conf?
<ShaRose> no, I see the defaults: soft 1024, hard 4096.
<ratrace> how did you set up the limits.conf?
<ShaRose> sudo nano /etc/security/limits.conf, add the 2 lines at the end
<ratrace> yeah what two lines?
<ShaRose> (there aren't any files in /etc/security/limits.d)
<ShaRose> * soft nofile 200000 and * hard nofile 200000
<ShaRose> I've even spun up a ubuntu server install in a VM so that I didn't have to reboot my main server a bunch of times trying stuff, but it's not even working there
<ratrace> bummer.
<drab> sarnold: not much, syslog shows the same error
<drab> saying it can't find a suitable module for kernel 4.4.0-15
<drab> this has probably something to do with the fact it's a beta2, but I can't figure out what, after all it should still be valid
<ShaRose> yeah, kind of sucks to have a webserver that keels over with ~500 clients because it's hitting ulimit issues
<drab> since a final release hasn't happened yet
<ShaRose> (to be fair, it's only personal image hosting, but...)
<ratrace> ShaRose: which service?
<ShaRose> service?
<ratrace> nginx?
<ShaRose> oh, caddy
<ShaRose> testing it out
<ShaRose> nginx would have the same problems sadly
<sarnold> does the caddy initscript set ulimits? e.g. /etc/init.d/nginx has explicit ulimit support..
<ShaRose> right now I'm mitigating it by just having cloudflare turned on
<sarnold> .. and since it never uses authenication it'll never go through the PAM stack.
<ShaRose> actually, atm I'm using monit for it: testing server, so
<sarnold> does the monit initscript / upstart config / systemd unit file set ulimits?
<ShaRose> (I'm only REALLY avoiding shutting it down for znc tbh, I'm planning on wiping and restarting the entire thing when I get this last thing solved)
<ShaRose> no, but it's not just monit that's having the problem, I can log in as a non-root user over ssh and do ulimit -n and get back 1024
<ShaRose> in fact even logging in as root doesn't do it, but w/e
<ShaRose> problem SEEMS to be that logging in isn't going through pam, so it's not setting limits
<sarnold> it depends, sshd can be configured to use pam or to skip pam; by default on debian/ubuntu it's set to use pam
<ShaRose> yeah, checked that too, but even then a screen should go around that afaik
<ShaRose> ok so I looked through every single control file in pam.d, and unless it was obvious it isn't a user (common-password for example) I added or made sure that session required pam_limits.so was there
<ShaRose> and it SEEMS to have worked on my test machine
<ShaRose> I suppose let's test on the main one...
<ShaRose> Ok, so that's annoying. It seems it still doesn't work, even su.
<keithzg> Is it known that the daily builds for Xenial fail on the installation step? I've gotten it reliably a few daily builds in a row now. I see on the QA site that someone tested and had success with Beta 2 apparently, although that ISO isn't even available to download anymore
<keithzg> Note that I'm installing trying to use UEFI; gonna test legacy now.
#ubuntu-server 2016-04-13
<keithzg> ...or not; it won't even boot the installer then. Hrmm.
<hallyn> pmatulis: hey - that box you had htat wouldn't boot after launching a lxd container, was it launched from a cloud image by chance?
<neon_v0id> Hey, everyone. I have a small issue with my Ubuntu server. I recently uninstalled the Mumble server I was running on it, and now I keep getting mail about the "murmurd" start-stop-daemon. That /usr/sbin/murmurd can't start because there's no such file or directory. How can I get my server to stop trying to run murmurd at startup?
<tarpman> neon_v0id: 1) purge the package (vs just removing it) - the initscript is a conffile, therefore not removed unless you purge. 2) file a bug - the initscript should not try to start a daemon that isn't installed
<neon_v0id> tarpman, thanks. I've run the purge and hopefully I wont get any more mail messages about mumble/murmurd :)
<pmatulis> hallyn: yes, that's what i said
<hallyn> pmatulis: can you check whether removing /etc/network/interfaces.d/* and putting the eth0 definition in /etc/network/interfaces fixes it for you?
<hallyn> it fixed it for me at any rate
<pmatulis> hallyn: i copied contents of .d/eth0 into interfaces file and moved eth0 out of the way. rebooted fine. did 'lxc launch ubuntu:' and rebooted. same problem as before
<pmatulis> hallyn: fwiw, it hangs here a while: https://private-fileshare.canonical.com/~pmatulis/sstack_reboot_pmatulis-xenial-1.png
<pmatulis> hallyn: there appears to be some kernel module problems, dunno
<hallyn> pmatulis: that sounds like a different bug, then, which i've not reproduced.  drat
<lordievader> Good morning.
<SaltySolomon> hi
<SaltySolomon> I need a tiny bit help with setting up open stack
<amigoo89> hey guys, I am currently running an ubuntu VPS machine. For a few days/weeks already, when I want to access my server either via HTTP or SSH, it starts to load for the FIRST TIME very slow, like if it is sleeping/standby. As soon as the machne woke up, it works properly and fast. what could be the reason for it?
<vagarwal_> I see that oddjob-mkhomedir is available in xenial but not in trusty. Is there an alternative or a backport available for oddjob-mkhomedir in trusty?
<saftblandarn> Hello!
<saftblandarn> I'm in the process of installing a lamp-server on ubuntu, could anyone recommend a good guide for 14.04?
<ogra_> sudo tasksel .... pick "LAMP server" ?
<saftblandarn> ogra_, thanks :) I'm a total newbie
<saftblandarn> How do I go up in the CLI?
<hateball> saftblandarn: care to elaborate? "go up" ?
<hateball> shift+page up/down, probably
<saftblandarn> That solved it. Thanks!
<caribou> jgrimm: FYI, vsftpd is now uploaded & into the archive
<saftblandarn> Okay, so now I set up all the basics I need for creating my web front end and such. Before I do so I would like to backup everything. What is the ideal way to do this?
<jamespage> coreycb, hey paramiko 1.16 is not backporting for the UCA - needs some extra deps
<jamespage> can you take a look?
<coreycb> jamespage, on it
<jamespage> coreycb, oh for next cycle we should consider how the archive re-org thing can help us remove more delta with debian
<jamespage> coreycb, bd's that don't translate into runtime depends can still be in universe...
<coreycb> jamespage, I need to catch up on the archive re-org
<coreycb> jamespage, that is interesting
<jamespage> coreycb, it could really help us
<coreycb> jamespage, yeah, so we could potentially drop a lot of BDs from main?
<jamespage> coreycb, that will have happened anyway
<jamespage> no action required
<coreycb> nice
<jamespage> coreycb, we can re-add a load that we manage via delta
<coreycb> jamespage, it seems like something we can naturally assess perhaps as we work through merges next cycle
<jamespage> coreycb, yah
<jamespage> +1
<EmilienM> jamespage, coreycb: looking at http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/mitaka_versions.html
<EmilienM> it looks like we can use update repo?
<jamespage> EmilienM, yeah working that through atm
<EmilienM> excellent
<jgrimm> caribou, thanks!!
<jamespage> EmilienM, we have an update to paramiko in the pipe which I'd like to get tested in staging before we promote to -proposed and -updates
<jamespage> EmilienM, at which point we will have validates staging as much as we can and you'll get the whole lot :-)
<aotea> :q
<EmilienM> jamespage: testing our CI against updates now
<coreycb> jamespage, paramiko backport fix is in the works, I had to update python-gssapi in xenial to drop virtualenv and python-tox from BDs...
<macskay> hi guys, i have a ubuntu 14.04 lts server and it takes a long time to respond to commands, such as up to 20 seconds when using "ls -al" for a small directory.
<macskay> Using "ls" only is done immediately. I tried rebooting but then my server didnt come back.
<macskay> It seemed an error in mounting the partition but checking the drive's smart values didnt show any faults.
<macskay>  I rebooted in "recovery mode" and all commands are executed right away (even "ls -al")
<macskay> when mounting the partition and using "chroot /mnt" the repsonse time goes back up again. What could that be?
<macskay> I tried "top" and "dmesg" but noghint shows up in there
<ppetraki> macskay, what does strace say?
<macskay> one sec ill jhave a look
<rbasak> macskay: if you've rebooted dmesg is lost. Check /var/log/kern.log.
<ppetraki> macskay,  strace -t -f -s 4096 {CMD} &> logfile
<ppetraki> should tell you were it's spending its time and be pretty verbose about it
<macskay> ppetraki: Here's the logfile: https://www.refheap.com/117490, rbasak /var/log/kern.log was last changed 3 days ago
<rbasak> I don't know but it sounds like some kind of local corruption or hardware fault to me.
<rbasak> Have you forced an fsck?
<macskay> hm not that i know of no, should I do one?
<rbasak> I would.
<macskay> the strange thing is, why would it be ok in the recovery mode?
<rbasak> A reboot might have cleared an underlying problem.
<rbasak> Especially for a hardware fault.
<ppetraki> macskay, a lot of ldap timeouts
<macskay> yeah
<macskay> i installed ldap yesterday, but removed it again
<macskay> it kept timing out
<macskay> even though i deinstalled it
<ppetraki> I don't know how you uninstalled it, but it still looks like it's part of the auth stack
<ppetraki> a fsck is a good idea, start from a sane place
<macskay> sudo apt-get remove --purge slapd
<ppetraki> macskay, it looks like you're going to have to manually remove ldap from the auth stack. theres a lot of "im trying to connect to localhost over socket and nobody is there to receive"
<ppetraki> macskay, port 389 is ldap
<macskay> that might actually be the problem, because it started lagging after I "removed" ldap
<ppetraki> macskay, so opinion is find a decent howto on ldap and reverse the steps
 * ppetraki is not fluent in auth anymore
<macskay> hm yes that seems about right
<ppetraki> hope that helps
<macskay> i'll try that
<macskay> and keep you posted if it helped or not
<macskay> thanks !
<ppetraki> yw
<EmilienM> jamespage: https://review.openstack.org/#/c/305286/ -- the bump to updates repo works fine for us.
<jamespage> EmilienM, awesome
<EmilienM> jamespage: question: when do you plan to provide a repo for newton? :-)
<jamespage> after austin
<jamespage> EmilienM, ^^
<EmilienM> jamespage: excellent
<frickler> does anyone else see a double-! and a left-triangle on their boot splash screen to the right of the cycling dots?
<pmatulis> hey hallyn, i was surprised to discover i could log in after all. but i checked a long long time after rebooting. not sure what's going on
<hallyn> odd
<DammitJim> is there a fix for the samba - badlock bug? I am on 14.04
<DammitJim> I have seen that it's been worked on in the security ppa?
<sdeziel> DammitJim: https://lists.ubuntu.com/archives/ubuntu-server/2016-April/007266.html
<DammitJim> ok, so we are looking at about a week
<DammitJim> thanks!
<sdeziel> DammitJim: if you could test the -proposed packages that would be ideal
<DammitJim> sdeziel, when something like this comes up, what page should I be looking at?
<DammitJim> sdeziel, I'm going to try to because I know it might require me to make other changes
<randymarsh9> hello
<randymarsh9> what's a good command line browser?
<DammitJim> lynx
<sdeziel> DammitJim: those versions upgrade are very infrequent. I don't know if there is a official communication channel for those but the -server mailing list might be a good place to look at
<DammitJim> ah! server mailing list
<sarnold> randymarsh9: I prefer w3m, I think it does a better job with tables. none are entirely pleasing.
<randymarsh9> DammitJim: seems to be the most popular choice
<randymarsh9> sarnold: will give that a try, thanks
<DammitJim> si
<sarnold> DammitJim: we also usually call for testers in the #ubuntu-hardened channel
<randymarsh9> sarnold: dang i can even scroll with my mousoe
<randymarsh9> mouse*
<randymarsh9> good stuff
<sarnold> oh yeah, and I have a vague memory of that getting annoying when you just want to select/paste like a normal application..
<sarnold> randymarsh9: w3m-img can even load images into xterms and other similarly-featured terminals. scary.
<randymarsh9> sarnold: i did "apt-get install w3m-img", it downloaded and installed but when i type w3m-img into my terminal and hit return it says "command not found"
<randymarsh9> what am i doing wrong?
<nacc> randymarsh9: doesn't htat just install the extension? the command is still w3m
<nacc> afaict
<randymarsh9> nacc: it very well may. i have no idea how to use it though
<randymarsh9> do i need to use a different ssh client for images to load?
<randymarsh9> or can i still use putty
<sarnold> the -mouse- works over an ssh via putty??
<RoyK> iirc no
<RoyK> but I think it might work with kitty
<RoyK> and then there's this new ubuntu-on-windows thing that might be worth trying
<RoyK> randymarsh9: the command is w3m, not w3m-img
<RoyK> or perhaps w3mimgdisplay
<randymarsh9> sarnold: in w3m it does. i can click links and even scroll using the mouse wheel
<randymarsh9> RoyK: on 0.62 it is working
<RoyK> randymarsh9: then possibly xming is doing that
<sarnold> randymarsh9: crazy. I didn't really expect that to work via putty. :)
<randymarsh9> using screen
<randymarsh9> dont know if that has anything to do with it
<sarnold> haha, that is also surprising :)
<randymarsh9> sarnold: actually no i take that back, if you are using screen it won't scroll but if you just launch w3m from terminal in putty then it does
<randymarsh9> if you have a screen session open then it just scrolls up your terminal
<randymarsh9> RoyK: i tried w3m-img thinking that will load the images
<randymarsh9> it isn't working though. is it because of the client i am using?
<RoyK> afaics, it's not part of that package
<RoyK> try dpkg -L w3m-img
<sarnold> randymarsh9: I really don't think images are going to load via putty. it uses xterm extensions to draw them.. I'm stunned the mouse even works.
<RoyK> sarnold: with xming, it should work well
<sarnold> RoyK: heh is that still a thing? :)
<RoyK> sarnold: indeed :)
<sarnold> RoyK: that's right next to tri-teal cde in my mental hash buckets..
<RoyK> hehe
<RoyK> only good way of using x with windows these days, afaik
<RoyK>  Last Update: 2015-05-24
<RoyK> no, not really, april 1
<RoyK> 2016
<randymarsh9> sarnold: xterm is an ssh client for unix systems?
<RoyK> no...
<RoyK> it's a terminal
<sarnold> randymarsh9: no. xterm is a terminal emulator.
<sarnold> randymarsh9: windows doesn't really have an equivalent, or at least not explicitly..
<randymarsh9> sarnold: command prompt?
<randymarsh9> that would be my guess
<RoyK> terminals are abstracted in the unix world, and has a truckload of functionality hardcoded into cmd and the likes in windows
<sarnold> randymarsh9: except cmd.exe is .. well, like xterm glued together with bash. sortof.
<randymarsh9> cool
<RoyK> http://www.extremetech.com/computing/226280-first-look-hands-on-with-ubuntu-on-windows-10
<randymarsh9> don't all terminals have bash/some userspace glued with it anyway?
<RoyK> no, bash is another executable
<RoyK> such as dash or zsh or csh or whatever
<RoyK> chs is rather old-school :)
<sarnold> .. or skip running the shell entirely and just start programs directly, e.g. xterm -e mutt   will start mutt directly inthe terminal without a shell first
<patdk-wk> why xterm?
<randymarsh9> what good is a terminal with no userspace?
<patdk-wk> just have the kernel run mutt instead of init :)
 * RoyK slaps patdk-wk with a small herring
<patdk-wk> if your running xterm, you long ago had userspace
<RoyK> randymarsh9: everything is userspace
<randymarsh9> RoyK: i'm confused
<patdk-wk> a *shell* != userspace
<RoyK> kernelspace is about system calls and so on
<RoyK> a shell lives in userspace
<sarnold> randymarsh9: each shell brings with it a certain amount of used memory; if you never use it you can save the memory. granted the kernel will swap it out eventually but each one takes one to six megs or so..
<patdk-wk> userspace is about privilege separation
<randymarsh9> ok i have the wrong definition of userspace
<RoyK> x86/x64 have four privilege levels - most OSes uses two
 * patdk-wk lives at ring0
<sdeziel> how about ring -1?
<randymarsh9> what's the point of bringing bash to windows?
<RoyK> sdeziel: the Ã¼ber-ring with only gods in it? ;)
<randymarsh9> does that let me download and run unix programs?
<RoyK> randymarsh9: not back - it never was there in the irst place
<sarnold> randymarsh9: so you're not stuck trying to deal with terrible cmd.exe or baffling powershell
<ogra_> it comes with apt ;)
<randymarsh9> RoyK: i said bringing bash not back
<RoyK> doh - I misread
<randymarsh9> so i can run w3m on windows if i want to?
<RoyK> randymarsh9: the point is that it combines the power of unices with windoze
<sarnold> probably
<randymarsh9> and lynx and all the other cool programs?
<sarnold> granted those may work today via cygwin
<sarnold> but the new windows personality modes sounds nicer
<RoyK> randymarsh9: works well if you really need windows and can't go with linux as your primary
<randymarsh9> so windows is coming up with a bash emulator of sorts?
<ogra_> The whole ubuntu archive (theoretically)
<randymarsh9> except it is much more official than that?
<RoyK> randymarsh9: nah - it's an API that translates linux systemcalls to windows' ones
<randymarsh9> is windows going to let ubuntu do the same thing?
<ogra_> no, it adds Linux syscall translation to the windows kernel
<sarnold> randymarsh9: in some sense, linux did the same thing two decades ago, first with 'dosbox' then with 'wine'
<ogra_> then there is an app in the windows store that lets you install a minimal ubuntu system thatships bash and apt
<RoyK> sarnold++
<randymarsh9> sarnold: dosbox was a unix thing?
<ogra_> so you can apt install anything from the archive
<ogra_> (not everything might run though )
<RoyK> ogra_: and most of it will probably work? ;)
<randymarsh9> i thought dosbox was created to run old dos programs on new versions of windows
<randymarsh9> since dos was removed after windows 2000
<randymarsh9> in xp it was no longer there i think
<ogra_> I'd assume most cmdline tools will work eventually... Including lynx and w3m
<sarnold> randymarsh9: sure, apt-cache show dosbox   :)
<sarnold> hunh, initial release in 2002..
<sarnold> ah there we go, dosemu, initial release September 1992; 23 years ago
<RoyK> no idea if the initial release was for win or linux, but it seems to run on most things
<RoyK> sarnold: ah - probably not someone that wanted dos games to run on winnt/os2 :D
<RoyK> that is, winnt came in '93
<sarnold> hehe
<RoyK> sarnold: I remember someone trying to show us (at the time I was working a day a week for practice during school) the benefits of winnt 3.1 as a fileserver - how brilliant it was - but then, a wee test comparing simple file copying with that and the current netware (3.12 iirc) showed it was slower by far, about half the speed or so
<sarnold> RoyK: yeah, I remember those ancient netware systems fondly.. the nt 4.0 server we had reset every thursday and we never figured out why.
<RoyK> hehe
<arooni> can someone tell me why i must run sudo when doing basic stuff like mkdir rm within a /var/www/adomain.com which it and all files/subdirectorires has ownership:  wp-user:www-data ; and my currently logged in user is part of the www-data group?
<keithzg> arooni: What does "ls -l /var/www/adomain.com" say for permissions? Perhaps it's not set to writeable by group, only wp-user.
<arooni> keithzg you're right;  is it a security hazard to do a sudo chmod g+w -r /var/www/adomain.com ?
<keithzg> arooni: Only in the sense that obviously then you'd better make sure that only users with secure credentials and a good reason to write there are part of that group.
<pulsar12> I need help to solve an issue with pppd.
<pulsar12> why would pppd process try to resolve name "ppp0" while a client is connecting?
<sarnold> pulsar12: hmm, nothing stands out when searching debian code search for ppp0 or gethostbyname pkg:ppp ..
<pulsar12> sarnold, thanks for the hint! the search using "gethostbyname pkg:ppp" turned out a result which i havent found before
<pulsar12> tomorrow i will investigate more since i don't have access now to the server
<randymarsh9> uh oh
#ubuntu-server 2016-04-14
<coreycb> jamespage, something's causing haproxy to fail to install from trusty-mitaka staging.  http://paste.ubuntu.com/15822925/
<coreycb> seems to be related to the new lua5.3, http://launchpadlibrarian.net/253502335/lua5.3_5.3.1-1_5.3.1-1ubuntu1.diff.gz
<Capprentice> Hi! Im having problem with the e1000e driver on Ubuntu 14.04 . It crashed under load. I have enabled IP o\dodinge1000e 0000:00:19.0 enp0s25: Reset adapter unexpectedly [  197.382071] e1000e: enp0s25 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
<Capprentice> My server has 16 GB RAM, Core i5 CPU Intel, 4x2 TB HDD. What will be the optimal settings for sysctl for Squid Cache
<ikonia> it doesn't work like that
<ikonia> you need to look at what you're machine is doing, how/what you're using squid,
<ikonia> you'll probably see very little benifit from changing sysctl
<jamespage> frickler, new ceph rc for today - will also include that maintainer script noise fix
<jamespage> coreycb, that change got reverted to lua - tests ok now
<codepython777> anyone here?
<Capprentice> hi
<Seveas> Capprentice: you'll want to maximize your available tcp port range, tune max file descriptors for what's usable, reduce swappiness and maybe tune some tcp parameters for http traffic (lower timeouts, no keepalive etc)
<codepython777> does anyone use a PPA here to distibute their software across machines?
<Seveas> I do
<codepython777> Hi Seveas
<codepython777> do you use launchpad to do that? Or can that be done without a launchpad account?
<Seveas> launchpad
<codepython777> so there is no way to do this without a launchpad account?
<codepython777> Also, what is a good resource to follow, to get started ?
<codepython777> is there a way to say you only support certain distributions? (like say 15.10)
<Seveas> any good debian packaging tutorial will work
<Seveas> and you'll need to upload each package to each distribution
<Seveas> so only supporting 15.10 == only uploading to 15.10
<codepython777> i see
<codepython777> so debian uses the same mechanism for packages i guess?
<Seveas> a similar mechanism
<Seveas> you can build repos without launchpad as well, but you said 'ppa', so I was assuming you meant launchpad's repo functionality
<Seveas> if you don't want to use launchpad, you can use reprepro or other tools to take a collection of packages and turn them into a repo.
<codepython777> if i build repos without launchpad, is it easy to host it? to let users add it and run updates?
<Seveas> you just need a webserver :)
<codepython777> that i have :) nginx
<codepython777> where are the docs to create the files for distribution? :)
<Seveas> man reprepro
<Seveas> and a debian packaging tutorial. Not sure where to find one these days
<coreycb> ddellav_, nova 12.0.3 is out, want to include that in your SRU?
<ddellav_> coreycb sure
<coreycb> ddellav_, thanks
<vassie> Hello, is it possible to install Xenial without LXD? Personally I have no need for it as I want to use Docker
<patdk-wk> I have never installed lxd with xenial
<patdk-wk> so it must be
<vassie> patdk-wk: I have done a clean install of Xenial beta 2 and LXD is installed by default
<patdk-wk> using what install options?
<patdk-wk> default, install everything?
<sdeziel> vassie: Docker can run inside LXD mind you
<rbasak> vassie: it shouldn't cause any harm by being there. If it does, then please file a bug.
<rbasak> Can you just remove it?
<ogra_> it isnt a recommends
<ogra_> so it will pull out the meta package with it
 * patdk-wk only ever installs ubuntu-minimal
<ifohancroft> hello everyone. where do i find the package for kmod-nls-iso8859-1
<ifohancroft> i need it for a server but no internet connection there or anything, i am in recovery mode so i want to download it here and transfer it there via usb key or something and install it manually
<patdk-wk> ifohancroft, in the normal kernel package
<patdk-wk> linux-image-......
<ifohancroft> thanks, patdk-lap. so if i want just the module i pretty much need to reinstall the kernel?
<patdk-wk> yes
<patdk-wk> it's part of the kernel
<patdk-wk> so if it's broken, just boot using a different installed kernel
<patdk-wk> you should have 2 atleast, if not more
<ifohancroft> i was thinking about that, however in the grub menu i only see one and it's debug version so i guess they may have been wiped out or something or is it just not showing in the options?
<patdk-wk> newer grub menu only shows the current one
<patdk-wk> there is another option at the end
<patdk-wk> like a show all option
<patdk-wk> that will show the other versions
<ifohancroft> oh, ty, i will look for that
<patdk-wk> older grubs, show all of them by default
<patdk-wk> or rather, older ubuntu grub config makers :)
<sdeziel> vassie: this fresh post is really apropos: https://www.stgraber.org/2016/04/13/lxd-2-0-docker-in-lxd-712/
<jamespage> coreycb, just waiting for the magnum binaryies to publish and I;ll promote proposed->updates
<coreycb> jamespage, ok gnocchi is on it's way too.. just noticed it has an i386 test failure
<jamespage> coreycb, yah
<jamespage> I might be tempted to hit the button of despair for that first...
<jamespage> coreycb, ok promoting proposed -> updates
<coreycb> jamespage,  I think pandas is stuck in proposed due to sunpy autopkgtest regressions, which appear to mostly be due to the version of numpy we have.  numpy 1.11.0 could use a sync but isn't just bug fixes.
<coreycb> jamespage, not sure what to do, it's slightly late in the cycle
<pmatulis> hallyn: for the cloud-init fix, so nova controllers need to have their package updated?
<hallyn> pmatulis: i thought it was just the cloud images on which the instances were based.  smoser ^ ?
<smoser> pmatulis, which is this ?
<pmatulis> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1569974
<ubottu> Launchpad bug 1569974 in cloud-init "networking fallback should ignore bridges" [Medium,Confirmed]
<vassie> rbasak: I've tried to remove lxd but it will also remove ubuntu-server
<rbasak> stgraber_: ^ perhaps the lxd seed should be a recommends and not a depends?
<rbasak> kirkland: ^
<vassie> Would be nice if it was an option via tasksel
<vassie> I want to use Docker and not LXD
<vassie> LXD has created a network interface that I don't need/want
<rbasak> You can. Just use Docker.
<vassie> rbasak: I know, but it would be nice to remove LXD as they kind of both do the same thing, I only need one, not both
<teward> vassie: removing lxd will remove ubuntu-server and i think ubuntu-standard metapackages, which I think are critical to make sure you get the right upgrade paths
<rbasak> Ubuntu ships vi and nano. Both do the same thing. I only need one, not both.
<teward> s/and ubuntu-standard//
<teward> vassie: use Docker, leave lxd alone.  but leaving it installed won't hurt anything
<teward> (removing it may remove some of those metapackages which I think are 'good to have' to ensure proper upgrade paths and package set changes)
<rbasak> Options via tasksel don't really work any more. An increasing number of Ubuntu server users use cloud images where tasksel isn't an option.
<rbasak> (also it's quicker since you don't need to run an installer)
<pmatulis> smoser: ?
<kirkland> rbasak: sure, I guess
<kirkland> rbasak: do you want to take care of that?
<rbasak> kirkland: will do, thanks.
<saftblandarn_> Hi, I'm having problems to connect with my server with putty. It was working fine until I restarted putty
<saftblandarn_> I've tried to restart my server and "sudo service ssh restart"
<kirkland> rbasak: actually
<kirkland> rbasak: what, if any, reprocussions are there for doing so?
<rbasak> kirkland: AFAIK, only that you can remove it without being told it's bad.
<kirkland> rbasak: right -- what, if any, images do we build that *don't* install recommends?
<kirkland> rbasak: because we really, really do want lxd just about everywhere
<kirkland> rbasak: we can even run lxd in lxd
<kirkland> rbasak: I'm a little nervous, actually, about doing this today, and seeing images tomorrow, that don't have lxd in them any more
<rbasak> kirkland: we can confirm with People Who Know if you prefer. I was taking the approach that doing it sooner rather than later means more time to detect fallout.
<rbasak> I'm surprised that lxd isn't seeded on desktop?
<rbasak> It's in supported-misc-servers, cloud-image and server.
<rbasak> Is smoser around?
<stgraber> I just did the seed change based on scrollback
<stgraber> snapd is a recommend too and that seems to have appeared everywhere
<smoser> rbasak, here.
<rbasak> smoser: any impact to dropping lxd to a recommend that you can think of? Since you were looking into this kind of thing.
<rbasak> (in the seeds)
<stgraber> IIRC the only images that were building without recommends were the phone images (not sure if they still do)
<smoser> snappy might build without recommends.
<smoser> but it could have lxd explicitly if it needs it. or otherwise handled there.
<stgraber> ah could be, but we don't want lxd on those either :)
<stgraber> there is a lxd snap for that
<smoser> the one difference that i think is notable is that recommends rather than depends means:
<smoser>  apt-get --purge lxd
<smoser> does *not* tell you: you're getting rid of ubuntu-server
<stgraber> yeah, that's precisely what we want to allow
<smoser> i dont know.
<smoser> do we ?
<smoser> i absollutely feel that way for ubuntu-snappy
<stgraber> well, that's what rbasak and kirkland were discussing anyway
<smoser> well, the ubuntu-meta would need to be re-done also
<smoser> updated
<stgraber> sure, I just did the seed change for now, then saw the discussion here so paused before uploading a new ubuntu-meta
<rbasak> Based on this discussion I think we're good.
<smoser> i thin its fine. stgraber you touched both server and cloud-imge ?
<stgraber> lxd doesn't do anything on the system until you start to use it, so I'm not sure why you'd remove it, but if allowing folks to remove it make some of those lengthy LP discussions go away, then it doesn't really hurt to let them
<stgraber> smoser: yup
<kirkland> okay
<smoser> i never really knew about (recommends) in a seed before.
<smoser> before probably a year ago. i'd might have used it more
<stgraber> it's pretty widely used for desktop stuff I think
<patdk-wk> not used for stuff like vlan/ifenslave/mdadm?
<patdk-wk> though, it has annoyed me I cannot setup a vlan in the installer to get network access lately
<sdeziel> bonding and vlan support in the installer would be handy
<pulsar12> i am struggling with pppd daemon which is trying to resolve name "pppX" (X = number of the dynamic interface created) everytime a user connects. anyone has an idea about this?
<pulsar12> i am struggling with weird issue on pppd daemon: it is trying to resolve name "pppX" (X = number of the dynamic interface created) everytime a user connects. anyone has an idea why this happens?
<coreycb> jamespage, the new sahara with api-paste.ini is in mitaka staging now
<dorrek> Hi Guys. Im stuck... I run apache2 server, with user dir http_public. I am unable to add alias to /home/user/public_html. Its just showing 404. In whith file i should look? Also, everything works just fine by domain/~user/adress
<sarnold> dorrek: what did you try? do you get any errors, warnings, or access entries in the logs when you try to load it?
<dorrek> Nvm... Well.. Im tired... I forget to close <VirtualHost>
<sarnold> dorrek: aha :)
<guampa> hello
<guampa> do you know if it's possible to shutdown or reboot LCXs via libvirt?
<guampa> I'm failing to get virt-manager GUI or virsh to do that
<guampa> *LXCs
<sdeziel> guampa: are you using the libvirt-lxc driver? Or were those LXC containers started by something else (LXD|LXC)?
<guampa> these were created via virt-manager, so I guess it's libvirt-lxc
<guampa> I got these messages from within virsh http://hastebin.com/qukacuzafo.lua
<guampa> yes, I see the xml under /etc/libvirt
<sdeziel> ugh, a paste service that needs javascript to display ...
<guampa> do you prefer another?
<guampa> http://hastebin.com/raw/qukacuzafo
<sdeziel> guampa: I'm used to paste.ubuntu.com is all
<guampa> the raw version shows plain text
<sdeziel> guampa: as for your shutdown problem I am afraid I cannot help you much. I'm not familiar with this libvirt driver
<guampa> neverming, thanks for taking interest at all
<guampa> d*
<sdeziel> guampa: https://libvirt.org/drvlxc.html#usageStop ?
<guampa> I haven't found much docs on the issue, so I'll keep digging
<guampa> yeah, that's what I tried in the paste
<guampa> haven't tried with destroy, I'm looking for a graceful shutdown
<sdeziel> guampa: you didn't include the virsh invocation so I wasn't sure if you had used the "-c lxc:///" part
<guampa> ah, that's because I was in the virsh shell already
<sdeziel> guampa: maybe you could strace the container's init and see if it receives the SIGTERM?
<guampa> if everything fails I can resort to script it over ssh
<guampa> yes that could be useful
<sdeziel> guampa: there is also LXD that might interest you. Works really well with containers
<guampa> I could try it, but libvirt interests me especially since I can manage both KVMs and LXCs from the same interface
<sdeziel> in Ubuntu, that's where the focus is with containers in general. The libvirt-lxc driver receives less attention
<guampa> I'm experimenting with two-level virtualization, actually virtualization + conteinarization
<sdeziel> then you could really well have libvirt driving your KVM that could run LXD inside
<sdeziel> many use it that way
<guampa> it's working beautifully, just added DHCP+DDNS and you fire up machines at any level and everything is reachable
<guampa> sdeziel: but I would loose managing everything from the same UIs
<sdeziel> true
<sdeziel> guampa: "shutdown --mode acpi" and the "agent" mode won't work for containers. Those are for virtualized guests only
<sdeziel> the other 2 modes should have though. The fact that they don't seems to point at a miss-configured container
<guampa> the error "Container does not provide an initctl pipe" suggests a possible solution
<sdeziel> guampa: here on a Xenial lxc container: https://paste.ubuntu.com/15839958/
<guampa> I see
<guampa> all I see in /dev is console  fd  full  log  null  ptmx  pts  random  shm  stderr  stdin  stdout  tty  tty1  urandom  xconsole  zero
<sdeziel> what's PID 1 in that container?
<guampa> init [2]
<guampa> there's a /run/initctl
<sdeziel> in the container, if you send  a SIGTERM to init, what happens?
<guampa> nothing
<sdeziel> can you try symlinking /run/initctl with /dev/initctl
<guampa> just what I was trying now
<guampa> yesssssssssss
<guampa> does work
<guampa> :)
<guampa> I'll investigate why it isn't being linked from starters, I see the KVM that hosts it hasn't got the link either
<guampa> the KVM has acpi though, so it's able to reboot and shutdown
<pulsar12> i still have the problem with the pppd trying to resolve name "pppX"(X being the number of dynamic interface created), every time a user tries to connect. I dont find any explanation for this behavior and havent found anything on google
<sarnold> pulsar12: hey, bummer you're still fighting that.. I got to wondering last night, why not just add a billion entries to /etc/hosts for that? set ppp0 to 127.1.0.1, ppp1 to 127.1.0.2, and so on..
<pulsar12> hi sarnold :). it would solve it but that would be a hack, and i prefer going to the elegant solution, and also im curious why this happens
<sarnold> pulsar12: yeah, I can understand that, but sometimes you just need things to work,hehe :)
<pulsar12> maybe next step will be using gdb to know exactly what is happening
<pulsar12> it will be the first time i use it, i have to learn
#ubuntu-server 2016-04-15
<YokoBR> hi guys
<YokoBR> As I have only one NIC, i've created two virtual interfaces. Now the three interfaces has 255.255.0.0 as masks and created dhcp configs with 3 ranges, 192.168.0.2-254, 192.168.1.2-254 and 192.168.2.2-254
<YokoBR> would that work?
<sarnold> YokoBR: it may not work with that netmask..
<sarnold> YokoBR: try instead 255.255.255.0 and install explicit routes for all three networks to the other two networks.
<YokoBR> sarnold: i think the problem was solved.
<YokoBR> this is what i did, 10.100.0.1 255.255.252.0. DHCP range 10.100.0.1 - 10.100.3.254
<sarnold> that sounds like it should work, yeah
<jamespage> coreycb, gnocchi and pandas dropped from the UCA
<showaz> Hello, how to reset a Ubuntu-Server 16.04 initial state before install "apt remove ... --purge --auto-remove" (ubuntu-minimal).
<rbasak> showaz: "apt-get install ubuntu-minimal^" perhaps?
<rbasak> (or is it "minimal^"?
<rbasak> )
<showaz> ubuntu-minimal already installed.
<rbasak> Well then I don't understand your question.
<showaz> rbasak: To restore ubuntu-server to original appearance after you install a hosting panel (packages/user-data purge)
<rbasak> showaz: well that depends on what your hosting panel installer did. Your hosting panel provider needs to answer your question really.
<rbasak> It might be easier just to reinstall your server or restore from backup or whatever. I certainly wouldn't continue using a production server after messing around with it like that.
<rbasak> rharper: do you have capacity to look at https://bugs.launchpad.net/ubuntu-release-notes/+bug/1531864/comments/5 please?
<ubottu> Launchpad bug 1531864 in Release Notes for Ubuntu "HTTP/2 disabled in Apache httpd" [Undecided,New]
<rbasak> It's intended to be disabled, but comment 5 suggests that the disablement is broken
<rharper> rbasak: I'll look at that today
<rbasak> rharper: thanks!
<rharper> rbasak: to be clear, both the load file and the so should be removed since we're disabling support of http2
<rbasak> rharper: I'm not sure. I don't mind what is removed so long as nothing explodes. I suspect the load file being there might be a problem, so I thought it probably warrants investigation.
<rbasak> rharper: it may be that you're satisfied that nothing needs doing after looking.
<rharper> ok; but the goal is for http2 to not be enabled by default
<rharper> and things shouldn't break
<rbasak> Right.
<rharper> ok
<rbasak> rharper: actually not just not enabled by default but not built.
<rbasak> Until the security team says it's OK, which I don't think they will until upstream no longer consider it experimental.
<rharper> rbasak: ok; then I wouldn't suppose we should ship any http2 files either (if we don't bother building it) no ?
<rbasak> rharper: that would be sensible, yes. But if it's not actually causing a problem, it's probably not worth breaking final freeze for that.
<jamespage> coreycb, https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1568971
<ubottu> Launchpad bug 1568971 in horizon (Ubuntu) "Ubuntu Mitaka package fails to upgrade with SyntaxError: Undefined variable: '$helpPanelWidthDefault'." [Undecided,Confirmed]
<devster31> I have a pretty minimal ubuntu install, is there a cli utility that allows me to interact with dhcp client and servers? I want to read the information the server is broadcasting
<hateball> devster31: other than dhclient ?
<devster31> I thought dhclient was used to configure an interface, I just want to read the information
<devster31> also I think the default is dhcpcd
<GeorgesLeYeti> Hi
<GeorgesLeYeti> Ubuntu 14.04.4 LTS,  Issues: My /etc/passwd has been changed. How can i investigate about who / what change this file ?
<sdeziel> GeorgesLeYeti: many things can change /etc/passwd. I'd recommend looking at the recent changes with: diff -Nau /etc/passwd- /etc/passwd
<jamespage> ddellav, https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1568971
<ubottu> Launchpad bug 1568971 in horizon (Ubuntu) "Ubuntu Mitaka package fails to upgrade with SyntaxError: Undefined variable: '$helpPanelWidthDefault'." [Undecided,Confirmed]
<rbasak> rharper: looks like apache2 2.4.18-2ubuntu1 inadvertently reintroduced http2.load.
<rbasak> rharper: I think you're right in that the conffile needs that handling to remove.
<rbasak> rharper: I don't see anything wrong with your conffile handling, but a couple of things to make it simpler:
<rbasak> 1) you don't need to make it conditional on $1; dpkg-maintscript-helper takes care of that itself.
<rharper> which did I make a conditional ?
<rbasak> 2) you can use debian/apache2.maintscript to save having to touch all the maintainer scripts. Then debhelper will take care of it.
<rbasak> You're calling remove_http2_conffile from inside the switch statement
<rbasak> Which could well be absolutely correct but I'd need to check.
<rharper> ah, I see
<rharper> there are stage checks in mainscript itself
<rharper> lemme look at the apache2.maintscript then
 * rharper missed that
<rbasak> rharper: see the dh_installdeb manpage.
<rbasak> You couldn't know about it unless you already did :-/
<rharper> heh
<rharper> yeah
<rharper> that's fancy sauce right there
<rbasak> Basically you put the dpkg-maintscript-helper calls in there and then debhelper takes care of it.
<rbasak> But good job in spotting that you needed conffile handling :)
<rharper> though one still has to debug the prior version stuff
<rharper> rbasak: slangasek helped me see that in squid
<rbasak> rharper: squid's conffile handling was painful!
<rharper> to say the least
<rbasak> rharper: btw, did you figure out if having http2.load present actually causes a problem?
<rharper> let me test that out
<rharper> I imagine it'll throw an error but unlikely to cause problems; I think apache2 handles missing modules gracefully
<rharper> no
<rharper> well, it just wont start, if you a2enmod http2 and then restart, apache2 won't start
<rharper> yeah
<rharper> so better to remove the file
<rharper> no one get's hurt accidentally (it's in mod-avail, not mod-enable)
<rbasak> OK, thanks for checking.
<rharper> but if someone did attempt to enable it and restart apache, it fails due to the missing so file we removed
<rharper> nice, that apache2.maintscript is very cool
 * rharper attaches a new debdiff
<rbasak> rharper: the new debdiff looks good, thanks. Have you tested that this works, please?
<rbasak> rharper: I'd also note in the changelog that it was inadvertently dropped in an intermediary merge just to make the next merger's life easier in figuring out the logical delta. I can note that when uploading, no need for a new debdiff.
<rharper> rbasak: yes; I've tested the same upgrade and the file is removed properly
<rbasak> rharper: OK, thanks. Do you think this should break final freeze or should we aim for a 0-day SRU?
<rharper> rbasak: sorry about not mentioning *why*;  I  know better =(
<rharper> I think 0day is fine
<rbasak> OK
<rharper> it's out of the way
<rharper> unless someone is explicitly doing a2enmod http2
<rbasak> That would always break at some point, right?
<rbasak> Either in the a2enmod command, or with this bug on apache2 restart.
<rharper> right
<rbasak> So they shouldn't be doing it and expect it to work presumably :)
<rbasak> Then I think a 0-day is fine.
<rharper> they might expect it due to the version, and http2 is enabled in debian
<rharper> but
<rharper> it's noted in the changelog why we don't have it enabled at this point
<aeronavi> how to create a pty without an attached process?
<aeronavi> my idea is to open terminal window, where I can later attach a process with redirected standard input/output and then control it from that window
<sarnold> aeronavi: sounds like you're re-inventing screen or tmux
<sarnold> fwiw I haven't seen "terminal without a process" in a while -- back in those days of course we had serial cards in our computer with 16 or 32 serial ports, and flat phone-wire run throughout the building for the terminals..
<RoyK> screen is really cutting edge - I mean - it came out in 1987
<sarnold> gotta keep up with these new tools :)
<RoyK> :D
<patdk-wk> royk, it should be replaced, it's old and single purpose like init
<patdk-wk> maybe we need a screend
<RoyK> tmux is better
<aeronavi> hehe sarnold, im not from that time.
<RoyK> aeronavi: well, it's been used steadily over those almost 30 years
<RoyK> I guess 'ls' is a wee bit older
<RoyK> but people are still using it!!!!!!!!!!!!!
<aeronavi> but screen must spwan always a process right?
