#ubuntu-server 2005-11-28
<Pygi> hi hi
<fabbione> hey pi
<Pygi> o, I've got a new nick :)
<Pygi> I see you got ubuntu bot in here
<troy> good day folks
<Pygi> night' troy :)
<fabbione> no bot
<fabbione> it's just a irc log
<Pygi> ah
<fabbione> logs are on people.u.c/~fabbione/irclogs
<fabbione> the first will appear in about 20 minutes or so
<troy> fabbione: I've been meaning to mention this: I originally intended this channel to be a general discussion and support channel for server topics
<fabbione> troy: discussion ok .. support -> #ubuntu
<troy> why?
<fabbione> otherwise we can say goodbye to this channel for too much noise in a day or two
<fabbione> because the "server" software is the same that's in the archive
<fabbione> and support can be done on #ubuntu
<fabbione> there is no difference from any other package
<fabbione> they are just package
<fabbione> +s
<troy> I didn't really intend to become a devel channel - was thinking along the lines of #ubuntu is to #ubuntu-devel as #ubuntu-server is to #ubuntu-server-devel or somesuch -- it's pretty much standard in most freenode projects
<troy> #kubuntu gets it's own support channel
<fabbione> nah
<fabbione> trust me.. too many channels.. too much confusion
<fabbione> let's keep the resources to run a project to minimum
<fabbione> if we need to scale
<fabbione> we can
<fabbione> that's the important thing
<fabbione> but spreading too few people on too many channels (irc, mailing lists, etc)
<troy> I'm a big fan of dedicated channels for topics as the need arises
<fabbione> it's not productive imho
<fabbione> troy: that's why we can start we a minimum and scale if required
<fabbione> we also need to keep s/n ratio at a good rate
<troy> when #kde became too full in ... 1999 maybe, they split into #kde and #kde-devel
<troy> the same should happen here
<fabbione> exactly
<fabbione> if we will have too much traffic we will split
<troy> at the moment, we can do support in this channel without serious SNR problems
<fabbione> as it is now let's keep it mainly for devel
<fabbione> troy: we already saw 2/3 users coming here asking for general support
<fabbione> like: my nmap doesn't map
<fabbione> that's clearly not -server related
<fabbione> it will be difficult to tell people #ubuntu for this.. -server for that
<fabbione> IF there will be a need for a dedicate server support channel
<troy> fabbione: of course there will be overlap, just as there is between #ubuntu and #kubuntu
<fabbione> we will move development on -server-dev
<fabbione> and keep this one open for support
<troy> in the meantime, lets not shun people coming in here for support
<troy> because if I was looking for support for configuring apache, the SNR regarding desktop issues in #ubuntu would turn me away
<troy> and the people in here would be much more likely to pick up the question (less noise)
<fabbione> yes i agree, but here nobody has time to do support
<fabbione> at least i don't
<fabbione> and considering the amount of people in here
<fabbione> it's morelikely he can get an answer on #ubuntu than here
<troy> like 6 of which are active, yes. but this channel is all of... 3 weeks old?
<troy> fabbione: are you sponsored by anyone to do linux work?
<fabbione> troy: i work for Canonical
<fabbione> <- fabbione@ubuntu.com
<troy> fabbione: I understand your stance now - I'm not used to having paid people having to budget their time in IRC channels
<fabbione> troy: ehhe
<troy> that said, I'd like to provide community support here when it's appropriate, and when I can
<fabbione> troy: i am not against it
<fabbione> don't get me wrong
<fabbione> i don't want this chan to turn into #ubuntu2
<troy> but you are thinking about providing support in a more official capacity, which requires more people covering more time than the non-obligation varieties of community support
* troy doesn't know what #ubuntu2 is
<troy> ahhh, not a literal :)
<fabbione> #ubuntu2 -> yet another #ubuntu support channel
<troy> right right
<fabbione> troy: exactly.. that's why #ubuntu is somehow more appropriate.. because given the S/N ratio. it still has tons of more users that can actually help
<fabbione> i can't be on IRC 24/7
<fabbione> neither can you
<fabbione> or others
<troy> no, but we are not obligated to be
<fabbione> no
<fabbione> we are not
<troy> I put in the topic: for general support see #ubuntu or https://wiki.ubuntu.com/InternetRelayChat for other channels
<fabbione> but if you turn the chan in support, people will be disappointed because it's still a bit too empty ;)
<troy> that's the way I see it
<troy> meh, it'll grow
<fabbione> yeah it will
<fabbione> as soon as i can announce the overall
<fabbione> that's all stalled on the only list admin that unfortunatly is without inet connectivity atm
<troy> I posted a note about it on ubuntuforums, and two or three people showed up from there
<troy> that was maybe... a week ago or so -- also, added it to wiki list of channels
<troy> at that point I was operating on the advice of JRiddel (I wonder if I spelled his nick right)
<fabbione> riddel yeah :)
<fabbione> that's ok
<fabbione> good night guys
<fabbione> cya tomorrow
<troy> cheers fabbione
* troy wanders off for food
#ubuntu-server 2005-11-29
* troy yawns
* spike echoes the yawns
<Pygi> hi hi
<troy> morning folks
<troy> or equivalent
<Pygi> Hi
#ubuntu-server 2005-11-30
* troy yawns
<Valandil> hi all :-)
<fabbione> shawarma: ping?
<shawarma> pong
<fabbione> shawarma: i will be at e2e the 15th
<fabbione> of Dec of course
<shawarma> Yeah, at two o'clock, right?
<fabbione> yeps
<fabbione> till 4 or something
<fabbione> i have the plane back at hm...
<fabbione> 18:35
<fabbione> so i need to be at the airport ~17:30
<fabbione> remember to take your finger print and a document
<fabbione> we will do little key signing there
<shawarma> Hardly. It's a very small airport. They usually require you to be there 30 minutes before take-off.
<shawarma> And it's quite close to the city.
<fabbione> yes it's 15minutes y taxi from e2e
<shawarma> Right.
<fabbione> but i rather be there a bit early than having to rush and worry
<shawarma> Sure.
<fabbione> i hate really hard to be in a hurry
<fabbione> it stresses me a lot
<shawarma> Me too.
<shawarma> Well, I'm looking forward.
<fabbione> so ma i
<fabbione> am i
<shawarma> Is it still just an informal chat about ubuntu stuff or have you figured out more specifically what it's about?
<fabbione> it's still informal chat
<shawarma> All right.
<fabbione> i will give a 10/15 minutes introduction or something
<fabbione> but after that i want it to be informal
<fabbione> i hate slides as much as some guys there do
<shawarma> LOL
<fabbione> i might take something with me.. we will see
<shawarma> Uh.
<fabbione> i have breezy CD's and some stickers ;)
<shawarma> Uh, those stickers that I've seen on the pictures from ubz?
<fabbione> the one for laptops
<shawarma> exactly.
<shawarma> Uh... Nice!
<fabbione> yeah i have about 10 i thnk
<fabbione> i think
<fabbione> not many
<fabbione> but i have Cd's
<fabbione> plenty
<shawarma> Yeah, me too.
<spike> hi there
<Valandil> hi spike
<Pygi> Hi hi
<spike> hi Pygi
<Pygi> what's goin' on in this channel? not much discussion right now, huh? :P
<spike> Pygi: lucky man, I had to wait 30 minutes for an "hi" ;)
<spike> u've got urs in 13 sec
<spike> :P
<Pygi> ah :)
<Pygi> thanks :)
<spike> Pygi: it depends I guess, yesterday I got a few questions answered and a nice discussion about what's going on
<Pygi> Ah, I know :P
<Pygi> there was some discussion goin' on about instant-server project almost every day, but it seems that...
<Pygi> hm..
<Pygi> I won't say nothin' :)
<spike> what?
<spike> what's instant-server?
<Pygi> nothin', nothin' :)
<Pygi> wiki.ubuntu.com/UbuntuInstantServer
<spike> ah, didnt know of that
<spike> sounds like CDD
<Pygi> ah, well...
<Pygi> I don't know what will come out of that....
<spike> umh, well, I don't see how that is related to ubuntu-server, at least with my understanding of it
<spike> ubuntu-server should be ubuntu for sysadmins, instant-servers sounds like ubuntu-desktop+networ services for newbies
<Pygi> ah, I wouldn't like to talk about that project because I might say somethin' wrong, 'cause I left that project
<spike> I don't care about wizards and stuff, I care about packages, dependences like the X one removed (which is the case) and so son
<spike> selinux integration, blablbalba
<Pygi> ah, well :)
<spike> that's not little :)
<Pygi> can you gimme suggestion for multi-platform graphical toolkit? :)
<Pygi> yup, I know it's not little :)
<spike> wxPython?
<Pygi> ah, I wrote somethin' wrong :P
<Pygi> multi-platform graphical toolkit name? :P
<Pygi> ergh, I am makin' a toolkit
<Pygi> I need a name ;)
<spike> aaaaah
<spike> ahaha
<Pygi> ;)
<spike> do you want something serious or not? ie, mpGT
<spike> that would be easy to remember, expand, print,whatever
<Pygi> mp means what? :P
<Pygi> ah
<spike> multi-platform ;)
<Pygi> multi-platform :)
<Pygi> gee, cloning my words :P
<Pygi> I was thinking of CoconutToolkit :P
<Pygi> but that's no good :P
<spike> see my question above, do you want something serious or not?
<spike> CoconutToolkit says nothing about what sort of toolkit that is
<Pygi> yes, I know
<Pygi> QT doesn't say nothing either
<spike> sure
<Pygi> It can be any kind of name
<Pygi> doesn't really have to be "serious" name
<spike> guess "Medusa" is taken
<spike> the mean would been a difference face for Os
<spike> because it's multi-platform
<spike> so there's a center library, the main face, and stuff to make it works on any other OS (the other faces)
<Pygi> ah
<Pygi> thanks for suggestions :)
<neuralis> Pygi: dude, i seriously don't understand you. you go from reinventing the wheel on one project to reinventing the wheel on the next.
<neuralis> Pygi: why on _earth_ do you want to make another graphics toolkit?
<Pygi> I ain't reinventing wheel on nothin'
<Pygi> I'll just use that for my own project
<Pygi> nothin' else
<Pygi> btw. I tried suggesting using tasksel...
<Pygi> that ubuntu-instant server won't go nowhere...
<Pygi> and if you have _ so_ good ideas, tell me what to do not to reinvent the wheel :P
<neuralis> whether i have good ideas has nothing to do with whether you keep trying to reinvent the wheel :)
<neuralis> is there a particular feature that you need, and that stops you from being able to use existing toolkits?
<Pygi> I would like the app to be able to run on MacOS, which GTK+ doesn't provide, and I don't want to use QT
<Pygi> that's just one of reasons
<Pygi> but nevermind
<Pygi> you see sometimes a better wheel can be invented :)
<Pygi> more effective and things :)
<troy> Pygi: qt is really good though :/
<Pygi> yes, but I don't like there licence thingy
<troy> why not? it's GPL on all three major platforms with QT4...
<Pygi> yes, I know...
<troy> people used to complain that it wasn't GPL, and now that it is, people still complain *sigh*
<neuralis> troy: he just really wants to roll his own, so the arguments are sort of pointless ;)
<Pygi> neuralis: not true :/
<troy> plus, PyQT is really good for rapid prototyping too, since you like python
<neuralis> Pygi: actually, a nearly complete OS X port of gtk just became available a few days ago, there's always wxwidgets, and i believe mono provides transparent x-platform gui compatibility.
<Pygi> neuralis: I looked at OS X ports, but found none good :/ Url maybe?
<Pygi> and the app will be written in C++, not python this time
* troy doesn't like mono, personally, but that's do to the political situation more than anything
<troy> ah, then QT should really be an option
<neuralis> Pygi: wxwidgets?
<Pygi> neuralis: never used it
<Pygi> but, oh, well...
<Pygi> I'll have to choose something so...
* troy grins
<neuralis> Pygi: http://developer.imendio.com/wiki/Gtk_Mac_OS_X
* Pygi thinks that neuralis will shoot me if I try to reinvent (ergh, improve) the wheel :P
<troy> writing your own toolkit is a big deal, and you'd probably spend three years just getting it to a usable on a single platform
<neuralis> Pygi: i couldn't care less -- it's your free time, not mine.
<neuralis> Pygi: but graphical toolkits are a *bear* to write decently.
<Pygi> yes, yes, I know
<neuralis> Pygi: why did you stop working on instant-server?
<Pygi> because...no one else then me (troy and some others gave suggestions tho) wanted to work nothin0
<Pygi> I was mostly on my own
<neuralis> a lot of projects are exactly like that until you generate some momentum. this is not necessarily a bad thing.
<troy> we didn't have a line of code down amongst the group yet either
<troy> code is important
<neuralis> Pygi: besides, instant-server is a very simple project; i'd say it doesn't take more than one determined hacker to do it.
<Pygi> neuralis: I never said it's not a simple project...
<Pygi> I just said that none want to work on it
<Pygi> everyone would like to have everythin' on plate
* troy goes off to check the hockey scores
<troy> oh oh oh! thanksgiving in my southern neighbour means afternoon games today!
<Pygi> :)
<spike> hi
<Valandil> hi spike
<Valandil> :-)
<spike> eeeeeeh!
<spike> :)
<Valandil> ?
<Valandil> :-D
* spike wonders if wifi is gonna die
<spike> am I still here?
<Valandil> why?
<spike> ok
<spike> a girl just passed and stepped into the AP
<Valandil> wifi?
<spike> wireless
<Valandil> ah :-)
* Valandil don't like wireless
<spike> cabling isnt that good atm, it's been an on-the-fly setup :)
<spike> Valandil: get to live in a 3 floors house and u;ll like it :0
<Valandil> I see :-)
<Valandil> But we have enough electromagnetism in here ;-)
<spike> Valandil: if I had to cable cable this place I'd got crazy
<Valandil> spike: could be, but I try to keep emv low as possible in here
<Valandil> because of my little daughter
<spike> I don't mind, I'll die of cancer anyway :P
<Valandil> hmmm
<spike> Vonnegut rocks
<Valandil> Vonnegut?
<spike> Kurt Vonnegut
<Valandil> oops
<spike> gets cat's cradle
<Valandil> sorry, it's late
<spike> late?
<spike> where are u from?
<Valandil> japp, here it's late
<Valandil> germany
<Valandil> here it's quater to 12
<Valandil> and weekdays my clock rings at 6 am
<Valandil> so 12 is quite late
<spike> I c
<Valandil> and You?
<Valandil> where are You from?
<spike> just moved to uk :)
<Valandil> ah :-) from where?
<spike> .it
<Valandil> oh :)
<Valandil> I never been there
<spike> going to CCC in dec?
<Valandil> I don't think so... no money, no time, no energy anymore
<Valandil> life is a little ...
<Valandil> ... stange theese dasy
<Valandil> s/stange/strange
<Valandil> OK, going to bed... good n8
<spike> night
<spike> ops
#ubuntu-server 2005-12-01
<Pygi> Hi hi
<Pygi> hi hi
<spike> hi there
<Pygi> Hi hi
#ubuntu-server 2005-12-02
<troy> hola
<troy> offtopic: http://lfpress.ca/newsstand/News/National/2005/11/26/1324591-sun.html
<spike> nicb: wtf
<spike> eer
<spike> that's crazy
<spike> peanut butter
<spike> oh a side note, does any of you know moinmoin?
<Valandil|work> moinmoin :-)
<Valandil|work> Du bist vonner Kste? :-))
<spike> hey valandil
<Valandil|work> meinereiner bekennender Fischkopp aus HH
<Valandil|work> (HH= Hansestadt Hamburg)
<Valandil|work> spike: (in english to keep nettiquette) where You're from?
<spike> eeer, didnt we extensively talk like yesterday?
<Valandil|work> ooooops
* spike was drunk so isn't sure actually
<Valandil|work> sorry, my head is a little dumb today
<Valandil|work> cause I'm a little ill
<spike> np dude, so is mien :)
<spike> mine*
<spike> oh, sorry to hear that
<Valandil|work> :-)
<Valandil|work> no problem
<Valandil|work> just a cold
<Valandil|work> where did You read moinmoin? or why You're asking?
<spike> I wonder what they run on wiki.ubuntu.com server
<spike> Valandil|work: moinmoin the wiki
<Valandil|work> oh :-(
<spike> because my installation, from stock on breezy is put
<Valandil|work> when You live at the north-coast in germany, you say 'moinmoin' instead of hello :-)
<spike> I can't properly admin the wiki, and I'm seeing a few pros here and there, with acl and such
<Valandil|work> hmm, sorry, never heard of this Program
<troy> I see moin moin as a greeting here also, from German immigrants to Canada (like my mother's family)
<troy> her native tonque is plaat, but I don't know it
<Valandil|work> troy: here in Hamburg one speaks plaat :-))))
<Valandil|work> troy: or as we say: "Talk op platt"
<Valandil|work> troy: please tell her greetings from the "waterkant" :-)
<Valandil|work> OK, go to bed now ... good noght all :-)
<Valandil> hi all :-)
<spike> hi there
<Valandil|work> Hhi spike :-)
<Valandil|work> and bye... got to leave
<Pygi> Hi hi
<troy> stupid nick thieves
<spike> tell me about it... spike is taken tens a day... never got why lilo refuses to implement autokill
#ubuntu-server 2005-12-03
<spike> hi there
<Pygi> Hi
#ubuntu-server 2005-12-04
<troy> hola folks
#ubuntu-server 2006-11-27
* Starting logfile irclogs/ubuntu-server.log
<sebas__> Hi. Is there any firewall by default in edgy server? i can't access mysql from other machines
<sebas__> i get this error: "ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.0.12' (111)"
<thom> no, there's no firewall
<thom> is it listening on anything other than localhost (or even running)
<sebas__> yes, i can access from the server
<sebas__> i tried with telnet, from the server i got response but if try from another machine there's no answer
<sebas__> maybe it's configured to listen only at localhost?
<sebas__> is this the default behavior?
<sebas__> ok, solved.. it was the configuration in /etc/mysql/my.cnf
<sebas__> by default it's binded only to localhost
<sebas__> thanks guys
<sebas__> :)
<Euler> hi all...anyone here succesfully to a net install of ubuntu on a sun t1000?
<shwag> Anyone know the procedure for doing a OS replacement on a remote server? Usually I just rsync the whole filesystem over, with the exception of /sys /proc and /dev , then sometime have to generate a new /dev, fix grub, and configure the network interface.
<lullabud> Euler:  i have not, but i'd be very interested to listen in on that discussion since i'm going to be installing on a t2000 shortly.
<lullabud> anybody have experience with EVDO cards in dapper?
<Euler> i have a verizon evdo card in my dell laptop, and it works, put it's somewhat magical :)
<lullabud> Euler:  that's exactly what i'm trying out, but it didn't work.
<lullabud> Euler:  i got the EV620 and put it in a latitude d620, and it works fine in windows but doesn't auto-configure in linux.
<lullabud> Euler:  i saw some general evdo config pages, but was hoping there might be something specific to ubuntu that would do as you say, something somewhat magical.
<Euler> i got my d420 through emperorlinux, and they did the hard parts
<lullabud> Euler:  ubuntu?
<Euler> yeah
<lullabud> hmm....
<lullabud> does it dial-on-demand or is it always on?
<Euler> no, you have to dial with ppp
<Euler> there are a couple config files in /etc/ppp/peers
<Euler> works great tho :)
<lullabud> yeah, this thing is going to be a life saver.
<lullabud> lullabud:  ....now if i can just find a good excuse to ditch the blackberry....
<lullabud> oops.  wtf am i talking to myself for.
<Euler> heh
<Euler> anyone know if canonical really provides server install support?
<lullabud> Euler:  they do
<lullabud> Euler:  i've e-mailed several times with their tech support to troubleshoot problems on the dell 1950 and 2950.
<Euler> cool...i tried to contact them to get a support contract...just wondering when i can expect to hear back....really want to get this T1000 up
<lullabud> i'm sure they'd love to help you. :)
<lullabud> what a cool company too... i was talking to their partners guy while they were out in my area for a conference and the company sounds really really cool.
<lullabud> just a really awesome vibe about it.
<Euler> cool
<lullabud> yeah.  it's always awesome to talk to people who are progressing in the same ways you are, in this case from RPM distros to .deb distros.
#ubuntu-server 2006-11-28
* foo tips hat at lullabud 
<code|work> nictuku: ping
<shwag> how should I initialize a new /dev ?
<shwag> I booted off a cd to look at my root partition and saw that /dev has a bunch of static files in it. I am doing a remote install on another machine and need to recreate this.  MAKEDEV ?  udevstart ?
<shale> can anyone tell me the diff between the .15-27-server and .15-27.686 kernels?
<shale> i have a server with 2x xeon dual core and i'm not sure which kernel to run
<shwag> not a clue
<lullabud> shale:  i'm running the 2.6.15-27-amd64-server kernel on a dual xeon with no problems.
<lullabud> shale:  though i can't say it wouldn't be better with a different kernel since i don't really know the differences.
<shale> ah
<lullabud> interesting... `apt-cache show linux-image-2.6.15-23-amd64-xeon`
<infinity> shale: You can compare the configs, but there are a few changes.  -server has a lower clock tick, uses a different I/O scheduler, and a few other tweaks that make it less suitable for a desktop, but more generally suitable for a multiuser workload.
#ubuntu-server 2006-11-29
<code|work> nictuku: ping
<nictuku> code|work, hi
<code|work> nictuku: hi.  may i ask you some questions about NWU?
<nictuku> sure
<nictuku> I'm going to bed soon, so if needed we can continue the conversation by e-mail
<code|work> nictuku: ok.  that'd work best.
<nictuku> code|work, are you interested in using, contributing, or both?
<birdfish> How would I go about getting a personal script to run at boot time? (but only after the  network interfaces have been brought up)
<birdfish> I have an idea that i need to add the script to the default runlevel, but I can't find any manual entries regarding the correct way to rc-update under Ubuntu
<infinity> birdfish: If you want it done when the interfaces come up, you can make it an "up" action in /etc/network/interfaces (man 5 interfaces)
<infinity> birdfish: If you just want it "sometime in runlevel 2", put an init script in /etc/init.d, and use update-rc.d to add the symlinks you want for start/stop in the right runlevels.
<birdfish> infinity: ah, the up action sounds like a great alternative (since it's going to be a script to populate my firewall)  Thanks =)
<birdfish> BRB
<birdfish> Ah, worked a charm =)
* birdfish disappears to move the machines about a bit
<levander> When you are dist-upgrading, and a configuration file has changed in a package, does update-manager still let you choose whether to keep your old configuration files that you've modified or upgrade to the new configuration just like apt-get does?  Or, has update-manager "simplified" the process so much, you aren't given this option?
<infinity> levander: It has a GUi interface that does exactly the same thing (lets you see the diff, lets you pick the action to take, etc), then feeds that back to dpkg's conffile handling.
<levander> infinity: thanks man, i asked that question in 4 ubuntu channels, you were only one who knew answer for some reason
<levander> I gotta shut down IRC client to upgrade...
<foo> I need some way to set up a linux vpn server.. something nice, easy, and secure. Any recommendations? openvpn? Hm
<silya> Hi all! I have installed ubuntu-server and want to install mc, but "no package" message appears. so I need to add extra repository to apt?
<Burgwork> yes, universe
<silya> when I run command `sudo apt-get install dhcpd` message appears E: "Can't find package dhcpd"
<silya> but such pkgs as postfix installs well from cd
<Burgwork> try removing the cd from your apt sources
<silya> Burgwork, when I run dovecot installation its begin installation via internet
<silya> And I am very confused. I read and heard better things bout ubuntu server edition
<Burgwork> it is the same base as Ubuntu
<Burgwork> merely without X
<silya> what integrated tools present for fast configuration?
<silya> why there is no mc??????????????
<Burgwork> server is bare minimum to get you up
<Burgwork> and mc is there, just in universe
<silya> mc depends from X in ubuntu?
<Burgwork> no
<silya> cool
<Burgwork> https://help.ubuntu.com/community/Repositories/CommandLine
<silya> :) I love command line, but sometimes mc very useful...
<silya> thx for link
<silya> webmin works with ubuntu?
<Burgwork> yes, although it is not in the repos
<silya> so I need download it manually?
<Burgwork> yep
<silya> server manual says that all ports closed by default but... http ftp ssh opened :(
<Burgwork> if you installed those, yes
<silya> So as I understand pkgs from universe don't supports by security team?
<silya> anyone heard anything about sams (squid account management syste,)?
<FlyingSquirrel32> Where do I go to formally request a server install configuration (like the LAMP setup)
<silya> DNS and LAMP server options presents 
<Euler> hi...anyone here use ubuntu on a Sun T1000?
<silya> Ohh... DHCP server called in guide dhcpd in fact calls dhcp
#ubuntu-server 2006-11-30
<lullabud> FlyingSquirrel32:  what do you mean?  you want a cd with an option to install a certain set of packages like the lamp install option?
<silya> Can't establish connection with 3128:80 ..... - Network unreachable. apt-get shows, but! proxy set correct. what's wrong?
<lullabud> 3128:80 ?  that doesn't sound correct.
<silya> I know!
<silya> But actually this appears
<silya> proxy set to 192.168.1.2:3128
<silya> and I am confused
<silya> hour ago all works fine...
<shwag> The following packages have been kept back:  linux-image-server
<shwag> is this being held back because  apt-get upgrade  wont implicitly do kernel images?
<shwag> how do I see the changelog to see if I should go for it ?
<lullabud> shwag:  yes, you're right about why it won't do the upgrade.
<lullabud> silya:  that's really odd.  you didn't change anything?  if not, it could be a proxy server problem.
<silya> for what alsa includes in ubuntu server?
<shwag> lullabud: figured that. I just really wish I could see what has changed.
<shwag> lullabud: I remember in ubuntu I could  emerge -c  or something to see the changelog updates.
<shwag> gentoo
<lullabud> yeah, i don't think you can get a changelog... i don't know a way to do so anyways.
<lullabud> next best thing is something like apt-cache show
<shwag> lullabud: http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-27.48/changelog
<shwag> found the link at the bottom of   http://packages.ubuntu.com/dapper/base/linux-image-2.6.15-27-server
<lullabud> it'd still be rad if they'd print that in the terminal somehow.
<infinity> If you want to see changelogs for something before you agree to install it, install apt-listchanges.
<lullabud> nice, thanks infinity 
<lullabud> i pitty the foo'...
<CarlFK> server cd, netbooted (don't think it matters), rescue mode.  I can't apt-get ?
<travisb> anyone around?
<travisb> i get soft lockup detected on CPU#0
<fabbione> travisb: known bug. check launchpad
<travisb> sorry what is launchpad
<CarlFK> https://bugs.launchpad.net
<travisb> thanks
#ubuntu-server 2006-12-01
<carlfk> what would the downside of installing u-server and then apt-get install ubuntu-desktop ?
<Ries> Hey Guys... I need to create a mail system with webmail. I need to accept virtual users and some handy web interface to create and delete users from the system it would be even best if my clients can manage there own mail!
<ImInAfrica> hi there
<mindspin> anyone here with knowledge about german telecom/ dsl ?
<mindspin> or does anyone know how to set mtu to 1452 for ppp0 ?
<mindspin> I edited dsl-provider, but mtu on ppp0 is still 1492
<ImInAfrica> hello there
<shwag> i where might a find a list of packages installed on my system, sorted by date installed ?
<thom> dpkg -l will give you a list, /var/log/dpkg.log* will tell you times and dates
<shwag> I have no idea why    apache2-mpm-prefork   ended up on one of my servers, and apache2-mpm-worker  ended up on the other.
#ubuntu-server 2006-12-02
* netjoined: irc.freenode.net -> zelazny.freenode.net
<pecisk> hi there, anyone can help me with EVMS? I try to apply evms source patches from evms.sf.net to Edgy kernel, but it says that it is already aplied. It seems in Edgy EVMS patches are included in default, aren't they?
<thom> yes
<pecisk> ohhh 
<pecisk> cool
<pecisk> thanks
<pecisk> :)
<foo> http://paste.ubuntu-nl.org/35091/ - any ideas on this high load? It has to do with apache, if i kill it... the load will go down
<foo> It's not a memory issue. I'm thinking it's a disk issue
<khermans_> anyone familiar with dhcp3? -- i want all PXE booting hosts to grab the bootfile, but I don't want to specify 1000 hardware addresses manually in the conf file -- any ideas?
<lullabud> anybody have any luck connecting with Xnest from ubuntu to CDE on solaris 10?
<foo> lullabud: Nope, I haven't tried that
<foo> lullabud: What's Xnest and CDE? 
* foo chuckles
<lullabud> dork.
<lullabud> i pitty the foo'
<foo> :D
<lullabud> solaris man, SOLARIS!
<lullabud> ...drives me nuts.
<maswan> start with installing a better window manager?
<lullabud> well, if i could log in in order to get a gui terminal that let's me actually use vim without having buffer problems i could get right on that.
<lullabud> i mean, it seems to be all solaris problems.  i can't connect with Xnest from ubuntu or os x.
* lullabud loves the ubuntu and the drac.
<maswan> doesn't solaris come with a gnome session choice these days by default even?
<lullabud> hmm... good question, but the answer is no.  however, it looks like it's working with some alternate java desktop environment instead of CDE.
<lullabud> this looks like a windows/gnome frankenstien
<lullabud> but hey, it worked!  thanks maswan!
<lullabud> the solaris guys weren't even as helpful. :)
<kbrooks> hi
<jimcooncat> If I do an nfs export, would a 1GB network keep up with a hard drive?
<lullabud> jimcooncat:  depends on how much you're transferring.
<lullabud> jimcooncat:  it also depends on how much nfs cache you have on the client, and what kind of read/write you're doing.
<jimcooncat> thanks lullabud 
<jimcooncat> I was curious about performance vs. a local hard drive
<lullabud> jimcooncat:  well, it really depends on what you're doing.
<jimcooncat> I guess if a lan is faster than an ide bus
<lullabud> if you're serving up a web root that's not much size, and you have a large enough local cache for all the files, it will actually go at near local disk speed.
<jimcooncat> exporting /home in a busy office
<jimcooncat> really
<lullabud> ah, true that.  it's surely faster than a single IDE channel.
<jimcooncat> a lot of cache
<lullabud> i'm not very experienced with it, but that's my understanding of how it works.  files are read from the NFS server, cached locally on the client...
<lullabud> so long as the files don't change on the server, they are read off the local cache, if they're still there.
<jimcooncat> i wonder if I could preload it back after a reboot
<lullabud> i'm sure there are ways to do that.  even if they're hacks.
<jimcooncat> Never mind, I'd have to be saving the cache state all the time
<lullabud> the local cache is on disk anyways.
<lullabud> actually....
<lullabud> i don't know that for sure.
<jimcooncat> oh, I didn't realize you were talking a hard disk cache
<jimcooncat> I thought you meant RAM
<lullabud> honestly, i hadn't even considered the idea that it would store it merely in RAM.  i assumed it'd have a disk cache... it would make sense that it could be configured either way.
<lullabud> looks like http://nfs.sf.net has a lot of good info.
<jimcooncat> good, thanks for the link
<lullabud> y/w
#ubuntu-server 2006-12-03
<grogoreo> hi
<grogoreo> is there a way to easily have more than one domain used with Mailman using Postfix?
#ubuntu-server 2007-11-26
<Centaur5> soren: Yeah, I installed a specific smartlink file from synaptic so I guess I don't know what I'm doing.  :)
<Centaur5> soren: Would pppoe taking control of ppp0 have a conflict?
<soren> Centaur5: Depends on what you want to do with the modem. :)
<soren> Centaur5: Not all uses of modems involve ppp.
<Centaur5> soren: I want to use hylafax so any machine can send a fax.  Any better method for doing this?
<soren> Centaur5: Not sure. I've used asterisk for it a few times.
<soren> Centaur5: But that's quite different.
<Centaur5> I know this is going to be a newbie question but how to you find out if the modem is using /dev/ttyS0?
<soren> Centaur5: Just use /dev/modem
<soren> Aw, crap, I need to go to bed.
<soren> Time flies when you're having fun.
<Centaur5> soren: alright, thanks.  I'll try to figure it out.
<Centaur5> or when you're arguing?
<soren> Centaur5: Arguing is fun.
<soren> sometimes.
<soren> Centaur5: When it turns out to be not completely pointless, it's fine.
<Centaur5> haha, if you're going to argue with the wife do it naked so you can make up promptly
<soren> and this time, I managed to convince someone that I was right (or so i think), so it's all good.
<soren> Centaur5: Good advice.
<soren> :)
<Centaur5> alright, g'night soren
<hatter> yes, g'night soren
<soren> g'night, everyone.
<ajmitch> night soren
<soren> Oh, hi, ajmitch!
<soren> And good night.
<ajmitch> hi :)
<soren> :)
 * soren whisks off to bed.
<osmosis> anyone know how I can enable putting the monitor in power saving mode during inactivity, rather then just blank screen?
<lamont> nealmcb: ew.  smarthost/password... is that sasl-ish?
<lamont> nealmcb: so what I need is a howto-do-sasl config
<nealmcb> lamont: I'm haven't looked at exactly what fastmail lis looking for, and maybe this is a less common use case than I was thinking, but it seems like it would be increasingly popular.
<nealmcb> lamont: the itch that started me down this path was wanting to run caff to sign keys from the uds-boston keysigning party.  but I didn't have email configured on my laptop, and I didn't have my pgp keys configured on the server I send mail from.  I thought while I was at it, it should be a smarthost setup to fastmail (a password-protected relay)  so it would work on the road without reconfiguration.  but maybe the number of smarthost installs t
<lamont> ah.
<lamont> I just taught my postfix install that anyone with a cert signed by my CA is loved.
<nealmcb> and maybe it's silly to even be wanting to run postfix on the laptop since I usually read it over ssh via mutt to another machine.  but I'll probably be changing that.
<nealmcb> lamont: I don't run the smarthost - just the postfix on the laptop - so I don't set the policy...
<fujin_> Anyone familiar with freeradius?
<fujin_> I'm having some freaky issues trying to use 1.1.7-1 from debian unstable
<fujin_> reeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so: undefined symbol: sql_get_socket
<lamont> nealmcb: once I have a good sasl-config writeup that doesn't break the other options, I plan to include it.
<lamont> it's more a function of me not needing it :-(
<nealmcb> lamont: i.e. you want someone else to figure out how to fit that into the way ubuntu does sasl configs?  I'm certainly no expert there, but if I ever get the itch badly enough I may plunge in....
<lamont> I don't care who does it... I just know it'll go faster if someone else does it...
<nealmcb> in the meantime I'll send some patches to the doc to clarify that this is NOT what the current doc describes how to do....
<nealmcb> re: who does it - that's what I thought - makes sense
<ScottK> nealmcb: Did you get your smarthost problem solved?
<nealmcb> ScottK: nope
<ScottK> nealmcb: What do you use for SASL?
<nealmcb> nothing yet
<nealmcb> I'm just using my cable smarthost for the time being
<nealmcb> no password there
<ScottK> If you have "The Book of Postfix" it gives you a good how-to.
<lamont> ScottK: heh.  I might at that
<lamont> not sure where it's hiding though
 * lamont works on figuring out what got changed in gutsy(?) that broke pam/ldap for him
<ScottK> Using cyrus-sasl and sasl-db it wasn't that hard.
<ScottK> Assuming you've set cyrus-sasl up once already.
<nealmcb> Looking at my thunderbird config, I'm not even sure it uses sasl - it specifies "username and password" and "tls" but doesn't say sasl, though thunderbird may just be dealing with it under the covers....
<ScottK> That's SASL.
<lamont> if it wants a user/pass, it's SASL
<nealmcb> it's been too many years since I looked at that - so even plain text passwords are sasl - that makes sense....
<nealmcb> so in the real world, how common are plain-text passwords that use tls for secrecy, vs no-tls, and some other crypto for just the passwords?
<lamont> anyone here using ldap for user creds?
 * nealmcb resists the urge to !ask lamont (not)
<lamont> nealmcb: well, the follow up is "WTF am I doing wrong?"
<lamont> I had it working in feisty, and then y'all made it better in gutsy, and broke everything
<nealmcb> lamont: You'll have to be more specific :-)
<nealmcb> perhaps the question is "will the last person to touch ldap step forward" :-)
<lamont> ldapsearch -LLL -x -D cn=admin,dc=mmjgroup,dc=com -W -H ldaps://ldap.mmjgroup.com -b dc=mmjgroup,dc=com 'uid=lamont'
<lamont> that works. finger lamont doesn't hit ldap
<lamont> rather, if I use a diff user, which only exists in ldap, then 'no such user' although ldapsearch happily drops the entire entry above.
<zul> 'lo
<ScottK> nealmcb: plain methods plus TLS are the most common I believe.  I suspect plain with no TLS is nearly if not more common.
 * lamont is reminded that he hates perl
<lamont> fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
<lamont> connect(3, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("192.168.35.41")}, 16) = -1 EINPROGRESS (Operation now in progress)
<lamont> select(1024, NULL, [3], NULL, {30, 0})  = 1 (out [3], left {30, 0})
<lamont> getpeername(3, 0xbfe35138, [128])       = -1 ENOTCONN (Transport endpoint is not connected)
<lamont> maybe it's not me...
<lamont> I think there should be a "connect" call after the select, no?
<fujin_> ITS YOUUUU
<fujin_> no
<lamont> heh.
<lamont> so... why did getent use ldap, instead of ldaps.
<lamont> for the love of pete
<lamont> diff ldap.conf{.bad,}
<lamont> 2c2
<lamont> < uri ldaps://ldap.mmjgroup.com
<lamont> ---
<lamont> > uri ldaps://ldap.mmjgroup.com/
<lamont> it would really be nice if the docs actually said that a trailing slash is required.  Or, for the &*)(*^)( win, append a / when there isn't one.
<fujin_> heh.
<fujin_> have you got start_tls or whatever it is?
<fujin_> tls start_tls
<fujin_> ssl start_tls
<fujin_> that's it
<fujin_> ssl on/off/start_tls
<fujin_> I gave up on tls/ssl
 * lamont floods a little.
<fujin_> and just put all of my ldap authentication into a secure airgap network and put it plaintext
<lamont> base dc=mmjgroup,dc=com
<lamont> uri ldaps://ldap.mmjgroup.com/
<lamont> ldap_version 3
<lamont> rootbinddn cn=admin,dc=mmjgroup,dc=com
<lamont> nss_base_passwd ou=People,dc=mmjgroup,dc=com?one
<lamont> nss_base_shadow ou=People,dc=mmjgroup,dc=com?one
<lamont> nss_base_group  ou=Group,dc=mmjgroup,dc=com?one
<lamont> TLS_CACERT /etc/ssl/certs/MMJ-2005-cacert.pem
<lamont> TLS_REQCERT demand
<lamont> use_sasl no
<lamont> rootuse_sasl no
<fujin_> mm, looks fine
<lamont> works fine, except for gutsy (1) renaming all the files, and (2) changing to require that trailing slash
<fujin_> awesome gutsyness
<fujin_> I haven't even started testing it yet :\
<lamont> oh, I expect that it's true in debian too
<wasabi> Oh geeze.
<wasabi> nss-ldapisms
<wasabi> shield my eyes!
<fujin_> wasabi: nothing else can do what it does!
<lamont> nss is love
<wasabi> Winbind and Samba can
<wasabi> Better
<fujin_> oh pfft
<lamont> except for the sodomotron parts.
<wasabi> I would not mind LDAP on Linux if nss-ldap and pam-ldap didn't suck so blatantly compared to alternatives.
<fujin_> yeah, that's true
<fujin_> they are pretty shit
<fujin_> I wish my senior hadn't told me we had to use it
<fujin_> so that I could use like, nss-mysql and pam-mysql
<fujin_> or something, else.
 * lamont looks around for a pam.conf knowledgeable person to confirm that '... required pam_permit.so' is basically a no-op
<lamont> whereas '... sufficient pam_permit.so' is a "no more checking, just let'em in" directive
<fujin_> should be sufficient pam_ldap.so
<fujin_> required pam_permit.so
<lamont> right
<lamont> my "sufficient" example above being totally wrong other than for explaining how stupid it is...
 * lamont calls the new home-config package sufficient.
<Centaur5> is there a way to see a dhcp table of what addresses have been given out on Gutsy?
<hatter> Centaur5, do you mean /var/lib/dhcpd.leases
<lamont> hatter: /var/lib/dhcp3/dhcpd.leases
<lamont> er, Centaur5
<hatter> ya thats it
<Centaur5> perfect, thanks
<_ruben> bah .. i suffered from Bug #141601 last night .. not sure if i should be happy with the fact that it's a "known" issue :p
<ubotu> Launchpad bug 141601 in tasksel "tasksel packages stays at 100%" [Undecided,New] https://launchpad.net/bugs/141601
<soren> _ruben: What does it mean that a package is at 100%?
<svschwartz> hi all
<svschwartz> got question
<svschwartz> does ubuntu-server use upstart or sysv ?
<svschwartz> Gutsy
<svschwartz> how can I figure this out?
<avatar_> you've installed gutsy?
<avatar_> dpkg -l |grep upstart
<svschwartz> yes
<avatar_> gutsy uses upstart
<svschwartz> Is there any tool like sysv-rc-conf to manage startup sctipts ?
<svschwartz> there is upstart-compat-sysv package that says "compatibility for System-V-like init" so I gues sysv-rc-conf is ok
<svschwartz> anybody here interested in creating drive images ? I've found good project - fork of partimage, it needs our help https://launchpad.net/partimage-ng
<_ruben> soren: its indeed described a bit vague, but it means that the progress bar gets stuck at 100%
<soren> _ruben: Aha.. Anything interesting in the process table?
<_ruben> zombie process
<_ruben> cant reproduce atm since im at work and the issue was at home and wol aint working on that box :/
<_ruben> i think it was some apt-* process that was in zombie state
<_ruben> it was 1 or 2 lines below the whiptail process
<soren> _ruben: The proces that is a zombie is not the problem.
<_ruben> (never really understood the real concept of zombie procs)
<_ruben> apart from getting rid of them can be quite tedious, except for this case, killing the tasksel proc kills all
<soren> It's hardly ever tedious.
<soren> When a process terminates, it has an exit code.
<soren> Until another proces has read this exit code (by issuing the wait() system call), the process can't be removed from the process table.
<soren> A process that has terminated, but has not been "reaped" (had its exit code read), is a zombie process.
<_ruben> ah, didnt know that
<soren> If a process' parent process dies, the process is orphaned and adopted by init (pid 1).
<soren> init will always take care of calling wait() on terminated processes.
<soren> So... Putting these two facts together, we get:
<soren> To get rid of zombie processes, you need to focus on the parent.
<soren> Get the parent to bury its dying child process, or kill the parent so that init can take care of it for them.
<soren> A zombie process is harmless.
<soren> It takes a spot in the process table, but all its memory and such has already been freed.
<soren> It's cosmetic, really.
<_ruben> true .. tho the fact that tasksel is hanging (be it cause or result), is a bit of an issue ;)
<soren> _ruben: Possibly. I'd need to see the process table when this happens.
<_ruben> figured as much
<_ruben> trying to reproduce it on a vm here probably aint gonna work, since if it'd be 100% reproducable, there would probably be more comments, etc
<soren> yeah
<_ruben> on the system i played with last night (dell c521) it was 100% reproducable (tried few times)
<_ruben> tho i cant think of anything fancy that could be causing this
<soren> Dunno.
<AnRkey> how can i get nmap to use a broadcast ip?
<AnRkey> it's driving me nuts cause google is not turning up much
<ivoks> why would you do that?
<sommer> AnRkey: do you want to scan an entire subnet?
<sommer> AnRkey: sudo nmap -sS 10.0.0.0/8
<sommer> for example... if you are trying to scan a subnet anyway
<AnRkey> yeah but our cisco vlans are confed to block broadcasts
<AnRkey> so i need to spec a broadcast ip in the nmap command
<AnRkey> for example when we use wakeonlan we do ... wakeonlap -i 172.16.10.255 -p 9 172.16.12.0/24
<AnRkey> so the wakeonlan broadcast for 12.0/24 goes through 10.255
<AnRkey> i can't see any option for broadcast ip's in nmap though...
<sommer> AnRkey: mmmm... not sure, you might double check the man page if you haven't
<AnRkey> i have almost memorized the man page :D
<AnRkey> thanks anyhow
<AnRkey> i will not let it win!!!
<ivoks> people do strange things with their networks :)
<soren> AnRkey: It wont' work anyway.
<soren> AnRkey: I can't imagine any system in its right mind will respond to requests sent to the broadcast address.
<ScottK> lamont: Got a minute for an HPPA question?
<AnRkey> good point soren
 * AnRkey ponders his predicament...
<ScottK> lamont: Nevermind.  Figured it out.  Sendmail isn't built yet.  Urgh.
<ScottK> lamont: Are you planning on asking for give backs on Universe stuff that doesn't build for HPPA in Hardy because builds are out of sequence?
<lamont> ScottK: yeah.  at some point.
<lamont> I figured I'd let it catch up, and then have someone do a mass give-back
<lamont> sendmail should bump up?
<ScottK> OK.  I won't worry about it then.
<lamont> and what needs to be retried because of it?
<ScottK> lamont: dkim-milter
<ScottK> It was looking for libmilter1, but HPPA doesn't have it yet because Sendmail 8.14 isn't built yet on HPPA.
<lamont> sendmail at 900, dkim-milter at 350
<ScottK> Which means?
<lamont> so it's _way_ down the pipe after sendnail
<lamont> sendmail will build before anything else in universe, after all of main
<ScottK> Well it already FTBFS once.
<lamont> universe largely defaults to 355, so it'll come after a large chunk of universe
<lamont> dkim-milter, taht is
<lamont> sendmail ftbfs?
<ScottK> No, dkim-milter
<ScottK> Sendmail is not yet built.
<ScottK> The new one
<ScottK> 8.13 built, but not 8.14.
<lamont> sendmail is next up, unless something from main hops in ahead of it.
 * lamont needs to go heads-down on a work thang today
<kraut> moin
<Runithad> hello, this is my first visit, I have 2 ubuntu servers hosting 10 domains :-)
<nealmcb> Runithad: welcome!
<Runithad> thx
<jaredthane> I need to build php5 with a certain configure options. How can I figure out which configure options the ubuntu php5 package has?
<sommer> jaredthane: php --info from a terminal will tell you.
<sommer> you could also create an info.php file calling the phpinfo() function.
<Gargoyle> if I am using DRBD with heatbeat 2, do I still need outdate-peer in drbd.conf?
<kshah> What is the preferred way for granting ftp access to a non home directory, for instance the apache web directory /var/www -R , using vsftpd
<somerville32> Just give the account access to that directory
<somerville32> Or even set it's home directory to /var/www if you want it to start there on login
<kshah> set the users home directory
<kshah> ?
<kshah> or chmod the user
<somerville32> If you want them to start in /var/www when they login, set their home directory to that
<somerville32> However, that doesn't give them permissions
<somerville32> You need to change the permissions to do that
<kshah> thx
<somerville32> No problem.
<kshah> i want to fully understand file permissions, so if /var/www is owned by user root and group root, to give my local user write permission there, i have to execute chmod with the +o option?
<somerville32> kshah, no
<kshah> oh no
<kshah> how does my local user relate to the groups?
<somerville32> You would have to set the group for /var/www to something different
<somerville32> And than add that user to that group
<somerville32> and set the permissions for the group for that directory to what you want
<kshah> okay that makes sense, but does that effect, say the daemons who need to read there, apache, or rails?
<somerville32> It might if you don't do it correctly
<kshah> I'm not following, as I understand the apache user is www-data, right?
<kshah> but unless they are in the 'root' group, how does their access work?
<somerville32> What is the output of ls -l | grep www ?
<kshah> 755
<kshah> for /var/www and subs
<somerville32> Who is the owner and group of /var/www
<kshah> root / root
<kshah> i just don't get what is the proper way to give my user permissions to the /var/www directory
<dantalizing> kshah "sudo chown -R <username> /var/www" then "sudo chgrp -R www-data /var/www" will allow your user to "own" the files, and the web server to read them
<kshah> dantalizing: and that won't interfere with rails or anything like that because Apache hands off the files to rails and then rails back to Apache?