<arooni> why when i login to my server do i see 56 packages can be updated?  i thought i had security updates automatically installed.  must i do a separate setup for regular updates to packages?  and more importantly, is this advised?
<RoyK> aeronavi: nah - you can have several - just use tmux if you aren't used to screen - it's Newer And Better (tm)
<aeronavi> spawn* . I plan to debug a process with gdb that is called inside a script, but i would like to control gdb on a external window
<teward> arooni: updates != security updates
<teward> arooni: it's possible to have a lot of non-security updates pending in the -updates repo for your computer, but they won't get installed if you only put on security updates
<arooni> teward is setting up auto updates of non security updates possible?  and advised?
<RoyK> arooni: I'm using all sort of updates on my machines - haven't failed so far (over the years)
<RoyK> last issue we had at work, was today, a new samba version came out of redhat's repos and suddenly kerberos was needed for everything, and that was a security update
<RoyK> broke a few clients not in AD
<aeronavi> RoyK when i start tmux or screen, it spawn a shell process.
<aeronavi> is it possible to just start it without any process?
<sarnold> why?
<aeronavi> so later I can redirect input/output of other processes
<aeronavi> and control there
<sarnold> why not just start that other process in screen?
<aeronavi> sarnold because the process in question is called from inside a script
<arooni> i'm trying to access /var/log/nginx ; but i'm getting access denied because my ssh user isn't part of the adm group.  so i did; sudo usermod -a -G adm myuser;  but i still cannot access.. :\  why not?
<sarnold> arooni: use sg or newgrp to create a new shell process that is in the group or log out and in again
<bekks> arooni: log out completely as that user, login again.
<arooni> hey thanks that worked
<arooni> is there a better tool than tmux splitting panes to monitor nginx error log + syslog?
<Pici> arooni: multitail?
<arooni> Pici nice!  never heard of that before;  i like the color + formatting
<Pici> arooni: its definitely handy.
<teward> i was going to say, "yes, it's possible.  advised?  I think so, but that's your call."
<teward> then they left
 * teward was busy fixing his network
<qman__> I've been doing it for years without problems
<RoyK> qman__: what?
<qman__> unattended upgrades for regular updates (not just security patches)
<RoyK> mhm
<qman__> I've had release upgrades break plenty of stuff but not regular patches
<RoyK> it was a bit fancy this security update by redhat
<keithzg> I tend to have it only on for security updates, but that's almost more just because I feel like giving myself something to do from time to time ;)
<RoyK> suddenly everything not in the AD was banished
<sarnold> RoyK: in all fairness there's a half-way tolerable chance the same thing will happen with our samba updates next week
<RoyK> I gues so
<RoyK> guess, even
<sarnold> RoyK: the only feedback we've gotten so far has been good but samba is so bloody configurable..
<RoyK> sarnold: we found two solutions - either login with ad-domain@user, or install winbind
<RoyK> I didn't try the former - we just went for winbind
<RoyK> we've got some 25k users, so these things hurt a bit when that little percentage of them not using windows lose access to their data
<sarnold> even 0.1% is a noticable amount of work :)
<RoyK> indeed
#ubuntu-server 2016-04-16
<jvwjgames> Hi everyone
<jvwjgames> so i am wondering if i can execute a python script when a command outtup shows text on the screen and not saved to a file
<jvwjgames> Is this possible?
<jrwren> yes
<jvwjgames> really
<sarnold> what are you doing?
<jvwjgames> how
<jrwren> jvwjgames: use tee to pipe the output to both the python command and the screen?
<jvwjgames> so i am having a command minimodem listen for tones and it prints it on the screen in realtime the decoded tones but can't save to a file
<sarnold> how is it printing to the screen?
<jvwjgames> rtty
<jvwjgames> it listen from the mic and prints to the screen
<jvwjgames> *listens
<jrwren> or heck, just have the python echo what it reads as well as process it.
<jvwjgames> what command
<sarnold> the easy approach may be to edit the source and change it from using curses or whatever to just print
<sarnold> slightly harder may use the script program to capture the output
<sarnold> but that may not actualy work
<jvwjgames> ok
<jrwren> if it is this, it looks like it justs prints to stdout: https://github.com/kamalmostafa/minimodem/blob/master/src/minimodem.c
<sarnold> jrwren: hrm, so why didn't redirecting its output work?
<jvwjgames> let me reiterate my question
<jvwjgames> so if a file reads a word in seismicdata.txt if the word in that file reads seismicdata then execute a curl command
<jvwjgames> that's what i want and seems to be easier
<jvwjgames> cause i got the stdout to redirect to a file
<jvwjgames> now i want the curl command to run if word in file contains seismicdata
<sarnold> jrwren: try this: grep -q seismicdata && curl http://....
<jvwjgames> thanks it works
<jvwjgames> thank you for your help sarnold
<sarnold> great ;) have fun jvwjgames :)
<sarnold> sigh jrwren sorry, tabmisfire
<hallyn> jcastro: wow, the juju credentials features look nice
<jrwren> i misunderstood something. Sorry.
<patdk-lap> heh, not fun, nfs issues
<patdk-lap> https://lkml.org/lkml/2015/12/4/759
<patdk-lap> getting that same exact issue on 16.04 :(
<patdk-lap> though, I don't get any of those oversized read request log lines
<lordievader> Good morning.
<FMan> "System load: 0.0"
<bekks> FMan: And? :)
<FMan> help me think of something to do with my server :D
<bekks> What does it do normally?
<FMan> idle
<FMan> it's a VPS
<bekks> And what do you have that VPS for, if you arent using it?
<FMan> good question... I have a web server running on it for testing now so far
<pmatulis> hallyn: know anything about it? https://bugs.launchpad.net/serverguide/+bug/1571135
<ubottu> Launchpad bug 1571135 in Ubuntu Server Guide "Follow-up to Bug #1300369: Server guide misleading/incorrect" [Undecided,New]
<TheSuperGeek> hello, is there a tutorial about administrate a server ? Because I want to host a home-server, but I don't know how to do it.
<bekks> A server serving which pupose?
<TheSuperGeek> bekks: hosting a Cozycloud (www.cozy.io) + owncloud + ftp +ssh
<TheSuperGeek> bekks: and maybe a VPN
<andol> TheSuperGeek: https://help.ubuntu.com/lts/serverguide/ might not be a bad place to start.
<bekks> At home?
<TheSuperGeek> bekks: and maybe LDAP
<TheSuperGeek> bekks: yes
<andol> TheSuperGeek: https://debian-handbook.info/ is a really good read, and mostly apply towards Ubuntu servers as well.
<TheSuperGeek> andol: It seems to be something I search
<TheSuperGeek> (the 1st link)
<TheSuperGeek> andol: Oh the 2 links are in french, that's very good. Thank you !
<hallyn> pmatulis: the section id=lxd-uid, "UID mappings and Privileged containers" explains how to do it.
<hallyn> pmatulis: if you feel it needs more explanation please feel free to assign it to me.
<pmatulis> hallyn: so it's in the LXD chapter but not in the LXC chapter iiuc
<hallyn> pmatulis: oh the complaint was about the lxc section?
<hallyn> i only looked at the source, not the doc.
<hallyn> so didn't notice that
<hallyn> i can still cross-reference right?  pls feel free to assign to me, i'll propose something and you can tell me it's horrible :)
<pmatulis> hallyn: ok
<hallyn> thx
<devster31> how can I make /srv placed on a different hard disk but without making a partition and mounting it?
<macks> has anyone integrated jetbrain's hub with ldap?
<Kallis> hi there, looking at moving my windows server over to a linux server and am just going about setting up samba with acl, was just wondering if there was an easy way for me to copy all current user acl's that are in place on the windows server over to the new samba linux box please or do i need to redo all acl for all users on all directories, using ubuntu server 15.10
<Kallis> for now the ubuntu server will just start off for file serving so i will continue using the windows server for ldap and a couple of other bits as i slowly migrate away
#ubuntu-server 2016-04-17
<JanC> Kallis: maybe try asking in #samba also
<pmatulis> Kallis: i have never heard of a conversion from windows to Samba. also, you might want to wait a week to use 16.04 and not 15.10
<Kallis> pmatulis, yeah it would have just saved me resetting up all of the ACL for users, there are a lot QQ
<Kallis> JanC, I have asked in there as well thanks JanC :D
<devster31> do I need to specify APT::Default-Release if I want to pin packages or can I just set Package: * Pin: release a=trusty Pin-Priority: 990 ?
<patdk-lap> something go wrong with apt-daily.timer
<patdk-lap> it is appearing in my dmesg every few seconds :(
<patdk-lap> but not on all of my xenial machines, and not even on two mirror imaged ones
<patdk-lap> http://paste.ubuntu.com/15886862/
<UserUS> anyone here have ubuntu server on there computer, and use the OS for other things as well?
<patdk-lap> exactly how do you use an os for other things as well?
<UserUS> irc, web browsing, making videos, skyping...etc
<patdk-lap> you cannot do that on ubuntu-server
<patdk-lap> you can do those on ubuntu-desktop though
<UserUS> yes, you can?
<UserUS> I've installed it and done so
<patdk-lap> the difference, is nothing, though
<UserUS> you just install gnome gui
<patdk-lap> you can run skype without a gui?
<UserUS> you install a gui mate
<patdk-lap> and as soon as you did so, your using ubuntu-desktop
<UserUS> just install ubuntu-desktop
<UserUS> yeah, but it keeps the server and  apache
<patdk-lap> and, the same would be true if you install ubuntu desktop, and installed apache
<patdk-lap> I don't see your point
<patdk-lap> the same would be the case if I installed windows 10, then installed apache
<UserUS> my point is, does it matter if i do so
<UserUS> run the server on the same pc
<UserUS> or will it be deadly slow...etc
<patdk-lap> it will be slower
<patdk-lap> you just added a bunch more crap into ram, cpu, ...
<UserUS> or kick users from the site for lack of bandwith
<UserUS> its an i7 with 16gb of ram
<UserUS> fourth gen intel
<devster31> so I have this right now: https://bpaste.net/show/07230537e2b5 how do package dependencies behave? meaning, does nginx-common automatically get updated if theres's the requirement on the newer package?
<Kallis> hi there, looking at moving my windows server over to a linux server and am just going about setting up samba with acl, was just wondering if there was an easy way for me to copy all current user acl's that are in place on the windows server over to the new samba linux box please or do i need to redo all acl for all users on all directories
<RoyK> Kallis: never tried it, but if you enable ACLs in Samba and copy the files with Windows, that may be all you need
<RoyK> Kallis: you'll have to try it out
<Kallis> RoyK, ok cool, I mean worst that can happen is I spend a few days redoing all ACL's but if there was a faster way would have been nice
<RoyK> Kallis: make sure the filesystem is mounted with the 'acl' option and that ACLs are enabled in the samba config
<Kallis> RoyK, Yeah i have already enabled ACL in fstab and just about to do the Samba configs
<RoyK> try getfacl/setfacl somewhere to test it first
<patdk-lap> robocopy :)
<RoyK> patdk-lap: can that do ACLs?
<patdk-lap> hmm, ya, since like always
<RoyK> ok
<RoyK> Kallis: listen to patdk-lap - he seems to know this a wee better than I ;)
<patdk-lap> the question is, do you have the users setup correctly in linux though?
<Kallis> RoyK, cool cool, patdk-lap yeah it is LDAP
<RoyK> same UIDs?
<Kallis> patdk-lap, ldap is running fine with pbis
<Kallis> RoyK, yeah
<patdk-lap> kerberos I hope
<Kallis> yeah kerb
<RoyK> The Hound
<Kallis> also wanted to ask, i keep getting hammered by various ip addresses trying to brute force SSHD , I have setup a script to block an IP permanently after 3 failed logins, but is there anything else I can do ?
<Kallis> most of the ip's geo are china
<RoyK> fail2ban is nice
<RoyK> sshguard too, although it's a bit paranoid
<Kallis> lol
<Kallis> but reall the only option is constantly banning the ip's yeah
<patdk-lap> you can always do security by obscurity? and move it to port ?rand?
<patdk-lap> but that doesn't fix anything, just cuts back on log noise for awhile
<RoyK> denyhosts is also good, although it hasn't been updated for years, so it's no longer in the repos
<Kallis> yeah
<RoyK> (iirc)
<Kallis> i will probably just leave it as is then tbh, banning after 3 attempts has decreased log noise a lot
<Kallis> maybe jusr change the port as well
<patdk-lap> even more if you set the ban time to like 30days :)
<baldini> Hi, when will you fix the major issue with proftpd and your releases
<baldini> LoadModule mod_copy.c
<baldini> I thought you guys were cutting edge?
<baldini> It leaves all servers using Ubuntu to a very serious hack
<baldini> SERIOUS
<baldini> other distros have apparently sorted it
<baldini1> :)
<baldini1> sort it guys
<baldini1> I just lost a client with 5 dedies because of this
<baldini1> one server fell foul and about 70 sites affected, then he closed his other servers
<baldini1> all Ubuntu
<baldini1> Ubuntu plz get your head out of your ass on this
<cowboydodo> hi guys, trying to setup an ldap authentication having a a posixAccount in "cn=Test Appsiting,ou=benutzer,dc=example,dc=com"
<cowboydodo>  and its gid is "appsiting", which in turn is "cn=appsiting,ou=gruppen,dc=example,dc=com" . My apache configurtation is: https://www.refheap.com/117749 but when trying to login with "testappsiting" I get a "invalid credentials, why is that?"
<tarpman> cowboydodo: for a start, "ou=benutzer" != "ou=benutzer,dc=example,dc=com"
<tarpman> cowboydodo: hard to do more than guess, since you haven't shown any debug logs, neither from apache nor the ldap server
<tarpman> cowboydodo: since you said posixAccount, I also want to check - are you using LDAP groups (groupOfNames or groupOfUniqueNames) or RFC2307 groups (posixGroup)? 'Require ldap-group' is going to require the former
<tarpman> cowboydodo: per https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#reqgroup
<cowboydodo> tarpman: The apache2 log says user testappsiting: authorization failure for "/", the slapd i cant find, there is no /var/log/slapd.log, oh and cn=appsiting is a posixGroup. I'll change it
<baldini>  LoadModule mod_copy.c  when you going to fix this guys
<baldini> anytime in the last year would have been fine
<tarpman> baldini: it looks like bug 1462311 is just waiting for someone to propose a patch (debdiff) for review; maybe you could do that?
<ubottu> bug 1462311 in proftpd-dfsg (Ubuntu) "proftpd mod_copy issue (CVE-2015-3306)" [Undecided,Incomplete] https://launchpad.net/bugs/1462311
<baldini> lol
<baldini> wtf
<tarpman> baldini: as the first comment on the bug says, proftpd is in universe, so not supported by the security team
<baldini> tarpman:  please give me a break
<baldini> just dump the crap if its not secure
<cowboydodo> tarpman: groupOfNames  would be fine as well, right?
<tarpman> cowboydodo: yes
<tarpman> baldini: just to be clear - i'm not affiliated with ubuntu in any way. just trying to be helpful in a constructive way
<baldini> np, I appreciated your input
<baldini> but really
<tarpman> baldini: if you want help from the security team, asking nicely in #ubuntu-security might get more attention
<baldini> I do
<baldini> for the last 6 months
<baldini> but id proftpd is not secure it should be dropped
<baldini> if sry
<tarpman> not sure how you "drop" something that many users (apparently including yourself) have already installed
<baldini> how many people using proftpd on Ubuntu at the moment and totally unaware they are totally hackackable
<baldini> its a major security risk
<tarpman> cowboydodo: slapd log -> https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-logging -- 'stats' would be a good log level to start with (logs every query)
<cowboydodo> tarpman: getting closer, instead of a "user not found" i now get a "authorization failure"
<tarpman> baldini: proftpd is far from the only package in universe with glaring security problems
<baldini> tarpman: agreed
<baldini> but that just affected me
<baldini> maybe its tile for Ubuntu to pack it in?
<baldini> time
<tarpman> baldini: if you want to make sure you only run security-supported packages, you have to remove universe from sources.list altogether
<baldini> tarpman:  noted
<baldini> all my installs are minimal
<tarpman> baldini: or consider debian - the entire archive gets security support (in theory... in practice the security team there is also overworked)
<baldini> I know about overworked
<baldini> its all imploding
<tarpman> baldini: but for the immediate problem you're working on (proftpd): the shortest path to a good solution for you and all the other proftpd users is for someone to propose a debdiff for review
<tarpman> anyway, i'm going in circles now, i'll shut up :)
<baldini> hehe
<baldini> easy fix is # the module
<cowboydodo> oh my god i got it, thanks tarpan
<cowboydodo> had to use the full dn
<cowboydodo> after require ldap-group
<profall> Is it worth it to move to 16.04 yet?
<tarpman> profall: for evaluation/pre-production use, or if you consider yourself an "early adopter", certainly
<profall> Well, it will be used in a production environment. Just worried about setting up things on 14.04 and then having to move everything over 6 months from now...
<tarpman> profall: for production use, depends on your risk tolerance; you might want to wait a month or two for the bugs found by initial adopters to be fixed
<profall> true
<profall> I think ill just wait, plus it gives me a job in the future :P
<tarpman> profall: if you're just starting a project now, I'd say 16.04 is a better choice than 15.10
<profall> How long is 14.04 supported for?>
<tarpman> https://wiki.ubuntu.com/Releases -> April 2019
<patdk-lap> generally it's best to wait till 16.04.1
<patdk-lap> that is normally aug time frame
<profall> yea
#ubuntu-server 2017-04-10
<sonu_nk> hi i recently created subdomain but its not working nslookup server can't find apis.mydomain.com: NXDOMAIN
<ikonia> so check it on the dns server that hosts it
<sonu_nk> ikonia, what steps i need to do?
<zioproto> good morning
<zioproto> my Openstack Horizon has funny error messages in the log files
<zioproto> extern "Python": function Cryptography_rand_bytes() called, but @ffi.def_extern() was not called in the current subinterpreter.  Returning 0
<zioproto> coreycb: hitting bug https://bugs.launchpad.net/openstack-ansible/+bug/1624791
<ubottu> Launchpad bug 1624791 in OpenStack Dashboard (Horizon) "Horizon randomly fails to connect to the service APIs" [Undecided,New]
<zioproto> There is a fix but I am not sure it is in the ubuntu packages https://review.openstack.org/#/c/432257/
<zioproto> I mean, I am not sure if there is a package conflict that is properly managed.
<frickler> zioproto: for me the fix for that bug is what I describe in my comment, avoiding unsafe concurrent use of the crypto lib https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17. all the lib versions didn't really seem to matter much in the end
<ubottu> Launchpad bug 1624791 in OpenStack Dashboard (Horizon) "Horizon randomly fails to connect to the service APIs" [Undecided,New]
<zioproto> frickler: so I should change in my apache config WSGIApplicationGroup %{GLOBAL} ?
<zioproto> frickler: because my apache configuration comes from the upstream puppet-horizon module, so I should submit a patch to the puppet-horizon project then
<frickler> zioproto: yes
<zioproto> Anybody knows what is this package landscape-common ?
<zioproto> that is the package that brings the dependency on python-openssl
<zioproto> but I have no idea what is this landscape-common, what is for ?
<frickler> zioproto: https://landscape.canonical.com/
<ikonia> sonu_nk: check the sub domain is available on the servrer that hosts it
<ikonia> zioproto: it's for use with landscape
<sonu_nk> fixed with DNS setting A record
<sonu_nk> thanx
<Mead> anyone here run VM's with qemu kvm without a gui?
<ikonia> Mead: yes
<Mead> what resource did you use to figure out how to build the VM's?
<ikonia> what do you mean ?
<Mead> the xml file that gives the guest OS  cpu, storage, network, hardware interfaces and etc.
<Mead> I'm having issues wrapping my head around creating/modifiying an example to meet my needs.
<sonu_nk> my server says when restarted "     * Restarting web server apache2
<sonu_nk> AH00180: WARNING: MaxRequestWorkers of 423 exceeds ServerLimit value of 256 servers, decreasing MaxRequestWorkers to 256. To increase, please see the ServerLimit directive."
<sonu_nk> what about this " MaxRequestWorkers " ?
<andol> sonu_nk: https://httpd.apache.org/docs/2.4/mpm.html
<zul> jamespage: yay https://bugs.launchpad.net/ubuntu/+source/neutron/2:10.0.0-0ubuntu5/+build/12415791
<ubottu> Error: launchpad bug 2 not found
<joko> ping
<zioproto> frickler: so, for me `apt-get remove python-openssl` and removing the package landscape-common fixed the problem without touching the apache config
<zioproto> Hey guys I have some doubts about the Neutron init.d script in Xenial
<zioproto> I have the config spread in many files
<zioproto> because of LBaaS and other plugins
<zioproto> so I need the neutron-server to run with a bunch of --config-file =
<zioproto> I had to hack the /etc/init.d/neutron-server script
<zioproto> but what I did is not very elegant
<drab> tekk: hey, did you find a solution to your problem? had to run yesterday and actually don't know off the top of my head a solution to that
<tekk> which?
<tekk> the vlan / isolation?
<drab> instances not talking to each other
<drab> yes
<tekk> i found several
<tekk> so, the MAC-based VLAN setting on my switch was my preference but i couldn't get it to work
<tekk> i don't understand how VLAN's on linux work....
<tekk> so basically i created a ton of interfaces on different subnets
<tekk> and an iptables rule saying they can't talk to each other etc
<tekk> not ideal... and not bulletproof... but better than nothing
<drab> k
<drab> openswitch is probably cleaner I think, but maybe more costly upfront to figure out how that works
<drab> but then you'd have the "L2" isolation you talked about, ie at switch level
<drab> never looked into it myself, but sounds like at some point I will because it keeps coming up
<zioproto> coreycb: we started the upgrade of the compute nodes from Trusty to Xenial (OS release Mitaka). We hit this bug of libvirt. https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1583009 How to I tag in launchpad that this bug also affects the project nova-compute on ubuntu ?
<ubottu> Launchpad bug 1583009 in libvirt (Ubuntu) "Error starting domain since update" [Medium,Fix released]
<zioproto> Basically without fixing this bug the scheduling of the instance will fail on the compute node very badly, and the instance will start on another compute node but with two neutron ports
<nacc> zioproto: at the top of the bug, also affects project -> choose another project ?
<nacc> zioproto: presuming you konw the name of the project?
<zioproto> https://launchpad.net/cloud-archive
<zioproto> I try
<zioproto> I am afraid it will remove libvirt
<nacc> no, it adds
<nacc> (hence the +)
<zioproto> ok I managed
<zioproto> https://bugs.launchpad.net/cloud-archive/+bug/1583009
<ubottu> Launchpad bug 1583009 in Ubuntu Cloud Archive "Error starting domain since update" [Undecided,New]
<cpaelzer> zioproto: the replacement would be if you flip open the libvirt task ana select something
<nacc> cpaelzer: thanks, good point
 * cpaelzer is not here
<nacc> cpaelzer: did you see the AA bug re: libvirt?
<nacc> cpaelzer: and hugepages (although it's ok if you've disappeared again :)
<cpaelzer> no I did not nacc
<cpaelzer> and I did honestly not intend to read it before next week unless you tell me it is really needed
<nacc> cpaelzer: ack, it's fine
<nacc> cpaelzer: sorry, forgot you're on vaca! get outta here!
<cpaelzer> nacc: the hugepages path is the one that dpdk sets up for the bigger hugepages (1G in that case)
<nacc> cpaelzer: yep, understood
<cpaelzer> nacc: I'd think the qemu code might take "the first HP mountpoint it finds" (not sure)
<nacc> cpaelzer: yeah, i think it does too
<cpaelzer> and thereby pick one prohibited by the libvirt-qemu abstraction profile
<nacc> i think the AA profile jsut needs to be extended with an *
<cpaelzer> usually the qemu-kvm init sets up /dev/something as well and I guess that is in it
<cpaelzer> yeah, I thinkg /dev/hugepages** should be fairly safe
<cpaelzer> the day one places something other than hugepages in there I'll go WTF anyway
<nacc> cpaelzer: i donn't think you can
<nacc> cpaelzer: well, i mean, anything you place in there ends up being mapped by hugpeages
<nacc> oh you mean if someone manually creates a dev node?
<nacc> yeah that's a PEBKAC :)
<rbasak> powersj: around? About tomcat8.
<powersj> rbasak: I am
<rbasak> powersj: I think these are uploaded? I didn't mark the MPs as "Merged" as the importer shouldn't really (and won't) adopt them until they're accepted by the SRU team, which I couldn't do as I was the sponsor.
<rbasak> powersj: but I think they're all in -proposed now?
<rbasak> powersj: I'm not sure why I don't appear to have commented saying that I'd uploaded in the MPs or in the bugs or something.
<powersj> rbasak: hmm I don't recall seeing an email nor does rmadison show something in proposed
<rbasak> Sorry if I missed that.
<rbasak> powersj: bugs 1666570 comments 12, 13, 14. I might be missing something though. There's an inconsistency somewhere then?
<ubottu> bug 1666570 in tomcat7 (Debian) "Post install script has error in RegEx" [Unknown,New] https://launchpad.net/bugs/1666570
<powersj> rbasak: ah! those are for tomcat7
<nacc> rbasak: well, alternatively, you *can* push an upload up (in theory this is something we'll need to do when anyone can provide upload/ tags presuming they hae rights), and if it disagrees with wht ends up being uploaded, it will be ignored
<nacc> but then at least, the hash is documented in the MR and the git repo
<rbasak> nacc: yeah. I hope I did that. I don't recall.
<rbasak> But the MP won't show as merged.
<rbasak> Well, perhaps it should.
<rbasak> I seem to have confused 7 and 8 then.
<rbasak> I can't remember what I did or what I was thinking :-/
<nacc> yeah 'merged' to me (in our process) means pushed to lpusip
<nacc> not necessarily integrated into a branh
<nacc> which is confusing, i suppose
<rbasak> Ah, OK.
<nacc> as only the importer knows when that happens (and if it does)
<rbasak> I wonder if Launchpad will detect when the MP is adopted by the importer?
<nacc> with better tooling, we might bea ble to figure that out i guess
<rbasak> Here I think I've confused tomcat7 and 8 somewhat.
<nacc> i think it can, actually
<rbasak> So it isn't necessarily an example of it not doing that.
<nacc> but it doesn't alwasy use the correct hash
<powersj> rbasak: I thought you had only looked at 7 so far
<powersj> we had a short discussion on those merges and you even made a comment or two
<rbasak> powersj: that would make sense!
<rbasak> I think I perhaps forgot at some point that there were two sets.
<powersj> and I got 7 and 8 confused numerous times while making those merges... so it isn't just you ;)
<rbasak> Hence my confusion
<nacc> yeah, it's a pain, i've made the same mistake in traige
<nacc> *triage
<rbasak> powersj: so let me make sure I get myself straight now.
<rbasak> powersj: 7 is done from a sponsorship POV, right? And 8 needs a review and upload for SRUs?
<powersj> rbasak: correct
<rbasak> powersj: thanks
<rbasak> I'll do that now.
<rbasak> powersj: oh, though 7 on X and Y appear to have FTBFS.
<nacc> right, i thought that was the status, and that powersj said even regular reubilds failed?
<rbasak> But I'll worry about those separately.
<powersj> rbasak: yeah I was working on that Friday and got a little frustrated so uploaded the current package to a ppa and it failed to build
<rbasak> Let me review/sponsor 8 for now.
<powersj> so a bigger issue for me to try to track down
<rbasak> Understood, thanks.
<powersj> nacc: someone reads my updates ;)
<rbasak> Hey I read them too. But I see Tomcat and my eyes glaze over :-/
<rbasak> "Great, Josh is taking care of those! No need for me to worry then."
<rbasak> :-)
<powersj> lol
<powersj> rbasak: speaking of the tomcat7 sru, am I allowed to test and mark verified since I didn't actually upload? Or should I find someone else?
<rbasak> powersj: anyone can do the SRU verification and verification-done thing. In fact we prefer it if the original affected users do so for the verification of the fix part at least.
<powersj> rbasak: I was hoping the reporter would do it, but haven't seen anything from him, so figured I would do it before the 7 days is up
<rbasak> powersj: appreciated, thanks. Though 7 is the minimum, not the maximum. You can wait another week or two if you like.
<powersj> oh ok
<rbasak> (or appeal again to the reporter, etc)
 * powersj needs to re-read the SRU page yet again :)
<craigs_> question: we are running active/active bond between two 10gb ports. Running ubuntu 16.10. we have the hdwadress ether set for both nics, and find that after a reboot that the mac address changes to the other nic during a reboot. Is there a way in active/active to stay on one default mac for the bond?
<rbasak> nacc: looks like the tomcat7 import didn't automatically run. Any idea why?
<nacc> rbasak: bastions are down still afaik
<rbasak> Ah, of course, thanks.
<nacc> rbasak: np
<rbasak> powersj: "Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7" -- should this not be /etc/default/tomcat8 for the tomcat8 packaging, or is it covering an upgrade path from tomcat7?
<rbasak> powersj: also needed an update-maintainer run for Yakkety.
<rbasak> Everything else looks fine.
<rbasak> If those changes seem OK to you, let me know and I can commit fixups and upload - no need for you to do it.
<powersj> rbasak: ok will look at shortly
<rbasak> Sure, thanks
<powersj> rbasak: and yes it should say tomcat8 :(
<rbasak> powersj: oh, and zesty should be 8.0.38-2ubuntu2 rather than 8.0.38-2ubuntu1.1.
<rbasak> I can fix that up too.
<rbasak> Not that 1.1 would cause any harm - just convention.
<nacc> and because zesty has not been released yet
<rbasak> Hmm.
<nacc> i think it's one of the few cases that maybe needs a bit of documentation in the security wiki page -- it may come out as an SRU if uploaded now for zesty
<rbasak> We are in final freeze.
<nacc> or in our wiki page (that doesn't exist) that refers to the security wiki page for versioning :)
<powersj> rbasak: ok so 1) it should be tomcat8 and not 7 as I said 2) you had to run update-maintainer because this is the first delta? 3) and the version is that way because it doesn't count as an SRU for zesty?
<nacc> powersj: i think 3) is a corner-case
<rbasak> Right.
<nacc> powersj: in that you can upload to -proposed now, and since z is not released the right thing to do is bump the version (not append .X)
<rbasak> So I tried to upload, but Yakkety failed because 0.1 already exists. I had to re-run the tomcat8 import.
<powersj> oh
<nacc> powersj: but it will probably end up released as an SRU for z, becuase of the freeze
<nacc> powersj: and since aa gets established from the latest version in z, it will be after z still
<nacc> that's my understanding at least
<powersj> nacc: ahh ok so I will need to push for aa as well?
<rbasak> nacc: but yakkety-devel should point to the same as yakkety-security, but it doesn't.
<nacc> powersj: no, it will get copied forward
<rbasak> For now, I'll rebase on top of yakkety-security manually, but I think that's a bug.
<rbasak> (in the moving of yakkety-devel)
<nacc> rbasak: tomcat8 has the same version in y-s and y-u
<nacc> rbasak: and y-u *might* have been published after
<nacc> so we might have moved y-d
<nacc> i'd need to look at the pub history to check
<rbasak> https://git.launchpad.net/~usd-import-team/ubuntu/+source/tomcat8/refs/heads
<rbasak> updates and security both say 0.1
<rbasak> But devel says 8.0.37-1 (before 0.1)
<nacc> hrm,
<nacc> y-d is quite out of date
<rbasak> And when I ran the import just now, I thought I saw it import 0.1
<rbasak> And that was using today's master, so I'd have expected it to bump -devel.
<nacc> rbasak: it *might* be a case of bad import from when we were making chnges
<nacc> rbasak: yeah, it should have
<nacc> rbasak: can you file a bug and i'll debug it locally
<rbasak> Will do
<rbasak> http://paste.ubuntu.com/24356213/ is my usd run
<nacc> rbasak: and to besure, you fetched master first?
<rbasak> Oh, my mistake
<rbasak> I did fetch master first.
<rbasak> But the import looks like it didn't import 0.1
<nacc> rbasak: ah yes it didn't
<rbasak> So it could pre-date the devel pointer fix.
<nacc> because it's already been importe
<nacc> yeah, i think that's the bug
<rbasak> So I'll assume no bug for now. We'll see next time.
<nacc> yeah, we'll need to reimport tomcat8 from scratch really
<nacc> i would sort of like to reimport all of server main ... but i'm worried about breaking everyone
<nacc> but we've made so many changes and fixes that it'd be nice to get to a consistent state across all the packages
<nacc> rbasak: do you have a few minutes for a HO today? i know it's quite late for you
<nacc> wanted to discuss an onboarding/UI change i'm working on now
<rbasak> Sure, I'm working late this evening anyway. But give me a few minutes to sort out this tomcat8 thing first if that's OK?
<powersj> rbasak: it sounds like there are some changes for me to make, do you want to comment on the reviews and I can make updates. Of if you want to do things locally that's fine.
<nacc> rbasak: yeah of course!
<rbasak> powersj: I'll just do it locally and push and upload, if that's OK. The changelog message is still yours, just with the zesty version and the tomcat7/8 thing tweaked.
<powersj> rbasak: ok :) let me know if I can help in anyway. I appreciate you reviewing
<rbasak> nacc: so should I mark these MPs as Merged even though they're in unapproved? I have pushed the upload tags.
<rbasak> powersj: I think I'm done with tomcat8 uploaded correctly. Sorry for the mess.
<powersj> rbasak: no worries I'll watch 'em and if I don't see the SRU emails in a couple days will ping you again ;)
<nacc> rbasak: i think that's what we need to decide process wise
<rbasak> nacc: I'm in the usual team hangout
<rbasak> (from the new calendar entry)
<nacc> rbasak: ack, joining
<Tahvok> Hey guys!
<Tahvok> Is hwe-support-status tool available under 16.04? I can't find it
<rbasak> Try #ubuntu-kernel
<sarnold> I didn't spot one in a quick look..
<sarnold> the #ubuntu-kernel suggestion is a good one
<ikonia> why would #ubuntu-kernel be able to say if a package is in the repos
<ikonia> just look in the repos and see if it's there or not,
<ikonia> packages.ubuntu.com for example
<rbasak> People in #ubuntu-kernel may know what's going on with it in more detail. For the use case rather than the mechanical answer to the question.
<rbasak> As the HWE policy has changed in 16.04 IIRC.
<ikonia> I don't think it has changed
<ikonia> it will still release updates in line with the point releases
<nacc> Tahvok: it's in update-manager-core afaict
<nacc> ah in 16.04 it's ubuntu-support-status maybe?
<Tahvok> update-manager-core provides ubuntu-support-status
<Tahvok> Is it the same?
<nacc> Tahvok: i'm not sure, it outputs someting like http://paste.ubuntu.com/24356572/
<nacc> Tahvok: i've never used hwe-support-status, but i see it is in update-manager-core in 17.04
<Tahvok> Well it says that linux-image-4.8 is supported until April 2022 when it should be till' 2018
<Tahvok> I'll try #ubuntu-kernel
<patdk-wk> it's normally 9months after release currently
<patdk-wk> so when the new one comes out, you have a 3month overlap
<sarnold> there were plans afoot to change the HWE stack support https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack
<patdk-wk> I had thought it was agreed on (but I'm not in the know :) that as long as the version that supports that kernel exists, it would exist for hwe also
<keithzg> I'm at a bit of a loss; I have a nearly-stock dovecot config, honestly I think I haven't even changed /etc/dovecot/dovecot.conf, but now I'm trying to change a value in one of the config files in /etc/dovecot/conf.d/ and it's completely ignoring me, as if it isn't loading those files at all.
<keithzg> But it definitely has the "!include conf.d/*.conf" in dovecot.conf, and I don't see any relevant errors spit out anywhere.
<keithzg> Heh nevermind, a bit of grepping seems to have shown me where the wires were being crossed, a leftover config from an older setup that didn't get purged.
<ishaved4this> hey guys, Ive been having some serious problems with my damn server and I was wondering if anyone could enlighten me
<ishaved4this> I cannot for the life on me get my server to mount my external drives. I've created directories, with sub directories, i have the fstab file set up with UUID= and it just wont boot
<ishaved4this> I have the entire log file if someone could help im out. I'm going crazy here
<nacc> ishaved4this: if you manually mount the directories, does it work?
<nacc> i'm assuming you don't actually need the external drives to boot, but that's not clear
<ishaved4this> no, Theyre just for exra space
<ishaved4this> I have a jbod, and two actually externals
<ishaved4this> I cannot get into the computer at all besides emergency mode, but like I said, I did pull the log file
<nacc> if they are just for extra space why do you only get emergency moe?
<nacc> *mode
<nacc> it sounds like something else is going wrong
<nacc> or, even though you don't need the disks to boot, are you reuqiring them in your fstab?
<nacc> ishaved4this: you can pastebin the log maybe?
<ishaved4this> I need them to boot for plex on launch. and yes. I have the past file
<ishaved4this> http://paste.ubuntu.com/24357055/
<ishaved4this> thank you so much man! its been driving me up a wall for a week now. I also still have physical access to the computer, so if you need any extra info, let me know what to type in
<nacc> ishaved4this: how do you konw the disks aren't being mounted?
<nacc> ishaved4this: can you pastebin your fstab?
<nacc> ishaved4this: note that systemd is commplaining about you having files in /media/Plex*
<nacc> ishaved4this: also, typos in fstab, 'ex4'
<nacc> i'm assuming based upon the logs
<ishaved4this> ahhh okay. How do I get into fstab through root? when I type in  nano /etc/fstab its blank
<sarnold> is that /etc from your rescue environment or the Real Thing?
<ishaved4this> got it.
<nacc> ishaved4this: you would need mount your system disk and edit that file
<ishaved4this> im in the real thing. Just in maintenance mode
 * nacc believes maintenance mode is just the initramfs, no?
<nacc> so nothing is mounted yet, iirc
<ishaved4this> everything in fstab was missing the "T" in ext4" lol.
<ishaved4this> my be the issue
<nacc> ishaved4this: almost certainly it was
<nacc> ishaved4this: note you might need to rebuild your initramfs after editing fstab
<nacc> i can't recall
<ishaved4this> okay well let me send you my fstab file
<ishaved4this> paste.ubuntu.com/24357463
<ishaved4this> is the the correct configuration I need for external storage?
<ishaved4this> besides the ex4 typo
<nacc> ishaved4this: i mean external devices aren't really diffferent
<ishaved4this> I just fixed the ex4 typo and rebooted. I'll let you know what happens
<nacc> ishaved4this: unless you mean over the network
<nacc> ishaved4this: did you rebuild your initrd?
<ishaved4this> no, I have no idea what that is to be honest
<sarnold> I think 'external' really only gets interesting once you go multipath
<nacc> sarnold: yeah, or needing to specify to wait over the network
<nacc> *on the network
<sarnold> nacc: "very external" :)
<nacc> ishaved4this: well, if it doesn't work, you'll need to mount your system disk again chroot in and `update-initramfs -u -k all`
<ishaved4this> oh shit! once I fixed the error, everything seemed to load up, and now its checking the progress of the disk
<nacc> ishaved4this: ok :)
<ishaved4this> do you know if every reboot will be this slow to check the disks? I believe that behavior is due to the "2" I added to the end of the line
<rharper> the "2" indicates the order in which to check disks;  ext4 has a max-mounts-count which if exceeded triggers a check-disk
<ishaved4this> ahhh. well heres an example of the external drives
<ishaved4this> UUID=c9781468-4e60-618a-8546-3b712ca47316 /media/Plex5 ex4 defaults 0 2
<ishaved4this> should I change any of that to make it run better as extra storage? Since I last messaged its only at 1.3 percent
<rharper> well, ext4, vs ex4; but no; not much to do to change the time to scan the disk; that's a property of the size of the disk and the speed of the interface to the disk
<ishaved4this> yeah I already fixed my dumb error of ex4 lol, they are at ext4 now
<ishaved4this> well the JBod should be getting 5gb/s, and the externals somewhere around there too. is there anyway to check if it is receiving the correct speed?
<rharper> you're bound by iops, not bandwidth
<rharper> the metadata checking are all small reads
<ishaved4this> I do know one 1TB drive is completely full, maybe it could be building a file to check against? I'm fairly new to linux
<rharper> if you have iostat installed, then you can look at iostat -x -k 2 ; the disk in question will likely be at 100% utilization
<rharper> for disk checks, one just had to wait it out
<rharper> you can disable the checks or change the frequency, looking at tune2fs command can help you tweak those options
<ishaved4this> yeah the disk is at 100% utilization
<ishaved4this> so this will be a thing on every restart?
<rharper> no
<ishaved4this> ah okay
<rharper> ext4 only forces check after a disk has been mounted more than the max-mount-count, or if it has a time-length exceeded (it hasn't been checked in some defined length of time)
<rharper> those options are tuneable via the tune2fs command
<ishaved4this> very cool. I'll definitely download that
<rharper> the other trigger is if the system does not get to umount the filesystem cleanly (ie, a crash )
<rharper> in which case, that will trigger a scan
<ishaved4this> oh okay. thank you so much for all your help man. I do have one more question for you
<ishaved4this> do you mess around with plex at all?
#ubuntu-server 2017-04-11
<Jack> anyone know why this happens? http://i.imgur.com/VWfIxQ2.png
<sarnold> Jack: leave off the /
<sarnold> Jack: / says to start the directory search from the filesystem root /
<sarnold> Jack: but the directory appears to be in /home/teamspeak/
<sarnold> s/in/named/
<Jack> oh okay i have never had a problem before and it let me do it weird
<Jack> Thank you
<Mead> why would installing a CLI utility require installing x windows?
<sarnold> some programs can do different things via X but don't dynamically load the various libraries
<sarnold> sometimes it's just a package provides both commandline and graphical tools and therefore requires the graphics libraries to make sure the program works rather than dies.
<Mead> this is frustrating,  cause I'm trying to keep the ubuntu-server footprint really small to allow for me to pass on more resources to my VM's
<sarnold> make sure you've got a gigabyte or two of space for swap so unused memory can be shoved to disk
<Mead> what is the best method to create KVM-QEMU VM's with just CIL?
<sarnold> virsh is the usual approach
<sarnold> I can't ever figure out how to drive the thing
<Mead> err cli...
<xok> hello all...
<xok> I've got a PXE boot server with preseed configuration file in place...
<xok> is there a chance for automatic installator (throug d-i ) to dynamically alocate physical disks and partition them?.
<xok> I mean not to provide the actual names in the preseed.cfg file...
<TafThorne> xok: is that something the whole Metal as a Service stuff deals with?  (which isn't PXE) but is Ubuntu related.
<TafThorne> It might be possible to use PXE to do something similar but I am not that big a user of it.  The MaaS thing just popped into my head while I read what you were asking.
<Aison> any body experienced with overlayfs here?
<maswan> A little bit, but only for singularity-container use
<Aison> I merged a readonly lowerdir with a rw upperdir and workdir
<Aison> the strange thing is now, that only the root of the merged dir is writable
<Aison> all subdirectories are not
<Aison> even as root
<maswan> not much clue there from me, sorry
<maswan> other than possibly somthing about shared
<Aison> ok :-)
<Aison> ok, it looks like a bug with nfs as lowerdir
<Aison> is there an alternative to overlayfs?