<kshah> okay, so now I 'own' the files, and I put myself in the group that apache creates when it installs www-data? is that right
<dantalizing> shouldnt interfere with your rails
<dantalizing> regarding your perm setup, really depends on what else you need to do
<dantalizing> does the web server process need to modify files?
<dantalizing> do you have other users who will be modifying files?
<kshah> users: probably not
<dantalizing> if you own the files, no need to add yourself to www-data
<kshah> web server process: i don't know, this is just a rails app
<kshah> are you saying that if rails needs to create a file, it may have a problem since it'll be apache handling it and it doesn't have write permissions?
<dantalizing> for instance, a typical php blog app will write to a config.php during a web based configuration, and therefore www-data would need write access to that file
<kshah> okay i see, yeah
<dantalizing> but if you're just reading files, www-data only needs read
<kshah> so then what do people typically do to accomodate for all situations?
<kshah> do they just do it case by case?
<kshah> and grant permissions for specific files?
<kshah> best practice
<dantalizing> imho, "all" is too general
<kshah> ok
<dantalizing> i dont know "best" practice, but for my wifes static website (no rails, no php), i made the files owned by her, read by www-data
<dantalizing> all html is 640
<dantalizing> and dirs are 750
<dantalizing> that wouldnt work if you have a web based template modify page, for instance
<dantalizing> I never leave the files with root owner/group
<kshah> okay, and so if my rails app needs to write uploaded files, I can do it in a folder that i specifically grant permissions to that is below the web root
<dantalizing> or preferably outside the webroot, but yes
<dantalizing> so assuming you own the dir, and www-data is the group, that dirs permissions would be 770
<kshah> cool, I think I got it, make exceptions to the security, not security to the exceptions
<dantalizing> well put..
<kshah> exceptions might not be the best word, but I get it :) thank you dantalizing
<dantalizing> advice worth every penny you paid!
<dantalizing> :)
<kshah> lol
<dendrobates> bug 155947
<ubotu> Launchpad bug 155947 in libnss-ldap "ldap config  causes Ubuntu to hang at a reboot" [Undecided,Incomplete] https://launchpad.net/bugs/155947
<zul> i think we got bitten by that today
<zul> at work
<alephant> Hey all...
<alephant> I have a Dell PERC 5i controller that works beautifully with the megaraid_sas driver
<alephant> but now I'd like to get notified when the array is degraded
<alephant> I yanked out a drive, and the LEDs indicated that the array was being rebuilt, but there's nothing in syslog
<alephant> Will the module do any status reporting, or do I need Dell's OpenManage cra^H^H^H stuff to talk to the controller?
<alephant> ...so apparently the megaraid_sas has no hooks into /proc >:-|
<alephant> Anybody had any luck with the Dell OMSA stuff in Ubuntu?
<kshah> can anyone possibly tell me a reason why every time my friend visits my website (any file, ubuntu 7, apache 2.2) he has to refresh the page before it shows, the first time he visits it is a blank page?
<mralphabet> kshah: his cache
<kshah> mralphabet: but it is the first time he's visited the page, he clear his cache and it still requires him to refresh, or am I misunderstanding you?
<mralphabet> so you make a page, blah.html with stuff in it and it shows blank the first time he visits it?
<kshah> yes
<mralphabet> sorry, I misunderstood then, that is odd
<mralphabet> does your error log say anything?
<mralphabet> does this happen for any other visitors?
<kshah> it doesn't happen for me
<kshah> checking the log
<mralphabet> if it works for you and doesn't for him, I have to say it is something on his side of things
<mralphabet> what client browser?
<kshah> FF
<kshah> its so odd
<mralphabet> and has he tried IE?
<mralphabet> or safari or any of the others?
<mralphabet> or lynx if he's on a linux box?
<kshah> asking him to use IE
<kshah> I wonder if it is because there is a conflicting DNS entry
<kshah> two servers both claiming to be something.com
<kshah> doesn't seem to make sense though
<mralphabet> that could be a roundrobin answer
<mralphabet> attempt 1 goes to ip 1, attempt 2 goes to ip 2
<h4x0r7h1s> damnit
<h4x0r7h1s> I am using mod_jk to connect to an ajp13 worker, and it totally ignores my JkWorkersFile setting and just initializes a worker called ajp13 trying to connect to localhost:8009
<h4x0r7h1s> it'll bitch if the file isn't there of course, but it doesn't load workers from it
<kshah> not sure if I should ask this here or in #apache, but I've successfully followed the ubuntu-server guide in the past to enable SSL, self signed, but I want to it to work like a real website, only for pages that I designate as needing to be secure, login/logout, accounts, etc
<kshah> can someone help me with that?
<sommer> kshah: you can place the security settings in a .htaccess file
<sommer> I'm not 100% sure if that's what you're looking for though.
<kshah> well, like when someone clicks on 'login', that should be in https://
<kshah> 'should be in' didn't make sense, but you know what i mean
<sommer> kshah: for a situation like that what I usually do is a rewrite rule.
<mralphabet> the link that you make points to https://somesite.com/somedir/somesslfile.html
<kshah> okay, i know what you mean, i think i saw an example of that
<kshah> sommer: in the conf file
<mralphabet> kshah: did your friend fix his browsing problem?
<sommer> kshah: should be there's also some great examples in the docs on the apache site.
<kshah> mralphabet: I don't think so, I don't think its happening to him in IE, he doesn't know whats up
<kshah> sommer: thanks, I think I read over an example there, I just wanted to confirm here in case I misunderstood
<sommer> np
<jtole> hey guys, I am looking to do load balancing with failover for a web site, the two locations for the site are located states away from each other and we were originally going to do DNS with two A records and low cache so we can manually remove one if a site goes down
<jtole> but I thought you guys might know of a better solution
<ivoks> redhat-cluster-suite + ldirectord
<ivoks> oh... sorry
<ivoks> states away
<ivoks> didn't notice that part :)
<jtole> especially if it can be automated so if one site fails, traffic is automatically diverted to site B
<jtole> yeah, it's ok
<jtole> plus it has to be OS independent since the sites are on windows IIS/SQL however some of them are on xen on ubuntu with a debian IDS at one site
<jtole> SQL is fine actually, the web servers always connect to the SQL at the same site
<jtole> so basically it would be end user @ anywhere connecting to 80/443
<ivoks> well... you can't do much on those systems
<ivoks> both have public IP address, right?
<fujin> jtole: use the linux HA packages
<fujin> can do easy failover between n+1+x systems
<fujin> I use it here locally on a private LAN for a callcentre Asterisk setup
<fujin> across the intertrons it should work fine
<fujin> oh what
<fujin> one server is windows? nevermind
<ScottK> ivoks: Saw your reply on the server list.  Sounds very good.  I think this will be a big step forward for Ubuntu mail server easy of setup.
<ScottK> easy/ease
<ivoks> i hope so
<ivoks> fujin: HA or redhat-cluster-suite is not good options for this situations
<jtole> ivoks: yes, they are all on public IP, like I said, right now our main coarse of action is DNS with two A records and a 5 minute cache time but if one server goes down it requires manual intervention to initiate the failover
<jtole> fujin: so for linux HA I am fscked?
<ivoks> jtole: do you really have a fail over?
<ScottK> jtole: You could write a script to check and modify the DNS if it gets no response.
<ivoks> i mean... i guess each server has it's own sql database, right?
<ivoks> so... services don't fail over
<ivoks> they just die, right?
<ScottK> Personally, I think it's more trouble than it's worth.  Just make the primary as reliable as you can and suck up what little outages you get unless it's so critical you can afford to do it right.
<jtole> ivoks: no, not yet, the second co-location will be implemented in about two weeks
<jtole> right now we just simply have a primary site
<ivoks> will they have same SQL data?
<jtole> ivoks, there will be SQL servers at each site, currently there are two at our main site but no fail over and it is managed hosting solution (which I don't like) and they will not provide us one
<jtole> however both sites will be getting transaction (up to the minute) updates of remote sites
<jtole> MS SQL transactional replication
<ivoks> and one machine is windows, and the other is linux?
<sommer> ScottK: hey, just wondering if you'd had a chance to review the Mail Filtering section of the Postfix docs?
<ScottK> No.  Sorry.  Still on my list.
<sommer> ScottK: cool, no rush
<jtole> ScottK: it is not only crucial but was more then a recommendation of upper management, so far I have allocated 24k in new hw expenses as well as 1400 a month on co-location costs and it was all approved in record time
<jtole> I don't imagine any big web site has only one location and I have seen many mid sized companies in previous employment that do not
<ScottK> jtole: In that case, I'd suggest doing a proper failover or HA solution like ivoks was suggesting.  Don't mess with the Windows/Linux mix
<jtole> well right now windows is a requirement
<fujin> yuck@windows/linux mix
<fujin> then do windows/windows
<ScottK> jtole: True, but I think it's more important for scalability than reliability.
<fujin> and use the windows cluster tools
<jtole> fujin: windows VM is a pain in the ass and we want quick restoration in the event of a problem
<ScottK> My web host, on a shared server has ~5 minutes of down time a year.
<mralphabet> all that you have right now is round robin dns answers and a low TTL, that is not failover ;(
<jtole> i.e. in xen copying c:\ from 5 days ago back over corrupt c:\ etc
<jtole> ScottK: well our managed hosting provider has had 3 of our servers go down in the last few months
<ivoks> so those are windows on top of linux
<mralphabet> jtole: if you want quick recovery from a meltdown on the windows side, there is a symantec product that can restore to bare metal in ~ 1 hour
<ivoks> ayayay
<jtole> that is why co-location is now a priority
<fujin> jtole: then use linux/linux
<ScottK> jtole: Then get a better provider.
<jtole> ivoks: yes A windows on top of linux
<jtole> xen
 * mralphabet sighs
<ivoks> drop linux and go with windows only
<ivoks> nothing else works
<jtole> fujin: windows is a requirement, this site has been long established for years and is all ASP / SQL 2000
<jtole> ScottK: co-location will be a better provider
<mralphabet> then take linux out of the equation and use the windows HA tools
<mralphabet> does the linux OS actually do anything other then serve xen?
<jtole> mralphabet: no but it will be serving multiple machines on xen
<mralphabet> and what do these multiple vm's do? one for asp and one for sql?
<jtole> two for IIS, one SQL, one mail, another one running linux nagios on one of the machines
<ivoks> so many xen machines...
<ivoks> i hope you have two quad core processors :)
<jtole> that is what xen was built for
<fujin> you're doing it wrong
<ivoks> and 16GB of ram :)
<fujin> as I said earlier
<mralphabet> aye, you are doing it wrong
<jtole> yes, AMD 2.4 Ghz w/ 8GB RAM and RAID 5 with 5 250GB sata 2
<fujin> take Linux out of the equation and use the windows clustering/HA tools
<mralphabet> your stated goals do not match up with the hardware / software mix you have
<jtole> on two machines + IDS and bypass switch + switch w/ monitor port
<jtole> so you guys are saying to lose windows all together on this one?
<akincer> !pastbin
<ubotu> Sorry, I don't know anything about pastbin - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<jtole> er, lose linux I mean
<akincer> !pastebin
<ubotu> pastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)
<fujin> jtole: either lose linux, or lose windows
<mralphabet> or go to vmware esx
<fujin> a 100% linux environment will enable you to use the heartbeat / linux-ha clustering packages for failover
<mralphabet> esx has failover packages for vm's
<fujin> and a 100% windows environment will let you do a similar thing with clustering
<fujin> mralphabet: esx wont' work, as, his two servers are 'states' away afaik
<ivoks> khm... redhat-cluster-suite instead of ha :)
<jtole> like I said, I can't lose windows, I would like to but I cannot
<fujin> wth@ redhat-cluster-suite
<fujin> I don't even know what that is, it's so wrong
<fujin> s/redhat.*//
<mralphabet> fujin: I thought esx could do remote failover in case a building disappears
<jtole> lol
<ivoks> fujin: ?
<fujin> mralphabet: not sure about that
<fujin> but ESX at both locations would be expensive
<ivoks> fujin: it's a tool, fully suported in ubuntu
<fujin> (san, n+1 esx hosts)
<ivoks> wich isn't something you can say for ha
<jtole> well, unfortunatly, we won't have linux at all at one site
<fujin> ivoks: apt-get install heartbeat?
<fujin> apt-get install heartbeat2
<ivoks> fujin: in universe
<mralphabet> fujin: he's already 24k deep /shrug
<jtole> although this may become two co-locations once the first one is up and proves useful
<ivoks> fujin: r-c-s is in main
<ivoks> fujin: and much much better than ha
<fujin> mralphabet: san+esx host(s) > 100k
<mralphabet> fujin: what's another 75?! ;)
<fujin> I guess.
<akincer> I posted here a week or so ago about a Tripp Lite KVM keyboard and touchpad that didn't work in the server install. I got it working only by unplugging and plugging it back in. I included output of dmesg in this process here http://paste.ubuntu-nl.org/45942/
<fujin> akincer: log a bug
<akincer> Was just thinking that
<mralphabet> fujin: i'm just being sarcastic
<fujin> Generally the engineer shouldn't have to worry about pricing.
<mralphabet> true, to a point
<mralphabet> anyway, jtole, as I said before, your stated goals and what have already don't really mix
<jtole> I gotta run, cheers
<mralphabet> I feel kinda bad for him
<fujin> heh, yeah.
<fujin> I wouldn't want to inherit that shitbag of a system.
<fujin> he *is* doing it wrong, though.
<mralphabet> yes
<mralphabet> he's asking for help AFTER he already bought the system
<fujin> "I did it wrong! help!"
<fujin> ;|
<fujin> epic fail
<mralphabet> how about the novel approach of doing a little research first ;(
<fujin> That's always good.
<ivoks> fujin: if you use HA, really check out cluster-suite
<akincer> Got a bug report of my very own. How nice
<fujin> It'd be a pain to change it.
<ivoks> fujin: it provides some features HA doesn't and provides support for shared (file) systems like drbd and gfs
<ivoks> fujin: that's what i tought so
<fujin> ivoks: I rolled heartbeat v1 (linux-ha) for my systems, for basic ping-node failover.
<ivoks> fujin: now i just wish i did't it sooner :)
<fujin> and have no use for drbd/gfs
<fujin> I just check if asterisk is running, check conectivity etc
<fujin> it's only very basic.
<ivoks> ok
<ivoks> s/drbd/gnbd/
<fujin> is gnbd functionally identical to drbd?
<ivoks> no
<fujin> I had thought of using drbd for voicemail replication etc
<ivoks> drbd provides shared disk
<fujin> but gave up and went with one-way rsync from the secondary from the primary
<ivoks> gnbd provides access to physical disk
<fujin> oh, cool
<fujin> ivoks: without copying the data?
<ivoks> with drbd you can set up network mirror
<ivoks> with drbd?
<ivoks> i'm using drbd for web servers
<fujin> what does GNDB do?
<ivoks> imagine you have NAS
<fujin> provide access to data over the network (like NFS)?
<fujin> I've been looking for a way to share mailstores between my 3 mailhosts
<ivoks> well, yes and no... :)
<fujin> all the data is on a SAN, but implementing file locking between them has been a pain
<ivoks> filesystem does that
<ivoks> with gnbd you export device
<ivoks> and then create GFS on it
<fujin> I see.
<ivoks> so all systems can access that device at the same time
<ivoks> you just need to make sure that gnbd server doesn't fail
<ivoks> this is why i use drbd
<ivoks> drbd keeps data in sync on two machines
<ivoks> and allows both machines to rw at the same time
<ivoks> with GFS on top of it, problems with locking are solved
<fujin> but theoretically
<fujin> I'm reading the usage stuff now
<fujin> it looks like it'll do what I want
<ivoks> i took me one week to figure it out what is what exactly :)
<fujin> drbd would work, but replicating 300gb of mail is silly
<fujin> between all 3
<ivoks> you can't do that
<fujin> oh?
<ivoks> you can have only two primaries at the same time
<ivoks> it's doesn't replicate all 300GB, only changes
<ivoks> so, on reboot, only changes are replicated
<fujin> I see
<fujin> but it'll still mean having 300gb x X
<fujin> just to redundantly have 300gb
<ivoks> yes
<fujin> while space isnt' really an issue (we've a 5tb~ SAN)
<fujin> I'd prefer something that just shared the exact data, with happy file locking
<fujin> (and wasn't NFS!)
 * fujin cringes @ NFS
<ivoks> gnbd+gfs
<fujin> Yes, it seems like it'll do what I want.
<ivoks> just don't use OCFS
<ivoks> ocfs died on me couple of times during testing
<ivoks> gfs works great
<fujin> Thanks for the suggestion
<fujin> I've made note of it and will investigate further when my current projects are completed
<ivoks> source: http://sources.redhat.com/cluster/
<ivoks> :)
<fujin> And you said it's apt-gettable?
<ivoks> it's in main
<fujin> That's handy.
<ivoks> it's only clustering system supported in ubuntu
<ivoks> everything else is in universe
<ivoks> community supported
<fujin> I see.
 * Nafallo hates servers
<fujin> I hadn't had any issue with linux-ha, and that was the first tutorial I found
<ivoks> me too
<fujin> generally don't do application-level failover.
<fujin> or, hadn't done it before
<ivoks> i had one problem with linux-ha
<ivoks> two machines, both runing mysql in master-master replication
<ivoks> each machine has it's own IP
<ivoks> and mysql binds to that IP
<ivoks> one has VIP, so mysql binds to VIP also
<ivoks> but when that machine fails, VIP goes to other machine
<fujin> nasty
<ivoks> and then you have a problem
<fujin> I hate two-way MySQL replication.
<fujin> we do master-slave here, with manual failover
<ivoks> mysql needs restart, cause it isn't binded to VIP
<ivoks> with r-c-s, you don't have to do that :)
<fujin> ivoks: any resources/tutorials on r-c-s configuration?
<ivoks> fujin: there's a GUI tool for setting up :D
<fujin> My servers don't run GUI's!
<ivoks> it creates cluster.conf
<ivoks> no... it's a tool; you can run it on your laptop
<ivoks> it creates cluster.conf, which you then transfer to servers
<fujin> I wouldn't run Ubuntu on a desktop, either.
<fujin> does apt-getting redhat-cluster-suite install all of the magic stuff? like gfs-tools etc?
<ivoks> yes
<fujin> ah, it's a metapackage I see.
<fujin> so, basically
<fujin> the clients (my mailhosts, in this example) will have gfs and gndb client configured
<fujin> and then theoretically behind that I'd have say, mailstores
<fujin> with gndb-server and gfs installed on it
<fujin> s/it/them/
<ivoks> right
<fujin> cool
<fujin> sounds great
<fujin> now if only I could find some documentation or a tutorial on rcs
<ivoks> there are PDFs
<ivoks> search for Global_Network_Block_Device.pdf
<ivoks> and
<ivoks> Cluster_Administration.pdf
<ivoks> and Global_File_Syste.pdf too
<fujin> cool, found it
<fujin> will pass them onto my senior and have him browse through
<fujin> may roll it on my phone system too, for the fun of it :)
<ivoks> if you have only two servers
<ivoks> it would, maybe, be better to stay with HA
<ivoks> anyway... good night to you all
#ubuntu-server 2007-11-27
<kgoetz> if i blow away 70-persistent-net.rules will it be recreatd next boot?
<pteague> anybody have any hardware suggestions for an ubuntu desktop?
<kgoetz> what sort of suggestions
<ScottK> pteague: Intel video for FOSS video support unless you're a gamer.
<kgoetz> ScottK: if your after *F*oss you'll need intel anyway :)
<pteague> intel video?  i was thinking nvidia for xvmc
<pteague> i'm starting a new job on monday & they're wondering what i want as a workstation... i'm pretty much handling all their web stuff - db, webserver, site, etc
<kgoetz> so you *dont* want broadcom network devices :)
<kgoetz> you can either go with nvidia and known support, or gamble on AMD getting ATI open sooner rather then later for video
<pteague> was thinking amd cpu & nvidia video
<kgoetz> amd is ok. not been exactly cutting edge recently (on desktops), but solid  still
<kgoetz> and less buggy then intels *grin*
<pteague> libc6 works on amd... certain features are borken on intel
<kgoetz> thats something worth remember for me i think
<pteague> i use chbg on occasion & discovered it wouldn't work on my laptop (intel)...  went back & reinstalled the first 6 disc i had & it worked so i locked the libc6 library... i updated my desktop (amd) & chbg worked... so i thought great! it's fixed.. unlocked on laptop, downloaded updates, & it's broken! hehe
<kgoetz> i dont have tha ttool, what is it?
<pteague> screensaver, desktop changer...  can use it as a slideshow as well
<kgoetz> aaah.
<pteague> i realize there's a couple different xscreensaver things that do something similar, but it has a lot of options & the really nice thing about it is i can get it to just display all the images dead center
<orochi2> i had a question about apache now that i have my ubuntu server setup (i didnt use the livecd, but the server cd) i was wondering if someone was available for a few questions
<kgoetz> !tell orochi2 about ask
<orochi2> lol ok good, someone's alive out there. I used to run a gentoo box as a LAMP, I like Ubuntu so far, but i want to do it right. What would be the best way of setting up my website. I find it a pain to deal with the files in /var/www as they are all root:root, what would be the best way to manage those files? Create a virtual host for my .com for the user i use, leave it as root and live with it what would be the best way to go abou
<kgoetz> depends. for personal space simply create public_html and put your files in thre
<kgoetz> otherwise, look into vhosts (asking about this stuff in #apache would be a good idea too)
<orochi2> ok
<orochi2> should I leave my vhost as root:root or what would be the owner:group i should have the files be in?
<kgoetz> ideally yes, tehy would stay as root, but if you will edit the fils a lot, it might make sense to go with youruser:www-data
<orochi2> ok ill look into that
<asisak> What should I prefer nowadays if I want to run multiple (web) environments on a (Ubuntu) Linux box?
<asisak> E.g., some plone portal(s), some wiki(s) and some other services (like DNS or e-mail)
<asisak> Xen might be an overkill, but I am not sure if VServer or something similar is a good idea...
<macd> Seperating those services with a VM is a very good idea
<macd> Xen is pretty painless to setup on Gutsy now, plus you can just bootstrap a base ubuntu system, then install those services you need only
<asisak> You mean install the separate services in separate VMs?
<macd> Sure, why not
<macd> its a very good way to minimize risk from a securty standpoint also
<asisak> Sure, but you have to upgrade each machine, and you run many kernels
<_oet> Hallo
<pvandewyngaerde> _oet: english here
<_oet> Woops, english channel offcourse :P
<_oet> my bad ;)
<kraut> moin
<sommer> kraut: hey
<kraut> hi sommer
<kraut> interesting surname :)
<sommer> kraut: thx
<sommer> had it all my life... heh
<_oet> I was wondering, whether the support for the current 7.10 server version is completely stopped in 2009 or that security updates will continue to be provided..
<firecrotch> _oet: I'm pretty sure that means that there won't be any security updates after that
<_oet> ok, thanks for the info :)
<firecrotch> _oet:  8.04 will be an LTS release though, if I'm not mistaken
<_oet> ok
<_oet> i'll keep that in mind
<MenZa> It will, firecrotch
<firecrotch> thanks, MenZa
<firecrotch> _oet: are you planning on using Ubuntu for a webserver or something of that nature?
<CyberMad> i want to install gnome.. then i did apt-get install gnome..
<CyberMad> now, how to start my gnome?
<firecrotch> CyberMad:  startx
<pvandewyngaerde> dont you need  ubuntu-desktop ?
<sommer> CyberMad: you might check out this forum thread: http://ubuntuforums.org/archive/index.php/t-186298.html
<pvandewyngaerde> or  /etc/init.d/gdm start
<sommer> it lists all the packages you'll need
<CyberMad> ok thanks a lot
<CyberMad> so, what is the different between ubuntu-server dan ubuntu-desktop? only on the package?
<CyberMad> like ubuntu-desktop doesn't have samba package on cd, etc
<CyberMad> is that correct?
<pvandewyngaerde> its the packages  for a GUI desktop , a server doesnt need one by default
<sommer> CyberMad: yep different packages on the CD, different kernel, different installer
<CyberMad> is this what you mean:
<CyberMad> sudo apt-get install ubuntu-desktop
<CyberMad> sudo apt-get install gdm
<CyberMad> sudo /etc/init.d/gdm start
<CyberMad> sudo dpkg-reconfigure xserver-xorg
<CyberMad> well, i just want to run vmware-server on ubuntu-server
<CyberMad> actually i don't have any idea about that
<CyberMad> i want running windows xp on vmware-server
<CyberMad> so everyone can remote that XP
<CyberMad> because we don't XP on every computers
<CyberMad> but sometime we still need XP
<sommer> CyberMad: you should be able to do that on Ubuntu Server
<CyberMad> sommer without the GUI ?
<CyberMad> sommer have you try the vmware-server ?
<sommer> CyberMad: nope I haven't tried vmware myself in quite a while... I think it can though?
<sommer> others in this channel I know have
<CyberMad> :)
<CyberMad> well ok, i will test it this week
<CyberMad> thnks
<sommer> CyberMad: here's a wiki page on vmware: https://help.ubuntu.com/community/VMware/Server
<sommer> you could try that out and update the page if there's anything missing :)
<CyberMad> that's very cool... will help me much.. thanks
<sommer> np
<_ruben> just curious .. are there any plans whatsoever to support PF_RING on ubuntu (server)? just found catapulta.org, which does incorporate PF_RING, but is still at beta state
<firecrotch> _ruben: you ought to be able to enable it in Ubuntu
<firecrotch> _ruben: I found a tutorial that works on Debian which would be a good starting point, at least
<firecrotch> http://bjou.homeunix.net/blog/2006/12/advanced-packet-capturing-howto-pf_ring-napi-and-extended-libpcap-on-debian-sarge/
<_ruben> firecrotch: i know that url .. its a bit outdated since it mentions a cvs repo intead of svn .. and i expect PF_RING to integrate into ubuntu/debian kernels 'nicer' than our current SuSE kernels (old kernels with tons of security backports)
<_ruben> bit curious though if there were any plans on actually offering support on it and providing the appropriate kernels/libpcap libs for it
<firecrotch> Ah, well, I'm definitely not the person to find out about that from
<nealmcb> server team meeting in 4 minutes in #ubuntu-meeting:
<nealmcb> https://wiki.ubuntu.com/ServerTeam/Meeting
<sommer> nealmcb: I think they will... can always update it later :)
<sommer> the cert statement that is
<nxvl_work> isn't today the meeting?
<sommer> nxvl_work: yep #ubuntu-meeting
<soren> !mda
<ubotu> Sorry, I don't know anything about mda - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Gargoyle> Can anyone help me reconnect my split-brained drbd?
<Gargoyle> I have them both set to secondary/unknown, but can't get them to connect. Not bothered which is primary, only testing at the mo.
<ScottK> nealmcb: It's probably worth mentionind that although Postfix is primarily an MTA, it can serve as an MSA and and MDA too.
<nealmcb> ahh - got it
<soren> MSA?
<ScottK> Mail Submission Agent.
<soren> Which does what?
 * lamont tries to decide if he cares what the 'S' and 'D' stand for
<ScottK> MUA -> MSA -> MTA -> MTA -> MDA -> MUA.
<nealmcb> so postfix with a smarthost is an msa?
<nealmcb> any other msas?
<ScottK> I'd say yes, but there are probably protocol police that would disagree.
<nealmcb> (anything with a smarthost....)
<lamont> MSA means that it listens on the 'submission' port, for MUAs to talk to.
<nealmcb> ahh
<lamont> MTA means it listens on the 'smtp' port
 * ScottK likes lamont's definitions
<lamont> MDA means that it delivers to local/virtual/whatever mailboxes, from whence MUAs grab it
<lamont> MUA means a user interacts with it directly
<lamont> MUI == mail using idiot
<lamont> aka, user
<soren> So Postfix is an MSA because an MUA can poke stuff into its queue by way of /usr/sbin/sendmail ?
<lamont> MUI -> MUA -> MSA -> MTA -> MTA -> MDA -> MUA -> MUI. :-)
<keescook> so are pop/imap servers actually MDAs then?
<soren> No.
<soren> Did my mail not reach the mailing list yet?
<lamont> keescook: they don't deliver to mailboxes. they provide access to them
<lamont> soren: MSA is, IMO, kinda stupid.
<lamont> the concept, that is.
<soren> lamont: Agreed.
<keescook> soren: no it did, and I thought the same you did -- I was just trying to figure out what to call the pop/imap piece
<lamont> an MSA is an MTA that listens on the 'submission' port.
<soren> lamont: It's something that only marginally makes sense on a design diagram of postfix and *nowhere* else. :)
<keescook> MSA makes sense for ISPs that want to block MTA traffic.  :P
<nealmcb> I think the goal of the submission port is to help fight spam by separating submission from transfer at the port leel
<lamont> which it, therefore, assumes is an MUA talking to it, not some random MTA, or spamware.
<keescook> nealmcb: yup
<keescook> so pop/imap is an Mailbox Access Agent?  (between the MDA and the MUA?)
 * keescook loves making stuff up
<lamont> nealmcb: which does next to nothing for you when the spamware connects to the MSA
 * lamont ^5s keeskook.
<lamont> what are we gonna make the rest of the letters??
<nealmcb> msa?  mui? :-)
<soren> ffs...
<soren> :p
<lamont> nealmcb: I assume that MSA was someone elses.  MUI is all mine.
<lamont> soren: ffs is a very nice kernel routine, returning the first set bit in a word
<keescook> msa is real (as ScottK says: Mail Submissions Agent)
<lamont> MAA... mail authentication agent?
<keescook> (without the trailing s)
 * nealmcb nods
<lamont> MBA: masters of business administration.
<soren> lamont: ffs == first f???? set?
<nealmcb> mba mail bs agent?  aka spammer?
<lamont> find first set
<soren> lamont: of course.
<ScottK> IIRC there's an Internet Draft somewhere that defines all these.
 * lamont was thinking mail breaking agent
<nealmcb> same thing
<ScottK> Ah, that would be Exchange.
<keescook> ah-ha, Mail Retrieval Agent
<dthacker> sorry, missed the meeting. when will transcripts be up?
<keescook> http://wiki.mutt.org/?MailConcept
<lamont> ScottK: stop introducing facts into the discussion (internet draft)
<nealmcb> time we all moved to jabber and rss and left this mail morass to die a slow death :-)
<lamont> MYA: mame your a**
<lamont> hrm... IP-over-bullhorn.
<ScottK> Speaking of such, rfc2821bis is in IETF last call now.
<nealmcb> keescook: nice one
<lamont> ScottK: prior to being voted on, yes?
<ScottK> lamont: Yes.
<ScottK> So this would be the time to look at it and kvetch.
<ScottK> http://www.ietf.org/internet-drafts/draft-klensin-rfc2821bis-06.txt
<nealmcb> ScottK: thanks
<ScottK> nealmcb: No trouble.
<lamont> keescook: I think they're onto us.
<keescook> lamont: dangit
<nijaba> Table create at https://wiki.ubuntu.com/ServerPackageReview
<nijaba> Volunteers should now run to put their names along the best packages ;)
<ivoks> hi
<ivoks> ScottK: you'll work on amavis?
<ivoks> lamont, ScottK ping?
<ScottK> ivoks: Yes.
<ScottK> ivoks: I think the package itself is in good shape.  I'd be curious if you have comments.
<ivoks> defaults are ok
<ivoks> from my experience, i had problems only with systems with misconfigured /etc/hosts
<ivoks> and that's quite often :/
<ivoks> other than that, package is in great shape
<ivoks> maybe we could work on some rules for ubuntu
<ivoks> i have a dream when amavis will become part of default mail server installation :)
<ScottK> Right, well that'd be a big part of the point for moving it to main.
<ScottK> I did make a change to make it easier to fix the config if you've got a /etc/hosts problem and don't know Perl syntax.
<ivoks> great
<ivoks> i'll work on drbd
<ivoks> nad maybe we could push postgrey to main too?
<ivoks> it had only one CVE entry, IIRC, in couple of years...
<ScottK> ivoks: I'm not convinced on postgrey.  I think Greylisting is useful now, but the benifit is only transient.  More and more spammers are retrying now, so it's value is dimishing. I don't see supporting it for 5 years.
<ivoks> they are retrying, with same ip
<ivoks> that's when other antispam tools kick in
<ivoks> i use it and it does more than all other anti spam tools at the moment
<ivoks> there are installations where i use it for 2 years
<ivoks> 0 problems
<ivoks> but i understand your point
<ivoks> anti-spam protection is very dynamic area...
<sommer> ivoks: speaking of anti-spam I've added a section on Mail Filtering to the server guide... I was wondering if I could send it to you for review?
<ScottK> I think adding amavisd-new is a sensible, stable core to allow people to hang whatever they want off of it.
<ScottK> ivoks: Do you read postfix-users?
<sommer> ScottK: not that I don't value your input, but the more reviews the merrier
<ScottK> sommer: Of course.
<ivoks> sommer: sure
<ivoks> ScottK: no... :)
<sommer> ivoks: cool, there's also an update to the Postfix SASL section using Dovecot.
<ScottK> ivoks: OK.  There was a funny bit today about an Ubuntu user writing in with a Postfix problem that turned out to be webmin adding 'sudo' to their smtpd_recipient_restrictions.
<ivoks> :)
<ivoks> i'll check archives :)
<ivoks> webmin is evil.
<sommer> ivoks: I'll get that to you this evening, thanks again.
<ivoks> sommer: great
<ivoks> i have to get rid of desktop related packages i maintain :)
<ivoks> they hunt me while i'm a sleep :)
<ScottK> ivoks: Don't sleep then.  Sleep is for the weak.
<ivoks> you can't imagine how little sleep i had last two weeks
<ivoks> i'm working on a quite big project... it will go public in 20 days
<ScottK> Sounds fun.  I've done things like that.
<ivoks> fun... hm, i don't think there's a good word for that :)
<ivoks> see you later
<nealmcb> sommer: can you send me the mail filtering section also?
<sommer> nealmcb: absoluteley
<nealmcb> sommer - a section in the server guide on how server differs from desktop (kernel, no x11, etc) would be handy I bet.  those articles from http://www.enterprisenetworkingplanet.com/netos/article.php/3710641 have more detail than we want, but touching on a few of them would make savvy users feel more comfortable
<sommer> nealmcb: good idea... I'll add that to the list, and try to get it in before hardy.
<nealmcb> dthacker: you can find raw recent meeting logs at http://kryten.incognitus.net/mootbot/meetings/
<nealmcb> e.g. http://kryten.incognitus.net/mootbot/meetings/ubuntu-meeting.20071127_1603.html for today
<nealmcb> but those get moved I think later on
<nealmcb> sommer: you rock :-)
<sommer> heh party!
<macd> mathiaz, around?
<mathiaz> macd: yes.
<macd> I saw the meeting minutes, do you have a link on the wiki to using tasksel?
<macd> ohh, and I added a few tihngs to it the other day detailing the exact configuration changes
<mralphabet> nijaba: are you around?
<mralphabet> nijaba: I am looking at https://help.ubuntu.com/community/JeOS and made some minor corrections (spelling).
<mralphabet> nijaba: there is one spot that I can't seem to fix.  Under 'Installing VMware Tools', 'Next should ask VMware to mount the VMwareTools CD', VMwareTools shows as a link, but only 'MwareTools' is actually linked.  When I edit the page to correct it, there is no link in the wiki code.
<mralphabet> nijaba: so not sure where it is getting the link from, but I thought I would mention it.
<nijaba> mralphabet: Thanks for your corrections.  Regarding the Link, I came to the conclusion of a bug in InterWiki...
<mathiaz> macd: the documentation I've found about tasksel is its README file
<mathiaz> macd: in /usr/share/doc/tasksel/
<soren> mralphabet: It's a link because it has at least two capital letters in it separated by lower case letters. It doesn't matter if a page exists with that name.
<nijaba> mralphabet: regarding your edit of sudo apt-get install lamp-server^, the ^ is not a mistake, it is actually required :)
<mralphabet> nijaba: oh, heh, sorry about that ;(
<nijaba> mralphabet: np.  soren just fixed the link btw: VMware{{{}}}Tools
<mralphabet> nijaba: I'll put the ^ back in
<nijaba> mralphabet: thanks
<macd> mathiaz, thanks.
#ubuntu-server 2007-11-28
<kgoetz> has someone gone and run s/Debian/Ubuntu in the libpam-ldap and libnss-ldap README.Debian files? is there any particular reason to have done so?
<ScottK> Cool.  I can requeue messages without super user priviledges now in Postfix.  One less reason to be root.
<lamont> ScottK: which version?
<lamont> or is it just having write access to deferred and friends?
<ScottK> postqueue -i in 2.4
 * ScottK hadn't read the postqueue man page in a while.
 * lamont needs to read the nmap man page this week
 * ScottK had been using postsuper -r.
<Burgundavia> dendrobates: you need to email fridge-devel to get your meetings listed on the fridge
<ScottK> lamont: Speaking of which, Debian Bug# 453238 does not sound like a smart idea to me.
<kgoetz> hi all. i'm wondering if someone can recomend a log level for openldap (slapd) to help debug a libpam_ldap problem. level 256 doesnt seem to help me much. help with libpam_ldap /libnss_ldap would be apreciated too :/
<sommer> kgoetz: -1 will give you all available output.
<kgoetz> -1 where? slapd?
<sommer> kgoetz: /etc/default/slapd there's a SLAPD_OPTIONS="" try -d -1.  then restart slapd
<sommer> so you'll have SLAPD_OPTIONS="-d -1"
<kgoetz> sommer: should i remove th debuglevel 256 from the slapd.conf?
<kgoetz> *loglevel
 * kgoetz sets to 0
<sommer> actually I've never used the loglevel option
<kgoetz> mm ok. i'll disable it entirely
<sommer> when debugging a big issue I start slapd in a terminal with these options slapd -d -1 -h "ldap:/// ldaps:///" -f /etc/ldap/slapd.conf
<sommer> you'll get all the output to the console... usually a lot of output.
<kgoetz> slapd doesnt seem to be restartin, shoudl i expect it to run in the forground now?
<sommer> kgoetz: I may have been wrong about the SLAPD_OPTIONS="-d -1"... try setting them back to ""
<sommer> kgoetz: I thought that would work
<sommer> are you getting Starting OpenLDAP: slapd and it's just kind of hanging there
<kgoetz> sommer: slapd's running and i'm gettin debug to syslog, i'm just supprised it didnt background
<kgoetz> esp. as theres nothing going to stdout
<sommer> did you start slapd in a console with the options I posted?
<kgoetz> i added '-d -1' to the /etc/default/slapd file. whenever i run slapd in a console it chowns the database to root
<sommer> apologies I may have been wrong about that file... you might try just running slapd from console
<kgoetz> your right in a much as it is debugging, but i'm bemused its still forgrounded - if its loggingn to syslog theres no reason for it to hold the terminal
<sommer> ya that's strange does ctrl+c work?
<kgoetz> ^C kills the daemon
<sommer> mmmm... I'd just start slapd from console until you've figured out the issue then (it just feels cleaner)
<kgoetz> hm.
<kgoetz> hate softwar with no clear debugging options. pam is inn that catagory :(
<kgoetz> now i see some pam_debug module ... yay, another module to load and confuse :S
<vetri> which gui best for iptables
<ScottK> vetri: vim
<mralphabet> gui? for a text file?
<sommer> in DNS terms you have reverse zone files... is it correct to call the regular zone file a forward zone file?
 * ScottK has heard of reverse lookups, but never reverse zone files.
<kgoetz> afaik so
<ScottK> But /me knows more about DNS protocol than admining DNS servers.
<sommer> cool just wondering
<sommer> the data for reverse lookups is stored in a reverse zone... a file in bind9 terms
<sommer> not sure about MS dns... reverse zones are configured in gui mode
<_ruben> forward and reverse zones arent really that different from eachother .. except that one (reverse) has entries below in-addr.arpa. and uses PTR records, and the other (forward) has entries below . and uses A/CNAME/MX/etc records :p
<tjaalton> uh, is the mount.nfs4 braindead or what.. it does a readlink() in the current directory, and when the server path doesn't exist there it fails
<tjaalton> this is on hardy
<tjaalton> anyone here using nfs/nfs4 mounts on hardy?
<avatar_> hardy? maybe try #ubuntu+1
<tjaalton> avatar_: nope, I'll try linux-nfs@ instead
<avatar_> hardy is atm alpha quality and not production ready
<kraut> moin
<tjaalton> avatar_: I'm core-dev, I know ;)
<avatar_> ah, okay :)
<_ruben> heh
<tjaalton> it wouldn't matter to me unless braindead software didn't insist on having $HOME (Mathematica)
<_ruben> bugger .. time to investigate pf_ring on short term i guess ..
<_ruben> Nov 28 06:41:25 ismlnx-fw07 pmacctd[7790]:  wan0: (1196228485) 962816 packets received by filter
<_ruben> Nov 28 06:41:25 ismlnx-fw07 pmacctd[7790]: wan0: (1196228485) 0 packets dropped by kernel
<_ruben> Nov 28 06:56:25 ismlnx-fw07 pmacctd[7790]:  wan0: (1196229385) 1032605 packets received by filter
<_ruben> Nov 28 06:56:25 ismlnx-fw07 pmacctd[7790]: wan0: (1196229385) 13239 packets dropped by kernel
<ivoks> hi
<_ruben> g'day
<Steve_____> hello - Have installed JBoss on Ubuntu server 7.04. Works fine from localhost but when I try to hit a page remotely I get "The connection was reset". Any ideas?
<nijaba> Steve_____: isn't there a rule in JBoss that by default only allows connections from localhost?
<Steve_____> Didn't think of that. Will try to find out - Currently running a slightly different version of jboss on ubuntu desktop 6.10 without problems
<nijaba> Steve_____: I am no JBoss specialist, but google points to /usr/local/jboss/run.conf
<Steve_____> thanks nijaba. Will feedback if I get anywhere with that
<Steve_____> How can I tell whether ubuntu is preventing access from remote machines to port 8080?
<ivoks> iptables -L
<avatar_> sudo lsof -i |grpe 8080
<avatar_> sudo lsof -i |grep 8080
<avatar_> on wich interface is your daemon listening?
<Steve_____> iptables shows now rules (I tried iptables -F)
<ivoks> -F je flush
<ivoks> so if you had -P DROP, then -F would result in total jail of your system :)
<ivoks> sorry... -F is flush
<Steve_____> iptables shows no rules
<ivoks> then no one is blocking your ports
<Steve_____> lsof -i | grep 8080 gives nothing
<ivoks> maybe your service isn't listening on 8080
<Steve_____> I can telnet to 8080 from localhost and HEAD
<ivoks> you can telnet to localhost, right?
<Steve_____> or wget localhost:8080 and wget a web page
<Steve_____> yes
<ivoks> checkout netstat -an | grep 8080
<Steve_____> How do I tell which interface the deamon is listening on
<Steve_____> tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN
<ivoks> it listens only on localhost
<Steve_____> thanks
<akincer> Has anyone seen instances where a NIC stops responding to external requests and only starts responding once you initiate a connection from that machine?
<ivoks> yes
<ivoks> you can achive that with firewall
<akincer> That's the firewall?
<ivoks> could be
<ivoks> it could also be a broken nic
<akincer> If so, that is a policy that redefines dumb
<ivoks> akincer: dumb?
<ivoks> akincer: well, who is the dumb one in this story? :)
<akincer> dump, stupid, moronic
<akincer> haha
<akincer> not me
<akincer> stock install
<ivoks> then it's not firewall
<akincer> On ifconfig, packets aren't even making it to the machine
<akincer> although I can see where SOME data is coming in and out
<ivoks> yesterday i saw a network setup where packages where coming in, but couldn't get out from server
<ivoks> turns out that guy who is administrating network and servers doesn't have a clue about networking :)
<akincer> haha, well I know enough about both to keep my sanity
<akincer> I'm checking with the network guys to see if they can check the Catalyst for frame errors
<ivoks> that guy's server didn't have a route to the rest of the network...
<akincer> LOL
<ivoks> maybe your machines don't have a route to your server/machine
<akincer> If I walk into the server room and initiate a ping from the server to anything, it will start responding again
<akincer> No, it does
<akincer> same subnet
<ivoks> intel nic?
<ivoks> dapper?
<akincer> I could have an invalid GW and it would still respond
<akincer> Gutsy
<akincer> Not sure about NIC. Onboard on a Dell
<ivoks> lspci would give you a hint
<akincer> Intel 82541GI
<akincer> Let's see what Google says
<ivoks> i put my money on broken network setup :)
<akincer> Hmmm. I'll go check /etc/network/interfaces to see what it says.
<ivoks> not on the server, but in network topology :)
<ivoks> this sounds like all other machines don't have a clue about server's mac address
<ivoks> and untill server broadcast it, they can't find it
<ivoks> check arp table on clients, when your server is unavailable
<akincer> I didn't configure the network, so I can't be sure. I am pretty sure there are issues though
<akincer> Long story, but I don't have control over the network
<akincer> I'm a one man IT shop, but the network is outsourced at the moment
<akincer> Trying to get a response from the network folks about that. I'm betting you're right
<ivoks> coffeedude: hi
<methods> hey
<methods> is there any console based tools for detecting wireless ap ?
<methods> or picking any available without wep ?
<ivoks> iwconfig
<methods> yea but thats for setting statically
<methods> i want something to display broadcasted networks
<ivoks> iwlist
<ivoks> iwlist interface scan
<methods> oh cool!
<methods> hm i got a blank essid from that
<methods> hm cool! it didn't pick up on its own but a scan with a essid got it!
<Gargoyle> What factors effect how long it takes for new software revisions to make it into the repos?
<ivoks> mathiaz: i'll check out ucf thing; i was fully unaware of such a tool :D
<ivoks> mathiaz: and... you said you have worked on ror implementation?
<mathiaz> ivoks: s/implementation/design/
<ivoks> ok
<ivoks> mathiaz: makefile is still broken :)
<mathiaz> ivoks: you mean in tasksel ?
<ivoks> yes
<ivoks> it has hardcoded linking to desktop.preinst
<ivoks> which is absurd... since it has :
<ivoks>         for script in info/*; do \
<methods> in gutsy can i use security as well as gutsy-security ?
<ivoks> there's only gutsy-security
<methods> so how do i get libgd2-dev then /
<ivoks> there's no such package
<ivoks> there are libgd2-noxpm-dev and libgd2-xpm-dev
<methods> http://packages.ubuntu.com/dapper/oldlibs/libgd2-dev
<methods> whats the difference in those packages ?
<methods> im following the nagios ubuntu quickstart and its telling me to install this stuff
<ivoks> you asked about gutsy and then pasting dapper links
<methods> oh ... well i just did a google search sorry..
<ivoks> nagios quickstart in ubuntu is apt-get install angios
<ivoks> nagios
<methods> 6.10 is gutsy isn't i t?
<ivoks> or nagios3
<ivoks> 6.10 is edgy
<methods> hm
<methods> the walk through is a bit oudated
<ivoks> it will be obsolete in 5 months
<methods> oh wow were on 7.10 right ?
<ivoks> yes
<methods> .10 ... thats why i thought i twas right
<methods> ok well ill use the meta package
<methods> but i wonder they didn't update this
<methods> hm you meant nagios2 ?
<ivoks> right
<methods> hm see this is why i like ubuntu over pure debian
<methods> so v3 is still unstable ?
<methods> do you recogmend i install 3 on my own or stick with 2 ?
<ivoks> i would go with v2
<ivoks> and, fwiw, ubuntu nagios2 package is exactly the same as debian's
<akincer> Methods, have you looked Zenoss as an alternative to Nagios?
<ivoks> methods: if you haven't - don't :)
<akincer> why?
<ivoks> cuse it creates user
<ivoks> cause
<ivoks> and puts it in sudoers
<ivoks> with NOPASSWD
<ivoks> so, that user can wipe your entire system, and you have a web service running under it's privileges
<ivoks> i can't thnik of worst security installation out there :)
<methods> wtf is zenoss ?
<ivoks> zenoss.com
<methods> wahts fwiw ?
<ivoks> good looking nagios :)
<akincer> I don't remember it doing that. Haven't tried it in a while
<ivoks> akincer: i wanted to package it... i gave up very soon
<akincer> I remember a few things being a PITA for no apparent reason, but no more than Nagios
<ivoks> maybe it changed in last couple of months
<akincer> I loaded up a VM appliance, so I couldn't honestly tell you what it did under the hood
<methods> so wahts zenoss ?
<akincer> zenoss is to nagios what postfix is to sendmail (in function)
<methods> a cheap alternative ?
<methods> it appears to offer comercialized versions
<methods> im looking to help open source movement for inteligent systems
<methods> not p ropritized jerks
<ivoks> another problem with zenoss is that it has files without copyright
<ivoks> that, and nopasswd things are the reasons why zenoss packages were never introduced in debian
<ivoks> on debian guy and i wanted to package it, but we gave up after 10 minutes with that software :)
<ivoks> s/on/one
<methods> this package gave me no information
<methods> and appears to have an internal server error when i go to the web site
<akincer> Gotcha. I need to pick Nagios back up. Last time I gave it a shot, I quit after becoming extremely annoyed at how unnecessarily difficult it seemed to be to configure
<Innatech> Hello. Having a problem with OpenVPN setup. Running the vars script that does a bunch of export fails to set the environment vars, while setting them at the command line works, and they seem to work within the script @ runtime in its echo statements. What gives?
<Innatech> This is on 7.10 server.
<lousygarua> hello
<lousygarua> did anyone every use w3m-img?
<lousygarua> s/every/ever
<juliux> hi
<juliux> does somebody knows how can i run more then one ssh server on a server?
<lousygarua> juliux, hmm you can probaby run sshd with a different configuration file specifying a differnet listening port.
<lousygarua> why would you want to run two ssh servers?
<juliux> i want one for users and one for backuping
<juliux> for the backuping i want to use sshkeys without a passwort
<juliux> but this ssh server should only work on the ip of my vpn
<lousygarua> i.e. users access from WAN and backupping is only from VPN?
<juliux> lousygarua, yep
<juliux> lousygarua, i have several servers and clients and they should automaticly backup via rsync and ssh over the vpn
<lousygarua> juliux, i don't have much experience with SVN but shouldn't it be transparent to the SSH clients whether they connect an external or LAN/VPN IP?
<lousygarua> or you want the backup ssh server to accept connection *only* from LAN VPN so it's more 'secure'
<juliux> i want for the vpn clients ssh with sshkeys without any passwords
<lousygarua> well setting up ssh key authentication is really easy i've once done it myself for backup purposes
<juliux> i know
<lousygarua> no passwords
<juliux> i only want an extra ssh server for the vpn;)
<mralphabet> and you want passwords for the vpn connections
<mralphabet> can't you do both?
<juliux> mralphabet, i have keys for the vpn
<lousygarua> juliux, man sshd shows a `-f` option for specifying a differnet configuration file
<lousygarua> but still i don't see the use for two separate ssh servers
<juliux> i don't want ssh with keys on a ssh server that is reachable from the normal wan
<lousygarua> but if the vpn clients are unreachable from WAN there's no chance their private key to be stolen somehow
<lousygarua> and a hacker will find it very hard to create a clone private key for connecting your servers
<juliux> hmmm
<lousygarua> anyway, you can probably run an additional sshd server taht only listens on 192.168.xxx.yyy so it's only available to VPN hosts
<zylmak> hello im trying to install ubuntu server and i need some help
<lousygarua> zylmak, what help do you need :) be more specific
<zylmak> the first thing i need to know is what im doing :) ... well what im trying to do is to ser a test server behind a router
<zylmak> the server dosent need to be visible from outside the router
<zylmak> so the first thing i need is to set my ip adress so it will be fix
<zylmak> i found the file /etc/network/interface but dont know what is broadcast for
<lousygarua> zylmak, broadcast is the ip address that all hosts will listen to, smt like 192.168.0.255
<lousygarua> zylmak, because it has 255 which is binary for all 1's then the network interface on each host knows it should process the message
<lousygarua> it's like screaming "HELLO EVERYONE" in your lan
<zylmak> ok
<lousygarua> anyone knows of a CLI WebDaV client?
 * lousygarua will be back soon
<zul> cadaver maybe?
<proprietarysucks> how do I stop ubuntu from asking me to continue when it says it cannot verify the security (aka it can't access the internet) during a kickstart installation?
<proprietarysucks> also what is the kickstart syntax for a swap partition for ubuntu? the 'regular' way isn't working
<zylmak> my next question is: do i need dhcp and bind, since my isp give the ip address to my rooter
<zylmak> oups time to go to a reunion will come back later
<ivoks> hello
<ivoks> anyone has anything against maildir by default in mail-server task?
<proprietarysucks> neverming I figured out the second question
<proprietarysucks> man it's hard finding anyone in ubunut that actually KNOWS ubuntu
<somerville32> lol
<ivoks> hm
<mralphabet> and by ubuntu you mean kickstart
<proprietarysucks> no I mean ubuntu
<proprietarysucks> kickstart is the same protocol, ubuntu decided to accept or not accept various parameters
<ivoks> kickstart isn't a protocol
<proprietarysucks> for example in ubuntu server 6.10 you can't use --noipv6
<proprietarysucks> that's not kickstart, that's ubuntu
<ivoks> i repeat, kickstart is not a protocol, it's a file
<proprietarysucks> also you have to use part swap --size 2048 instead of part --fstype swap --size 2048 because of ubuntu
<proprietarysucks> kickstart is a file that follows the kickstart protocol to feed selections to anaconda, the red hat installer
<ivoks> kickstart is a file, used to load some settings into anaconda
<ivoks> in ubuntu, sane people, use it just to get to preseeding
<ivoks> preseeding, otoh, has much more power than kickstart
<proprietarysucks> if an OS doesn't accept an option it's not because kickstart is somehow different for that OS, it's because that OS has arbitrarily changed their anaconda (or other) input mechanisms
<proprietarysucks> therefore it's ubuntu not kickstart
<ivoks> i'm not sure who told you that ubuntu supports all options in kickstart...
<ivoks> but it doesn't
<ivoks> and that's not a secret
<spiekey> hi
<spiekey> i canÂ´t log into webmin as root anymore.
<lousygarua> proprietarysucks, what is kickstart either way
<proprietarysucks> all I asked was how to get ubuntu to stop the automatic installation to ask me a question
<spiekey> i get: Nov 28 21:32:17 localhost webmin[7500]: Invalid login as root from 127.0.0.1
<proprietarysucks> I know ubuntu doesn't support all the optiosn
<spiekey> i wonder why?! Since ssh works with root
<zul> then why complain?
<jjesse> spiekey: you mentioed anymore? does that mean at one time you were able to login as root?
<jjesse> spiekey: so you enabled root?
<spiekey> jjesse: for the last 2 years, yes
<spiekey> oversudden it does not work anymore, and i dont think i updated the machines in the last few month either.
<spiekey> webmin uses the pam infos (user/pass) to auth, right?
<jjesse> that's wierd that all of the sudden it changed
<jjesse> i think so, someone might be able to correct me
<jjesse> been awile since i used webmin
<spiekey> oh, he?!
<proprietarysucks> I just installed ubuntu 6.10, using kickstart and it has stopped the automatic installation to ask me if it's ok to proceed after not being able to reach security.ubuntu.com. How do I automatically say yes here? It's not a kickstart question because red hat linux doesn't do this. It's a ubuntu question because it is obviously wanting some custom argument, and the ubuntu documentation on this particular issue is
<spiekey> the old password works!
<spiekey> jjesse: its the password from 2006!
<spiekey> wtf?!
<ivoks> proprietarysucks: preseeding
<ivoks> look for debian preseeding
<ivoks> learn it and then come back saying 'omg, i didn't know kickstart is so lame'
<ivoks> :)
<jjesse> spiekey: sorry, don't mean to be rude, but does google help?
<spiekey> jjesse: not with the error messages i get in my logs
<proprietarysucks> our system automatically detects and configures all configurations of hard drives, nics, packages and everything we need, not sure how much better it can be
<proprietarysucks> the only thing that's not working right now is that ubuntu stops and complains about not being able to call home
<spiekey> webmin must have its own passwd file or something..?!
<ivoks> i give up
<jjesse> spiekey: thats what i meant when i asked about google can you google webmin password file or something, sorry a little busy with work
<proprietarysucks> anyone know someone who actually knows ubuntu
<jjesse> i know ivoks
<somerville32> proprietarysucks, Whats the issue?
<spiekey> jjesse: i feel so dumb now :-/
<jjesse> spiekey: did it?
<proprietarysucks> I just want to know what kickstart option ubuntu is waiting for to allow it to not stop and ask if it's ok to proceed when it can't contact security.ubuntu.com
<jjesse> spiekey: don't worry i do stupid things all the time
<jjesse> or what i feel are stupid things
<ivoks> proprietarysucks: kickstart doesn't support these things, preseed does
<spiekey> jjesse: you are a sysadmin, right? :D
<mralphabet> !webmin @ spiekey
<ivoks> we don't support webmin
<proprietarysucks> ivoks: kickstart is a text file, it supports anything you can type
<mralphabet> bah
<mralphabet> !webmin
<ubotu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system
<jjesse> spiekey: not right now, full time consultant but used to be a sys admin
<ivoks> proprietarysucks: it doesn't support answering to questions, preseed does
<ivoks> proprietarysucks: preseed will intercept question and provide an answer
<ivoks> kickstart doesn't do that
<proprietarysucks> kickstart doesn't do anything
<ivoks> kickstart has limited number of functions
<proprietarysucks> it's a text file
<proprietarysucks> perhaps you are thinking of anaconda?
<ivoks> preseed can be used to set up debconf entries
<ivoks> we are not talking about anaconda here, since we don't use anaconda
<proprietarysucks> you are a very confused person about this
<proprietarysucks> kickstart is a text file, there's no functions
<proprietarysucks> the program, called anaconda, reads this file and interprets the info
<ivoks> really?
<ivoks> so... which anaconda reads that file in ubuntu?
<ivoks> cause we don't have it
<proprietarysucks> ubuntu also has decided to read these files, taking it's own CUSTOM text files
<jjesse> so use preeseed
<proprietarysucks> ubuntu also has decided to read these files, taking it's own CUSTOM text commands
<ivoks> proprietarysucks: then use redhat, where's the problem?
<proprietarysucks> such as this one, you may recall:        user --disable
<proprietarysucks> that's in the kickstart file and *ubuntu* recognizes it as meaning something
<proprietarysucks> I'm asking if anyone anywhere knows what other custom commands like this ubuntu has applied to the normal kickstart template
<ivoks> this guy reminds me on one my ex professors
<ScottK> ivoks: I think maildir by default is an excellent plan.
<ivoks> ScottK: i agree
<ivoks> :)
<ScottK> Just saying so if anyone complains you can say it wasn't just you deciding to do it.
<ivoks> :)
<ScottK> ivoks: I'm started on the amavisd-new MIR.  While it's still in Universe and I can upload changes, is there anything else you think we should do to the package?
<ivoks> hm...
<ivoks> we could provide some stuff during tasksel install
<ScottK> No rush.  It'll be sometime next week before I get the MIR done.
<ivoks> amavis has amavis.d, so that would be much easier than with dovecot :)
<ivoks> we will just drop configs for mail-server task there, and that will be it
<ScottK> Our diff from Debian is pretty small right now.  If there's anything else we want to change, I'd like to send it all up to them at once.
<ScottK> OK
<ivoks> we will not change amavis package
<ivoks> we will leave it default...
<ivoks> mail server task from tasksel will drop special stuff we decide to have
<ivoks> so... apt-get install postfix dovecot-imapd amavisd-new gives you default installation
<ivoks> sudo tasksel install mail-server gives you all that + ubuntu server team goodies
<proprietarysucks> Does anyone know the complete list of custom commands like user --disabled ubuntu has applied to the default kickstart template?
<zul> proprietarysucks: maybe looking at the source might help
<ivoks> ScottK: any objections to:
<ivoks> smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated
<ivoks> ?
<ScottK> ivoks: reject_invalid_hostname should be reject_invalid_helo_hostname if we want it.
<ScottK> The use case here is for an all in one mail server for sending and receiving mail for a domain, right?
<ScottK> If that's the case then reject_invalid_hostname is something we don't want as MUAs often have a bogus HELO name.
<ScottK> ivoks: Let me think about this one for a bit.
<ivoks> well, bad clients would get 501
<ivoks> ok, maybe we shouldn't go so tight...
<ScottK> What I'm thinking is we should have 465 (for smtps) and 587 enabled with the looser restrictions and keep port 25 tight for recieving mail.
<ScottK> Gotta run out for a bit.
<ivoks> oh, you would enable 587?
<close2__> hello, i have a script, which dd's a few bytes every 5 seconds from an external usb-disk and mounts and rsync every 15 minutes
<close2__> sometimes the mount -t ntfs-3g  just hangs
<close2__> an strace -p ...    shows that the mount tries to: read(4,  <unfinished ...>
<close2__> do you have an idea, why this could happen?  How to avoid it?
<ivoks> check what file has an ID 4
<ivoks> and this is not server related question
<ScottK> ivoks: Yes.  If we're supporting sending and receiving.  That's really how it ought to be done.  There's even a recent RFC (BCP actually) about it.
<close2__> it's the server kernel, that's why i though i should ask here
<ivoks> ScottK: then we should do that by default in postfix, right?
<ScottK> ivoks: For an appropriate debconf choice, yes.
<ivoks> close2__: look for open ("/some/file", O_RDONLY|)_RWRITE) = 4
<lamont> ScottK: MTAs also frequently have bogus hostnames
<lamont> little companies like IBM, last I ran into it.
<lamont> (the ehlo hostname resoves in their _INTERNAL_ dns...)
<ScottK> lamont: Agreed.
<ScottK> lamont: I'd have to look the name up but there's now a test you can do just for rDNS existance that I think is a reasonable default.
<lamont> ok.  the IBM host was NXDOMAIN...  OTOH, that was a few years back, maybe they finally agreed that it was stupid
<ScottK> IBM currently has PTR names like e1.ny.us.ibm.com.  I don't have ready access to HELO names.
<ScottK> AOL requires rDNS, so I think it's safe for our default to require it.
<lamont> ok.
<lamont> rDNS == reverse dns, yes?
<ScottK> Yes
<ScottK> As in PTR for the IP.
<lamont> right
<lamont> just making sure there wasn't some new TLA I was missing
 * ScottK notes in passing that it had 4 letters ...
<lamont> yeah... but FLA isn't self-referencing
<ScottK> But it sounds naughtier.
<ivoks> ok, uploading new patch
<ivoks> done
<ivoks> please, do comment, suggest, etc...
<lamont> patch to?
<ivoks> bug 164837
<ubotu> Launchpad bug 164837 in dovecot "Dovecot SASL for postfix" [Low,In progress] https://launchpad.net/bugs/164837
<ivoks> patch for tasksel
<lamont> through, for future ref
<lamont> what more are we doing in postfix to finish lighting up sasl?
<lamont> and where is it authenticating against?
<ivoks> oh...
<ivoks> sorry... damn
<ivoks> forgot the first part :D
<lamont> lmtp_sasl_type = cyrus
<lamont> smtp_sasl_type = cyrus
<lamont> smtpd_sasl_type = cyrus
<lamont> and those prolly need to change, no?
<ivoks> yeah...
<ScottK> lamont: The immediate question was do we enable port 587 by default for submission (I'd say yes for any debconf option that supports internet submission).
<ScottK> lamont: Details.
<soren> ivoks: Are there any reasons why those settings shouldn't be the default?
<lamont> because, ideally, I'd like to just have sasl configured by default in postfix (modulo debconf, of course)
<soren> ivoks: Most (all?) of the settings in dovcecot.conf look sane even outside of the postfix sasl stuff.
<soren> ivoks: All the more reason to make it the *actual* default, and not only the default when you've installed dovecot in a particular way.
<lamont> ScottK: I'm OK with enabling 587 by default any time postfix is listening on port 25
 * lamont reviews his templates
<ScottK> lamont: How about 465 for smtps too then?
<lamont> ScottK: any time that we turn on ssl, yes.
<lamont> :-)
<ScottK> It's needed for non-starttls MUAs (notably Outlook Express and Outlook < 2007)
<ScottK> OK
<ivoks> soren: no sane reasons :)
<ivoks> i would be happier to do this by default
<ScottK> lamont: Are you good with that for Debian too?
<soren> ivoks: I'd much prefer that to any post-installation rewriting of config files. If there are saner defaults, we should apply them globally.
<lamont> ScottK: there is only one postfix. :0
<ScottK> lamont: Good.  Just making sure we stay that way.
<lamont> I only have one forked package (util-linux), and that's purely because of build-deps
<lamont> which I can't do at run time
<ivoks> we went with tasksel cause we don't want to override stuff for old users
<soren> ivoks: Well just have to deal with that some other way.
<lamont> ivoks: I need to not muck with conffiles except as I get told by new debconf answers.
<lamont> and make the default install do the right hting
<soren> ivoks: Apart from the Maildir change, all the settings could be (relatively) safely applied to existing configurations.
<soren> lamont: it's not a conffile (in the dpkg sense)
<ivoks> i'm trying to recall why we wanted to do it this way...
<soren> lamont: and even if it were, it wouldn't be kosher to fiddle with it regardless of debconf.
<lamont> soren: there are nuances.
<ivoks> anyway... doing it by default is what i prefere...
<lamont> postfix doesn't list master.cf and main.cf as conffiles simply because the questions from dpkg about who wins, me or the admin, are confusing to most endusers.
<lamont> aka admins
<ivoks> ah, i know!
<lamont> when postfix asks a question in debconf, it has met the policy requirement of getting permission before mucking.  When it's required to muck, preinst does the asking, and aborts the upgrade if you say 'no'.
<ivoks> it's because we can't force these changes into debian, and we would like delta to be as small as it can
<lamont> adding a new question for home_mailbox kinda needs can do interesting things with the defaults based on existing/not-existing configs, but ultimately, changing it from upstream's default means that I need to make it at least medium pri
<ivoks> cause they don't prefere postfix over exim, and/or dovecot over cyrus
<soren> ivoks: I'd much rather maintain a delta in the default config file than the tasksel change.
<lamont> ivoks: I think we're going to upload a default-mail-transport-agent package to debian, and then start the discussion about having people start Depending on that....
<lamont> ivoks: having the default be different between debian/ubuntu is not an issue... postfix already knows what it's building for...
<soren> lamont: I've got that packaga on my laptop, by the way. I just need to extract it and send it your way.
<lamont> soren: please
<lamont> soren: if we're going to do it as a debian package, how do you feel about housing it in git.debian.org?
<soren> lamont: git and I are not friends.
<lamont> soren: git 1.5?  or unusably ancient 1.4?
<soren> lamont: But... um.. certain other things force me to use git real soon anyway, so I might as well.
<soren> lamont: No idea.
<ivoks> so... we are giving up on tasksel? :)
<lamont> soren: go to git.debian.org and create yourself a guest account... then let me know I'll see about getting us a joint-development gid to assign so that we can share one repo instead of two.
<soren> ivoks: If we implement your postconf changes from that patch into default postfix, and there's dovecot around, what will happen?
<lamont> ivoks: tasksel probably still has _some_ work to do.
<ivoks> that's not an issue...
<ivoks> issue is if someone has saslauthd
<soren> lamont: Like what?
<soren> ivoks: What will happen then?
<lamont> I expect that the change will wind up being that postfix will Recommend cyrus (debian) or dovecot (ubuntu), and then set things up if it's a fresh install
<ivoks> soren: we are binding postfix to dovecot here, but not everybody has dovecot for imap/pop
<lamont> tasksel needs to at least pull in dovecot... I think it wants to be a suggests maybe?
<lamont> for postfix, that is
<ivoks> well... wais a sec...
<ivoks> wait...
<ivoks> dovecot-common isn't imap/pop
<lamont> ivoks: what I was hoping to do for postfix was to ...
<soren> ivoks: Precisely.
<ivoks> so we can have dovecot-common and cyrus at the same time
<soren> brb
<lamont> at postfix configure time, if we haven't done it before, ask the admin if he wants to set up sasl, pointing at dovecot or cyrus as appropriate (depending on what's installed, maybe).
<lamont> the default answer would be where we'd bind postfix to $SASL
<ivoks> right
<lamont> which could vary between distros
<lamont> +postconf -e "broken_sasl_auth_clients = yes"
<lamont> ew
<ivoks> could we 'preseed' debconf value for that question in ubuntu?
<lamont> I suppose, thouhg.
<soren> Can't we just make all the saslauth provides put their socket in the same place and not care?
<lamont> ivoks: we already have places where the source conditionally compiles around ubuntu vs debian... no need to go playing with preseeds... :0)
<soren> We have a lower default priority for debconf questions.
<ScottK> soren: No.  I really don't think so.
<soren> ScottK: Because?
<ScottK> Because they work differently.
<lamont> soren: and the port25 banner is different
<lamont> we have to know which it is.
<ScottK> Even in Cyrus you have to decide on sasldb versus auxprop and that affect a bunch of stuff.
<lamont> and the options are "cyrus" "dovecot" and "die, hellspawn"
<lamont> er, "no'
<lamont> :-)
 * ScottK will review the source before trying that last one.
<soren> Ok, I wasn't aware.
<soren> i though they had some sort of well defined protocol.
<lamont> soren: this conversation is teaching me much wrt SASL...
<soren> Man, typing is hard!
<lamont> it's been on my "I should figure this out sometime" list for about 5 years or so now.
<ivoks> soren: i gave up on typing... it's 23:30 :)
<lamont> and hardy is a perfect time to fix it.
<soren> lamont: So the protocol with which you communicate is dependant on the server at the other end?
<lamont> yes
<ivoks> yes
<ivoks> postfix supports two
<soren> craptastic
<ivoks> dovecot and cyrus
<ivoks> iirc
<lamont> soren: hence the *_sasl_type variables
<soren> Like completely different as in there's no specification or are people just interpreting them in different ways?
<ivoks> like dbus and dcop :)
<lamont> two separate implementations of two separate designs.
<lamont> no common spec.
<soren> Fantastic.
<ivoks> there's no 'standard'
<soren> brb
<lamont> soren: think windoze vs linux. :-)
<lamont> only this time both suck.  differently.
<lamont> ivoks: btw, good to run into you again - haven't had any good chance to chat since Mataro, wasn't it?
<ivoks> mataro?
<ScottK> soren: SASL is defined, but that's on the wire.  The MTA to SASL implementation API is implementation specific
 * ivoks is kind of slow atm
<lamont> ivoks: I somehow got the impression that we'd maybe met in Mataro.
<lamont> @UDS
<ivoks> i was only on last uds at cambridge
<ivoks> mataro sounds spanish :)
<lamont> ah.  I guess more than one person lives in .hr :)
<ivoks> :)
<lamont> ivoks: that's because it's in spain. :)
<ivoks> i don't know who else would be there from .hr...
<somerville32> I'd like to go to the next UDS or the next one after that
<ScottK> lamont was at the last UDS too, so maybe you two actually did meet there.
<ivoks> hm... maybe :)
<lamont> quite possibl
<lamont> e
 * ScottK recalls meeting both of you.
<kgoetz> hi all... anyone willing to look at some openldap debuging output? http://pastebin.ca/801011 i have two users in ldap, i belive both have valid passwords. on user (kgoetz) has a local account as well. only kgoetz can log in, the other (kim) cops an error. suggestions about how to go about debuggin this woul be good too :/
<ivoks> ScottK: i remembre you on package review session; we agreed on amavis :)
<ScottK> Yep.
<ivoks> typos...
<lamont> kgoetz: does ldapsearch find the user?  and what about when you bind with the rootdn?
<ivoks> so, postfix preinst should check sasl method and then, if none, set dovecot :)
<ivoks> if there is /etc/dovecot/dovecot.conf :)
<lamont> ivoks: I don't think setting type hurts us in any case...
<lamont> and it'd be postinst that did it.  config that decided the default..
<ivoks> right, not preinst...
<ivoks> i know that dovecot will not start if /var/spool/postfix/private/auth doesn't exist
<ivoks> so, postfix must be installed before dovecot-common
<ivoks> this is why it's so easy to do it in tasksel.postinst :)
<kgoetz> lamont: just checking
<kgoetz> ldapsearch is whining about sasl :\
<lamont> kgoetz: I have to go fetch kids, but I have a mixed local and ldap world that I can help walk you through fixing your issue once I get back online...  what TZ are you?
<lamont> ah.
<lamont> trivia.l
<kgoetz> lamont: AUS, ~+10.30. its 9am atm.
<lamont> does ldapsearch -x work?
<lamont> cat <<EOF>>/etc/ldap.conf
<lamont> use_sasl no
<lamont> rootuse_sasl no
<lamont> EOF
<lamont> and no, that's not documented anywhere I could find
<kgoetz> ah. -x
<lamont> s/that's/that was/
<lamont> ok. 'twould suck more if you were in europe somewhere... it'll take me somewhere around 1.5-2 hours before I'll be back online, once I leave in < 5 min
<kgoetz> thanks for the poiter, i'll have a hack
<kgoetz> np.
<lamont> and I'm gone
<kgoetz> later
<ivoks> bye
<ivoks> 'night all
<ivoks> :)
<phaidros> hi, I have a problem with apt. http://pastebin.ca/801042
<phaidros> I have xen-common installed, and can neither update, remove nor reinstall it :(
<phaidros> any ideas?
<kgoetz> are you root? (did you run it with sudo?)
<phaidros> I am root
<phaidros> hi kgoetz :) I ve seen your name in the gobuntu list alot
<kgoetz> ah oh :)
<phaidros> I am root with sudo -s
<kgoetz> try running `apt-get -f install`
<phaidros> E: The package xen-utils-3.0 needs to be reinstalled, but I can't find an archive for it.
<phaidros> I'll put it in /var/cache/apt/.. but I believe its the same then like dpkg ..
<phaidros> it even doesn't recongnize the package in /var/cache/apt/archives
<kgoetz> phaidros: try `apt-get update` then `apt-get install --reinstall <yourpackag>`
<kgoetz> or whatever the aptitude equivilent is :)
<phaidros> aptitude samesame apt-get (usually)
<kgoetz> i know aptitude has a 'reinstall' instead of 'install --reinstall' *wants apt to not need stupid extra switch*
<phaidros> no way. ok further the problem it, that I am currently trying to dist-upgrade, therefor there shouldn't be the same version in the tree.
<phaidros> but even if I put the package with the same version in /var/cache/apt/archives/ it doens't fly :/
<kgoetz> did you download the package seperately?
<phaidros> yes.
<phaidros> it is an edgy install, trying to upgrade to feisty / gutsy (tried both)
<phaidros> got the edgy packages. the dist-upgrade got the feisty (and gutsy) package already as well ..
<kgoetz> ah... this could get interesting.
<kgoetz> but brb
<phaidros> ok
<phaidros> kgoetz: force might be the only way ..
<kgoetz> phaidros: yes, forcing will be required.
<phaidros> even --force-remove-reinstreq doesn't solve :(
<kgoetz> phaidros: you'll have to try to go from whatever state your system is in now, to a feisty system.
<kgoetz> then move from there.
<phaidros> how?
<phaidros> I am blocked :)
<phaidros> maybe force-all .. which I generally try to avoid
<kgoetz> change sources list, update, try to dist-upgrade, see where it bails. force packages to install as needed
<phaidros> well, thats were I hang .. exactly the xen-utils .. I found no way around that yet.
<phaidros> all apt-get / aptitude / dpkg fail on that package .. I'll have a look in the var/lib/dpkg/info/xen-utils-3.0.postinst
<kgoetz> find the package this is in xen.xend.server (and by extentio the file), make sure its tehre
<phaidros> sry, extentio ?
<kgoetz> *extention
<phaidros> which dpkg switch helps me finding that package?
<kgoetz> -S
<kgoetz> iirc
<phaidros> no way to fing :/
<phaidros> find
<soren> What's the problem?
<phaidros> xen-utils cannot get updated, removed, reinstalled .. tried all common tricks (force-all, apt-get install -f)
<phaidros> http://pastebin.ca/801042
<soren> sudo dpkg -P --force-remove-reinstreq xen-utils-3.0 =
<soren> Er.. no "=" at the end.
<soren> Or -r if you don't want to purge the config files.
<phaidros> samesame .. http://pastebin.ca/801064
<phaidros> yeah, and thats the tricky part now :)
<phaidros> any ideas where to tinker?
<soren> Yes, I'm just trying to find the cleanest way.
<soren> phaidros: Not to worry, we'll get it removed in a minute.
<phaidros> hehe, I got it: replacing /usr/bin/xend with a bashscript saying only "exit 0" helped!!
<soren> Well, somethings clearly botched, so if you can live with it might not cleaning up a conffile here or there...
<soren> Yes, that's one way. :)
<phaidros> what would have been an alternative?
<soren> Something along the same lines.
 * phaidros proud
<soren> I'd have edited the preinst script, but the effect would be precisely the same.
<phaidros> :)
<phaidros> cool!
<phaidros> thanx alot soren & kgoetz !
<soren> It's really not the right way to go about it, but.. yeah, well.
<phaidros> yeah, but if any standard ways fail .. well, no options given the crude way wins the beauty contest
<phaidros> :)
<phaidros> ah something else: how to blacklist packages (eg all xserver related on a server)
<phaidros> (because I finally got X packages in on one machine, and cannot see which dependency might have caused this)
<soren> phaidros: If you try to remove them with apt-get, any package that depends on them will be removed.
<soren> phaidros: ...so you can see if anything looks familiar.
<phaidros> yeah I believe it is some gdlib or graphviz or such for php
<phaidros> but anyhow, is there a clean way to block a group of packages under any circumstances/
<phaidros> ?
<soren> Well, yes, but it really shouldn't  be necessary.
<phaidros> hehe, not in an ideal world ;)
<soren> If you install a package that needs some x libraries, well... it needs some x libraries.
<phaidros> but as we've just seen .. world tends to non-idealism. I usually call that an entropic issue
<soren> phaidros: Can you give me a use case for it?
<phaidros> uhm, I need a package like imagemagick for php or cli/scripting purposes on my server, and that package depends somehow (because it is mainly a desktop distro) on X .. I don't want X on a server
<soren> Well, do you need imagemagick or don't you?
<phaidros> I do, but no X
<soren> It's not installing X.
<soren> It's probably installing a few x libraries.
<phaidros> yeah, it was in old debian days. and there are surely packages around which have same strange dependencies nowadays
<soren> Seriously.. If a package in Ubuntu depends on another package... It *really* depends on it. It won't work without it.
<phaidros> oh, ok
<soren> And installing imagemagick won't install an X server.
<phaidros> so, as soon as my xen instance is back alie i can go and check which dependency caused this
<phaidros> alive
<soren> X libraries are not uncommon on servers, I believe.
<phaidros> really? I have always a strange feeling if I see X packages on servers
<phaidros> thats imho a bad redhat&friends habit
<phaidros> uh oh, now I get segfaults on dist upgrade edgy->gutsy
<phaidros> is it save to reboot if module-init-tools are not installed properly (there is the segfault)
<phaidros> ?
<phaidros> it is
<phaidros> ok, libc6-xen is the solution for the segfaulting upgrade
<kgoetz> edgy -> gutsy == bad upgrade path
#ubuntu-server 2007-11-29
<phaidros> kgoetz: you are right ..
<lamont> kgoetz: any luck with ldap?
<kgoetz> lamont: fraid not, i've been busy with other work. i managed to get ldapsearch going ok ( http://pastebin.ca/801040 ) and from my reding of that i can connect to ldap
<lamont> kgoetz: are you doing ldaps or ldap in the end?
<kgoetz> lamont: /etc/ldap.conf -> uri ldap://127.0.0.1/ . ldapi "wasnt working " as i recall
<lamont> you want some spamage here, or pastebin, or where?
<kgoetz> pastebin woul be fine.
<kgoetz> avoid turning the channel against us ;)
<lamont> step 1 is to get ldap://127.0.0.1/ working.  Then we can worry about making a cert and getting ldaps happy
<kgoetz> i have ldaps enabled, dont remember if i mad a cert for it or not
<kgoetz> i just didnt see a reason to ldaps: onto localhost
<kgoetz> in /etc/default/slapd i put SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
<lamont> http://pastebin.ca/801110
<lamont> in there, s/foobaz/whatever/
<lamont> and comment out the TLS_CACERT
<kgoetz> looking atm :)
<lamont> TLS_REQCERT should be uh... something
<lamont> 'never'
<lamont> and rootbinddn should be god-of-ldap (whatever you said when you configured slapd)
<lamont> _THEN_ ldapsearch -x -h localhost -D cn=admin,dc=foobaz,dc=com -W "(uid=kgoetz)" uid
<lamont> that'll prompt you for the passphrase, which should be what's stored in /etc/ldap.secret
<lamont> and if _that_ query works, then all we have to do is argue with nsswitch.conf
<kgoetz> *starts looking for all those files/lines in files
<lamont> kgoetz: I just finished smacking my config into usability again for gutsy
<lamont> in the process, I fear I actually understand pam now.
<lamont> don't tell anyone
<lamont> :-)
<kgoetz> hehehe. i got famiar with pam_radius and a few related bits... i wish i still rememberd :)
<phaidros> any ideas what might be the problem with hotplug if "cat /proc/kernel/sys/hotplug" -> cat: /proc/kernel/sys/hotplug: No such file or directory (2.6.22-14-xen)
<phaidros> ?
<kgoetz> your file or directory isnt there?
<phaidros> but it shoul, shouldn't it?
<kgoetz> lamont: teh TLS_REQCERT -i dont see that in my config. can i just add it?
<kgoetz> s/teh/the
<lamont>  find /proc | grep plug
<lamont> /proc/sys/kernel/hotplug
<phaidros> uh oh o.O
<lamont> kgoetz: I expect so.  That's almost exactly what the file looks like on my machine... worst case it just mutters about lines it doesn't understand
<kgoetz> # here because "lamont said"
<kgoetz> TLS_REQCERT demand
<lamont> you want TLS_REQCERT never
<lamont> for now
<kgoetz> ok.
<lamont> because we're not doing ldaps yet.  just ldap.
<kgoetz> ok
<kgoetz> shouldi comment out the extra lines that you dont have?
<kgoetz> oooh. it worked :o
<kgoetz> ls: /etc/libnss-ldap*: No such file or directory
<kgoetz> but the query workd :)
<lamont> libnss-ldap*  will need to be there when we say 'getent shadow |grep kgoetz'
<lamont> which we want to see two lines from, hence the fetcheverythingandgrep solution
<lamont> apt-get install libnss-ldap
<lamont> and may as well install libpam-ldap too
<kgoetz> both are already installed
<lamont> and finger-ldap :-)
<lamont> ah, on gutsy?
<kgoetz> yes.
<lamont> the symlinks may or may not be needed... I'm to lazy to figure it out - they're certainly needed on dapper. :-)
<lamont> and I have dapper machines, too.
<lamont> sudo /etc/init.d/nscd restart
<kgoetz> they dont seem to be needed anmore ;)
<kgoetz> *any more :)
<lamont> actually, do a stop and then a start - restart doesn't always give me the love I want
<lamont> and the uri in /etc/ldap.conf is ldap://127.0.0.1/, not the ldaps://ldap.foobaz.com/, right?
<lamont>  /query lamont and paste /etc/ldap.conf :-)
<kgoetz> i dont have an nscd
 * kgoetz cuts out comments from config file
<lamont> no nscd just means that you'll query the ldap server alot.  OTOH, it also means that nscd won't be stepping in the middle and LYING to you
<kgoetz> pm flooded
<lousygarua> did anyone ever tried `rsync` over WebDAV? does it works??
<lamont> Nov 28 16:05:21 mmjgroup postfix/local[15044]: warning: pipe_command_read: read time limit exceeded
 * lamont grumbles
<danp> hi. where would i find a list (or an RSS feed) of packages that are updated in universe/multiverse?
<danp> i have a server running edgy and perdition was updated for security fixes but i couldn't find that announced anywhere
<Burgundavia> danp: ubuntu.nl has feeds
<Burgundavia> danp: https://lists.ubuntu.com/archives/ubuntu-devel/2005-August/009392.html
<danp> thanks, seems to be gone now though
<Burgundavia> they are there still
<Burgundavia> just moved
<Burgundavia> just trying to find them
<Burgundavia> danp: http://blogs.ubuntu-nl.org/dennis/2007/10/21/hardy-heron-changes-feed/
<danp> thanks!
<danp> Burgundavia: hmm, this still only seems to be changes to main. perdition is in universe
<Burgundavia> danp: there have been no changes to edgy since release, as only main is security supported
<kgoetz> any (easy) way to increase teh logging prouced by pam? i'm unable to get multiple logins over ssh using ldap backend (i also have issues with sudo)
<Burgundavia> danp: https://lists.ubuntu.com/archives/edgy-changes/2007-November/thread.html
<Burgundavia> danp: and why are you still running an edgy server?
<Burgundavia> it is not supported for all that much longer (6months)
<danp> that's still only main changes...perdition is in universe and was recently updated
<Burgundavia> http://changelogs.ubuntu.com/changelogs/pool/universe/p/perdition/perdition_1.17-7ubuntu0.6.10.1/changelog
<Burgundavia> hmm, wonder why they are not showing up
<danp> and i'm still running edgy because it's supported for another 6 months :P
<Burgundavia> at which point you need to upgrade to Feisty, for another 6 months
<Burgundavia> and then to Gutsy and then to Hardy
<ScottK> Burgundavia: There have been edgy-security uploads for Universe packages.  I've done a couple myself.
<Burgundavia> ScottK: yes, but not many
<Burgundavia> not that I would trust a production server to
<danp> i'm on ubuntu-security and i never got a notice for perdition
<ScottK> Well you take that risk pretty much whenever you run Universe stuff.
<Burgundavia> because -security doesn't carry universe stuff
<Burgundavia> this is a fairly serious issue, the lack of notification
<ScottK> danp: Even when Universe packages get updated, they won't do a USN.
<Burgundavia> it should at a minimum, go to -changes
<ScottK> Agreed.
<danp> is there at least a published list of the changes?
<Burgundavia> let me put it on the tech board agenda
<Burgundavia> danp: there is the mailing list. I have no idea why this upload did no make it there
<ScottK> LP developers dropped security from -changes because the fact that it was there before was a 'bug' and not by design.
<Burgundavia> ugh, that is dump
<Burgundavia> dumb, rather
<ScottK> They've been thrashed and promise to put it back Real Soon Now.
<ScottK> Well it's LP.  That's redundant
<Burgundavia> I am very strongly of the opinion that LP is mostly just a giant non-free rathole
<danp> this is just an example, but in a more general sense i'm looking for a way to get notified/informed of *any* changes to whatever release i'm using
<Burgundavia> this is one of those holes
<ScottK> Burgundavia: Agreed.
<danp> is my best bet right now to track the package list files?
<ScottK> When I asked, "If it's a bug, where's the spec that describes how it's supposed to work?"
<ScottK> Answer I got was, "will you help us write one"
<Burgundavia> danp: -changes should have everything. This is a bug
<Burgundavia> https://wiki.ubuntu.com/TechnicalBoardAgenda
<Burgundavia> added both items to the next TB meeting
<ScottK> https://wiki.ubuntu.com/UbuntuDevelopment/PackageArchive/SoyuzUserDocumentationDraft is what now exists for documentation. it's a bit, um, thin.
<danp> thanks!
<ScottK> My larger answer on the help write the spec issue is that I have a consulting rate for proprietary system development work.
<ScottK> Which is where the non-free bit kicks in.
<danp> so at the moment what is going to -changes?
<ScottK> For Edgy, you would get edgy-updates.
<ScottK> Backports too, I think.
<danp> cool
<lamont> Burgundavia: bzgrep ^Package: ubuntu/dists/gutsy-security/universe/binary-i386/Packages.bz2 |wc -l
<lamont> 55
<lamont> universe gets security updates, it's just not something that canonical funds doing, other than best-effort by keescook et al.
<ScottK> The larger point that Burgundavia makes is valid though.  There's no announcement mechanism.
<Burgundavia> lamont: yep, I get that. This is more about making certain what updates do get done get notifications created
<lamont> "notification" == advisory?
<danp> not necessarily
<ScottK> I've don't -security updates for packages that were in Universe in some releases and in Main in others and the USN just talked about the Main ones (leaving one to reasonably infer the other releases weren't affected when they were(
<ScottK> (/)
<lamont> Burgundavia: and launchpad has nothing to do with -security packages getting built.
<danp> i personally just want a way to be notified of every possible change to a release
<Burgundavia> lamont: I didn't say it did
<Burgundavia> I was talking about mailing lists
<danp> hopefully not as low-level as reviewing changes to the Packages files myself
<lamont> most of the stuff that builds in -security is built while it's embargoed.  hence no notice to -changes.  the embargo is also the root cause of LP not being involved.
<Burgundavia> but that is a bug that can be fixed
<lamont> since launchpadlibrarian has no concept of read restrictions
<lamont> Burgundavia: fixed how?
<lamont> I can't send you a notification when i build it.
<Burgundavia> lamont: by sending the notification only when it is unembargoed
<ScottK> lamont: At some point LP learns of the change.  Then.
<lamont> I _can_ send you a notification when its unembargoed.  I've only seen that notification in the form of a security advisory.
<lamont> for _any_ software distro
<lamont> LP learns of the change once it's unembargoed
<lamont> I think.
<lamont> it must be importing -secuity back from the dak archive
<Burgundavia> right, I am not arguing implementation at the moment
<lamont> so at the point that LP imports the -security bits from dak, it could generate a -changes mail
 * lamont is speculating on that bit of process.
<Burgundavia> right, those are details I don't know, nor do I really specifically care, given I am not an LP dev
<ScottK> The key bit is that it used to be there and was removed.  What man has once accomplished he can aspire to achieve again.
<lousygarua> wow, it's cold in here and i've just put a nice heat-blower straight on my feet!
 * lousygarua is delighted
<kgoetz> i just found my ldap is far more broken then i thought
 * kgoetz is upset
<lousygarua> how can an ldap get broken?
<danp> Burgundavia and ScottK, thanks for the tips. i look forward to -changes being my answer soon :)
<kgoetz> my lookups arnt working properly somehow. I have no name!@newmoon:/root$
<Burgundavia> danp: no worries. Sorry we cannot help you in the imm.
<danp> it's cool. i can make do with looking at Packages in the mean time. but i'm sure other people would appreciate that information if it was readily available
<kgoetz> lamont: you aroud? i cant seem to figure out some issues
<lamont> heh
<kgoetz> :(
<lamont> fire away
 * lamont waits for "how do we find the girl?  If we do find the girl, how do we get away?"
<kgoetz> i can run 'id $USERNAME' and it lists out the users IDs, but bash/anything else cant map the IDs
<kgoetz> i can ssh in as the user, but it seems only once at a time
<lamont> make life easier: apt-get install nscd
<lamont> which, amusingly, shouldn't change anything
<kgoetz> intalling now
<kgoetz> reasonably small config file
<lamont> it has a config file?
<lamont> :-)
<kgoetz> yes... dont i need it? :\
<lamont> I expect so.
<lamont> I never even noticed
<lamont> as in, it won't need any edits
<kgoetz> ok
<lamont> how is bash trying to map the id?
<lamont> (as in, what do you mean that it can't?  what's your testcase?)
<kgoetz> installing that makes a difference o
<kgoetz> s/ o//
<kgoetz> lamont: i typed in 'bash'
<kgoetz> and got "I have no name!@newmoon:/root$" back
<lamont> is /etc/ldap.conf readable by mortals?
<kgoetz> now i get "kim@newmoon:/etc/pam.d$
<kgoetz> "
<lamont>  /etc/nsswitch.conf?
<lamont> (/etc/ldap.secret should be root:root, 600
<kgoetz> yes they are.
<lamont> the others, should be 644
<kgoetz> yep
<lamont> so installing nscd fixed it?
<kgoetz> yes
<lamont> if you figure out why, I'd love to know
<kgoetz> you are a genius :)
<lamont> thanks
<lamont> I should really put the whole mess into a howto on the wiki sometime
<kgoetz> i was goign to work on one/two as well. getting it working became a higher priority then writing about it though ;)
<lamont> I wonder if it's because nscd runs as root
 * lamont automated ssh key replication to clients from ldap
 * lamont is lazy
<kgoetz> .... your writing the guide :P
<lamont> heh
<kgoetz> hm. root@newmoon:~# ldapaddgroup kgoetz 1179
<kgoetz> grep: /etc/pam_ldap.conf: No such file or directory
<kgoetz> is pam_ldap.conf still in use? iirc i read its been retired
<lamont> if it's being used, it should be a symlink to /etc/ldap.conf
<lamont> _I_ have it. :0)(
<kgoetz> reading /usr/share/doc/libpam-ldap/README.Debian is interesting
<lamont> yeah.  that and the manpage for pam.conf were very eye opening on monday night
<kgoetz> stupid pam
<lamont> heh.  pam is love, man.
<kgoetz> polletheme pam :\
<kgoetz> win 32
<zero-9376> is there a metapackage for the lamp server that you install from the server cd
<kraut> moin
<_ruben> mornin
<soren> zero-9376: No, but if you had bothered to stick around for more than 27 seconds, someone might have told you what to do..
<_ruben> ;)
<_ruben> well .. 6 minutes a bit longer than 27 secs .. but still :-)
<Burgundavia> soren: I see him being in channel for 5 minutes at least
<soren> Burgundavia: Potato, potato.
<soren> Doesn't really work in writing, does it?
<soren> Burgundavia: 5 minutes is still an annoyingly short time to stick around for when you've asked a question.
<joycetick> ive just installed ubuntu-server 7.10 on a laptop but its wireless pcmcia card is being recognised (i think, it shows up in iwconfig at eth2) but returns errors when trying to connect to the network (this card was working before in xubuntu 7.04)
<kraut> joycetick: why do you install ubuntu-server on a laptop?
<joycetick> its a 800Mhz machine so i wanted to install fluxbox or similar on it
<firecrotch> joycetick: what about Xubuntu?
<joycetick> and my isp mirrored the iso so it was easier to get than fluxbuntu (which i just found through google)
<joycetick> i was using that before i installed ubuntu-server, might have to go back to it
<phaidros> any xen expert around ?
<avatar_> !ask
<ubotu> Don't ask to ask a question. Just ask your question :)
<avatar_> i'm not an expert
<henrix> or try #ubuntu-xen ;)
<Gargoyle> libc6 is what is commonly known as glib isn't it?
<Gargoyle> *glibc
<spiekey> how can you force ubuntu to write directly onto usb stick, without caching?
<spiekey> is this a mount option?
<soren> spiekey: I don't remember if "flush" works?
<soren> spiekey: mount -o flush -t vfat /dev/whatever /media/whereever
<soren> spiekey: Otherwise, "-o sync" is what you're looking for.
<soren> spiekey: It'll kill your usb stick, though.
<soren> spiekey: They're only built to handle a certain amount of writes to them. If you mount it with sync, and you have a particularly stupid application write to it, just writing a single file to it can cause it to be written to several thousand times.
<darrend> hi all
<darrend> I have a cron job in /etc/cron.hourly that fails when cron executes it ("Exec Bad Format" or similar message).  If I execute it manually, it runs fine.  Any ideas?
<darrend> script is at http://pastebin.com/d13dc62ab
<mralphabet> darrend: that looks right . . . the bad format is from syslog?
<darrend> mralphabet: the message was being added to the email that cron was sending (which was ending up in ~/dead.letter but is now being accepted by the remote mail server and ending up in a black hole
<darrend> let me try to disable the mail output so I see the messages again.
<lamont> keescook: are you the apparmor guy?
<lamont> Nov 29 10:01:22 mix kernel: [739593.226765] audit(1196355682.459:35):  type=1503 operation="inode_permission" requested_mask="r" denied_mask="r" name="/etc/ldap/ldap.conf" pid=16512 profile="/usr/sbin/cupsd"
<lamont> how do I tell it that it's OK?