<bildz> Good morning, is anyone actively using ISCSI boot targets with MAAS?
<nacc> blake_r: --^ ? :)
 * med_ looks around to see if there is anyone still in here....
<nacc> med_: ?
<med_> a lot of pink slips at Canonical the past few days.
<nacc> med_: ok
<nacc> med_: this is a support channel :)
<patdk-wk> that supports pink slips?
<nacc> trees and dye
<nacc> i guess?
<med_> erm, this is the #ubuntu-server channel. Not really a support channel as per se. It's a "community" channel and that community includes a lot of Canonical and ex-Canonical.
<med_> Ie, the title says "Discussion and support" for instance.
<nacc> med_: right, i agree with you, sorry
<nacc> med_: so not sure why you brought up something about canonical
<skits> I am using 16.04 (64)server:  Trying to find out if there is a difference in how 16+(tried 04/10) handles webserver naming/ips as compared to 14(04/10). I loaded up 14.04 on my test server and have no issues with vhost displaying dns (16+ seems to only display public ip) but 16+ seems to only display the public ip. Any info, links, or pointers on the subject specific to only 16+?
<nacc> skits: a few follow-on questions -- do you mean that if you run a process (say dig) on your 14.04 server, you get differnt results than the same server with 16.04?
<nacc> skits: or is it specificaly only having some difference in behavior with vhosts?
<skits> Right now it seems to only really affect how it displays ip/dns in user browsers and its ability to trigger webapp functions(based on dns). Everything else functions just fine. Only vhost seems to be affected directly
<nacc> skits: and which webserver are you using?
<skits> I tried both nginx and apache. I am more familiar bar far with apache but the basic setup on nginx to test is easy enough just to test results.
<nacc> skits: ok, i'm not super familiar with vhosts ,let me do some self-education
<skits> Copy, thank you for your time nacc.
<nacc> skits: so ... what do you see as the end user? can you clarify the bugginess you see?
<nacc> skits: like a concrete example -- I navigate to http://whatever.com and it doesn't work, or it redirects and fails or somethinfg
<skits> I can only see public ip and iterations such as 00.00.00.00/this page or 00.00.00.00/this/page
<nacc> skits: ah, you can't get to them by hostname at all?
<skits> http://67.205.132.87/solder/repo/ might be helpful
<skits> host name instantly deflects to ip (such as solder.storagedragon.com or storagedragon.com or repo.storagedragon.com)
<nacc> skits: ah, and you expect it to stay as hostname?
<skits> Correct. If it does not then it weill not trigger certain web apps or differentiate between the subdomains
<nacc> right, that makes sense
<nacc> so i'm guessing this might be a change in behavior in apache2 (but not sure) -- you went from 2.4.7 to 2.4.18 (or so)
<skits> That very well could be. I am using apache2 atm but it was also present in nginx which is why I asked here(ubuntu) first.
<nacc> sure
<nacc> i mean, i'm not sure that it's an ubuntu thing (in that, afaict, the vhost stuff is all in the webserver(s))
<skits> I was thinking so, was hoping it was an easy thing within ubuntu that would fix both at the same time. I will delve deper into the newer version apache/nginx then. Thank you sooo much for your time nacc!
<nacc> skits: np, stick around here, there are often more experienced people than I :)
<nacc> teward: --^ maybe you know or know where to look
<skits> I used to live in these channels but was on hi-aitus for a year. I just never had to ask questions much. lol
<nacc> skits: not a problem, just need to think about it a bit, you should be able to find the apache changelogs online (i wouldn't necessarily use the debian/ubuntu package ones, but hte upstream ones)
<nacc> skits: that it happens with nginx as well seems odd, but i'm not sure how that works
<nacc> skits: i'm assuming the vhost configs have thigns like ServerName and ServerAlias set, etc?
<skits> Ya, thats why I actually had to ask. lmao. Was sure how to word my question for google to pull out relevant results. lmao
<nacc> skits: and i wonder if the apache logs say anything?
<skits> Nothing relevant to this. Just errors for other stuff since events won't trigger properly without correct name. lol
<nacc> skits: ok
<skits> Might even be how my registrar is forwarding dns! brb. Gonna check cname/a records and see.
<nacc> skits: yeah, that could be
<skits> grrr, I am so sorry for wasting time. It was an issue with godaddy (Never normally use their nameservers, just their domain names).  the rest shoudl be an easy fix. thank you!
<skits> Uhg, I cant wait till my names expire and I can take them elsewhere. lol
<nacc> skits: np! glad you were able to resolve it
<bildz> we just spent 30k on support
<bildz> they better NOT be laying off people
<bildz> at least their ISCSI guy!!!
<nacc> bildz: ?
<bildz> nacc: hey
<nacc> bildz: hiya! just seeing if there was any server stuff you needed; or just general commentary there :)
<bildz> nacc: i actually do need some server asstance around IBFT and how horribly UNDOCUMENTED it is and apparent lack of debian support
<nacc> heh
<nacc> bildz: what kind of environment? what OS?
<bildz> so I have redhat installed and will be scouring through dmesg
<bildz> nacc: 16.04 LTS, pure storage, and MAAS :D
<nacc> bildz: ok, so 16.04 guest with iscsi root?
<bildz> correct
<bildz> 24 Cisco B series M4's
<nacc> bildz: and what is happening in the guest? no root detected?
<bildz> going to be standing up MAAS + juju
<bildz> nacc: correct
<nacc> bildz: does it have network?
<nacc> bildz: when it fails to find root, that is
<nacc> does it drop you to a shell?
<bildz> we haven't been able to find any iscsi targets
<bildz> even with a fully installed operating system
<bekks> Do the M4's support IBFT?
<bildz> yes
<bildz> http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/gui/config/guide/2-2/b_UCSM_GUI_Configuration_Guide_2_2/b_UCSM_GUI_Configuration_Guide_2_2_chapter_011111.pdf
<nacc> bildz: oh so even within a non-iscsi root guest, you can't see iscsi disks? what command did you try?
<bildz> iscsistart -b
<bildz> iscsi -n  "should pull the IQN from the hardware"
<bildz> iscsistart -n
<nacc> i don't see an iscsistart -n option in 17.04, let me spin up a 16.04
<nacc> bildz: if you use iscsiadm and run discovery, does it work?
<bildz> tried iscsiadm, but can do it again if you have some guidelines
<nacc> bildz: does iscsistart -b report any errors? or just nothing?
<nacc> bildz: something like
<nacc> iscsiadm -m discovery -p ip:port
<nacc> where ip and port are the iscsi portal
<bildz> one sec we'll check
<bildz> making some notes of what RHEL is seeing right now so we can attempt to port
<nacc> sure
<nacc> i don't have a ton of experience with iscsi root (yet) but i wrote the new support in curtin for iscsi non-root disks
<nacc> so i have been playing with iscsiadm and tgt quite a bit
<bildz> oh nice!
<bildz> well I will be happy to keep you in the loop with our progress
<bildz> im documenting for a blog
<nacc> bildz: that'd be great, as i'd like to make this all a bit easier (i also found it quite painful)
<bildz> i couldn't agree more
<bildz> i love hardware, said nobody ever
<nacc> :)
<bildz> 2.0-8734 is the version of iscsiadm on 16.04
<bildz> RHEL is at 6.8
<bildz> ubuntu cannot read the firmware off the hardware
<nacc> ah
<nacc> so a driver issue?
<nacc> i'm not sure at what level the ibft support is supposed to be implemented, tbh
<bildz> i know
<bildz> im working if I can just build a new ramdisk with a more current version
<bildz> wondering*
<nacc> bildz: which 16.04 kernel are you using? 16.04.1 (4.4) or 16.04.2 (4.8)?
<bildz> 4.8 hwe - edge
<nacc> bildz: ok
<nacc> bildz: do you get an error in dmesg indicating it can't read the ibft data?
<bildz> checking
<bildz> doesn't look like any dmesg errors
<nacc> bildz: anything in /sys/firmware/ibft ?
<bildz> we're building IBFT now
<nacc> bildz: ok
<nacc> bildz: my understanding is the kernel puts the ibft data it finds in /sys/firmware/ibft
<nacc> and i *think* that might exist regardless of the ibft driver, but i'm not sure
<bildz> ill be around though, nacc
<bildz> thanks for your help!
<nacc> bildz: np, and ping me anytime for iscsi help
<nacc> Odd_Bloke: where did we end up landing with LP: #1569237 ?
<ubottu> Launchpad bug 1569237 in cloud-images "vagrant xenial box is not provided with vagrant/vagrant username and password" [Undecided,New] https://launchpad.net/bugs/1569237
<nacc> Odd_Bloke: did we just decide to not do anything?
<yotux> I have a ubunut server install runing web services, would to be too much to add vpn and kvm hosting?
<yotux> I have an ubuntu server running lvm using lvm snapshots a good backup method?
<sarnold> it may be useful but it's not backups
<sarnold> or do you mean that you would use that computer as a backup target from other computers?
<yotux> I'm running owncloud / alfresco at the moment had I use rsync to backup those directs up along with mysql dumps
<yotux> I was looking to add kvm to the server and need to resized some lv and I can across lv snapshots...
<sarnold> just meditate on this a bit and it'll probably become clear :) https://twitter.com/leyrer/status/847816162557689857
<yotux> I currently use external USB hard drive to store files off site...
#ubuntu-server 2017-04-12
<WACOMalt> ok I know this is a long shot, but anyone in here using zpanel as a backend on ubuntu-derver for http?
<WACOMalt> I seem to have messed up my vhosts by doing a documentroot overide while trying to set up ssl
<WACOMalt> Hello everyone. Can anyone help me track down a long existing issue on my ubuntu server 14.04 machine regarding apt-get ? basically anytime I get it I get errors about unresolved locales package conflicts.
<WACOMalt> https://hastebin.com/kodusumoyo.vbs
<WACOMalt> is the typical output I see when trying to install anything at all
<WACOMalt> if I do apt-get -f install I get https://hastebin.com/aduvisevab.sql
<qman__> WACOMalt: you appear to have unofficial sources in your apt, causing a libc version conflict
<WACOMalt> where can I check for these?
<WACOMalt> @ qman__
<qman__> WACOMalt: /etc/apt/sources.list and /etc/apt/sources.list.d/*
<WACOMalt> ok I'll post the contents of those in just a moment. thanks for the pointer
<qman__> if you have installed software or upgraded while having these sources added, it's likely your system is in a very broken state that's going to be difficult or impossible to resolve
<WACOMalt> : [
<qman__> you can also get more information about where it's picking up these version with apt-cache policy
<WACOMalt> ok here's sources.list https://hastebin.com/polubinace.coffeescript
<qman__> e.g. apt-cache policy libc6-bin
<WACOMalt> libc-bin reports this: https://hastebin.com/oyakukidag.rb qman__
<WACOMalt> and here is my sources.list.d folder contents: https://hastebin.com/anifapolip.css
<WACOMalt> looking in each of those, all appear to be for trusty
<WACOMalt> btsync being the only one that doesnt indicate that in the filename
<qman__> do   apt-cache policy libc6
<qman__> and for locales
<WACOMalt> https://hastebin.com/icotovafig.rb
<WACOMalt> to my eyes those appear to all be trying to come from official repos
<qman__> all but that first libc6
<WACOMalt> can I tell it to just reinstall those packages?
<qman__> you have a version that doesn't have a source, probably means you no longer have the source it came from
<qman__> 2.2408
<qman__> 2.24-8
<qman__> which is a pretty serious problem, you can try to force install the repo verison of libc6 but it's one of the most core packages in the system
<qman__> so anything that depends on it which you've installed could break
<WACOMalt> is there any way to find out what source that came from, and re-add that source?
<qman__> the problem is that you never should have had that source to begin with
<WACOMalt> so, in theory, when that go intsalled, whatever was gonna break should have already been broken, right?
<qman__> you can check /var/log/dpkg.log and /var/log/apt/history.log, but I don't know how much help those will be
<tarpman> 2.24-8 is a debian version - looks like you must have added a debian unstable repository at some point?
<tarpman> recently, because unstable only has 2.24-9 even today
<WACOMalt> its possible but I have no idea why :/
<tarpman> if you added a repository and then removed it, you must know why you did it
<WACOMalt> the only thing I could imagine is if something like znc or btsync required some weird version to compile maybe
<WACOMalt> but I honestly have no memory of this
<WACOMalt> checking logs
<tarpman> my suggestion is - apt-get install 'libc6=2.19-0ubuntu6.9'
<tarpman> to force it to downgrade to exactly the repository version
<qman__> that may or may not be resolvable and will probably require you to remove packages that depended on it
<tarpman> yeah
<WACOMalt> is there any way to guarantee if I run this I can return to the current working (albeit not ideal) system?
<qman__> but is really the only way to fix it, if it's possible at all
<tarpman> but it's my only suggestion short of fully reinstalling your system
<qman__> no
<tarpman> you have backups - right?
<tarpman> if not, now would be a good time to make one
<qman__> there's no undo feature here
<qman__> so yes, backup and restore is the only way
<WACOMalt> :E
<WACOMalt> welp, at least I'm only risking my own data XD
<WACOMalt> here goes something
<WACOMalt> aaand the ssh window appears to have stalled
<WACOMalt> :E
<WACOMalt> E: Version '2.19-0ubuntu6.9' for 'libc6' was not found
<qman__>   2.19-0ubuntu6.11
<qman__> is the one your apt says it can get
<qman__> so try that
<WACOMalt> https://hastebin.com/katuvazeri.vbs
<qman__> yep, your system state is a mess
<qman__> also known as frankendebian
<WACOMalt> v_v
<qman__> so, you can try to find which versions of those packages it's complaining about should be installed (if any) via apt-cache policy and installing/removing as necessary in the same line, or give up and reinstall
<qman__> but those packages will have other codependencies, and those will have codependencies, and so on for many levels
<tarpman> those should all be from the same source - 2.19-0ubuntu6.11 ought to work for all of them
<tarpman> in theory....
<WACOMalt> so... if I re-add that debian repo I apparently had
<WACOMalt> can I re-install those from that, then remove them cleanly?
<qman__> if you did that, you would still have a mess
<tarpman> no, that will only make things worse
<WACOMalt> ok
<qman__> your next attempt from here would be doing apt-cache policy from each of those packages it complains for, finding which versions they are, and then doing: apt-get install 'libc6=2.19-0ubuntu6.11' 'libc6-dev=2.19-0ubuntu6.11' 'libc6-i386=2.19-0ubuntu6.11' 'libc6-dbg=2.19-0ubuntu6.11'
<qman__> assuming that's the version for them
<qman__> rinse and repeat until resolved or unresolvable
<tarpman> libc-dev-bin in there too, I think
<WACOMalt> note to self. Not unlike deleting system32 on my windows background... do NOT eff with system files of linux
<qman__> the key mistake here was adding a debian repository to ubuntu
<qman__> never do this, and never do the reverse
<qman__> or with mint, or any other distribution other than the one you're using
<WACOMalt> dangit all the logs are .gz files aside from the current, 0 byte, one
<tarpman> 'less' is usually happy to read the .gz's directly
<WACOMalt> nope no dice
<WACOMalt> bunch of jibberish
<tarpman> pastebin
<WACOMalt> https://hastebin.com/seperevago.pl
<qman__> if you have zcat, you can use that
<qman__> zcat /var/log/log.gz | less
<WACOMalt> qman__: https://hastebin.com/raw/bexefetibi
<WACOMalt> there's like 20 of these logs... so I'm not sure which would have the offending stuff
<WACOMalt> Is there a good place to ask for some direct support (aka pair support w/ direct shell access)
<WACOMalt> *paid
<tarpman> https://www.canonical.com/services/contact-us ?
<sarnold> to be honest I'm not sure if the ubuntu advantage folks would tackle this one or not
<sarnold> The Answer for "I've installed packages from half-dozen non-ubuntu sources" is probably going to be "here's an install iso"
<qman__> yeah, when I encounter that situation, I don't fix it, I start over
<qman__> install a new system, set up software, migrate data
<tarpman> ++
<qman__> it's easier and guarantees results
<WACOMalt> well, that is an acceptable solution I would pay for :P
<WACOMalt> I dont have the local storage or bandwidth to handle that process
<lordievader> Good morning.
<Mead> <Mead> my bios only gives me two options for primary graphics adapter pci express and pci,  while it will use a card in my x4 slot if one isn't present in the x16,  It seems to default to use the x16 slot if there are cards present in both slots. Is there any way I can force ubuntu server to use the card in the x4 as primary?
<TafThorne> WACOMalt: view (as in read only vi (which is really vim)) is happy to read compressed text files.
<TafThorne> I'd also have suggested you see what `aptitude` suggests as ways to unstick things.  Ripping out a couple of packaged once your sources are sorted can sometimes get things back to a stable (enhough) state.
<ronator> On Ubuntu 16, should I use ntpd or systemd-timesyncd? Can the latter also smoothly add drift to system time or would it act like ntpdate setting the time promptly.
<andol> ronator: If it's an always-on server I would go with regular ntpd.
<ronator> andol: yes, they are; thx
<lordievader> Seems like they do quite the same things. Though timesync is hooked into networkd, not sure if that is a dependency. https://wiki.archlinux.org/index.php/systemd-timesyncd
<nacc> rbasak: fyi i think the snap is working now
<rbasak> \o/ thanks!
<nacc> rbasak: np
<nacc> rbasak: i had another question for you, though re: LP: #1322264
<ubottu> Launchpad bug 1322264 in munin (Ubuntu) "Munin fails to generate graph, stat should be less than end" [Undecided,Fix released] https://launchpad.net/bugs/1322264
<nacc> i agree 100% with your assessment
<nacc> but for relatively obvious bugfixes from upstream, for relatively complicated software configurations, how are we expecting an SRU to work?
<nacc> or do we just acknowledge we will ship buggy software for 5 years?
<nacc> (or encourage folks to upgrade instead)
<rbasak> nacc: I think a best effort to get as close as possible to address the rationale of the SRU policy would be fine.
<rbasak> But a lack of answer suggests to me that nobody is going to bother to help if there does turn out to be a regression.
<nacc> rbasak: ack that makes sense
<rbasak> And I think one problem of the current SRU policy is that the SRU driver is incentivized to focus just on the bug being fixed, rather than the bigger picture of not regression others' use cases.
<rbasak> *not regressing
<nacc> I just provided an additional comment and hopefully that one user with a detailed report can help
<nacc> yep, agreed
<rbasak> I have no idea in this case for example whether this bug affects 0.01% or 100% of munin users.
<nacc> it's an error path handler, afaict
<nacc> but yeah
<rbasak> If 0.01%, then my "nobody is going to bother to help if there does turn out to be a regression" concern (due to lack of response) justifies a reject, IMHO.
<rbasak> So to not reject, if those things are addressed in the bug, then I think it would be fine to reconsider.
<nacc> yeah
<nacc> I'm just trying to think of how to explain that rationally to a drive-by contributor, whose response will be "it's been fixed upstream for 3 years"
<nacc> (I'd expect)
<rbasak> Feel free to copy and paste this discussion :)
<nacc> yep
<rbasak> and https://wiki.ubuntu.com/StableReleaseUpdates#Why
<nacc> ah that's a good reference!
<nacc> rbasak: oh! i remember i added a hidden flag for the devel pointers
<nacc> rbasak: so for tomcat, you can run `usd import --fixup-devel tomcat7`
<nacc> and it will just correctly merge them up so they at least are correct for now (iirc)
<rbasak> Nice!
<nacc> rbasak: sorry, i had forgotten about that option, it was specifically for cases like this :)
<nacc> since we don't update -devel for non-updated branches by default
<powersj> rbasak: Looking at LP: #1681736, appears to be a few older bugs with similar issues around mysql-common not installed and failing to create symlinks. Any thoughts?
<ubottu> Launchpad bug 1681736 in mysql-5.7 (Ubuntu) "package mysql-server-5.7 5.7.17-0ubuntu0.16.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/1681736
<rbasak> powersj: we do get reports like that. I'm not sure it's a bug though.
<rbasak> mysql-common ships /usr/share/mysql-common/configure-symlinks
<rbasak> And mysql-server-5.7 depends on a recent enough version of it.
<rbasak> I suspect outside-of-Ubuntu packages.
<powersj> ahhhh
<rbasak> mysql-common 10.0.15+maria-1~trusty [origin: unknown]
<rbasak> There we are
<rbasak> From Dependencies.txt
<powersj> ah! thank you
<powersj> rbasak: want to comment on it?
<rbasak> Sure
<rbasak> Done
<powersj> rbasak: is apt-ordering listing the status of the apt command in terms of what it will install during the current operation, with status? and dependencies listing everything that is required to complete the install, including what may already be installed?
<powersj> I ask because I looked at apt-ordering, not dependencies
<rbasak> powersj: AptOrdering.txt looks like it's telling you what order apt decided to get dpkg to install packages in.
<rbasak> Dependencies.txt tells you what versions of what were installed at the time of the error I think.
<Erix> hi
<Erix> i can not find nor install a2ensite for apache2 on ubuntu server 16.10
<nacc> Erix: it's in apache2 package in /usr/sbin
<Erix> nacc: thanks.
<Erix> nacc, it is not there
<Erix> and locate cannot find it
<Erix> I installed apache2 within nextcloud snap package
<nacc> um
<nacc> snaps are different :)
<nacc> and more than likely, you'd need to ask the snap owner
<Erix> ok. thanks again
<nacc> but they are under no obligation to provide a2ensite
<nacc> and the a2ensite they do provide would only be visible in the snap
<nacc> unelss they expose it as a distinct command
<Erix> so is there another way to activate a virtualhost config file without it?
<sarnold> try something like snapname.a2ensite
<nacc> Erix: well, you certainly don't need snaps for virtualhosts
<nacc> Erix: but the snap would need to expose it's internal a2ensite, i think
<sarnold> iirc snaps force all commands to have that name.name thing, except for the one command named the same as the snap.
<nacc> what sarnold said
<nacc> *if* they expose the command at all
<sarnold> right
<nacc> Erix: you might ask kyrofa in #snappy
<nacc> i believe kyrofa packages that snap
<nacc> https://github.com/nextcloud/nextcloud-snap
<Erix> thanks.
<Erix> lots new info for me
<nacc> given that bin/apachectl is excluded, i'm not sure if a2ensite is in the snap
<nacc> not 100%, kyrofa is probably the best reference
<DammitJim> is there a channel for continuous integration?
<DammitJim> I want to find out if stuff like that can handle xml file dependencies for apps
<nacc> !alis | DammitJim
<ubottu> DammitJim: Alis is an IRC service to help you find channels. For help on using it, see "/msg Alis help list" or ask in #freenode. Example usage: "/msg Alis list http"
<nacc> DammitJim: do you mean CI in general?
<DammitJim> like I want to know if a CI system should be deploying an xml file
<teward> hm, I think the default fail2ban regexes don't work proper...
<DammitJim> lol
<nacc> DammitJim: like ... any CI system? and what do you mean deploy?
<DammitJim> like bamboo
<teward> i was going to say "Assume we don't know what you're talking about when you say "deploy"" but he left.
<teward> and fail2ban is still evil
 * teward had to write his own regex to match dovecot and postfix auth fails
<nacc> teward: :) yeah, i dont' know what bamboo is...
<drab> anybody around using debmirror? I just set it up, process was interrupted 80% of the way, I just restarted it and it's redownloading everything...
<sarnold> ewwwwwww
<drab> isn't it supposed to pick up from where it left rsync style? the repo is already 79GB
<drab> so definitely something got downloaded...
<sarnold> I'd expect the lists to be downloaed again from scratch
<sarnold> but I'd seriously hope everything else would pick up where it left off
<drab> yeah, sure, I expected the same
<drab> but it's redownloading all the pkgs
<sarnold> feels worth a bug report
<sarnold> maybe nothing will happen but it'll feel good to file it all the same ;)
<drab> oh I see, I think it's rechecking every pkg and some must hvae changed in the last few hrs or something... it
<drab> 's already at 12% and that took about 30mins earlier on
<drab> nwo it took a couple mins
<drab> for now it's printing all lines with 200OK, maybe that means it's identifying the pks is the same
<drab> there's no explanation about the output in the man
<drab> but I think even when it d/l'ed it the first time it said 200
#ubuntu-server 2017-04-13
<IShavedForThis_> hey! does anybody have an experience running an ubuntu server bittorent client with a proxy? I'm having some difficulties setting it up
<sarnold> I wouldn't be surprised if some clients don't easily support a proxy
<IShavedForThis_> yeah it's looking like transmission-daemon doesnt
<IShavedForThis_> and I'm not quite sure why
<sarnold> IShavedForThis_: this looks sane https://github.com/rakshasa/rtorrent/wiki/Tor-based-Proxying-Guide#step-3-rtorrent
<IShavedForThis_> would you happen to know any that do?
<IShavedForThis_> ahh. Tors a little heavy, plus I would hate to congest it downloading whatever I'm downloading. I already own PIA
<sarnold> yeah I wouldn't want to torrent over tor. I expect that's miserable.
<sarnold> but there's the configuration settings to use socks proxies :)
<IShavedForThis_> lol for me, and all the people that actually have to use tor
<IShavedForThis_> awesome! would you recommend rtorrent?
<sarnold> yeah, it was awesome stuff. the display is a bit baffling but it runs great inside tmux or screen
<IShavedForThis_> well I usually use a web interface anyway. does this have one?
<IShavedForThis_> actually don't answer that. I do own a google
<sarnold> oh I've heard good things about the google it must be nice to own one :)
<IShavedForThis_> its just a fad.
<IShavedForThis_> So this is telling me to disable all UDP support? would I need to forward a port or can I just leave that intact since im not using tor
<sarnold> if your udp can be routed then you can probably leave it turned on
<IShavedForThis_> I'm not sure what that means. I'm still new to Linux servers as a whole
<IShavedForThis_> (and home networks)
<sarnold> well, why do you need the proxy? normally you use a proxy because your packets can't be routed off the network but you know a machine that -can- talk to the internet..
<IShavedForThis_> because I would like to download torrents without my ISP knowing I am
<IShavedForThis_> or am I a complete idiot and thats not what proxies do lol
<sarnold> then you may wish to disable the udp support in rtorrent and maybe even figure out how to run your dns through the proxy as well.
<IShavedForThis_> hmm. Should I skip the proxy then, and use the VPN service for only the transmission daemon? or is that not possible
<IShavedForThis_> because I definitely dont want my entire home network using the VPN
<sarnold> that might work. I don't know much about network namespaces but maybe you could just run your torrent client and vpn thing in the same VM instance
<IShavedForThis_> that sounds complex as fuck lol. Is there any reason why a proxy wouldn't work? Like I said, I'm still fairly new with this so don't know too much
<sarnold> proxies are often just for dns traffic
<sarnold> sigh
<sarnold> it's time for me to stop working obviously :)
<sarnold> proxies are often just for *TCP* traffic
<sarnold> since most DNS traffic starts out at UDP, it's often not proxied
<IShavedForThis_> ahhh. okay so it wouldn't really do a damn thing
<sarnold> which is why the tor people go on about dns at length :)
<andol> Well, SOCKS5 support proxying UDP.
<IShavedForThis_> I do have socks5
<sarnold> andol: oh? I hadn't heard that :) thanks
<IShavedForThis_> thanks a bunch sarnold. I haven't used a proxy since highschool so I never knew any of that
<IShavedForThis_> and thanks andol. Do you happen to use a socks5 proxy for a bittorrent client?
<andol> IShavedForThis_: Nope
 * andol did a bit more reading, and while SOCKS5 itself defines UDP support, not all SOCKS5 proxies actually implement it.
<IShavedForThis_> hmm. I wonder if PIA uses it. I'm going to google.
<IShavedForThis_> unless I can find a way to install PIA on the headless and only VPN that one specific program
<IShavedForThis_> https://schnouki.net/posts/2014/12/12/openvpn-for-a-single-application-on-linux/
<IShavedForThis_> is this still applicable? or is it outdated?
<sarnold> that's the network namespacing I mentioned twenty minutes back :)
<IShavedForThis_> ahhhhh
<IShavedForThis_> is it as complicated as it looks?/
<sarnold> it should still work
<sarnold> oddly enough it's probably even more complicated than it looks
<sarnold> but it seems to work okay for folks :)
<IShavedForThis_> fuck
<IShavedForThis_> ill pay someone 5 bucks on paypal if they can get it working
<profall> Will I have any issues running Ubuntu 16.04 with the 3.13 Kernel?
<OerHeks> Ubuntu 16.04 LTS is based on 4.4, so how would you use 3.13 ?
<profall> I upgraded from 14.04 to 16.04 and it's still on 3.13 Kernel.
<OerHeks> profall, what does ' dpkg -l | grep linux-image  ' show? maybe you miss linux-generic >> http://askubuntu.com/questions/815002/kernel-did-not-upgrade-between-14-04-lts-to-16-04-lts
<profall> OerHeks: https://pastebin.com/jPwVkesU
<profall> Right now it's running on 3.13.0-37
<OerHeks> linux-image-extra-3.13.0-37 is missing?
<profall> no
<profall> Figured it out :)
<profall> Thank you for the help though.
<profall> Just had to change Default= in /boot/grub/menu.lst
<OerHeks> profall, oh, good find, didn't think of that possibility
<lordievader> Good morning
<adrian_1908> On my VPS there's an "ubuntu" user with a home directory. Is this normal for Ubuntu server installations? (It might be the provider's doing, just making sure)
<Frickelpit> looks like a pre-configured cloud-image
<rbasak> adrian_1908: yeah - if using a cloud image, it's the default.
<adrian_1908> rbasak: ah the cloud image. that explains why I didn't immediately find something while searching. thanks!
<catphish> can anyone tell me the status of CVE-2016-10229 in ubuntu 16.04? there seems to be a lot of mixed info about what kernels are affected
<rbasak> https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-10229.html
<rbasak> It's fixed except on some phone kernels
<catphish> what does DNE mean?
<rbasak> Does Not Exist
<catphish> thanks, i'll try to find my kernel in that pile
<rbasak> It looks like 16.04 was never affected.
<catphish> that's good news, i'm running various versions of 4.4 (the defaults in 16.04)
<catphish> i guess it's just the "linux" package, "Ubuntu 16.04 LTS (Xenial Xerus): not-affected (4.4.0-2.16)"
<catphish> so that's good
<catphish> thank you
<adac> mount shows me something like this:
<adac>  /etc/auto.xxxxx.your-backup.de.davfs on /mnt/backups type autofs (rw,relatime,fd=6,pgrp=27899,timeout=60,minproto=5,maxproto=5,indirect)
<adac> but with autofs I mount it like this:
<adac> https://gist.github.com/anonymous/6166626a7fa8259b754b1a04c82bb293
<adac> I'm wondering why there is no "mode" shown with "mount"
<RBoreal_Frippery> Hey All, I am looking to change the owner of a file on a windows server from my ubuntu-server. I have admin access etc. Is there any generally good way to do this?
<RBoreal_Frippery> I have used Samba to move files and folders, but I need to set permission
<ikonia> RBoreal_Frippery: if you have permission chown will work
<RBoreal_Frippery> Is that in one of the samba binaries?
<nacc> RBoreal_Frippery: no `chown` is a basic utiltity
<nacc> or chmod, depending on what you need
<WACOMalt> Hello. I am having an issue with a dedicated server I am accessing via ILO. trying to install ubuntu 16.04.2
<WACOMalt> It is currently hanging on  "Creating ext2 file system for /boot in partition #1 of SCSI1 (0,0,0) (sda)..."
<dpb1> WACOMalt: do you know which physical disk that is in the system?  Could be any number of things.
<WACOMalt> dpb1: it only has one drive
<WACOMalt> ILO has got to be the worst thing I have ever used...
<dpb1> DRAC isn't much better.  /me jokes
<mason> I miss serial aggregators and Sun hardware.
<dpb1> WACOMalt: first suggestion I would have is to replace that disk and try again.  process of elimination.
<WACOMalt> I have no physical access. Support ticket time!
<dpb1> WACOMalt: indeed!
<tomreyn> WACOMalt: if it's acurrent HP ILO, it should be usable (even convenient). of course it works entirely different than sun hardware does for OOB management.
<tomreyn> s/does/did/
<tomreyn> it's got both a web UI (with KVM, remote media mounts etc.) and CLI (via SSH)
<WACOMalt> dpb1 is there a good linux distro I can run live to try and test this disk?
<WACOMalt> something small as it'll have to be shared over network to the ILO server
<genii> TCL
<tomreyn> http://tinycorelinux.net/
<bekks> WACOMalt: you can share enire dvd to the ilo. :)
<WACOMalt> bekks: I dont know how to do that. I just clicked mount CD and chose an ISO from my local machine
<WACOMalt> and its not taking any keyboard input on the ubuntu setup to choose install ubuntu :/
<bekks> WACOMalt: and thats how you share an iso image. of a small cd, a normal cd, or a full blown dvd.
<bekks> WACOMalt: did you acquire the ILO session?
<WACOMalt> I dont know what that means... but I'm currently looking at the console
<bekks> and you can use your keyboard within?
<WACOMalt> I can hit enter to choose Enlish
<WACOMalt> but anything past that doesnt work
<WACOMalt> *English
<WACOMalt> I'm running dd if=/dev/zero of=/dev/sda bs=512 count=63
<WACOMalt> maybe that will let the normal formatter in ubuntu installer work
<bekks> WACOMalt: what are you trying to achieve by doing so?
<WACOMalt> basically if I use my hosts's pre-built provisioning image, it freezes on formatting the drive
<WACOMalt> I'm hoping by wiping it first this will continue
<WACOMalt> since I am unable to manually run the install it seems since I have no keyboard
<bekks> I strongly doubt it.
<WACOMalt> So ubuntu 16.04 install hangs at 33%. formatting /dev/sda for /boot
<WACOMalt> https://hastebin.com/oluhavejuj.sql is the smart status of the drive
<WACOMalt> what can I try?
<bekks> WACOMalt: How long did you wait?
<WACOMalt> 3 hours
<WACOMalt> it's a 500GB sata drive
<bekks> WACOMalt: did you check dmesg?
<WACOMalt> dont know how. will google
<bekks> WACOMalt: nothing to google, its a command to be typed.
<WACOMalt> would that still be there after power cycling? I am unable to get to a terminal while it's frozen there
<bekks> WACOMalt: No.
<WACOMalt> I've seen this issue before with ubuntu installs in forums
<WACOMalt> and people say to format the drive first and then tell it not to format during install, but I cant do that since it;s a silent installer it seems, just rushes through things right to a progress bar
<WACOMalt> and I cant use my keyboard
<bekks> Thats an issue to be fixed first, then.
<WACOMalt> I am trying ILO (ILO 2) over internet explorer
<bekks> Which HP server is it?
<WACOMalt> I have been unable to get the java one to work at all
<WACOMalt> despite now installing a ton of different java versions and firefox versions to try to get it
<bekks> It tells you which version to use :P
<WACOMalt> and then the download link to it is broken on the ILO info page
<WACOMalt> isnt there like a actual program I can use to do this?
<bekks> A program to do what?
<WACOMalt> like how I would used vinvnc or something to hook to a vnc remote desktop
<WACOMalt> why are there no ILO clients
<bekks> Ask HP.
<WACOMalt> have to rely on insanely outdated java versions in outdated browsers, or clunky activex in an terrible browser
<bekks> Which HP server in particular do you have?
<bekks> You are using a horribly outdated system when still having an ILO2.
<WACOMalt> HP BL260C Dual E5420
<bekks> Its a horribly outdated server blade.
<WACOMalt> gotcha :/
<bekks> A G5 one.
<WACOMalt> horribly as in what year would this have been considered ok?
<genii> Probably 2003-ish
<WACOMalt> holy crap
<WACOMalt> I didnt realize that.
<WACOMalt> in that case I'm amazed it's working at all
<WACOMalt> welp, running mkfs.ext4 /dev/sda from sysrcd seems to have solved it
<SineDeviance> hi all! i'm running ubuntu-server x64 16.04. my question is, how do i run a script from a specific directory as a user during boot time?
<patdk-wk> cron
<patdk-wk> make an systemd init script
<drab> SineDeviance: depends what "boot time" means, would rc.local work? otherwise systemd
<patdk-wk> add it to rc.local (pretty evil)
<SineDeviance> i like the service option better, yeah
<SineDeviance> drab: not sure
<mason> patdk-wk: Does Ubuntu support user systemd services?
<drab> SineDeviance: rc.local will run at the very end of the process and it's kind of dirty, a systemd service would be better
<patdk-wk> no idea
<patdk-wk> but what exactly is a user systemd service?
<SineDeviance> drab: i'm good with that option. so i need to write an init.d script and add it?
<patdk-wk> as far as I knew, you just had services
<mason> patdk-wk: https://wiki.archlinux.org/index.php/Systemd/User describes it
<mason> per-user services
<drab> mason: I don't know about that, but nothing stops you from setting user/group in the service file, which would accomplish what SineDeviance is asking for
<mason> RHEL doesn't support it as yet due to problems I don't remember off the top of my head. No clue if Ubuntu does.
<mason> Sure.
<mason> I think the notion is that the systemd user stuff lets the user control the service post-boot.
<SineDeviance> yeah, that'd be fine. i'd like it to be possible for other users with elevated privilege to stop/start the service
<drab> I have a /lib/systemd/systemd --user running on my 16.04 desktop so maybe it does
<drab> but have never really looked into it
<SineDeviance> fwiw, the script i'm trying to automate is supybot
<drab> oh wow, supybot, been a while since I heard that name
<SineDeviance> i still think it's the best one
<SineDeviance> sadly, it does not seem to come with an init.d script
<SineDeviance> i know i had this setup and working a couple years ago. i just don't remember how i did it
<dasjoe> How come there's no language switcher on https://help.ubuntu.com/lts/serverguide/index.html?
<t2mkn> Can some one help on config file setting for just installed samba server on Ubuntu 14.04. I just need an open access to all to a directory in my home network.
<nacc> dasjoe: might not be translated, not sure
<dasjoe> nacc: it is translated, that's how I found out my browser was set to accept German ;)
<dasjoe> I'd rather have a manual selector, too
<nacc> dasjoe: oh i don't know then :)
<drab> mmmh, lame question I guess but I suck at gpg... how am I supposed to find and get all the keys I need to validate a ppa[/3rd party repo]?
<drab> for the main ubuntu mirror I just had to import /usr/share/keyrings/ubuntu-archive-keyring.gpg
<drab> which was easy
<drab> but for the ppa of say libreoffice, I'm not sure how to go about it
<drab> basically whatever apt-add-repository does behind the scenes
<drab> guess I could read its source code...
<WACOMalt> OK got my server up
<WACOMalt> But one issue... it seems the host's provisioning settings didnt apply the root password I set, and I didnt make a normal user
<WACOMalt> wait nm... I'm just and idiot
<WACOMalt> so question... does it matter if my server's hostname is hostname.domain.com or just hostname?
<drab> WACOMalt: it depends what's asking, for most things it won't
<drab> apache for example will complain about not being able to find a FQDN
<drab> if you don't have it
<tomreyn> gots in your hostname are probably not a good idea
<tomreyn> *dots
<tomreyn> unless you're speaking FQDN
<WACOMalt> ok I'm trying to set up a normal user via ILO, but for some reason arrow keys dont work so I cant... how can I enable ssh access for the root user until I get a normal user made?
<WACOMalt> currently SSH is saying access denied
<drab> by default I think root login is permitted with no pwd
<drab> but otherwise you need to edit /etc/ssh/sshd_config
<drab> PermitRootLogin prohibit-password <-- that's what you probably have
<tomreyn> on HP ILO?
<tomreyn> i would think it just allows you to login with the root password as the root user by default.
<tomreyn> the device you're working with there, is that an HP ILO at all, and which version of it? and are oyu on the web interface?
<WACOMalt> ok I got another user created with sudo access
<WACOMalt> Next question... nano is not found and sudo apt-get install nano is Unable to locate package nano
<WACOMalt> ugh disregard. stupid again, forgot apt-get update after a fresh install
<WACOMalt> Does this etc/apt/sources.list look normal to you guys? https://hastebin.com/lugagucima.nginx
<WACOMalt> fresh install
<tomreyn> the mirror server is non standard
<WACOMalt> anything to worry about?
<WACOMalt> probably just my host using their own mirrors I guess
<tomreyn> are you hosting with Yomura Corporation then?
<WACOMalt> probably. I'm with delimiterVPS
<WACOMalt> (though it's a dedicated server)
<WACOMalt> yup that's their holding company
<Latrina> noob question. If I get a powerful workstation with some serious Nvidia graphic card, supported from Ubuntu ofcourse, will I be able to take advantage of it with a Windows virtualbox VM?
<Latrina> The idea I have is migrate Windows 10 pro on a VM and keep ubuntu as the Host, however I badly need access to photoshop
<tomreyn> Latrina: what you are looking for is to have a dedicated graphics card for the VM
<tomreyn> i.e. you'll need two. one of them would be handled by linux, the other by windows. it's called 'video (card) passthrough'.
<tomreyn> graphics virtualization is a delicate topic, not easy to achieve, but bothm KVM and Xen are working on making this work nowadays.
<tomreyn> this doesn't seem to be a server question, though
<Latrina> thank you for the info and I apologize if my question went off topic
<tomreyn> Latrina: also look for KVMGT and XenGT (implementations on these virtualizations) and VGPU (as a generic term)
<Latrina> will do, thanks again :)
<tomreyn> gpu virtualization is not actually off-topic for a server channel since this is currently the most relevant use case: calculations made on graphics cards from within VMs
<Latrina> well thats the reason why I felt my question would be appropriate if brought up here
<tomreyn> the less painful approach is to have 1 discrete graphics card per OS (so one for the host and one for each VM which needs graphics acceleration). but you can also share acceleration across systems (host, guests) in some configurations nowadays.
<tomreyn> sorry then ;)
<Latrina> my concept of server is storage / services / VMs / cloud
<nacc> gpu virtualization is still really fragile, though
<Latrina> no thank you for the valuable info
<nacc> and honestly, the easier way to go is what tomreyn said, dedicate a card to it
<nacc> even then, i'm not sure what kind of performance you get with windows in a VM, never tried it
<tomreyn> if disk I/O is fine and there is plenty of unallocated space on the system drive, it should work ok
<nacc> tomreyn: yeah, i'm not thinking there is anything technically that shoudl affect it .. other than windows itself :)
<Latrina> need to try this out with some of the workstations we have at work
<Latrina> I dont have top $$$ to invest in attempts
<tomreyn> most of your time will be spent on researching a working hardware + software configuration.
<tomreyn> (and yes, windows is terrible in how it abuses resources)
#ubuntu-server 2017-04-14
<Skittishtrigger> Is there an arg that I am missing when using ls -al  where I can specify the number of results per page?
<Skittishtrigger> by missing I mean unable to find or are unaware of
<tarpman> Skittishtrigger: I don't think ls(1) has a concept of paging.