<keescook> lamont: well, mathiaz and I both work on it
<keescook> why is cups trying to read ldap.conf?  but anyway, sudo vi /etc/apparmor.d/*cups
<keescook> add:   /etc/ldap/ldap.conf  r,
<keescook> then sudo /etc/init.d/apparmor reload
<lamont> and then restart cups
<keescook> nope
<lamont> well,  I did the first two steps...
<keescook> the aa reload will just update the running process's confinement
<keescook> you can do   sudo aa-status   to see what aa thinks of the world
<keescook> if you did apparmor stop/start you're SOL, and you need to restart cups
<lamont> aalib is part of apparmor? :-)
<keescook> that would rule
<keescook> "I'm pwning you in ASCII!"
<lamont> I might have done /etc/init.d/apparmor restart
<lamont> mind you, I'd rather see us make selinux happier
<keescook> restart == reload so that's okay
<keescook> lamont: sure, we're just waiting on some upstream patches to roll out for that
<keescook> lamont: where does aa-status report cupsd?
<lamont> 2 profiles are in enforce mode.
<lamont>    /usr/sbin/cupsd
<lamont>    /usr/lib/cups/backend/cups-pdf
<lamont> 1 processes are in enforce mode :
<lamont>    /usr/sbin/cupsd (18409)
<darrend> mralphabet: error message is.. "run-parts: failed to exec /etc/cron.hourly/00backup: Exec format error"
<keescook> (also, you added the ldap.conf to the cupds section not the cups-pdf section of /etc/apparmor.d/*cupsd ?
<lamont> Nov 29 10:36:12 mix kernel: [741679.573259] audit(1196357772.436:39):  type=1503 operation="inode_permission" requested_mask="r" denied_mask="r" name="/etc/ldap/ldap.conf" pid=18573 profile="/usr/sbin/cupsd"
<lamont> no.
<lamont> abstractions/cups-client
 * lamont does the right file
<keescook> ah, yeah, the cups-client is for stuff trying to talk to the cups server, etc.
<darrend> mralphabet: I think google may know the answer.. looks like I need /bin/sh and not /bin/bash
<lamont> yeah!  helps to fix the right file.
<lamont> thansk
<mralphabet> darrend: heh
<darrend> hmm.. no - still fails
<darrend> brb
<mralphabet> ;(
<rodpod> would it be better if i used iptables to forward GRE and port 1723 to access a RRAS VPN (PPTP) server, or just setup the VPN stuff on my ubuntu server and use LDAP for authenticating...what would be the best package with ldap support for doing this?
 * nealmcb congratulates jdstrand on Ubuntu Membership :-)
<jdstrand> thanks again nealmcb! :)
<AlexJTanner> i have a question
<AlexJTanner> anyone there?
<somerville32> !ask
<ubotu> Don't ask to ask a question. Just ask your question :)
<AlexJTanner> well here's my question "everytime I use apt-get install on my ubuntu servers they want me to put in the DVD, how can I get it to instead of taking the packages from the DVD to take them fromt the reprostories
<AlexJTanner> I have SSH acess to both of them
<ember> how may have it source.list to get it from dvd i think
<rodpod> nano /etc/apt/sources.list
<rodpod> take out the cdrom entries
<AlexJTanner> k thanks
<AlexJTanner> I feel a bit of a newb asking this question
<AlexJTanner> this is just my first time running ubuntu without gnome
<AlexJTanner> i am working on getting both of them ready to go into my basement, and part of that is not having to run down and put a DVD in everytime I need to install something
<ScottK> lamont: I think Bug #172925 is worth you having a look at.
<ubotu> Launchpad bug 172925 in postfix "postfix upgrade does not add 'retry' service" [Medium,Confirmed] https://launchpad.net/bugs/172925
<lamont> gah.
<lamont> will do
#ubuntu-server 2007-11-30
<kgoetz> hi all. has anyone here tried no-TLS postfix under gutsy?
<kgoetz> we've disabled it in the configuration, but its still been requested somehow
<pschulz01> kgoetz: That's a very good question.
<pschulz01> kgoetz: We are having the same problem here.
<kgoetz> guess i'll have to wait then ;)
<kgoetz> pschulz01: its smtpd_tls_security_level = encrypt
<kgoetz> just comment it out :P
<Caplain> hey i have 4 ethernet adapters in my box which is acting as a bridge, 1 is wireless and connects to the router for the internet, i can ping it from the box, i can ping my bridge from my client but i cant ping the router from my client
<CyberMad> i would like to install virtual machine at ubuntu-server, but i confuse to choose between VMware-server or VirtualBox, which one do you recommend ?
<kraut> moin
<J-_> Is there anyway to install an encrypted server? If so, will that prevent it from getting hacked, or have better preventative measures against getting hacked? I'm running a LAMP server, and I think I got hacked becuuse it's not working proper. And looking at exim, 2 IP's have been download content, I don't think when viewing a website that a regular user would pull 8+mb of data.
<ivoks> ?
<ivoks> what is encrypted server?
<ivoks> you can encrypt filesystem, you can provide cypted service
<ivoks> but crypted server?
<J-_> WELL, obviously you know A BIT more than me, so rather than flame. SUGGEST something that I would have ment.
<J-_> or could
<J-_> whatever
<J-_> SO YES, encrypted filesystem is what I ment.
<J-_> I guess that was your effort. FLAME someone, then don't suggest anything.
 * J-_ chuckles
<ivoks> ?
<ivoks> J-_: where did i flame? i asked
<ivoks> and encrypted filesystem is an option during install
<ScottK> J-_: It's probably not the most productive thing to whine at the people that are trying to help you.
 * ScottK was too late.  missed it by that much.
<ivoks> and encrypted filesystem won't save you from net attacks
<ivoks> and i'm not sure how exim could provide logs about LAMP :)
<ivoks> oh, he left :)
<ivoks> didn't notice that :D
<_ruben> heh
<_ruben> minor detail
<heno> has anyone tested the latest server images on real metal (or vmware even). It still doesn't boot in virtual box
<heno> installs fine though
<zeasier> hiya, trying to migrate samba accounts from one machine to the next. what files do i need to copy? using the smbpasswd backend
<zeasier> found /var/lib/samba/passdb.tdb, but is that the only file needed?
<sommer> zeasier: don't forget /var/lib/samba/secrets.tdb
<sommer> and /var/lib/samba/group_mapping.tdb
<sommer> if you have issues you might copy all the files in /var/lib/samba
<zeasier> hmm
<zeasier> that sounds promising but i'd still like to find some documentation about this online
<zeasier> those files names will help a lot
<sommer> zeasier: you can look through the samba docs: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/index.html
<sommer> I'm not sure how much you'll find on replicating accounts though.
<zeasier> that might be faster than searching for keywords across the web, thanks
<sommer> np... if you don't need the second machine up right away the best thing may be just to copy the files and see if the accounts are there.
<sommer> if not copy another file, and so on
<zeasier> actually maybe we should switch to pam auth
<zeasier> that way we won't have to deal with multiple passwords anymore
<sommer> that works too, also using LDAP works too
<zeasier> one of these days i'd like to get a centralized authentication system going
<zeasier> even for plain user accounts
<sommer> IMHO LDAP is the way to go
<zeasier> yeah i need to bite the bullet the figure it out one of these days
<zeasier> what's the default windows workgroup for xp?
<zeasier> i forget if it's WORKGROUP or MSHOME
<sommer> zeasier: I think workgroup
<mralphabet> workgroup
<soren> Really?
<sommer> "I think"... been a while since I've used XP
<mralphabet> perhaps it varies per flavor of xp, but I just installed xp on a machine a week ago and I swear it was workgroup
<zeasier> ah yes, browsing our network all our unconfigured boxes are there
<zeasier> so it's workgroup
<soren> We changed our default (in Samba) to MSHOME to match Windows.
<soren> Did they change it at some point?
<zeasier> maybe it depends on what eddition of xp you have
<mralphabet> perhaps on XP Home it is MSHOME and on XP Pro or the Corp install it is WORKGROUP
<sommer> is it MSHOME for vista?
<mralphabet> not on ultimate
<zeasier> switching to WORKGROUP that's what 2k used by default and that's the best version of windows anyway
<zeasier> even if no one uses it anymore
<mralphabet> I still deploy it ;)
<zeasier> if you have to use windows it's the best if you can get away with it
<zeasier> doesn't support ie7 but then again you shouldn't using ie at all anyway
<zeasier> btw looks like those tdb files worked
<zeasier> just copied all of them
<zeasier> looks like they all were needed according to the docs
<sommer> zeasier: party!
<zeasier> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html#tdbpermfiledesc
<zeasier> thanks for the help
<sommer> np
<mikone> hey, i just did a dist-upgrade from feisty to gutsy 32bit and now my machine does not boot properly anymore. it seems like the boot process is not running as root. when it should mount the partitions it tells me "you need to be root to do that". did anyone else experience this problem and maybe knows a solution?
<sommer> anyone else order one of those OLPC XO laptops?
<kshah> okay, i'm not sure, but I think someone keeps trying to ssh into my server that shouldn't be there, i just happened to find /var/log/auth.log and found hundreds of login attempts from the same ip
<kshah> my server is not at all secure
<kshah> this is the first time i've ever had to administrate my own server
<kshah> what do I do? how do I secure this box
<kshah> its all from 62.205.163.157.. like a billion attempts to login
<DM|> what does "sendmail: fatal: open /etc/postfix/main.cf" no such file or dir mean? it pops up everytime i try to run a sudo command
<sommer> kshah: if you have ssh open to the Internet I'd add this config option to /etc/ssh/sshd_config: AllowUsers username
<sommer> AllowUsers is a space seperated list, then restart ssh
<kshah> okay
<kshah> I mean, I don't know *anything* about what i'm doing
<kshah> this is my first time using linux letting alone administrating a server let alone securing one
<kshah> what are the general measures I should be taking
<sommer> kshah: you can also look into hosts.deny, I've never used it, but I know people do.
<kshah> firewalls, all that good stuff
<DM|> Anyone?
<kshah> should i change my ssh port for the hell of it?
<sommer> kshah: sure iptables is the firewall shipped with Linux
<kshah> i've never used that, learning curve?
<kshah> what is pam_unix
<sommer> kshah: can be a little steep, but there are gui "editors" that can help you create configs... I think firestarter and shorewall are a couple
<kshah> i'm not running x on the server
<kshah> that would be bad, right?
<sommer> pam_unix is the authentication system (Pluggable Authentication Module... I believe)
<kshah> l
<kshah> kl
<sommer> kshah: if you're running a ubuntu desktop I believe you can install firestarter on it then copy the script to the server.
<kshah> win:(
<kshah> AllowUsers user, will only allow that user to login?
<sommer> here's an iptables guide: https://help.ubuntu.com/community/IptablesHowTo
<kshah> do I have to enabled the Allow only option somewhere?
<sommer> kshah: only allow that user/s to login using ssh... any user can still login from the console
<kshah> thank you sommer
<kshah> i'm going to play around
<kshah> its a bit scary when you see a hundred failed login attempts
<sommer> np... another quick precaution is to change your password, making sure it's hard to guess symbols, numbers, upper case and all that
<mralphabet> hrm, I thought sshd_config had PermitRootLogin set to no by default
<kshah> sommer: i typically randomly generate an 8 character pass
<DM|> what does "sendmail: fatal: open /etc/postfix/main.cf" no such file or dir mean? it pops up everytime i try to run a sudo command
<kshah> do you have a mailbox filled with unauthorized access attempt notes? :)
<DM|> I dont even have a mailbox
<DM|> this is a new install
<nealmcb> nijaba, soren - where do we stand on getting the iso to work with qemu or xen?  Last I tried in qemu, I got stuck at an initramfs prompt
<nijaba> nealmcb: for 7.10, no go
<DM|> dmesg
<DM|> oops
<nijaba> nealmcb: but for 8.04 it should and will be solved.  I think soren is working on it
<DM|> kshah any idea?
<kshah> did you install mail?
<kshah> mailx
<kshah> sudo apt-get install mail
<nealmcb> can the problem at least be documented?  what sort of fix is soren looking at?
<DM|> kshah Im really not sure
<kshah> DM| what happens when you type 'mail'
<DM|> kshah lemme try
<DM|> no mail for dmserver
<kshah> sommers: so iptables seems straightforward enough, but when I specify --dport ssh, i'm not specifying the port (which is not longer 22 btw :)
<nealmcb> nijaba:  or can the build script be referenced so folks can fix it themselves?  I just hate the idea of 6 months of saying to folks "our chosen virtualization target platform doesn't run our iso (since we decided that either qemu or xen is the platform of choice - did we ever get back to that discussion?  I recall a posting to the devel list being the next thing to do?)
<kshah> sommers: does it just figure it out from the service, or should I actually specify --dport xxx instead of --dport ssh
<DM|> kshah i removed mailx for now.. but still giving me that error
<nijaba> nealmcb: AFAIK that's our choice for Hardy, right?
<kshah> DM|: i wish I could help you but I am far far far from someone knowledgable, maybe someone here can help
<DM|> : (
<DM|> kshah ok do you know about sudoers though?
<kshah> yeah, i know of the file, and how to edit it
<kshah> sudo visudo
<nealmcb> nijaba: well I'm still digging for more info, but the choice I'm thinking of for gutsy is telling folks how to make a fixed iso.  can isos go in ppas?
<nealmcb> is there an open bug for this?
<soren> nealmcb: The problem was getting the ends to meet, i.e. making the kernel and qemu agree on a usable driver for things.
<kshah> are you guys core developers or something?
<soren> kshah: Some of us are.
<nealmcb> qemu works great with the linux-virtual kernel for what I've done
<nealmcb> it is the iso that seems to stop dead
<kshah> woah
<nealmcb> on reboot, after install
<soren> Er.. Why do you boot the iso after you've installed?
<DM|> kshah lol it doesnt complete and gives that same error message
<nealmcb> I'm not booting the iso, I'm booting the disk I installed it on
<soren> 22:57:27 < nealmcb> it is the iso that seems to stop dead
<soren> ?
<kshah> DM| are you logged in as the user you first created when you installed?
<nealmcb> (after installing from iso in that case)
<DM|> yep
<soren> nealmcb: Oh...
<nealmcb> so I can run kvm or qemu with the virtual kernel and ubuntu-jeos-builder just fine.  but when I install from iso, I can't boot the disk I installed to
<lamont> DM|: your sendmail error means that sudo is attempting to send mail without bothering to see if it should.
<kshah> DM| you have something far wronger with your system than I (will ever) know how to fix
<DM|> lamont so how do i get rid of it
<soren> nealmcb: that's really... odd.
<soren> nealmcb: They ought to be just the same.
<sommer> kshah: --dport xxxx you can use --dport ssh because ssh is listed in /etc/services I believe
<sommer> kshah: so if you change it you'll need to specify
<kshah> sommer: okay, yeah, i saw it automatically associated 80 with www, slick
<nealmcb> of course I might have done the install wrong or something - it is such a slow pain to try again....
<DM|> lamont i want to just get rid of mail for now, but im new to the server world, so can you offer your help
<lamont> ln /bin/true /usr/sbin/sendmail :)
<nealmcb> nijaba, soren - does a wiki page https://wiki.ubuntu.com/JeOS-Builder make sense for me to work on?
<lamont> or install a mailer and configure it
<nijaba> nealmcb: IMO, yes, definitely !
<soren> nealmcb: Apart from the fact that it'll get renamed real soon, sure.
<nealmcb> i.e. the name, and choice of the wiki since it is pre-release
<nealmcb> soren: that's what I'm asking.....
<soren> nealmcb: We can rename pages on the wiki, no problem.
<nijaba> nealmcb: should not prevent you from working on it :)
<nealmcb> but we can't re-point links  - what name are you thinking of?
<DM|> lamont since im not that exp yet, im not going to attempt  to configure a mailer,
<nijaba> nealmcb: yes, but we can maintain a redirect page...
<nealmcb> of course - I just prefer to get it right and avoid confusing folks
<nijaba> nealmcb: the naming issue is still something we have to figure out.  It should not prevent us from working on the tool
<nealmcb> what is the process for figuring it out?
<nijaba> nealmcb: discussion?
<nijaba> nealmcb: and a bit of marketing of course...
<soren> Well, there are two options:
<soren> a) Come up with a good, flashy name
<soren> or
<soren> b) rename it to ubuntu-vm-builder (because I say so)
<soren> :)
<DM|> lamont same error
<soren> If a) doesn't happen within... um... let's say two weeks, I'll go with b).
<nealmcb> how is virt-manager looking?
<nijaba> soren: even though I think ubuntu-vm-builder makes sense, I think we should bring it up with other people, such as gerry...
<nealmcb> virt-install etc
<soren> nijaba: Indeed.
<soren> nealmcb: virtinst just got built an hour ago.
<nijaba> soren: do you want me to put it in my todo list for monday?
<nealmcb> :-)
<soren> nijaba: That would be much appreciated.
<nijaba> soren: will do then
<lamont> soren: finish default-mta packaging yet? :-)
<soren> nealmcb: It took a while for it to go trough NEW, but now we're getting somewhere.
<nealmcb> soren: is there a chance we'd just go with it?
<soren> nealmcb: Not if I have any say in it.
<nealmcb> built in a ppa, or for hardy alpha 1??
<soren> nealmcb: alpha 1 was yesterday.
<nealmcb> soren: and who would give YOU any say in it?
<nealmcb> :-)
<soren> nealmcb: Er... Sorry, I got confused, apparantly.
<soren> nealmcb: "is there a chance we'd just go with it?" what is "it"?
<soren> lamont: gah... /me looks
<nealmcb> I think you got it right - q was if adapting virt-install would be preferable to ubuntu-jeos-builder
<nealmcb> soren: so did it build for hardy?  or still just in your ppa?
<soren> nealmcb: The source is in the official archive now.
<soren> nealmcb: The binaries are in the NEW queue.
<nealmcb> sounds good
<soren> lamont: My biggest problem right now is the long description. I've rewritten it three times and I'm still not happy with it.
<nealmcb> and how would you compare what it can or should be able to do with your very nifty builder script?
<nealmcb>  I'm just thinking that pushing a whole free virtual machine infrastructure is a big job, and wondering where it makes sense to invest time and effort
<soren> Quite. I need to look into it a bit more. I've been blocked by a few bugs in it, so I haven't been able to look too much at it.
 * nealmcb needs to just look at it more himself, but has lots of other things still cooking....
<nealmcb> soren: you do manage to get an amazing amount of stuff done.....
<lamont> soren: feel free to toss it at me and I'll mess with it and upload it and we can deal with the inevitable bug reports. :)
<soren> lamont: Should it just depend on exim4 or something more specific?
<soren> nealmcb: It doesn't feel that way.
<nealmcb> Where might I go to gather more info about this bothersome initramfs prompt?  I haven't found much relevant documentation.  or might I just ship you the vm that I built from the iso for qemu?
<lamont> for debian, I think it's exim4... not sure.
<soren> nealmcb: I've ticked *one* think off on my todo list this week.
<soren> s/think/thing/
<soren> nealmcb: Er.. I can probably look into it some time early next week.
<nealmcb> can you be more specific about the mismatch between the kernel and qemu you were talking about?
<nealmcb> i.e. which driver might be an outage for qemu?
 * nealmcb needs to just do a proper bug report, like he should have done weeks ago, rather than just posting on the forum thread about it
<soren> nealmcb: I forget the exact details. Gutsy is old hat. :)
<nealmcb> should I file the iso reboot bug on ubuntu-jeos?  or on the kernel somehow? or ???
<soren> That's a might good question.
<nealmcb> installer? initramfs?
<soren> The trouble is that it's unlikely to be severe enough to warrant an SRU anyway.
<soren> lamont: http://people.ubuntu.com/~soren/dmta/  <-- The current stuff
<nealmcb> well, getting it documented for hardy is a good start....
<soren> nealmcb: Hopefully, the problem won't exist in hardy :)
<nealmcb> well it still needs a bug....
<soren> nealmcb: I suppose.
<nealmcb> soren: you seem unsure - I'm confused
<soren> nealmcb: It's just that there's a lot of focus on exactly these things.. qemu and kvm  and the kernel running inside them.. It's unlikely to not be fixed regardless of whether you spend time reporting the bug.
<nealmcb> my point is just that qemu and the existing kernel seem fine - it is just the iso that is having problems.  xen may be a whole different issue - I haven't tried it
<nealmcb> iso or install process or whatever
<soren> nealmcb: Ah.
<soren> nealmcb: Erm.. I'm not sure what I'd report it against.
<nealmcb> any good doc on the initramfs busybox prompt?
<soren> nealmcb: Not that I know of.
<nealmcb> and how to figure out how I got there
<soren> nealmcb: You land there if the early userspace stuff fails to get you a proper root.
<nealmcb> I just just run it in a vm and watch what happens.   oh yeah - I am....
<soren> nealmcb: This can be for any number of reasons.
<soren> nealmcb: So to reproduce this, I just take which iso and do what?
<nealmcb> install jeos iso via qemu, reboot, ignore error, restart qemu with the new disk, see initramfs prompt
<nealmcb> (ignore the "you've still got a cdrom loaded" error)
<soren> nealmcb: Added to my todo list. I'll figure out what to report it against.
<nealmcb> :-)
<Innatech> Hello. Could someone point me in the right direction in terms of installing a shorewall package from 7.10 on a 7.04 box? Or just in getting shorewall updated to 2.3.2 or better?
<Innatech> how do I go about using Prevu to try a 7.10 .deb on 7.04 ?
#ubuntu-server 2007-12-01
<nealmcb> soren: this should help - I rebooted in recovery mode (and with no silly splash screen), and got this:  alert! /dev/disk/by-uuid-ad2c6.......2a3 does not exist, dropping to a shell
 * nijaba is going to bed
<nealmcb> nijaba: sweet dreams - yet another virtual reality, much cheaper!
<Innatech> Hello. Can anyone familiar with prevu and backporting have a look at this prevu output for me and help me understand the nature of the failure? http://rafb.net/p/Ns0NLR55.html
<ScottK> Innatech: It looks like probably a bug in the package with debhelper level setting, but I'd have to review the code to be sure.
<ScottK> Innatech: Additionally, that's pbuilder running in that part of PREVU, so anyone familiar with pbuilder (which is a lot more than PREVU) could have read that.
<Innatech> ScottK: what should I read to try and familiarize myself with the tools enough to correct the problem?
<Innatech> ScottK: debhelper and pbuilder man pages, I'm assuming.
<ScottK> Innatech: If you look at the source of the package, there should be a file debian/compat that should have a number in it.
<ScottK> If it does and the number is 5, then you need to whine to jdong to help you with prevu.
<Innatech> Heh, OK.
<ScottK> If it's not there or it's higher than 5, then you need to file a bug (and maybe try to fix it).
<jdong> *popping in at ScottK's request*
<ScottK> Innatech meet jdong.  jdong, meet Innatech
<jdong> whee!
<ScottK> jdong: http://rafb.net/p/Ns0NLR55.html is the issue in question.
 * ScottK doesn't have time to look at it, but it seemed like an odd error to be in the actual package.
<Innatech> Hello!
<jdong> *waits for rafb to load*
<Innatech> I'm looking through the package for the files ScottK indicated should be present.
<ScottK> jdong: I told him to check debian/compat just to make sure it didn't say 6 for some odd reason.
<jdong> I still can't get the pastebin to load... the connection seems to be timing out
<Innatech> hmm. I'll use a different pastebin.
<jdong> thanks
<Innatech> http://paste.ubuntu-nl.org/46395/
<jdong> ah yes, that's better
<jdong> weird error indeed
<jdong> *reproduces*
<Innatech> OK, so I'm not crazy. I usually assume the problem is me.
<jdong> ScottK: debian/compat says 6 for shorewall 3.4.4-1
<Innatech> So, it wants a newer debhelper than prevu is using?
<jdong> Innatech: it wants a newer debhelper than what Feisty has (prevu uses a stock feisty build environment)
<jdong> Innatech: you can either try to introduce a newer debhelper, or figure out what part of the new shorewall packaging needs the new compat level and try to shave it back down to how it was.
<Innatech> hrrrm. Well, I need to get a newer shorewall somehow. The version in the Feisty repos is too old to do multiple WAN connections.
<Innatech> Would it be worth trying to create a new package for Feisty using a tarball of a newer version rather than trying to meddle with the Gutsy package? I'm not well acquainted with altering packages.
<jdong> Innatech: ok, someone's gonna hurt me for saying this BUT......
<jdong> Innatech: just set the debian/compat back down to 5 and see if the build fails
<jdong> :)
<Innatech> heh.
<jdong> it's more sane than totally repackaging from scratch for sure
<Innatech> OK. I'll see what I can figure out.
<jdong> Innatech: in case you didn't know, running "prevu" in the source directory builds the modified source directory. It works similarly to pdebuild.
<Hobbsee> jdong: debhelper 6 doesn't exist yet does it?
<jdong> Hobbsee: *shrug* first time I've heard of it...
<Hobbsee> if it does, it's not in ubuntu
<Hobbsee> looks like a typo
<Innatech> jdong: yes, I think I saw that on the wiki page. So I just grab the source, make the change and see if it builds.
<jdong> but yet shorewall synced from debian sid wants it
<jdong> Innatech: I'll test a build just to see what happens
<jdong> Hobbsee: could very well be
<Hobbsee> and we would have expected more packages coming thru and failing for it
<jdong> Innatech: builds *perfectly* with debian/compat set to 5
<Innatech> Cool. I'm still fumbling around, but I should have it in a minute.
<jdong> yeah lemme know if you have trouble doing the build
<Innatech> I'm just having trouble finding the correct file to alter. I grabbed the .dsc with dget, but it appears not to include the source.
<jdong> Innatech: dgetting the .dsc should grab a .dsc, .diff.gz, and .orig.tar.gz
<jdong> Innatech: alternatively, apt-get source shorewall
<Innatech> Yeah, I have the orig.tar.gz, but there's no .debian/ in it.
<jdong> Innatech: you need to run dpkg-source -x on the .dsc file
<jdong> that will properly extract the source
<Innatech> ah.
<jdong> the debian dir is actually a patch in the .diff.gz file
<jdong> dpkg-source -x correctly applies it
<Innatech> gothca.
<jdong> it's roughly the same as cd'ing into the .orig.tar.gz then running zcat ../*.diff.gz | patch -p1
<jdong> but needless to say dpkg-source -x *.dsc is a bit easier :)
<Innatech> OK, building now....
<jdong> cool
<Innatech> it's going to take a minute, this little box isn't the swiftest.
<Innatech> still pulling additional packages for the build environment...
<Innatech> Success!
<Innatech> :)
 * Innatech thanks jdong & scottk
<Innatech> So, would attaching the generated .deb to a request for an addition to feisty-backports be a reasonable thing to do?
<jdong> Innatech: well you can but it will likely not be immediately approved without more work
<jdong> Innatech: first we need to figure out what's up with this DEBCOMPAT=6 ordeal in the package
<jdong> then we need to evaluate backporting it to Gutsy too
<jdong> finally, I'd like verification that this release is backwards compatible
<jdong> i.e. Shorewall rules written in the Feisty version all run on the Hardy one
<jdong> as long as these simple things can be done, the backport's a go.
<Innatech> jdong: I grabbed this one from Gutsy, FWIW. I'll be using it on a fairly busy router, so I'll see how it goes.
<jdong>  Innatech ok
<joycetick> hello?
<joycetick> anyone know how to autologin on gutsy server?
<Innatech> Is modprobing xt_connmark.ko not enough to enable connmark target support? xt_connmark.ko appears in my lsmod, but shorewall is telling me that it isn't supported by the kernel.
<Innatech> I want to make sure this functionality hasn't been made available as a module before I recompile the kernel.
<Innatech> OK, this seems to say that I do need to recompile: http://permalink.gmane.org/gmane.comp.security.shorewall/17661
<nealmcb> joycetick: so you want to boot to a console prompt as a particular user (i.e. not some sort of gdm autologin?)
<joycetick> nealmcb: yeah
<joycetick> then i was going to run startx
<nealmcb> joycetick: I haven't seen a request for that before :-)
<joycetick> theres always a first time :)
<nealmcb> oh, so you do want a gui?  gnome?
<joycetick> nah, ive got fluxbox atm
<nealmcb> there might be a way in gnome/gdm or the like
<joycetick> not enough resources for gnome :P
<joycetick> otherwise, if its possible to run utorrent under wine without a gui or logged in
<nealmcb> no specifics, but sounds like someone did it and got stuck: http://ubuntuforums.org/showthread.php?t=219863
<joycetick> :(
<joycetick> do you if i could run utorrent under wine as a service? so i dont need to login for it to start?
<nealmcb> damn cntl-w key.....
<nealmcb> joycetick: ask again about wine?
<joycetick> do you if i could run utorrent under wine as a service? so i dont need to login for it to start
<nealmcb> you want to seed something?
<joycetick> and download freely distributable files of course :)
<joycetick> i can manage the torrents through the web interface on another computer
 * nealmcb now has evidence that it is time for bed :-/
<nealmcb> I don't know about utorrent, but I wouldn't see why not - just set up a script in /etc/init.d and link it in to run on startup
<nealmcb> assuming it can run without a terminal
<nealmcb> configure it to run automatically with one of these: sysv-rc-conf, bum, rcconf and file-rc
<joycetick> so, create a file eg /etc/init.d/utorrent, and include the command to run utorrent in there
<nealmcb> and configure it with one of those tools so it is in /etc/rc2.d IIRC
<joycetick> sorry, how would i do that?
<joycetick> bash: sysv-rc-conf: command not found :(
<nealmcb> joycetick: you'll have to read the man pages for that, or find howtos on the web - but it is pretty straightforward.  I'm headed off now - good luck!
<joycetick> nealmcb: ok thanks for your help
<nealmcb> :-)
<Gargoyle> Greetings
<kraut> moin
<spiekey> hi
<DM|> can i set up a domain when setting up a web server? im not sure how this works, Is there a way to do it where i dont have to PAY anyone
<ivoks> you have to buy domain
<zul> well you can get one of those freedomains as well like dyndns
<ivoks> true...
<Nafallo> you could have an internal only domain...
<ivoks> you don't even need a domain :)
<DM|> I have a dyndns, but i wanted my own @mydomainname
<Nafallo> localhost.localdomain is included with the package ;-). a complete FQDN :-)
<ivoks> Nafallo: for free :)
<Nafallo> DM|: that. you'll have to pay for.
<DM|> thatss gay
<Nafallo> s/\./\,/
<zul> DM|: then you have to pay for it
<Nafallo> DM|: no. makes sense.
<DM|> Nafallo only to one who knows about it, to the outsiders, it doesnt
<Nafallo> DM|: you'll have to trust my word on it then.
<DM|> Not questioning your word :)
<Nafallo> :-)
<ivoks> it would be great if i could just say, ok, from now 'cocacola.com' is mine
<DM|> well i got dyndns working so i gues that will work
<Nafallo> woha! 15 minutes until I can install my smurf! :-D
<DM|> Can i set up ubuntu-server to be an FTP ?
<zul> yes
<Nafallo> DM|: dyndns has a nice service called mydyndns as well.
<DM|> Nafallo paid ?
<Nafallo> DM|: yes
<DM|> see
<DM|> im poor
<DM|> so that doesnt work for me
<Nafallo> DM|: they provide supreme services :-)
<ivoks> hm... domains are cheap
<Nafallo> ivoks: I buy their service to use them as slaves :-)
<Nafallo> ivoks: so for me, domains scale depending on what service level I want ;-)
<ivoks> i don't use dyndns
<ivoks> i have one server with it's domain, and then i use bind to scale down domain1.mydomain.com, computer1.domain1.mydomain.com :)
<Nafallo> not sure if this is the channel, but does the RaQ 4's need special memory modules?
<Nafallo> ivoks: well, ns1.magicalforest.se has ns[2-5].mydyndns.org as slaves :-P
<Nafallo> for the primary zone anyway.
<DM|> anyone have a good guide for setting up FTP?
<Nafallo> help.ubuntu.com probably has somewhere.
<DM|> Yeah just to set up
<DM|> well, install
<DM|> but not how to access
<Nafallo> ehhrm
<Nafallo> how do you usually access ftp?
<Nafallo> <hint> ftp client  </hint>
<DM|> well
<DM|> from connect to server, or from map network drive if accessing from windows
<ivoks> DM|: you do know you are asking us how to use computer?
<DM|> ivoks .....
<zylmak> hello
<DM|> ivoks i seriously doubt ":how to i access the FTP server after i set it up" is a "how do I use a computer, don't be a jerk
<zylmak> i have a problem when i use ls all file are in white except one who is in red, what does that mean?
<zylmak> and how do i delete it
<ivoks> red is broken link, probably
<zylmak> is there a way to fix it?
<ivoks> check with ls -dl filename
<ivoks> it will show a destination file
<ivoks> if there is no such file, create it, or erase that broken link
<ivoks> that's called dangling symlink
<ivoks> and is a big security issue
<Nafallo> DM|:
<Nafallo> DM|: http://www.dummies.com/WileyCDA/DummiesArticle/id-188,subcat-BUILDING.html
<DM|> thanks
<zylmak> ok how do i delete it and do an other one
<ivoks> rm filename
<zylmak> no i mean the link
<zylmak> rm dosent work
<ivoks> zylmak: do ls -dl filename
<zylmak> 001-alboscn -> /etc/apache2/sites-available/default
<ivoks> rm 001-alboscn
<zylmak> the file default was renamed to 001-alboscn
<ivoks> you need sudo if you aren't root
<Nafallo> zylmak: no it was not.
<zylmak> thats what i did
<Nafallo> zylmak: the file /etc/apache2/sites-enabled/001-alboscn was linked to /etc/apache2/sites-available/default
<Nafallo> or do you mean 001-default to 001-alboscn
<Nafallo> ?
<zylmak> ok that what i did : 1 rn 000-default 001-alboscn then rn default alboscn
<ScottK> Do we now have a policy for the server team that suggests assigning bugs to the team is OK?  I got a couple yesterday and another just now.
<DM|> im using gftp right now, is there a better ftp client for GTK?
<Nafallo> zylmak: yea, so you're link points to the wrong file because fo that...
<zylmak> but obviously i didnt understand the link, so the first thing witch one have to be the real one?
<Nafallo> DM|: depends on personal taste.
<DM|> i like simplicity, any suggestions?
<ivoks> DM|: this is server channel - we don't use GUI
<Nafallo> ivoks: speak for yourself ;-)
<ivoks> :)
<DM|> ivoks stop commenting please, you arent helping.
<ivoks> Nafallo: we agreed on parsing questions around here
<Nafallo> ivoks: GUI is good for having lots of terminals topened ;-)
<ivoks> so we don't do GUI related questions
<Nafallo> s/to/o/
<ScottK> Really they belong in #ubuntu.
<Nafallo> lftp fqdn
<Nafallo> user user
<Nafallo> ls
<Nafallo> there ya go ;-)
<ivoks> lftp is fine :) ncftp too :)
<ivoks> conclusion was that we want to add 'support' to this channel, but only for server related stuff
<ivoks> topic says all
<Nafallo> yea
<DM|> If you dont like what the question is, dont respond to it
<ivoks> DM|: your question is exaplained in topic of the channel
<ivoks> 'For general (not server specific) support visit #ubuntu'
<DM|> ivoks i was having a CONVERSATION with Nafallo as a suggestion
<ivoks> guys, we have to draw a line, otherwise we will have too much noise :/
<Nafallo> DM|: no you wasn't. you asked me a question and I googled for you.
<DM|> ivoks and you waste alot of time to be a DB about it.
<DM|> Nafallo and i quote "any suggestions?"
<Nafallo> DM|: anyway. stop it now. #ubuntu is the place.
<DM|> Thanks for the help anyway
<ivoks> nealmcb: hi there
<nealmcb> ivoks: howdy!  I'm hanging out with some folks from boulder at the django sprint
<nealmcb> http://code.djangoproject.com/wiki/Sprint1Dec2007
<soren> nealmcb: Oh, cool!
<ivoks> nice
<ivoks> soren: you are here too :)
<soren> ivoks: Sssh... don't tell anyone.
<ivoks> Sore...who?
<nealmcb> jim is working on the final push to get django working on jython
<ivoks> soren: so, what now? i don't mind doing all mail related stuff by default
<ivoks> do we have agreement on that, or should we discuss it at the meeting?
<soren> ivoks: Well, as far as I could see, all the changes you wanted to make to dovecot could be applied on all systems with no downsides.
<soren> ivoks: (apart from the maildir thing)
<ivoks> and postfix support
<soren> ivoks: ?
<ivoks> some of changes are postfix-only changes
<ivoks> authorization part is done inside postfix jail
<ivoks> check out that patch, it requires having postfix installed
<soren> Right. I was just talking about dovecot.
<ivoks> soren: http://launchpadlibrarian.net/10629598/tasksel.diff
<soren> Are you changing anything in dovecot's configuration that requires postfix to be around?
<ivoks> yes
<ivoks> we have to
<soren> Aw, crap.
<ivoks> cause postfix is jailed
<soren> Right.
<soren> Erm..
<soren> Well, /var/run/dovecot/auth-client is really the proper place for the socket.
<ivoks> but postfix doesn't see it then
<soren> ...so some way to get postfix to be able to access it would be optimal, but I don't have any good suggestions for that right now.
<ivoks> there is exaclty the same problem with all other sasl implementations
<ivoks> that's why we are doing this trough default mail server install
<soren> True.
<ivoks> to provide super mail server without any need to do editing configuration, linking and stuff...
<ivoks> and, for those that know what they are oding, they could always do it by hand
<soren> got it.
<ivoks> we could divide this patch in two pieces
<ivoks> one would be general dovecot improvments
<ivoks> and everything else would go in tasksel
 * soren considers how bind mounts and unix sockets work together
<ivoks> that corss my mind too
<Nafallo> hmmm
<Nafallo> 5pm...maybe I should get out of bed...
<soren> That might actually work.
<soren> google speaks of a few people who did it to access the X unix sockets.
<soren> It's worth a try.
<ivoks> we could try yes...
<soren> Could you do that?
<ivoks> yes
<soren> That would be excellent.
<soren> dovecot
<soren> 's init script could check if /var/run/postfix exists and if so, bindmount /var/run/dovecot/auth-client into it somewhere.
<ivoks> other way around
<ivoks> postfix should check
<lamont> we can force the ordering of the startup, you know
<ivoks> of course we can
<ivoks> dovecot should start first
<Nafallo> what are you doing? :-)
<soren> ivoks: Good point.
<lamont> Nafallo: conspiring, of course.
 * lamont is about to run out the door for the day
<lamont> about 2 hours late, but ...
<Nafallo> lamont: mails filed into postgresql? ;-)
<soren> lamont: Have you tried the unix socket bind mount thing?
<ivoks> umm...
<lamont> soren: I believe that it works...
<soren> lamont: Wicked.
<ivoks> maybe dovecot could listen on localhost?
<soren> we win.
<lamont> dunno that I've ever tried. it...
<ivoks> instead of socket :)
<lamont> the easy one to check with is the syslog socket, and then syslog restart and see if postfix logging still works.. :)
<lamont> or something like that
<ivoks> i could also, really, look at possibility to get dovecot listen on localhost:someport
<ivoks> i would really like to escape additional mounts in my 'mount' output :)
<soren> ivoks: That would be good, too :)
<soren> I've got to run..
 * soren vanishes
 * ScottK votes no on SQL mail storage and slaps Nafallo with a cold, dead, wet fish.
<Nafallo> lol
<ivoks> looks like listening on ip address doesn't work :/
<ivoks> or... :)
<ScottK> For stuff I've modified to be postfix chroot friendly, I've used TCP sockets.  Would that be an option with dovecot?
<ivoks> that's what i'm looking at
<ScottK> I did that for clamav-milter and dkim-milter.
<ivoks> no way to get dovecot listen on tcp port
<ivoks> ok, then binding during postfix startup is an option...
<rrittenhouse> Im trying to set up a DNS server with the gutsy server cd and it doesnt seem to be working! I am however getting denied messages in the syslog
<ivoks> you have to configure it
<rrittenhouse> im a newbie at dns but i noticed when i install bind9 in a desktop install it just works
<rrittenhouse> i figured it would be the same way
<rrittenhouse> I dont need to specify any domains I just need it to look them all up with other dns servers
<rrittenhouse> I cannot get to a group of clients that were on an old web server box I had
<rrittenhouse> so I just need it to very basically look up IP's
<ivoks> you need bind only if other machines are going to use that server for lookups
<rrittenhouse> ah got it
<ivoks> if your server is the only one that needs to search for IPs
<rrittenhouse> the IP's were being denied - its basically an open dns server now
<ivoks> right
<rrittenhouse> but this is very temporary
<rrittenhouse> so, awesome :)
<ivoks> i don't see why you would need DNS service
<ivoks> just add '192.168.0.1 my_server_1' to /etc/hosts
<ivoks> replace 192.168.0.1 with real IP
<rrittenhouse> no no see
<rrittenhouse> i took over this IT department and for some reason the old admin had dns on the webserver
<ivoks> ok
<rrittenhouse> we switched the webserver to a new ISP last night and dns was on that box
<ivoks> so you don't have DNS anymore?
<rrittenhouse> we set up  apache to capture the web requests and to throw up a maintenance page
<rrittenhouse> and the old admin had a group of people set up externally using that DNS
<rrittenhouse> at another one of our businesses that we support
<rrittenhouse> They just need DNS monday until we can get up there to change it
<ivoks> then you need bind
<ivoks> and you have to configure it
<rrittenhouse> yeah
<rrittenhouse> its done now
<rrittenhouse> at least it appears to work :P
<rrittenhouse> just had to allow anybody to access it (which is fine)
<rrittenhouse> actually its cgillogly -- hes the one at work today.. im just trying to help him find answers
<rrittenhouse> but it appears to work and im using it here from home
<ivoks> so, you are open dns for all domains now? :)
<rrittenhouse> is that a problem?
<ivoks> well, anybody could ask your dns about any domain in the world
<rrittenhouse> yeah
<ivoks> if you are ok with that...
<rrittenhouse> until monday
<rrittenhouse> i think the old one was like that anyhow :)
<ivoks> i keep my dns open only for domains it hosts
<rrittenhouse> ah i see
<ivoks> there are two 'directions' in DNS
<ivoks> one is - world asking about your domain
<ivoks> and the other is - your domain is asking about world domains
<rrittenhouse> yeah...
<ivoks> you need to enable whole world to resolv your hostnames
<ivoks> but not anything else
<ivoks> and then you have to enable your computers to use your DNS to resolve all domains in the world
<rrittenhouse> hmm
<ivoks> look at your clients as your domain
<rrittenhouse> ok
<ivoks> allow-query should be any
<ivoks> and allow-recursion should be only clients you trust
<ScottK> That one can be important.
<rrittenhouse> I need to see if i even have the IP's for that business
<rrittenhouse> hm
<rrittenhouse> It actually might just be coming from one public IP
<ivoks> if they are on a dynamic IP, they you are doomed :)
<rrittenhouse> theres one public and the internals are all dhcp
<rrittenhouse> usual natted setup i believe
<ivoks> http://www.ip-plus.net/tools/dns_check_set.en.html
<ivoks> use this tool to check your DNS
<ivoks> your dns server should return results only for your domain
<ivoks> but, if you have client on a dynamic IP, you will have to provide access to all on allow-recursion
<ivoks> that's a bad thing, but hopefully till monday you won't have problems :D
<rrittenhouse> lol
<rrittenhouse> what could it enable someone to do?
<ivoks> hopefully nothing
<rrittenhouse> im just trying to see why its so bad
<rrittenhouse> like i said im a noob at dns :P
<ivoks> but you are providing usually private service to everybody
<rrittenhouse> like opendns
<rrittenhouse> :P
<ivoks> there are some open dns
<ivoks> right
<rrittenhouse> thats fine though really
<rrittenhouse> if someone really needs dns that bad they can use it lol
<rrittenhouse> its only 2 t1's
<atouk> xp box can access server with either server name or ip, but ubuntu box can only access it via ip.   any thoughts?
<Burgundavia> atouk: is it part of an AD tree?
<atouk> ??
<atouk> ubuntu server setup with fixed ip.    i can put either ip or servername in address bar in xp and it finds it, but in ubuntu firefox,only ip will find it
<Haesufin> G'day I have something weird going on, i am logged onto my server(ssh) and can ping my server but it cant ping anything or connect to the net
<ScottK> atouk: If it's in firefox, it's not a server question.  Please ask in #ubuntu.
<Haesufin> it's a new install (tonight) and have only installed ssh and samba
<atouk> so it's a ff behaviour then
<atouk> ok, that makes life easier
<ScottK> atouk: I don't know what it is, but if you're running Firefox on it, it's not a server and this isn't the place to ask.
<sommer> atouk: does the ubuntu server have an A record in DNS?
<atouk> not running ON it, accesing it WITH on 7.10 box      accesing it with XP works by name or ip.     I was just making sure it wasn't some odd setting on the server box i missed that was causing it
<atouk> not really an issue, just an annoyance
<sommer> atouk: try adding "search your.domain" to /etc/resolv.conf
<atouk> k
<sommer> and just so I'm clear you're trying to access server.domain.name from another ubuntu client and it doesn't work by name?  but it works from XP?
<atouk> server box is names 'server1'.      if i type server1 in url line in XP, it finds it.   if i type same thing from 7.10 (ff) url line, it doesn't
<atouk> (named)
<sommer> atouk: add "127.0.0.1       server1 your.domain" to /etc/hosts... or use localhost in the address bar
<sommer> atouk: samba server?
<atouk> apache
<atouk> server is on it's own box
<sommer> mmmMM... seems like a /etc/hosts issue to me...
<atouk> 7.10 and xp are seperate boxes
<sommer> atouk: okay, but the 7.10 you are talking about is the server? and you are typing server1 into ff on the server?
<sommer> ff running on the server correct?
<atouk> server1 ->   ubuntu-server install
<atouk> 1.20  -->  seperate box with full 7.10 install
<atouk> oops    7.10
<sommer> so you're accessing server1 from the 1.20 box and it can't connect using the name server1?
<Haesufin> Got it fixed with sudo-v, cheers for your help
<atouk> gah   two conversations at once
<sommer> atouk: basically for a linux machine to resolve by name you need an entry in /etc/hosts or an dns entry and the search domain.name in /etc/resolv.conf
<atouk> if i tper server name into xp browser url line it finds it.    if i type name into ff url line on a 7.10 install, it doesn't
<sommer> atouk: did you try adding the entry into /etc/resolv.conf?
<atouk> not yet.      as long as i know it's not a fubar on server, i'm ok with it
<sommer> atouk: more info on /etc/resolv.conf: http://users.ictp.it/~radionet/ghana1998/INSTALL/NODE214.HTM
<sommer> atouk: you can use the "search" option or the "domain" option... to get the same results
<sommer> atouk: you might also read up on /etc/hosts: http://www.faqs.org/docs/securing/chap9sec95.html
<atouk> server is going into lan at work to feed sp boxes, so if it's not a server side problem, i'm just leaving it alone
<rodneykk> whats the difference between the kernel.domainname in sysctl.conf and the dnsdomainname command
<atouk> (xp boxes)
<sommer> atouk: have you tried the fully qualified domain name in firefox?
<atouk> yeah, still goes outside looking for page
<atouk> but xp handles it ok, so not an issue
<atouk> i'll not bother it anymore.        time for some wine
<atouk> i'll just end up fixing it until it's REALLY broke
<sommer> atouk: okay, well if you decide to look at it again, look into /etc/nsswitch.conf and /etc/hosts... my money says that will solve the issue.
<atouk> since it's doing what it's needed to, i'll just drink moderately and pretend i never noticed it
<sommer> party!
<ganton516> Should a BIOS RAID array be set up when using dmraid, or should it be disabled ?
<ganton516> Should a BIOS RAID array be set up when using dmraid, or should it be disabled ?
<nealmcb> that's the second room ganton516 has entered and left - at least this time he asked the actual question - so the long topic might actually be helping
<Omnius> anyone know much about bridge-utils??
<Omnius> I can set it up alright but cannot assign a gateway address to the psudo interface
#ubuntu-server 2007-12-02
<nealmcb> ouch - my laptop wouldn't shutdown - something about a read-only filesystem is all I saw, so I had to power it off.  now I get "UNEXPECTED INCONSISTENCY; run fsck manually" - and it is noting a ton of illegal blocks and multiply-claimed blocks.  I haven't seen this sort of thing in years if ever....
<nealmcb> journal inodes sharing blockis with defoma font-caches - nasty stuff
<erikstaats> I'm having trouble getting php to log errors to anywhere but the default apache error_log.
<Kamping_Kaiser> nealmcb, wow. didnt realise tht still happnened :(
<Kamping_Kaiser> *sp
<dencrypt> how do I open ports on my server for ftp-service? I tried doing iptables but it doesn't work, any ideas?
<Kamping_Kaiser> install an ftp service, by default theres nothing blocking ports
<dencrypt> yeah, that's what I thought. I run vsftpd and it is started. But when I do a nmap locally it doesn't specify the port in /etc/vsftpd.conf to be open at all and I can't connect either.
<Kamping_Kaiser> you cant telnet to port 20/21?
<dencrypt> nope
 * Kamping_Kaiser doesnt do ftp, so cant really comment on setting up a server with it
<dencrypt> It actually worked a few days back, which is even more strange
<Kamping_Kaiser> how did you confirm its started?
<dencrypt>  * Starting FTP server: vsftpd                                                                                                                                   [ OK ]
<Kamping_Kaiser> have you checked syslog for errors/warnings?
<dencrypt> hmm... no.
<Kamping_Kaiser> tail -n 30 /var/log/syslog
<dencrypt> nope, no errors :/
<Kamping_Kaiser> :\ does the ftp server havve its own logging? `ls /var/log/*ftp*
<Kamping_Kaiser> `
<Kamping_Kaiser> `ls /var/log/*ftp*`
<dencrypt> yes
<dencrypt> but they are all empty
<dencrypt> when I do top I can't find the process...
<Kamping_Kaiser> !ftp
<ubotu> FTP clients: !Nautilus, !gFTP (for !GNOME) - !Konqueror, !Kasablanca, !KFTPGrabber (for !KDE) - See also !FTPd
<dencrypt> it might not be started...
<Kamping_Kaiser> !vsftp
<ubotu> Sorry, I don't know anything about vsftp - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Kamping_Kaiser> !vsftpd
<ubotu> Sorry, I don't know anything about vsftpd - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Kamping_Kaiser> bloody bot.
<Kamping_Kaiser> dencrypt, run `ps aux |grep ftp`
<dencrypt> wtf! nothing there. why doesn't it start?...
<dencrypt> hmmm
<Kamping_Kaiser> unless it calls itself something-not-ftp
<Kamping_Kaiser> did you look at https://help.ubuntu.com/7.10/server/C/ftp-server.html ? its kind of bear though :(
<dencrypt> shall have a look
<dencrypt> when I do sudo /etc/vstftp stop I get the following message: No /usr/sbin/vsftpd found running; none killed.
<dencrypt> and everytime it says [OK]
<dencrypt> but if I stop it everytime, how can I keep stoping it?
<dencrypt> haha
<kraut> moin
<hatter> anyone here got speed problems with 7.10 and samba ?
<mralphabet> hatter: happen to be using vista as the client?
<nownot> hello im trying to get a vpn going and want to share one of my external hd's on the network. but im having problems with the samba part. any help me out/
<nealmcb> I'm trying to recover a disk by mounting it using a gutsy live cd.  I've gotten to sudo lvscan shows "inactive '/dev/ubuntu/root' [144.88 GB] inherit" and I guess I want to use dmsetup to create a device.
<nealmcb> fdisk says /dev/sda5 30 19458 156056528 8e Linux LVM.  so do I somehow use those cylinder numbers to create a table for dmsetup create?   or is there a good howto out there?
 * nealmcb mourns for the data on his sweet new laptop :-(
<nealmcb> at least there wasn't anything precious there that I can recall....
<Innatech> nealmcb: http://www.linuxjournal.com/article/8874
<nealmcb> Innatech: thanks!
<Innatech> no prob. Hope it works!
<eldonz>  I'm trying to install ubuntu-server on a mini-pc with SiS x86 compatible processor but get "No installable kernel was found". Any way around this?
<nealmcb> Innatech: success - the trick was sudo vgchange -a y    interesting article....
<Innatech> nealmcb: cool.
<Innatech> I'll have to try and remember that.
<bert> okey, I have got a question about ubuntu server
<bert> what are the system requirements for a server
<bert> ???
<Innatech> fairly modest. What did you have in mind?
<bert> well, the problem is, I tried installing ubuntu server a simple LAMP + mail server inside our home network
<bert> but when I try to start it (it's already installed) it says that the processor isn't good enough :s
<Innatech> can you provide the specific error it gives?
<bert> I don't remember it and the partitions are already deleted as I misconfigured them and they took up all the rets of the disk
<Innatech> mm. Well, you might be able to get the system to boot with a cheat-code but without knowing the error its hard to say.
<bert> should I reinstall or is a laptop with a celeron processor @ 1.7Ghz just nog powerfull enough ?
<Innatech> no, that should be fine.
<bert> then, I'll just reinstall
<bert> but it was very strange
<bert> the kernel refused to load :s
<Innatech> Although the mobile chipset might be causing problems.
<bert> that's possible
<bert> but ATM it's the most powerfull machine I have
<bert> ow yeah, now that I'm here
<bert> how much diskspace would a ubuntu server installation (LAMP + mailserver + FTP) take ?
<nathan42100> hey, is anyone here?
<infinity> Nope.
<nathan42100> Im trying to install 7.10 server on a few Dell PowerEdge servers 2300-2500 series and the installation hangs at 21% libc6-udeb. Any ideas? I cant find anything on the forums as to an answer
<infinity> If it stalls in the same spot every time, I'd usually guess it's a bad CD.
<nathan42100> I have two cds and a CD verification on my laptop (sadly its faster) says its fine
<nathan42100> many other distros of Linux refuse to install as well, inlcuding the desktop version of Ubunu
<Innatech> you can try looking through here....not sure if it will help: https://bugs.launchpad.net/ubuntu/+source/debian-installer
<nathan42100> can't find anything
<Innatech> there are a few bugs filed against the installer by laptop users.
<danp> can you flip to another vty and see what it says?
<danp> or does it hang?
<nathan42100> #1, im installing it on a server, not a laptop, #2 a vty? Im a linux newb right now...
<danp> if you can't switch vty's once it's hung you might start the installation, switch to the debug vty and wait for it to hang...see if it says anything when it does
<Innatech> you could also try an alternate or server install and add packages
<nathan42100> what is a vty
<nathan42100> I am trying the server install
<Innatech> ./bonk oh yea
<nathan42100> what is a vty?
<danp> http://linux.about.com/od/linux101/l/blnewbie5_1.htm; once the installation starts you can change terminals/ttys/consoles/whatever
<danp> on the second one you can get a shell, on 5 and/or 6 i think is debug output from the installer
<nathan42100> 2nd terminal I assume
<nathan42100> how do I get back to the installer?
<nathan42100> #1?
<nathan42100> and I assume it works in the installer
<danp> yeah
<nathan42100> ok, I think Im gunna print this
<nathan42100> thanks
<nathan42100> major problem for future though: 6 servers, a couple switches and hubs and about 20 computers (windowz not linux) without an internet connection because the damn school doesnt trust us
<nathan42100> sadly, the servers actually aren't required for the course so there isn't a big push to the school tech support guys to install it for us...
<nathan42100> is the 5th and 6th terminal the same debug output?
<nathan42100> as far as I can tell it hangs, but then it does eventually show an error about 5 minutes later
<nathan42100> so I can look at the debug output after the error
<nathan42100> right danp?
<nathan42100> danp?
<bert> sorry, does anyone know what to do with the following kernel panic: "PANIC: CPU too old for this kernel." ???
<bert> (it's a fresh ubuntu server installation)
<nathan42100> I would assume that it is exactly what it says...I would get an older version of the server or a newer CPU
<bert> well, someone told me here that an intel celeron @ 1.7Ghz should work fine
<nathan42100> I don't know the actual answer as I am a newb
<nathan42100> but try with an older installaton
<nathan42100> hang on
<bert> okey
<nathan42100> yeah, according to the website a celeron should work
<nathan42100> how old is the computer?
<bert> 3 or 4 years old I think
<bert> maximum
<danp> nathan42100, i think you should switch to the debug console as soon as the installation starts to see what it's doing
<nathan42100> danp: wouldn't I still have to enter configuation things the first few steps?
<nathan42100> oh, neverming
<bert> okey, so you mean that dapper perhaps would work ?
<danp> bert, it's weird you're getting that error. i have edgy server running on an oooold compaq PC with a 500MHz celeron here at home
<bert> well, I think it's odd too
<bert> but it's perhaps because I run it on a laptop
<bert> chipset error perhaps ?
<danp> maybe
<bert> but how do I fix that ?
<danp> see if the desktop version boots and works. maybe it needs the generic kernel instead of server. you could probably use the alternate install if that's the case
<bert> well, the generic kernel works fine
<danp> do you get that error when you're booting it after installing?
<bert> so you mean I have to install using the alternate CD and then just delete all the desktop packages ?
<danp> or when you're trying to boot the installation from CD in the first place?
<bert> the installation CD boots fine
<bert> but I can't get it started after the installation
<danp> ok, you're able to boot the server install CD and do the installation...it's just the first boot that has trouble
<danp> right, so...what you can do is, after the installation reboots, boot the CD again and go into rescue mode
<danp> when you install, are you just using one big / partition/filesystem?
<bert> yes one / partiton
<bert> *partition
<bert> but I could easily splitt it
<bert> I have plenty of space left
<danp> that's fine, that makes it easier for this
<bert> okey
<danp> once you boot into rescue mode you'll eventually get an option to start a shell
<bert> aah, okey
<danp> pick your / partition, probably /dev/hda1
<danp> then do: apt-get install linux-image-generic
<bert> do you mean booting from the kernel's rescue line ?
<bert> *server's
<danp> yeah, from the server installation CD
<bert> aaah
<bert> okey
<danp> it might be a menu option now, too
<nathan42100> what exactly does apt-get do?
<bert> so I should pick rescue a broken system from the menu, right ?
<danp> yeah
<danp> nathan42100: http://www.debian.org/doc/manuals/apt-howto/
<nathan42100> so its basically just a commandline simple package manager?
<bert> well nathan, synaptic and kpackage are just graphical front-ends to apt-get ;)
<nathan42100> ...never used linux really, maybe a total of about 20 hours a few years ago
<nathan42100> http://ubuntuforums.org/showthread.php?t=82017 <-- im not the only one...the problem has been happening for a couple of versions
<bert> danp, is it normal that the rescue thing takes very long to load ?
<danp> i guess...it should take about the same amount of time as booting the installation
<bert> well, it is taking a lot more ATM
<nathan42100> danp, should I try putting "cdrom_hdparm=-d1" at the boot parameters?
<danp> i think you should
<nathan42100> (see the thread, 2nd to last post)
<nathan42100> ok
<nathan42100> I can't do it know
<nathan42100> now*
<nathan42100> servers are at school
<nathan42100> since it is the server CD, do I need the live and the cdrom-detect as well?
<nathan42100> danp?
<nathan42100> danp, interesting. This person tried 6.061 and it worked, but no other version did: http://www.vinnia.se/2007/05/08/install-ubuntu-704-on-a-dell-poweredge-2450-server/
<nathan42100> hello?
<pete01> hi
<pete01> need some help with cvsnt pserver config plz
<fujin_> o_0?
<pete01> hi
<pete01> can you help me with setting up cvsnt on ubuntu server?
<fujin_> What's cvsnt?
<pete01> google it
<pete01> can anyone else help
<fujin_> Why not use something that isn't shit?
<fujin_> (i.e.; SVN, git)
<pete01> ah good
<fujin_> darcs
<pete01> some response
<pete01> :)
<pete01> sorry just better getting a response than none
<fujin_> If you were asking about SVN, I could help;
<fujin_> CVS is rubbish
<pete01> i know
<fujin_> I wouldn't touch it with a pole
<pete01> i don't really want to
<pete01> can i exlpain my situation
<fujin_> Explaining it isn't going to help me help you
<fujin_> unfortunately
<pete01> hehe
<pete01> :(
<pete01> is this just an idling channel?
<pete01> or a quiet time
<pete01> *sigh*
<fujin_> Have you googled?
<pete01> yeah, there is almost nothing out there in terms of howtos, etc.
<pete01> CVSNT is design Windows I think but can run on Linux
<fujin_> (that's because it's shit)
<pete01> lol, true
<pete01> I have a CVSNT repos that I want to continue to use on a Linux server
<pete01> Windows server died last week
<pete01> hardware error
<fujin_> ugh
<pete01> I expected this channel to be a hive of activity and discussions...
<fujin_> import the repository to SVN and be done with it?
<fujin_> You're discussing stupid things
<pete01> bleh
<pete01> how
<pete01> :P
<pete01> ok, you're right
<fujin_> install svn
<fujin_> check out the repository
<fujin_> svn add all of the stuff
<fujin_> svn commit
<fujin_> &&done
<zul> pete01: it is sunday and most people are away
<pete01> ok, just need to find something to convert my cvsnt repos to svn, so i can retain the repos history
<pete01> zul: i guessed :)
<fujin_> agh
<fujin_> didn't you say the server died?
<pete01> yep
<fujin_> storage is still ok then?
<pete01> i managed to recover the repos though
<pete01> yes
<fujin_> I see.
<fujin_> Sorry, I
<fujin_> 've
<fujin_> long since purged all memories of CVS
 * fujin_ cringes
<pete01> no problem, i just got dumped with rebuilding the dev server
<pete01> and don't have that much exp with the admin side of things
<pete01> ok, ill leave you be, thanks
#ubuntu-server 2008-11-24
<Deeps> you need to login using the mysql root password, not the system root password
<Kamping_Kaiser> has anyone got personal experiance with dovcot vs courier for imap? i was told dovcot had in built duplicate checking, and "other goodies". i'm wondering if someone can attest to it from personal experiance
<Ahmuck> marshall: ur mysql installation needs a root user and password iirc
<Ahmuck> which iirc, is set up when you set up mysql
<marshall> iirc?
<andguent> if i recall correctly
<andguent> ==iirc
<marshall> i think i set a mysql password when i installed ubuntu server
<hackeron> hey, how do I get exim to listen on port 587? -- I tried to add daemon_smtp_ports = smtp : 587 to /etc/exim/conf.d/main/00_local_settings and restarted exim, but it still only listens on port 25 - any ideas?
<hackeron> anyone? hey, how do I get exim to listen on port 587? -- I tried to add daemon_smtp_ports = smtp : 587 to /etc/exim/conf.d/main/00_local_settings and restarted exim, but it still only listens on port 25 - any ideas?
<Kamping_Kaiser> hackeron, have you run dpkg-reconfigure --priority=low exim4-config ? you may see the option in there
 * Kamping_Kaiser hasnt tried, so no useful input from me unfortunately
<hackeron> Kamping_Kaiser: yes, I have
<marshall> andguent, i believe i set my mysql password when i installed it as part of LAMP
<andguent> honestly I've never needed it, I assume you are trying to setup a custom email server at home to pass traffic through
<hackeron> andguent: yep :)
<andguent> hackeron: sorry, i dont know anything more then google does, never rolled my own server, always went gmail or zimbra
<andguent> marshall: Sorry i never saw your original question, i signed in half way through the troubleshooting. What are you trying to do?
<hackeron> andguent: well, I'm actually trying it to just relay email to my gmail - but I dont want to put my gmail password on every host.
<andguent> ah, gotcha, i assume multiple linux servers all forwarding to your one master server?
<hackeron> andguent: exactly :)
<hackeron> andguent: but port 25 is often blocked, so I need my exim daemon to listen to 587 also
<andguent> I'm lazy, if it were me I would just setup a throw away gmail account
<marshall> andguent, i installed apache, php, mysql and phpmyadmin, im getting access denied for user (user)@(localhost) for both my regular account and my root accounts
<andguent> marshall: trying from command line or something else?
<hackeron> andguent: so, one jut pointing the servers to my server where I can just useradd server1 -- or going through a full gmail registration, confirmation, creating self signed certificate on server, etc, etc?
<marshall> andguent, command line and phpmyadmin
<andguent> hackeron: i always use ssmtp for outbound email sending, more specifically for pushing script error messages. I'm only suggesting this way because I don't know exim or sendmail at all -- I've never needed to make a cert or any of that to send through gmail
<andguent> marshall: when doing command line, can you post your exact command you are trying to use to get in?
<andguent> marshall: what else have you tried to gain access? have you tried any password recovery options yet?
<marshall> im able to get in when i do a regular mysql
<marshall> but if i try to do mysql -u root
<marshall> i get access denied for user
<marshall> how am I supposed to set up mysql, i did everything pretty much how i was instructed to
<marshall> this is a fresh LAMP install
<marshall> then i installed phpmyadmin
<hackeron> andguent: hmmm? - I get your IP is dynamic and cannot be used
<andguent> hackeron: exim or ssmtp?
<hackeron> andguent: well, postfix, lol - but I want to try exim
<andguent> marshall: gotcha, let me find some root password reset options... i'm basically just going to google for mysql root password reset
<marshall> andguent, thanks
<marshall> andguent, ok, i got in when i used 'root' and the password i set before
<marshall> andguent, sorry for hte trouble
<andguent> marshall: no worries, glad you got in
<marshall> andguent, is it possible to add my user account to the mysql admin?
<andguent> if you ever have additional password issues, use "FLUSH PRIVILAGES;" like salt is used on ham, its saved some hair pulling for me before
<andguent> what do you mean by 'mysql admin'?
<alienseer23> how do I restart the "named" service when there is no "/etc/init.d/ named" ? I am trying to set up a dynamic dns service and I apparently need t0 "/etc/init.d/named restart" anyone help?
<alienseer23> do I just substitute bind for named in that line, then?
<hackeron> alienseer23: erm, /etc/init.d/bind9 restart ?
<alienseer23> if i stop bind9, I can still use the named command
<alienseer23> I need to be able to start and stop named?
<alienseer23> I am attempting to use the bind9 dynamic dns server for webmin
<hackeron> alienseer23: erm, what? -- bind9/named is the same thing
<alienseer23> if i /etc/init.d/bind9 stop" and then type in named "anyting" I get response, is this normal?
<alienseer23> this is why I don't understand...the program calls for the path to "Command to start named", and this should be /etc/init.d/bind9 start" right?
<jmarsden> alienseer23: You may be confused... why are you typing in     named "anything"  ??  WHat are you trying to do when you type that?
<[gquit]bombadil> if postfix is the default MTA for ubuntu, why do the packages for nagios and mailman install exim4 by default?
<Kamping_Kaiser> do they depend on exim4 ?
<jmarsden> Kamping_Kaiser: Yes, mailman has:  Depends: adduser, apache2 | httpd, cron, exim4 | mail-transport-agent, libc6 (>= 2.4), logrotate, lsb-base (>= 3.0-6), pwgen, python (>= 2.3), python-support (>= 0.7.1), ucf
<jmarsden> I think that's probably a packaging bug?
<Kamping_Kaiser> jmarsden, if postfix is already installed its a bug, if there was no existing mta, then exim would have got installed
<jmarsden> Kamping_Kaiser: If postfix was already installed, it would satisfy the mail-transport-agent requirement so exim4 would not then be installed.
<Kamping_Kaiser> jmarsden, i would have thought that.
<Kamping_Kaiser> jmarsden, does mailman do the or depends as well?
<jmarsden> Mailman's Depends I posted earlier.  Did not yet check nagios...
<Kamping_Kaiser> er, sorry. nagios.
<alienseer23> jmarsden: when I type in "named help" or anything after named, it gives me a response,  was under the impression that if I stopped the bind9 service that any named shouldn't give back output?
<jmarsden> alienseer23: When you stop named, it isn't running.  When you then type named as a command, you run it... what are you trying to do here?
<Kamping_Kaiser> if you stop named it will stop listening for dns requests
<Kamping_Kaiser> by running named --help, your starting it again
<alienseer23> so to start and stop named, I can use the command "/etc/init.d/bind9 start" or stop, yes the executable is still just 'named'...?
<jmarsden> Kamping_Kaiser: nagios3 depends on nagios3-common which depends on bsd-mailx which says:  Depends: base-files (>= 2.2.0), exim4 | mail-transport-agent, libc6 (>= 2.4), liblockfile1 (>= 1.0)
<jmarsden> alienseer23: Yes.
<alienseer23> jmarsden: I am trying to configure a bind 9 dynamic dns server module for webmin
<alienseer23> thank you :D
<Kamping_Kaiser> jmarsden, i cant see why exim would be getting installed then. perhaps try `aptitude why exim4` (iirc that tells you the dependancy tree)
<Kamping_Kaiser> *shudder* webmin
<jmarsden> Kamping_Kaiser: I think [gquit]bombadil was installing them with no MTA on his system, and in that case the instaler will pick the first one listed in an "or" depend to satisfy it.
<jmarsden> Kamping_Kaiser: The solution is to install postfix first, then install mailman or nagios.
<Kamping_Kaiser> jmarsden, nod. i'm supprised an ubuntu server ships with no mta
<alienseer23> Kamping_Kaiser: I would ditch webmin all together if I could find another webbased bind9 administration tool/control panel that worked with dynamic dns.
<alienseer23> goal is to let people sign up to use a name server with dynamic dns capabilities ((climbing the learning curve))
<jmarsden> alienseer23: Why would your webmin module want you to be typing anything close to named "anything" at the command prompt?  I suspect you are not doing what it wants you to?
<jmarsden> Kamping_Kaiser: Security -- why have open ports you may not want open in a default install?
<alienseer23> jmarsden: I meant I could type in "named" and getno outpur, but if I put anything at all after it then I would get output
<Kamping_Kaiser> jmarsden, because it doesnt have to listen externally, it just has to be there (including for things like not having exim4 accidentally installed, or sending email from the server)
<jmarsden> alienseer23: man named to understand that
<alienseer23> k
<jmarsden> But basically you don't want to do either one of those things.
<alienseer23> k
<jmarsden> Start it from the init script, and if you need to modify its parameters edit /etc/default/bind9
<alienseer23> yeah, so far so good, just the named/bind9 dual identity thing had me a bit confused for a sec
<jmarsden> binary program name == named, package name and so init script name = bind9
<alienseer23> sense!
<alienseer23> I've been banging my head about the keyboard for a few hours, perhaps my true mistake is that I refuse to take breaks
<jmarsden> Probably ;)  So now you have discovered that piece of wisdom... take a break?
<alienseer23> yes
<alienseer23> I may have..let's see if I listen :D
<LoveGuru> Hi, Need Some help with squid/apache i m running website at my linux box now im trying to open my website but its working now gave me error in return can someoone help with " http://paste.ubuntu.com/76266/ " thanks.
<LoveGuru> *not working
<nme> is console-kit-daemon required to work?
<uvirtbot> New bug: #301542 in nagios3 (main) "Bypass auth checks in Nagios (CVE-2008-5027, CVE-2008-5028)" [Undecided,New] https://launchpad.net/bugs/301542
<arooni-mobile> i have 12G of hard drive space on a new installation, with 360MB of ram.  how big should swap be?
<jmarsden> arooni-mobile: Anywhere from about 360MB to 2GB depending on what you will use the machine to do
<arooni-mobile> jmarsden, i want it to take over the world
<jmarsden> Probably 2GB will not be sufficient, make multiple swap partitions :-)
<arooni-mobile> jmarsden, hehe
<arooni-mobile> aweosme
<jmarsden> Seriously -- if you want to run Eclipse and compile OpenOffice, you'll want plenty of swap (and plenty of hours...)... for normal use, you can use less swap
<jmarsden> CAn you afford 1GB for swap?  That's probably plenty for a normal use "desktop" type install
<jmarsden> 360MB is a strange number... is this a virtual machine?
<arooni-mobile> yes
<arooni-mobile> chasetoys is not in the sudoers file.  This incident will be reported. ;;; how do i add that user to the sudoers
<arooni-mobile> jmarsden, its what my client wants
<arooni-mobile> cheap
<arooni-mobile> ha
<lukehasnoname> run visudo and add chasetoys to the admin group
<lukehasnoname> er
<lukehasnoname> or
<lukehasnoname> scratch that.
<lukehasnoname> "usermod -aG admin chasetoys" I think
<lukehasnoname> double check that. Everyone in the admin group has full sudo privledges.
<jmarsden> adduser chasetoys admin     # should also work -- see https://help.ubuntu.com/community/RootSudo#Allowing%20other%20users%20to%20run%20sudo
<sannnn> I'm trying to do exactly this but I want to log the results to a text file: https://forum.bytemark.co.uk/viewtopic.php?pid=1937 Anyone got an idea?
<moo---> namaste
<jmarsden> Shalom
<bugfixe1> hai all, just join this room
<bugfixe1> never chat before in this room
<bugfixe1> let me introduce my self
<bugfixe1> my name salman, has join ubuntu-server for a while but not so active
<LoveGuru> from ?
<bugfixe1> thanks for you time!
<bugfixe1> my origin country you mean?
<LoveGuru> ya
<bugfixe1> indonesia
<LoveGuru> ummm
<LoveGuru> what about now / where are ya right now ?
<bugfixe1> solo
<nme> single?
<LoveGuru> lo0ol
<nme> ;]
<bugfixe1> nop! have 2 children!
<bugfixe1> :)
<LoveGuru> kool:>
<LoveGuru> bugfixe1 u know what bachay 2 hi achay :\
<uvirtbot> New bug: #298928 in openldap (main) "apt-get produce an error when I tray install or unisntall slapd" [Medium,Triaged] https://launchpad.net/bugs/298928
<LoveGuru> so salman what do ya do ?
<nme> he is typing?
<bugfixe1> :D
<bugfixe1> yeps, hanging around this room!
<nme> guys, seriously, did you notice console-kit-daemon takes waaay too much cpu time at ubuntu-server 8.10?
<bugfixe1> any one here use 8.10 in production environment?
<LoveGuru> nme: nice j0ke :) well thanks! for entertaining :p
<nme> bugfixe1: "kind-of" production environment, 1 real server for my part-time job after my real job ;) and 1 virtual server for ldap testing purposes
<nme> as for me, too much of bleeding edge for production
<bugfixe1> yeps
<bugfixe1> currently i still use 8.04 LTS
<[gquit]bombadil> jmarsden: if ubuntu wants to make postfix their default mta, shouldn't it be specified explicitly for all packages that require an mta?
<lamont> [gquit]bombadil: ETOOMUCHWORK
<lamont> the longer term plan is to push a 'default-mail-transport-agent' package upstream, and have _that_ depend on postfix or exim4 depending on which distro
<lamont> because for many of the packages, the MTA name would be the only change from debian
<uvirtbot> New bug: #286427 in tomcat6 (main) "Tomcat 6 should not require Java 6 " [Wishlist,In progress] https://launchpad.net/bugs/286427
<uvirtbot> New bug: #299436 in tomcat6 (main) "Tomcat 6 should not implement the TearDown spec" [Low,In progress] https://launchpad.net/bugs/299436
<Skyfury> hi there! can anyone give me a hint to make my opencv compiling with libtools 2.2 again?
<aleka> Running Ubuntu-server 8.10 > I am trying to get LDAP Authentication to work with my install of MediaWiki. I have installed the php5-ldap package and put a TLS cert in /etc/ssl/certs , how do I tell the openldap plugin where the certificate is? I have tried adding <<TLS_CACERT = '/etc/ssl/certs/my_cert_ca.pem' >> in /etc/ssh/openssl.cnf but seems like that is not working
<aleka> Does this cert need to be symlinked to /usr/share/ca-certificates/mozilla/* like the others in /etc/ssl/certs/?
<nme> aleka: have you included keys in ldap config? olcTLS* ?
<uvirtbot> New bug: #279645 in tomcat6 (main) "libservlet2.5-java has no javadocs" [Wishlist,In progress] https://launchpad.net/bugs/279645
<kraut> is there any working shell like scponly, where i could define an umask?
<aleka> nme: The LDAP server is not locally on my Ubuntu machine... I am connecting to a Novell eDirectory server'
 * Faust-C wishes he had eDir
<feve1> hi
<feve1> I am learning about ubuntu-server and im trying to get proxy squid working. It all went well till now that ive tried to get auth working.. I cant understand what im supposed to do from the squid.conf, would anybody be so kind as to give me a helpng hand?
<uvirtbot> New bug: #283852 in tomcat6 (main) "tomcat6 does not include tomcat-dbcp.jar" [Medium,Confirmed] https://launchpad.net/bugs/283852
<Faust-C> feve1, have you looked at wiki?
<Faust-C> and imo it would be simpler to use transparent proxy
<daszorz> hey there
<marshall> for some reason, my apache doesnt want to serve .png images
<tonyyarusso> marshall: what's it do instead?
<marshall> tonyyarusso, when i try to access the image itself i get forbidden
<tonyyarusso> marshall: And you're *sure* the file permissions are correct?
<marshall> i put the file on the server under my username
<marshall> ok... the web doesnt recognize me as jeff i guess
<tonyyarusso> marshall: Can you give me the output of ls -l for the file?
<marshall> i changed the permissions and they work properly now
<tonyyarusso> :)
<Faust-C> speaking of apache
<Faust-C> i need to create a VM
<Faust-C> im using ubuntu over SLES
<Faust-C> need to get started asap
<marshall> i dont want to have to change all the permissions by hand every time though, how do i avoid this?
<Faust-C> marshall, you can set it in apache.conf iirc
<uvirtbot> New bug: #297367 in samba (main) "Samba files open as locked" [Undecided,New] https://launchpad.net/bugs/297367
<gabbler> hi does anyone know anything about software raid and grub
<Faust-C> gabbler, what do you want to know
<gabbler> faust-c, hi, i have got ubuntu server running on a two disk software raid solution and i have read that grub will be installed on one of the root drives but not the other, i assume i need to install grub on this other drive so if the primary goes down (with grub) the other will still function if it has to reboot
<Faust-C> gabbler, ic
<Faust-C> hmm im in a similair boat
<gabbler> faust-c, i need to know how to find out where grub is and then install it on the other root drive
<gabbler> oh :)
<Faust-C> but from what ive read youll boot up live cd and re-install grub
<Faust-C> you can find out where it is by filesystem type
<Faust-C> md will be raid and grub will be ext2 (default file system)
<gabbler> so how could i find out if it is on md0 or md1?
<Faust-C> it wont be on either
<Faust-C> grub is outside of raid isnt it (or is that LVM)
<gabbler> apparently fromwhat i have read it is in raid 1 which is what i have chosen
<gabbler> and yea lvm doesn't support grub or the boot folder
<gabbler> faust-c, i have to go but if i find out anythin i will let you know :)
<Faust-C> k thx
<marshall> Faust-C, whats an iirc
<Faust-C> if i recall correctly
<marshall> ok
<marshall> Faust-C, how do i change that in my apache.conf
<Faust-C> idk off the top of my head
<marshall> if i pastebin my apache.conf, do you think you could tell me?
<genii> You're using 1.3.xx ?
<marshall> genii, me?
<genii> marshall: Yes
<marshall> apache2
<genii> marshall: Then the releveant files will be: /etc/apache2/apache2.conf  /etc/apache2/ports.conf /etc/apache2/sites-enabled/000-default
<marshall> genii, im trying to make it so when i transfer a png image into my /var/www directory I dont have to change the permissions myself every time
<mpi> hi lads, is it possible to know if a specific package is planned to be upgraded/backported to hardy, or is it possible to vote for the upgrade?
<genii> marshall: If you make the user who adds to the /var/www   a member of group www-data     they should be able to add there with write mask of 750,755 or such
<marshall> genii, i changed the owner of /var/www to jeff (myself)
<marshall> does that make a difference?
<genii> marshall: That is not a tactic which is good
<genii> marshall: The reserved user www-data is for this purpose.
<marshall> genii, how come?
<marshall> o
<marshall> should i change the owner back to root?
<marshall> then add myself to www-data?
<genii> marshall: web browser for instance is as user www-data         and so on
<genii> marshall: Yes
<marshall> genii, i will be able to upload stuff via ssh in this group?
<genii> marshall: You can also study how virtual server dirs are set up in /etc/apache2/sites-enabled/000-default            to allow execute, etc
<marshall> genii, hmm
<genii> marshall: Yes, once "jeff" is in group www-data   if you ssh in as that, it will have write privs to /var/www
<marshall> ok
<zoopster> mpi: you can search launchpad as it would be published there and you can enter a upgrade request on launchpad for said package as far as I know.
<mpi> zoopster, thanks! Ive found my way to the launchpad ubuntu-backports site and am currently filing a request...
<marshall> whats the command to add myself to a group again?
<genii> marshall: sudo usermod -G newgroupname -a username
<genii> Or the -a at end
<genii> marshall: My syntax of it may be rusty, I'm normally just editing /etc/group
<marshall> genii, i think i added myself to www-data but now when i try to access my png in the browser it says im forbidden again
<marshall> genii, i changed the owner of /var/www back to root
<Deeps> check the permissions on the file
<genii> marshall: What says result:  ls -l /var/www/pngfilename.png               ?
<Deeps> www-data user needs to be able to read the file
<marshall> genii, -rw------- 1 jeff jeff 39625 2008-11-24 12:32 ./me/bg.png
<genii> marshall: You might want to +r them there, or use an umask
<zoopster> I take it no one using Macbook Pro's and 8.10 are having this problem? DMA: Out of SW-IOMMU space for 4224 bytes at device 0000:0b:00.0
<zoopster> nijaba: This is the error we saw on my Mac this week
<kirkland> zoopster: i'm not sure you'll get the best return-on-investment asking that question in this channel
<kirkland> zoopster: i'd start by searching Launchpad, which you can do from http://people.ubuntu.com/~kirkland/search.html
<zoopster> bummer
<zoopster> it's already at kernel.org
<zoopster> http://bugzilla.kernel.org/show_bug.cgi?id=11811
<uvirtbot> bugzilla.kernel.org bug 11811 in network-wireless "ath9k / DMA: Out of SW-IOMMU space for 4224 bytes at device 0000:0b:00.0" [High,Assigned]
<slicslak> looking for backup suggestions...  multiple servers need incremental multi-day backups in a production environment.  backups will be done over nfs or rsync to a backup server.  what are you guys using?  a solution such as amanda, backuppc?  or are you rolling your own rsync scripts?
<Deeps> !backup | slicslak
<ubottu> slicslak: There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<Nafallo> backuppc is sweet
 * hads likes rdiff-backup
<slicslak> haven't heard of that one
<slicslak> i recall rsnapshot being pretty nice.  backuppc looks like it has some nice guis to impress management.  :)
<hads> rdiff-backup is like rsnapshot except it (rdiff-backup) stores diffs of files rather than hard links so can save a lot of space depending on what you are backing up. The trade-off being a little longer run time.
<hads> But if you're looking for GUIs etc. then it won't impress management.
<Faust-C> dar
<Faust-C> i just dont like that it seems as if most opensource backup solutions are tedious to setup and maintain
<jmarsden|work> Faust-C: Which commercial closed source ones are fun to set up and maintain? ;)
<hads> *shrug* seems the opposite to me.
<Faust-C> jmarsden|work, atm i dont like either
<Faust-C> i still havent found anything that i would like to use w/ users and servers
<jmarsden|work> Sounds like you have very specific needs.  There are a lot of reasonable choices out there.  Bacula?  Amanda?  http://www.restore-backup.com/ even?
<Faust-C> yeah im looking at those 2
<Faust-C> primary issue is training co-workers
<Faust-C> i can use anything, but that cant be said for my peers
<Faust-C> jmarsden|work, thanks for that link
<Faust-C> never heard of that before
<jmarsden|work> Faust-C: No problem.
<Kl4m> Hi, I virtualized a Ubuntu 7.10 server into vmware server and I need it to configure the pcnet32 card (or should  it be vmxnet?). Can anyone help with with this?
<Kl4m> problem solved: cleared /etc/udev/rules.d/70-...net...;  replaced eth1 with eth0 in /etc/network/interfaces; restarted udev and networking.
<slicslak> cool, thanks for the discussion (re: backup) guys.  i'll evaluate a few next and make a decision.
#ubuntu-server 2008-11-25
<uvirtbot> New bug: #301898 in openldap (main) "slaptest conversion does not configure monitor module" [Undecided,New] https://launchpad.net/bugs/301898
<uvirtbot> New bug: #301913 in php5 (main) "php timezone in apache2 is UTC by default" [Undecided,New] https://launchpad.net/bugs/301913
<genii> Maybe it doesn't look at locale or so
<scientes> can i go into the install partition editor after having installed
<genii> scientes: Yes, it's gparted
<scientes> the alternate
<scientes> trying to set up raid
<edge> when ever i try to connect to my mail server, it "actively refuses" the connection , but i cannot find a firewall running, ipchain is ruleless, ufw is not enabled
<kraut> moin
<milestone> hi all
<milestone>  is it possible to configure ssh server in a way that root logins by password are diabled but pubkeys work?
<milestone> without disabling password logins by default
<soren> milestone: Don't set a root password?
<maswan> soren: if you still want a root password for the console, "PermitRootLogin without-password" in sshd_config would also work
<milestone> soren: ??? how can is not set one?
<soren> milestone: Ubuntu by default doesn't have a root password. If your root account has a password, it's because you gave it one.
<nijaba> milestone: that how the root account is by default after install
<soren> maswan: Ah, right you are.
<milestone> soren: it is a random passwort
<milestone> not an empty one
<soren> milestone: I didn't say an empty one.
<soren> I said "doesn't have one".
<soren> Very different things.
<milestone> maswan: that is a good solution i will try it
<soren> An empty password will allow anyone to log in without a password.
<soren> Not setting a password will not let anyone in no matter which password they try.
<maswan> soren: For us with ldap for user directory and kerberos auth, we kind of need the root with local password in case networking etc breaks.
<milestone> soren: i know. but the root account does have a password after installation it is just randomly generated
<soren> milestone: No, it doesn't.
<milestone> maswan: that is when you have updatedb-nss for the rescue ;)
<soren> maswan: Either that or a local user with sudo privileges, yeah :)
<milestone> soren: i remember a bug where the installer logged the root password in early versions
<maswan> soren: Yup.
<milestone> maswan: i recommend updatedb-nss and libpam-ccred
<soren> milestone: The installer has never, ever asked you for a root password.
<milestone> soren: it has not asked you it has generated one and logged it in the installer log
<milestone> soren: believe me
<soren> No, it hasn't.
<maswan> At another set of machines I admin "PasswordAuthentication no" just to require anyone issuing priviledged commands to have both key and password (for sudo).
<maswan> milestone: can't find those packages
<soren> maswan: Me too :)
<milestone> soren: http://www.ubuntu.com/usn/usn-262-1
<milestone> soren: it has
<henkjan> soren: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/34606
<uvirtbot> Launchpad bug 34606 in shadow "Administrator root password readable in cleartext on Breezy" [Critical,Fix released]
<maswan> henkjan: Yes, that's not a password for a root account though.
<hads> Looking in shadow solves it.
<milestone> maswan: http://packages.ubuntu.com/search?keywords=nss-updatedb&searchon=names&suite=intrepid&section=all
<milestone> maswan: http://packages.ubuntu.com/search?suite=intrepid&section=all&arch=any&searchon=names&keywords=ccred
<soren> henkjan: It's not the root password.
<soren> The installer has never, ever asked for a root password.
<milestone> soren: noone said that
<soren> True.
<soren> Well, it never ever autogenerated one either.
<soren> It just doesn't set one.
<henkjan> soren: not the root passwd, but enough to give you root privileges
<soren> henkjan: Yes.
<soren> henkjan: This discussion started with milestone wanting to disable password logins for root over ssh.
<milestone> soren: http://it.slashdot.org/article.pl?sid=06/03/13/0525254
<milestone> cite... An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file
<soren> milestone: Yes. henkjan just linked to the bug.
<soren> milestone: a) It's not the root password.
<soren> milestone: b) It was in Breezy! Released in 2005.
<maswan> Yes, but I can still feel the pain from it. We got hit by that bug.
<soren> maswan: Everyone did :)
<maswan> soren: Well, I expect some newcomers since 2006 not getting hit. ;)
<milestone> soren: agreed
<soren> No random password for unix account were ever generated.
<nme> hi guys :)
 * nijaba just updated the server faq to include some details regarding the root account -> https://help.ubuntu.com/community/ServerFaq#Why%20doesn%27t%20Ubuntu%20provide%20a%20root%20account%20account%20by%20default
<frojnd> My isp blocks 22 port by default. So I've forwarded 10022 tcp and udp ports to my computer. Now I don't know what would be the command to allow incoming connections on port 10022 for ssh service. Any assistance would help.
<soren> frojnd: /etc/ssh/sshd_config has a "Port" directive.
<soren> frojnd: There's also the ListenAddress directive.
<soren> Consult the sshd_config man page for more info.
<frojnd> soren: you meant this: # What ports, IPs and protocols we listen for
<frojnd> and than there is 22
<frojnd> Apperantly that's it
<frojnd> I also have http protocol and I've forwarded 1080 and don't know where do I have to set this ?
<uvirtbot> New bug: #282287 in samba (multiverse) "[intrepid] firefox crashes frequently on Intrepid with SIGABRT" [Undecided,Confirmed] https://launchpad.net/bugs/282287
<scientes> how can i turn on XDMCP sharing via terminal?
<soren> scientes: In GDM?
<scientes> yes
<soren> There should be something like an [xdmcp] section in gdm.conf somewhere.
<soren> or gdm.conf.local or whatever it's called nowadays.
<scientes> wow, thats the file im in trying to find it
<soren> Huh?
<scientes> i guess google led me in the right direction :)
<soren> Are you trying to find the file or the section?
<scientes> just found it
* nijaba changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html | http://www.catb.org/~esr/faqs/smart-questions.html | Be patient.  Don't ask to ask, just ask. | server guide: http://tinyurl.com/65jzxw | FAQ: Ubuntu Server discussion and support | For general (not serve
* ChanServ changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html | http://www.catb.org/~esr/faqs/smart-questions.html | Be patient.  Don't ask to ask, just ask. | server guide: http://tinyurl.com/65jzxw | https://wiki.ubuntu.com/ServerTeam
<scientes> damn didnt work
<scientes> yeah that file doesnt affect anything
<scientes>  /etc/gdm/gdm.conf
<scientes> its not changing anything
<SpunkMeYeR> hi all
<SpunkMeYeR> how can i perform downgrade using python2.4
<SpunkMeYeR> now i'm using ubuntu server 8.04
<SpunkMeYeR> by the default it came with python2.5
<soren> What's the problem?
<ahasenack> is IA64 compatible with x86_64 packages? Or do we have a specific build for IA64?
<soren> ahasenack: Specific build.
<soren> It's a completely different architecture.
<ahasenack> soren: it's in the regular mirrors or something special?
<soren> ports.ubuntu.com
<soren> ahasenack: Only officially supported architectures are on archive.ubuntu.com
<ahasenack> soren: how is it maintained? We got a guy with such a machine and intrepid, and he wants to try out landscape, but he has the stub package installed (version 0.1), so I'm guessing the "real" intrepid was not ported to ia64
<soren> Those are i386 and amd64, sparc until Dapper (AFAIR), and armel from Jaunty and onwards.
<soren> ahasenack: "best effort"
<ahasenack> sommer: ok, thanks
<soren> ahasenack: Canonical doesn't dedicate man power to maintain it, but we have buildd's for it, so if someone cares, it could work.
<ahasenack> soren: I see it does have the real client: http://ports.ubuntu.com/pool/main/l/landscape-client/landscape-client_1.0.23-0ubuntu0.8.10.1_all.deb but probably not referenced in the appropriate pkglist
<soren> ahasenack: Yes, it is.
<ahasenack> so maybe its dependencies are not right for ia64
<ahasenack> I'll check with the guy
<soren> ahasenack: I'm looking at the Packages file for ia64 right now, and it's certainly listed. Ask him for the output of "apt-cache policy landsape-client" or perhaps "apt-cache showpkg landscape-client"
<ahasenack> ok, thanks
<soren> ahasenack: Yeah, just the output from "apt-get install landscape-client" might reveal the problem.
<LoveGuru> Hello, I just install "ubuntu-desktop" package but i dont want X server start at boot up. i want to start my server manullay when i need it. is there anyhow i can do that?
<ogra> LoveGuru, sudo mv /etc/rc2.d/S30gdm /etc/rc2.d/K30gdm
<uvirtbot> New bug: #302004 in samba (main) "Please add a samba-dev package" [Undecided,New] https://launchpad.net/bugs/302004
<SpunkMeYeR> hi all
<SpunkMeYeR> i'm using ubuntu server 8.04
<SpunkMeYeR> how can i install postgresql8.1?
<SpunkMeYeR> i try using aptitude install postgresql8.1 but no result
<kirkland> soren: ping
<kirkland> soren: regarding https://bugs.edge.launchpad.net/ubuntu/+source/qemu/+bug/301717
<uvirtbot> Launchpad bug 301717 in qemu "package qemu 0.9.1-7ubuntu1 failed to install/upgrade: trying to overwrite `/usr/share/man/man8/qemu-nbd.8.gz', which is also in package kvm" [Undecided,Confirmed]
<kirkland> soren: seems kvm and qemu are providing conflicting man pages
<kirkland> soren: would it make sense to create a qemu-common that kvm depends on?
<kirkland> soren: and try to get that -common into main?
<Faust-C> SpunkMeYeR, apt-cache search postgresql
<SpunkMeYeR> ok.. thanks
<SpunkMeYeR> i manage to install postgres using "aptitud install postgres"
<SpunkMeYeR> what is default password for postgres user ?
<Jeeves_> SpunkMeYeR: sudo -u postgres bash
<Jeeves_> psql template0
<SpunkMeYeR> thanks Jeeves_
<soren> kirkland: I don't think it's worth the effort.
<soren> kirkland: I fixed that bug earlier today, by the way. I hadn't noticed a bug report about it.
<SpunkMeYeR> <Jeeves_>, when i run psql template0 there is an error message
<SpunkMeYeR> psql: FATAL:  database "template0" is not currently accepting connections
<soren> ssh e
<soren> Yeah, that'll work :(
<Jeeves_> SpunkMeYeR: Ow, sorry
<Jeeves_> template1
<SpunkMeYeR> Ok Jeeves_ Thanks again
<kirkland> soren: okay, shall i mark that one fix-released?
<soren> kirkland: I see you already did :) Thanks.
<kirkland> soren: no prob, looked like the right thing to do ;-)
<robertj> hey all, slightly OT, but can anyone recommend an 16-port USB + PS2 KVM that works properly?
<sandstrom_> Having problems with docx being identified as 'application/x-zip'. I have tried to install "file info" in vain, and the mime_magic extension doesn't seem to work either. Anyone who have run across this problem and solved it. Would very much appreciate any guidance after spending 4 hours on this problem.
<Koon> sandstrom_: no clue, have you tried asking in #ubuntu ? You'll find more desktop-oriented specialists there.
<sandstrom_> this is a server problem
<sandstrom_> this is PHP not being able to identify the file correctly. Thus I have tried to install the "File info" extension which should be able to do this better the PHPs default magic_mime.
<Koon> sandstrom_: ah, so you're serving that file through Apache, I suppose.
<sandstrom_> yes
<sandstrom_> although it's php's mime_content_type that fails to identify the docx file correctly.
<Koon> sandstrom_: well, docx are ZIP files, so it's not entirely wrong... but I see what you mean
<Koon> sandstrom_: the comments over at http://docs.php.net/mime_content_type suggest to create an encapsulation function to override the mime types that mime_content_type guesses wrong
<sandstrom_> Koon: thanks for the suggestion. Will try, although it would be nicer to do it properly
<kirkland> soren: could you sponsor the patch for https://bugs.edge.launchpad.net/ubuntu/+source/ubuntu-virt/+bug/282716
<uvirtbot> Launchpad bug 282716 in ubuntu-virt "Dependency should be changed to python-vm-builder" [Low,In progress]
<kirkland> soren: also, could you have a look at https://bugs.edge.launchpad.net/ubuntu/+source/kvm/+bug/277517 ?