<tomreyn> use a pager to paginate. pipe into more or less.
<Skittishtrigger> ah thank you
<Skittishtrigger> thinking maybe something like ls -al | vim  but ls is not from terminal lol
<Skittishtrigger> btw the closest command seems to be ls al | less for a basic pagination style
<tomreyn> 'less' is actually a lot more versatile than 'more', which is similar to 'pg'
<mason> less > more
<dpb1> someone should put that in the manpage.
<Latrina>  loving less
<profall> Anyone know the best way to ignore an entire interface with ufw?
<profall> Nevermind, just realized I can allow just whitelist the ip.
<lordievader> Good morning.
<jdstrand> profall: ufw also supports 'in on eth0' and 'out on eth0' if that's helpful to you
<sonu_nk> hi i purchased new ssl , now i want to install it on my domain..
<sonu_nk> hi there ?
<ChmEarl> zesty-server is on topic?
<mason> ChmEarl: Sure.
<mrtAkdeniz> howdy! really has no idea is it place but i've no idea where to ask..
<mrtAkdeniz> but i suppose there are sysadmins and devops, so going to ask.. you know google pagespeed insights.. i'm doing tests again and again, and it always says "optimize images".. i tried to run jpegoptim and optipng, decreased resolutions.. but still
<mrtAkdeniz> I ran jpegoptim with "--max=90 --strip-all --preserve --totals" and optipng with -o7 -preserve -strip all
<Knyaz> hello. i want to download ubuntu-server 32 bit, but not from bittorrent. can you guys help me find a download link? bittorrent is blocked here
#ubuntu-server 2017-04-15
<sbeattie> Knyaz: http://releases.ubuntu.com/
<mason> Knyaz: also https://www.ubuntu.com/download/alternative-downloads
<ChewyNoob> I tell ya what. When every single forum I read said not to try and set up a mail server, I should have listened.
<lordievader> Good morning.
<hypermist> why is my ubuntu deny sshing connections the last thing i did was disable docker
<gddai> hi
<gddai> something is keep setting my locales to POSIX no matter what i do
<Mead> anyone know how I could find out if a used PCI (not pci express) graphics card will be supported by ubuntu server before I purchase it?
<ppetraki> Mead, if it's that old it probably works
<Mead> ppetraki: I discovered something can be too old, with trying to use old vga cards
<ppetraki> Mead, the easiest thing to do is "just try it". Unless you can figure the pci vendor and device ID in advance, that's the only way you can determine if an X driver will support it. Otherwise it'll try to use the plain vga driver, which should work. but may not have enought color support to drive unity for example
<compdoc> anyone have problems with the last qemu update? guests not booting?
<b-yeezi> hello all. Anyone here ever setup a django app inside an LXD container?
<b-yeezi> I have two containers on a host, one for db one for django/nginx. I can get the db to talk to the app. I can forward the app's port 80 to the host, but I cannot get allowed_hosts to work.
<c0mrade> I've just inserted an Ubuntu 16.04.2 LTS DVD into my server and I have many installation options, one of them is Install Ubuntu Server with HWE kernel. What does that mean? How would it differ and why would it matter to me if I pick second option the one with "HWE Kernel"?
<ikonia> c0mrade: do not cross post
<ikonia> c0mrade: ask in #ubuntu OR here, not both
<c0mrade> I asked in ubuntu and it didn't work. So I thought ubuntu-server would be great.
<c0mrade> ikonia: Dude you're like my shadow :D
<ikonia> c0mrade: no, you where discussing it in #ubuntu and people where responding, please use one channel
<c0mrade> ikonia: Why is it that you're the only one concentrating and focusing on what am doing :P
<ikonia> you're in channels I'm an operator for, we have a policy of not cross posting, I'm telling you not to do this, thats why
<c0mrade> You're about to be promoted to like a freenode staff or aiming for a channel operator?
<c0mrade> Oh you're an operator...
<c0mrade> I get it.
<c0mrade> You're an operator at #ubuntu then.
<ikonia> you have a history of spamming your questions across multiple channels - you've continued to do this, hence why I'm telling you not to do this
<ikonia> clear ?
<c0mrade> I just asked in two channels. I used #ubuntu and apparently I remembered that my question is related to #ubuntu-server much more so I moved there.
<ikonia> please don't lie
<ikonia> you've just changed your story
<ikonia> you said no-one was responding in #ubuntu a minute ago
<c0mrade> What am I supposed to do in this situation. Join #ubuntu-server and tell them I apologize I just asked the same question in #ubuntu but I am not spamming it's just my question is more relevant here.
<ikonia> please - pick a channel and use it
<ikonia> no more discussion on it
<c0mrade> What channels are you an operator in?
<ikonia> you can search chanserv if you want
<c0mrade> How many?
<c0mrade> Like 5 channels?
<ikonia> it doesn't matter
<c0mrade> It does...
<c0mrade> You have the right to tell me what to do in a channel you are an operator in.
<ikonia> right, and I've just told you not to cross post, so please don't, discussion completed
<c0mrade> But otherwise it's just simply no unless I hear a comment from the operator of that channel itself.
<ikonia> it's up to you how you behave
<c0mrade> I will respect your complaint in a channel you are an operator in but in a channel that you are not, you just simply can not tell me that unless again an operator of that channel did.
<ikonia> as I said, it's up to you how you behave
<c0mrade> ikonia: It's not that. If you're an op, one day you may ban me and tell everyone how wrong were I. Well I told you, I agree with you that I won't be cross posting in channels that you operate but otherwise no.
<ikonia> c0mrade: I don't care, you've just got banned from other channels for cross posting, if you ignore it in other channels you'll get banned, I don't care, but this is why I'm telling you clearly not to do it here
<c0mrade> And the only reason I don't want to get banned is because I gain experience from these channels.
<b-yeezi> Anyway, to answer your question, HWE  basically means an updated kernel version on the 16.04 stack
<c0mrade> b-yeezi: That's not only it.
<ikonia> b-yeezi: it was already answered in #ubuntu before he posted here
<c0mrade> I mean a sane person would then think well why the hell would they offer two kernel versions one is a bit older and the newest one, I mean the newest is the greatest, but there's one thing to it which google helped me to understand.
<c0mrade> ikonia: It wasn't answered clearly neither in #ubuntu nor here.
<ikonia> I disagree, but you have the answer now, so thats good
<c0mrade> ikonia: How would you compare their answer with one like this:
<c0mrade> " Ubuntu will offer at least two kernels: the General Availability (GA) kernel, i.e. the most stable kernel, which does not get updated to point releases; and the Hardware Enablement (HWE) kernel, i.e. the most recent kernel released. "
<ikonia> c0mrade: pretty much exactly what b-yeezi just told you
<c0mrade> [23:04] <b-yeezi> Anyway, to answer your question, HWE  basically means an updated kernel version on the 16.04 stack
<c0mrade> I don't know how 'exact' that was.
<c0mrade> Brand new hardware devices are released to the public always more frequently. And we want such hardware to be always working on Ubuntu, even if it has been released after an Ubuntu release. Six months (the time it takes for a new Ubuntu release to be made) is a very long period in the IT field.
<ikonia> no it's not
<c0mrade> Now, how does Ubuntu want to reach the goal of Hardware Enablement? Using rolling releases for the kernel: as soon as a new kernel is released, it is packaged for Ubuntu, tested (via the proposed pocket and special Q/A methodologies), and made available to Ubuntu users.
<ikonia> 6 months is very acceptable, and few people will use that for production use
<c0mrade> This method has of course some disadvantages: releasing a new kernel too quickly may introduce some bugs and issues, and may not be suitable for the enterprise.
<ikonia> which is why people pick longer term distros which have mapped release cycles
<ikonia> so I suggest you look at how people operate, and try to plan using their methods
<c0mrade> The solution? Offering different kernels for different users.
<ikonia> no
<c0mrade> ikonia: I was expecting something like that.
<c0mrade> Not a one-liner.
<b-yeezi> For me, I use the rule of  "if I don't need HWE, I stick with the default kernel"
<ikonia> b-yeezi: that seems wise
<c0mrade> I disagree...
<ikonia> then don't do it
<ikonia> grab whatever kernel meets your needs
<c0mrade> If I see an option that I don't understand, I investigate it, search about it.
<c0mrade> I saw this option and I instantly stopped what am doing. I needed to know what is this option all about.
<ikonia> great
<ikonia> now you know
<c0mrade> Yeah, but am just telling you that I didn't get clear answers, answers that I would perfectly understand what it is.
<b-yeezi> I have a cheap asus laptop with 16.04. I enables HWE, it wouldn't boot. There is a bug in kernel 4.8 for the atom processor in it. Ever since then, I instituted the rule
<c0mrade> Anyway. I'll say thanks to everyone who answered my question.
<c0mrade> b-yeezi: Thanks for that tip!
<c0mrade> ikonia: ^
<l33n> "pm2 list" does nothing
<l33n> it prints a new command line
<l33n> same thing with "node server.js"
<Guma> I was wondering if someone could help me out with figuring out or pointing me to source of problem I have. I just installed 16.04 with RAID 1+0. Installation and setup did go well. I also running KVM on it. My problem is that when I reboot machine RAId goes to rebuild.
<Guma> Looking at /proc/mdstat after reboot I see % rebuild.
<Guma> That takes about 40 min or so. I have 4 HDD in it and I see [UUUU] indicating it is ok
<Guma> Before I reboot host I do shutdown manually guest.
<Guma> Not sure where to start about this problem. I am using Intel RAID build to Asus motherboard
#ubuntu-server 2017-04-16
<dpb1> Guma: I've had that before when I was lacking a correct /etc/mdadm/mdadm.conf, not sure if that is your problem or not.
<Ve0> Hi everybody)
<drab> hi
<drab> I'm trying to get out of the nfs-kerne-server requirement to pxeboot/install stuff
<drab> I found out that pxelinux now has a lpxelinux.0 and you are no longer required all those shenanigans with gpxe/ipxe chainloading etc
<drab> and I'm able to boot an iso of ubuntu-server over http
<drab> however that fires off its own bootloader and it's not getting any of the options for automtaed install that I'm otherwise APPEND'ing
<drab> http://dpaste.com/193M21R
<drab> so that does boot up mini correctly
<drab> but then mini shows me its own default grub screen as if I had just burtned it to CD and booted it
<drab> which is I guess fine/expected, but then I've no idea how I'm supposed to pass it all those parameters
<drab> especially the preseed file
<drab> whuos, this one: http://dpaste.com/1JADRNY
<drab> OMG
<manukapua> i have a raid5 with 4 1tb disks (/dev/sdb), about to setup lvm on top of it, is it ok to use the "whole" /dev/sdb or should i partition it first ?
<manukapua> was thinking just going pvcreate /dev/sdb , then vgcreate , lvcreate etc
<manukapua> *oh yeah thats a hardware raid5 btw
<tomreyn> ^ gone
<SpaceBass_MBP> Hey folks - anyone using EncFS? I'm trying to mount a drive as -allow_other but it's still only accessible by root
<Razva> hey! how many servers can I join in a Ubuntu OpenStack cluster for free? I know that 2 years ago it was a 10 or 12 servers limit?
<Razva> https://www.ubuntu.com/cloud/openstack/autopilot < still 10 machines
<Razva> bummer
<vaoi> Hi, I just switched to ubuntu/linux and have iptorrents, is bitorrent the recommended Linux torrent?
<vaoi> is it easy to use whatsapp with bluestacks app module on linux/ubuntu?
<mybalzitch> what
<vaoi> what torrent is best to use with linux/ubuntu?
<vaoi> ok, maybe I am not in right chat room, thanks
<mason> And again, people don't stick around long enough to obtain an answer.
<Unpas> Hehe
<Unpas> He stayed for 2mins :S
<mason> Ah, I suppress joins/parts to reduce noise, so I didn't realize it was that brief. Heh.
#ubuntu-server 2018-04-09
<cpaelzer> good morning
<lordievader> Good morning
<Checkmate> Hello is possible to resize root path /
<RoyK> Checkmate: yes
<RoyK> Checkmate: it might be easy, it might be hard, depending on your setup ;)
<Checkmate> Royk teach me the way please
<RoyK> Checkmate: please detail your setup - what you want (bigger or smaller filesystem? what sort of filesystem? partitions or lvm? etc)
<Checkmate> Royk pastebin.com/raw/UczkUVuY
<Checkmate> i have 2Tb on /home/ i want to add 60gb to /dev/root
<Checkmate> Royk is Linux rev 1.0 ext4 filesystem
<Checkmate> I try this resize2fs /dev/sda3 60G
<Checkmate> The containing partition (or device) is only 5119744 (4k) blocks.
<waveform> Checkmate, you need to expand the partition containing the file-system before you can expand the file-system. However, assuming /dev/sda4 comes immediately after /dev/sda3 (which is presumably /dev/root) you first need to *move* /dev/sda4. This is the pain of using partitions instead of LVM
<waveform> unfortunately that's non-trivial - assuming you've got physical access to the box, you're probably best off booting from some live disk (e.g. an Ubuntu installer) and using gparted to do all this for you
<Checkmate> waveform you mean i need to swap i'm on vps i dont know how to expand /dev/sda4
<RoyK> better reinstall on lvm, add as much as *needed* to each partition. Also, is the 2TB on /home on another disk?
<waveform> ah, vps - so no physical access and the disks are probably just files anyway
<Checkmate> Royk is only on /home but i don't know how i can resize on vps
<waveform> in that case just expand /dev/sda3 through whatever interface your vps provides for configuring storage on the instance (assuming it provides such an option), reboot and retry your resize2fs command (you can leave off the size - if omitted, resize2fs just expands the file-system to the size of the container/partition)
<RoyK> Checkmate: the provider can probably help
<Checkmate> waveform i can expand /dev/sda3 to /dev/sda4 ?
<waveform> Checkmate, no: you just need to expand /dev/sda3. Because you're on a VPS, /dev/sda3 is probably just a big file on some server pretending it's a partition on your VPS' disk. Your provider will (hopefully) have some interface you can use to request/give more space to /dev/sda3
<Checkmate> please i dont know what command using to expand
<waveform> we can't tell you that: it won't be something on the server itself; it'll be something in your vps' control panel (i.e. on the website you used to set up the vps)
<waveform> hence, it'll also be specific to the vps provider
<Checkmate> ok looks i need to contact ovh support
<Checkmate> waveform if i'm on  the rescue mode
<Checkmate> i can adjust size safely?
<waveform> expanding a file-system can generally be done online (sometimes, depending on file-system, even when it's mounted) but you need to have expanded the container of the file-system first
<waveform> I think I'm right in saying ext4 is one FS which permits online expansion; in other words, if you've expanded your /dev/sda3 (through your vps) you should be able to resize2fs it with or without booting to rescue mode
<Checkmate> can you please give me the commands to expanded /dev/sda3
<TJ-> waveform: correct, I use that regularly with LVs that grow. "resize2fs /dev/sdXY"
<waveform> Checkmate, if you've resized the /dev/sda3 "partition" (in quotes because this is on a vps so it's probably not *really* a partition), just "resize /dev/sda3" and it'll expand to the size of the new container
<waveform> TJ-, yeah - I was sure I'd done that on my LVs at some point but it's one of those things I haven't needed for a year or so and I have to re-check each time :)
<Checkmate> waveform give me the command i want to try if i can resize or not
<TJ-> Checkmate: I just gave it
<TJ-> Checkmate: "resize2fs /dev/sdXY"
<Checkmate> you mean resize2fs /dev/sda3 200G
<Checkmate> why when i check df -h i see the same size nothing changed!!
<waveform> as mentioned: you *don't* need to specify the size. Just "resize2fs /dev/sda3" and it'll expand to the size of the container (*if* the container has been expanded)
<Checkmate> when i do this command giving me result  The containing partition (or device) is only 5119744 (4k) blocks.
<waveform> simple - it means you haven't expanded the container
<Checkmate> waveform can i expanded it my self or only by the provider?
<waveform> depends on the provider - some (most? in my experience) provide some means to do this through their interface/website - but for a few it is "contact support"
<Checkmate> waveform possible by rescue
<Checkmate> do you have the command i should give it a try then if doesn't work i will contact the support
<waveform> Checkmate, as you're on a vps this is *not* something you're going to be doing from within the Ubuntu command line - this'll be something on your provider's site
<Checkmate> waveform its not by the command line?
<waveform> no
<waveform> not typically on a vps
<JediMaster> hey guys, we're preparing for Bionic/18.04, getting a bunch of test servers up and running, and I'm sure that I saw PHP 7.1 support, as well as 7.2, for Bionic, yet I can't find any 7.1 packages now, does anyone know if PHP 7.1 has been ditched from Bionic?
<JediMaster> https://launchpad.net/ubuntu/bionic/+source/php7.1 says "There is no current release of this source package in The Bionic Beaver."
<JediMaster> yet the source package exists
<nacc> JediMaster: yes, we are on 7.2 only
<nacc> JediMaster: php7.1 exist in Artful
<JediMaster> nacc: thought so
<nacc> JediMaster: it does not exist in bionic
<JediMaster> The problem is that PHP 7.2 no longer has the 'php-mcrypt' module as it lost support something like 7 years ago, and there are a lot of major PHP based applications that rely on it
<nacc> JediMaster: right, there's a pecl repository
<nacc> JediMaster: or move the php applicaiton to openssl like it should have 5 years ago
<nacc> most upstreams have at least started that
<JediMaster> Ah, I didn't know that, so you could in theory install mcrypt through pecl then
<nacc> JediMaster: yes, i believe so
<JediMaster> nacc, unfortunately we host Magento sites, and Magento only started work on 7.2 support at the start of the year, so there's no chance it'll be ready for 18.04's release, or likely until the end of the year
<nacc> JediMaster: right, i've heard this issue for magento
<JediMaster> It'd be great to move people over to the latest LTS release, but I think that composer requirements on the latest (even beta) Magento support 7.1 at best
<nacc> which... isnot in ubuntu :)
<nacc> yeah, they seemed to be a bit behind the curve on this one
<JediMaster> Yeah, I know it's not an ubuntu issue =)
<dpb1> JediMaster: good thing 16.04 has many years left.
<dpb1> :)
<JediMaster> dpb1, yeah but, not as shiny new as 18.04!
<JediMaster> bleeding edge all the way
<dpb1> there there 16.04, he didn't mean it.
<dpb1> JediMaster: I'm with you
<dpb1> :)
<JediMaster> That's why I drive beta cars (aka Electric)
<nacc> JediMaster: you also could run 18.04, and 16.04 in a vm or container
<JediMaster> nacc, it's already virtualised, that'd be a bit horrid nesting it ;-)
<dpb1> lxd
<nacc> JediMaster: :)
<JediMaster> dpb1, I've not come across lxd, just reading up on it
<dpb1> JediMaster: for pure application workloads (like php) it's fantastic
<sdeziel> JediMaster: you could have 16.04 containers with PHP-FPM (7.0) serving the dynamic stuff and have the shiny new web frontend of your choice that comes with 18.04
<sdeziel> you could probably also have your DB backend running on 18.04
<JediMaster> it's easy enough on our multi-server setups where we have a load balancer (nginx serving static content directly and load balancing php), multiple PHP-FPM servers (no web server) and a database server, as we'd just make the PHP-FPM servers 16.04 and the rest 18.04
<JediMaster> but on a standalone machine it sounds like quite a lot of hassle having a container just to run PHP-FPM
<nacc> JediMaster: only because you are trying to use a version of an extension not supported
<nacc> that's the hassle-source, focus on that :)
<nacc> if you are going to use old software, setup a reproducible deployment enviornment for it
<JediMaster> also the application (which we can't realistically re-write) doesn't officially support 7.2, but does 7.1
<nacc> JediMaster: yeah
<nacc> JediMaster: that's why i'm saying it doesn't makes sense to move the underlying OS for htat application
<nacc> JediMaster: i believe magento also supports 7.0, and just run magento in the container
<nacc> which can run in any VM/host
<JediMaster> Yeah, it's another 3 years support on 16.04 now isn't it?
<nacc> JediMaster: yep
<nacc> JediMaster: hopefully by then magneto gets its act together :)
<nacc> JediMaster: note that debian is putting the smae pressure on them, as their next release will also be 7.2 only, iirc
<JediMaster> Yeah, I think that's the same conclusion we've come up with
<JediMaster> Good to know, I suspect we can move people to 18.04 in maybe 6 months, but meh
<nacc> JediMaster: it's not ideal, but it's also waht upstream PHP has decided
<nacc> JediMaster: there's always a chance we'll get enough outcry that we'd package mcrypt ourselves, but I've been trying to avoid it
<nacc> as I don't think we can really support it (so it'd be in universe) and it's not great for that package to not get security updates
<JediMaster> indeed
<JediMaster> nacc, thanks for the help, always nice to talk to the Canonical peeps
<nacc> JediMaster: np :)
<teward> dpb1: were you hunting me for something?
<teward> I've been insanely busy the past few weeks, if so
<nacc> teward: nginx merge, most likely
<nacc> which we just landed (in bionic-proposed)
<teward> nacc: right, i saw that.
<teward> thanks by the way :)
<nacc> teward: np
<teward> (FYI: I'm autosubbed to app the nginx bugs, no need to specifically subscribe me to the merge requests, FFes, etc.
<teward> I saw you added me to a specific one, but i'm subbed to them all automatically)
<teward> nacc: any major evils in the merge process?
<teward> out of curiosity :0
<teward> :) *
<nacc> teward: just some dropped noise
<nacc> teward: nothing otherwise noticed
<teward> cool.  glad to hear that :)
<shubjero> Anyone here using Ubuntu cloud images? I'm using OpenStack to deploy a large VM with Ubuntu 16.04 EFI/GPT cloud image but the root disk doesnt get deployed any bigger than 2TB despite the partition scheme being GPT. Any thoughts?
<sarnold> what's the backing store?
<shubjero> The underlying virtual block device 'lsblk' is showing up as 5.3T
<shubjero> qcow2
<shubjero> image: disk
<shubjero> file format: qcow2
<shubjero> virtual size: 5.3T (5798205849600 bytes)
<shubjero> I have the ability to add a second partition that consumes the rest of the free space on the block device but that's not how I want this to work.
<tomreyn> i know that xen has a bug in some versions restricting it to this size, but i guess you'll be using kvm?
<tomreyn> shubjero: ^
<shubjero> Yeah, KVM
<dpb1> teward: we got enough context and proxying from rbasak, nacc and others to confirm that it's what you would have wanted.
<dpb1> teward: thanks for confirming. :)
<teward> dpb1: yep.  I had asked the SErver Team to help out :)
<teward> dpb1: given the fact that the weeks up to yesterday were chaotic prepping for basially a "tear it all down and rebuild" for the corporate network here at work
<teward> instead of switch level routing for VLANs, the firewall now does the routing, so the ACLs we had in place now actually work!  :D
<teward> since that's all done i can relax a bit now heh
<dpb1> teward: sounds fun actually. :)
<teward> dpb1: well, doing the overhaul was.  Cleaning up the fires afterwards, not as much.
<teward> but yeah, nacc and the rest of the Server team did a very good job with the merge, so +1 to them for helping me out :)
<dpb1> teward: haha, yes.  the fun ends when you have to support it
<teward> well, considering the *state* of the network before we did this
<teward> it was already at an unsupportable cluster**** of a network so we fixed that to make it *less* of one :P
<teward> still got a complete nuke-and-redo on the radar but :p
<teward> that's a longer term plan :P
<teward> dpb1: I will say this though:
<teward> merges are easier than having to introduce *new* binary packages for a MIR :p
 * teward shivers when he remembers the MIR of nginx back in the 14.04/14.10 era
<sarnold> teward: they're not all that bad :)
<apb1963> Is there a reason why /bin/false is not in /etc/shells?
<teward> apb1963: `/bin/false` isn't a shell?
<dpb1> man
<teward> probably, anyways.
<dpb1> that would be an awesome shell
<dpb1> I think actually in the old days it was used in /etc/passwd
<teward> apb1963: `/bin/false` can be *used* as a shell assignment to prohibit logins but it's not a shell in and of itself
<dpb1> maybe still?
<teward> dpb1: still is for some system users.
<sarnold> apb1963: heh, tough choice .. ask the service to knock someone out *before* executing false? or trust false hasn't been boogered up?
<teward> or at least a few in a custom installation system.
<dpb1> yes
 * teward still uses it to deny certain system accounts from logging in :P
<dpb1> you are right
<dpb1> apb1963: anyway, what's your question behind that one
<teward> sarnold: with the help from infinity and the rest of the teams, the nginx MIR was pretty painless.  Can't say that for every MIR or package introduction though.
<apb1963> well, I only ask because https://help.ubuntu.com/lts/serverguide/ftp-server.html recommends adding it... although they call it "nologin".. but same idea
<apb1963> so, I think that's got to be a bad idea.
<sarnold> teward: yeah, nginx was around the middle-point I think. pcp took a *lot* more time and effort from a lot more people .. thunderbolt-tools (which I did last week) was really just a few hours of reading and done.
<teward> apb1963: well, /usr/sbin/nologin is *not* /bin/false, but...
<teward> I think the answer is "Use your judgement"
<apb1963> that's not really an answer... was hoping for something more definitive.
<teward> sarnold: well most of the evils of the NGINX MIR were the third-party utilities/plugins
<teward> apb1963: i'm balancing multiple things patience is a virtue
<apb1963> ok
<teward> I think i'm going to ask you a more pointed question though
<teward> why the heck do you need to set up an FTP server
<sarnold> hehe
<teward> and what does SFTP *not* provide that needs you to resort to an FTP server?
<teward> FTP is evil and is 99% a plaintext protocol that deserves to be incinerated
<sarnold> if only sftp had an easier anonymous mode..
<apb1963> SFTP?  I thought ftps was the be-all and end-all of ftp security.
<teward> *twitches*
<teward> apb1963: SFTP is SSH tunneled, versus FTP with SSL.  SFTP has some other mechanisms in it too.  But you didn't answer my question ;)
<teward> which was "Why do you need an *FTP* server"
<apb1963> Because wordpress in all its wisdom and glory, requires it.
<teward> fun fact: tftpd + configuration + localhost only bind == sane
<apb1963> at least... to install plugins
<teward> let me check what I do on my WP instances... *grabs his SSH keys*
<sarnold> sftp is actually a well-specified protocol; directory listings can be machine parsed reliably. ftps relies upon a human to read the ls output and make sense of it. machine parsing that output is a best-effort kind of thing
<sarnold> I don't know if ftps actually handles early termination well or if it requires proper tls termination..
<apb1963> honestly, it doesn't matter to me which protocol... as long as wp finds it acceptable, I'm happy.  The problem is that what I read about SFTP seemed more complex than ftps.
<apb1963> and I like simplicity
<teward> apb1963: using it for WP is a no-go
<apb1963> Considering I'm going to set it up once and forget it, I'd rather not have to read War & Peace to figure it out.
<apb1963> teward, "it" being?
<teward> SFTP
<teward> FTPS is also evil and TBH Wordpress can access it locally without SSL
<teward> my FTP for my WP systems only listens on localhost on a nonstandard port, and is pretty darn basic otherwise
<apb1963> well it wants an ftp login to proceed with installation of a plugin
<apb1963> so i'm just trying to make it happy
<sarnold> ew
<teward> well
<teward> my `ftp` user has `/bin/false` for the FTP Daemon user
<teward> but I don't add dedicated FTP users
<dpb1> teward: and /etc/shells?
<dpb1> on that same server
<teward> dpb1: getting there hang on
<teward> but keep in mind that *that* user's setting is irrelevant
<apb1963> I was thinking that the right way to go would be to change /bin/false to something in /etc/shells already
<dpb1> whatever user WP users, is what I'm asking, I think.
<teward> because to edit a wordpress dir, FTP and the user logged into it *still* needs permissions
<teward> dpb1: my WP uses my own user login locally
<dpb1> ah
<teward> so it *can't* have anything but a legitimat eshell
<teward> dpb1: this being said, my website roots all have custom ACLs to permit my user read/write outside of the www-data user and group
<teward> but again, paranoid insane maniacal security guy here :)
<teward> so ACLs are fun
<dpb1> apb1963: If you want a "non-interactive" user to use FTP, I'd go the other way
<teward> ^ this
<apb1963> dpb1, what's the other way?
<dpb1> basically, follow the wiki guide
<dpb1> add /bin/false to /etc/shells
<teward> dpb1: he'll still have to mess with permissions for the wordpress docroot
<dpb1> but keep your FTP listening on localhost only
<teward> even with a noninteractive user
<apb1963> dpb1, And allow all the uid's with /bin/false as a shell, shell access?
<dpb1> apb1963: I don't think it would change anything for things other than ftp
<dpb1> try it
<dpb1> if you ssh into a server and the shell is /bin/false and that is added to /etc/shells
<dpb1> what happens?
<apb1963> It changes everything for any uid with /bin/false as a shell... presumably there's a reason why they're disallowed login.
<teward> *tests something that dpb1 is talking about in a container*
<dpb1> irdk what the side effects are, other than vsftp caring
<apb1963> dpb1, See, I'm not a security expert... and when people tell me to do what seems to be the equivalent of chmod 777... yeah, that works.. but is it wise?
<apb1963> Right, I don't know the side effects either.  And that's why I'm here... to get those answers.
<teward> apb1963: adding /bin/false to /etc/shells won't let them login
<teward> because it autokills the connection instantly
<apb1963> you tried it?
<dpb1> but that is just ssh
 * sarnold sees a 777 and falls over
<dpb1> I don't know what other side effects there are
<apb1963> Right... none of us appear to know
<apb1963> The fact that it autokills (sure, it executes /bin/false and done), doesn't mean a gaping security hole might have been opened up.  We just don't know.
<teward> https://paste.ubuntu.com/p/c3df2fxRFV/ shows the example
<teward> apb1963: yes I did, in an LXD container running 16.04 inside it
<teward> apb1963: well if the FTP server is listening only on localhost I don't think there's that much of an issue
<teward> but I also can specify /bin/false *as* a shell ***without*** editing /etc/shells
<sarnold> a decade ago I read a nice thing about .. openbsd? openwall? and their /bin/false and what they did to make it bulletproof..
<apb1963> There you go.  The fact that such an article even exists is proof of what I'm saying... it could be a security issue.  We just, don't know.
<teward> apb1963: I could make the argument that there is *still* holes inside any implementation of any controlsystem to restrict users
<teward> keep that in mind that 'security' is never truly bulletproof
<apb1963> And, unless someone sees a reason I shouldn't give ftp a real shell... or, perhaps even a new wpftp user.
<teward> anything you do is an accepted risk
<dpb1> apb1963: https://serverfault.com/questions/328395/nologin-in-etc-shells-is-dangerous-why - in the absence of any one else chiming up, here's what I'd do.  copy /bin/false to /bin/false-ftp, and set the user you have designated for unattended access for WP to that.  then add that to /etc/shells
<teward> ^ that
<teward> but consider that you don't *need* to put anything in /etc/shells to use it as a shell
<teward> so for your FTP 'system' user you can manually force it to be anything not in /etc/shells
<sarnold> well now I'm confused as hell http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/false/false.c?rev=1.1&content-type=text/x-cvsweb-markup
<apb1963> dpb1, yeah, that's along the lines of what I was thinking... but the /bin/false-ftp is a great idea.
<teward> but consider if the FTP server only listens locally, you still need to *breach* the server to get to the FTP server to exploit.
<apb1963> teward, you lost me on the manual forcing.
<apb1963> teward, or more precisely.... the part about "not" in /etc/shells.
<teward> apb1963: `usermod --shell /bin/false USERNAME` <-- forces the  shell to be /bin/false or anything else I want it to be, regardless of what valid login shells are in `/etc/shells`
<teward> again, writing up an example but LXD is slow
<apb1963> Yes
<apb1963> oh and thank you for that... I was searching for that command earlier
<dpb1> sarnold: haha
<sarnold> dpb1: cute right? :)
<teward> oooh i discovered an evil
<teward> dpb1: for local allowed users, `/bin/false` and `/usr/sbin/nologin` both prevent FTP logins over FTP proto
<teward> s/allowed users/users/
<dpb1> what ftp are you using
<teward> bog standard `ftp` on the command line
<teward> and Filezilla
<teward> with vsftpd server in a container
<dpb1> server, I mean
<dpb1> ah ok
<teward> which coincidentally is what the server guide is saying to use :p
<teward> only worked when I put a shell to the user, and that user is a bog-standard no-privs user
<sarnold> for good reason, least bad option :)
<dpb1> teward: so, you tried /bin/false in /etc/shells ?
<teward> dpb1: i'm testing everything standby :P
<dpb1> teward: also make sure you restart vsftpd
<teward> dpb1: already did.  twice ;)
<dpb1> heh
<dpb1> teward: I mean, ya, you are just trying out the instructions and they are not working.  -> fail
<teward> oh interesting.
<teward> dpb1: OK so...
<teward>  /usr/sbin/nologin did not work, until it was in /etc/shells
<teward> but this is with a local user purpose-created to be a 'service' user
<teward> fails for /bin/false without it being in /etc/shells
<teward> worked when added to /etc/shells
<teward> not sure how my other system works though maybe because i'm logging into an interactive user.
<dpb1> ah
<dpb1> ok
<teward> in either case, whatever shell you give the user has to be in /etc/shells either way
<dpb1> sounds fine then
<teward> so whether it's /usr/sbin/nologin or /bin/false
<teward> it still needs to be added to /etc/shells
<dpb1> good
<teward> even if the user that you login to is a purpose-built user custom added to the system for a specific purpose
<teward> (just don't give the user perms anywhere beyond its purpose heh)
<apb1963> I lnked /bin/false to /bin/false-vsftp and added /bin/false-vsftp to /etc/shells
<apb1963> Unfortunately, I can't yet test it since vsftpd fails to come up.
<dpb1> boo
<apb1963> Apr 09 12:43:08 yellow systemd[1]: vsftpd.service: Main process exited, code=exited, status=2/INVALI
<apb1963> "That's all we know"
<teward> apb1963: run vsftpd directly as root and see what actual error it gives?
<teward> systemd doesn't do a good job at showing errors for everything :P
<apb1963> 500 OOPS: missing value in config file for: /etc/letsencrypt/live/template.greetonix.com/fullchain.pem
<teward> apb1963: my suggestion: don't set up FTPS, just set up FTP, set it to listen 'locally', and pass 127.0.0.1 and user creds to Wordpress
<teward> since it doesn't initiate a connection from oyur computer to the server for FTP, it just does a local instance
<teward> you don't need encrypted FTP for Wordpress to connect locally if it's not leaving the system for communication.
<apb1963> I suppose that's reasonable
<teward> and by locally I mean add listen_address=127.0.0.1 to the vsftpd.conf config
<teward> and then only use FTP from wordpress -> vsftpd
<apb1963> actually... after a bit more thought.. isn't wordpress connecting my site to the plugin site?
<teward> FTPS is more needed if you're working with a remote filesystem, though, but local -> local is usually a "Why bother the estra step"
<teward> apb1963: where does Wordpress actually sit?
<teward> assume that it's on 1.2.3.4
<apb1963> ok
<teward> if I tell it to connect to localhost, the wordpress *via php on the server 1.2.3.4* is connecting to 127.0.0.1 - which is itself
<apb1963> no.. you're missing the point.  The plugin is elsewhere.  Call it 5.6.7.8  How does the file get from 5.6.7.8 to 1.2.3.4 ?
<apb1963> Is it over https?  Or ftp(s)?  Or maybe even something else.
<teward> apb1963: how're you installing the plugin?
<apb1963> through wp
<teward> Plugins > Add New, and then from that catalog?
<apb1963> yes
<teward> it downloads the file locally and then FTPs it into its own work directory
<apb1963> although I'll be using the wp-cli
<teward> it doesn't create an FTP connection from your system -> remote location
<teward> it just pulls the file down to a temp dir, uploads the plugin via FTP to its own server, and then does the install once it's uploaded/unzipped
<RoyK> why would people use FTP in 2018?
<lynorian> I don't know
<apb1963> ok.  so over https then.  If that's true, then I guess it's ok to eliminate ftps in favor of ftp
<apb1963> RoyK, ask the wordpress developers
<apb1963> teward, thank you for the insight
<teward> yep.
 * apb1963 goes back to configuring
<sarnold> "because wordpress" is a pretty summary :) hehe
<nacc> dpb1: rbasak: fyi, up to ~4400 packages imported, which means we're in the last 500 or so, iirc
<nacc> definitely some more failures, but we'll see the result once it's all done
#ubuntu-server 2018-04-10
<Drag0nhunter> hi all
<cpaelzer> Good morning
<lordievader> Good morning
<Neo4> Hi
<Neo4> What is difference between trusted and untrusted certificate?
<Neo4> Why validated certificate is secure and self signed not secure?
<Neo4> who know scheme how PKI works?
<Neo4> server has privet key, then it gives user public key and user encrypt data using this public key yes?
<Neo4> guy who is sitting on the middle can get public key but he can't decrypt data encrypted by user, It can only do server who has privet key or other person with privet key
<Neo4> I have many questions, Who know answers?
<mojtaba> Hello, do you know how can I encrypt my home directory and swap partition after installation of the ubuntu?
<Neo4> mojtaba: no
<Neo4> how does SSL/TLS work?
<mojtaba> Neo4: Thanks for your participation.
<mojtaba> Anyone else?
<Neo4> we have server and user who speak with server,
<ducasse> mojtaba: there are scripts for that in the ecryptfs package
<Neo4> server send public key for user, and how user can get encrypted server massage?
<mojtaba> ducasse: Even for swap partition?
<ducasse> Neo4: this isn't an ubuntu question, look for an appropriate channel or ask in #freenode
<ducasse> !alis | Neo4
<ubottu> Neo4: Alis is an IRC service to help you find channels. For help on using it, see "/msg Alis help list" or ask in #freenode. Example usage: "/msg Alis list http"
<ducasse> mojtaba: yes
<mojtaba> ducasse: thanks
<Neo4> user send server encrypted messages by public key, but how can server encrypt messages for user understand them?
<Neo4> ok
<Neo4> ducasse: ok
<lordievader> Neo4: A self signed cert is untrusted because the chain of trust cannot be validated.
<Neo4> lordievader: and I need full scheme PKI - public key infrustructure, Do you know how it works?
<lordievader> You need a trusted CA (like LetsEncrypt or Verisign, etc) to sign your certificate. That way a browser can validate the chain of trust.
<Neo4> lordievader: and I'm interesting in WHMCP web host manager control panel, We must use it? Can you give recomandation how to set up VPS on ubuntu and all needed applications
<lordievader> How you set up your VPS is up to you, how you want it, what purpose it serves, etc.
<Neo4> lordievader: yes, do you know Main in the middle attack?
<lordievader> Yes? What about it?
<Neo4> lordievader: I want to set up it using standard
<Neo4> lordievader: and explain how valid certificate will protect you from tampered request?
<lordievader> You lost me. Do you want to set up a web server?
<Neo4> I want
<Neo4> I did it but it difficult support and envision situation I find a client and offer him creat site on wordpress and what I must set up on VPS?
<Neo4> it might have to be WHMCP at least?
<Neo4> he won't use command line
<lordievader> I'm sorry I don't understand what you are saying.
<Neo4> lordievader: can you give recommendation on this account?
<lordievader> What is your native language? Perhaps there is a native Ubuntu support channel for you. Might be easier.
<Neo4> lordievader: no, I wholly understand you
<Neo4> lordievader: what is your English level?
<Neo4> I'm good in English enough for speak about, intermediate level it's very high
<lordievader> Neo4: I understand you want to setup a web server. What you want furthermore is unclear to me.
<Neo4> lordievader: See let's I approach to you fro other side. What applications do you install on your VPS, For it should be some standard set of apps that so called 'must have always'
<Neo4> lordievader: I want control panel
<Neo4> Does exists some standard for VPS?
<lordievader> I don't run a control panel. But there are many available. Look for what you want and install that, I'd say.
<Neo4> lordievader: it's like for hosting, What is for hosting necessary?
<lordievader> Depends on what you want to offer. If you want one-click installs of Wordpress, for example, the demands are quite different than if you only want to host static HTML pages.
<Neo4> lordievader: compare usual shared hosting, and we need all of that put in ours, Do you see there always exists WHMCP? Always, User won't create it manualy or hire specialist for add subdoman, Obviously we need Control panel, I think about webmin
<lordievader> In other words, read into the topic, setup a list of requirements, then install whatever is needed to meet those requirements.
<Neo4> lordievader: I want to offers standard servise, creating sites on wordpress, Client pay me, I will buy domain, set up VPS, set up wp site and give users access to site, to control panel, I want something like this
<Neo4> lordievader: plan?
<Neo4> you are right
<lordievader> I believe cpanel does most (or all) of that.
<Neo4> lordievader: Cpanel is paid, and client usually wants all for free
<Neo4> they want pay for Cpanel, we can predict this variant as well, cPanel or ISPmanager only when we get rich client, for star will use some free like webmin, Do you agree?
<Neo4> from free panels webmin is the best?
<lordievader> I have no idea. I rarely do anything  with web panels. Dislike them.
<Neo4> it is said that webmail is the most popular for nodays
<Neo4> lordievader: you are like me :)
<TJ-> Has anyone prepared a bootable image for a PCEngines APU2 ?
<_ruben> TJ-: i installed mine using the netinstaller from an usb stick
<TJ-> _ruben: I'm trying to pre-build a bootable image, don't want to use an installer on the device, was trying to figure out the layout
<RattleBattle79> is ubuntu 18.04 supposed to ship with that live thing?
<_ruben> TJ-: layout of what?
<TJ-> _ruben: sorted it, the USB boot device I was using had too old a kernel on it
<_ruben> ah :)
<TJ-> I'm trying not to disturb pfsense so I can archive it, then replace with 18.04, and want to explore first
<TJ-> _ruben: also was in an embedded ARM mindset forgetting this thing is x86 :)
<ddstreet> smoser hi, re: lp #1686437 it looks like your merge request has to be actually merged by someone from the server team... freyes has acked it, so should be ready to merge and then upload i think
<ubottu> Launchpad bug 1686437 in simplestreams (Ubuntu Xenial) "[SRU] glance sync: need keystone v3 auth support" [Medium,Confirmed] https://launchpad.net/bugs/1686437
<ddstreet> we can upload to xenial if you don't have time, but i don't think we can merge into simplestreams:ubuntu/xenial-devel repo
<smoser> ddstreet: if you want to ACK that merge proposal i'm ok to upload. but really i just put the merge proposal to provide something to easily test.
<ddstreet> smoser ok cool, thanks, will do
<nacc> ddstreet: smoser: it's not a 'real' merge
<nacc> ddstreet: smoser: someone just needs to upload tag it in the repo (for now) and then dput can be done
<nacc> smoser has such permissions
<ddstreet> ok yep...i'm not familiar with where simplestreams upstream is, so i assumed it was proposing upstream merge
<ddstreet> i'll do review of diff in MR and ack it, and let smoser do the uploading
<nacc> ddstreet: we have recently started toggling the 'default' Git repository in Launchpad for source packages we imported to our repository
<nacc> ddstreet: so the URLs have changed
<ddstreet> nacc is there documentation yet around how to use git-ubuntu to 'commit', i.e. upload?