<uvirtbot> Launchpad bug 277517 in kvm "Please enable lpia and ia64 builds" [Wishlist,Confirmed]
<soren> kirkland: That's in main?!?
 * soren is puzzled
<kirkland> soren: what's in main?  ubuntu-virt?
<soren> Yeah.
<kirkland> soren: yes, it's in the pkgsel on the server install cd
<kirkland> soren: "Virtualization Server"
<soren> ubuntu-virt 1.2 is already in the archive, by the way.
<soren> It's been there since mid-October, it seems.
<soren> Oh, ubuntu-virt-mgmt is in universe. Ok. That explains
<uvirtbot> New bug: #302075 in samba (main) "Samba crashes when mounting a password protected share" [Undecided,New] https://launchpad.net/bugs/302075
<kirkland> soren: right
<zul> mathiaz: when you get a chance this afternoon can you look at mysql merge im completely and utterly confused about it
<kirkland> nijaba: sommer: I added some bits about RAID at https://help.ubuntu.com/community/ServerFaq
<mathiaz> zul: ok
<sommer> kirkland: sweet thanks
<kirkland> sommer: i'm not sure if it's what we're going for, but i added some important considerations, i think
<mpt> dendrobates, I'm currently double-booked for UDS's server installer look-and-feel session, so if you want me to be there I suggest you arrange for me to be an essential subscriber
<sommer> kirkland: looks good to me
<dendrobates> mpt: I think the foundation team scheduled it, but I'll make sure you are essential.
<kirkland> soren: the kvm for lpia and ia64 is the other one ...
<soren> kirkland: I know kvm supports ia64 (I know the guy who handles that port), but I'm not sure it's included in the tarball yet?
<kirkland> soren: k
<mpt> thanks dendrobates
<kirkland> soren: the request came for persia, fwiw
<kirkland> soren: i built that one in my ppa for lpia
<soren> kirkland: IIRC, he didn't know about the ia64 thing.
<kirkland> soren: but i have no ia64 boxen
<ivoks> am i too late? :/
<sommer> nope
<soren> ivoks: You're in the wrong channel. :)
<zul> hi ivoks
<ivoks> :)
<ivoks> sorry for long absence; i had lots of private stuff to solve; i'll digg into jaunty asap
<dragonmantank> Over the weekend I had an 8.04.1 box lose power and now sendmail is trying to send all mail locally... any ideas what I can check?
<Karamon> Hello, I was wondering if when I do a dist-upgrade (beacuse I have several upgrades "kept back" [bind9, linux-image-server, etc.]) any configuration files would be overwritten or if a dist-upgrade is not even really necessary.
<ScottK> Karamon: If there are config files you've changed you'll be prompted for which you want to keep.
<ScottK> Karamon: You can either dist-upgrade or manually select to install the held back packages.  It gets you to the same place.
<Karamon> ScottK: Thanks :)
<ScottK> Dist-upgrade is slightly better because then the packages don't get marked manually installed.
<nijaba> kirkland: thanks for the FAQ
 * delcoyote hi
<kirkland> nijaba: no problem, hopefully that's sort of what you wanted?
<kirkland> nijaba: i don't have much to say on the hw raid controller front
<nijaba> kirkland: yes, it looks great
<kirkland> nijaba: i'll keep that page in mind as I think of other considerations
<Ahmuck> hi.  i'm trying to setup software raid1 for ubuntu server and failing at it.  i've been using a tutorial for gutsy/hardy.  can someone point me to a better tutorial?
<mibocote> Ahmuck: where are you having difficulty?
<sommer> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/8.04/serverguide/C/
<sommer> Ahmuck: you might check out the Advanced Installation > RAID section
<dragorn> I've got a hardy ubuntu-server install (on an alix, if someone thinks that makes any difference).  Everything is copacetic if the vga is connected, if it isn't, grub hangs just before loading the kernel at "Starting Up".  Turned off quiet, splash, set vga=normal, tried directing console to serial, no joy.  Vga connected works, vga disconnected hangs.  Anyone seen anything like that?
<Ahmuck> sommer: i don't see advanced installation in that guide
<sommer> Ahmuck: woops: https://help.ubuntu.com/8.10/serverguide/C/index.html
<sommer> sites been updated
<dragorn> Ah.  For what it's worth it appears to be an EDID bug and linked to the alix boards, and the ubuntu kernels have firmware_edid enabled
<Ahmuck> i've been told not to use nvidia hardware raid on the mobo but to use software raid
<dragorn> hahah with the ultra-ghetto fix of shorting pins 6 and 12 on the vga to force edid nonsense.
<Ahmuck> ok, i had this problem yesterday.  i get an error following that method.
<Ahmuck> http://pastebin.com/mc0dab38 - that is the error
<Ahmuck> at the "Create MD Device" option
 * jmedina preferes to create soft raid by hand with mdadm
<unit3> Anyone know if there's problems with open-iscsi in 8.10?
<unit3> I made a connection to my target and did some operations, then I did some work on the target (which is 8.04.1) and ended up restarting the target.
<unit3> And now the initiator thinks it's connected, but it just fills dmesg with errors when I try to do operations.
<unit3> I've restarted open-iscsi on the initiator machine, and it claims it connects to the target fine, but still, any ops on the scsi device it assigned originally (/dev/sdh) cause tons of errors.
<unit3> errors tend to look like this: sd 18:0:0:0: [sdh] Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK,SUGGEST_OK
<harpoon1> i installed ubuntu server using an IDE drive and all went well.  I attempted to do the same using 1 sata drive instead of ide, and the install succeeded, including GRUB.  However when I go to reboot, I get no grub menu, ( perhaps hidden ) and get a black screen with blinking cursor.  I tried switching terminals but still black and blinking... ( no messages to see )
<unit3> harpoon1: this is likely a boot problem with your BIOS, it sounds like it isn't trying to boot off the correct drive.
<unit3> It's also possible that the grub install didn't complete correctly, and that it needs to be done manually from a livecd.
<harpoon1> ok, I'll try booting in using livecd and running the grub stuff.
<unit3> ok, but make sure to check the bios settings first.
<unit3> because grub really depends on the bios being set correctly for it to be able to make the right install decisions.
<Conmiro> I need help
<harpoon1> for the bios settings, should I use PATA & SATA, or just SATA?
<Conmiro> I installed ubuntu server and tried to boot
<Conmiro> but It said my cpu does not have pae
<Conmiro> is there live cd for ubuntu server?
<harpoon1> unit3: where to I get info on how to setup bios for linux?
<harpoon1> unit3: my sata drive is detected as the 3rd primary drive, with no drives detected as 1st primary...
<unit3> harpoon1: that's fairly normal, you just need to find in your bios where it says the boot order, and make sure that SATA drive is the first in the list of hard drives (probably second in the entire list after your cdrom)
<unit3> also, if your bios has sata compatibility options, you'll want to enable all the advanced features so that Linux can take advantage of them.
<harpoon1> unit3: the boot order is correct.  the cd rom is first and the sata drive is second.
<unit3> ok, that's good then.
<unit3> if you boot off a live CD, I can walk you through manually re-installing grub, and that should fix it.
<unit3> also, what ubuntu release did you install? 8.10? 8.04.1?
<harpoon1> that's awesome... I'm not at the location until tomorrow morning, but it was buggin' me so here I am asking...
<unit3> ahhh ok.
<unit3> Well, I can't guarantee I'll be around here tomorrow.
<unit3> but you still should be able to reinstall grub from a terminal off the live environment, so give it a shot, anyway.
<harpoon1> thanks
<unit3> np
<harpoon1> should I install grub on the MBR?
<unit3> yeah, unless you've got a good reason not to.
<harpoon1> (hd,0) instead of (hd0)?
<unit3> no, just (hd0) should do it.
<harpoon1> ok, not it makes sense
<harpoon1> (hd0,1) installs grub on the disk partition 1?
<harpoon1> (hd0) installs grub on the first bios disk?
<unit3> yeah, on the mbr.
<unit3> although (hd0,1) is actually the second partition, since grub numbers from 0
<unit3> so if your /boot is /dev/sda1, then you'd do this:
<unit3> root (hd0,0)
<unit3> setup (hd0)
<harpoon1> is root not on (hd0,1)?  I thought maybe the first partition was a small linux pratition for booting or something...
<unit3> and the quit grub and reboot. ;)
<unit3> Well, it depends on how you partitioned it.
<harpoon1> I let  ubuntu server partition...
<unit3> And grub's concept of "root" just means the filesystem the kernel lives on, which is usually /boot
<harpoon1> ah ok.
<harpoon1> unit3: do I not need to run grub-update or something?
<unit3> update-grub will update your /boot/grub/menu.lst file, which is grub's configuration file. You can run that if it looks like the file isn't up to date, but the one the installer put there should be current.
<unit3> Doesn't hurt to run it anyway.
<unit3> Grub's nice in that once it's installed on the mbr, you can just edit that file to make config changes, and you don't need to re-install it.
<unit3> But I was gonna say, you'll have to take a look at the partitioning on the drive when you log into the live environment, to see what to use for grub's root command.
<unit3> If you've got a separate /boot partition, use that, otherwise use the / partition.
<harpoon1> got it.
<unit3> great. :)
<harpoon1> if it went throught the whole install ok, it must be just grub
<harpoon1> if I installed ubuntu when the bios showed my 1st and 2nd primary as nothing, 3rd primary as CD, 4th primary as my sata drive:(
<harpoon1> most likely what caused this to happen
<unit3> maybe.
<unit3> Although grub usually doesn't get confused over CD drives.
<unit3> But a grub reinstall should fix it, regardless.
<selinuxium> hi all, i am trying to load my first vm using kvm... I am trying to use virt-install -v (interactive) and am stuck at 'What would you like to use as the disk (file path)?' What do I need to input to continue?
<unit3> well, generally you need a disk image or lvm segment to install to.
<unit3> If you don't have one created, you can make one with qemu-img.
<unit3> which is in the qemu package, iirc.
<selinuxium> unit3: what would you ddo
<selinuxium> ?
<unit3> well, depends... how big do you want your disk image to be? do you want to allocate all the space up front (which is faster for access), or only have it use disk space as it's allocated in the VM (which saves local disk usage)?
<unit3> There's lots of considerations when setting this stuff up. :)
<selinuxium> unit3: I am used to using VMware but want to use KVM... I have a server host (ubuntu) at the office and want to create test environments...  Can you move from one type to another post creation?
<unit3> Not easily. Mostly because the disk image formats aren't cross compatible.
<unit3> If you can convert the disk images, then generally you can move from one to the other.
<unit3> Note that if you're used to VMWare and want to do virtualization on Linux, you might be best served at looking into virtualbox before KVM.
<unit3> It includes more of the nicer management tools you'll be familiar with, and it's packaged for most major distros.
<selinuxium> unit3: If i used a lvm I could expand the logical partition? then expand the volume to match?
<unit3> selinuxium: well, that depends on what filesystem you use inside the VM.
<selinuxium> unit3: If I did that I may as well stick with VMware :)
<unit3> huh?
<unit3> Why?
<unit3> virtualbox is open source and freely available, it's a pretty compelling alternative to vmware, IMO.
<selinuxium> unit3: true... :)
<unit3> plus, performance and compatibility is better than KVM in my testing, although that changes all the time since they're both active projects.
<unit3> but in any case, you could certainly expand a logical volume, but whether your VM will expand to that space depends on the filesystem you use inside the vm, and whether it supports expansion.
<selinuxium> unit3: so if it is ntfs inside the lvm...? :)
<unit3> then you should be able to expand it, yeah, although you might have to use Linux tools depending on the version of Windows you're running.
<unit3> IIRC Vista supports expanding ntfs, but older desktop releases don't.
<unit3> Don't know about the server versions.
<selinuxium> unit3: ok cool... :) Thannks for the discussion. I am learning lots... :)
<unit3> no prob. I've done lots of work with VMs in the past couple years, and mostly on Ubuntu or Debian, so ask away. :)
<unit3> Oh yeah, the other nice thing about virtualbox is that because it's also available for windows, other linux, etc, it makes the VMs more portable, since you can just copy your entire virtualbox configs (including disk images) to another platform and run them.
<unit3> Oh, OS X and Solaris will run virtualbox too.
<selinuxium> unit3: what are the benefits of using KVM against the others, or am I jumping in too early?
<unit3> KVM's handy because its included in the kernel, so it'll be available by default on most recent distros.
<unit3> Other than that, not much, it's not very featurful or compatible compared to most other options.
<unit3> Is there a specific reason you're looking at kvm?
<selinuxium> unit3: also, battery will die on laptop soon so if I suddenly disappear that is why...
<unit3> haha ok
<uvirtbot> New bug: #302194 in bacula (universe) "package bacula-director-mysql 2.2.8-5ubuntu7 failed to install/upgrade: subprocess post-installation script returned error exit status 30" [Undecided,New] https://launchpad.net/bugs/302194
<selinuxium> unit3: only that it was the way ubuntu jumped so I wanted to see why...
<selinuxium> sorry, canonical...
<selinuxium> unit3: will Virtualbox install on an X'less server?
<unit3> Well, they went that way just because it was included in the kernel proper, and so support was easy to include by default in Ubuntu.
<unit3> I don't think it was based on any particularly rigorous technical comparisons or anything. :)
<unit3> Plus, they include virtualbox in the official apt sources now, so IMO it's equally well supported.
<unit3> selinuxium: IIRC it will install without X, but you'll have a harder time managing it. There is a commandline program to manage the VMs, but I'm not sure how well it compares to what kvm offers.
<unit3> You'd have to try them out and see what you think.
<unit3> oh, thought of another difference between the two:
<unit3> kvm requires virtualization support in your CPU. virtualbox will work without it, but you can't have 64-bit guests without it even if the host is 64-bit.
<unit3> So for 32-bit VMs, VirtualBox will work on hardware that kvm won't run on.
<selinuxium> but you can have 64bit guest if you do?
<selinuxium> unit3: ^^^
<unit3> yep
<unit3> as of the 2.4 release IIRC
<unit3> 64 bit guests work as long as you've got virtualization support in your CPU.
<unit3> oh, 2.0 release, sorry.
<unit3> They're only on 2.0.6, so there is no 2.4 release. ;)
<selinuxium> unit3: thanks for all you help I will give Vbox another bash! :) Going to shutdown before I fall down. Thank you again! :)
<unit3> Haha no problem, good luck. :)
<selinuxium> TTFN
#ubuntu-server 2008-11-26
<wo0f> hi, whats the best way to manage user/group permissions?
<wo0f> is there a better cli tool than merely chmoding every time?
<wo0f> brb
<wo0f> back
<Ahmuck> i'd like to move a set of raided hard drives from one server to another.  am i going to have to "re-install" evreything over again?
<Ahmuck> i'm following this tutorial - https://help.ubuntu.com/8.10/serverguide/C/advanced-installation.html and it dead ends into a loop.  i'd like to setup partitions in the same manner that i would if i had a raided set of drives "hardware side".  is there someone that could clarify the tutorial for me?
<sommer> Ahmuck: what do you mean by "dead ends into a loop"?
<Ahmuck> under the formatting section
<Ahmuck> i have a frame by frame screeshot
<sommer> Ahmuck: what raid level are you setting up?
<Ahmuck> raid1
<Ahmuck> i can set up a webpage with thumbnails and screenshots of each step.  it would take about 7 min to do so
<Ahmuck> step 3 of formating section
<Ahmuck> after doing the above steps, your only left with one partition
<sommer> Ahmuck: one raid partition?
<Ahmuck> if you select / as that partition, trying to finish the raid and ubuntu complians about no swap.  the expected behavior would be after setting up the raid to start the partition manager for multiple partition setup
<sommer> Ahmuck: ya, that's a good point
<Ahmuck> in hardware raid array, select disks, add to array, reboot, and the array is seen as one hard drive
<Ahmuck> is this a logic problem in the routine?
<sommer> Ahmuck: right, software raid is slightly different... because you're raiding multiple partitions
<Ahmuck> last night i tried setting up multiple partitions and creating a raid for each partition
<Ahmuck> and failed at that.  anyhow, following the tutorial sent me into a loop
<sommer> Ahmuck: that should work
<Ahmuck> which should work?
<sommer> a raid array for each parittion
<sommer> basically partition one drive like you normally would, but instead use the partition as a raid device
<sommer> then do the same for the 2nd drive... mirroring the first
<Ahmuck> going back to software raid, is there a reason that the software raid is not seen as one drive?  doesn't the software raid portions set something on the drives so it knows.  i would expect to reboot after setting up the raid array and then bieng presented with one drive to partition
<Ahmuck> is this a flaw in the software raid design, or is it convention to do it this way and were a bit stuck with it
<sommer> no, from my experience it's different because you're dealing with raided partitions instead of raided drives
<sommer> but you can raid a partition that coveres an entire drive
<Ahmuck> u can't raid two drives and then partition it as one drive?
<Ahmuck> that's confusing
<sommer> no... you need to raid paritiions on two different drives
<sommer> if that makes sense?
<sommer> for software to use a hard drive there needs to be a partition first... which can then be raided
<Ahmuck> k, so that's the way it is.  moving on.  i'm doing software raid and setting up on machine a.  will be changing to larger drives in three days.  i assume i can "expand" one drive onto the larger drive, and then add the second larger drive and allow the raid to populate it
<Ahmuck> sommer: makes sense
<sommer> Ahmuck: I'm not sure about that senario, but it may work
<Ahmuck> or, with the server, in windows changing hardware completely is a bad idea, which is why i'm choosing software raid.  in ubuntu, i'd like to change the entire server hardware in 180 days.  am i going to be forced into a data backup and complete re-install of ubuntu server?
<Ahmuck> such details as network cards, mobo, chips, video cards, and everything changes
<Ahmuck> does linux care or can i just move the drives and reboot?
<sommer> I would think that re-installing would be less of a headache if you're chaning that much hardware, but I guess I've never really tried chaning things that drastically
<sommer> the install process doesn't take that long :-)
<Ahmuck> well, i'd have to track changes in base configuration files
<Ahmuck> and backup/restore those
<Ahmuck> aonther reason i chose software raid so i could be independent of hardware raid changes
<Ahmuck> k, last question.  must both / sections of the partitions be bootable?
<Ahmuck> have the bootable flag set?
<sommer> Ahmuck: nope just one
<Ahmuck> what happens if i loose the bootable drive?
<Ahmuck> will the other one boot so i can change drives?
<sommer> Ahmuck: in Intrepid, that issue is solved
<Ahmuck> nice ... thx
<sommer> see the degraded raid section
<Ahmuck> :DDD
<Ahmuck> i saw that and that's what it appeared to be but i wanted to make sure
<Ahmuck> but i do need to set one drive as bootable, correct?
<sommer> for tracking config changes you might look into a VCS like bzr or svn... that's what I use, and it works quite well
<Ahmuck> k, i suspect you install that first
<sommer> Ahmuck: I do, but I'm not sure that it matters... I think grub will boot to whatever is configured regardless of the boot flag
<Ahmuck> how does the computer know to boot?  grub?
<Ahmuck> does it just look?
<sommer> /boot/grub/menu.1st is the config file
<Ahmuck> k, no flame wars, but what is considered best bzr or svn?
<Ahmuck> i often here of git with svn, cvs
<sommer> I like both pretty well, but for config file management it shouldn't matter much
<Ahmuck> any interest in a frame by frame tutorail for those of us that are text challenged
<Ahmuck> git would not do the job i suppose
<sommer> uh there's probably something out there, but svn and bzr are breifly covered in the serverguide
<sommer> git would work fine, I haven't used it much though
<sommer> basically you're just looking for a tool to track versions of files, so whatever you're comfortable with is really the *best* solution
<sommer> or at least that's how I use them :-)
<Ahmuck> create a partition the size of each section, /, /home, /usr/local and call it a raid drive, then combine to get the raid and then format each partition and label it /, /home, etc?
<Ahmuck> i assume that's the proceedure i follow
<sommer> yeppers
<Ahmuck> "use as physical volume"
<Ahmuck> ok, i followed a tutorial if found on the web like that and failed at it last evening for some reason.  i'll try again and touch back if i fail
<sommer> Ahmuck: sure, a word of advice... don't get frustrated when exploring new disk layouts and software, you're bound to not get it the way you want the first time :-)
<Ahmuck> i'm doing it in virtual box, so i can do and do and do :)
<ball> Well that's a predictable channel name :-)
<Ahmuck> in the tutorial it needs to tell the individual to create two partitions per drive, one for / and one for swap
<Ahmuck> anything beyond that becomes a partition tutorial, but my guess is to prevent confusion, it needs at least those two
<sommer> Ahmuck: ya, I'll get that updated for jaunty
<Ahmuck> is the tutorial like a wiki?
<Ahmuck> something that can be updated?
<Ahmuck> jaunty huh.  what is the name of the animal, i have not peeked yet
<ball> How does Ubuntu Server differ from Ubuntu?  Does it ship without an X server?
<Ahmuck> ball: correct
<ball> Ahmuch: presumably everything can be configured from the command line.
<sommer> Ahmuck: the serverguide is the "official" documentation, there's some quick instructions for submitting updates here: https://wiki.ubuntu.com/ServerTeam/GettingInvolved
<sommer> under the maintain documentation link
<ball> Is Jaunty to be avoided?
<sommer> jaunty is alpha 1... so it's definitely not production ready
<ball> Jaunty != 8.10 then?
<ball> Oh!  Hardy, that's what I have.
<ball> A very broken Hardy.
<Ahmuck> Intrepid is 8.10
 * ball looks around the study for a machine on which to try #ubuntu-server
<Ahmuck> good hardy is 8.04.1
<ball> So what about Intrepid?
<Ahmuck> intrepid is out now ball
<Ahmuck> r u still on hardy?
<ball> Yes
<ball> I managed to break my Hardy though.
<Ahmuck> ah
<ball> Okay, let me power up this Ubuntu box
<Ahmuck> sommer: k, i get "warnings" when doing it the other way.  i'm guessing one has to create the "raided" devices and then reboot before partitioning and labeling the partitions? ... i didn't, it gave me a warning, i hit continue, and it appears to be installing ... *confused*
<ball> Can Ubuntu-server be compiled completely from (open) source?
<sommer> Ahmuck: try rebooting then I guess
<ball> Aha!  found a candidate machine
<ball> Is there a way, from the command line, of telling how much RAM a machine has?
<ball> Linux' dmesg output seems inscrutible ;-)
<ball> Ah found it.
<ball> 256 Mbytes.
<Thirtysixway> cat /proc/meminfo
<ball> Thanks
<ball> Is ubuntu.org down?
<ball> Crap.  I can't seem to get anywhere.
<Thirtysixway> ubuntu.com is up
<ball> Thanks
<ball> Seamonkey was having a funny five minutes.
<pschulz01> Greetings.. has the scsi modules / userspace programs changes between 8.04 and 8.10? I used to be able to use /dev/tape/by-id/... but that doesn't seem to be working on my new 8.10 system.
<ball> I'm wondering whether to get 8.10 or 8.04.1
<Thirtysixway> I have 8.04 installed on my server, simply because it's supported for 5 years
<Thirtysixway> well I mean for other reasons too but that's a good reason :p
<ball> Ah, is that the LTS I remember hearing about?
<Thirtysixway> Yeah, 8.04 is LTS
<ball> Okay, fetching Ubuntu Server 8.10 via bittorrent
<ball> If that doesn't work, I'll fall back on 8.04
<Thirtysixway> I don't see why it wouldn't work.
<ball> We'll see anyway, soon enough.
<ball> Does it have a published minimum spec?
<Thirtysixway> https://help.ubuntu.com/8.10/serverguide/C/preparing-to-install.html
<ball> Ah good, I qualify.
<Thirtysixway> 8.04 seems to have the same minimum requirements, also.
<ball> Thanks
<ball> 10% downloaded
<ball> (of the ISO)
<pschulz01> Anyone here familar with udev?
<Thirtysixway> I think I have the 8.04 server cd around here somewhere.  I have so many Ubuntu cd's.
<ball> Oh cool, I just found another Webcam
<Thirtysixway> I kind of want to hook up a webcam to my server
<Ahmuck> sommer: thx, i'm making lots of progress and understand better what's going on this evening because of your help
<Thirtysixway> We have this compact florecent light that's been on since may 2006, it would be fun to have a little site going to watch it.  Sort of like that old 100 year old lightbulb
<SpunkMeYeR> hi all...
<SpunkMeYeR> what is the fastest command to search a file in ubuntu??
<Ahmuck> btw, hi ball
<Ahmuck> slocate
<Ahmuck> oh, nm
<SpunkMeYeR> like " locate <filename>" in rpm distro
<Ahmuck> ah, slocate <filename> is what i use
<ball> hello Ahmuck
<SpunkMeYeR> thanks Ahmuck..
<Steve[cug]> Lets say I have a user thats in multiple groups specified by the limits.conf file, is the last limit applied? smallest?
<Steve[cug]> anyone happen to have any ideas?
<LoveGuru> What about debian based Search .
<ball> Steve[cug] If membership of one group grants you permission to a resource, I don't think membership of other groups would revoke that. <- this is a blatant guess.  Test it!
<ScottK> sommer: You still around?
<Steve[cug]> ball.....guess it's all i can do
<Steve[cug]> :-p
<sommer> ScottK: uh, probably for a little while longer
<sommer> what's up?
<LoveGuru> is "slocate filename" work with debain based distro?
<ScottK> sommer: I was wondering if you'd be willing to do a bit more php-clamavlib work?
<ScottK> Before it was removed from Intrepid, we got a working version for clamav 0.94.x.
<ball> Steve[cug]: let us know what you find out.
<ScottK> What it would need is someone to port those changes to the 0.12 version we have in Dapper so that both php4 and php5 are supported.
<ScottK> sommer: ^^
<sommer> ScottK: gotcha, I can take a look at it
<ScottK> Thanks.
<ScottK> sommer: The 0.13 version is in the PPA.
<sommer> ScottK: so I'm clear, the clamav version in intrepid needs to be backported to dapper?
 * sommer checking
<ScottK> sommer: Yes.  The backported clamav for Dapper is in the PPA already.
<sommer> ScottK: ah, so only php4 and php5 need to work with it?
 * sommer should be able to handle that
<ScottK> sommer: I think most of the rest will backport OK and I've got other people in mind to pick on for the other bits that need doing.
<sommer> ScottK: I might not be able to get to it until Friday or so, but I'll let you know
<ScottK> sommer: No rush.  There's plenty of other stuff to do yet too.
<Ahmuck> loosing power on a box with software RAID is a bad thing?
<Ahmuck> LoveGuru: if you have it installed, yes
<Ahmuck> LoveGuru: not installed by default on *untu distros
<LoveGuru> Ahmuck: thanks. i see Everyone is here but.. So bzy don't have a single second to respond :)
<Ahmuck> ur welcome
<SpunkMeYeR> hi guys..
<SpunkMeYeR> i have an cgi script
<SpunkMeYeR> but when i execute that script in my homepage, it shows me the source code
<SpunkMeYeR> what should i do?
<ropetin> SpunkMeYeR: what webserver are you using?  Apache?
<SpunkMeYeR> ropetin, i running apache2
<ropetin> SpunkMeYeR: In which case more than likely you need to set AddType correctly for the filetype
<ropetin> Is it PHP?
<SpunkMeYeR> not .cgi
<SpunkMeYeR> no .cgi
<ropetin> What language is it written in?
<SpunkMeYeR> ropetin, it's perl
<domas> hi!
<ball> I'm about to burn my first Ubuntu Server CD
<domas> gz!
<domas> do netinstall!
<ball> domas: Sounds newfangled and scary.  I'm just trying to get used to optical media instead of mag tape.
<domas> haha
<domas> didn't install from mag tape for a while :)
<domas> (or floppies)
 * ball hugs /dev/st0
<ball> domas: my first Linux install was from a stack of 5.25" 1.2 Mbyte floppies
<domas> my first linux install was from 3.5" floppies ;-)
<domas> though did install SCO from tapes
<domas> =)
 * domas is a kid
 * ball <- old fart
<domas> I remember going 100 miles away to get SCO OS5 CD back in the day
<ball> How does Ubuntu Server compare with other server operating systems?
<domas> ball: free.
<ScottK> ball: What do you have experience with?
<domas> ball: other than that... um... lots and lots of packages that aren't ancient
<ball> ScottK: Unix, Netware, VMS, i5/OS etc.
<ball> Oh!  Concurrent CP/M-86
<ball> :-)
 * ScottK recalls CP/M.
<domas> ball: you don't need to recompile stuff too much, unless it is something you really actively run ;-)
<ScottK> Ideally you won't at all.
<domas> ScottK: nah, that never happens
<ball> Because Ubuntu uses binary packages and apt-get ?
<ScottK> Yes.
<domas> ScottK: ubuntu debugsyms are broken ;-(
<domas> ddebs for hardy is a toast
<ScottK> domas: That's one of the reasons I'm an Ubuntu developer.  I make sure it happes for the stuff I care about.
<ball> What does it mean to be an Ubuntu developer?  You contribute code?
<domas> ScottK: well, stuff like recursive mutex deadlocks in single-threaded apps can't be resolved without a recompile ;-)
<ScottK> Mostly I package software.
<ScottK> OK.
<domas> ScottK: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/164533 ;-)
<uvirtbot> Launchpad bug 164533 in imagemagick "imagemagick tools should be built without threading (or recursive mutexes fixed)" [Medium,Confirmed]
<ScottK> I do some code as well, but mostly it's packaging, updating and integration.
<ScottK> Right, that one isn't a problem for me.
<domas> anyway, lack of ddebs is sad
<ball> Damn this is taking a while to drag to Mrs. ball's PC
<ScottK> ball: Ubuntu server is a lot like any Unix'ish system, but with a lot of good structure for package management.
<domas> ScottK: Ubuntu sometimes seems to over-package stuff
<ScottK> domas: No doubt.
<domas> as in, too many local modifications
<domas> e.g. mysql startup script will run 'CHECK TABLES' on every server restart
<ScottK> We generally strive to keep them to a minimum.
<hads> That's a debianism isn't it?
<domas> yeah, thats debianism
<ScottK> I think so.
<domas> I don't see debian too much
<ScottK> So Ubuntu Server is a lot like Debian on a server except less ancient.
<domas> true :)
<Koon> domas: there aren't so many local modifications. Most of them are either upstream patches that we baclported to the current release, or thikngs linked to the packaging (init script, etc.)
<ScottK> It's also gotten (and will continue to get) more user friendly.
<domas> Koon: yeah, I followed changelogs for some packages %)
<domas> have to file one more bug
<domas> with debian/ubuntu mods
<Koon> domas: but that's true there are a few notable exceptions :)
<domas> can anyone kick canonical for breaking ddebs, please? :)
<Koon> there is also the case of FHS compiance
<ball> I don't think I've ever used Debian
<Koon> if you take tomcat6, I had to break it so that it fits in the right slots
<domas> oh, are they unbroken
 * domas can't believe own eyes
<Koon> because "everything is one directory" is nice from upstream pov, but not from a distro pov
<ScottK> Or you an bundle up half the universe in your Ruby on Rails app, but that doesn't make it a great idea for the masses.
<domas> Koon: I did package internal mysql build, and got a bit of "hey, thats not a nice package!" from OS guy
<domas> I just put it into /usr/packagename/* :)
<ball> "not a nice package"?
<domas> damn pedants
<domas> oh, and I replaced start/stop script with "start: mysqld & stop: killall mysqld" :)
<ScottK> ball: We have a lot of rules about how stuff is supposed to be done.  For the system as a whole that's a good thing.  It can make some packages more complex than they might technically need to be.
<ball> Is it consistent though?
<ScottK> The policy is consistent.
<ScottK> Is every package perfect, of course not.
<domas> well, the way I build internal packages doesn't always have to follow policies ;-)
<ScottK> Exactly.
<domas> on the other hand, I build them based on my own subversion/bazaar repo
<hads> I was thinking about packaging FreeSWITCH but it would need some fairly major mods I think - it's an everything in one dir.
<ScottK> Generally you can move stuff about as needed in debian/rules.
<hads> It has existing debian/ which installs to /opt
<hads> And I think it expects to be all in one dir.
<ScottK> Right, so a bit of fun then.
<hads> Yeah, it put me off it a little :)
<hads> The software is fantastic, just packaging it doesn't sound like fun.
<kraut> moin
<uvirtbot> New bug: #302092 in samba (main) "logging in immediately logs out again" [Undecided,Incomplete] https://launchpad.net/bugs/302092
<uvirtbot> New bug: #302026 in pam (main) "likewise-open prevents local passwords from being changed" [Undecided,New] https://launchpad.net/bugs/302026
<jtmoney> hey guys, setting up a software RAID-1 with intrepid... after my RAID syncs (after the first boot), i get a lot of "DRDY ERR" errors of type "UNC"... i looked this error up on libata's wiki and it says it's an "Uncorrectable error - often due to bad sectors on the disk"... is this normal on a new hard drive? will ubuntu finally get all the bad sectors worked out and no longer use them?
<ahasenack> soren: hi
<ahasenack> soren: remember my question yesterday about ia64 port?
<ahasenack> soren: the sources.list that guy has is of the form: "deb http://ports.ubuntu.com/ubuntu-ports/ hardy main restricted"
<ahasenack> soren: I'm doing some tests and that url seems wrong, apparently this would be the right one: "deb http://ports.ubuntu.com/ hardy main restricted"
<soren> ahasenack: If he's on hardy that explains why he only sees the landscape-client placeholder.
<soren> ahasenack: landscape-client |        0.1 |         hardy | source, all
<soren> landscape-client | 1.0.23-0ubuntu0.8.10.1 |      intrepid | source, all
<ahasenack> sommer: oh
<ahasenack> ahasenack: completely right
<ahasenack> soren: somehow I forgot that lc was in main only from intrepid onwards
<soren> :)
<soren> ahasenack: You did say that he was running Intrepid yesterday.
<ahasenack> soren: he did say so
<ahasenack> soren: "I have a 8.10 install on a HP dual IA64"
<ahasenack> soren: so maybe he is just using the wrong sources list, or sent me the wrong one
<soren> 11:44 < ahasenack> soren: how is it maintained? We got a guy with such a machine and intrepid, and he wants to try out landscape, but he ha
<soren> s the stub package installed (version 0.1), so I'm guessing the "real" intrepid was not ported to ia64
<ahasenack> ^^^
<uvirtbot> ahasenack: Error: "^^" is not a valid command.
<soren> Well, the problems he was having are consistent with running Hardy.
<ahasenack> soren: I'll find out, thanks for the help
<soren> So he's probably just thinks he's running Intrepid, but really isn't.
<Deeps> i have an inbound packet coming from 1.2.3.4, is it possible to use iptables (or anything, really) to rewrite the packet on entry to appear from source 2.3.4.5, and then similarly rewrite any outbound packets destined for 2.3.4.5 rewrite them to be destined for 1.2.3.4?
<nme> Deeps: its called SNAT
<nme> or NAT ;)
<Deeps> nme: not having much joy with postrouting + snat
<ivoks> iptables -A POSTROUTING -s 1.2.3.4 -j SNAT --to-source 2.3.4.5
<ivoks> iptables -A POSTROUTING -s 2.3.4.5 -j DNAT --to-destination 1.2.3.4
<Deeps> isnt DNAT prerouting only?
<ivoks> my bad, PREROUTING
<Deeps> bad arg if done postrouting, eitherway i can still ping 1.2.3.4 fine, but not 2.3.4.5
<Deeps> http://i35.tinypic.com/dvj5mu.png
<Deeps> if that helps
<Deeps> basically just want the application level to see the source ip being different to what it really is
<ivoks> well, for start, add 1.1.1.2 on the second computer
<ivoks> or...
<Deeps> cant, that's part of the problem, hense trying to jiggle it with iptables
<ivoks> not
<ivoks> iptables -A PREROUTING -s 1.1.1.1 -d 1.1.1.2 -j DNAT --to-destination 1.2.3.4
<ivoks> iptables -A PREROUTING -s 1.2.3.4 -j DNAT --to-destination 1.1.1.2
<ivoks> something like that...
<ivoks> first machine should have both 1.1.1.1 and 1.1.1.2 ips
<nme> thats wrong
<ivoks> could be :)
<nme> iptables -A PREROUTING -t nat ...
<Deeps> yeah i'm using -t nat already, not that thick ;)
<ivoks> doh...
<Deeps> basically got an application that requires all clients to be within the same /24, but clients are on the same /8 and cant change this configuration
<nme> those packets come to You from behind a router? isnt it same lan?
<Deeps> same lan
<nme> and your linux box with iptables you are setting is between those clients and the app?
<Deeps> linux box is running the app
<nme> and those two rules SNAT and DNAT dont solve the problem?
<Deeps> nope
<Deeps> -A PREROUTING -d 1.1.1.2 -j DNAT --to 1.2.3.4
<Deeps> -A POSTROUTING -s 1.2.3.4 -j SNAT --to 1.1.1.2
<Deeps> you'd think that would do it, but then again that might only work for routed packets
<nme> iptables -L PREROUTING -t nat -n -v -x  <- does the rules have increasing count of packets?
<Deeps> nope, not hitting the rule at all then
<Deeps> Chain PREROUTING (policy ACCEPT 1011 packets, 133220 bytes)
<Deeps> that packet count is increasing
<Deeps> the rule pkts is still 0 though
<Deeps> haha, silly me
<Deeps> -t nat -I OUTPUT
<Deeps> unfortunately, inbound connections from 1.2.3.4 still appear to be coming from 1.2.3.4
<Deeps> rather than 1.1.1.2 :/
<uvirtbot> New bug: #300226 in bind9 (main) "Prints error messages to stdout" [Wishlist,New] https://launchpad.net/bugs/300226
<Deeps> need a nat input rule that allows snat, prerouting doesn't :/
<CrummyGummy> Hi all, I need to install a debing-etch kernel in order to install the HPopenipmi drivers. What are the ods of me getting this right without breaking anything?
<ivoks> CrummyGummy: almost none
<ivoks> CrummyGummy: what's wrong with openipmi in ubuntu?
<CrummyGummy> The hp control/admin packages don't run properly without the HP ipmi drivers.
<CrummyGummy> :(
<CrummyGummy> These are only compiled for Debian.
 * CrummyGummy wishes that HP would support Ubuntu
<joerlend_> is it possible to password protect NFS shares, or limit access based on logins?
<joerlend_> that is, I have my users and groups in an ldap directory and I'd like to share homes for those users, but only to those users.
<sommer> joerlend_: regular directory permissions should limit access just fine... I'd think
<maswan> joerlend_: If you want better NFS auth than uid/gid you need to go to NFSv4.
<joerlend_> wouldn't it be possible to recreate those users on a client machine and gain access?
<joerlend_> maswan, what do I have to do to get that?
<maswan> joerlend_: TBH, I don't really know. I just know that as of v4 you can have real auth and user mappings based on something else than client uids, but you need to read up on it. And then try it out too.
<maswan> It is a new standard, so implementation is patchy here and there.
<joerlend_> oh, ok. Yes, NFS support is implemented in the kernel?
<maswan> Yes.
<maswan> At least if we're talking hardy or newer. I'm not so sure on dapper.
<joerlend_> hardy is the oldest version I'd use :)
<nme> anyone uses openldap in intrepid?
<joerlend_> tried with no success. There's been some changes since hardy, so the guides for it doesn't work, I think.
<joerlend_> nme, however... I'm sure you had another question in mind?
<nme> joerlend_: there are new docs for intrepid
<nme> joerlend_: im unable to change debug level for slapd - it hangs during start with OPTIONS="-d anything"
<sommer> nme: try starting slapd from a terminal, not using the start script and see what errors occur
<nme> sommer: tried slapd -d -1, tried slapd -d 4294967295 - both start with no problems, You solved my issue anyway, I can now debug, ty!
<sommer> nme: np
<joerlend_> perhaps sshfs is an alternative to consider?
<nme> joerlend_: NFS works for sure. 2 weeks ago I was experimenting on my intrepid as a server for pxe over nfs and everything went fine.
<nme> joerlend_: if you are having issues with nfs check your firewall - in some cases it can block services like statd making them unable to start
<maswan> joerlend_: If you need that kind of auth, probably. The NFS (up until v4 at least) auth model means that anyone that has root on a client can do anything as any user.
<joerlend_> nme, yes, NFS works just fine, but I'd like to limit access to users in my LDAP directory.
<joerlend_> maswan, right, meaning that a live cd is all you need to cause headaches.
<_jmedina> maswan: not without root squash
<domas> _jmedina: "as any user except root"
<_jmedina> joerlend you can use nisMap entries in your directory and mount with automount, so you only mount /home/user and not /
<_jmedina> i mean not the whole /home/
<_jmedina> you can even use NIS netgroups and limit wich users can login in a specific system, you can limit by, user, group and ip, or a combination
<_jmedina> I like to use that
<opapo> I am using openldap on Ubuntu 8.04.  I can use getent on the client, but id doesn't work
<shoot^> Guys, having real issues here. My server arbitrarily disconnects from the wireless, and doesn't reconnect itself. Its using a Static IP over DHCP. Anyone able to help?
<opapo> I restarted nscd and id worked
<jtmoney> hey guys, setting up a software RAID-1 with intrepid... after my RAID syncs (after the first boot), i get a lot of "DRDY ERR" errors of type "UNC"... i looked this error up on libata's wiki and it says it's an "Uncorrectable error - often due to bad sectors on the disk"... is this normal on a new hard drive? will ubuntu finally get all the bad sectors worked out and no longer use them?
<centaur5> jtmoney: I would download the manufacturer's hard drive diagnostic utility and if it passes as defective warranty it.
<leonel_> ScottK: I'll check what came out today  and  add to  the  previous patches
<uvirtbot> New bug: #302542 in samba (main) "upgrade from 8.04 to 8.10" [Undecided,New] https://launchpad.net/bugs/302542
<jtmoney> centaur5: i did... bad drive
<jtmoney> what are the odds? i've bought two seagates... one was bad... then two hitachis... one was bad
<jtmoney> incompetent UPS man?
<jtmoney> :)
<centaur5> jtmoney: I don't come across bad Seagate's very often but it does happen. Hitachi on the other hand, will they allow you to exchange for Seagate?  :)
<jtmoney> newegg is letting me return all four and i'm buying western digital and being done with it
<Deeps> http://www.storagereview.com/
<Deeps> have a survey my manufacutrer and model number
<Deeps> s/my/by/
<Deeps> so you can see based on a larger sample what reliability for various drives are like
<robertj> does anyone have pptpd working?
<robertj> GRE: Bad checksum from pppd <- :(
<Jared555> is ubuntu-server a good choice for a dedicated firewall system or should I run something like ipcop/smoothwall or even openbsd?
<tonyyarusso> Jared555: all of the above will work just fine with a competent administrator.  Use whatever you're most comfortable with.
<Jared555> does ubuntu server have qos functionality by default or do you have to recompile the kernel?
<Baversjo> Hello, is there anything scponly-users can do with my server after a fresh install of scponly? What I found myself is that they cannot use SCP, no shell and they can use Tunneling. Is there anything more that they can/cannot do?
<uvirtbot> New bug: #302605 in samba (main) "smbd doesn't start, fails to generate "machine SID," dumps core" [Undecided,New] https://launchpad.net/bugs/302605
<mathiaz> soren: I've got an open-iscsi package ready. If you wanna review it: http://people.ubuntu.com/~mathiaz/packages/
<mathiaz> soren: it implements the ifupdown strategy we've talked about
<soren> Whee!
<slestak> i am reconsidering the intelligence of not setting up lvm when I configured my last intrepid machine
<slestak> it is not a production machine, so there are not lots of ppl depeneding on it.
<slestak> but I am considering using the machine for a backuppc host, and now want to add an lvm partition.  i have no care of / is in lvm, and i know /boot cannot be in it
<slestak> i have extra sata drives, can i have a non-lvm root and add some pv's into a volume group for sth like /var/backuppc ?
<ScottK> leonel_: Thanks.
<centaur5> Jared555: If you use Ebox it has a traffic shaping module for QoS.
<MatBoy> damn, my php does not reports errors when the settings are ok :S
<LoveGuru> If the Settings are ok. then why php reports an error?
<LoveGuru> Is there anyone who familiar with vsftpd server?
<BleSS> when I install OpenLdap (slapd ldap-utils) it isn't being installed the config file '/etc/ldap/slapd.conf' by default, is it ok?
<andymd> ok for what?
<BleSS> I refer that if that is normal/correct
<BleSS> because I'm supposed that should be installed a config file by default
<andymd> I think it is ok
<BleSS>  /etc/ldap/ldap.conf -> it's created
<BleSS> but not slapd.conf
<andymd> but not be oriented
<BleSS> and this document speaks about that file (so it should be) https://help.ubuntu.com/community/OpenLDAPServer
<BleSS> well, it is always possible come back to debian server
<J-_> I've downloaded drupal, and installed it from the drupal website and I'm wondering if anyone else has had any problem with the SMTP module and PHPmailer? I can't get phpmailer to work. Can anyone help?
#ubuntu-server 2008-11-27
<slestak> ive got a brand new mdadm raid1 dev rebuilding right now
<slestak> there is not data on it, just an empty ext3 fs.  i want to change its mount point.  i dont think i need to wait for the rebuild to complete.
<slestak> think its safe to umount and re mount it somewhere else while mdadm is syncing?
<jmarsden|work> slestak: I *think* it would be safe.  But I've never tried that...
<slestak> jmarsden|work: i used the time effectively, pizza and a beer
<jmarsden|work> Now that's some serious multitasking ;)
<slestak> crappy costco pizza, thought i was going to ralph
<jmarsden|work> slestak: See if you can sneak a pizza oven (described using appropriate technical jargon) into the IT equipment budget approval list, and then bake your own pizza?? :)
<slestak> im trying to use sudo to "cp -a" a dir i dont have permission to as my regular user.  i cannot even ls it.
<slestak> got it solved
<seede> hi all, im trying to find a particular keyword that could be in a config file anywhere. i want to search for it while excluding certain directories. i searched the webs and found that this command should do the trick:
<seede> find / -path /lib -prune -o -path /dev -prune -o -path /proc -prune -o -path /home -prune -o -exec grep -RH searchstring {} \;
<seede> but when i run it i get for example : " grep: /lib/udev/devices/console: Permission denied" and now it appears to be hung
<seede> any ideas what im doing wrong? Im using -path not -wholename because i want this to be portable and work on an ubuntu and red hat system
<seede> why is it hanging and why is it not excluding /lib
<mpaiva> hi, anyone with ldap experience?
<axisys> sudo do-release-upgrade does not upgrade 8.04 server to 8.10 even though I set the Prompt=normal in /etc/update-manager/release-upgrades file
<axisys> yes I ran the sudo apt-get install update-manager-core before
<axisys> followign this http://www.ubuntu.com/getubuntu/upgrading
<axisys> is there a bug I am hitting ?
<sommer> axisys: do-release-upgrade on an lts release will want to upgrade to another lts... there's a config file you need to adjust
<sommer> axisys: not quite sure which one it is though :(
<genii> apt.conf maybe
<axisys> dont see an apt.conf file
<axisys> sommer: what u r saying does not match with this http://www.ubuntu.com/getubuntu/upgrading
<axisys> https://help.ubuntu.com/community/IntrepidUpgrades gave the same instruction too for server
<ropetin> Hmmm, I'm having a weird issue, that hopefully won't mean I need to reinstall.  I just set up two new Hardy servers remotely.  Everything seemed fine.  When I try and log in locally, rather than typing the letters of my username, the screen shows little 'diamond' symbols
<ropetin> Any ideas what might be up?
<jmarsden> ropetin: Stuck Alt-Gr key??  Or a font issue of some sort?  Can you actually log in OK?
<ropetin>  No, won't let me log in, I tried typing my username and password anyway, but it rejects it, so it can't be typing the correct characters
<ropetin> I'd be fine if I could just type in the dark, but I can't even get logged in!
<ropetin> Funny thing is, happened on two identical servers, installed from the same media
<ropetin> Or not funny, because I'm now 2  hours behind!
<jmarsden> Sounds like the keyboard is not the kind of keyboard you told the installer you have??
<ropetin> That's what I'd guess too (although I know it is) but I can't log in to change it :)
<ropetin> Meh
<jmarsden> Do you have one of whatever keyboard type you chose??
<ropetin> Yup, it's the one that's plugged in
<jmarsden> Ah... then... I have no idea how to fix that.  Your install didn't set up and enable openssh-server, by some good fortune, did it?  If so, can you log in over the network?
<ropetin> Yeah, it did, but unfortunately the last thing I did was break my network, so I need local access to fix that
<ropetin> It's not my day!
<ropetin> NP, reinstall it is
<jmarsden> I'd say so...  broken keyboard + broken network = reinstall
 * ropetin hates computers!
<BeeBuu> can i install a JEOS into a real machine?
<kraut> moin
<BeeBuu> moin?
<nme> heeelp, anyone succeed running sasl on openldap (intrepid) ?
<hads> JeOS is just a minimal install, no reason why not.
<BeeBuu> hads: you mean yes?
<BeeBuu> all document just said for VM.....
<nme> BeeBuu: you can install on real machine
<BeeBuu> nme: thanks.
<nme> BeeBuu: Ubuntu promotes kvm which gives full virtualization, that can run Microsoft OS'es so there is no reason why "Jeos" could be somehow magical :) kvm runs other Linux distros too without any problem, Ubuntu Desktop works too :)
<BeeBuu> nme: i got it.
<soren> nme: The jeos install by default will install the -virtual kernel flavour which only contains drivers for the hardware you'll find in virtual machines.
<nme> hm
<nme> but, kvm emulates various ethernet cards so network would work and he will be able to replace it with -server
<nme> btw. what are the differences (where can I read about it) between -desktop and -server kernel?
<soren> nme: They're rather minor, really.
<soren> nme: Different scheduling options. That's all.
<soren> kvm does emulate various ethernet cards. And the -virtual kernel flavour supports them. That doesn't mean that any *real* ethernet card you might have is supported.
<ivoks> helou
<soren> Hey, ivoks.
<ivoks> hi soren
<selinuxium> Hi all. Can you run VMware and KVM on the same box? with only clients from one Virtualisation running at a time?
<yann2> I would say you can probably run both at the same time, just give it a try
<_ruben> is it possible to somehow "preseed" the dpkg (?) questions that pop up like when installing postfix for example?
<ivoks> never tried that, but i don't see why it should work like normal preseed
<_ruben> hm, just realised i should doing this differently .. which would open up that option .. now im working on a post-install script to replace our manual post install tasks .. guess if i'd add postfix and the like to the extra-packages thingie, it should be preseed-able probably .. lets try that
<ivoks> it worked for me :)
<ivoks> basicaly:
<ivoks> apt-get install postfix
<ivoks> ...
<ivoks> debconf-get-selections &> postfix-config
<ivoks> apt-get purge postfix
<ivoks> and then
<ivoks> cat postfix-config | debconf-set-selections
<ivoks> apt-get install postfix
<ivoks> no questions asked
<_ruben> sweet
<ivoks> right... turbo sweet
<_ruben> hmm .. what was that 'trick' again to accept a default value without explicitly specifying it?
<_ruben> when preseeding that is
<ivoks> well, you can edit configuration options
<ivoks> install postfix and configure it like you want
<ivoks> then preseed it to other machines
<_ruben> well, one of the questions is the mailname, which is the fqdn of the system and can thus not be hardcoded
<ivoks> true, but you could extract that info from some place else
<ivoks> for example, once i've created single install media for 60 different machines
<_ruben> "seen true" might do the trick
<ivoks> all those machines had uniq IPs, offered by dhcp server
<ivoks> and all those machines had the same /etc/hosts
<ivoks> so, during installation, i extracted hostname from /etc/hosts, based on their IP
<soren> selinuxium: No, you can't.
<selinuxium> Cheers soren
<soren> :)
<ivoks> soren: why not?
<selinuxium> I have uninstalled all the KVM stuff and I am trying to install VMware on Ibex... It isn't building the vmmon module... Any ideas how to resolve?
<_ruben> selinuxium: did you apply the most recent any-to-any patch to your vmware install dir
<_ruben> ?
<Jared555> hey.... is   ebox: Depends: libapache-authcookie-perl but it is not installable   a known error?
<_ruben> vmware doesnt support bleeding-edge kernels, and bleeding-edge is a rather large area in vmware's opinion
<danielm_mc> anyone know how to find out what loads netfilter and iptables modules?
<_ruben> iptables does
<danielm_mc> hah yah, something is loading it and i can't figure out what
<danielm_mc> nothing in /etc/init.d
<danielm_mc> any ideas?
<soren> ivoks: They both want to use VMX.
<soren> ivoks: And since there's only one thing in the upstream kernel that does that, there's not an agreed upon locking mechanism for it.
<ivoks> so, kvm wins
<ivoks> yay! :D
<ivoks> well, if one uses vmware without vmx, it should work, right?
<soren> ivoks: one doesn't.
<ivoks> :)
<soren> AFAIK, it's not configurable.
<soren> If it sees it, it uses it
<ivoks> i see
<_ruben> i *think* vmware only uses vmx for 64bits guests, tho i might be wrong
<selinuxium> _ruben: any-to-any patch?
<_ruben> http://groups.google.com/group/vmkernelnewbies/files
<ivoks> bbl
<danielm_mc> hm, yeah any help tracking down whats loading netfilter/iptables would be awesome :)
<danielm_mc> i can't find anything that is loading it
<Koon> zul: about rhcs, should I push a separate SRU for bug 290399, or do you plan a common SRU for both issues ?
<uvirtbot> Launchpad bug 290399 in redhat-cluster "After ran the command fence_tool dump, the fenced process will take 100% CPU usage" [Undecided,Confirmed] https://launchpad.net/bugs/290399
<zul> Koon: if you could try to test the fix in my ppa that would be cool before we do the sru
<Koon> zul: I can test for presence of scsi_reserve, but I miss the rhcs test setup to confirm it actually does anything
<zul> Koon: yeah I need to find some time to set it up
<selinuxium> _ruben: still same error  :(  http://pastebin.ubuntu.com/77364/
<_ruben> guess the latest any-to-any patch isnt recent enough for intrepid's kernel
<_ruben> the 'not found' errors seem tricky as well ... perhaps a vmware server 1.x vs 2.x issue or smth
<_ruben> havent used vmware server in quite some time and only on (more or less) supported hosts
<_ruben> grmbl .. when i try to preseed postfix into my auto install setup, it gives me "unclean target" crap .. wtf
<selinuxium> _ruben: Cheers for your help...
<selinuxium> going to download LTS...
<ball> What is "Landscape"?
<ball> (in the context of an Ubuntu Server install)
<ball> Hello RoAkSoAx
<RoAkSoAx> hi ball
<Koon> ball: http://www.canonical.com/projects/landscape
<jamey-uk> I upgraded my VPS from hardy to intrepid, everything worked fine except now it hangs on "Starting kernel log daemon..." Any ideas?
<ball> Koon: Is it the preferred, or usual way of managing an Ubuntu Server box?
<ball> hello jimay-uk
<ball> jamey*
<ball> Cambridgeshire?
<lamont> _ruben: preseeding postfix (specifically mydestination, iirc) requires a little bit of love with a cluebat, for some painful reasons
<Deeps> ball: it's a commercial support offering that facilitates managing multiple servers
<ball> Okay, I'll skip it for now then.
<ball> Thanks
<lamont> _ruben: see also bug 252980
<uvirtbot> Launchpad bug 252980 in postfix "mydestinations can't be preseeded" [Undecided,Confirmed] https://launchpad.net/bugs/252980
<jamey-uk> ball: hi there
<jamey-uk> oh
<jamey-uk> why did ball leave? =/
<_ruben> lamont: for now i only care about satelite+smarthost setup and its 2 questions (mailname + smarthost)
<lamont> _ruben: mailname force-defaults to hostname --fqdn, unless /etc/mailname already exists, in which case that becomes the (forced) default
<lamont> otoh, you probably want: d-i postfix/mailname seen true
<lamont> and the trivial solution for relayhost is to just make 'smtp.$domain' work :-)
<lamont> or mark it seen, too.
<lamont> since it force-defaults as well
<lamont> (patches welcome...)
<jamey-uk> Does anyone know why I get "Starting kernel log daemon..." hanging after upgrading to intrepid?
<_ruben> lamont: that's what i was trying to accomplish just now, but when i use pkgsel/include string postfix .. i run into some bug possibly related to my specific setup
<_ruben> next experiment will be using a custom post install script which uses ivoks' appreach (debconf-set-selection)
<lamont> interesting.  I know we're preseeding it here without any difficulties other than a bit of bitchslappery in the d-i values and flags
<lamont> OTOH, I didn't set that part of it up
<_ruben> error: Cannot find a question for postfix/mailname
<lamont> though, I do care, since it is my package...
<lamont> hrm
<lamont> that's rather odd
<_ruben> tried: (d-i|postfix) postfix/mailname seen true
<_ruben> lamont: it only seems to work *after* postfix is installed .. catch-22 ;)
<_ruben> after purging postfix, debconf-set-selection bails out again
<lamont> we pick up postfix via: d-i pkgsel/include string ... postfix ...
<_ruben> lamont: tried the same here, but i ended up with a installer that tought my target was unclean
<_ruben> wonder if this all is somehow related .. postfix package being slightly bugged in some odd way ..
 * _ruben hides
<_ruben> i'll try to dive into it some more tomorrow, for now its time to head home
<lamont> interesting... unclean target usually means some other silliness is present...
<_ruben> unclean-ness i reproducable on both intrepid and hardy .. already bugged -installer channel about it .. will run some more tests tomorrow
<_ruben> be back in 15hrs aprox .. thanks for the help so far
 * lamont goes to do turkey-day
<uvirtbot> New bug: #299848 in ipsec-tools (main) "armel build failure (package not yet in the archive)" [Undecided,Fix released] https://launchpad.net/bugs/299848
<uvirtbot> New bug: #302872 in samba (main) "package samba 2:3.2.3-1ubuntu3 failed to install/upgrade: subprocess new post-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/302872
<Juak> hi all
<jmarsden> Happy Thanksgiving
<Juak> i'm i have a little issue using dancer's distributed shell. i get the following from the remote hosts: "stdin: not a tty". what could this mean?
<jmarsden> Juak: I'm not sure.  Is there anything in the shell .profile (and similar) files that is outputting stuff which is confusing dsh??
<Juak> .profile .bashrc etc are all default distro files (ubuntu server). i've read something about mesg y affecting the output, but it isn't included in ~/[.bashrc, .profile]
<jmarsden> It seems to be dependent on what command you run?   For me (just tested): dsh -m localhost w  # works fine
<jmarsden> But:  dsh - m localhost mesg   # gets me that error
<Juak> yep, i was first tring to run bash, but now running dsh with no commands give it too
<jmarsden> So for you even    dsh -m localhost w    # will give the error?
<Juak> i haven't tried with localhost, wait i'll try
<Juak> oops, i forgot i wasn't running sshd on localhost :P
<jmarsden> That would help :-)  I just used localhost for testing so any network issues should not be a factor...
<Juak> actually i have to install it, i'll do that now
<jmarsden> OK ... I need to go eat breakfast, back in a little bit...
<espacious> hello im trying to setup samba to work with AD (shares accesed with AD user accounts)
<espacious> AD runs on separate win2003
<espacious> can somebody help me out a bit as i found some tutorials but i think i have all installed and configured but is not ok
<Juak> i've finished my first samba/ad config yesterday succesfully
<Juak> i can give you a few urls that helped me, i'm with w2k AD (i think it's a little different)
<Juak> what distro?
<mathiaz> EtienneG: do you have soren's patch to ifenslave for iscsi bonded interfaces?
<EtienneG> mathiaz, yes, hold on
<EtienneG> mathiaz, it is not really a patch tp ifenslave, though
<mathiaz> EtienneG: soren mentionned ifenslave during last week discussion about iscsi
<EtienneG> mathiaz, yes.  what he proposed was a script in /etc/network/if-preup.d that would bring the bonded interface online as soon as a slave was discovered
<EtienneG> interesting approach, and it work
<EtienneG> at least for the iscsi bug we have been discussing lately
<EtienneG> mathiaz, check your inbox now
<ivoks> hi all
<EtienneG> hi ikonia
<ivoks> :)
<EtienneG> arr!  damn XChat completion!!!!
<ivoks> hi ewook
<ivoks> :D
<mathiaz> hi ivoks !
<mathiaz> EtienneG: thanks!
<EtienneG> mathiaz, basically, it involve adding a "master" directive in the slave interface stanza in /etc/network/interfaces
<EtienneG> this would probably require being documented somewhere
<espacious> Juak please would be nice
<espacious> i have ubuntu latest server and win2k3 server
<uvirtbot> New bug: #302914 in tomcat6 (main) "tomcat6-examples stops tomcat6 during installation - auto-deployement should be used instead" [Wishlist,New] https://launchpad.net/bugs/302914
 * ball is typing this on a freshly-installed Ubuntu Server box
<ball> (happy Thanksgiving btw to those of you in the U.S.)
<LoveGuru> Same to ya Ball :)
<jmarsden> ball: Happy Thanksgiving.  BTW, if you didn't do it already, I suggest that you do    sudo apt-get update && sudo apt-get update on your new server, there have been kernel fixes since the 8.10 release
<ball> Thanks, I'll try that.
<ball> I've got irssi, lynx and joe installed
 * jmarsden thinks... irssi is the #1 app on a new server...? ;)
<LoveGuru> *Happy Thanksgiving to awl*
<uvirtbot> New bug: #300697 in tomcat6 (main) "Tomcat6 AJP connector should be disabled by default" [Wishlist,Fix released] https://launchpad.net/bugs/300697
<ball> oooh!  Can I point out a bug?
<jmarsden> ball: Sure... go ahead :)
<ball> Because I told it that I live in the U.S, I wasn't given the option of keeping the clock at UTC
<jmarsden> Are you sure it asks you that question if you tell it you live somewhere else?
<ball> jmarsden: if it doesn't, it should.
<ball> This is a server OS
<jmarsden> I agree that servers should keep their hardware clocks in UTC.  So is the bug that it never asks, or that it doesn't ask "because you told it that you live in the U.S" ?
<ball> jmarsden: well, it presented me with a list of U.S. timezones.  That makes sense, but the omission of UTC doesn't imo.
<jmarsden> I somewhat agree, but it could be argued that this is a way to simplify the initial installer dialog... did it actualy set your hardware clock to use UTC?
<ball> I haven't looked yet, but UTC should be available as a timezone, regardless of the RTC
<jmarsden> Oh, that's a different bug.  bug 204654
<uvirtbot> Launchpad bug 204654 in gnome-panel "add UTC entry to clock" [Wishlist,Triaged] https://launchpad.net/bugs/204654
<jmarsden> Well, hmm, that's for gnome panel... I think there is a more general one somewhere...
<ball> That talks about gnome-panel though
<ball> Ah, there you go.
<ball> Yes, I think the Ubuntu Server installer should also include that option.
<ScottK> jmarsden: It's a definite issue.
<ScottK> ball: I think there's an existing bug for that.
<ball> I suspect that I can work around it by editing a text file, but I thought I'd mention it anyway.
<jmarsden> ball: (1) TO set hw clock to UTC do:   sudo hwclock --utc --systohc   # (2) to set displayed local time to UTC, do   sudo dpkg-reconfigure tzdata  # and select None of the above and then UTC
<jmarsden> And to verify your hardware clock is in UTC, do   grep UTC /etc/adjtime  # if it shows UTC you are good.
<ball> Thanks
<jmarsden> No problem.  BTW related bugs seem to be bug 37750 and bug 51409
<ball> That worked
<uvirtbot> Launchpad bug 37750 in ubiquity "doesn't ask if BIOS time is in UTC" [Medium,Confirmed] https://launchpad.net/bugs/37750
<uvirtbot> Launchpad bug 51409 in ubiquity "Timezone selection dialog bugs" [Medium,Confirmed] https://launchpad.net/bugs/51409
<ball> brb
<jmarsden> ball: One more... so the clock UTC-ness is known during reboot, also do:    sudo perl -p -i -e s/^UTC=no/UTC=yes/ /etc/default/rcS
<jmarsden> Although I think it should be UTC by default, on a server install with no Windows partitions on the disk.
<ball> heh... that said "pies"
<jmarsden> ;)
<hads> Is UTC not the default?
<ball> Does Ubuntu Server come with an audio mixer control?
<jmarsden> hads: I think it probably was for ball, the reall issue was the displayed time not the hardware clock time.
<jmarsden> ball: alsamixer ?
<hads> Ah
<ball> Thanks, I'll try it
<jmarsden> ball: There may be a pulseaudio one too, I generally do sound stuff on desktops not servers...
<ball> jmarsden: I know, I just wanted to play the new UUPC
<jmarsden> OK.  I wondered if you were doing something neat with alarms from nagios or whatever being spoken out loud in your server room?
<ball> jmarsden: I've done that before too :-)
<ball> monologue-on-boot
<ball> scream-on-panic might be fun too
<jmarsden> Especially if hooked into the office PA system ;)
 * ball nods
<ball> the SPARCstation 5's internal speaker worked for me.
<jmarsden> Sure, though there are plenty of server rooms where you'd never hear that for all the fan noise
 * ball nods
<ball> "take-off mode"
<ball> okay... wondering whether to try Edubuntu on here.
<ball> I should learn the base OS first I suppose
<ball> Okay, I'm off.
<ball> thanks for your help people.
<jmarsden> No problem, have fun with Ubuntu!
<ball> Thanks
<espacious> can somebody help me setup samba with my active directory?
<J-_> I think it's time for me to go back to irssi
<iclebyte> is there anyway I can break out to a shell during the partitioning stage of the ubuntu-server 8.04 installer? I want to check if mkfs.ext3 is still running but ALT+F2 just changes the background colour =)
<domas> HI!
<uvirtbot> New bug: #302939 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 " [Undecided,New] https://launchpad.net/bugs/302939
<rbrunhuber> I use cron to backup a repository but it never backups more than 590m, any clues?
<Kamping_Kaiser> what repository?
<Kamping_Kaiser> and how are you backing it up?
<rbrunhuber> subversion repository.
<ball> 590 Mbytes?
<rbrunhuber> the cron line calls a bash script
<Kamping_Kaiser> rbrunhuber, add 'set -ex' to the top of your bash script (under the #! line) and see what is going wrong
 * Kamping_Kaiser -> work
<rbrunhuber> the bash script is like this: $SVNADMIN dump /var/svn/repository | gzip  > $TMPFOLDER/svnrepodump.dmp.gz
<rbrunhuber> ball: it's getting worse no it dropped to 549 MB
<rbrunhuber> Kamping_Kaiser: where is the output of the bash script with set -ex written to?
<LoveGuru> Hi, i just made new partition using "gparted" but "df -h doen't show that partition there.. i have to do something else to make it appear? or can i access that partition?
<rbrunhuber> LoveGuru: Did you add a filesystem to the partition? and did you mount it?
<LoveGuru> rbrunhuber: Sorry im New im just learning those things.
<LoveGuru> there is 5 *sda* shows in my /dev/ i dont know .. which one is the one i want.
<LoveGuru> i try to mount /dev/sda /mnt/sda but it gave me error "mount: /dev/sda already mounted or /mnt/sda/busy
<LoveGuru> */mnt/sda bzy
<LoveGuru> rbrunhuber: well ya i did add the filesystem as "ext3"
<LoveGuru> i dont know which one i have to mount.
<rbrunhuber> LoveGuru: you cannot mount /dev/sda because it is the complete hdd. try to mount one of the sdas with a number
<rbrunhuber> you can find out what /dev/sdas are already mounted by typing just "mount"
<LoveGuru> rbrunhuber: ya i got it.. /dev/sda3 thats the one partition i just made it.
<LoveGuru> rbrunhuber: how can i add that entry to df -h and make it auto mount when i reboot my system
<rbrunhuber> you have to edit /etc/fstab
<LoveGuru> rbrunhuber: what i have to add there?
<rbrunhuber> LoveGuru: where do you want to mount /dev/sda3 to?
<LoveGuru> i mount it at /mnt/sda3
<rbrunhuber> LoveGuru: so first two columns are /dev/sda3 /mnt/sda3
<rbrunhuber> LoveGuru: then third is ext3
<Deeps> you'd be better suited mounting by uuid rather than variable label
<LoveGuru> by uuid ?
<rbrunhuber> Deeps: LoveGuru he created the partition by him self so not sure if there is a uuid on it.
<Deeps> rbrunhuber: all partitions contain uuids
<Deeps> ls -l /dev/disk/by-uuid
<Deeps> gives you the uuid and what it's corresponding label is
<Deeps> and then instead of /dev/sda3, you'd use UUID=xxxx
<Deeps> where xxxx is your uuid
<LoveGuru> ls -l /dev/sda3
<LoveGuru> brw-rw---- 1 root disk 8, 3 2008-11-27 16:38 /dev/sda3
<rbrunhuber> Deeps: I'm quite sure this is not true if you did not use special commands
<Deeps> LoveGuru: ls -l /dev/disk/by-uuid
<LoveGuru> ls -l /dev/sda3/by-uuid
<LoveGuru> ls: cannot access /dev/sda3/by-uuid: Not a directory
<Deeps> LoveGuru: copy and paste: ls -l /dev/disk/by-uuid
<Deeps> do not replace of those bits
<Deeps> disk is disk, not sda3
<LoveGuru> ohh
<LoveGuru> ahh ok
<LoveGuru> i got the UUID of /sda3
<LoveGuru> lrwxrwxrwx 1 root root 10 2008-11-27 16:38 73a8827b-6cac-42d9-a918-e1d7fa657e1f -> ../../sda3
<Deeps> ok so instead of listing /dev/sda3 in your fstab, you'd use UUID=73a8827b-6cac-42d9-a918-e1d7fa657e1f
<LoveGuru> alright thanks
<Deeps> that way if the disk label changes (e.g. you add new disks and this one becomes sdb instead) your reference is still valid and your disk still mounts
<LoveGuru> thats cool
<LoveGuru> so just put "UUID=73a8827b-6cac-42d9-a918-e1d7fa657e1f /mnt/sda3 ext3" ?
<LoveGuru> thats it?
<Deeps> https://help.ubuntu.com/community/Fstab
<LoveGuru> ok
<Deeps> explains it better
<Deeps> or at least, in full
<LoveGuru> Deeps: the guide is so cool..
<LoveGuru> so after edit /etc/fstab. do i have do something else ?
<Deeps> mount <mountpoint>
<Deeps> to actually mount it
<rbrunhuber> LoveGuru: you no can check if you made everything right by unmounting the partition (make sure you are not in /mnt/sda3) and then do "mount /mnt/sda3"
<Deeps> assuming it's not mounted already
<Deeps> what rbrunhuber said
<rbrunhuber> LoveGuru: to unmount it use "umount /mnt/sda3"
<LoveGuru> gave me error when i try to umount it.
<LoveGuru>  sudo umount /mnt/sda
<LoveGuru> umount: /mnt/sda: device is busy.
<LoveGuru>         (In some cases useful info about processes that use
<LoveGuru>          the device is found by lsof(8) or fuser(1))
<LoveGuru> aamir@ab1adm:~$
<Deeps> error message is descriptive
<LoveGuru> Deeps: i didn't get it whats lsof or fuser means.
 * hads bets on being in the directory
<Deeps> hads: hehe
<rbrunhuber> LoveGuru: you have to umount /dev/sda3 <- with the number not /dev/sda
<hads> heh, well spotted
<Deeps> LoveGuru: lsof lets you see things like what processes are active in a directory
 * Deeps sees confusion between /mnt/sda, /dev/sda, /mnt/sda3 and /dev/sda3
<Deeps> which nicely brings us around to using mountpoints that aren't based on disklabels
<Deeps> and rather, using mountpoints that have a bit more meaning
<LoveGuru> Deeps well my acutal entry in fdisk -l is /dev/sda3 but i mount it at /mnt/sda not /mnt/sda3
<Deeps> i'll leave y'all to it, i've got a tmnf match to play! gl loveguru
<hads> /mnt/things_i_want_to_serve_with_my_web_server
<LoveGuru> tx Deeps :< but still confusing for me why i can't umount it :<
<rbrunhuber> LoveGuru: what is the output of pwd?
<LoveGuru> rbrunhuber: i tried that too "umount /dev/sda3 same error
<LoveGuru> rbrunhuber im not in mnt point dir
<LoveGuru> i m in /
 * hads loses
<rbrunhuber> LoveGuru: what is the output of "mount |grep /dev/sda3"
<LoveGuru>  mount |grep /dev/sda3
<LoveGuru> /dev/sda3 on /mnt/sda type ext3 (rw)
<rbrunhuber> LoveGuru: what is the output of "lsof |grep /mnt/sda"
<LoveGuru> bash      5798      aamir  cwd       DIR    8,3    4096      2 /mnt/sda
<rbrunhuber> LoveGuru: do you have another console window open where you are standing in /mnt/sda ?
 * hads wins
<LoveGuru> rbrunhuber: no
<LoveGuru> i m not
<LoveGuru> shoot
<LoveGuru> yes
<LoveGuru> i did sudo -i
<LoveGuru> so the new terminal open
<LoveGuru> ya
<LoveGuru> its fine now.
<rbrunhuber> hads: you win.
<hads> :)
<LoveGuru> rbrunhuber: sorry for that.
<rbrunhuber> LoveGuru: np
<LoveGuru> i didn't know that when i did sudo -i so the new tty comes up
<LoveGuru> rbrunhuber: well i did umount /dev/sda3 and i think it works it won't give me any error this time
<rbrunhuber> you can check by "echo $?" should be 0
<LoveGuru> yup its 0 now
<LoveGuru> do i have to do something else?
<rbrunhuber> normally linux does not talk to you if it has nothing to complain ;-).
<LoveGuru> hahaha
<LoveGuru> ya its quite Gud When we are not wrong :)
<rbrunhuber> Gud?
<LoveGuru> So now whenever i boot my linux it should be mount that mnt point it self.
<rbrunhuber> LoveGuru: yes
<LoveGuru> i wanna say its really Good though
<LoveGuru> linux doen't talk if we are not going wrong.
<LoveGuru> Well rbrunhuber im done with that?
<rbrunhuber> LoveGuru: I think so. you may give it the reboot test (IF THIS IS NOT A PRODUCTIVE MACHINE) to make sure, because I will be offline in about 10 minutes (00:40 am CET)
<LoveGuru> rbrunhuber; no its not Production.. its my home personal system.
<LoveGuru> alright give me minute. let me reboot it.
<rbrunhuber> LoveGuru: and you may to use a more descriptive label in fstab.
<LoveGuru> ah..
<rbrunhuber> LoveGuru: You may want to use a better mountpoint for the disk I wanted to say.
<rbrunhuber> LoveGuru: something like /mnt/music instead of /mnt/sd3 (provided you want to store music on the disk ;-)).
<LoveGuru> rbrunhuber: well i wanna install something with wine. and im not sure.. with wine.. i can install something in diferent location .. as long as i know about wine.. wine should install apps in /home and wine itself in /usr/bin
<LoveGuru> i dont know much about things so just take a shot with different mount point it works or not.
<LoveGuru> well rbrunhuber: still there is no entry of /dev/sda3 in df -h
<rbrunhuber> what is the output of "mount |grep /mnt/sda3"?
<rbrunhuber> LoveGuru: what is the output of "mount |grep /mnt/sda3"?
<LoveGuru> there is no output :<
<rbrunhuber> LoveGuru: sorry and the output of "mount |grep /mnt/sda"?
<LoveGuru> i tried both
<LoveGuru> no output
<rbrunhuber> so it was not mounted
<LoveGuru> so i have to mount it again ?
<rbrunhuber> LoveGuru: Can you try to ask deeps for further assistance, I have to go
<LoveGuru> ohh
<LoveGuru> nevamind.
<LoveGuru> u can go :)
<LoveGuru> well
<LoveGuru> thanks U are sucha nice helper :)
<LoveGuru> thanks for everything.
<rbrunhuber> LoveGuru: Thanks, very generous ;-)
<LoveGuru> :=)
<LoveGuru> let c.
<LoveGuru> if Deeps Comes :)
<LoveGuru> then i will talk to him and ask for help if he can ;)
<rbrunhuber> LoveGuru: bye!
<LoveGuru> tc .. byE :)
<LoveGuru> Deeps: could ya please help. if u got some time?
#ubuntu-server 2008-11-28
<Deeps> LoveGuru: what's your mount line in your fstab?
<LoveGuru> Sorry was not here.
<LoveGuru> # /dev/sda3
<LoveGuru> UUID=73a8827b-6cac-42d9-a918-e1d7fa657e1f /mnt/sda        ext3    relatime,error
<LoveGuru> s-remount-ro 0        0
<LoveGuru> thats the line i add it in /etc/fstab
<Deeps> LoveGuru: thats all on one line or split into two lines?
<LoveGuru> one line
<Deeps> and if you try to manually mount using mount /mnt/sda
<LoveGuru> it works fine manually " sudo mount /dev/sda3 /mnt/sda
<LoveGuru> no error nothing
<Deeps> thats not what i asked you to do
<Deeps> [sudo] mount /mnt/sda is different to [sudo] mount /dev/sda3 /mnt/sda
<LoveGuru> ohh i didn;t checked it. ya but its working fine
<LoveGuru> ahh sorry
<Deeps> if you can umount it and try it the way i asked
<LoveGuru> sudo mount /mnt/sda
<LoveGuru> mount: wrong fs type, bad option, bad superblock on /dev/sda3,
<LoveGuru>        missing codepage or helper program, or other error
<LoveGuru>        In some cases useful info is found in syslog - try
<LoveGuru>        dmesg | tail  or so
<Deeps> seems like you're trying to mount /dev/sda3 as ext3 when it's not ext3
<hads> Or your UUID is wrong
<Deeps> hads: see the last word on the first line of the error
<hads> heh, I do now :)
<LoveGuru> lrwxrwxrwx 1 root root 10 2008-11-27 17:33 73a8827b-6cac-42d9-a918-e1d7fa657e1f -> ../../sda3
<LoveGuru> i set the correct UUID
<Deeps> LoveGuru: your uuid is correct, hads didnt read the error message fully
<LoveGuru> ahhh
<LoveGuru> ok
<hads> sudo vol_id /dev/sda3 | grep TYPE
<LoveGuru> ID_FS_TYPE=ext3
<Deeps> looks like you need to see if there's any useful info in your syslog then
<LoveGuru> Deeps: /var/syslog ?
<Deeps> /var/log/syslog
<LoveGuru> alright
<Deeps> at a guess, i'd reckon there's a problem with your options
<Deeps> errors-remount-ro looks suspect
<Deeps> should have spotted that earlier hehe
<LoveGuru> Deeps: w0ww man u are the genious :)
<LoveGuru> yep.
<LoveGuru> thats the error i found in /var/log/syslog
<LoveGuru> do i ahve to paste that 4 lines at pastebin?
<hads> Just remove the option
<Deeps> dont bother, we know what the problem is already
<Deeps> you typod
<LoveGuru> :<
<Deeps> there should be an = sign in there
<LoveGuru> UUID=73a8827b-6cac-42d9-a918-e1d7fa657e1f /mnt/sda        ext3    relatime,error s-remount-ro 0        0
<LoveGuru> thats the line
<Deeps> error s-remount-ro should be errors=remount-ro
<Deeps> if you look at your fstab, the line relating to mountpoint /
<Deeps> cripes my fstab's a mess
<LoveGuru> so Just Remove that option line ?
<Deeps> up to you, you can either remove the option, or you can type it correctly
<LoveGuru> okie
<LoveGuru> Deeps And hads Thanx. yep now got the entry in df -h
<Deeps> super
<LoveGuru> So Nice 0f guys.. u guys are really helpfull for new *nix newbies. i appriciate all help.
<hads> Thank Deeps mostly, but nice to see that you have a good attitude :)
<LoveGuru> tx :)
<iclebyte> is there anyway I can break out to a shell during the partitioning stage of the ubuntu-server 8.04 installer? I want to check if mkfs.ext3 is still running but ALT+F2 just changes the background colour =)
<ball> What about Ctrl Alt F2 ?
<iclebyte> does the same thing
<iclebyte> i'm creating a 1TB raid 1 volume but its been sat at 33% for the last few hours..
<iclebyte> no more suggetions
<iclebyte> suggestions*
<ball> hardware RAID?
<iclebyte> no software raid
<iclebyte> a little under 4 hours is been running now
<ball> I'm not very familiar with software RAID on Linux
<ball> I've done it once or twice, but never on a boot disk
<iclebyte> well all i need to know is how to get a shell during the install
<ball> Ctrl + C?
<iclebyte> don't really wanna be hitting ctrl+C
<ball> okay.
<iclebyte> i just want to check if mkfs.ext3 is running
<iclebyte> although the disk light on the server is still going..
<ball> can you ssh in?
<iclebyte> how long should it take to format a 1tb raid volume with ext3?
 * ball shrugs
<iclebyte> no the installer doesn't start ssh by default
<iclebyte> nightmare, i guess i'll just have to leave it a few more hours..
<hads> ext3 is slow at doing stuff
<iclebyte> I read a thread that said the way the installer calculates its progress is that it waits for mkfs.ext3 to complete before moving from 33% and the fact that ALT+F1 & ALT+F2 change the colours means the system is still responsive but should it take over 4 hours?
<hads> Couldn't say as I haven't formatted a large partition with ext3 for ages. I wouldn't be surprised though.
<iclebyte> okay i'll leave it
<iclebyte> better goto work. thanks alot.
<ball> hello rgreening
<ball> hello azteech
<rgreening> hey ball
<azteech> evening, ball
<ball> hello rphillips
<ball> Anyone here tried netatalk on Ubuntu Server?
<azteech> nope, can't say I have
<ball> is there some way to uninstall a package and all of the dependencies, except those shared by other packages that remain on the system?
<azteech> ball, there is, but at moment, the exact apt-get command escapes me ... try doing a search on the Ubuntu Forums.
<ball> Are those at ubuntu.com ?
<azteech> no, ubuntuforums.org
<ball> thanks
<azteech> you are welcome
<ssd7> well, once you uninstall it using apt-get remove
<ssd7> i think apt-get autoremove will get rid of packages that were brought in by that package but aren't needed by other packages
<ball> Thanks
<ball> nfs, samba, netatalk... what other ways are there to share a filesystem?
<tonyyarusso> ball: sshfs
<tonyyarusso> ftp, http
<ball> oooh, thanks.
<Lokin> Can someone help me make a restricted user (guest?) on my server
<milestone> Lokin: still there?
<Lokin> yes
<Lokin> busy atm
<Lokin> one sec
<Koon> sommer: thx for the likewise-open SRU testing... any chance you could also test bug 222224 (part of the same SRU) and set the verification-done tag if successful ?
<uvirtbot> Launchpad bug 222224 in likewise-open "likewise-open: blows up session when joining the domain" [Undecided,Fix committed] https://launchpad.net/bugs/222224
<Lokin> milestone: done
<kraut> moin
<elTigre> hey, my locales are broken... how can I fix them??
<joerlend> I have my domain pointed to a webserver on which I have an account. Now, I have another webserver at home, and I'd like requests to the first server to be silently redirected to the other. That is, a cloak. How do I do that? People have mentioned mod_rewrite in apache, but do I use that as a normal script or is it an apache config?
<eagles0513875> hey guys i have a question about wifi and radius server
<eagles0513875> im using ubuntu server and have turned it into kubuntu using a super basic kde install of the kde-core pkg
<eagles0513875> now i have wifi working fine at home
<eagles0513875> and im able to get on the wifi at school just fine
<eagles0513875> no proxies
<eagles0513875> but when i ping google.com i get destination host unreachable
<Koon> zul: debdiff for hardy SRU posted on bug 290399, you might want to accept the nomination
<uvirtbot> Launchpad bug 290399 in redhat-cluster "After ran the command fence_tool dump, the fenced process will take 100% CPU usage" [Undecided,Fix released] https://launchpad.net/bugs/290399
<eagles0513875> koon any idea as to my issue
<Koon> eagles0513875: not really. Try a tracepath to see where it's stuck, maybe
<_ruben> there's something really fishy wrt to postfix package when combined with preseeding .. when preseeding "no configuration" option, it asks for the mailname, which is shouldnt ask .. and that very option (mailname) cant be preseeded either (it can only be 'preseeded' after postfix has been installed)
<lamont> _ruben: one has to seed the seen flag too
<_ruben> lamont: it wont let me, but i dont understand why that question even pops up?
<_ruben> why ask for mailname when no configuration is chosen? its not asked when chosing it interactively
<_ruben> and seeding the seen flag doesnt work for some reason (it doesnt know the mailname "tag" (or whatever those are called))
<lamont> mailname defaults to 'hostname --fqdn' output
<lamont> see also bug 252980
<uvirtbot> Launchpad bug 252980 in postfix "mydestinations can't be preseeded" [Undecided,Confirmed] https://launchpad.net/bugs/252980
<eagles0513875> can anyone help me with a particular issue
<_ruben> lamont: i know, but what i dont understand is how preseeding could lead to *more* questions
<_ruben> eagles0513875: you turned your server into kubuntu, ask the kubuntu ppl for help
<lamont> _ruben: because the config script specifically messes with the default values, I expect
<eagles0513875> _ruben ok but this is kinda specific network issue cuz i seem to be missing something im just wondeirng if there is a network guru in here but i guess not
<lamont> eagles0513875: paste.ubuntu.com: give us the output of netstat -rn
<eagles0513875> ok ill have to install konversation cuz im on a windows box atm
<eagles0513875> lamont this issue occurs at school which i wont be at till monday
<eagles0513875> lamont im missing something with regards to authenticating against a radius server
<eagles0513875> cuz i get an ip and all but cant ping for instance google.com or get to a website
<lamont> ah, well then, you want a radius persone
<lamont> s/e$//
<eagles0513875> is there a channel for that
<lamont> nfc
<_ruben> lamont: any ideas on why postfix/mailname isnt known to debconf prior to install postfix, but is present after? eventually, all i want is postfix to install without asking questions, its configuration will be handled by our configuration management system anyways
<lamont> _ruben: because it's defined in the postfix package debconf templates, of course.
<_ruben> lamont: which is because of its complexity? since (atleast some of) the other stuff is preseedable just fine
<lamont> that it's defined there? no, that's the architecture of debconf
<Boogieman> Hello
<Boogieman> How to get server-ubuntu network to work after install?
<lamont> _ruben: in your preseed file:
<lamont> d-i postfix/main_mailer_type string No configuration
<lamont> d-i postfix/mailname seen true
<_ruben> lamont: i'll try again just to be sure, but iirc, i tried similar thing numerous times .. it complains to not know postfix/mailname
<lamont> and does d-i pkgsel/include have postfix in the list/
<lamont> ?
<_ruben> yes
<_ruben> initiating test install .. will know results in a few mins
<_ruben> lamont: both an intrepid and hardy test install come up with the mailname question :(
<_ruben> no complaining about mailname in the syslog now though, strange
<ivoks> mailname question?
<_ruben> ivoks: postfix/mailname .. "System mail name"
<_ruben> even tho i preseeded it with seen true
<lamont> _ruben: interesting.  doesn't happen here
<_ruben> its not impossible for my setup to be flawed somehow
<ivoks> postfix postfix/mailname        string  mysuperbox
<_ruben> ivoks: that was gonna be my next test, preseeding it with a dummy value
<_ruben> will do so now
<ivoks> well, if you don't preseed it, it will ask
<_ruben> the odd thing is, is that i shouldnt even be getting that question imo, since i chose "no configuration" .. when i use debconf-set-selections and then apt-get install postfix, it wont ask me that question
<lamont> do you seed the hostname?
<lamont> (as in, not postfix)
<_ruben> lamont: no, i enter it at install time (either as boot option or interactively)
<lamont> that might be related, since postfix defaults mailname to the fqdn of the host.  dunno
 * lamont is not a d-i guy
<_ruben> lamont: i kinda doubt that that would be it, since the question does come with an (acceptable) default answer
<_ruben> im gonna try preseeding a dummy mailname
<_ruben> atleast i havent been running into the "unclean target" error for a while now .. *keeps fingers crossed*
<_ruben> preseeding a dummyhostname seemed to have done the trick .. its booting the target now
<_ruben> and it did configure postfix up to a point .. naughty :p
<lamont>  /etc/mailname always gets created if not extant.  iz policy
<lamont> "No Configuration" refers to main.cf
<_ruben> i expected to end up without main.cf, which is the case with debconf-set-selections+apt-get, but i end up with some basic one
<_ruben> either way, its progress :)
<ivoks> recommends are installed by default?
<[1]Dave> hello
<[1]Dave> somebody here
<[1]Dave> ?
<[1]Dave> can somebody help me?
<ivoks> don't ask if you can ask, just ask
<nijaba> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<nijaba> I guess [1]Dave just wanted to know if help was available but had not question yet?
<_ruben> probably
<nijaba> ivoks: yes, since Intrepid, recommends are indeed installed by default
<ivoks> nijaba: thanks
<nijaba> ivoks: http://www.ubuntu.com/getubuntu/releasenotes/810#Recommended%20packages%20installed%20by%20default
<uvirtbot> New bug: #302969 in samba (main) "Samba 3.2.3 has a memory leak that vanishes by upgrading to 3.2.5" [Undecided,Incomplete] https://launchpad.net/bugs/302969
<ivoks> vanishing bug
<ivoks> what's wrong with:
<ivoks> db_set bacula/sd_passwd "$SDPASSWD"
<ivoks> ?
<Jeeves_> Ha!
<Jeeves_> Now I know your password!
<_ruben> heh
<ivoks> Jeeves_: yeah; it's $SPADDSWD=`cat /dev/urandom`
<ivoks> i'd better stop or else i'm gonna get mad
<ivoks> doh!
<ivoks> string
<lucabecchetti> hi, sorry, mysql-server-5.1 is not in apt????
<lucabecchetti> nobody know?
<Deeps> it was only released on 14th november
<andol> lucabecchetti: No, not in the standard repositories anyway.
<Deeps> it wont be in standard repos for a while
<lucabecchetti> thanks, i need to test some features, do you know some alternative repos?
<Deeps> letmegooglethatforyou.com
<andol> lucabecchetti: Once a releases is made, the only updates it will get are serious bug fixes.
<lucabecchetti> ok
<lucabecchetti> thanks
<Xpistos> Hey, I am at my witts end and could use a little help getting VNC ed into my Ubuntu server from my windows box at work. Any takers?
<Xpistos> I have my SSH tunnel up and am running everything through secured connection, but I can't seem to connect to the server
<Xpistos> Via VNC
<Deeps> you have vnc running on your ubuntu box?
<Deeps> vncserver*
<Xpistos> Deeps: Yes. I can connect from my Intrpeid Laptop
<Deeps> are all 3 machines on the same lan? not behind any routers or anything?
<Xpistos> Deeps: The Ubunru server is on my home network and this windows machine I am on now is at work, but I am SSH ed in
<Deeps> and your intrepid laptop is where?
<Xpistos> Deeps: That is in my bag, but I can't get wireless connection from work
<Deeps> ok
<Deeps> what ssh tunnels do you have defined?
<Xpistos> Deeps: Why you say what SSh tunnels what do you mean?
<Xpistos> Deeps: I have a tunnel setup through putty
<Deeps> what do you mean by 'tunnel'?
<Xpistos> I setup up an ssh connection using Putty and have a tunnel forwarded to port 8080
<Deeps> how did you make this tunnel?
<Xpistos> in Putty it gives the option under SSH to add a port for an SSH tunel. Set it Dynamic and added the port to forward to 8080 and that is how I can connect to the internet via proxy through Firefox, Pidgin, etc
<Deeps> ok, so you've setup a dynamic ssh tunnel on port 8080
<Xpistos> yes
<Deeps> which allows applications with socks support to proxy through your remote machine
<Xpistos> correct
<Deeps> add another tunnel, local port: 5900, destination: localhost:5900, type local
<Deeps> these are called ssh tunnels
<Deeps> local, remote and dynamic, all are called ssh tunnels
<Xpistos> Add another tunnel in what, my rooter or in putty
<Deeps> in putty
<Deeps> and it's not a 'rooter', it's a router
<Deeps> creating port forwards in your router is not creating a tunnel, dont get the terms confused
<Xpistos> Okay that is open
<Deeps> now load up vnc on the same machine, and try to connect to localhost
<Xpistos> Deeps: It must be a problem with the VNC client I am using. I will try to see if I can get some help setting it up.
<slicslak> anyone recall where the system setting for the editor is kept?  just want to change crontab -e to use vi
<ropetin> slicslak: export VISUAL=/usr/bin/vim
<slicslak> ropetin, that won't change it permanetly though will it?
<ropetin> slicslak: I don't honestly know.  It worked on my box, but it never restarts
<slicslak> heh  :)
<ropetin> Current uptime is 109 days, which strangely enough is when it first turned on :D
<Deeps> slicslak: alter your .profile or the systemwide profile to EDITOR=/usr/bin/vim; export EDITOR
<slicslak> Deeps, right, i thought it was in profile but didn't realize i had to add that line
<slicslak> th
<slicslak> x
<mathiaz> zul: http://lists.mysql.com/packagers/402 -> mysql 5.1 has reached GA
<mathiaz> zul: should we get 5.1 in jaunty?
<zul> mathiaz: yeah sounds like a good idea
<zul> i think its in experimental isnt it?
<mathiaz> zul: yes - looking at it now
<zul> k
<mathiaz> zul: the build log for 5.0 show test failures in arithemtic tests
<mathiaz> zul: that's really strange
<mathiaz> zul: sum, average and other functions don't return the correct result apparently
<zul> mathiaz: so you noticed? :)
<mathiaz> zul: I have no clue where the problem could be
<zul> mathiaz: im guessing gcc
<mathiaz> zul: I'll put up the build log somewhere and ask for input
<mathiaz> zul: right - I'd also thought about that
<mathiaz> zul: may be kees has an idea about as he played with it for the PIE stuff
<zul> mathiaz: ive been checking google and bugs.mysql.com but nada
<zul> mathiaz: i dont think it has to do with the pie stuff maybe the armour stuff?
<mathiaz> zul: may be.
<mathiaz> kees: do you have any idea why mysql-dfsg-5.0 fails to build?
<mathiaz> kees: see ^^ for some information
<mathiaz> kees: I've put up the sbuild logs for amd64 and i386: http://people.ubuntu.com/~mathiaz/mysql-dfsg-5.0_5.0.67-1ubuntu1_amd64 http://people.ubuntu.com/~mathiaz/mysql-dfsg-5.0_5.0.67-1ubuntu1_i386
<mathiaz> zul: if we're moving to mysql 5.1 what would be the impact on packages linked to libmysql?
<mathiaz> zul: does this mean we'd have to go through a library transition?
<zul> some packages might break but we would have to figure out what needs to be changed
<zul> 138 packages will have to be checked looks like including qt so it wouldnt be trivial
<zul> mathiaz: im trying with -U_FORTIFY_SOURCE
<mathiaz> zul: well - 5.1 shows similar test failures
<mathiaz> zul: considering that 5.1 builds in debian, it's probably related to ubuntu toolchain
<mathiaz> zul: same for 5.0
<zul> still building with disabling fortify source here ill let you know
<zul> still the same thing
<N6REJ> can anyone help me get mail setup fora  users?
<N6REJ> i've forgotten how to add a new user to the mail system
<nicodarious> hello
<nicodarious> anyone here familiar with software RAID setup?
<nicodarious> or is anyone actually here and not roaming other rooms?
<andol> nicodarious: Yes, I've got some experience using mdadm.
<nicodarious> oh great.  that might come in handy.
<nicodarious> i have two software raid chips
<nicodarious> one is onboard nvidia raid (which i want to bypass) and the other is a VIA VT6421 chip software RAID daughterboard.
<nicodarious> i have installed dmraid but it automatically wants to see the nvidia.  it even set up the /dev/mapper/nvidia_* and won't let me do anything with the VIA chip.
<nicodarious> mdadm, i don't know about.  i was advised to go with dmraid with RAID 0 though.  do you have any input on this?  i'm way open for suggestions
<andol> nicodarious: No idea, I've only use "pure" software raid. In other words, normal disc controllers with all magic happening in the operating system.