<ddstreet> i don't remember there being any docs on how to do that
<nacc> ddstreet: not really, as it's going to change anyways
<nacc> ddstreet: the eventual goal is to have `git ubunt build` write the hash of the commit being built into the source pacakge
<nacc> ddstreet: then the importer can look for that special field in the source package publication downloaded and use that to search Launchpad (via an API)
<ddstreet> ok, so for now i should stay with the legacy sponsor/upload mechanism and wait before i get into using git-ubuntu for actual sponsoring/uploading...?
<nacc> ddstreet: right, the issue is that there is a limited permission set that can create tags (current method for giving 'rich history')
<nacc> ddstreet: we don't necessarily want to broaden that, because those users can also fubar the repositories, if they aren't careful
<nacc> ddstreet: you can always still dput like normal, after just using the MPs for reviews
<nacc> ddstreet: you just won't get 'rich' history in the imported commit
<smoser> even without the process or the tag in place, the merge proposal provides a very good way to review and share code
<smoser> the tag and push on top of that is useful, but for many things (such as this) its only a bit of icing
<nacc> right, that's my point just now
<smoser> in my opinion.
<nacc> yeah, especially for single changes
<smoser> where the merge process and code sharing is the big thing.
<nacc> because the git diff you get after import is almost the same
<smoser> signed tag and push with magic launchpad upload, that would seal it all up.
<nacc> smoser: right, we're going to (avoid) the signed tag bit, by the fact that you sign the upload
<nacc> at least, that's my understanding, for now
<smoser> nacc: right. i was saying in future world where launchpad signed the upload
<smoser> based on me signing the tag
<smoser> i thoguht that was a goal.... getting rid of the upload stage.
<smoser> but anyway.
<nacc> smoser: yeah, we may or may not ever get to that
<nacc> smoser: but yeah, that's future+2 :)
<smoser> ddstreet or freyes please ACK https://code.launchpad.net/~smoser/ubuntu/+source/simplestreams/+git/simplestreams/+merge/341215 also
<freyes> smoser, ack, will review for artful as well
<ddstreet> smoser i'll let freyes ack it, and i asked wolsen (more familiar with cloudy stuff than me) to review/ack them too
<Guma> 	I was wondering if any one can share some good documents how to strengthen openssh server? How to disable various old cyphers and best practices
<Guma> I do not care about compatibility ... Just most secure and up to date
<dpb1> Guma: I'd suggest: https://askubuntu.com/questions/2271/how-to-harden-an-ssh-server?answertab=votes#tab-top
<tomreyn> https://cipherli.st/ -> OpenSSH Server
<JanC> rate limiting connection attempts to the server is probably useful too
<lucas_ai> Anyone know how to make realtime video streaming that can be embedded in HTML or Iframes? Real time meaning less than 200ms delay. Similar to video conferencing found in facebook, skype, hangouts, etc.
#ubuntu-server 2018-04-11
<hehehe> hrhr
<hehehe> is sarnold  here?
<hehehe> :P
<sarnold> hey hehehe
<ltxda> Hi all.  Anyone available to help me determine if it's possible to extend the /boot partition by using lvm tools in Ubuntu 14.04LTS?
<ltxda> The system is a VM within VMWare and I've already expanded the drive through the hypervisor by adding another 12GB of space.
<ltxda> I need help extending /boot into the available space if anyone is available to help.
<bradm> ltxda: if /boot is the first partition on the disk I'm not sure it's going to be easy - it needs contiguous space to extend onto
<ltxda> bradm, ok thanks and yea i think it's the first partition.  I found out how to do it but if you're right i'll have issues with this.  We'll see how it turns out.
<ltxda> bradm , i'm going have to research if it matters when using lvm.  I have the steps that I need to take but now need to find out if what you mention will give me problems accomplishing this.
<ltxda> bbl8r
<bradm> ltxda: ah, actually yes, you could probably add another partition to it
<Hey__> anyone familiar with MAAS.. as I'm stumpped and #maas is a graveyard.
<sarnold> hey Hey__. it is a bit late for NA and not yet time for europe to wake up ..
<Hey__> lol
<sarnold> I've read some of the maas docs, but can't claim any experience
<Hey__> This has been going on 3 days. I'm drowning and I don't  know why.
<Hey__> the docs are pretty.. but quite vague
<Hey__> I'm hurtin over here bud.
<dpb1> Hey
<dpb1> oh well
<sarnold> d'oh :/
<cpaelzer> good morning
<m1dnight_> Hey guys. I'm trying to figure out how the filesize of qcow2 files works. I understand that they're dynamically allocated, and don't actually occupy the space on disk. but LS shows the max size of the file.
<m1dnight_> And I noticed that when I transferred it to another machine using scp it actually transferred the disks' max size?
<bradm> m1dnight_: its a sparse file - try doing a du on it.  and when you copy it via scp it becomes no longer a sparse file
<m1dnight_> aha. that makes sense bradm. I'll google on how to compresss parse files then. thanks a lot.
<bradm> m1dnight_: or i think you can use ls -lsh on a file too, that'll show you the size difference
<pulsar12> where the setting that controls ufw enabled/disabled is stored?
<pulsar12> i see: "/etc/ufw/ufw.conf"
<fernie> hi, so how do you create ESP in this new subiquity installer, the only options are ext4,xfs,btrfs
<Mava> errmm what ? ESP ?
<Mava> fernie: you mean like encapsulated security payload ?
<fernie> the fat formatted partition needed by UEFI
<Mava> ach  =)
<Mava> stupid me..
<fernie> :)
<fernie> oh well, this partitioning seems to be totally broken as it also fails to read any existing partitions/filesystems on disks
<Mava> fernie: is the subiquity some juju based installer thingie ?
<Mava> i'm interested to hear whats the goal in general?
<fernie> its the new installer in 18.04 server
<fernie> had some free time, tried the beta2 image. at least the autopartitioning says it will create fat32 /boot/efi. but manual partitioning not in good shape
<foo> Ubuntu 14.04 - uname -a shows this kernel:  3.13.0-24-generic - digital ocean says I want to be on Ubuntu 14.04: kernel 3.13.0-139-generic to be relatively secure - am I?
<foo> I'm not sure looking at the numbers if I'm on 3.13 or 3.13.0-24 which I assume is greater than 3.13.0-139
<foo> actually, if these are my kernels: https://paste.ofcode.org/7uur9nFLMSFaxkyVanUjNd
<foo> It seems it's not defaulting to the latest, correct?
<ahasenack> foo: what's the full output of uname -a?
<foo> ahasenack: Linux bre 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
<ahasenack> foo: and dmesg|head -n 1
<foo> # dmesg|head -n 1
<foo> [    0.000000] Initializing cgroup subsys cpuset
<ahasenack> hm, I was hoping for sometihng like
<ahasenack> [    0.000000] Linux version 4.15.0-13-generic (buildd@lgw01-amd64-023) (gcc version 7.3.0 (Ubuntu 7.3.0-11ubuntu1)) #14-Ubuntu SMP Sat Mar 17 13:44:27 UTC 2018 (Ubuntu 4.15.0-13.14-generic 4.15.10)
<ahasenack> can you look for something like that in the full dmesg output?
<ahasenack> just to see if it's an ubuntu kernel, or a digital ocean one
<foo> abhttps://paste.ofcode.org/LmVNSjd7EvkkGhWjT8anZD
<ahasenack> some time ago I had to use kexec to boot ubuntu kernels in their instances, because they were supplying their own kernel
<foo> Main concern is to be on latest kernel to have relative patching from Meltdown and Spectre
<foo> ah
<ahasenack> do a dpkg -l|grep linux-iamge
<ahasenack> sorry
<ahasenack> do a dpkg -l|grep linux-image
<TJ-> foo: is the meta package installed?  "apt-cache policy linux-image-generic"
<ahasenack> your earlier paste showed linux-headers
<foo> ahasenack: ahh. https://paste.ofcode.org/AhBqykUSi8e2wu27PATx8U
<foo> TJ-: hmm, yes https://paste.ofcode.org/36HYSQKyBeaaaBwUSXy4U2b
<TJ-> foo: right, that's good (sometimes people remove that and it stops fetching the latest kernels)
<foo> ahh
<TJ-> it always depends on the latest linux-image-<version>
<foo> so it looks like I have the latest installed but it's not being used, correct?
<ahasenack> right
<foo> Hmm, I wonder what would cause that
<ahasenack> in fact the one you have booted into also doesn't seem to be installed
<TJ-> correct. so either the GRUB config is not updated, the default is set to something other than 0, or the initrd.img files haven't built
<ahasenack>  3.13.0-24.47 is installed, not .46
<TJ-> ahasenack: that'd suggest the kernel came from the hypervisor side wouldn't it?
<ahasenack> could be
<foo> TJ- / ahasenack - this is the end of an apt-get autoremove https://paste.ofcode.org/N8Nd3bBYYZq6PyAVUa22Ej
<ahasenack> foo: can you find a 3.13.0-24.46-generic kernel somewhere in /boot?
<TJ-> foo: I'm not familiar with D.O.; are you able to choose the kernel the droplet boots with on the management side, or change that to boot with the guest kernel ?
<foo> ahasenack: I see 3.13.0-24 in https://paste.ofcode.org/sDE3ur6mkSy65VgqrBN6XN
<foo> TJ-: I can probably get into a console to see if I have the option during a reboot. Although, it might make sense to check my grub conf to see if I can select it there? I'm rusty and not sure on proper conf for this
<ahasenack> also check the symlinks in / and /boot
<foo> ahasenack: nothing obvious in / that looks like a kernel
<foo> and /boot is https://paste.ofcode.org/sDE3ur6mkSy65VgqrBN6XN
<foo> I wonder if it's worth looking at my grub conf?
<ahasenack> there is usually a symlink at / to a kernel image inside /boot
<ahasenack> yes it is
<foo> vmlinuz -> boot/vmlinuz-3.13.0-144-generic
<ahasenack> (worth it, I mean)
<foo> initrd.img -> boot/initrd.img-3.13.0-144-generic
<foo> ahasenack: is that /boot/grub/grub.cfg ?
<ahasenack> yeah, and it's a bit more complicated nowadays
<ahasenack> that file is generated
<foo> apparently, this looks different, heh.
<ahasenack> it's generated from scripts in /etc/grub.d
<foo> ahasenack: https://paste.ofcode.org/z8qjCiPXGYB2snt4drPRgu
<foo> ahasenack: I see
 * foo looks to see if he can find where it's set to selecting wrong kernel
<foo> I believe 3.13.0.144.154 is the one I want
<foo> 3.13.0-144
<foo> I mean, it is in there, at the top
<TJ-> foo: grep DEFAULT /etc/default/grub   --- should be 0
<foo> GRUB_DEFAULT=0 - yup
<ahasenack> if all there looks fine, then I think it's booting from a kernel outside of the guest. Then you should install kexec-tools, take a peek at /etc/default/kexec (iirc) and reboot, it will replace the kernel
<ahasenack> replace the running kernel, I mean
<TJ-> foo: follow this advice for configuring the internal kernel management  https://www.digitalocean.com/community/tutorials/how-to-update-a-digitalocean-server-s-kernel
<foo> TJ-: heh, good find.
<foo> TJ- / ahasenack - really appreciate your help in troubleshooting, thank you. What I gather: my system currently is using a kernel outside my system, and with this link from TJ- - I may be able to set it to use the latest via web interface and/or use the one my grub conf is set to you
 * foo checks
<TJ-> foo: that's correct
<ahasenack> that's quite the page :)
<TJ-> I think it is because they switched from the Xen hypervisor to KVM
<foo> ahasenack: ha, right.
<foo> I want x64 - right? Linux bre 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
<foo> That's what I have now
<foo> I believe this is the latest I can get https://screencast.com/t/Oko2ocnew
<foo> Their page that went out to everyone recently said to be on kernel 3.13.0-139-generic per https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities
<foo> I suspect Ubuntu 14.04 x64 vmlinuz-3.13.0-91-generic is the newest/latest - I can't scroll past that. Agree?
<TJ-> foo:  you do not select a kernel version in the droplet management console
<TJ-> on the outside you select the DigitalOcean GrubLoader
<foo> TJ-: thank you, I got ahead of myself - I see it now
<foo> rebooted, there we go: Linux bre 3.13.0-144-generic #193-Ubuntu SMP Thu Mar 15 17:03:53 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
<ahasenack> \o/
<foo> TJ- and ahasenack - again, thank you guys - really appreciate it! I believe I'm as protected as I can be from from meltdown and spectre now
<ahasenack> foo: you can check dmesg for that
<ahasenack> things like
<ahasenack> [    0.033497] Spectre V2 : Mitigation: Full generic retpoline
<ahasenack> [    0.033498] Spectre V2 : Spectre v2 mitigation: Filling RSB on context switch
<ahasenack> and
<nacc> there's also a tool on github, iirc?
<ahasenack> [    0.000000] Kernel/User page tables isolation: enabled
<ahasenack> foo: and the contents of the /sys/devices/system/cpu/vulnerabilities directory
<foo>     0.022819] Spectre V2 mitigation: Mitigation: Full generic retpoline
<foo> [    0.023577] Spectre V2 mitigation: Speculation control IBPB not-supported IBRS not-supported
<foo> great
<roaksoax> win 8
<jamespage> coreycb: there was a build failure for eventlet due to ssl changes - I'll take a peek
<jamespage> from doko's rebuild
<coreycb> jamespage: ah great thanks, saw that email
<coreycb> jamespage: there are a few others under ubuntu-server that are ours. i'll take a look.
<coreycb> jamespage: i'll look at privsep and taskflow for now
<jamespage> ta
<jamespage> coreycb: ok the eventlet one is a pyopenssl iisue
<coreycb> ok
<lordievader> Good evening
<RoyK> anyone that can suggest a good, easy-to-manage email/groupware system like zimbra which isn't zimbra?
<teward> RoyK: that's on-prem or what?
<RoyK> yes
<teward> there's a ton of 'cloud' based systems that do this.  I don't know of any truly 'good' ones beyond Zimbra for on-prem though
<RoyK> I like zimbra, but it's a PITA administration-wise
<teward> hate to say it but they're all a PITA to maintain
<teward> or admin.
<RoyK> I meant maintainance
<RoyK> admin is nice
<teward> same problem for maintaining :P
<teward> RoyK: Zimbra is unique, I believe, in ease-of-management/admin.  There's things like Horder or Kolab, but I've never used them so I can't vouch for them (I just ran the Zimbra community edition for most needs... wasn't *too* hard to maintain...)
<TJ-> groupware is generally a complex system
<teward> (sorry that i'm not too helpful in this case :/)
<teward> agreed with TJ-
<TJ-> but there's always NNTP+SMTP and choice of frontends
<sdeziel> RoyK: there is kopano (old zarafa) but I never tried it
<coreycb> jamespage: taskflow is fixed
<RoyK> teward: zimbra isn't too hard to maintain unless you need an OS update and then it easily gets dirty
<teward> RoyK: you could say that for all services thoug
<teward> assuming you mean OS update as in 14.04 -> 16.04
<teward> and not in-place security upgrades
<RoyK> in-place updates are no problem
<teward> RoyK: with any Groupware, I'd sooner spin a replacement server, then do a data migration between the two (Zimbra has a Zimbra -> Zimbra migration tool), then retire the 'old' server.
<teward> that's actually the least painful process.
<teward> all those groupware solutions have the same intolerance for system distribution upgrades
<teward> because library dependencies, etc.
 * dpb1 likes the gapp suite
<dpb1> ... so is staying out of the convo. :)
<JanC> there is also OpenGroupware (never used myself)
<ahasenack> I wonder if somebody ever charmed the individual components of a groupware solution
<ahasenack> the reason they usually "take over" a system is because they are hard to configure
<JanC> Zentyal also has mail, calendar, etc.
<JanC> https://en.wikipedia.org/wiki/List_of_collaborative_software might be useful as a starting point for finding something
<teward> JanC: I bet each of them though is sensitive to OS upgrading though, in that you can't easily upgrade between OSes and expect the collab. solutions to 'just work'
<teward> which is one of the reasons that RoyK was complaining about.
<JanC> well, that would also depend on upstream
<JanC> the same is true for most "hosting control panel" software, but there are some that work well on at least one distro...
<teward> Groupware is its own type of hell though with dependencies, so that stuff isn't OS Upgrade friendly.
<JanC> it just depends on how upstream tests on multiple distro versions...
<JanC> (or doesn't test)
<JanC> and some solve this by providing their own (derivative) distro, I guess  :)
<Checkmate> Hi guys
<Checkmate> i have disk full 100%
<JanC> that's not good...
<dpb1> :)
<Checkmate> How to fix the problem
<Checkmate> df -h https://pastebin.com/raw/mE7dx4qe
<JanC> Checkmate: do you know why that happened?
<RoyK> iirc Canonical wanted to embed Zimbra into their server, but failed to do so because of a ton of irregularities
<Checkmate> JanC i just installed mysql phpmyadmin apache uploaded 1 database to test and thats happening
<RoyK> this was some years back
<JanC> Checkmate: you can try to remove unnecessary things
<Checkmate> JanC you have ideas how i can fix the problem i have already 1TB at home
<JanC> like the local cache of downloaded .deb packages
<ogra_> du -hcs /var/cache/apt
<ogra_> see whats in there
<RoyK> - mysql is a network-attached spreadsheet used by pr0n sites and other dodgy entities across the Internet.
<JanC> RoyK: and banks
<RoyK> I seriously doubt any bank would dare use mysql/mariadb
<Checkmate> ogra_ not too much on the archive /var/cache/apt/archives 145MB
<ogra_> well, better than nothing :)
<JanC> if there are packages you don't use anymore, you can also remove them
<Checkmate> I want to resize or move the files from /dev/root to /home
<ogra_> sudo apt-get clean
<RoyK> for fuck's sake - mysql/mariadb is *bad* compared to postgresql
<nacc> RoyK: please watch your language
<RoyK> omg
<rbasak> nacc: on bug 1762976, I understand what you mean now. Though I'm not sure the extension should be visible from a UX perspective. What if we followed the same system as reimport/* for these?
<ubottu> bug 1762976 in usd-importer "Imported tags have .gz suffix" [Undecided,Invalid] https://launchpad.net/bugs/1762976
<RoyK> that one again
<nacc> RoyK: also ... what is your point? no one is forcing you to use mysql
<nacc> rbasak: you'd need to reimport the world :)
<RoyK> nacc: it was mentioned - whatever
<rbasak> nacc: we'll be doing that anyway :)
<nacc> rbasak: yeah, i meant it would require leaving code in place that knows both version of the tags until you do
<nacc> or build won't work
<JanC> Checkmate: are you using LVM? otherwise resizing is going to be hard...
<RoyK> do yo have to be a christian to chat here? no swearing, no talking about what may be badâ¦
<nacc> RoyK: please read the policies
<RoyK> nacc: I've read them a few times - it's supposed to be "family friendly", meaning none of the ones around you in the family ever swears
<ogra_> RoyK, you are long enough in ubuntu channels that you should know the rules
<nacc> RoyK: i'm not sure what your issue is today, but you've been civil before. try to go back to that
<RoyK> ogra_: and I've been here long enough to loath them, yes
<Checkmate> JanC could you tell me the steps
<rbasak> RoyK: please either follow the rules or leave.
<RoyK> nacc: I'm civil
<RoyK> nacc: it's not non-civil to use strong words
<Checkmate> i have u sed resize2fs and gparted before but i didn't success
<nacc> RoyK: also, as far as I can tell, one user mentioned installing mysql, and you then claimed it was for pornography exclusively, and then said it was "bad". Unrelated completely to the user's particular issue and FUD, afaict.
<RoyK> Checkmate: you can't really migrate root to another filesystem easily
<RoyK> nacc: it was a quote - google it
<Checkmate> Royk whats the solution in my case
<rypervenche> Checkmate: I recommend that you don't cross-post. We have given you the solution that will work best for you in #ubuntu. I recommend you go with that.
<RoyK> Checkmate: best guess is to reinstall with lvm - create a small lv for root and a small for home and grow them as you need more space
<JanC> well, it's not really _that_ hard to move everything to the /home filesystem
<Checkmate> I'm on a vps guys
<RoyK> Checkmate: with lvm, setup one big VG with the disk, make a small LV for root and another for home, and just grow it
<RoyK> Checkmate: then it will be hard
<JanC> assuming he can do that on his VPS
<RoyK> Checkmate: which provider?
<JanC> (I could do it on mine)
<Checkmate> OVH
<RoyK> url?
<Checkmate> i contact them 3 days before but still no reply
<Checkmate> OVH.com
<JanC> and repartitioning with LVM would require wiping & reinstalling everything
<Checkmate> i have only access with root and rescue
<JanC> you could do it from rescue
<JanC> probably
<TJ-> Checkmate: you can repurpose the /home/ file-system to be the rootfs if it is massively larger than the rootfs is
<Checkmate> TJ- how can i do that on fstab ?
<JanC> not easy if you don't know how everything works though...
<ahasenack> rbasak: did you take a second look at nacc's g-u branch?
<ahasenack> just wondering if I should still jump in
<TJ-> Checkmate: if you're able to boot an alternate rescue OS (like finnix) it's quite straightforward
<JanC> Checkmate: is the size of / and /home decided by OVH, or did you do that yourself?
<TJ-> Checkmate: it's possible from the running OS too, but much trickier
<Checkmate> JanC is by ovh
<JanC> ugh
<rbasak> ahasenack: not yet, sorry.
<JanC> you can't decide partition sizes yourself?
<rbasak> ahasenack: what am I blocking? Do you have a link please?
<Checkmate> i read much threads on forums has same problem
<ahasenack> rbasak: not blocking, just that nacc implemented what you requested and I was checking if you have read that
<rypervenche> Checkmate: You have access to rebuild your VPS via their website. You shouldn't need them to do anything manually.
<ahasenack> https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/342969
<rbasak> Thanks, looking
<JanC> also, 20 GiB should be enough for a server in most cases, especially if you make sure your data is on /home
<JanC> (you can put databases, mail, etc. on /home with the right configuration)
<TJ-> Checkmate: using 19GB for a rootfs is excessive - why not find out where that is being used up?
<Checkmate> JanC i changed my path apache to /home i have only mysql apache and phpmyadmin installed
<rbasak> ahasenack: +1 on SPECIFICATION.tags.
<nacc> ahasenack: rbasak: thanks
<TJ-> Checkmate: " pastebinit <( sudo du -d 3 / | sort -n ) "
<rbasak> ahasenack: do I need to look at anything else from the MP right now?
<Checkmate> ok
<nacc> ahasenack: so then it's just a matter of looking at what i changed and making sure i did it right :)
<JanC> Checkmate: what TJ- says: find out where all that diskspace went
<TJ-> I struggle to use 6GB for a rootfs (admittedly /var/ is another 6GB)
<ahasenack> rbasak: not "need", but I guess mongo has you quite busy :)
<JanC> most "big things" on /var/ could go in /home too
<dpb1> ahasenack: yes
<dpb1> L:)
<rbasak> ahasenack: yeah as much as I hate doing it, I think I need to avoid doing other stuff to get it landed in time.
<dpb1> not sure what the L is
<ahasenack> I think it's mine
<ahasenack> :)
<Checkmate> TJ- https://pastebin.com/raw/j047S4PV
<rbasak> dpb1 wants me to *L*and mongodb I think :)
<rypervenche> Good ol' mysql.
<JanC> looks like there is 10 GiB of mysql databases there
<Checkmate> JanC yes
<dpb1> rbasak: :D
<coreycb> jamespage: privsep uploaded and looking at pint now. can you look at pbr? seems like something is up with the logic in dh_auto_test.
<Checkmate> Do i need ot move mmysql direcotry to /home?
<Checkmate> Do i need to move mysql directory to /home?
<TJ-> oh great! 18.04 grub is broken, ignores GRUB_SERIAL_COMMAND= when GRUB_TERMINAL=serial
<JanC> Checkmate: moving /var/lib/mysql to /home is likely going to be the easiest solution, yes...
<JanC> maybe look for a howto of how to do that properly
<JanC> (or maybe someone here knows the possible gotchas?)
<Checkmate> JanC let me give it a try
<TJ-> Checkmate: 1. stop mysql service   2. "sudo mv /var/lib/mysql   /home/"   3. "sudo ln -s /home/mysql /var/lib/mysql"   4. restart mysql  5. test
<JanC> also, make a database backup/dump before moving everything (if you don't already have one)
<TJ-> JanC: haha yeah, where to though!?
<JanC> to $HOME ?
<JanC> plenty of space there
<sdeziel> I don't think the Apparmor profile for MySQL will allow this without some editing
<JanC> can also download it afterwards  :)
<JanC> sdeziel: right, that's one of the possible gotchas, I guess
<TJ-> JanC: i know... but if /home FS goes bam! it's not going to help
<TJ-> sdeziel: thanks for the notice!
<TJ-> Checkmate: which release of Ubuntu is it, sounds like the apparmor profile will need updating
<JanC> TJ-: can download it, like I said
<sdeziel> or maybe a mount bind from /home/mysql to /var/lib/mysql?
<sdeziel> would probably be simpler than fiddling with the Apparmor profile
<ahasenack> nacc: from that specification file (SPECIFICATION.tags), it's not clear to me where the /1, /2, ... point at
<ahasenack>  /0 points at the same commit as import/<version>, it says
<nacc> ahasenack: each subsequent not-tree-matching import
<ahasenack> but then it says /1 points at the new commit
<nacc> ahasenack: right
<nacc> ahasenack: there will be a 'new commit' each time that spec is applied, if the trees don't match
<nacc> otherwise the tree matched an existing tag
<ahasenack> ok, I see
<nacc> ahasenack: what this does, (in a future commit) is mean that for any version, there are now 0-many import tags
<nacc> 0 = never seen
<nacc> 1 = only seen once
<nacc> > 1 = multiple uploads of hte same version with different contents
<nacc> same applies to applied tags
<ahasenack> ok, I thought /0 was already a reimport
<ahasenack> but it's just the first normal import
<nacc> ahasenack: right, it's a way for us to either use the single import tag or all reimport tags
<nacc> since if any reimport tags exist, 0 -> original import tag and is always there
<ahasenack> do we need to "pollute" all imports with a reimport/0 tag?
<ahasenack> or just when a reimport/1 happens
<nacc> read the spec, only created when we reimport
<ahasenack> then we create /0
<ahasenack> ok, only when reimport
<nacc> ahasenack: specifically, the second bullet
<ahasenack> I have it in front of me, believe it or not
<nacc> ahasenack: :)
<nacc> i'm rude 'cause i care
<ahasenack> sorry you got stuck with me, "it is what it is"
<nacc> heh
<nacc> we are making good progress; i knew this part would get slower, as it's actual algorithm changes
<nacc> that's why i've been trying to get to them quickly :)
<rbasak> nacc: are we expecting the importer to pick up mongodb soon, or should I do it manually?
<Checkmate> TJ- problems on starting mysql after doing some changes https://pastebin.com/raw/j0tJv80E
<nacc> rbasak: let me check, i think it's been struggling a bit to keep up with 100% phasing of main (while the linear script is going) ...
<nacc> rbasak: i would just run it manually
<rbasak> ack
<TJ-> Checkmate: you need to identify the cause, it's probably apparmor profile related. Check /var/log/syslog
<nacc> rbasak: we might need to blacklist xorg-server too
<nacc> rbasak: due to size
<gunix> ok guys, something massively confuses me
<gunix> https://bpaste.net/show/753deb2d0de7
<gunix> why does recursive grep NOT search within the local folder?
<nacc> gunix: is local a symlink?
<nacc> gunix: if you so, you need -R
<gunix> its: drwxr-xr-x  2 root root 4.0K Apr 11 21:01 local
<nacc> gunix: does it work if given explicitly? grep ... local
<gunix> -R worked
<nacc> gunix: ok, you've got a symlink somewhere, possibly under local
<sarnold> nacc: woo :)
<gunix> nacc: https://bpaste.net/show/c6217c2bae54
<gunix> ...
<gunix> why did they do that ?
<nacc> gunix: yep, local/group_vars :)
<gunix> i feel abused
<nacc> gunix: dunno
<gunix> when would you want the local config to just symlink to the sample ?
<nacc> ahasenack: going afk for a bit (dropoff and a car appintment) -- email if you need anything
<rev_strangehope> I have never written a bash script and trying to figure out how to make a script to compress a folder with logs then delete the folder after.
<RattleBattle79> rev_strangehope: a bash script is really just a bunch of terminal commands Where does. What exactly is the problem?
<rev_strangehope> I am trying to create a way to automate the compressing chat and search log into .TAR files and then delete the old .LOG files, rather then the system I currently have of connecting to the server and then moving the folders to my desktop
<rev_strangehope> I am coming from a place of writing batch files for Windows Server, this is my first Ubuntu Server so kind of feel like a fish out of water
<JanC> sounds like what logrotate does
<TJ-> rev_strangehope: "tar -cxf /path/to/backup-logs.tar.gz /path/to/logs;  find /path/to/logs -delete"
<TJ-> argh typo
<TJ-> rev_strangehope: "tar -czf /path/to/backup-logs.tar.gz /path/to/logs;  find /path/to/logs -delete"
<sdeziel> s/; /&& / :)
<JanC> might want to check for errors indeed
<TJ-> rev_strangehope: you want to move the logs off, or just compress them to save space?
<TJ-> sdeziel: good point
<sdeziel> tar also has --remove-files
<TJ-> rev_strangehope: "tar -czf /path/to/backup-logs.tar.gz /path/to/logs &&  find /path/to/logs -delete"
<TJ-> sdeziel: yeah, I was trying to make sure it's 2 steps just in case :)
<sdeziel> TJ-: yeah, just saying since I saw it for the first time in the man page
<rev_strangehope> I want to mostly compress them so I can both move them to my desktop to keep a copy safe and safe space
<sarnold> are you actually short of space? and do you actually need the logs?
<TJ-> rev_strangehope: if you just want to compress them, use 'logrotate' it can rotate and compress logs - look at /var/log/ for an example of how it rotates/compresses e.g. /var/log/syslog to syslog.1 syslog.2.gz
<sdeziel> +1 for logrotate
<rev_strangehope> can you change the folder Logrotate uses to check since the logs are not in /var/log they are in there own folder in the home directory
<TJ-> rev_strangehope: logrotate has config files to tell it what to do and where to do it
<rev_strangehope> just wanted to ask since never used logrotate in the past
<TJ-> rev_strangehope: see "man logrotate" and look at the existing configs under /etc/logrotate.d/ -- copy one of those for your own use
<RattleBattle79> anyone here tried LXD clustering in 18.04?
<sdeziel> rev_strangehope: once you've cobbled up some logrotate config feel free to pastebin it for review/input
<coreycb> jamespage: ryu is uploaded. pint is a known issue, i'll check back on it tomorrow - https://github.com/hgrecco/pint/issues/577
<jvwjgames> Hello
<jvwjgames> what is a good ftp client
<sarnold> twenty years ago I liked ncftp because iirc it used that pretty cyan colour I like so much
<jvwjgames> also i want the ftp user to only hvae access to the entire /home dir
<sarnold> do you *need* to use ftp? it's a pretty terrible protocol
<jvwjgames> i think i tried to see if they support sftp or ftps but cna't find anything about that
<jvwjgames> nevermind about the /home dir
<sarnold> if it's for word press then I think you're stuck with ftp, someone else was stuck with a similar problem in the last week
<jvwjgames> you can't do sftp in wordpress
<jvwjgames> i have done it before but no it's not wordpress it is kopage it is a site builder
<jvwjgames> corrention you can not can't sorry
<jvwjgames> you can do sftp in wordpress
<JanC> jvwjgames: many file managers on linux support FTP (and FTPS, and SFTP)
<JanC> and access to the entire /home dir is something that depends on the FTP server, not the FTP client
<JanC> and I agree that SFTP is always better than FTP/FTPS  :)
#ubuntu-server 2018-04-12
<cpaelzer> good morning
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer
<albech> Hi all. If taking over a server from a former employee and logging into it for the first time seeing that 'history' shows the following, what would be your first thought? https://paste.ubuntu.com/p/kvwnpwkHVq/
<albech> sorry irc crashed, so didnt see replies if any
<do3meli> hi there. i have opened https://bugs.launchpad.net/cloud-archive/+bug/1763320 to get nova 16.1.1 in the pike repos updated. can anyone have a look at it if i followed the right format/process for it?
<ubottu> Launchpad bug 1763320 in Ubuntu Cloud Archive "[SRU] pike nova stable release update" [Undecided,New]
<lordievader> albech: Not much, he cleared some logs.
<coreycb> jamespage: working on google-preftools rebuild failure
<coreycb> dannf: i started looking at this ^ and noticed you merged it last. figured i'd check and see if you were working on fixing.
<coreycb> dannf: i have 2 patches cherry-picked that fix the ppc compile failures but that seems to cause libprofiler.so and libtcmalloc_and_profiler.so from being created.
<rbasak> cpaelzer: mongo-tools is ready for review. It is trivial - just a new upstream, one tiny change to debian/copyright and no other functional changes. It isn't currently imported into git-ubuntu. My git branch imports it manually. How would you like to review? Do you want me to add it to git-ubuntu's whitelist and import formally and rebase, or are you happy just to look at my branch? I don't feel
<rbasak> that there's any need to preserve history here as it's so trivial, so I'm happy just to upload with dput without git.
<cpaelzer> rbasak: push your branch and the base should already be tagged, so that would be ok
<rbasak> cpaelzer: https://code.launchpad.net/~racb/ubuntu/+source/mongo-tools/+git/mongo-tools/+ref/3.6
<CarComp> morning everyone (if you live in the eastern US)
<CarComp> can anyone confirm that s3cmd package is non-functinal on the 11th daily build?
<CarComp> i'm finding an error now (since i deploy daily) that states carcomp [9:49 AM] Traceback (most recent call last):  File "/usr/bin/s3cmd", line 60, in <module>    from distutils.spawn import find_executable ModuleNotFoundError: No module named 'distutils.spawn'
<CarComp> thanks all, and keep up the good work. I'd like to get a confirm before I shoot write a bug ticket
<CarComp> @Odd_Bloke is this something you might deal with?
<CarComp> @nacc ?
<CarComp> as of the moment, communication through secure channels to amazon S3 is impossible
<CarComp> confirming deployment works using v18.04.201804100 (using templates)
<coreycb> dannf: ftr google-perftools 2.6.90-0.1 builds ok on bionic
<coreycb> from debian unstable
<dannf> hey coreycb - no, not actively working on it - i just touched it to fix an arm64 FTBFS IIRC.
<coreycb> dannf: ok i think i see the difference. debian has a for loop to find and install .so files and it seems to just skip them if they don't exist. whereas ubuntu package has the .install files and they are more strict.
<coreycb> for loop in d/rules
<dannf> coreycb: oh right, yeah - someone before me had switched the build system in an ubuntu upload. i retained that, but it obviously causes compat issues like this.
<CarComp> is there a last minute push to change the version of python
<dannf> coreycb: i reported a bug on that, since technically the debian build system was deprecated (#872512) - looks like that's now fixed, so maybe we can resync?
<CarComp> to python3
<CarComp> or something along those lines?  i've noticed that the python-whateverpackages have changed some in the 11th build
<cpaelzer> rbasak: the branch you linked is good
<cpaelzer> I mean it is just copyright
<rbasak> cpaelzer: yeah, thanks. Are you +1 for me to upload then?
<cpaelzer> I had no orig tarball, so I have to assume you did build/lintian checks on your own?
<rbasak> cpaelzer: yeah: https://paste.ubuntu.com/p/s4hhPgFVW3/
<rbasak> cpaelzer: tarball from Github based on watch file.
<cpaelzer> ah ok, well then
<rbasak> Though the watch file tries to grab a future rc which is a separate bug I haven't addressed.
<cpaelzer> the warnings are ok as we discussed on mongo itself this week
<rbasak> Yeah. Also I filed https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895548
<ubottu> Debian bug 895548 in src:golang-github-smartystreets-goconvey "Sources are missing, contrary to lintian override comment" [Normal,Open]
<dannf> coreycb: oh, nm - that's just about the patch system - they're still using cdbs
<cpaelzer> rbasak: +1 on mongo-tools as presented
<rbasak> Thanks!
<rbasak> I'll upload.
<cpaelzer> really the faster you get it to people testing it at this point the better
<coreycb> dannf: ok, yeah
<cpaelzer> so no re-spin internally but get it out
<coreycb> dannf: maybe there's some architecture logic that can go in .install files
<dannf> coreycb: yeah - we could e.g. generate those. but i wonder if it doesn't make sense just to go back to cdbs to minimize the diff
<coreycb> dannf: yeah maybe
<dannf> coreycb: but w/ debhelper, the right answer maybe dh-exec
<CarComp> bug filed: https://bugs.launchpad.net/ubuntu/+source/s3cmd/+bug/1763398
<ubottu> Launchpad bug 1763398 in s3cmd (Ubuntu) "s3cmd package requires python distutils package" [Undecided,New]
<CarComp> not sure how to link to the daily build of ubuntu 18
<nacc> CarComp: morning (just woke up west coast)
<CarComp> :)
<CarComp> just deploying my site and the packages are wonk work amazon s3cmd
<CarComp> looks like a python thing
<nacc> CarComp: i should be able to look
<nacc> CarComp: probalby not til the afternoon
<CarComp> thats ok. we're installing using the 10th build
<CarComp> today was go live for our site
<CarComp> you can imagine that happiness here atm.
<nacc> CarComp: go live with an unreleased ubuntu? :)
<CarComp> OH YA.
<CarComp> trial by fire
<CarComp> more like 'or we pay umpteen thousand dollars if we wait till may' for our license for a software we switched to the free version
<CarComp> i have a CRAP ton of confidence in you guys
<CarComp> ;)
<CarComp> i mean its friggen linux man! i've been trying to get us off windows for ALL the servers
<nacc> CarComp: lol
<CarComp> well, honestly we are still running ubuntu 14 and its been one of our most stable systems
<CarComp> it literally does not break.
<CarComp> rabbitmq, php5.6, nginx, memcached, mysql = bliss
<nacc> you can still run trusty on 18.04 in a container or VM?
<CarComp> what the heck. s3cmd is not working on the 10th build
<CarComp> attempting tests with 18.04.201804060
<nacc> CarComp: yeah i don't see what changed immediately (s3cmd didn't)
<CarComp> ugh
<CarComp> well i'm using azure
<CarComp> it could be related to the image
<CarComp> (s)
<nacc> CarComp: could be, but seems unlikely in and of itself
<CarComp> are you able to apt-get install s3cmd on a clean build
<nacc> on the phone righ tnow, then i'll try and reproduce it
<CarComp> and then just run "s3cmd" and not get err
<CarComp> ok no problem thanks so much
<nacc> CarComp: np, spinning up a lxd now
<CarComp> ..... as everyone here but me walks out the door to go eat lunch
<CarComp> sheesh
<CarComp> ah the life of a software dev
<nacc> yep
<nacc> CarComp: just downloading the image right now, sorry
<dpb1_> CarComp: have you tried using aws-cli?  does it meet your needs?
<CarComp> man i'm thankful for any help i can get
<CarComp> @dpb1 i might, but i already wrote and tested this deployment script for months now
 * dpb1 nods
<dpb1> CarComp: aws-cli is the upstream (amazon) recommendation
<dpb1> just so you know
<dpb1> but, I totally get not rewriting things
<CarComp> yep. hindsight...
<dpb1> CarComp: snap install aws-cli --classic should bring it in for you
<CarComp> i may explore it though
<dpb1> k, just an option
<nacc> dpb1: thanks for that
<CarComp> does it have the sync
<dpb1> not sure
<dpb1> it has a ton of functionality
<CarComp> ok i rely on that to make sure our wysiwyg on the design, test, and dev env match
<dpb1> but, if it meets your use case?  not sure
<nacc> CarComp: confirmed, will work on the fix
<CarComp> it may meet the use case to get the site deplo0yed today
<CarComp> ok thanks @nacc
<nacc> CarComp: looks to be missing a dep on python3-distutils
<CarComp> agreed
<CarComp> if i add in apt-get to that package it should be alright?
<CarComp> i thought it was installing python 2.7
<CarComp> (i'm not a python dev)
<nacc> CarComp: python3-distutils will pick up the python3 version
<nacc> CarComp: and yes, i just tested that it did the right thing once i did that manually
<CarComp> i'll confirm once this azure template runs
<CarComp> for the time being i'm adding apt-get install -y python3-distutils right before apt-get install -y s3cmd
<CarComp> hopefully that will get us going
<coreycb> jamespage: we may want to look at syncing google-perftools from unstable. would you be able to build kick off a ceph build with the version in my ppa? i'm having no luck building ceph. ppa:corey.bryant/bionic-queens-2
<nacc> CarComp: ok, fyi it's busted in debian too
<CarComp> great i broke it everywhere
<CarComp> aren't there any amazon employees in here? wth ;)
<nacc> CarComp: i think this has been busted since ... 2007?
<nacc> not sure
<dpb1> I've already given you what their response would be
<dpb1> :)
<nacc> they added a runtime dependency on distutils, and don't have it explicitly in their setup.py
<nacc> ah because it *was* written for python2
<CarComp> so.... derp?
<nacc> CarComp: working on it
<CarComp> i'm just chuckling thats all.  the fact that i can actually talk to a person, and get a fix, for an entire operating system is just mind blowing
<nacc> CarComp: testing the fix now, if it works i'll upload it
 * CarComp gives virtual high five
<nacc> CarComp: it's definitely a perk of open source :)
<CarComp> ya it sort of freaked out my director
<CarComp> he's a bit used to the azure / microsoft burocracy
<nacc> sure :)
<CarComp> buerocracy? idk spellling.
<nacc> bureaucracy
<CarComp> google? ;) yes, confirmed
<CarComp> FWIW adding the dep manually worked on my end
<CarComp> wish i had more time to contribute to the project. 2 kids, and work + house = not a lot of time
<nacc> CarComp: uploading the fix and sending it to debian
<CarComp> i send you bitcoin
<CarComp> FYI bug was opened here https://bugs.launchpad.net/ubuntu/+source/s3cmd/+bug/1763398
<ubottu> Launchpad bug 1763398 in s3cmd (Ubuntu) "s3cmd package requires python distutils package" [Undecided,Confirmed]
<CarComp> maybe you saw it
<CarComp> oh. i see your name there now
<nacc> CarComp: yeah, i assigned it to myself already and the upload i just pushed will close it :)
<nacc> CarComp: ok it was due to https://packages.qa.debian.org/p/python3.6/news/20180320T071954Z.html
<nacc> CarComp: fix pushed in any case, it should be in bionic-proposed shortly
<Checkmate> is there a channel for solr?
<Checkmate> I'm trying to install solr 5.3.0 with command ./install_solr_service.sh but i get error of my distribution Linux problem
<RoyK> Checkmate: #solr, perhaps? ;)
<dpb1> heh
<dpb1> yes, looks that way
<Checkmate> thx
<Checkmate> Can i change my /opt/ directory to /home ?
<teward> Checkmate: you shouldn't.
<Checkmate> why?
<RoyK> Checkmate: why would you want to do that?
<RoyK> Checkmate: you can mv /opt/something /home/somethingelse and change the config - it'll be better
<Checkmate> thx
<RoyK> Checkmate: but then - if you don't have /home on a separate filesystem, it won't make much sense
<Checkmate> Yes Royk
<RoyK> Checkmate: does that mean you have /home on a separate fs?
<Checkmate> Royk no its just no more size on /dev/root
<RoyK> Checkmate: /dev/root? which distro version is this? never seen /dev/root on ubuntu
<TJ-> It's a virtual machine
<Checkmate> TJ- you have experiance at solr?
 * dpb1 checks channel name
<Checkmate> k
#ubuntu-server 2018-04-13
<cpaelzer> good morning
<lordievader> Good morning
<_ruben> Checkmate: if /home isn't a separate filesystem from /, how is moving /opt to /home gonna help anything?
<k_sze> I think I messed up my /boot or something.
<k_sze> During `apt full-upgrade`, dpkg complained that there's not enough space (though I didn't check exactly which volume ran out of space).
<k_sze> Now the machine can't boot into Ubuntu
<k_sze> It just shows the boot menu where I can choose ubuntu or advanced options.
<k_sze> And if I choose ubuntu, the screen goes black for a moment, and loops right back to the boot menu.
<k_sze> Is there any easy way to fix that? Given that I have a live USB as well.
<k_sze> By "boot menu", I mean GRUB
<TJ-> k_sze: choose Advanced, then pick an older kernel version from the menu. The problem will be the /boot/ ran out of space whilst writing the new /boot/initrd.img
<k_sze> (I didn't realise that I should regularly purge old kernels from /boot until today)
<k_sze> I just kept installing updates without purging.
<k_sze> I hope I still have a bootable old kernel. XD
<k_sze> But what do I do once I get it booting?
<k_sze> `apt autoremove` shall do the right thing? And then I can `apt full-upgrade` again?
<k_sze> Hmm, and now I can't start a GNOME session.
<k_sze> I get the "Failed to start session" message when I attempt to log into GNOME.
<TJ-> k_sze: once it's booted, you manually delete the /boot/initrd.img-XXX files for the versions of linux-image-* that "apt autoremove" says it wants to remove
<k_sze> I kept thinking this is a ubuntu server. I guess I'll ask in the normal #ubuntu channel.
<TJ-> k_sze: I wrote a script to do it automatically if you want to try it
<k_sze> Seems like everything works now.
<k_sze> Thanks for the help.
<Neo4> hi, Who know what means "musti-server"? http://pix.toile-libre.org/?img=1523620041.png
<Neo4> Can I install on VM DNS server, VPS and other apps for test?
<Neo4> I want to install a 10 times all and get a skill :)
<Neo4> so muscle training )
<rbasak> ahasenack: good morning!
<rbasak> ahasenack: I'm looking at some server-next bugs.
<rbasak> ahasenack: any opinion on my comment in bug 1659223 please?
<ubottu> bug 1659223 in clamav (Ubuntu Xenial) "apparmor regression blocking freshclam process info" [Undecided,New] https://launchpad.net/bugs/1659223
<ahasenack> hello rbasak
<ahasenack> rbasak: agreede, fixed in bionic
<ahasenack> regarding xenial, it would need the change from https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1658239 fixed in xenial
<ubottu> Launchpad bug 1658239 in apparmor (Ubuntu) "base abstraction missing glibc /proc/$pid/ things" [Undecided,Fix released]
<rbasak> ahasenack: do you think we should do it?
<ahasenack> or just include that change in clamav's profile
<ahasenack> I don't know if it's just a warning, I can't remember
<rbasak> ahasenack: yeah. But is it worth it? If it doesn't actually impact anything apart from the log message.
<rbasak> ahasenack: how about I Won't Fix for Xenial for now, but invite people to reopen if there's a functional problem?
<ahasenack> I would test it to see if freshclam works or not, I think that's the crux of the issue
<ahasenack> also, the bug says "regression", I would check if that's true
<rbasak> I'm not too worried about that, because the bug itself seems unimportant and is resolved in the development release.
<rbasak> So I see no need to dig further - but if someone does and finds something worthy of attention, that's still fine.
<rbasak> cpaelzer, ahasenack: as I'm going through the server-next bugs, there are a number I want to drop from that queue because I don't think they're important enough. Would it be worth us running through the list together in a HO perhaps?
<ahasenack> I don't have the spare cycles :/
<rbasak> OK
<rbasak> We can defer it.
<Neo4> Guys, how easy manage your server?
<Neo4> is it way for speed up?
<Neo4> https://www.amazon.com/Managing-Linux-Systems-Webmin-Administration/dp/0131408828/ref=sr_1_fkmr0_3?ie=UTF8&qid=1523628016&sr=8-3-fkmr0&keywords=managin+unix+system+with+webmin
<Neo4> I have this book
<Neo4> for effective manage your system we need set up control panel, doesn't it?
<Neo4> don't it*
<Neo4> I'm a newbie, Who know how I can rapidly learn web hosting?
<Neo4> I am interestiong everything that relate to VPS
<dpb1> rbasak: tag them as "should-drop" or something.
<rbasak> Good idea, thanks.
<Neo4> dpb1: What control panel do you use?
<Neo4> see this https://www.virtualmin.com/
<Neo4> I don't know what chose
<Neo4> :(
<Neo4> wirtualmin or webmin
<dpb1> bash4life
<Neo4> the best ISPmanager
<Neo4> dpb1: ???
<Neo4> dpb1: what is bash4life ?
<Neo4> dpb1: what contral panel do you sugest to use?
<m1dnight_> what dpb1 is telling you is that you don't need a control panel. You just do stuff in the commandline.
<m1dnight_> What will you do when your controlpanel says "ERROR" ;p
<m1dnight_> webhosting is fairly easy, given you have enough experience with the shell.
<Neo4> it's difficult, I do, but for install VPS I spend 4 hours and more
<m1dnight_> you want to host vps's?
<Neo4> yes
<Neo4> I want to learn this theme
<m1dnight_> and you have no experience with the commandline?
<Neo4> have, and not good impressions
<Neo4> I used ISPmanager, it's very nice , here I would able to change php versions easy
<m1dnight_> the best you can use I guess is virt-manager whic is a GUI on top of virtlibd
<m1dnight_> allrighty..
<Neo4> set up database user, create db, create FTP account
<m1dnight_> is anyone else confused here?
<m1dnight_> vps or website hosting.
<m1dnight_> php version, dbs and ftp accounts seem to relate to webhosting, not vps hosting.
<Neo4> for vPS too
<Neo4> m1dnight_: of course I can use SSH, but if I want to give access somebody, suppose for some folder for test something, I couldn't give SSH access
<m1dnight_> sure you can
<m1dnight_> you can chroot a user into his home directory
<Neo4> yes, all of this I can doing manyally and spend much time
<m1dnight_> ftp is an ancient protocol and should not be used.
<Neo4> I think to try some panes, sudenly there all will faster?
<m1dnight_> i have no idea about admin panels that allow you to do all this.
<m1dnight_> So I can't help you, sorry
<Neo4> m1dnight_: read this, they have very attractive features, haven't they?
<Neo4> http://pix.toile-libre.org/?img=1523628871.png
<Neo4> I didn't use them, but it looks like if you will use it will much better that do all manually
<Neo4> than*
<Neo4> I'm interesting what people use here?
<Neo4> anyone use control panel for desctop?
<Neo4> it is said it's frequently unix linux users use it
<ogra_> home users prehaps ...
<ogra_> most professionals will simply use the shell
<Neo4> ogra_: why? maybe opposite? Home use shall and professional control panel?
<ogra_> (and specifically webmin being a pile of security holes is likely something nobody will use in a professional environment .... it was removed from the debian and ubuntu archives for a reason)
<Neo4> professionals don't want to spend type type comands, they will rather use interface
<Neo4> ok
<Neo4> ogra_: what has ubuntu in archive ?
<ogra_> most professionals i know want control and not abstraction
<Neo4> what panels has ubuntu in archive?
<ogra_> no idea, i never used any
<m1dnight_> you have the paid ubuntu landscape thing, no? I actually have no idea what that does, though..
<Neo4> ogra_: you didn't use any, is it now time to try some? :)
<ogra_> not really :)
<Neo4> m1dnight_: noither am I
<Neo4> ogra_: neither  am I)
<Neo4> no I will use, better tried and then say it's bad
<Neo4> ogra_: see what I found https://www.rosehosting.com/blog/best-open-source-hosting-control-panels/
<Neo4> this things are thrived, it means they are actively used, perhaps
<Neo4> are thriving*
<Neo4> we don't have to be a command line guru in order to manage simple web site
<m1dnight_> no, you can do it with simple commands.
<m1dnight_> Instead of forcing your way around the commandline, bite the bullet :p
<m1dnight_> it's all just files anyway..
<Neo4> yes, I can do, but my future clients won't, They will require CP
<Neo4> for to be expert I must learn at least a few of theme
<m1dnight_> okay
<m1dnight_> I've only used one.com and they rolled their own I think.
<Neo4> Cpanel and ISPmanager, it's obligate, and one opensource
<Neo4> m1dnight_: I used ISPmanager, Used and skill to install and customzie  are different things
<Neo4> m1dnight_: by the way do you know what could mean 'multi-server'?
<Neo4> http://pix.toile-libre.org/?img=1523629807.png
<ogra_> well, if you want to sell services using these tools,i'd suggest to do a security audit and usablility research and then pick the best ... after all you are giving your business into the hands of the developers of that panel software
<Neo4> who know what means "multi-server"?
<Neo4> ogra_: I'm going to build site using wordpress, 'online stores' and for this I need VPS, What I will say my client, use command line?
<ogra_> ... if their tool does a minor mis-configuration of a database or website and all credit card data of all users of your customers are exposed online all of a sudden your business will quickly be broke :)
<Neo4> ogra_: oh, no, there not credit cards in database nor other data
<ogra_> if i'd use any of such panels i'd hire a security specialist and have her review the tools from the ground up (including the source) before giving my business in the hands of the devs of these tools
<m1dnight_> the databases will be empty *magic*
<Neo4> ogra_: TLS
<ogra_> ??
<ogra_> ABC
<Neo4> ogra_: force user to use TLS
<ogra_> see, i cn trhow around acronyms too :)
<RoyK> m1dnight_: https://xkcd.com/327/ ?
<Neo4> ogra_: web interface, there all security it's TLS and use strong password
<ogra_> Neo4, and that helps how ?
<m1dnight_> ABC :D
<ogra_> if the interface code has a bug and breaks security of your webserver, it doesnt matter if your users interact securely with it
<m1dnight_> Neo4: the point here is that its very easy for a bug in the webpanel to execute a command that has unwanted side effects
<Neo4> ogra_: TLS, encrypt all data and adversary can't access site
<m1dnight_> Neo4: but it's not adversaries you're worried about
<m1dnight_> endusers are just as dangerous...
<Neo4> ogra_: man in the middle, this is the main problem, if client strong care about security you must install valid certificate and force him use strong password
<ogra_> lol
<blackflow> that's not really true. the CA model for TLS certificates is fundamentally broken and shouldn't be considered "secure" for most intents and purposes.
<ogra_> man in the middle is a possible attack vector, but surely not "the main problem"
<Neo4> m1dnight_: do  you sink client can harm site using CP?
<m1dnight_> yes.
<RoyK> and don't do something as silly as for instance zabbix, which indeed is a nice system, but all passwords are stored as non-salted md5 hashes
<m1dnight_> assume so, unles you had the aforementioned security audit...
<Neo4> blackflow: who will care out attack on simple online store? You don't need somebody.
<blackflow> RoyK: still? in 2018?
<RoyK> blackflow: yes
<blackflow> lol.
<m1dnight_> such security.
<blackflow> Neo4: just saying that using TLS does not make it magically "secure". the whole model relies on trusted CAs, which have repeatedly proven untrusted.
<Neo4> ogra_: for WEB it's main, what could be other problems? As it said broken CPanel itself. I think many users are using it and they would long ago niticced it and corrected
<ogra_> m1dnight_, well, how else would the callcenter support verify you are you if they couldnt see your cleartext password on their screen ;)
<m1dnight_> ...
<m1dnight_> Youre kidding right?
<Neo4> blackflow: users don't know what is certificate, Do you know many people who know what is TLS?
<Neo4> blackflow: they will accept easy invalid certificate if attacker will send it, I think for little store it's not problem
<m1dnight_> oh, didn't pick up on the sarcasm there, ogra_  :p sorry
<blackflow> Neo4: what does that have to do? you mentioned MITM. TLS does not absolutely protect against MITM with the current CA model.
<ogra_> m1dnight_, i'm never kiddng ... ;)
<Neo4> not exists person who has motive to broken that shity store
<blackflow> Neo4: do customers input credit card data in that store?
<Neo4> blackflow: in 99% cases its protect
<ogra_> m1dnight_, there is actually a current case where telekom.at stores passwords in clear text only and callcenter employees can see the first 4 chars in theit UI
<ogra_> *their
<m1dnight_> jezus :p that's horrible
<ogra_> one would think such a big company would know better :)
<Neo4> blackflow: who indentionaly want kill you something like USA gavernment of course they decrypted it, bride VPS host and get privet key or will use other ways
<blackflow> ...
<Neo4> Who want you they find ways hit you
<m1dnight_> :D
<Neo4> but you don't need those people, TLS enough secure for our aims
<blackflow> Neo4: do you intend to operate in EU?
<Neo4> blackflow: they want, they will leave their phones and data where deliver product, then manager will call them and will give bank number where they will pay and then they will send product
<blackflow> and, will customers input credit card data through that connection to the webstore, even if you don't store the CC data locally?
<Neo4> blackflow: or send product and then user pay on the postofice,
<blackflow> so, no CC payments?
<Neo4> its for Ukraine clients, I haven't learned schemes how it works yet
<Neo4> blackflow: no, in Ukraine exists 'private bank' they has his own pay and when you order something little manger call you and then send SMS with account number
<Neo4> you send there money and recall manager, then he send product,
<blackflow> alrighty.
<Neo4> but he offer you pay in time getting in the post office, you can pay immidiately or when it arrived
<Neo4> blackflow: they also afraid whether you pay or not
<Neo4> blackflow: Here not like in Amazon or Ebay, you must pay instantly
<Neo4> but I'm going to do online stores on WP for English people as well, for other client, need to learn their pay systems
<Neo4> we deviated from theme... :)
<Neo4> well, as we see this domain not popular here, all users prefer use command line, and even barely heard about them...
<Neo4> I always though in ubuntu server must sitting users who work with web hosting
<m1dnight_> Neo4: i think we can conclude that most people will either use the commandline, or roll their own CMS for webhosting.
<Neo4> it's like "who don't know they are speak and who know they are silence"
<m1dnight_> It has been mentioned *numerous* times at this point, that most of the free webpanels out there are unsecure heaps of crap. If you want to use one, make sure you use a secure one, but my guess is you won't find one.
<Neo4> m1dnight_: yes, more easier command use command line
<blackflow> the webhosting standard is cPanel, but that doesn't run on Ubuntu.
<Neo4> m1dnight_: ok, I will be know
<Neo4> blackflow: why?
<blackflow> why what?
<Neo4> Cpanel could be run on any Unix like OS?
<blackflow> no, only CentOS
<Neo4> Ok, I didn't know that
<blackflow> It used to run on Debian iirc, but for several years now it's CentOS only.
<Neo4> I used ISPmanager on ubuntu
<blackflow> well... like m1dnight_ said, the free ones are unsecure heaps of...
<Neo4> it was when I first time install my VPS I bought it with ISP, there had to pay for license
<blackflow> There is also VestaCP but I know little about it. Supposedly runs on Ubuntu.
<blackflow> thing is, if you want to get into webhosting industry, you really have just one choice - cPanel or Plesk. The users will require it, especially for one-click migrations, even if you had something else.
<blackflow> (one choice = I meant one set of choices, between the two)
<blackflow> The VPS industry is a bit different. There's Proxmox, and of course VMWare proprietary stuff, as well as OpenStack.
<Neo4> blackflow: see, ISP manager is secure? We can for not serious client use not secure opensource panel cause we won't have motivated serious adversaries, and for good client that I think I won't have we could use Cpanel
<blackflow> Neo4: however, definitely not something you should be getting into WITHOUT years of experience administering servers WITHOUT panels.
<Neo4> blackflow: yes, it's broad domain
<Neo4> blackflow: do you know people who has lack of knowledge for them it's difficult even use Cpanel
<Neo4> ordinary people know only how to turn on computer and sing in in social network
<blackflow> ordinary people do not buy hosting services. webmasters do.
<Neo4> it's majority, you need to orient on this sort of person
<tomreyn> the only way you should start a shared web hosting business in 2018, if at all, is with a deployment framewÃ³rk aat its core, with a light user self service web panel as a frontend to queue tasks.
<blackflow> btw, I'm in the hosting industry since early 2000s.
<Neo4> blackflow: if person has some little busness he can order online store for 200 - 300$ and have hostingtoo
<Neo4> they buy
<blackflow> yes, that's software as a service, SaaS. you can buy turnkey Magento solutions for that, for example, and iirc it can even get cheaper than that, to start with.
<Neo4> it's not true, not everybody has money to hire personal, even average bussnes, Who has money they will appeale to real good firms for do shop, not for you
<blackflow> Neo4: yeah but what are we talking about here? What do you want to offer? What kind of service? shared hosting with a panel for webmasters? managed online store SaaS? what?
<Neo4> tomreyn: I watched on youtube there you can resell prapeared hosting
<blackflow> yes, cPanel resellers. Cheapest and most numerous.
<tomreyn> Neo4: so you're business will be based on watching youtube videos?
<tomreyn> ok i guess that's off topic here, i won't push this further.
<Neo4> blackflow: yes, online store on wordpress, registered domain, and VPS with cpanel, + TLS certificate, Client pay me for example 300$ and I did these all and in the end give him all access to site and instruction how to use it
<blackflow> wordpress is a blog platform. you should not be basing an online store business on it. There are far better tools, specialized, and far more secure, than WP.
<Neo4> blackflow: it could be not bad bissness, I watch firms that do sites from 1000$, but for start we can take 200 - 300 untill will well work scheme
<Neo4> blackflow: no, it has woocomerce, that is the moust popular online store platform for a while
<blackflow> all based on wordpress?
<Neo4> tomreyn: yes, buy prapered theme on themforest, put to wordpreess, install woocomerce and all needed plugins, write config and site is done
<blackflow> Neo4: see, that's the problem, you lack experience. all those WP modules are hacks atop of a blogging platform. Take a look at their code internally and you'll see why that is. Encoding fields as [tags] in the main "body" of a "post" to simulate data....
<blackflow> WP is a blogging platform. If you want to get serious about online shops, there's specialized tools designed for that.
<Neo4> blackflow: there don't need programming nothing, only customization, of course you need know CSS and HTML
<blackflow> just because everyone and their dog rush to WP (and most of them regret installing random plugins), that's another story.
<Neo4> blackflow: no, you understand nothing, I see you dont know anything about wordpress
<blackflow> lol.
<blackflow> if you say so.
<Neo4> blackflow: https://wordpress.org/plugins/woocommerce/
<Neo4> blackflow: the most popular shot in the world for a while
<blackflow> most popular based on what audit?
<Neo4> the bigest number of shotps use woocomerce as well as the biggest number of sites use wordpress
<Neo4> blackflow: I forgot, I read about that in some blog, or in book, It's not precise data
<blackflow> you mean it's random, unverified and you don't even have the source of it. Got it ;)
<blackflow> Neo4: but okay. you seem to know all what you need and want to use. Good luck in your business.
<Neo4> blackflow: Thank, I know what I need, but I stupid to implement it...
<blackflow> then start playing with it. after a while you'll gain knowledge and experience.
<Neo4> ok
<Neo4> I'll try
<boxrick> I would like to pull a package and all associated dependencies, but rather than install them throw the debs on my package mirror
<boxrick> Is there a simple way, other than finding each dependency and manually getting each one
<rbasak> boxrick: I would use chdist and --download-only for that.
<boxrick> Any example commands, or shall I just look through the man pages?
<Neo4> boxrick: what do you want to do? Remove dependencies?
<boxrick> In this case, I want to download a package, all its dependencies and throw it into an aptly repo
<boxrick> aptly ( package mirror )
<Neo4> what read about DNS? I badly know how it works
<Neo4> want to improve knowledge
<Neo4> I've got this book
<Neo4> https://www.amazon.com/Security-Management-Press-Networks-Services/dp/1119328276/ref=sr_1_1?ie=UTF8&qid=1523636451&sr=8-1&keywords=dns+security+management
<Neo4> is it good one? Worth to read it?
<Neo4> that book looks like not my level
<ProCycle> Is there a way to find out what or who deleted a folder? After rebooting my server /var/run/mysqld/ went poof. I checked my bash history and didn't delete it myself
<sarnold> are you sure you're looking in the right place? /var/run is a symlink to /run on my system, and /run is a tmpfs
<sarnold> it goes away *every* reboot
<ProCycle> Hmm good point. The problem is mysqld couldn't create a socket or pid file
<ProCycle> Had to manually create the directory with the right perms
<sarnold> strictly speaking, yes, you can install auditd rules to watch for unlink, rmdir, and rename syscalls, but you have to install the rules beforehand
<ProCycle> I'll try rebooting and see if it does it again
<ProCycle> Hmm yep it's gone again. So I guess the question is why can't it create the file it needs?
<sarnold> anything in dmesg? mysql logs?
<ProCycle> Didn't see anything in dmesg, checking elsewhere
<ProCycle> This seems to be a problem for two different machines with similar configurations
<ProCycle> I think it narrowed it down to the fact that the default service creates that folder, but the mariadb@ services don't
<ProCycle> Probably a bug I get to report... yay
<sarnold> if nothing else, the logs collected by the bug report tool may help point out the problem :)
<ProCycle> I'm comparing /lib/systemd/system/mariadb.service and mariadb@.service and it is missing the step where it creates that directory
<ProCycle> Among other things
<ProCycle> Missing this line
<ProCycle> ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld
<ProCycle> Thanks for your help once again :) I'll take this up with the mariadb people
<sarnold> woot
<sdeziel> ProCycle: RuntimeDirectory=mysqld is probably better
<ProCycle> I figure that's a holdover from init.d
<sdeziel> MySQL's service unit has:
<sdeziel> RuntimeDirectory=mysqld
<sdeziel> RuntimeDirectoryMode=755
<ProCycle> Oracle mysql?
<ProCycle> I'm going to add an override... once I can remember how to do it
<sdeziel> systemctl edit $foo
<sdeziel> ProCycle: yes, mysql as provided by the mysql-server package in Ubuntu
<ProCycle> Does it have a mysqld@.service file? Do they do the same in that one?
<ProCycle> It seems that RuntimeDirectory= gets deleted when the service stops so it wouldn't be appropriate for multiple services all using the same runtime directory
<ProCycle> Though maybe a better way is to simply create a /var/run/mariadb%I directory for each
<sdeziel> ProCycle: with MySQL on Xenial, there is only 1 unit: https://paste.ubuntu.com/p/ktv9Np5GPF/
<ProCycle> Ah so to run multiple instances you need to use mysqldmulti or whatever it was called
<sdeziel> I guess so
<ProCycle> I like mariadb's way, it's so much easier to manage through systemd instead of yet another manager
<ProCycle> sans this one bug
<ahasenack> nacc: do you have a moment to review https://code.launchpad.net/~ahasenack/ubuntu/+source/autofs/+git/autofs/+merge/343237 ? It's a simple revert of the immediate previous change and fixes a segfault. Test included in the mp
<ahasenack> nacc: I can then start reviewing g-u again
<nacc> ahasenack: looking
<ahasenack> thx
<nacc> ahasenack: you've already tested this, i assume? do you need me to upload?
<ahasenack> yes and yes
<nacc> ahasenack: ok one moment
<ahasenack> bug reporter confirmed that not linking with tirpc fixes it for him, and I confirmed as well
<ahasenack> and you can try the test case, it's quick
<ahasenack> the ppa built the debs already, they are just not published yet
<nacc> ack
<ahasenack> I used wget https://launchpad.net/~ahasenack/+archive/ubuntu/autofs-no-tirpc-1745817/+build/14756265/+files/autofs_5.1.2-1ubuntu3~ppa1_amd64.deb
<nacc> ahasenack: looks good
<ahasenack> nacc: did you try it?
<nacc> ahasenack: yeah
<ahasenack> cool
<ahasenack> if I had more time, that would make an excellent dep8 test
<ahasenack> nacc: I'm starting with https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/343143
<ahasenack> nacc: I have to run to an appt in a few, but I'll continue when I'm back
<nacc> ahasenack: sure, thanks
<ahasenack> back
#ubuntu-server 2018-04-14
<Aztec03> Hey who runs this chan/who's got ops
<Aztec03> I'm getting spam from shannarawn on join
<Aztec03> not too keen on it
<compdoc> damn bots
<Aztec03> they advertising efnet, too
<Aztec03> oh it's l0des minions... -_-
<dpb1> go into #freenode and ask
<lobubak> Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  jmrus: techmagus Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢â
<lobubak> âââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  noezdwqxx: ubot9 ââââââââââ
<lobubak> ââââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  jkwxwav: tec__ ââââââââââââââââ
<lobubak> âââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  tbcqdno: ptx0 âââââââââââââââââââ
<lobubak> âââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  zjzjdoprv: lamont ââââââââââââââââââââ
<lobubak> âââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  xarkgjil: beardfac1 ââââââââââââââ
<lobubak> Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  afrpawltu: inteus Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢
<lobubak> âââââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  ccupf: micahg âââââââââââââ
<lobubak> âââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  loxxokmp: Nebraskka ââââââââââââââââ
<lobubak> âââââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  tscioddb: ShellcatZero ââââââââââ
<lobubak> âââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  yvhbolqy: robher âââââââââââ
<lobubak> ââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  tymxq: bvi âââââââââââââ
<lobubak> ââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  dxytlom: lionel ââââââââââââââââââ
<lobubak> ââââââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  aytbjlswz: alai ââââââââââââââ
<lobubak> Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  jqrdymc: Arkaniad Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢
<lobubak> âââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  swyrojf: shodan45 ââââââââââââ
<lobubak> Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  qegdhejdnl: thib Ã¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢ââÃ¢â
<lobubak> ââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  gepcsbw: Blueking âââââââââââ
<lobubak> ââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  nqrlyi: eldritch ââââââââââââ
<lobubak> ââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  ogcsc: jlacroix âââââââââââââââ
<lobubak> âââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  uxkkkfcmlk: semiosis ââââââââââ
<lobubak> ââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  eoszozfv: ubuntulog âââââââââââââ
<lobubak> âââââââââââââââââââ L0DE RADIO HOUR IS NOW LIVE!! https://www.youtube.com/watch?v=gz3e0LFXsIw TOPIC: COUNTDOWN TO WORLD WAR 3 CALL 315-505-4666  vsekghg: niedbalski ââââââââââ
<awef_> just been trying out 18.04 before release - I'm finding that even after installing python3-setuptools, easy_install3 command is missing.  Am I doing something silly?
<awef_> just thought i'd check in here before i filed a bug
<awef_> e.g.:
<awef_> ~$ easy_install3  Command 'easy_install3' not found, but can be installed with:  sudo apt install python3-setuptools
<awef_> $ sudo apt install python3-setuptools Reading package lists... Done Building dependency tree Reading state information... Done python3-setuptools is already the newest version (39.0.1-2).
<awef_> oh interesting i just worked it out
<awef_> in the changelog for the package:
<awef_> Stop shipping the easy_install scripts.
<awef_> guess there's some other things that are gonna need updating given they refer to it still
<Sircle> Hi
<Sircle> Is there a way to monitor which .php file or function is trying to make outbound connections to other web sites?
<blackflow> Sircle: I don't know of a direct method, but you could block outbound connections at the firewall/apparmor/systemd service  level, and then see if anything is logged as error trying to establish a conn
<Sircle> legit things might break?
<Sircle> oh I got your piont now
<blackflow> If you have a mixed  use case, might be wise to separate them into their own functional domains, eg. a fpm process where outbound connections are allowed, and fpm process(es) where it isn't. (I'm assuming you're using fpm). However, a compromised process that's allowed outbound connections could still do stuff. In that case, if you have a limited set of outbound connections to known destinations,
<blackflow> some kind of reverse proxy or firewall rules would mitigate that.
<Sircle> blackflow,  ok. I do not know whats fpm
<Sircle> are you saying to isolate each website by some chroot kind of thing?
<blackflow> fpm = php-fpm, the PHP fastcgi process manager
<blackflow> chroot is filesystem access. I'm talking about containerization, either through things like lxd, docker, or using systemd's service-level containment features, or different apparmor profiles.
<blackflow> but really that all depends on the actual use case. what exactly do you want to block or allow.
<Sircle> black if I block outbount port 80, will it disturb my website inbound connections?
<Sircle> blackflow,  whats the best way to isolate each website and monitor it?
<Sircle> its also strange that there is no way to findout which function is doing what. I will try to block  outbound and see for any errors as you said.
<blackflow> Sircle: not if you block outbound to port 80 with SYN flag on only. inbound won't be affected if you have a rule allowing established,connected before the outbound block.
<blackflow> Sircle: also, should limit the blocking rule to UID of the PHP process, to allow eg. root normal network access
<blackflow> Sircle: to find out what specific functions do, you could eg strace the php process, but that won't tell you which _PHP_ function did it, only the syscall. but with some analysis, might be possible to correlate activity.
<blackflow> then again I don't know if PHP specifc tracers exist. probably do, part of profiling tools or something, but I don't have any experience with those
<blackflow> Sircle: but eh, again, what's the exact use case. You want to block access to port 80, but what about other ports? 25 is most often abused.  Why not block everything?
<blackflow> or in other words, whitelist rahter than blacklist.
<blackflow> Sircle: "whats the best way to isolate each website and monitor it?"    We do it by running one fpm service per site, so each site is a systemd service with own containment, own cgroup, and potentially own apparmor profile though atm we're building a single apparmor profile for them all, because the differences are configurable with the "owner" keyword.
<blackflow> alternatively, dockerize each site, but that's a bit more complicated. systemd containment + apparmor is nice, assuming you don't need to vary system packages between sites.
<Sircle> hm brb
<Sircle> just want each site cannot reach other sites via normal php functions to 'ls' or 'cd' etc
<Sircle> also, whats the iptables command that relates to the first lines you wrote?
<Sircle> <blackflow> Sircle: not if you block outbound to port 80 with SYN flag on only. inbound won't be affected if you have a rule allowing established,connected before the outbound block.
<Sircle>  Sircle: also, should limit the blocking rule to UID of the PHP process, to allow eg. root normal network access
<Sircle> <
<blackflow> Sircle: I can't give you exact iptables rule because that depends on your entire setup. Look into -m owner  iptables module documentation in iptables-extensions(8) manpage.
<blackflow> Also, you're asking about different things here. Having one site access other site's files via ls or cd has nothing to do with networking. That's filesystem access, most easily accomplished by running different sites as different users, and setting proper filesystem permissions on their files.
<blackflow> For example, if you have /home/site1/   and /home/site2/    as homedirs for users of the same name, then configure two fpm pools, one per site, running under appropriate user, and set only owner+group access to homedirs. eg. chmod 750 /home/sites1. This will require you to have the webserver, eg. nginx, belong to those groups in order to access the static files in the homedirs.
<Sircle> hm. I though apache was the sole owner
#ubuntu-server 2018-04-15
<Hey__> I am having issues commissioning a hyper-v vm.  It passes comissioning, however, it does not detect the storage
<Hey__> I'm not sure what to do here
<Hey__> any guideance would be appreciated
<teward> Hey__: what's 'it'?  The HyperV container, or the guest OS/
<axisys> for this particular set off hosts during initial ubuntu build we skip the network manually when asked.. is it possible to add the skip in the boot option (F6) ?
<axisys> I know it is possible to add it to the preseed.. but preseed is builtin for this particual builds... so wondering if I could add the skip network at boot instead of extracting the iso and then comment out network
<mojtaba> Hello, I have created the .ssh/config file: http://paste.debian.net/1020372/ and I am trying to establish reverse ssh using autossh -M 0 -f -T -N ovh; At the remote machine I type ssh -p 2210 osmc@localhost
<mojtaba> But it says connection refused. Do you know what should I do?
<RoyK> mojtaba: connection refused means connection refused - it just doesn't listen to port 22 or it's blocked somehow
<mojtaba> Hello, I have created the .ssh/config file: http://paste.debian.net/1020372/ and I am trying to establish reverse ssh using autossh -M 0 -f -T -N ovh; At the remote machine I type ssh -p 2210 osmc@localhost But it says connection refused. Do you know what should I do?
<mojtaba> I have tried ssh -R 2210:localhost:22 root@IP, and then on the remote machine ssh -p 2210 osmc@localhost connects without any problem.
<blackflow> mojtaba: why are you connecting to localhost on the remote machine you're already connected to over ssh?
<RoyK> mojtaba: iirc LocalForward is the same as -L, not -R
<samba35> is there ubuntu 18.04 beta fourm ?
<mojtaba> Hello, I have created the .ssh/config file: http://paste.debian.net/1020372/ and I am trying to establish reverse ssh using autossh -M 0 -f -T -N ovh; At the remote machine I type ssh -p 2210 osmc@localhost But it says connection refused. Do you know what should I do?
<mojtaba> I have tried ssh -R 2210:localhost:22 root@IP, and then on the remote machine ssh -p 2210 osmc@localhost connects without any problem.
<mojtaba> blackflow: I need to establish reverse ssh.
<Amichai> ubuntu 16.04 hangs at LightDM after installing and configuring SSSD
<Amichai> ubuntu 16.04 hangs at LightDM after installing and configuring SSSD
<axisys> how do I get ubuntu boot in verbose?
<axisys> I already have GRUB_CMDLINE_LINUX_DEFAULT="" set and ran update-grub .. still do not see grub2 menu or the vebose boot
<TJ-> probably /etc/default/grub has GRUB_HIDDEN_TIMEOUT_QUIET=true ?
<TJ-> if so, you have to tap Esc to get GRUB to show the boot menu whilst it waits the GRUB_HIDDEN_TIMEOUT
<axisys> TJ-: yep.. it is set to true.. how about the verbosity?
<TJ-> axisys: for kernel? add to it's command line "debug systemd.log_level=info"  (the systemd part is needed because it co-opts the kernel's 'debug' setting and spams the logs so much a boot can actually fail.
<axisys> ah.. in here GRUB_CMDLINE_LINUX=".. " ?
<axisys> added it like this and updated the grub
<axisys> GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 debug systemd.log_level=info"
<axisys> rebooting now
<TJ-> axisys: what device are you using it on, I notice you've got the serial port set
<axisys> TJ-: hp proliant gen9
<TJ-> axisys: ahh! I was doing something similar last week but on a truely headless device, serial for GRUB + kernel
#ubuntu-server 2019-04-08
<lordievader> Good morning
<Mead> hello, looking through this guide:  https://help.ubuntu.com/lts/serverguide/network-configuration.html.en  It mentioned for setting temporary ip addresses that a name server could be configured in /etc/resolv.conf.  Of course out of curiosity I looked at my existing copy of that file just to see what is in it, it has the statement "nameserver 127.0.0.53".  The system is currently using
<Mead> an Address from my dhcp server and I know that 127.x.x.x is not routable.  My Gateway router should have given it a differnet address.  What gives?  Does this have something to do with having IPv6 too?
<Mead> never mind, I don't read comments
<ahasenack> teward: sorry, tls 1.3 nginx? I'm out of the loop
<Pynthon> Heya, I am trying to install Ubuntu server 16.04 32 bit on a very old machine: Pentium 4 2.8 ghz with 1.5GB ram booting from a USB stick. Booting works, but when I press "Install Ubuntu Server" the screen freezes and I can't do anything.
<Mead> how long did you wait to determine if it was frozen?
<sveinse> Hi. I'm running ubuntu-18.04 guest on Hyper-V server using linux-azure kernel. My apt-get dist-upgrade hangs where I am unable to upgrade systemd and udev. Aborting and trying to repeating with 'dpkg --configure -a' resumes the hang. The kernel reports 'INFO: task xyz:2773 blocked for more than 120 seconds", where xyz is various services, like systemd or udev or network. Which is probably why the
<sveinse> upgrade fails.
<sveinse> The kernel is probably not good, but is it safe to reboot at this point? Being in the middle of an upgrade? What is the approach for this?
<Ussat> I would reboot into an older kernel
<ahasenack> rbasak: <rbasak> 15:01:55> ahasenack: it seems bit odd to me to do it in the preinst. What if the package version is just removed - shouldn't it also get removed then in that case?
<ahasenack> rbasak: the new package doesn't have the cache file anymore, so there is nothing to remove upon uninstallation
<sveinse> heh, what is the point of the stop job timer when the timeout is ever increasing? It's like a progress bar saying "Wait a little bit" and then "oh, wait some more"
<ahasenack> rbasak: the old package did remove the cache file in postrm
<ahasenack> if it was a purge
<rbasak> ahasenack: ah - that sounds right then
<sveinse> Anyone else here that have any experience with the linux-azure kernels for production use?
<teward> i think it was a mishighlight
<teward> ahhh yes my bad i read the first name of a user not the last
<teward> rbasak: mind if I pick your brain?
<rbasak> Sure
<teward> rbasak: see PMs
<teward> error: tired.
<teward> two questions: (1) for a no changes rebuild in -proposed against the newer libssl in proposed what's the version string notation?  (2) Does it make sense for TLS 1.3 and NGINX to version-depend on a minimum supported libssl-dev to ensure TLS 1.3 is available in it?
<teward> rbasak: ^
<teward> FYI all, me without coffee in the mornings is a little crazy :/
<teward> *goes to find some*
<Mead> what should I use to configure network interfaces and have the settings presist after a reboot?
<rbasak> I think for a no change rebuild in the development release that already has a -XubuntuY we just bump the Y.
<cryptodan> Mead: create a yaml file for netplan
<teward> rbasak: this is bionic-proposed
<rbasak> So the same as a regular SRU would be fine I think.
<teward> that's the problem
<teward> ah
<teward> that makes sense,
<rbasak> The only useful thing about using build1 is that it doesn't block autosync
<rbasak> I think a versioned build depends only makes sense when it's _required_ for the build to use that version (ie. will fail or be buggy if the version is older)
<rbasak> We don't usually for example update versioned dependencies in build deps when we do a transition
<teward> makes sense.  the only reason I ask is because TLS1.3 requires a specific version of OpenSSL or newer... *shrugs*
<teward> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386 led to https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1823476 apparently.
<ubottu> Launchpad bug 1797386 in openssl (Ubuntu) "[SRU] OpenSSL 1.1.1 to 18.04 LTS" [Undecided,In progress]
<ubottu> Launchpad bug 1823476 in nginx (Ubuntu Bionic) "Rebuild with OpenSSL 1.1.1" [Wishlist,In progress]
<rbasak> Therefore I think it's sufficient not to have a versioned build-depend on a libssl-dev if it's available in bionic-proposed already, unless there's some other serious reason why we want that test.
<rbasak> Maybe better, if you really want to ensure that we don't accidentally ship an nginx that doesn't have TLS 1.3 support, to add a dep8 test to check that TLS 1.3 works.
<teward> ahhh, that makes sense, and that's a trivial test to add heh
<Mead> cryptodan: I'm not familure with yaml, can you suggest a place to get started or reference quide for the network config?
<teward> ... relatively speaking xD
<cryptodan> Mead: https://netplan.io/examples
<teward> rbasak: I presume I'll need to talk to the Release Team / SRU team to get them to let it into proposed with the openssl sru blocking it of course?  Or should I wait for that to clear?
<Mead> cryptodan: thanks.
<Mead> dang it, YAML is a rather deep rabbit hole
<cryptodan> Mead: its rather painless just make sure your indents are kosher
<Mead> yeah I'm reading up, no tabs just spaces
<Mead> cryptodan: how many spaces is needed?
<cryptodan> Mead: copy the examples over and edit them
<cyphermox> Mead: as many as you want, as long as it's consistent
<Mead> ok, sounds like a job for notepad++
<Mead> will empty lines be a problem too?
<cryptodan> Mead: here is mine https://termbin.com/0h88
<Mead> weird the file created during install doesn't have that "renderer:" line and the "version:2" line is at the bottom.  Wonder if that is why the system hangs a bit during startup.
<cryptodan> it would complain at applying the changes
<cryptodan> you dont need to reboot to apply the changes with netplan
<Mead> so far I've only messed with the "ip" command when it comes to networking
<cyphermox> no, empty lines are fine
<cryptodan> you would create the 01-netcfg.yaml file then do sudo netplan apply and that would apply the ip without reboot
<cyphermox> the order of the entries is not important either
<cyphermox> I suppose you could also just run "netplan generate' or 'netplan try' if you want to make sure the config is good
 * Mead goes to read the man for netplan
 * Mead realizes he's talking to one of the authors
<Ussat> I REALLY like netplan
<cryptodan> i didnt before, but i like it and have used it to setup statics on my desktop and server
<Ussat> took me a bit to get used to
<Mead> It seems like an ok system for configuring your network stuff, as a r&s guy who cut his teeth with IOS it is much different from what I'm use to.
<Mead> cyphermox: how old is the man you helped create?
<cyphermox> it's up to date with whatever you have installed
<cyphermox> I keep it up to date with every release
<Mead> Thank you for your work.
<cyphermox> thanks :)
<Mead> The netplan generate command is described in the --help as "generate backend specific config files from ..." could you elaborate a bit on that?
<cyphermox> sure. It takes the yaml, and generates the config files for networkd or NetworkManager, depending on what you set "renderer" to. the default is networkd
<Mead> so the "netplan apply" command has to be issued for them to take effect?
<cyphermox> yes
<cyphermox> netplan apply will actually do both; generate and then restart the services
<cyphermox> 'netplan generate' is mostly there so we can easily test things, and because we need the generator at boot time
<cyphermox> what happens at boot is the generate part runs, before networkd or network-manager are even started
<cyphermox> then they start and they already have the config they need
<Mead> and as a someone trying to get familure with linux, I need to ask:  where systemd/networkd the config it generates is stored? Is that another file stored for the daemon or is it placed in ram every boot?
<bhh> /etc/systemd/network
<Mead> thanks
<Mead> hurm, my /etc/systemd/network directory is empty
<TJ-> Mead: /run/systemd/network for files generated for this boot only (not persistent)
<Mead> I'll be back, my dog is demanding something, and is suspect it is a walk around the block
<rbasak> cpaelzer: on amavisd-new
<rbasak> Do you know about Launchpad bug patterns?
<Mead> ls
<Mead> heh wrong window
<Mead> so lets me iron this out "netplan apply" the creates the config files from the yaml file and places them in /run/systemd/network , and the generate config is run at boot to create those configs.  So with netplan there really isn't a static config for systemd that survives boot, it is generated every boot from the yaml?
<cryptodan> its only done if you need a static ip for that machine, but if you dont then you dont need a yaml file
<Mead> cryptodan: sure, defaults to DHCP
<cyphermox> Mead: netplan apply runs "generate" and restarts networkd/NetworkManager.  netplan generates creates the config files from the yaml file and places them in /run
<cyphermox> Mead: so; netplan is persistant config on disk, that always generates the same actual config for networkd provided the yaml isn't changed
<cyphermox> so sure, the networkd config itself isn't persistent (it's in /run), but it's always generated the same way as long as you don't modify the config in /etc/netplan
<Mead> got it, thanks.  This is good info.   So since ubuntu users netplan there is no need for configs to be placed in /etc/systemd/network
<Mead> err uses
<cyphermox> well, that depends
<cyphermox> if there's something you can't do with netplan, you can add override files in /etc/systemd/network
<Mead> so if there is a config file for an interface in /etc/systemd/network netplan epm
<Mead> err
<Mead> so if there is a config file for an interface in /etc/systemd/network netplan won't configure that interface?
<cyphermox> no, that's not it
<cyphermox> I mean you could write a file, say /etc/systemd/network/10-netplan-ens3.network.d/toto.conf
<cyphermox> and have some extra keys in there that you need to add to the netplan config that gets generated in /run/systemd/network/10-netplan-ens3.network, for example
<Mead> so netplan will look there and add from the config stored in the /etc/systemd/... to the file it creates to place in running config?
<cyphermox> yeah, networkd merges a bunch of files together from various locations
<cyphermox> ie. whatever is in /lib/systemd/network, /etc/systemd/network, and /run/systemd/network, in that order, last is most preferred
<cyphermox> so, files with the exact same name are replaced, but you can also "extend" them with this .d directory structure
<Mead> Thanks,  I could keep asking more question, but I'm getting farther and farther from my what I set out to learn.  It isn't every day I (knowingly) get to pick the brain of the author of the man file I'm studying.
<cyphermox> Mead: don't hesitate. I idle in #netplan always too; but the best is to highlight me since I'm in quite a lot of channels
<Mead> Awsome, I'll join and highlight ya next time I've got a netplan specific question.
<codefriar> can a bond interface also be a bridge interface?
<sdeziel> codefriar: you can join a bond device to a bridge
<codefriar> great
<ahasenack> rbasak: is there a standard/easy way to create a debian patch that patches binary data? In this case, it's an ssl certificate used during tests, but it's in DER format (binary), not PEM
<rbasak> I remember a thing
 * rbasak looks it up
<ahasenack> I seem to remember a package that applied a patch via d/rules
<ahasenack> and had it commented out in d/p/series
<ahasenack> but still, how to encode the binary diff in the patch
<ahasenack> git has --binary
<ahasenack> but it's a git thing only it seems
<rbasak> debian/source/include-binaries is what I'm remembering. From dpkg-source(1)
<rbasak> Just looking to see if it's relevant
<ahasenack> k
<codefriar> are there big underlying changes to networking between 18.04 and 18.10?
<shibboleth> yeah, hey decided to backtrack on netplan
<shibboleth> oh, wait, that was wishful thinking
<cyphermox> codefriar: not especially, no
<keithzg[m]> Hmm, what could be causing a server to hang on an attempted reboot? That is to say, if I use `reboot` it seems to try and reboot, but then the machine is stuck in some weird limbo, where the 18.04 install seems to have indeed stopped running, and nothing is accessible remotely or displayed locally, but it never actually comes back up on its own, I have to manually power-cycle it then...
<keithzg[m]> I suppose the answer is probably just "UEFI is black magic", particularly considering that this server, unlike most of the others at work, *is* booting with secure boot.
<keithzg[m]> (It does shut down cleanly with `poweroff`)
#ubuntu-server 2019-04-09
 * keithzg[m] has decided for the time being to use the workaround of enabling the livepatch service, although of course that won't help when there's things like the systemd vulnerability whose update came down today
<wylel> keithzg[m]what happens when you bring the server back up?
<wylel> works as intended?
<keithzg[m]> wylel: Yup. I have to hold down the power button for a bit to force it off, but then it comes back up and reports as if it cleanly power cycled.
<wylel> what output do you get when the reboot command happens, or just a black screen?
<keithzg[m]> wylel: Just a black screen. A completely unlit screen, in fact; the monitor is not being told there's any signal.
<keithzg[m]> That is to say, there's the standard stuff flashing by going for a reboot, but then an endless blankness.
<wylel> is the server physically on at this time?
<wylel> like after the monitor is getting no signal
<keithzg[m]> wylel: Yes, in the sense that the power light is indicating its on, as are I believe the ethernet LEDs, and the fans are still running.
<wylel> keithzg[m] that is strange, sounds like something is failing to tell it to start again, but there are no logs after the discs unmount
<keithzg[m]> wylel: Yeah, 'tis why I only half-jokingly blame UEFI's eldritch horrors for this
<wylel> I mean, its not out of the realm of possibility.
<wylel> but then again, I feel it would also happen when booting
<wylel> from an off state
<keithzg[m]> One might think, which is why I'm not just solely blaming UEFI. But it could be as simple as there being some sort of bug in the ACPI (or whatever, but I assume this stuff still uses ACPI?) call the Ubuntu install is making to tell the motherboard firmware to reboot rather than poweroff.
<keithzg[m]> Motherboard firmware is weird, oft-broken stuff. I'm sure it's at least partially due to the motherboard firmware, heh.
<kolaman> hi all
<kolaman> can we automate apt full-upgrade -y  ?
<kolaman> we haev some ubuntu 16.x and some ubuntu 18.x
<benharri> apt full-upgrade does not upgrade releases
<kolaman> benharri: yes, I'm just upgrading packages not release . .
<benharri> apt update && apt full-upgrade -y
<kolaman> apt full-upgrade -y asks for yes/not/keep old etc questions. Can i bypass those ?
<kolaman> benharri:
<benharri> tha'ts what -y does
<kolaman> benharri: unfortunately that is not true, I used apt full-upgrade -y
<kolaman> and was asked qustions like where to install bootloader select drive or select both on safe side and a couple of other etc.
<benharri> search for -y in man apt-get
<kolaman> benharri: apt or apt-get ?
<benharri> if you look at the manpage for apt, it directs you to apt-get
<benharri> in the upgrade and full-upgrade sections
<kolaman> great, but -y works fine in centos yum update -y but not here
<benharri> not sure what you mean by fine
<kolaman> by fine mean in centos /yum this -y switch works as desired (doesn't ask any question etc.) but for apt it asks for questions and doesn't bypass those
<benharri> oh are you talking about the prompts that some packages show when there are conflicts?
<kolaman> benharri: yes, I want to bypass those ..
<benharri> i've never looked into that
<kolaman> like select the best avaiable option (default one)
<kolaman> have been searching throughout the day and not able to find anything better
<benharri> after a quick google, i found this: https://stackoverflow.com/a/23048987
<benharri> export DEBIAN_FRONTEND=noninteractive && sudo apt-get -q -y full-upgrade
<cpaelzer> rbasak: FYI I have heard but not known about the bug patterns
<cpaelzer> rbasak: I'm trying to read about it let me know if you have a great link somewhere
<cpaelzer> I think finding https://code.launchpad.net/~ubuntu-bugcontrol/apport/ubuntu-bugpatterns was the important step, I'm good now
<rbasak> cpaelzer: there's a wiki page too
<rbasak> cpaelzer: https://wiki.ubuntu.com/Apport/DeveloperHowTo#Bug_patterns
<rbasak> cpaelzer: I wondered if an apport hook or a bug pattern would be better to solve this particular problem
<cpaelzer> it is worth to read myself into it for a few minuntes to have an opinion about that decision
<rbasak> cpaelzer: for example I think bug 1512344 is pointed to by a bug pattern rather than an apport hook
<ubottu> bug 1512344 in nginx (Ubuntu) "[Master Bug] Package nginx-* failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (due to "Address in Use" issue)" [Undecided,Invalid] https://launchpad.net/bugs/1512344
<rbasak> cpaelzer: sure :)
<ahasenack> rbasak: question about d/rules and dh,
<ahasenack> rbasak: https://pastebin.ubuntu.com/p/x5KhhwryVj/
<ahasenack> rbasak: the second dh statement in the %: target was not being run
<ahasenack> I saw that the apt-hook binary was actually being built in the install target, as that had an override and called dh_auto_install twice: once for pybuild, once for makefile
<ahasenack> the %: target is special in that regard I assume? Multiple dh invocations just don't work?
<ahasenack> I "fixed" it with the pastebinned patch. Now the apt-hook is built at build time
<ahasenack> is there another way to do this in "%:"? Or just by, for example, using just makefile, and have the makefile build the python module properly?
<rbasak> ahasenack: I think running twice would fail horribly even if it did work, because you'll end up with the various debhelper commands running twice and not in the right order
<ahasenack> true
<rbasak> I'm not sure if there's a way to tell debhelper to use two different build systems
<rbasak> So perhaps your override_dh_auto_build is the best way to do it.
<rbasak> I don't see any problem with it in any case
<ahasenack> right
<ahasenack> thanks
<ahasenack> and I just saw that this attempt at two build systems is messing up the clean target
<ahasenack> the tarball has an empty __pycache__ dir in it
<ahasenack> because of this
<rbasak> Do you also need to override with override_dh_auto_clean?
<rbasak> Though I normally wouldn't notice as I always use a clean build (eg. using sbuild)
<ahasenack> yeah, I'm overriding dh_auto_clean now
<ahasenack> it was calling setup.py clean, because dh was told pybuild is the buildsystem
<ahasenack> but there is more cruft that needs to be cleaned
<ahasenack> let's see if this works
<ahasenack> funny that pybuild wasn't cleaning __pycache__: https://pastebin.ubuntu.com/p/6HJ9GZckNj/
<ahasenack> that tarball it build in line 24 contains an empty __pycache__ dir
<ahasenack> it's a native package, so it would just pack everything it found :(
<DammitJim> I know 14 is eol this month
<DammitJim> but is there a particular day? the 20? 28?
<DammitJim> 30?
<TJ-> There was an email notification recently about it
<DammitJim> hhhmmmm
<lotuspsychje> DammitJim: just dont wait till the end to upgrade, take measures
<TJ-> ESM starts April 25th
<TJ-> so presumably April 24th?
<DammitJim> thanks
<DammitJim> yeah, I've been working on it, but I have servers that depend on developers to update their stuff and I know they are going to ask me the specific date... I just need to upgrade 6 more servers out of about 200
<TJ-> tell them April 15th!
<TJ-> give yourself some breathing space :D
<DammitJim> my date is actually the 10th
<DammitJim> it's been the 10th since last year, but I even got confused one day thinking that was the actual EOS date :D
<TJ-> I bet that gave you hot and cold sweats :)
<DammitJim> I already have the hot/cold sweats because there are 6 servers we won't be upgrading. can't wait for the day when I turn those off
<JamesBenson> Does anyone use 10G card: "NetXtreme II BCM57711 10-Gigabit PCIe"?
<JamesBenson> ^ ...from Broadcom...
<genii> JamesBenson: Perhaps a description of what issue regarding this adapter you are trying to resolve might be more useful for someone to assist
<JamesBenson> genii: Sure, sorry, I'm trying to use these 10G cards as our backbone for some older servers, dell 11'th generation.  It seems I can SSH over them, copy files, etc. But ansible for example, doesn't seem to work over them.
<JamesBenson> our end goal is to deploy openstack over them, previously using 1g connection.  No issues.  upgrade to 10g network issues.
<codefriar> I've a dell r710 with 4x NetXtreme II BCM5709 Gigabit Ethernet (rev 20) - but the 18.04 lts installer can not seem to pull a dhcp address. 18.10, however CAN
<JamesBenson> yeah, we have a bunch of the 710's using 16.04
<JamesBenson> good to know about 18.04...
<tomreyn> codefriar: which installers did you test?
<codefriar> tomreyn the standard ubuntu-server installer you can download from ubuntu
<tomreyn> 18.04.0?
<tomreyn> .2 is out
<sarnold> there's also two installers, the newer one and the debian-install one. there may or may not be differences in networking bringup
<tomreyn> also, a bug report would be great to have if there's none, yet
<tomreyn> codefriar: ^
<codefriar> sarnold using the new one, i believe.
<ahasenack> codefriar: 18.04.2 is probably using a newer kernel, that might help with your nic issues
<ahasenack> the installer environment, I mean
<shubjero> Hey there. I'm looking to do some Ubuntu 16.04 to 18.04 do-release-upgrade and I use a 3rd party repo for Ceph packages. I noticed that the do-release-upgrade wants to remove the ceph packages during the upgrade. Any way I can tell it not to do this? Ideally it should just choose the 18.04 ceph packages from the ceph repo.
<sarnold> shubjero: does it appear to remove that repo entirely? or does it just not use those packages because version numbers are lower?
<shubjero> Well. Ubuntu 18.04 is also packaging the same ceph version as the official ceph repo.
<shubjero> For example, on 18.04 you can get Ceph 13.2.5 from the ubuntu repo OR the ceph repo.
<shubjero> Our starting point is Ubuntu 16.04 with Ceph 13.2.5 from the ceph repo.
#ubuntu-server 2019-04-10
<gbkersey> JamesBenson: I'm using BCM57711 10-Gigabit in quite a few R710/R610 all running Ubuntu 16.04 with no problems.
<oskie> is there a way to control when the system does "apt-get update" automatically?
<lordievader> Good morning
<nacc> oskie: well, it generally doesn't
<foo> I'm having memory issues that have occured 3 times in the past month. It would seem something is going on... the system mainly has nginx + gunicorn + various python scripts + postgres. I suspect nginx and postgres tuning for system specs is a good place to start, agreed?
<nacc> foo: descirbe "memory issues"?
<teward> foo: *usually* I'd be looking at gunicorn or the python scripts as your culprits, but describe what you mean by "memory issues"?
<foo> nacc: I can see MemoryError getting thrown in python. Although, upon further inspection this time... I see various issues: 2019-04-10 02:02:39,956 connectionpool 13279 - WARNING - Retrying (Retry(total=2, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError( ... socket.gaierror: [Errno -3] Temporary failure in name resolution ... OSError: [Errno 101] Network is
<foo> unreachable ... MemoryError ... hmmm.
<foo> I'm beginning to blame python scripts and something it uses. Thanks teward
<foo> There's an optimizing change we can make that I've been meaning to make. Now might be a good time. Also, someone suggested installing sysstat and have it run every minute in cron
<teward> foo: unreachable means a network problem resolutoin failures are DNS< and MemoryError from *python* means your Python Scripts / gunicorn backend are consuming memory
<teward> nginx just hands stuff off to gunicorn, and PostgreSQL doesn't really take up *that* much memory depending on what DB commands you're running
<foo> teward: two separate things, right? What's strange is this both happened at the same time
<foo> teward: yeah, relatively small data set too.
<teward> gunicorn is not 'light' by the way for running Python things, so it's entirely possible that that needs tuned better.
<teward> but yeah you'll be looking at your python stuff and your unicorn backend for the memory errors
<tomreyn> such events can be related, you'll need to work out which one occurred first. maybe the network link was lost and a process which depends on it was spawned many times, consuming more memory than it would if the network link had been there.
<teward> since its likely using all your system resources
<teward> also what tomreyn said
<foo> tomreyn: thank you, I'm thinking something like that happened
<foo> rad, appreciate it ya'll!
<tomreyn> this is just a theory i just magically brought up out of a magicians hat, so dont rely on that to be what happened. check + compare timestamps in logs, and, yes, do what teward said ;)
<foo> tomreyn: nope, i see u as my god. /me bows
<foo> tomreyn: thanks ;)
<tomreyn> that's a bad combo, since the only thing i believe in is the existence of aliens (and i don't mean rpm)
<foo> tomreyn: the challenge with that is we'll never see aliens. I mean, would you visit our solar system if we only had 1 star? Maybe they have another rating system
 * tomreyn chuckles
<yossarianuk> Hi - I am planning to install ubuntu-server in a restricted network  - where outgoing traffic is restricted- in order to connect to apt (gb.archive + security) what ip's do I need to whitelist for? Also do I need to enable the port for GPG ?
<yossarianuk> i.e is it just a case of doing a nslookup on  gb.archive.ubuntu.com + security.ubuntu.com  and whitelist those ips ?
<tomreyn> yossarianuk: i don't think these A records are guaranteed to be static
<sdeziel> yossarianuk: it's a good use case for an HTTP proxy
<tomreyn> i.e. you'll need a local proxy of sorts, which is allowed to connect to * firewall-wise. or, if this is not acceptable, work based off point release ISOs
<yossarianuk> tomreyn: thanks
<tomreyn> yossarianuk: i didn't understand the GPG port question
<tomreyn> GPG, as in GNU Privacy Gueard, does not run as a daemon which listens on the Internet
<yossarianuk> hmm I thought you needed access to a port
<yossarianuk> its the HKP port
<yossarianuk> https://superuser.com/questions/64922/how-to-work-around-blocked-outbound-hkp-port-for-apt-keys
<rypervenche> yossarianuk: That's only if you are wanting to access a key server.
<tomreyn> if you'll use utilities such as apt-add-repository which look up apt repository signing keys automatically when a PPA is added, yes. otherwise, i don't think so.
<yossarianuk> I thought that is what apt did by default ?
<yossarianuk> ok thanks
<tomreyn> ubuntu's archive server apt gpg signing keys are packaged, so there should be no need to look those up. either way, you could deploy apt signing keys manually to your systems.
<tomreyn> see /etc/apt/trusted.gpg.d/
<tomreyn> also "apt-key list"
<foo> I have ideas... but... what do you see? Looks like something is pegging CPU and RAM, agree?
<foo> uptime load average: 1.77, 3.88, 2.42
<sarnold> a load average doesn't mean too much in isolation
<sarnold> I've seen nearly idle machines with a load average of ~32 and machines doing strenuous work with load average of ~2
<sarnold> instead use top or htop or similar to see which processes are using cpu; vmstat 1 to see bi and bo, si and so columns, to see how much disk io and swap io there is
<sarnold> that'll give you much better indicator of what the machine is doing
<foo> sarnold: oh, whoops, I forgot to link it, heh... https://paste.ofcode.org/p8dTGJX5AKZYzAtJsgAD9t
<sarnold> hey there we go! :)
<sarnold> sadly I odn't know this tool.. can you scrape the si and so columns?
<foo> sarnold: sure.
 * foo checks vmstat
<foo> sarnold: https://paste.ofcode.org/39eLF9awfa9qpXJx4RagY2Q
<sarnold> foo: cool, thanks; minimal disk IO, no swapping, cpu spending a lot of time idle. it feels like a lightly-loaded network server to me. how'd I do? :)
<foo> sarnold: ha! thank you :) In that case, I'll pay less attention to https://paste.ofcode.org/Vtqr9abPzHsWbELp5zJfLS - eg. %memused and %commit seemed high (they're red when viewed in terminal)
<foo> sarnold: I also just rolled in a fix so that may have helped. Will keep an eye on it, thanks for the two cents! I've made notes of this, too. Been a bit rusty with troubleshooting... glad to keep notes with this now
<sarnold> foo: a friend once said "unused memory is wasted memory"  :)
<sarnold> foo: hold on a sec..
<sarnold> foo: there's weeks of excellent reading on http://www.brendangregg.com/linuxperf.html and linked pages
<compdoc> I wish I had friends :(
<foo> sarnold: thanks!
<sarnold> compdoc: aww :(
<compdoc> lol
<gislaved> when I have a nic on 2 hosts crossconnected, make a bridge for it, attach it to a VM to that bridhe, create a nic in both VM's within the same subnets, shouldn't they be able to ping ?
<sdeziel> gislaved: in theory yes. Make sure you don't have br_netfilter loaded on any of the hosts though
<gislaved> sdeziel as far as I see that is not the issue, it are two vyos vm's on a proxmox box and they cannot ping eachother
<gislaved> 2 proxmox boxes
<sdeziel> gislaved: I don't know proxmox but surely tcpdump should give you some visibility inside those bridges
<gislaved> that is possible indeed :)
<gbkersey>  JamesBenson: I'm using BCM57711 10-Gigabit in quite a few R710/R610 all running Ubuntu 16.04 with no problems.
<JamesBenson> gbkersey: thanks, any special drivers?
<JamesBenson> or just install ubuntu 16 and go?
<gbkersey> stock.....
<JamesBenson> what kernel do you use?
<gbkersey> currently Linux palm 4.4.0-142-generic #168-Ubuntu SMP Wed Jan 16 21:00:45 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
<gbkersey> using default params with bnx2x module
<gbkersey> this is a filesystem network for a vm hosting cluster - we're primarily doing drbd over these connections using jumbo packets
<gbkersey> you aren't going to see 10GB out of these on 11th gen servers - the pci bus isn't quite fast enough - but we do get 7-8 Gbps
<gbkersey> we used the BCM5709 for the pxe installs though, so I'm not sure if the installer supports bnx2x
<gislaved> what bond mode is best supported with 2 direct links between 2 servers ? so to say 2 crossconnects ? active/backup is no option I think
#ubuntu-server 2019-04-11
<JamesBenson> @gbkersey:  Thanks for the info.  Even a 7-8Gbps is better than a 1Gbps.  We are using the ga-16.04-lowlatency kernel for what it's worth
<lordievader> Good morning
<MrMojit0> I have an fresh Ubuntu machine running and I installed Nagios using the following website: https://kifarunix.com/how-to-install-and-configure-nagios-core-on-ubuntu-18-04/
<MrMojit0> Installation seems to be successfully because I can access the website. But now comes to problem, when I reboot the machine it wonÂ´t work anymore and I need to follow the complete tutorial again to get it up. But then again after a reboot its not working.
<MrMojit0> My Linux experience is zero. So I was hoping if anyone has an idea what could be wrong on that tutorial or how I can get Nagios to work again.
<lordievader> Is the Nagios service enabled?
<MrMojit0> lordievader: How can I check this on Ubuntu?
<lordievader> `systemctl status nagios` (assuming here the nagios service is called that way)
<MrMojit0> Active: active (running)
<MrMojit0> Just did a check on Apache2 if that is running and that is also good
<lordievader> Is it the same after a reboot?
<MrMojit0> Let me restart to be sure
<MrMojit0> The IP address is also reachable. Maybe it has something to do with the firewall
<MrMojit0> Both Nagios and Apache are running successfully after a reboot
<MrMojit0> Found the issue! Thank you
<MrMojit0> I need to readd the Â¨ufw allow apache;ufw reloadÂ¨
<MrMojit0> How can I make sure those settings will stay stored and not be gone after a reboot?
<lordievader> I think ufw takes care of that. Haven't used ufw in ages. Dislike the way it does things.
<MrMojit0> I am just rebooting the machine again to see if ufw is enabled or not
<MrMojit0> It is enabled, but still need to add the rules. I will look how to make those rules mandatory
<gbkersey> JamesBenson: thanks for that....
 * foo attempts to figure out what is causing oom to murder processes
 * foo reads https://serverfault.com/questions/134669/how-to-diagnose-causes-of-oom-killer-killing-processes
<foo> I wonder if oom-killer can be too aggressive? What's strange is I rarely see this system swapping
<vahnx> Hi all, I'm looking to setup a ticketing system on 18.04 LTS and looking for recommendations. I was using Spiceworks on Windows but have since moved to Linux and do not have a Windows license.
<Ussat> ticketing system, like help desk thing /
<vahnx> Something that I will mainly use, maybe 1 or 2 more users. Yeah for tech support.
<cryptodan> vahnx: look at osticket
<vahnx> Ok thanks, will do!
<cryptodan> vahnx: https://osticket.com/
<codefriar> any Traefik experts here?
<admin0> hi .. my server / is 100% full, but i am not able to see what is causing it ..    / is 80G ..  du -sh /* grep G does not even come near 80G
<admin0> is it possible it can be something that is in memory or an open file handler . and if such is there, how do I find it out ?
<codefriar> admin0 I once ran out of inodes, and it showed as full
<admin0> inodes is only 4% used
<admin0> df -h =>  /dev/mapper/cloud-root   75G   75G     0 100% /   |  df -i => /dev/mapper/cloud-root  5005312 174582  4830730    4% /
<leftyfb> admin0: cd / ; sudo du -hs .[^.]*
<leftyfb> admin0: that'll run against any hidden directories
<leftyfb> admin0: cd / ; sudo du -hs .[^.]* * |grep G # this will run on everything
<leftyfb> admin0: once you get some space, I recommend using ncdu
<whislock> admin0: If a process is holding a file open, that space will still be consumed for filesystem allocation purposes until the process releases the lock.
<admin0> 9.0G .
<admin0> that is what i get
<admin0> but df is 100% full
<admin0> wishlock , how do I locate such process or such file
<leftyfb> admin0: can you pastebin exactly what commands you are running and the output please?
<admin0> sure
<admin0> sure .. one moement
<admin0> whislock, thanks for the pointer .. a cron was rm -rf a file while the process was not stopped
<admin0> rebooting that process ( libvirtd) cleared up the space
<admin0> instead of rm -rf the file, will do cp /dev/null instead
<admin0> thanks guys for helping
 * admin0 sends pizza (virtual) to leftyfb and whislock :D
<leftyfb> admin0: future reference, install ncdu
<DammitJim> how can I figure out what blocked processes I have on a server?
<DammitJim> my monitoring system is telling me I have on average 5 blocked processes, but I don't see a D in the S column on top
<tomreyn> is uninterruptable sleep what your monitoring system means by "blocked process", though?
<DammitJim> tomreyn, good question... not sure
<DammitJim> ndicates the number of processes blocked for I/O, paging, etc.
<tomreyn> hmm yes, sounds like it should be that
<sarnold> DammitJim: procfs(5) /proc/pid/syscall sounds vaguely enough like a blocked vs not-blocked measure for such a tool
<sarnold> it'd be a bit silly to open, read, and close, a few thousand files for this information every N seconds of course, but maybe that's what it's doing
<DammitJim> hhmmmm
<tomreyn> if its source code is available to you, you could inspect what it actually does.
<DammitJim> so, how do I get the process that is blocked?
<sarnold> well, the thing with these kinds of measurements, is that it's all very transitory and racy
<DammitJim> so, hard to "catch?"
<sarnold> after all it takes ~20ms to handle a read IO operation from a spinning metal hard drive, by the time top or similar tool has crawled through all the processes on the system, the information it has on a process is likely already out of date
<DammitJim> oh yeah, here I"m talking about an all flash array
<DammitJim> and the blocked process stats from the monitoring system are reported every 5 minutes and I had this "problem" for about an hour
<tomreyn> according to google your quote's source is https://docs.eginnovations.com/Unix_and_Windows_Servers/System_Details_Test_1.htm
<DammitJim> yes
<DammitJim> I'm on hold with them asking them what they are actually polling
<tomreyn> no source code there, i assume.
<sarnold> you could perf trace or strace the thing. it'd be drinking from a firehose though
<DammitJim> yikes
<dlloyd> you can filter to specific sysclals with strace
<foo> When oom starts killing stuff, per syslog, it's not always clear what that is, correct?
<sarnold> hmm? I'm accustomed to seeing it saying which process it killed
<tomreyn> both pid and process name should be listed
<sarnold> of course if it kills X11 and then all your X clients *also* die because the other end of their socket went away, that might feel a lot like the oom killer not reporting what died .. when really, it was just responsible for one process going away
<foo> tomreyn / sarnold - thanks, but that's not *always* the process that is consuming the memory right? eg. X can consume a ton of memory, Y will get killed off a result, correct? Or am I misunderstanding?
<sarnold> foo: yeah, there's also some per-process scoring involved; and depending upon how much memory is shared among processes, killing "huge" ones may not actually free up much memory
<foo> sarnold: ok, so whatever gets killed is not always the culprit. eg. I've seen a ton of different things killed off now that I think about it
<foo> System runs nginx, postgres and a few python scripts. Attempting to figure out what is causing this
<sarnold> yeah, the kernel tries to balance (a) killing something quickly (b) killing as little as possible (c) while also still getting as much memory for the pain
<tomreyn> the journal will report which process was killed. processes which depend on this process may also fail as a result, and wont be listed individually as part of the oom kill record..
<foo> sarnold: thanks
<foo> nginx looks ok, checking postgres right now too.
<tomreyn> you can actually influence the kernels' decision making a little. but, much more reasonably, you don't want the OOM killing to happen in the first place.
<foo> Also going to enable query logs for slower queries
<foo> ./postgresqltuner.pl says [URGENT] set vm.overcommit_memory=2 in /etc/sysctl.conf and run sysctl -p to reload it. This will disable memory overcommitment and avoid postgresql killed by OOM killer. - I've been tracking down a memory issue with something, not sure what it is. Are we in agreement this is suggested? I assume it is but thought I'd ask
<tomreyn> first identify which of the processes allocated more memory than they should have according to your planning, then try to see how to tune them.
<tomreyn> if you start increasing debugging / verbosity now you already change their resource allocation
<foo> tomreyn: "first identify which of the processes allocated more memory" - I can only do this by checking conf files, right? Is there another way?
<tomreyn> montoring
<foo> tomreyn: you have suggested tools? It's so sporadic, I haven't been able to narrow it down. Running a top and sysstat and what not now
<tomreyn> you run some services on your server. ideally as few as possible, and move others to separate servers (or VMs). you think about how much memory you want each of them (as well as the OS itself) to consume, and calculate the total memory allocation. you configure services to allocate only the amount of memory you want them to allocate (which is not always possible, but it often is more or less possible, especially with DB servers).
<tomreyn> and you do monitoring in short enough intervals to determine what may have consumed more memory than planned. and when this happens you review its logs (maybe increase verbosity), configuration, do the tuning.
<foo> tomreyn: yeah, I thought about splitting things about a bit more... namely moving postgres onto it's own system. Right now postgres + nginx + various python scripts all on one server... and thus fine-tuning isn't an exact science since each fluctuates
<tomreyn> right, DB servers should always be run just by themselves IMO.
<tomreyn> postgresql is actually quite configurable in terms of memory allocation, nginx also, but there i find it not to be so plannable.
<sarnold> the downside to running databases on different servers is that can add milliseconds to latency. that's probably better than minutes of latency if the oom killer has decided your database is a hog :) but still, something to keep in mind
<tomreyn> so can a lot of other factors, yes.
<foo> tomreyn / sarnold - yeah, I'm not opposed to that. Would definitely help control resources better
<sdeziel> tomreyn: do you recommend to always separate the DB backend from the web frontend for security? performance? upgradability? all those?
<foo> I know amazon has RDS. I wonder if Digital Ocean has something.
<foo> Does anyone have any commentary on this suggestion: [URGENT] set vm.overcommit_memory=2 in /etc/sysctl.conf and run sysctl -p to reload it. This will disable memory overcommitment and avoid postgresql killed by OOM killer.
<sarnold> foo: in isolation, I don't like the suggestion. if, after doing the analysis tomreyn suggested, you may realize it makes sense or it may not make sense
<sarnold> foo: yes, that should drastically reduce the chances of hitting OOM, but it might also make the machine nearly unusable.
<foo> sarnold: thank you. Part of my challenge is little to nothing meaningful has changed in the past month that I can see. I'm almost wondering if some library had some API change and there's some obscure threading issue due to some change which is causing some resource issue... but meh, OOM killed stuff once in feb, once in march, and 4 times his month (already). Traffic all looks nearly the same
<sarnold> foo: that sounds a lot like the machine just isn't sized correctly for the workload
<foo> sarnold: thank you. it's been online for 3 months. It was a recent migration from ubuntu 14.04 to 18.04. Not much has changed in the past few months but nonetheless, I agree something isn't tuned properly. I don't think gunicorn can be tuned, leaving nginx + postgres, namely. Django also runs on here.
<BrianBlaze> how do I get an older version of mysql? everytime I try to install a deb it tells me dependency issues and install -f just gives me the latest version
<BrianBlaze> wondering if anyone can poitn me in a direction :)
<sarnold> BrianBlaze: can you pastebin the whole thing? (pastebinit package has an easy pastbinit tool that can help this)
 * foo sets up pg_stat_statements
<BrianBlaze> https://pastebin.com/gEH5Li2i
<sarnold> why do you want to install that specific version?
<sarnold> where did you get it?
<BrianBlaze> because this app needs mysql version between 5.5 and 5.2.24
<BrianBlaze> sorry 5.7.24
<sarnold> does 5.7.25 break something? or does their documentation just not know about 5.7.25 yet?
<BrianBlaze> when I go through the install it tells me it won't work with the newest version of MYSQL and won't let me go farther
<BrianBlaze> so yeah the latter sarnold
<sarnold> ew
<sarnold> alright then
<sarnold> do you have any data in the database that you care about?
<BrianBlaze> nah this is a fresh install
<BrianBlaze> basically we use orangeHRM at work
<BrianBlaze> open surce
<BrianBlaze> and I am trying to go to the latest version
<BrianBlaze> I will worry about getting the data there after
<sarnold> alright, cool. I think you'd be best served by apt-get purge mysql-server  -- maybe you'll need to purge other mysql packages while you're at it -- and download the 5.7.24 packages from https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.24-0ubuntu0.18.04.1
<BrianBlaze> thanks so much I will give it a shot
<tomreyn> sdeziel: not always, not necessarily for a small test / dev / hobby project. but for anything 'serious', yes.
<sdeziel> tomreyn: OK. I myself usually put it on the same machine to remove the network from potential source of failure. I also think that since the web app has the DB password, security-wise it isn't much worse
<sdeziel> tomreyn: but for a bigger deployment, I guess you are right it's best to separate them
<tomreyn> sdeziel: sure, networking is always a possible hazard (still but not neccessarily as much in a more controlled environment than the Internet), and there is latency, as sarnold mentioned. but if you run a webserver on the same system as a database server, it already rules out a serious HA setup. (definitely but not neccessarily only) if there's server side scripting involed on the webserver it also also means you're adding additional
<tomreyn> attack vectors against a local vs remote database server (vectors and attacks which involve the local (e.g. file) system, such as remote file include, privilege escalation, directory traversal).
<sdeziel> tomreyn: right, good point. It's harder to secure when both are on the same machine
<sarnold> BrianBlaze: don't forget to dpkg hold the mysql packages to prevent security updates from replacing the specific versions you're installing
<sarnold> BrianBlaze: apt-mark(8) can do that
<sdeziel> tomreyn: that said, the only valuable thing on the DB server is usually the DB itself
<BrianBlaze> how true
<BrianBlaze> thanks
<tomreyn> sdeziel: which is the big secret trove, the crown jewels, though, right? surely not always, but in many cases DB leaks are worse than, say, application code leaks (though those can be very bad, too, exposing malpractive, dodgy policies which carried into code)
<sdeziel> tomreyn: agreed but since the web app already has access to the DB...
<tomreyn> sdeziel: database user access, yes, not file system access
<tomreyn> those are very different
<sdeziel> tomreyn: that's probably what I fail to understan
<sdeziel> mind elaborating a little on the security implications?
<tomreyn> if you can "select into outfile" on a backend DB server but have no means to access the data it stored into a file that is now local to the DB server, such as thorugh a remote file include attacks against PHP, then this attack vector doesn't help you at all.
<sdeziel> and such case, the source of the select would have to be something else than the DB itself, is that even possible?
<BrianBlaze> I really appreciate the input sarnold I am on my way :)
<sdeziel> (I know very little about DBs... just enough to drop a table/DB ;) )
<sarnold> BrianBlaze: great! :) have fun
<sarnold> little sdeziel tables :)
<sdeziel> hehe
<sdeziel> https://www.xkcd.com/327/
<tomreyn> :)
<tomreyn> sdeziel: so imagine this scenario: there is a php application running on the weserver which is both vulnerable to remote file includes and SQL injection, and you have a mysql server as the backend. and the SQL injection is limited in that the application prevents it almost except that you can still run INTO OUTFILE sql queries successfully, where mysql qould write the result of a query into a file on the local file system.
<sdeziel> tomreyn: so far I understand from the above that you could extract stuff the mysql user has access to.
<tomreyn> sdeziel: in this scenario, if the DB server runs on the same system as the vulnerable web application, you can access this file via remote file include. not so if the database server runs on a different system and wrote the file on this systems' file system but not that of the web application
<sdeziel> tomreyn: I (think I) understand that part but what I fail to understand is how would that be a bigger threat than leaking the full DB the web app has access to anyways?
<tomreyn> sdeziel: it is only marginally greater. but in the scenario discussed, you can't make the web application leak the full DB its DB user has access to by any other means.
<tomreyn> normally web applications are not meant to just read the full DB and dump it to the internet ;-)
<tomreyn> we'Re well beyond the scope of this channel by the way. if anyone thinks we should move elsewhere please say so.
<sdeziel> I'm not worried about the normal case ;) but I'd assume someone with SQL injection and interested in the DB data would simply leak it without the intermediate file
<sdeziel> yeah, that's OT, sorry
<tomreyn> sdeziel: it's all a matter of what the attacker can control. if they can just run any SQL statement they like against the database within the scope of the web applications' database, then surely that means they can dump it.
<tomreyn> the scenario i meant to describe only allows the attacker very limited control over how sql statements can be modified.
<tomreyn> tv time now, but we can talk later in #ubuntu-offtopic or elsewhere, just ping me.
<sdeziel> tomreyn: thanks
<sarnold> thanks for the discussion, it's been fun reading
<tomreyn> :) and fun for me learning to understand how i can express myself better, and not mixing up the proper terms so much. i bet sarnold would have explained it much better. ;-)
<sarnold> I wouldn't be so sure of that -- actually *using* computers isn't my forte :)
<sdeziel> once again, I get to the conclusion I should learn more stuff to better understand things..
<sarnold> heh, yes :)
<JamesBenson> @gbkersey: FYI: Linux 4.4.0-145-lowlatency #171-Ubuntu SMP PREEMPT Tue Mar 26 13:17:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
<gbkersey> JamesBenson: any luck with the 10Gb ?
<teward> ehehehehehehehehe i feel privileged... xD
<teward> I have TWO cable hookups here xD
<teward> sarnold: mind helping me test something?
#ubuntu-server 2019-04-12
<lotuspsychje> ask here and idle a bit Koopz volunteers might wake at US timezone here
<Koopz> hmm... my workday might be over by then ;D
<lotuspsychje> ask anyway, you never know
<mIk3_08> Hi guys.... how was the status of Linux as a Server Operating System?
<Koopz> i've got 2 users on my server which i want to move over to a new server. Do i just need to edit /etc/passwd, /etc/group and /etc/shadow, add their lines, restart and i'm done? (already copied their home directories over)
<Koopz> or do i even need to reboot?
<ducasse> mIk3_08: do you have an ubuntu question?
<mIk3_08> none so far ducasse
<Koopz> okay i got a package related question here, i just tried installing "cacti" which somehow ended up in apt also installing apache2 which i didn't want and shouldn't really have happened either
<Koopz> this is actually my first time checking dependencies for packages so i may be misinterpreting this but does cacti actually depend on libapache2-mod-php?
<blackflow> Koopz: it shouldn't. I hink apache is just a default dep for "I need PHP!". If you installed php(-fpm) first, it should not call in apache
<blackflow> Koopz: Uh, sorry, I mean web server, like nginx. if you have it installed first, it wouldn't call in apache for php deps. but you do need php-fpm
<Koopz> i got php-fpm and nginx installed, that's why i'm asking
<blackflow> oh and it still pulls in apache?
<Koopz> https://gist.github.com/Koopzington/9f515c4146eacbe22914a7842c893923
<Koopz> here's the map i got
<Koopz> if i understand this thing correctly it wouldn't need libapache2-mod-php if i had javascript-common installed? à² _à² 
<blackflow> it shouldn't pull in apache if you have nginx installed. could be a bug in packaging. wouldn't be a first.
<Koopz> there does seem to be some kind of hard linking between apache2 and cacti though. After i installed cacti i tried removing all apache2 packages afterwards and when i removed apache2-bin, cacti got uninstalled too
<blackflow> the dep list says libapache2-mod-php OR php (virtual). so something else in that whole deplist must be pulling it in
<Koopz> oh? does the pipe indicate the first option of the "OR"?
<blackflow> Koopz: ah, wait....  it's a recommended package
<blackflow> apt install --no-install-recommends cacti
<blackflow> it's a bug if you ask me, it should be removed from cacti's recommended list as it's already a dependency pulled in via php (as alternative) and php is a must
<jamespage> sahid: I'm about to start on the networking- and neutron- packages for release
<blackflow> Koopz: also it's a bug that apache and nginx can coexist, as both would be attempted to start by default, and fail as both can't be listening on port 80
<Koopz> http://koopz.rocks/s/2019-04-12_10-38-40.png
<sahid> jamespage: ack, i'm building and testing nova
<jamespage> sahid: fwiw if its really is just a version delta I'm not build testing prior to upload
<blackflow> Koopz: yeah I was wrong. something else is pulling it in
<Koopz> ah
<sahid> jamespage: ah ok ok
<Koopz> i figured out why apache2 was installed
<Koopz> "php" wasn't marked as installed since i directly installed php-fpm
<blackflow> Koopz: ah, so it must be explicitly installed, I see
<Koopz> yeah i just avoided doing that since the last time i installed "php" apache2 was installed too
<Koopz> it's safe to "install" it after installing fpm though
<jamespage> sahid: ok just did neutron-vpnaas - how are you getting on?
<jamespage> sahid: I'm going to restart from the bottom of the list and work upwards :-)
<jamespage> well after a coffee
<jamespage> sahid: up to placement
<jamespage> sahid: ok just did openstack-trove
<jamespage> sahid: that just leaves nova* and octavia*
<jamespage> sahid: tinwood is cutting the nova-lxd release
<sahid> jamespage: ok i had to be afk, i just pushed nova https://git.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/nova/
<sahid> and i'm taking care of octavia right now
<sahid> (btw i still have tested ova)
<sahid> jamespage: https://git.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/octavia
<jamespage> sahid: master branch of the nova repo has rc2?
<sahid> jamespage: i looked at http://uca-tracker/stein_upstream_versions.html
<jamespage> sahid: well release is out :-)
<jamespage> I don't know how often that report updates
<jamespage> sahid: gbp import-orig --uscan should pick the latest version
<jamespage> in the stein series
<sahid> jamespage: not sure to understand, did i made a mistake?
<jamespage> sahid: how did you download the new tarballs?
<sahid> jamespage: uscan --verbose --download-version "$version" --rename --timeout 60
<sahid> gbp import-orig --no-interactive --merge-mode=replace ../${project}_${version}.orig.tar.gz
<jamespage> sahid: "gbp import-orig --uscan" will do much the same in one command
<jamespage> but will always pick the most recent version from tarballs.openstack.org (in this case)
<jamespage> sahid: the debian/watch file is typically pinned to a major version series so its safe
<jamespage> i.e. you won't jump to train :-)
<sahid> oh yes...
<sahid> ok let me retry that
<sahid> jamespage: ^
<jamespage> sahid: +1
<sahid> jamespage: https://code.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/nova/+git/nova
<sahid> sounds better?
<jamespage> sahid: yep - processing now!
<jamespage> sahid: do you want todo the same for octavia (and octavia-dashboard)
<sahid> yes sure i'm working on ocatva right now, i will do octavia-dashboard then
<tinwood> jamespage, sahid, 19.0.0 nova-lxd is now tagged and pushed to gerrit
<tinwood> sorry for delay; had to check a few things first
<jamespage> tinwood: thanks!
<jamespage> sahid: ok nova uploaded
<sahid> jamespage: ack
<jamespage> sahid: you do octavia-* I'll deal with nova-lxd
<sahid> i'm working on octavia-dashboard but i have a issue with sphinx
<sahid> when i execute gbp buildpackage -S -sa
<jamespage> sahid: try with -d
<sahid> :)
<sahid> ok, all good: https://code.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/octavia/+git/octavia https://code.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/octavia-dashboard/+git/octavia-dashboard
<jamespage> sahid: great
<jamespage> sahid: ok both uploaded along with nova
<jamespage> sahid: I'm just finishing off manila-ui and then I think we're all done
<jamespage> sahid: most are wedged in the disco upload queue pending review by a member of the release team
<jamespage> sahid: as we're in final freeze any seeded packages get reviewed
<jamespage> sahid: but we have an exception so should all be ok
<jamespage> sahid: release team just accepted all uploads I think so we're good
<jamespage> time to build,backport and recheck
<jamespage> (all automated :-))
<DK2> i need to downgrade to 7.1.27-1+ubuntu16.04.1 from 7.1.28-1+ubuntu16.04.1 is there any possibilitys? in the repos i can only find 7.1.28 theres no older package anymore
<DK2> PHP-Version
<jamespage> sahid: if you need to check the upload queue - https://launchpad.net/ubuntu/disco/+queue?queue_state=1&queue_text=
<jamespage> that's for disco - you can url hack for other releases :-)
<sahid> jamespage: ack thanks :)
<jamespage> sahid: so we have four in queue still - no need to chase yet :-)
<tomreyn> DK2: why do you need to downgrade php to an earlier version,a nd where are these versions from anyways (not ubuntu)?
<blackflow> !info php xenial
<ubottu> php (source: php-defaults (35ubuntu6.1)): server-side, HTML-embedded scripting language (default). In component main, is optional. Version 1:7.0+35ubuntu6.1 (xenial), package size 2 kB, installed size 11 kB
<blackflow> !info php bionic
<ubottu> php (source: php-defaults (60ubuntu1)): server-side, HTML-embedded scripting language (default). In component main, is optional. Version 1:7.2+60ubuntu1 (bionic), package size 3 kB, installed size 12 kB
<tomreyn> ppa:ondrej/php for xenial has 7.1.28-1+ubuntu16.04.1+deb.sury.org+3
<tomreyn> https://www.php.net/ChangeLog-7.php#7.1.28 fixes two security vulnerabilities. you don'T want to downgrade to a non-patched version.
<foo> Can someone confirm: 0 */3 * * * /home/dev/sky/db-backups/autopgsqlbackup.sh - this runs at 0, 3, 6, 9, 12, 15, 18, 21 - right?
<rypervenche> foo: Correct. 00:00, 03:00, 06:00, etc.
<foo> rypervenche: thank you
<yossarianuk> hi - I am trying to setup a KVM host using ubuntu 18.04 - I want to set up a bonded bridge with VLAN with netplan
<yossarianuk> are there any examples any where ?
<yossarianuk> I can't find one that has bond, bridge, and VLAN
<yossarianuk> I have tried to attempt it - however the vlan isn't working - it may be due to needing config on the switch - I just wanted to make sure my config was correct
<yossarianuk> You can see it here -> https://pastebin.com/uYx3u1NA
<cyphermox> it's a little hard to read because it's set up for tests, but there's https://github.com/CanonicalLtd/netplan/blob/master/tests/integration/scenarios.py#L75
<yossarianuk> Could some one look at the config (url above) and let me know if it looks like sane config ?
<yossarianuk> I wasn't sure if I put vlan in the right place..
<cyphermox> yes that looks fine
<yossarianuk> cyphermox
<foo> I want to be extra sure... https://paste.ofcode.org/4aCLsTBGcQSi9M5Z44wXn7 - OOM is killing stuff left and right, this is becoming a significant issue and I'm having trouble tackling it. Does anyone see anything telling in that paste?
<foo> I think OOM can still kill off process X even though it's caused by Y, right?
<yossarianuk> cyphermox: thanks - and thanks for the example... I notice that in the example you posted the vlan was added to the bridge interface - do I need to do that ?
<cyphermox> yossarianuk: no; you set it up the way you like we were just trying to mix and match things complicated enough to make it a good test
<cyphermox> foo: it can kill any random thing asking for memory at the time; it doesn't have to be the process hogging things
<sdeziel> foo: there is a selection process on what to kill during OOM
<foo> cyphermox: thank you, thought that was the process.
<foo> What's the best way to see what process is consuming the most amount of memory over time?
<Ussat> vmstat
<Ussat> man vmstat
<Ussat> htop is good also
<foo> Ussat: I was using atop but didn't see anything meaningful in there
<foo> vmstat 1 shows me IF the system is swapping. I want to know the exact process sucking up most memory (if that's possible). I don't seem to see that specifically in the man page... but perhaps I missed it
<foo> What's also strange... I haven't ever seen the system swap. Despite OOM killing stuff. Should I see some swappage?
<foo> It's almost as if the system isn't set up to use swap
<foo> (although it does exist I believe)
<Ussat> look at htop
<Ussat> I dont know any one command that will show that
<foo> oh, actually. There is no swap. heh
<foo> Swap:             0           0           0
<foo> (from free -m)
<foo> ... it's probably suggested to have 2GB swap on a system or such, right?
<foo> ... to at least not have OOM kill off stuff
<foo> I mean, tha doesn't solve my core problem but I'll probably want to do that
<foo> Ussat: thank you
<foo> Do you suggest htop over atop? atop may be older
<yossarianuk> you could try this
<yossarianuk> ps -eo size,pid,user,command --sort -size | awk '{ hr=$1/1024 ; printf("%13.2f Mb ",hr) } { for ( x=4 ; x<=NF ; x++ ) { printf("%s ",$x) } print "" }'
<foo> Mem[||||||||||||||||||||||||||||||||||||||||||||||1.66G/1.95G]   Load average: 0.48 0.43 0.44
<yossarianuk> that show mem of each process and sorts them
<foo> yossarianuk: uh, thank you. |head of that... gives me some definite insight. This is helpful
<yossarianuk> np
<foo> yossarianuk: saving this nugget for future
<Ussat> No kidding, saved here also
<foo> yossarianuk++
<foo> I'm thinking a polling script changed and is threading and sucking up resources.
<foo> I'm tempted to run yossarianuk's command every minute with timestamp and log to file... |head
 * foo does
<foo> while [ 1 ] ; do date; ps -eo size,pid,user,command --sort -size | awk '{ hr=$1/1024 ; printf("%13.2f Mb ",hr) } { for ( x=4 ; x<=NF ; x++ ) { printf("%s ",$x) } print "" }' | head; echo -------------; sleep 60; done
<foo> Not the most pleasant, but output that to a file... it'll to the trick
<Ussat> quick, dirty but effective, and thats what counts
<Ussat> yossarianuk, I know you did not just come u with that, thats impressive
<Ussat> nice one
<foo> haha
<foo> Hmm, I wonder what this is: 111.37 Mb /usr/bin/lxcfs /var/lib/lxcfs/
<foo> ... now if only I could force this issue and see it happen in real time. For now, I wait, and trust the logs.
<foo> Also, can we agree that swap is generally a good idea? I'm a bit rusty in my admin but IIRC that's something I want.
<Ussat> https://linuxcontainers.org/lxcfs/introduction/
<cyphermox> foo, swap won't save you if something is leaking memory or getting to consume all that is available anyway
<foo> Ussat: oh. thank you.
<foo> cyphermox: aka. swap might just be eaten up too, correct?
<Ussat> yup
<cyphermox> yes
<foo> True, but can we agree... having it available (after I resolve this issue) is generally a good idea?
<cyphermox> swap is just "extra memory" on disk, that can be used to free up some RAM when context switching; but it's not a cure-all
<foo> cyphermox: agreed
<cyphermox> it generally will help
<sdeziel> but it provides a nice space to push pages that are not currently in use
<foo> agreed. ok, I'll look into that post-resolving this issue.
 * foo waits on the sidelines with a fly swapper 
<foo> swatter*
<foo> Come on you memory hog, show yourself
<cyphermox> foo: you could just create a swapfile
<foo> cyphermox: I could, but I do want this issue to show itself... in the odd chance it doesn't consume all swap. I have htop going and while [ 1 ] ; do date; ps -eo size,pid,user,command --sort -size | awk '{ hr=$1/1024 ; printf("%13.2f Mb ",hr) } { for ( x=4 ; x<=NF ; x++ ) { printf("%s ",$x) } print "" }' | head; echo -------------; sleep 60; done >> /home/foo/mem-issue.txt
<foo> actually, per htop, I can see my system currently at 1.72/2GB RAM consumption. It's "idling" there... meaning, just a little more requirement could cause a problem
<foo> Do I understand that correctly? I know sometimes the system uses available ram for when it needs it and thus that's not an actual current utilization IIRC
<foo> Great, it just happened - OOM murdered a process. Time to see what the culprit is.
 * foo enables per-second logging for more accuracy, every minute not enough if something spikes within minute and gets killed off
<JamesBenson> gbkersey: I've temporarily paused it.  I needed to get this Openstack deployment out.  I was hoping to use it for that, but I guess next round.  But I might ping you/community about it.  I bought these cards for all of our servers, r610,r710,r910.  So need to get them working!
<foo> Anyone see anything strange here as it relates to memory usage? https://paste.ofcode.org/FDKFEpQt2e2ErWVXNb5Qrw
<sdeziel> foo: you can look at some diagnostic that OOM-killer sends to dmesg, maybe that will tell you more about the culprit
<foo> sdeziel: hmm, I was but didn't see anything obvious, will take another look - thank you
<gbkersey> JamesBenson: hopefully you got the cards cheap... :)  I think I paid ~ $30 for mine...  Expensive thing was the 10G switch module for our 5406zl
<JamesBenson> gbkersey: :-/ I think it was around $65 a pop... for 15 cards.
<gbkersey> not that bad....  I bought a stack of fully populated R610/R710 for $100/box couldn't pass up the deal....
<JamesBenson> We've been buying from servermonkey servers and parts.  RAM from memoryamerica (lifetime warrenty)
<gbkersey> I found that the Dell twinax cables that came with the boxes would not work with the HP switch - because the nvram in the SPF did not say it was an HP
<gbkersey> ended up buying a bunch of clone HP cables off of ebay and those worked just find.
<gbkersey> s/find/fine/
<JamesBenson> We have the dell cables and 10g switch atm.  But we will need more cables, I found some on Amazon that should work
<foo> In the event someone knows how to read OOM data better than me and can provide some pointers, here's the OOM / kernel info: https://paste.ofcode.org/ytez6sPUZXdQbUQGyY69WS - I wonder if I want to look for oom_score in output?
<foo> sdeziel: ^
<foo> Thank you!
 * foo skimms
<JamesBenson> https://www.amazon.com/Cable-Matters-10GBASE-CU-Compatible-Supermicro/dp/B01DJL4LRE/ref=sr_1_4?keywords=SFP%2B%2Bcable&qid=1552935297&s=pc&sr=1-4&th=1
<gbkersey> I bought the clones on ebay....  they were cheap.
<JamesBenson> yeah, we can't buy from ebay... university
<JamesBenson> too much of a pita.
<foo> I mean, I guess it's possible this box just needs more memory...
<foo> I could upgrade it to 4GB RAM. Actually, probably makes sense to add 2GB swap before doing that
<sdeziel> foo: the way I read it, postgresql asked for more memory but none was available so OOM-killer started to look where to force reclaim some, the gunicorn process (27094) was selected as the best candidate to kill to free some RAM
<blackflow> you mean the kernel dice rolled just at the PID to the chagrin of gunicorn :)
<foo> sdeziel: thank you! Now, to help understand what you're seeing... you're basically looking at Apr 12 07:39:42 server kernel: [9534277.048613] postgres invoked oom-killer and then Apr 12 07:39:42 server kernel: [9534277.049074] Out of memory: Kill process 27094 (gunicorn) score 84 or sacrifice child - right?
<sdeziel> foo: there are many invocation of the oom-killer in that paste, I only checked the first
<sdeziel> foo: yes
<foo> sdeziel: thank you. yeah, it looks like even sshd invoked oom killer.
<gbkersey> JamesBenson: just be careful that the eeprom in the twinax matches your switch vendor especially if the switch is HP - the cards complain about the cable not being certified but they still work just fine.
<sdeziel> foo: this first kill seem to have freed ~170mb of RAM
<foo> sdeziel: ... which would lead me to believe just because postgres invoked oom-killer, it's not necessary the main culprit... it simply couldn't find more memory available
<sdeziel> foo: the process that wakes oom-killer isn't necessary the culprit, it just happens to be one process needing for some more memory but the memory pressure is the result of every process taking some memory away from the kernel...
<foo> sdeziel: I assume Apr 12 07:39:42 server kernel: [9534277.051857] Killed process 27094 (gunicorn) total-vm:391752kB, anon-rss:169656kB, file-rss:1164kB, shmem-rss:0kB - and specifically: anon-rss:169656kB is what you're seeing there. Thank you, this is helpful for me to do this myself next time.
<sdeziel> foo: correct
<sdeziel> foo: IIRC, the meaning numbers/metrics are "*-rss"
<blackflow> eh "culprit" ... how do you define one. postgres wanted more RAM, kernel killed gunicorn in response. postgres totally is the culprit for that oom.    the only way to properly control that is to resource-limit individual processes, but that's usually less than optimal usage of RAM
<foo> sdeziel: right right. The next question is: A) does this server simply need more memory? or B) are some of the python processes ( per https://paste.ofcode.org/FDKFEpQt2e2ErWVXNb5Qrw ) simply taking "too much" memory. Yup https://stackoverflow.com/questions/18845857/what-does-anon-rss-and-total-vm-mean
<blackflow> foo: python is notorious for not returning the RAM it's no longer using, back to the OS
<sdeziel> foo: it depends. your paste doesn't show the PID so it's hard to know. I'd check if a given gunicorn process sees its memory bubbling over time
<blackflow> we have some uwsgi apps that, for some requests, need to spike up RAM usage several times more than average. so we configure uwsgi to kill a running process when rss is larger than a set threshold
<foo> blackflow: THANK you. I do have control over python code and can see about it... it's possible there is a python library causing an issue here
<blackflow> (which happens after the request is done, this "killing" is a graceful shutdown-and-restart of the process)
<sdeziel> uwsgi is also what I've used and I liked it's flexibility
<foo> What's interesting is I see this: [URGENT] set vm.overcommit_memory=2 in /etc/sysctl.conf and run sysctl -p to reload it. This will disable memory overcommitment and avoid postgresql killed by OOM killer. - from "/postgresqltuner.pl" - which leads me to believe... I might be able to set something to prevent oom getting invoked by python. Do ya'll generally suggest this?
<blackflow> foo: no idea, you should analyze individual processes RAM usage and make decisions based on that
<sdeziel> foo: that's a global flag so it would be less risky to do on a dedicated DB server which isn't the case of your box
<blackflow> foo: no. overcommit is okay if used wisely. what you need is to resource-limit individual processes, so that OOM can't kill random processes
<foo> One thing that's somewhat telling, per https://paste.ofcode.org/FDKFEpQt2e2ErWVXNb5Qrw - line 11... 45.53 Mb /home/dev/website.com/venv/bin/python3 /home/dev/website.com/venv/bin/gunicorn - that's a django-based app. The other gunicorn stuff is for another app... and that's all at ~150MB. Sure, it's a bigger app, but if I had more insight into which python libs were sucking up memory there... hmmm...
<blackflow> but then only to find out what is frequently needing more than allocated, then act accordingly (eg, by adding more RAM, or by optimizing that process' RAM usage)
<sdeziel> foo: you can probably do something more fine grain with systemd tuning how much RAM is given to gunicorn
<foo> that might be helpful.
<blackflow> which is the resource limiting that I'm talking about
<sdeziel> yup
<foo> sdeziel / blackflow  - thank you, I value some understanding here, appreciate your explanations.
<blackflow> https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
<gbkersey> JamesBenson: this is what I see on the server side with the twinax I'm using: Warning: Unqualified SFP+ module detected, Port 0 from OEM but the next line says - NIC Link is Up, 10000 Mbps full duplex, Flow control: none
<foo> Sounds like my options are A) resource control gunicorn or B) see if I can less RAM usage in gunicorn (so 3 processes aren't taking up 150MB) ... what I'm not sure of is how A) would affect the actual gunicorn process (eg. if it can't get all it's memory, would it force gunicorn to complain? would it "slow down" performance for that process?)
<blackflow> foo: just remember that setting these flat limits makes your RAM usage suboptimal. allowing one process to temporarily peak is not bad, as long as you have the peaks under control
<blackflow> when they all start to peak at the same time, that's when you need more RAM .... or somehow bring down those peaks.
<foo> aka. bring down those peaks = option A or B)
<blackflow> foo: limiting a process will result in an error for that process only, when it requests more RAM and there isn't any
<sdeziel> foo: or load balance the incoming requests between more servers
<blackflow> foo: python is verbose about that: https://docs.python.org/3.6/library/exceptions.html#MemoryError
<foo> blackflow: great, that's what I was not aware of - thank you for explaining
<foo> sdeziel: this is such a low profile and low traffic app... this all randomly start which is what I'm wondering about
<foo> blackflow: I actually have been seeing MemoryErrors, too. There are several things happening at once. Postgres generally is what complains about MemoryError. I've been trying to figure out root cause of this for about 3 months now. It randomly happened once in Feb, once in March, then about a dozen times this month. Not much has changed that I'm aware of. If anything, we switched from ubuntu 14.04 to
<foo> 18.04 in Dec 2018
<blackflow> foo: how many workers have you configured for the gunicorn app?
<foo> blackflow: there's a few different processes. eg. gunicorn runs django for main site, then gunicorn runs for our own app (that has 3 different gunicorn instances). Here's one of the instances sky-admin which is taking up the most RAM: https://paste.ofcode.org/YsYRbcRnnsbXdrj6rZpd7f - 1 worker
<blackflow> so there's no dynamic number of processes? something that, say, scales up with number of requests coming in?
<blackflow> bottom line you're definitely out of RAM. Since that's a DO droplet, perhaps it'd be wise to upgrade it, and then run a thorough analysis of how much RAM each process peaks at without an error, and then decide how/what to limit and whether you'll want to downgrade the droplet again
<foo> blackflow: thank you! that's what I'm leaning towards... and even before upgrading droplet, I think enabling 2GB SWAP probably makes sense (right now none is enabled). Agreed? This would allow me to troubleshoot this, do testing, without things getting killed in producted by OOM
<blackflow> partially, yes
<foo> Actually, we probably had 2GB enabled swap on the old system before the 14.04 > 18.04 upgrade...
<foo> That might have been why I never saw this
<sdeziel> foo: you might want to look at zram/zswap
<Ussat> I never run without a swap.
 * foo checks https://linuxize.com/post/how-to-add-swap-space-on-ubuntu-18-04/
<Ussat> on any of my systems
<foo> Ussat: yeah... I think this was an oversight on my part
<Ussat> NP, happens and easy to fix
<foo> sdeziel: haven't heard of that, different than normal swapping I assume? Hmm, thanks
<blackflow> I wouldn't recommend zram or zswap. that's like applying bandaid to a gaping wound.
<Ussat> ^^
<sdeziel> foo: I just learned that it's presumably being used by default in ChromeOS
<foo> sdeziel: oh, interesting - thans
<blackflow> especially zswap is not swap at all, but memory compression of unused pages ---- that still occupy memory.
<foo> blackflow / Ussat - appreciate your vote, thank you
<sdeziel> but yeah, my first recommendation would be to use a plain swap(file) first
<foo> sdeziel: appreciate it!
<foo> Is there a generally "best practice" swap size to use? I generally use 2GB
<Ussat> foo, thats a HOTLY debated topic. Generally all my systems have between 2-4
<sdeziel> foo: there are various guidelines. hybernation requires >= RAM IIRC
<Ussat> but it depends on system use, memory etc
<Ussat> is this a physical or vm ?
<sdeziel> foo: 2G sounds OK to me. If you end up swapping that much you'll definitely notice the performance hit
<Ussat> and ya that
<foo> Ussat: VM, digial ocean droplet
<foo> Currently at 2GB
<Ussat> some apps (looking at you oracle) require a big swap
<foo> I can add 2GB swap... if I go over that, probably makes sense to increase droplet swap
<Ussat> 2G swap should be fine
<Ussat> and ya if you swap all 2G you will notice it
<blackflow> something like Munin to monitor and graph over time RAM, swap usage, and other things, is very recommended too
<Ussat> most of my work VM's have 2-4
 * foo learns about Swappiness Value
<foo> Sounds like next step here... given the OOM and reason for doing this... is to set up system monitoring and watching how often swap is used with some pretty graph or such, agree?
<foo> oh, heh, I just read backlog ... blackflow is a step ahead of me (thank you)
<Ussat> if it runs a java app you might also look ap heap size
<Ussat> loot at
<foo> Ussat: negative
<Ussat> ok
<Ussat> good
 * Ussat is NOT a fan of java apps
<Ussat> They are the bane of my existance
<foo> Ussat, blackflow, sdeziel, cyphermox, yossarianuk - I suspect I'm good for a bit here. I am very grateful for your time/contribution to this, thank you! This may all come down to not having swap enabled post a deployment I did in December. Still curious what is causing this to happen so much this month, but at least now I can troubleshoot/investigate without being stressed on a tight timeframe and I
<foo> know swap can cover for a bit. Thank ya'll.
 * foo waves magic wand and grants you all access to use his nick in config and code / etc
<blackflow> foo: re monitoring, yes. I'm a big fan of Munin we use on all our servers. But there's Zabbix and others too.
<blackflow> foo: having swap enabled even when you don't have OOMs is wise. nowadays various bloatware products will have unused pages that can be swapped out and RAM left for apps to use. esp. Python
<foo> blackflow: I used to use nagios back in the day. I heard good things about Zabbix and Munun... going to look into getting this set up now. My next question is... do I spin up another Digital Ocean Droplet to monitor... wait actually, I guess I could run zabbix/munun on the system itself
<foo> s/munin/
<Ussat> we still use nagios :)
<Ussat> I just finished building a nagios server for core-team here
<blackflow> munin is very light, it's a cron based master process with (mostly) perl based sensors, that creates static HTML+png pages and graphs, which yes can run locally, no need for a separate DO
<foo> Ussat: rad!
<Ussat> blackboxsw, I am trying to convince them to change to munin
<Ussat> but "we have always...."
<sdeziel> munin and nagios have different use cases unless munin now offers more than it did years ago
<Ussat> it does
<blackflow> Ussat: munin is very nice. we use it even to send us alerts though that's a bit unoptimal because it'll keep mailing every 5 minutes until the alrt value is below the treshold.
<sdeziel> however crappy NRPE is, it's pretty handy
<blackflow> and custom plugins are dead easy to write, you can have them in anything. shell, perl, python, C, java, whatever.
<Ussat> We are a mostly IBM shop so we have Tivoli monitoring for most things
<sdeziel> NRPE checks are also trivial to write
<blackflow> sdeziel: munin is primarily to graph things, but we use it for alerts too as it can do alerts on value tresholds.
<sdeziel> blackflow: sounds like what netdata does which I'm more familiar with
<Ussat> Most of my AIX stuff is monitored with Tivoli, and we are getting more and more linux into Tivoli monitoring
<blackflow> sdeziel: I'm not familiar with netdata, sorry
<sdeziel> blackflow: worth checking IMHO: https://my-netdata.io/#demosites
<blackflow> sdeziel: huh real time streaming of data... interesting. sometimes I need that, and munin is limited to cron based invocations
<sdeziel> blackflow: the way multiple sites are aggregated is pretty nice as well
<sdeziel> it's decentralized by default and your browser is the one building the aggregated view
<blackflow> I see.
<foo> " < blackflow> and custom plugins are dead easy to write," - nice, I liked this about nagios... I wrote a few back in my day (~10 years ago)
<Ussat> foo something you may look at for that situation is nmon for linux
<Ussat> http://nmon.sourceforge.net/pmwiki.php
<Ussat> full disclosure, I know the author
<foo> I had someone recently suggest librenms.org - for discovery + monitoring. *shrug* Wasn't my call, but curious to see how it performs
<foo> haha, just pulled up home pages of zabbix, munin, and grafana ... munin is the least pretty to look at. Which probably means it was built by techs who have solid tech and don't care about eye candy corporate/enterprise-y stuff... I could be mistaken, but fun thought
<Ussat> I love that program
<foo> Ussat: huh, thanks, nmon looks cool. /me saves
<Ussat> its VERY extensive
<Ussat> It was origionally written for AIX and has been continusely improved...Nigel ported it to Linux recently but its a GREAT tool
<Ussat> I install it by default on all my builds
<Ussat> NIgel is a performance specialist for IBM
<neildugan> I have a boot on a zfs system.. recently I have been having a problem with doing a "apt dist-upgrade" ... I keep getting a "grub-probe: error: failed to get canonical path of `rpool/ROOT/ubuntu'." ... does anyone know how to fix this?
<blackflow> neildugan: _boot_ or _root_ on ZFS?
<blackflow> like /boot too?
<neildugan> blackflow, both
<neildugan> "grub-probe /" is the returning the error
<blackflow> looks like an open issue   https://github.com/zfsonlinux/grub/issues/5
<blackflow> personally I'm still under impression that grub ZFS support is not yet there.
<blackflow> I run /boot separate on ext4 but that's primarily due to ZFS rootpool being LUKS'd
<neildugan> blackflow, I wonder what changed recently to make this happen, though that is secondary to getting things working again
<blackflow> neildugan: wouldn't know, really.
<neildugan> blackflow, I tried a "grub-probe -vv /" I got a new error .. '/boot/grub/device.map': No such file or directory
<neildugan> blackflow, should I generate one?
<blackflow> neildugan: did you look at that bug report? there are some suggestions with env vars
<neildugan> blackflow, yes I have, I have been reading it
<neildugan> blackflow, I have found one that mentions zpool not being in the path... but on my system it is... I am reading further
<neildugan> blackflow, thanks for the link, there are many options I should find something to that will work.
<BrianBlaze> hey sarnold I have gotten the application running! So happy thanks for the link for mysql :)
<BrianBlaze> it only took a day to make happen lol
<sarnold> BrianBlaze: thanks for reporting back, it's great to hear you're up :)
<BrianBlaze> I am so thankful to be on the latest version as it fixes a lot of issues we had
<BrianBlaze> :)
<sarnold> heh, given the fact that they wouldn't let you install on the newest mysql, somehow I'm not too surprised..
<sarnold> even when it may be way better than it used to be, it still suggests a certain programming style :)
#ubuntu-server 2019-04-13
<pkunk> How do I configure netplan to work in "server mode". i.e interfaces are expected to be Always up if they are detected
<pkunk> I would like to disable the link detection so that any configured interfaces are always assigned IP's. This is a server so I know how to handle the routing etc.
<pkunk> Right now if I pull the network cable in my ubuntu server, all the IP's for that interface get removed
<blackflow> pkunk: netplan is using the systemd-networkd backend by default and you can of course force specific interface name, match-by, and almost every other param, via netplan
<blackflow> pkunk: examples: https://netplan.io/examples
<blackflow> I wouldn't know what happens to ifaces when you unplug the cable, when networkd is in charge, but if they disappear, it's networkd doing it, not netplan. netplan is just configuration abstraction tool.
<pkunk> blackflow: Thanks, so if I change the renderer to ifupdown then I can skip the "feature" of systemd ?
<blackflow> pkunk: no. netplan only supports networkd or NetworkManager backends. if you want ifupdown, you need to install the pakcage, configure it, and remove any files under /etc/netplan/ so it doesn't mess up with your ifupdown stanzas
<blackflow> I'm curious, though, what are you trying to achieve tho? netplan (And networkd) definitely do support static network config.
<pkunk> Thanks, I'm passing the ball to #systemd now
<blackflow> I mean when the cable is unplugged, there's no network over those ifaces, so what's the matter if the ifaces disappear?
<tnewman> is there a way to install ubuntu-server without an internet connection?
<tnewman> at least without an internet connection during install
<tomreyn> tnewman: the alternative installer will do it. maybe also the 18.04.2 standard installer.
<tnewman> hmmmmm
<tnewman> could i get a link to the alternative installer?
<tomreyn> looks like the 18.04.2 installer still has some issues with it if you a NIC with no cable connected.
<tnewman> http://cdimage.ubuntu.com/releases/18.04.2/release/ubuntu-18.04.2-server-amd64.iso this one?
<tomreyn> ubuntu.com/download
<tomreyn> -> server -> see our alternative downloads
<tomreyn> -> Alternative Ubuntu Server installer
<tnewman> link me to an iso
<tnewman> i'm looking at that webpage
<tomreyn> http://cdimage.ubuntu.com/releases/18.04.2/release/ubuntu-18.04.2-server-amd64.iso
<tnewman> and it just looks like a linkn to regular 18.04 server iso
<tnewman> right
<tnewman> is that just a different wizard on the normal server install iso?
<tomreyn> yes thats the alternative installer
<tomreyn> also known as debian-installer
<tnewman> gotcha, i'll give that a whirl <3
<tnewman> thanks for the help :)
<tomreyn> you're welcome.
<tomreyn> tnewman: fwiw, i just verified that you can not yet install 18.04.2 using the standard server installer if a NIC was detected but no cable connected / no pyhsical link detected.
<tomreyn> so indeed you'd need to keep using the alternative installe rin this scenario
<tnewman> thats a little poopy tomreyn
<tomreyn> i'm sure we can all agree on this.
<tnewman> wonder when internet connectivity started being a requirement for ubuntu server like that :<
<rbasak> Soon
<rbasak> It's bug 1750819
<ubottu> bug 1750819 in subiquity "Impossible to install without network" [High,Fix released] https://launchpad.net/bugs/1750819
<rbasak> I believe (but haven't verified) that this is fixed in the upcoming 19.04 release next week.
<rbasak> The next point release for 18.04 should have it.
<tomreyn> oh right there was this workaround, i had forgotten
<tomreyn> comment #10
<tomreyn> but then the boot process is also delayed because snapd can't reach the internet
<tnewman> farts
<pkunk> Is there any way for make netplan emit "ConfigureWithoutCarrier=yes" for a particular connection even though it isn't of type ND_VIRTUAL ?
<Delerium> Good afternoon guys - hoping I have an easy one... I've just upgraded my home ubuntu server to Bionic Beaver but since the upgrade all programs will not accept incoming connections (apache, mysql.. even teamviewer). I have disabled ufw and this has no impact. I can actually ssh into the box without an issue. I've amended the application config files to have the correct ip address in as
<Delerium> the upgrade reset them but still no luck. Really pulling my hair out at this stage - anyone have any pointers?
<tomreyn> Delerium: can you locally connect to those tcp ports?
<tomreyn> does     iptables -L    show remaining rules?
<tomreyn> Delerium: and please don't cross post.
<Delerium> tomreyn: oh sorry i was just following advice from the other guy to post in here
<Delerium> tomreyn: i can locally connect to the apache and mysql server no problem at all
<tomreyn> ok, i noticed you also asked and kept discussing it there, but notice now it's also the other volunteer who didn't let you go. ;)
<Delerium> tomreyn: <tomreyn> does iptables -L show remaining rules? - Unsure what you mean here?
<tomreyn> Delerium: 'iptables -L' lists all iptables firewall rules in all chains.
<tomreyn> you said you disabled ufw. this probably means that most rules are gone, but some may still remain. either way it's best to check with iptables directly than with the ufw 'frontend'
<tomreyn> just to rule out that disabling ufw did not work, or not entirely
<Delerium> tomreyn: the iptables command comes up with a lot of entries - is it possible to reset it all?
<tomreyn> you can flush all rules using -F. this *may* impact your existing ssh session.
<tomreyn> so don't do it unless you have a way to physically access the system or have some form of out of band access
<Delerium> its a local machine in my house :)
<tomreyn> you said home server, you did not say where you are now, so i had to bring it up. ;)
<Delerium> tomreyn: as if by magic everything is working again - thank you so much buddy - i've litterally spent about 5-6 hours today trying to fix this machine
<tomreyn> interesting :-/
<Delerium> all i can think of is some sort of corruption during the upgrade process
<tomreyn> you should probably undo the fixed configuration son those daemon configuration files, though.
<tomreyn> also have a look at the output of    ubuntu-support-status --show-unsupported
<tomreyn> this can be useful especially after a release upgrade.
<Delerium> thanks :) Ill take a look
<tomreyn> ...and may hint on packages which are giving apt's package depednency resolver a difficult time.
<Delerium> tomreyn: this is interesting....and frustrating.... after a short while after i've flushed those iptables the issue comes back
<tomreyn> Delerium: a short while, in which you did nothing at all? or a short while in which you rebooted it, reconnected the ethernet wire, restarted or reconfigured networking?
<tomreyn> i recommend having a look at the release notes regarding networking if you haven't done so, yet.
<Delerium> the only thing i configured was the ufw to accept only local network connections and it was fine then.... pooof gone
<Delerium> uf
<Delerium> actually scratch that - in my latest test i did NOT even config/activate the ufw so literally did nothing
<tomreyn> have a look at the systemd journal, see if you can correlate the time
<Delerium> seems stable now
<Delerium> problem 2 - looks like the update corrupted one of my mounts - the mount it corrupted is one that has a space in one of the directory names which the previous ubuntu version allowed by putting 040 as the spaced character. Any ideas whats changed?
<Delerium> error is no such file or directory now
<tomreyn> Delerium: maybe the locale changed from non-utf-8 to utf-8? but this should actually have happened before 16.04
<tomreyn> use single quotes around the full absolute path and tab completion to have the shell help you enter the path in an acceptable way.
<Delerium> tomreyn: "use single quotes around the full absolute path and tab completion to have the shell help you enter the path in an acceptable way." <--- Can you explain what you mean here - i have the entry in the fstab
<tomreyn> type: ls /path/to/directory/i/can/still/enter/fine/
<tomreyn> the directory name you cannot enter properly is below "fine/" in this example
<tomreyn> then juyt go to the end of the line and double tap the TAB key.
<tomreyn> this should print contained / sub directories
<tomreyn> now type the first character of the otherwise unspellable subdirectory (the one with the special character in it)
<tomreyn> then double-TAB again. add more single characters until it fully completes the name
<tomreyn> this may actually be optional then:  once it fully completed the name, put a single quote to the beginning and end of the full path on this command line.
<tomreyn> and press enter, you shoould now have a way to enter the full path.
<Delerium> hmmm ok i think i tried this the first time round and fstab didnt like it
<tomreyn> there is also    ls --escape
<Delerium> ok so the method you have advised to create the path just added a \ before each space in the directory. Navigating to the directory that method works a treat but when trying to put his into the fstab for a mount command it gives a parse error and ignores the line :(
<tomreyn> you need to escape blank spaces by backslashes on fstab
<tomreyn> it may also be possible to enter those paths in quotes there, i never tried
<Delerium> so as an example entry i have //192.168.0.13/test account/status
<Delerium> ive tried //192.168.0.13/test\ account/status but its not worked - it worked prior to the upgrade with //192.168.0.13/test040account/status
<tomreyn> so that's a network mount then? cifs?
<Delerium> fstab comes back with a parse error if you try quotes
<Delerium> yes its a cifs mount
<tomreyn> 040 sounds like @
<tomreyn> that'd be hex
<tomreyn> since cifs mounts are specified as URI's, you'd probably need ot use URL escaping
<tomreyn> so %40
<Delerium> no dice
<tomreyn> \@ might also work, or just @ (but i assume not)
<Delerium> :( nada
<tomreyn> "smbclient -L ip_of_net_interface -U your_user_name" should list available services
<tomreyn> the unspellable thing seems to be a 'service' in the samba nomenclature.
<Delerium> hmmm im tempted to rename the directory and then go through all of the scripts underneath to ensure ive not broken any - seems to be the path of least resistance at this point haha
<tomreyn> oh i think you can specify a codepage as a mount option, too
<Mead> so this has been bugging me since I installed ubuntu server in my lab, my startup hangs at this https://paste.ubuntu.com/p/VgGFZHsq2r/  how can I get it to NOT hang for a few minutes?
<tomreyn> Delerium: here's the man page, in case you have some time ;-) http://manpages.ubuntu.com/manpages/bionic/en/man8/mount.cifs.8.html
<Delerium> tomreyn: ill give it a whirl - thanks for all your help tom
<cryptodan_mobile> Mead is it setup via dhcp
<tomreyn> you're welcome, good luck.
<Mead> cryptodan_mobile: you mean it is hanging to get a DHCP lease?
<cryptodan_mobile> Mead it is hanging because it cant configure networking
<Mead> strange, cause networking works and configures via netplan config
<tomreyn> Delerium: more text here, with some good hints https://www.kernel.org/doc/Documentation/filesystems/cifs/README
<Delerium> ta
<cryptodan_mobile> Mead but is there a net plan config file
<Mead> cryptodan_mobile: yes, and I and I have even added lines to it.
<Mead> err - one of those "and I"
<cryptodan_mobile> When it was created did sudo netplan apply to see if it worked
<Mead> yes, infact I just reapplied it and rebooted my server to make sure,
<cryptodan_mobile> Is it set to render via networkd
<Mead> yes
<cryptodan_mobile> Odd
<Mead> https://paste.ubuntu.com/p/W6XPTg63Qf/  this is my /etc/netplan/*.yaml config
<tomreyn> what does     systemctl status systemd-networkd-wait-online.service    say about it?
<cryptodan_mobile> Mead https://termbin.com/0vga
<Mead> https://paste.ubuntu.com/p/JwYm8QTXh5/
<Mead> cryptodan_mobile: what is up with that config?
<tomreyn> hmm so maybe enp3s6 is failing to get a dhcp lease
<tomreyn> if you look at those  "systemd-networkd-wait-online[696]: managing: enp3s6" messages on your journal, does it provide more contextual information?
<Mead> well, nothing is plugged into it yet
<cryptodan_mobile> Remove it then
<tomreyn> https://askubuntu.com/questions/1046420/why-is-netplan-networkd-not-bringing-up-a-static-ethernet-interface#answers
<tomreyn> ...may be related (i know, not static)
<Mead> nope I was wrong, it is enp3s5 with nothing plugged into it, enp3s6 is plugged into the gateway and has a DHCP lease right now
<cryptodan_mobile> Is the gateway also serving dhcp6
<Mead> yeah, so the port with the error message in that pastebin is functioning
<Mead> cryptodan_mobile: yes, I've got ipv6 service
<Mead> hurm, strange.  I know my netplan yaml doesn't have the dhcp6: true line, but the "ip a" output shows an ipv6 address and gateway
<Mead> welp adding the dhcp6: no to the interface didn't stop this.  Funny thing is that it was having this issue before I messed with the netplan yaml file and I was using whatever the default install configuration is
<Mead> now this is even more strange,  after reboot and including the dhcp6: the "ip a" output still shows ipv6 address assigned
<cryptodan_mobile> Mead might want to see if your cables are in the right ports
<Mead> they are
<cryptodan_mobile> Then I'm out of ideas
<Mead> should I go ask the fine folks in ##linux or #netplan for the best results?
<cryptodan_mobile> Netplan
<Mead> thanks
<tomreyn> i suggest you review the systemd-networkd configuration netplan wrote for you, too. just in case.
<Mead> tomreyn:  you mean the ones in /run/systemd/network?
<rockyfelle> Hey, im running a cloud service sync (megacmd) with a symlink there from www/html so apache2 can access it, ive given the megacmd folder the proper permissions so apache2 can use them, but every time a file is updated on behalf on megacmd the permissions are reset which makes apache2 unable use the files
<tomreyn> Mead: yes
<Mead> It looked fine to me, there was no differnece between enp3s5 and enp3s6 ports
<tomreyn> ok
<tomreyn> rockyfelle: either change the umask "megacmd" (i do not actually know what this is and what impact this change might have) operates with, or join www-data to megacmds' primary group (the previous note applies here, too).
#ubuntu-server 2019-04-14
<blackflow> ansible is **EXCRUCIATINGLY** slow. I should really expedite migration to Salt.
<Mead> so I think my hanging issue with networking had something to do with the cloud-init that comes installed with the "live" install.   I just installed with the alternative ubuntu server installer and I don't get the same hanging as I did with ubuntu installed (and re-installed) from the "live" image.
<BrianBlaze> Mead hanging where?
<Mead> ugh, not sure the pastebin didn't time out yet... let me look
<Mead> https://paste.ubuntu.com/p/VgGFZHsq2r/  there you go, it won't last long I only set it to last 1 day.
<Mead> where it failed it would take 2 to 3 minutes do do something.  iF you have the logs I had some other pastebins with relveant data.  I've re-installed from the althernative installer, and it no longer has this problem.  I think it was related to the cloud-init that the "live" installer installs, but the altnerative installer doesn't
<Mead> honestly I'm not sure what the cloud-init package does with the networkd/netplan service. But it did something
<BrianBlaze> I had the same issue Mead and what fixed it was putting static ip's in /etc/netplan
<BrianBlaze> for my network interfaces
<BrianBlaze> It's kind of silly but it was literally the only way to stop the 2 minute to 3 minute wait on boot
<BrianBlaze> for me
<Mead> I fixed it buy re-installing via the alternative installer
<BrianBlaze> yeah I can't tell you why I only had this problem on one of my ubuntu boxes
<BrianBlaze> but normally I never have that issue
<Mead> was the network interface(s) using older chipsets?
<BrianBlaze> I think they are all vm's so I really can't say, I am in sunday mode tho and am just waking up from a nap with my son so my memory sucks right now lol
<Mead> tis ok, go watchin some cartoons/baseball/starwars or play video games with your son
<BrianBlaze> lol yeah we will go to the park soon. thanks. glad you got it to stop hanging
<BrianBlaze> I know it bugged me when I had that issue
<xedniv> hi, im having issues with my network configuration. i have one bond interface and two NICs, all of them have tagged vlans. the problem is that the bond vlan interface cant seem to route *external* traffic at all, it can communicate just fine with its subnet
<xedniv> im not using netplan, switched to ifenslave