<nicodarious> well, they are both software raid sets
<nicodarious> theres no hardware raid here, or everything would happen in the BIOS before bootup
<nicodarious> and i would already be in 4TB heaven
<nicodarious> i have worked with lvm before but i have never worked with dmraid before and i need some guidance... but the web isn't helping out much.
<nicodarious> everything seems to cover 'installing into lvm or mdadm' but nothing covers setting up dmraid on several hdds that are just for storage.
<nicodarious> i have been working with this for two days now and i haven't found a site yet that helps out.  maybe you know one by any chance?
<andol> well, still no experience using dmraid
<nicodarious> ok.  thanks though.
<nicodarious> maybe i might run across a site somewhere for dmraid
<nicodarious> anyone know about dmraid by any chance?
<mathiaz> nicodarious: why do you want to use dmraid in your setup? you should try to use software RAID only - it's easier to setup unless you want to share the raid array with windows
<jmarsden> nicodarious: Go with "pure" software RAID, it is easier, portable to a different disk controller/motherboard in an emergency, and just generally a saner approach than using "fakeraid" chips
<nicodarious> i though dmraid WAS software raid?
<nicodarious> dmraid discovers, activates, deactivates and displays properties of software RAID sets (eg, ATARAID) and contained DOS partitions.
<nicodarious> dmraid uses the Linux device-mapper to create devices with respective mappings for the ATARAID sets discovered.
#ubuntu-server 2008-11-29
<nicodarious> hello, i'm back and i have decided to just go with mdadm as andol has said that he uses.  although i do have a question...  once /dev/md0 is created, how do you destroy it?  and also, is it possible to unmount /dev/md0 and add another hard drive to it in raid0?
<jmarsden> nicodarious: https://help.ubuntu.com/community/Installation/SoftwareRAID  (and do not use RAID 0 on a server unless you do not care about your data)
<nicodarious> jmarsden, thanks.  i'm checking it out now.
<nicodarious> jmarsden, no, it's just a home server.  need lots of space without lots of partitions.  just want something big with fast access times.
<Kamping_Kaiser> why lots of partitions?
<nicodarious> hmmm.. ok, this is for a RAID installation.  not just implementing a raid drive.
<nicodarious> i already have the OS installed on a 10K RPM drive.  i think it's plenty fast enough without raid.
<nicodarious> Kamping_Kaiser, i have several hard drives to make up my 4TB home server
<nicodarious> but none of them are bigger than 750GB, and most are only 500GB.  i am trying to get raid0 implemented instead of lvm2
<Kamping_Kaiser> nicodarious, perhaps lvm over raid 5 (although you will lose space using raid 5/6)
<Kamping_Kaiser> heh. ok
<nicodarious> i bought a card with the merchant telling me 'it's REAL hardware RAID!'  yeah,  i'm about to go back and bust him one.
<hads> RAID5 is growable these days too
<nicodarious> hmm... question on raid 5.....
<Kamping_Kaiser> hads, problem would be his different sized drives ;/
<nicodarious> ahh, so they all have to be the same size?
<hads> Yeah for sure, just mentioning that you can grow RAID5 now without LVM
<nicodarious> that sucks
<nicodarious> i really want REAL hardware raid so i can set it up outside the OS and it be completely translucent to 8.10, but it seems no one in Germany knows what real HW RAID card is.
<hads> Software RAID is pretty neat.
<jmarsden> nicodarious: Do you have a real hardware raid controller?
<nicodarious> only a VT6421 PCI controller with 2 500GB drives on it.  then the nvidia JBOD RAID controller on the mobo.
<nicodarious> but both are software types
<nicodarious> nothing hardware wise
<jmarsden> OK.  You can't do real hardware RAID without a real hardwre RAID controller.  Just can't be done.
<nicodarious> that's where i was thinking dmraid, but i couldn't find anything to help me set up dmraid.  so i went with mdadm to set up /dev/dm0 first
<jmarsden> OK.  You can do that, but I don't think you can expand a RAID0 array later adding extar drives without losing all the data on it.
<nicodarious> yeah.  i know.  that's where i am pissed.  the guy who sold me the VR6421 said it was real HW RAID controller
<nicodarious> ok, so i'm down to software raid, but i have to do something with it.  it's got to be better than it was back in the day 10 years ago.
<jmarsden> It is, because your CPU is faster than it was 10 years ago.
<nicodarious> you know of any sites that show step-wise how to set up a dmraid?
<nicodarious> at two duallie CPUs running at 3.2 GHz?  better be!  rofl!
<jmarsden> https://help.ubuntu.com/community/FakeRaidHowto
<Kamping_Kaiser> hw raid> software raid for a lot of things, no matter how fast the cpu
<jmarsden> google is your friend... google for   dmraid tutorial   and go from there...
<jmarsden> Kamping_Kaiser: True if you have the hardware, irrelevant if you don't
<Kamping_Kaiser> jmarsden, always relevant, just not always helpful.
<nicodarious> hmm.. that website i have looked at a lot.  google has been my site of choice for the past 8 hours of working on this.  but most of it pertains to INSTLLING onto /dev/mapper/* not just setting up one and using the VIA instead of the nvidia controller.
<Lokin> How do I boot the last person to SSH to my server?
<L1NUX_14SIDE> hello
<L1NUX_14SIDE> I have a bit of a problem setting up ubuntu server
<L1NUX_14SIDE> I cannot ping the server for some reason
<JDStone> is there like a list of some of the apps that don't work on 64-bit?
<L1NUX_14SIDE> JDStone try googling it
<JDStone> good idea, thanks
<JDStone> i should have thought of that
<JDStone> duh, lol
<L1NUX_14SIDE> I set the ip on the server to 192.168.1.5 and the client I was testing the connection with to 192.168.1.7
<JDStone> L1NUX_14SIDE: what's the problem?
<JDStone> for a server, should I go 64-bit or 32-bit?
<L1NUX_14SIDE> well what's your proccessor
<L1NUX_14SIDE> amd
<JDStone> yes
<JDStone> amd
<L1NUX_14SIDE> well, for the 64 bit system
<L1NUX_14SIDE> you can utilize more ram I believe
<JDStone> system only has 1GB
<JDStone> it probably won't ever need anymore than 3GB
<L1NUX_14SIDE> hmm.. I'm not really sure about the benefits of running 64 bit
<JDStone> maybe even 2
<JDStone> yeah, i know...
<L1NUX_14SIDE> I suggest hitting up google for some answers
<JDStone> yep, thansk
<JDStone> *thanks
<JDStone> actually, I just found something...
<L1NUX_14SIDE> sure
<L1NUX_14SIDE> if you have some answers most questions can be found in a google search
<L1NUX_14SIDE> I've already tried to look for answers to my problem with my system
<L1NUX_14SIDE> but, alas I had to get some human help
<L1NUX_14SIDE> hoopss....
<L1NUX_14SIDE> reverse what I wrote
<JDStone> hmm, this says I should go 64bit, but I still think I'm going to go 32bit
<JDStone> https://help.ubuntu.com/community/32bit_and_64bit
<L1NUX_14SIDE> I wish I had a 64bit system
<L1NUX_14SIDE> I could really use the extra speed for running simulations on blender
<JDStone> why don't you have one, they're pretty cheap
<L1NUX_14SIDE> yeah, but besides running blender I don't really have a need for one
<L1NUX_14SIDE> I got a pretty decent P4 workstation running at 2.9Ghz
<L1NUX_14SIDE> that was given to me ;)
<Lokin> Anyone here any good with Unix command line?
<Lokin> ....
<JDStone> Lokin: what's up?
<NineTeen67Comet> Hi all, I'm looking to see if there is a minimal Ubuntu Server install cd .. like a business card (80'ish MB) iso instead of the larger install cd?
<NineTeen67Comet> OI'
<NineTeen67Comet> Most of my servers are Ubuntu (8.04) with a couple Debian boxes but I would like to isntall with the smallest media possible and the biz card sized cds are perfect.
<ball> Hmm... now I have Ubuntu Server installed, I'm not sure what to do with it.
<lukehasnoname> yo guys
<ball> hello
<ball> Anyone here used swat?
<lukehasnoname> I thought about asking a question but I want to ask google first
<ball> With Ubuntu Server, is it difficult to configure the machine to be a DHCP server on *only* one of its attached networks?
<LMJ> it's not hard ball; you specify which interface should listen the DHCP server
<LMJ> Got a nasty error with my 2 md devices :  EXT2-fs warning (device md0): ext2_fill_super: mounting ext3 filesystem as ext2       I've fsck'ed them several time but it still not good. What can I do please ?
<ball> LMJ :reformat your partition and restore from your most recent backup tape?
<ball> oh wait, is md a memory disk?
<ball> (ramdrive)?
<LMJ> no, it's software raid
<ball> Ah okay.
<Sludge321> Hi everyone, I was wondering if anyone had time to discuss with me setting up an MTA on my web server - for sending mail only (not receiving, not relaying/forwarding - no MX records)? I've taken a quick look/search for postfix and exim and all the guides relate to configuring both sending and receiving.
<jmarsden> Sludge321: ssmtp  may be what you want
<Sludge321> jmarsden: I'm currently using ssmtp to relay to my other hosting providers smtp server, but I will be cancelling that next month - so am looking for the web server to be able to send directly.
<jmarsden> Sludge321: OK, then just configure postfix to only listen on the loopback interface, or even hack /etc/postfix/master.cf to not even run the listeners.  Should be doable, if slightly strange.  How will you *receive* email?
<Lokin_> So I want to limit the amount of SSH connectinos I can have on My server. I want only 5 people to be able to connect at one time (for now), How should I do this????
<Sludge321> jmarsden: I host a few domains, i receive email at one of them (configured with google apps) - but dont want email to be sent through this (as it stores email in the sent items - and some of the emails aren't my business - they are friend's websites).
<Lokin_> Anyone....?
<jmarsden> Lokin_: I think you could run sshd from xinetd and configure that to limit how many to have at once, but that's pretty ugly.  It seems a odd restriction to want.
<Lokin_> I'll explain. It's a piece of crap salvaged some computers from the 90's (early 90's) and made it into one little crap server. Internet isn't exactly server ready either.
<Lokin_> make more sense?
<jmarsden> OK, but why 5?  Maybe 4 of them are idle... is the issue system load, or network traffic, or what?  Then limit based on the actual resource limit not on a arbirtary number of sessions, I'd think?
<Lokin_> jmarsden: so forget that. How can I boot the Latest user via command line?
<Lokin_> erg that's even harder
<Lokin_> http://pastebin.com/d5cee30a5
<Lokin_> this was my only Idea but It failed
<jmarsden> Sludge321: to get you started:    apt-get install postfix && cp -p /usr/share/postfix/main.cf.debian /etc/postfix/main.cf && echo inet_interfaces lo >>/etc/postfix/main.cf
<jmarsden> Lokin_: I can't figure out what you are attempting there... w shows all users not just SSH sessions, ...
<Lokin_> ya but there's no physical or at least I won't be doing much physical.
<jmarsden> You could consider a few lines of shell script in .profile that log out a user if there are "too many", or if load average is too high, or whatever
<Lokin_> ya but how do I log Someone out?
<jmarsden> ? If the code is running in their .profile, you just exit 0 :-)
<jmarsden> Exit their login shell.
<Lokin_> ... I don't follow? If the code is running in their .profile......
<jmarsden> Are you the sysadmin of this server??  If you get every session to execute, say:   [ `users |wc -l` -ge 5 ] && exit 0
<jmarsden> at login time, then if there are too many people the session will auto-logout...
<Lokin_> k
<Lokin_> don;t make me restrict top
<jmarsden> So stick that in /etc/profile and ... bingo?  Yes?  Of course this will also lock *you* out under load...
<Lokin_> don't*
<Lokin_> k.....
<Lokin_> So do I need to add it to there silly little template or just cut copy...
<jmarsden> Depends if you want the existing stuff in that file to work.  You could put it in a new file under /etc/profile.d/ too... how you manage your server is your choice if you are the sysadmin :-)
<Lokin_> Lol. I am. I'm just no admin was bored on a rainy Wednesday so I decided to make a server... yay. but I know very little Linux.
<jmarsden> Then do not run a shell server... it will be exploited.
<Lokin_> ?
<Lokin_> as in how mine is now?
<Lokin_> just Ubuntu 8.10 server?
<jmarsden> Users will find ways to become root, or use it to attack others, or whatever.  DOn't give random people shell access to a server if you are not 100% sure you know enough to secure it well.
<Lokin_> k
<jmarsden> Use it to learn.  Use it as a little web server, maybe.  But not shell access, that's (in my opinion) asking for trouble.
<Lokin_> K
<Lokin_> would It be bad to set it up as a personal FTP server where I can just store files when I need them wherever I am?
<jmarsden> No, for you it's fine.  I'd say use SSH and scp/SFTP rather than FTP, for security reasons, but that's fine.
<Lokin_> ?
<Lokin_> how do I download an app or file via SSH
<Lokin_> where is top located?
<Lokin_> I want to restrict it
<jmarsden> Lokin_: Try    man scp     and also     man sftp     for copying files around over SSH.  Try     which top    to see where top is.
<Lokin_> k
<jmarsden> Lokin_: You might want to go through  http://tldp.org/LDP/intro-linux/html/intro-linux.html for a general intro to Linux?
<Lokin_> ya I'm on chapter 4
<jmarsden> :-) OK.  Well, I'm going to get some sleep... goodnight.
<Lokin_> Night
<Lokin_> What time zone?
<jmarsden> Pacific.  1AM here.
<Lokin_> same
<Lokin_> cali!
<Lokin_> night
<Lokin_> jmarsden: Still there? Can't get this working
<Moshe234> there's about 200 ppl in here but no one talking
<Moshe234> ok then maybe it's my system, i'll go and check it out
<T-Hawk> hey... got a bit of a problem here. i've removed the old kernel version from my ubuntu-server, but for some reason linux-ubuntu-modules didn't purge. Now when i try to purge linux-ubuntu-modules it comlains that initrd.img doesn't exists (which isn't that odd) is there any way to remove linux-ubuntu-modules?
<mib_wejucg> hi everybody
<mib_wejucg> I've just ugraded from hh to ii
<mib_wejucg> and now I've no Internet - no ping, no dns, nothing
<ivoks> what did you do?
<mib_wejucg> do-release-upgrade
<ivoks> and rebooted?
<mib_wejucg> there was a few config files to merge, nothing related to net
<mib_wejucg> yes, twice
<ivoks> so, you have access to machine
<ivoks> ?
<mib_wejucg> yes I have
<mib_wejucg> just in front of me
<ivoks> ifconfig doesn't show any ip address?
<mib_wejucg> no, everything is fine with ifconfig
<ivoks> do you have multiple ethernet interfaces on that computer?
<mib_wejucg> I mean, /etc/init.d/networking restart gives no error
<mib_wejucg> yes, eth0 that is connected to the net, and eth1 to the local network
<ivoks> and both aren't working?
<mib_wejucg> I'm currently using direct connexion to my ISP modem with a laptop
<mib_wejucg> no, only eth0
<mib_wejucg> I can ssh from any computer to this router
<ivoks> but you can't get out?
<mib_wejucg> yes
<mib_wejucg> it seems there's a firewall
<mib_wejucg> yet I have stopped firehol
<mib_wejucg> and ufw
<ivoks> iptables is the only right way to check if firewall rules are set
<ivoks> iptables -L
<mib_wejucg> there's a lot of lines
<mib_wejucg> what is the command to remove all iptables rules ?
<ivoks> stoping 'firewalls' like firehol and other not-real-firewalls usually means that you are stoping the service
<ivoks> but rules are preserved
<mib_wejucg> I'll try to flush the rules
<ivoks> be careful
<ivoks> if your default policy is DROP
<mib_wejucg> yet, before the upgrading, firehol was already allowing all traffic from this router
<ivoks> you'll kick your self out of the machine
<ivoks> so, that's a router?
<ivoks> can you access outside network, like google, from it?
<mib_wejucg> yes, but it's a personnal router, so it does not matter...
<mib_wejucg> no
<ivoks> ok
<ivoks> /sbin/iptables -P INPUT ACCEPT
<ivoks> /sbin/iptables -P OUTPUT ACCEPT
<ivoks> /sbin/iptables -P FORWARD ACCEPT
<mib_wejucg> i can't even ping my dns servers
<ivoks> then flush them:
<ivoks> /sbin/iptables -F INPUT
<ivoks> /sbin/iptables -F OUTPUT
<ivoks> /sbin/iptables -F FORWARD
<ivoks> and delete all user defined chains:
<ivoks> /sbin/iptables -X
<mib_wejucg> ok thank you, now I will have to disconnect my laptop to try the internet connexion on my router
<mib_wejucg> so I'll disconnect
<mib_wejucg> see you
<charlax> ok ivoks, thanks for your help, but it didn't change anything
<ivoks> why did you diconnect?
<ivoks> you said you could connect to your router from local machine, right?
<charlax> I have one internet connection, with one modem. I'm currently using directly this ISP-provided modem, with my laptop
<charlax> I have a physical access to my router
<charlax> my laptop is directly plugged to the modem
<charlax> so I unplugged it to plug my router to the modem
<ivoks> ok
<ivoks> eth0 has an IP?
<charlax> yes
<charlax> ifconfig is correct, I mean, it is the right configuration
<ivoks> what kind of connection is that?
<ivoks> plain ethernet?
<charlax> DHCP
<charlax> yes
<ivoks> so, server gets an ip from router
<charlax> yes
<charlax> my modem works as a router, it is a freebox modem provided by my ISP
<ivoks> that means that network is working
<charlax> but I'm using a server as a router, let's call it www it will be easier
<ivoks> you can't modem from server?
<ivoks> you can't ping modem from server?
<ivoks> :)
<charlax> I'm sorry I'm French - as you may have recognised, so it's not quite easy
<ivoks> bien
<ivoks> :)
<charlax> let' try...
<charlax> tu parles un petit peu franÃ§ais ?
<ivoks> oui, mes petit peu
<charlax> ok I'll disconnect to ping the modem
<charlax> :-)
<charlax2> ok, I can't even ping the modem
<ivoks> that's strange, cause it recieved an ip from modem
<charlax2> yet from my laptop I can
<charlax2> there seems to be a complete firewall...
<ivoks> what network card is on server?
<charlax2> eepro 100
<charlax2> and brodcom netxtreme gigabit
<ivoks> that should work
<charlax2> let me check which is eth0
<charlax2> is it useful ?
<ivoks> both should work
<charlax2> yes, because it was working before upgrade...
<ivoks> i'd bet on firewall
<ivoks> did you flush it?
<charlax2> yes
<charlax2> when I do "iptables -L"
<charlax2> I get
<charlax2> Chain INPUT policy accept
<ivoks> ok
<charlax2> target...
<charlax2> Chain FORWARD policy accept
<charlax2> so I think it's ok
<ivoks> run dmesg | grep eth0
<ivoks> and check if something is wrong there
<ivoks> try disconnecting the cable
<ivoks> and run that command again
<ivoks> then connect it back again
<charlax2> sorry, Internet is eth1, local eth0
<charlax2> everything seems to be fine
<charlax2> I'll disconnect to try
<charlax2> everything is ok
<charlax2> I get a "link up"
<charlax2> but no ping...
<charlax2> :-
<charlax2> that's strange
<ivoks> if it's not secret, what's your ouside IP?
<ivoks> outside
<ivoks> i would scan it
<ivoks> hm
<ivoks> but i guess that's wouldn't show anything
<ivoks> since modem does the routing
<charlax2> yes
<charlax2> I don't think it will show anything
<charlax2> everything is routed
<charlax2> you will just scan the modem
<ivoks> right
<ivoks> you could try setting up static ip on server and laptop
<ivoks> and then connect them
<ivoks> and see if that works
<ivoks> that way you would eliminate router as a problem
<charlax2> I don't understand
<charlax2> server has the right address, laptop also
<ivoks> but you can't access server from laptop
<ivoks> cause server is disconnected
<charlax2> yes, on my laptop I've got only one ethernet port
<ivoks> what's the ip server gets?
<ivoks> is it from the same subnet as local network?
<charlax2> the right ip, I mean, I have a fixed IP and it is the right one
<charlax2> no
<ivoks> hm
<ivoks> i'm affraid i can't point at the problem
<charlax2> ok
<charlax2> that's very strange, isn't it ?
<ivoks> yes
<ivoks> there's somewhere user error, i'm sure
<charlax2> do you think it could come from the kernel ?
<charlax2> yes, that would be more probable
<ivoks> i have lots of servers with broadcom and intel and had non problems
<charlax2> ok
<charlax2> thanks for your help !
<charlax2> I'll try something else
<ivoks> np, too bad we didn't solve anything
<charlax2> while upgrading, I was modifying the configuration of firehol, dansguardian, squid
<charlax2> It could come from this
<ivoks> try this
<charlax2> I'll try reinstalling firehol
<ivoks> chmod -x /etc/init.d/firehol
<ivoks> and then reboot
<ivoks> firehol is a service, right?
<charlax2> yes it is
<ivoks> right, disable it and reboot
<charlax2> ok
<charlax2> I'll disconnect
<charlax> now I can ping my modem !
<charlax> but I can't ping anything else
<ivoks> nice
<ivoks> well, modem is a begining :)
<charlax> yes but it is on the subnet of eth1
<ivoks> i know, but that didn't work before, right?
<ivoks> so, after all, it was firewall issue
<charlax> yes, but I can't ping anything else
<charlax> I've done "route"
<ivoks> connect to server and try running
<charlax> there is only two routes
<ivoks> nslookup www.google.com
<ivoks> only two routes?
<charlax> yes
<charlax> I have no access to dns
<charlax> it times out every time
<ivoks> which routes?
<charlax> one per subnet
<ivoks> you should have a lot more than 2
<ivoks> i have three per one device
<charlax> I did "route"
<charlax> you're right
<ivoks> you did 'route'? your modem should forward routes to your machine
<ivoks> you shouldn't do that by hand
<charlax> the command route gave me a table with two lines
<ivoks> ah
<ivoks> could you write those two lines?
<charlax> Yes
<ivoks> just first three and last column
<charlax> modem subnet ending by 0 - * - 255.255.255.0 - ... - eth1
<charlax> 192.168.0.0 - * - 255.255.255.0 - ... - eth0
<ivoks> *?
<charlax> that's it, yes
<ivoks> no 0.0.0.0?
<charlax> no
<ivoks> it should be:
<ivoks> x.x.x.0 0.0.0.0 255.255.255.0 ............ eth1
<charlax> I don't have such line
<ivoks> 192.168.0.0 0.0.0.0 255.255.255.0 ............ eth0
<ivoks> +
<ivoks> 0.0.0.0 [modem_IP] ........ eth1
<ivoks> run this on your server:
<ivoks> route add default gw <ip of modem>
<charlax> ok, I'll disconnect now
<charlax> I've disconnected too quickly
<charlax> could you retype the command please ?
<ivoks> route add default gw <ip of modem>
<charlax> thank !
<charlax> wonderful job !
<charlax> it is working !
<ivoks> of course it is
<ivoks> so...
<charlax> so no route are initialized
<ivoks> and why is that?
<ivoks> past your /etc/network/interfaces somewhere
<ivoks> masq non-private ips
<ivoks> paste.ubuntu.com
<ivoks> and copy paste the link here
<charlax> http://paste.ubuntu.com/78039/
<ivoks> eth1 is dhcp and dhcp doesn't provide default gateway?
<ivoks> remove last line from eth0
<ivoks> 'gateway 192.168.0.1'
<ivoks> and fix broadcast
<ivoks> it can't be 192?168.0.255
<charlax> sorry I mistyped broadcast, it is right in the file
<ivoks> ok
<ivoks> your modem is broken if it doesn't send 'gateway' to a client
<ivoks> but, since your laptop works...
<charlax> yes...
<charlax> how do I verify that my modem is sending the gateway ?
<charlax> with ifconfig ?
<ivoks> no
<ivoks> syslog?
<ivoks> anyway, i have to go now
<charlax> ok
<charlax> thank you very much ivoks
<ivoks> np
<ivoks> check if you aren't touching network with some other services or tools
<ivoks> and remove all wanabe-firewalls
<ivoks> stick with iptables and ufw
<charlax> ok
<ivoks> bye
<LMJ> Got a nasty error with my 2 md devices :  EXT2-fs warning (device md0): ext2_fill_super: mounting ext3 filesystem as ext2       I've fsck'ed them several time but it still not good. What can I do please ?
<stas> hi guys
<stas> can sombody help me format a hdd using ufs on ubuntu?
<andol> stas: If I'm not totaly misstaking, Linux can read but not write ufs.
<stas> andol: I found ufsutils and libbsd0 on launchpad
<stas> but those will be included only in jaunty release
<stas> so far those are totally broken
<stas> I mean, mkfs.ufs /dev/xxx doesn't understand linux device naming
<andol> stas: Ok
<stas> so it can't find the device at all
<stas> sad... :(
<ewook> w
<Ahmuck> if i move a raided drive set from one server to another will i have to completely re-install the system?
#ubuntu-server 2008-11-30
<LMJ> hi
<LMJ> Got a nasty error with my 2 md devices :  EXT2-fs warning (device md0): ext2_fill_super: mounting ext3 filesystem as ext2       I've fsck'ed them several time but it still not good. What can I do please ?
<L1NUX_1NS1DE> hello
<L1NUX_1NS1DE> I need some help to figure out why I am not able to ping my server
<L1NUX_1NS1DE> I've been trying to figure it out but I'm just out of ideas
<L1NUX_1NS1DE> I have a server at 192.168.1.5 and a client computer running with a static ip at 192.168.1.9
<L1NUX_1NS1DE> when I ping the server from the client I get
<L1NUX_1NS1DE> From 192.168.1.9 icmp_seq=3 Destination Host Unreachable
<L1NUX_1NS1DE> any ideas ??
<ball> Is there an Ubuntu Server mailing list?
<jmarsden> ball: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
<ball> jmarsden: thanks
<jmarsden> ball: No problem.  BTW Goolge for  ubuntu server mailing list   will find that for you :-)
<uvirtbot> New bug: #303612 in php5 (main) "English description of php5 packages wrong" [Undecided,New] https://launchpad.net/bugs/303612
<drdebian> anybody got any recommendations for setting up vmware server 2 on hardy server? how to handle kernel updates with minimal downtime?
<ropetin> drdebian: monitor the changelog and only install a new kernel if it specifically affects you?
<ropetin> It's about the best answer I got for ya!
<drdebian> thanks... I was hoping somebody figured out how to use dkms or something to make it a more automatic procedure...
<vertx> Hi, can anyone help me? I have this ubuntu server acting as an internet gateway, which has 2 NICs. I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf, yet packets just doesn't want to be forwarded between the 2 NICs. Any suggestions?
<ivoks> if they are on different subnets, you have to masquarede the traffic
<Deeps> or just route it...
<ivoks> right
<ivoks> depends on subnets
<vertx> ivoks: ah, I see, they are on different subnets. So this masquerade should be use inside an iptables rules?
<Deeps> you're better off routing it if you can, NAT is generally best avoided if possible
<ivoks> if both subnets are private, you should just route packages
<ivoks> if one subnet is public, you have to masquerade
<vertx> Both subnets are private. How should I go about it? Add route command in rc.local or ...?
<ivoks> route add -net 192.168.0.0/24 dev eth0
<ivoks> route add -net 192.168.1.0/24 dev eth1
<ivoks> put your own subnets and devices here :)
<Deeps> of course, the clients need to know to route those subnets via your gateway machine
<Deeps> if the gateway machine is already the default route for your clients then you've got np
<vertx> ivoks: Thanks, that would be just what I need. But if I want to make the routing permanent on the gateway, should I put it in rc.local or what? An for the clients, how do I do that?
<Deeps> if it's not, then you either need to add the route manually on each client, have the dhcp server push it to the clients, or have the default router on each subnet know about it
<ivoks> i think best way would be in /etc/network/interfaces
<ivoks> post-up command
<ivoks> but, if your router already has addresses on eth0 and eth1
<ivoks> then it also has routes
<ivoks> so, everything should work :)
<ivoks> check routes with route -n
<vertx> Thank you ivoks and Deeps for your help. I'll try your suggestions. Hopefully I can ask more questions, if I encounter more problems later on :)
<ivoks> np
<vertx> Got to go now. Toodle-doo :)
<jamesrfla> Is the firewall enabled by default when you do a clean install of Ubuntu server edition?
<uvirtbot> New bug: #302884 in samba (main) "New Samba.cfg" [Undecided,New] https://launchpad.net/bugs/302884
<mcas> hi
<sommer> yo
<alterlaszlo> hi, how do i install a xen enabled kernel in u8.10?
<alterlaszlo> i cannot find a a xen kernel in the packages...
 * alterlaszlo discovered the existance of 'vmbuilder'
<ball> hello albertico
<albertico> hello ball
<lionel> alterlaszlo: there is no more Xen Dom0 kernel in 8.10
<lionel> alterlaszlo: you can use the -virtual as a domU kernel
<alterlaszlo> lionel: thx
<alterlaszlo> lionel: so if i create a xen machine with xen-create-image i can run it without any special kernel?
<lionel> you *need* a dum0 kernel on the dom0 (so not a 8.10, 8.04.1 run just fine for that)
<lionel> by default, xen-create-image use the current kernel on the machine where you launch the command
<alterlaszlo> lionel: thx again. in sysnthesis if i want to build a set of servers on 1 ubuntu machine it's better if i install 8.04
<alterlaszlo> ?
<lionel> as a dom0 yes
<lionel> as a domU, you can use 8.04 or 8.10, nevermind
<alterlaszlo> and what about vmbuilder?
<uvirtbot> New bug: #276715 in samba "cannot configure Samba with KDE Control Module" [Undecided,Triaged] https://launchpad.net/bugs/276715
<lionel> vmbuilder can build the domU right. But I never tried it on xen myself
<lionel> xen-create-image on my 8.04 box works just fine for me
<lionel> (and I tend to use LTS on my servers)
<alterlaszlo> lionel: great help. You made my mind clearer... i'll follow you on installing LTS...
<lionel> alterlaszlo: no problem :)
#ubuntu-server 2009-11-23
<andol> GammalSokk: Well, in that case I'd say you'd also have to modify your new /etc/init.d/samba to call smbd and nmbd using the -s flag. That's probably just one of many defaults you now have to be explicit about.
<GammalSokk> ye, guess I'm gonna try getting it done tomorrow tho, getting late now, and I can't find any usefull about it when I search the forum or on google...
<GammalSokk> oh and nmbd doesn't restart properly when I issue '/etc/init.d/samba restart' it seems, heh, I blame me being tired
<andol> GammalSokk: That's a normal problem :)
<GammalSokk> ah, ok
<andol> GammalSokk: That is, things going wrong due to the system administrator being tired :)
<GammalSokk> I guess I can just blame my boss for demanding this to be done in a too small time frame :P Buuut then again he's paying my overtime so...
<andol> GammalSokk: Well, if nothing else the smb.conf man page is really good.
<GammalSokk> gives me something to do at work tomorrow I guess :)
<GammalSokk> ty for help so far, gotta try and sleep 4 hours before going back to work :P
<andol> yeah, sleep is probably something I should look into myself :)
<crohakon> How do I setup SSL?
<crohakon> (Error code: sec_error_untrusted_issuer) <--- I am getting this error when trying to access a https website on my server
<billybigrigger> don't have proper certs setup?
<billybigrigger> check the server guide
<crohakon> billybigrigger, good idea
<crohakon> =)
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/certificates-and-security.html
<crohakon> okat, the issue seems to be that the cert is self signed
<crohakon> Okay*
<crohakon> So... wtf? I am not going to pay to have it authorized.
<crohakon> This is for a development server in my basement.
<crohakon> oh, i'm an idiot
<crohakon> never mind, I missed the "make an exception" part =)
<billybigrigger> :P
<billybigrigger> anyone here familiar with ssh tunneling?
<billybigrigger> i'm trying to setup a tunnel between my friends computer, and my server...
<billybigrigger> so that we can both use my usenet account at the same time
<billybigrigger> from the same IP address
<billybigrigger> i've created an account on my server, and i can ssh into my box, from his...with this command ssh -p 2222 68.146.139.247 -L 2222:news.astraweb.com:119
<billybigrigger> that connects fine, and then after i launch pan on his pc, via vnc, i try to connect to localhost:2222
<billybigrigger> this should redirect him to news.astraweb.com:119 correct?
<billybigrigger> or am i missing something here?
<billybigrigger> 2222 is the port i have sshd running on my server
<billybigrigger> or do i need to specify a different port to tunnel through? ie......
<billybigrigger> ssh -p 2222 68.146.139.247 -L 3333:news.astraweb.com:119
<billybigrigger> and have him connect through pan via localhost:3333
<epinky> ?
<billybigrigger> hmm
<billybigrigger> i guess we're both downloading now at the same time...everything seems to be ok i guess
<billybigrigger> this tunnel is pretty effin slow i might add haha, maybe this isn't the best way to go about this
<billybigrigger> i guess this tunnel would be capped at my upstream wouldn't it?
<jmarsden> billybigrigger: Yes.
<billybigrigger> since i'm technically sending it to him
<billybigrigger> hmmm
<jmarsden> Might be better to have him use X forwarding, so he sshes into your server and then runs pan on that server, with its display forwarded over ssh back to his local workstation>  That assumes he has X on his local workstation...
<billybigrigger> either way that data he downloads with still be capped via my upstream
<billybigrigger> s/with/will
<jmarsden> billybigrigger: No, using X forwarding the data between your server and him is just video and keystrokes/mouse movement.  The news stays on your server machine.
<billybigrigger> my server is a VM :)
<billybigrigger> my upstream is 120kb/s max :P
<billybigrigger> maybe i should look into renting a host for this :)
<jmarsden> Then why are you offering to share it with friends?? :)
<billybigrigger> yeah, having my upstream being the bottleneck totally slipped my mind
<jmarsden> 120kb/sec is slow... you have a connection using 2 56k dialup modems bonded together??
<billybigrigger> no thats my cable modem
<billybigrigger> 2.5MB/s down 120KB/s up :)
<jmarsden> Ah, OK.
<billybigrigger> he has the same ISP
<jmarsden> I'm spoiled here -- Verizon FIOS, so 10Mbps down / 2Mbps up :)
<billybigrigger> even using my server as a proxy would not help us out in this situation would it
<billybigrigger> ya canadian ISP's suck for upstream, they all suck
<jmarsden> billybigrigger: Not that much -- I'm not sure whether remote X over 120kbps would be better or worse than the news feed going over that 120kbps link...
<billybigrigger> in either option, the ssh tunnel, or setting up the proxy server, he will still be capped at my upstream
<billybigrigger> so either tell him to buy his own usenet account or split the cost of a co-located server....
<billybigrigger> $11/month for the usenet account seems to be the best option :) haha mind you i wouldn't mind having a server setup with a decent connection
<jmarsden> $20/mo for a small slice on Linode might work -- $10each if you share it... ?
<billybigrigger> linode, never heard of it
<jmarsden> http://www.linode.com  -- well reputed place for getting Linux virtual servers
<billybigrigger> checking it out now
<billybigrigger> doesn't say what kind of link the servers are on though...unless im missing something
<zroysch1> how can I get the output of dmesg with timestamps so I know when these things happened
<jmarsden> Several Mbits/sec per VM, I'm sure -- they are at huge data centers buying bandwidth in bulk... you can ask them if you want a clear answer
<jmarsden> zroysch1: The number in [] on the left of dmesg output is the number of seconds since server startup... doesn't that tell you when things happened?
<zroysch1> jmarsden: yea i'm not trying to sit here and calculate for every event.
<jmarsden> zroysch1: You could write a trivial script to accept a time (the server boot time) as a parameter and dmesg output as input and display the times any way you want... probably a two or 3 line Perl script would do it.
<zroysch1> yea i wouldnt know where to start
<jmarsden> You are a server admin and have no scripting skills?  Time to learn, maybe ?
<epinky> server admin, what is that?
<zroysch1> uh yea i have a computer sitting next to me running ubuntu server
<zroysch1> i guess that makes me a server admin
<jmarsden> If you prefer, get the dmesg output into a spreadsheet and set that up to do the time conversions, maybe?  Use whatever tools you *do* know.
<zroysch1> jmarsden: dmesg -h would be ideal.
<billybigrigger> jmarsden, can i still use ssl through an ssh tunnel?
<jmarsden> zroysch1: There is no -h option to dmesg.  You mean like du -h, where "h" means "human-reladable format"?  Sure.
<jmarsden> billybigrigger: Yes.
<zroysch1> correct.
<billybigrigger> linode is by far the best VPS option i can find
<jmarsden> zroysch1: Try this Perl oneliner: while (<STDIN>) { /^\[([0-9]+)(.*)$/ ; print "[" . localtime($ARGV[0] + $1) . $2 . "\n"; }
<zroysch1> jmarsden: thanks, but how would i implement that
<zroysch1> and why is my /var/log/messages filled with only -- MARK --
<zroysch1> sorry i cannot google that
<jmarsden> Stick it into a file that starts with #!/usr/bin/perl on one line and the perl I gave you on another line.  Let's say the file is called display-time.pl  Then do   dmesg |perl display-time.pl 1234567890
<zroysch1> ok thanks will try
<jmarsden> Where 1234567890 is the time offset when you booted your serer
<jmarsden> /var/log/messages is filled with only -- MARK -- if you have a server that is doing nothing at all and has the syslog mark option enabled.
<jmarsden> zroysch1: Actually you can do the date conversions on the command line if you prefer, just type
<jmarsden> dmesg |perl -e 'while (<STDIN>) { /^\[([0-9]+)(.*)$/ ; print "[" . localtime($ARGV[0] + $1) . $2 . "\n"; }' 1234567890
<jmarsden> And adjust the 1234567890 to the correct value for your machine :)
<zroysch1> appreciate it
<zroysch1> it seems that an ssh connection from the internet is finally stable.
<billybigrigger> jmarsden, do you have a linode account?
<jmarsden> billybigrigger: No, I've just heard good things from several Ubuntu people who do.
<billybigrigger> ahh ok
<billybigrigger> just wondering what the setup time is
<jmarsden> Minutes, they advertise.
<billybigrigger> fair enough
<jmarsden> The signup page says "Accounts are activated instantly when possible. " :)
<billybigrigger> jmarsden, hmmm linode network link doesn't seem that great
<billybigrigger> i've tunneled both me and my buddy to my linode server and we're both getting only 200kb/sec
<jmarsden> billybigrigger: If you create a user for me on your server I can ssh in from here and test bandwidth to/from both my home and from other servers which have plenty of bandwidth,,,
<billybigrigger>  1% [                                       ] 77,941,856  2.52M/s  eta 27m 50s
<billybigrigger> thats from wget
<billybigrigger> just don't have a decent place to scp a file to test this upstream
<jmarsden> 2.52M/s == 2.52 Megabytes per second, so that's 20 mbits/sec which seems reasonably quick to me...
<billybigrigger> not no 100mbit i thought i would have though :)
<billybigrigger> that's the same downlink as my home connection
<billybigrigger> just that my home connection has a crap uplink
<billybigrigger> and by the looks of it, so does linode
<jmarsden> get me an ssh login and I'll test both ways from a server at a major datacenter to and from your server...
<billybigrigger> check pm
<jmarsden> Got it... here we go...
<billybigrigger> jmarsden, i don't see you logged in
<jmarsden> 1.7Mbytes/sec from me to you, 1.4Mbytes/sec from you to me, over ssh.  Pretty decent for a small slice
<jmarsden> I scped rather than sshing in for each connection, use last to see the two brief scp sessions
<billybigrigger> hmm some claim in the linode irc chan 50mbps
<billybigrigger> for uplink
<jmarsden> Do they have a larger slice?  it may be allocating bandwidth based on the size of your slice??
<billybigrigger> i asked for my 360 account
<billybigrigger> <amitz> 50mbps, upgradeable for free if you have legitimate/acceptable reason to be so.
<jmarsden> Hmm.  Well, at the moment you're not seeing that, at least not to where I tested.  And I don't *think* the server I used would be the limiting factor...
<billybigrigger> did you test from a datacenter?
<billybigrigger> or just your home link
<jmarsden> Yes, from a Verio datacenter where I admin a work server
<billybigrigger> what's 50mbps, like 6Mbytes/sec roughly?
<jmarsden> Yes.  But does it matter to you -- if you get anywhere close to 2Mbits/sec your cable will become the limiting factor anyway :)
<billybigrigger> of course
<billybigrigger> my connection SHOULD be the bottleneck
<billybigrigger> but it's not by the looks of things
<billybigrigger> not even seeing close to the 1.7/1.4 mbytes you saw though
<billybigrigger> 200k/sec here and 250k/sec for him
<jmarsden> So if you do    scp -pv -P 2222 bigfile user@ipaddress:      what do you see?  Then scp -pv -P 2222 usedr@ipaddress:bigfile bigfile2  to try it from the server to you.
<billybigrigger> ssh -p 2222 74.207.252.123 -L 2222:news.astraweb.com:119
<billybigrigger> does that look like a correct ssh tunnel?
<jmarsden> Yes, looks fine to me.
<billybigrigger> thought so
<jmarsden> News may not be a good bandwidth test... lots of small articles...
<billybigrigger> whats a quick way to spit out a 10MB test file on this server?
<pmatulis> use dd
<jmarsden> dd if=/dev/random of=testfile bs=1024 count=10240
<billybigrigger> 100%[======================================>] 10,485,760  23.6M/s   in 0.4s
<billybigrigger> nevermind, found one on the net
<billybigrigger> that was quick
<jmarsden> There is also one in ~jmarsden on your server (from my tests) :)
<billybigrigger> ahh :)
<billybigrigger> could it be the limitation of openssh or the tunnel?
<jmarsden> You'd have to have a very slow CPU for the ssh crypto to slow down that far.
<jmarsden> On a 486, sure, it might be a limitation :)
<jmarsden> If you are really testing newsfeed speed, can you download news fast on the server itself using a shell-based newsreader?
<billybigrigger> well i'm just going to have to setup apache and host this 10mb.bin somewhere
<billybigrigger> this is odd
<billybigrigger> http://74.207.252.123/10mb.bin
<jmarsden> What's odd?  1.14Mbytes/sec download to here ~= 10Mbit/sec which is my download speed... seems fine to me :)
<jmarsden> 1.6Mbit/sec to "my" server in a datacenter, but I think the file is too small to really be a good test at those speeds, it was still speeding up when the download ended.
<jmarsden> *1.6Mbyte/sec
<billybigrigger> <HoopyCat> a little slow to get going at first (mind you, i'm coming at it from approx. 3000 miles away), but 3.11MB/sec -> 24.88Mb/sec, trending faster.  with a larger file, it'd fly
<billybigrigger> <HoopyCat> 22:39:55 (3.11 MB/s) - `/dev/null' saved [10485760/10485760]
<billybigrigger> <billybigrigger> 3.11MB/s is nowhere near my 231K/s :)
<billybigrigger> <HoopyCat> from my house, 2009-11-22 22:41:45 (1.68 MB/s) - `/dev/null' saved [10485760/10485760]
<billybigrigger> he's 3000 miles from my server, i'm only 1500 miles
<billybigrigger> i'd be happy to see 1MB/s
<twb> Is WUBI the same thing as goodbye-windows.com?
<kshah> I somehow botched my postfix configuration, I set home_mailbox to Maildir/ but I still see mail going to /var/mail/user .. ideas?
<billybigrigger> did you restart postfix?
<kshah> yes
<kshah> billybigrigger: yes I was following Ubuntu server guide on postfix, so I also have dovecot up.. I'm not great setting up email daemons
<kshah> my ultimate goal here is to setup procmail
<WALoeIII> use google apps
<WALoeIII> mail SUCKS
<WALoeIII> but you already know that.
<kshah> but it seems like procmail needs the mail in the /home/user/Maildir format
<jmarsden> twb: No, WUBI installs Linux within files inside the WIndows filesystem, or used to... goodbye-windows.com looks like a way to boot a Debian installer from Windows, but you need to repartition etc etc as normal.
<jmarsden> kshah: No, procmail will work on normal mailbox files too, or it did a few years ago for me...
<twb> jmarsden: OK.  I was confused on that point, since goodbye-windows also appears to run as a Windows .exe
<kshah> jmarsden: awesome, and I'll go that route if I can't figure this out, but I do also want to know why my setting isn't taking effect
<billybigrigger> jmarsden, would a proxy server help out my speeds here at all?
<kshah> cat /etc/postfix/main.cf | grep home_mailbox # => home_mailbox = Maildir/
<jmarsden> billybigrigger: Well, for browsing static web pages it might, but that's not what you are trying to speed up...
<billybigrigger> so pretty much, my connection to my server sucks, but it's great for everyone else :)
<qman__> billybigrigger, a proxy server only increases speeds on files you have already downloaded before
<jmarsden> billybigrigger: Looks like it :)  Which is pretty odd...
<qman__> so it helps in multi user environments
<qman__> but that's about it
<billybigrigger> jmarsden, i should have looked into a canadian vps
<twb> billybigrigger: a proxy for what?  HTTP?
<jmarsden> billybigrigger: Well, you have 7 days to test it for free, if you find something better you can drop Linode within that time and get your money back.
<jmarsden> At least, they used to offer that, I think they still do.
<twb> Probably takes a week to get a VPS fully configured anyway
<qman__> billybigrigger, what type of internet connection are you using?
<twb> (Just like any other server.)
<qman__> 1MB/s is more than a lot of home connections can do
<billybigrigger> 25mbps advertised
<billybigrigger> i can get around 2.0 - 2.5/MB/s downloads, with a 120K/s upload
<qman__> ah
<twb> Incidentally, an HTTP proxy like polipo uses some tricks to reduce latency even for URLs that aren't cached, such as upgrading the connection to HTTP 1.1 and using multiplexing.
<twb> billybigrigger: that'll just be because you're a ways from the exchange, or have a lot of line noise
<twb> Obviously another way to make browsing faster is to disable flash, images, js, css, etc.
<billybigrigger> not trying to speed up browsing
<jmarsden> twb: or use lynx :)
<twb> I use w3m, actually.
<billybigrigger> me and a buddy are sharing a usenet account, and we're both tunneling over ssh into this VPS i bought, so we can both use the news server at the same time
<billybigrigger> but we're only seeing like 200k/sec each
<billybigrigger> 200K/sec sorry
<billybigrigger> http://74.207.252.123/10mb.bin
<twb> billybigrigger: you could set up leafnode (an NNTP proxy)
<billybigrigger> what do you guys get for download speeds from this server?
<billybigrigger> twb, is it going to be any faster than this ssh tunnel?
<twb> billybigrigger: latency is not the same as speed
<billybigrigger> even when i ssh into this server it seems lagged to hell
<twb> billybigrigger: if leafnode has already downloaded news to your local machine overnight, then you don't need to wait for it to come down while you're reading it -- so latency is reduced even though you're probably downloading more overall
<billybigrigger> typing takes forever...
<twb> billybigrigger: you should also investigate QoS
<twb> billybigrigger: also, you should check the load on the remote host -- it might be that someone is running e.g. emacs or firefox there
<twb> 15:09 <billybigrigger> http://74.207.252.123/10mb.bin
<twb> 100 10.0M  100 10.0M    0     0   127k      0  0:01:20  0:01:20 --:--:--  129k
<twb> That's 129kB/s, I think.
<billybigrigger> hmm
<jmarsden> twb: He'd need a fair amount of disk space and bandwidth to maintain a leaf node, though -- how big is a full Usenet feed these days?
<twb> jmarsden: leafnode can proxy selective groups
<jmarsden> billybigrigger: ssh to your VPS has no discernible lag from here in Southern California...
<twb> jmarsden: actually its default behaviour is only to pre-fetch groups you have tried to read in the last N days
<jmarsden> twb: OK, that sounds workable.
<twb> So if you read all articles in a group, leafnode shouldn't be significantly more intensive than not using leafnode
<billybigrigger> hmmm....i use nzb's mostly, i don't even subscribe to any groups
<twb> nzb's?
<twb> Is that a newsreader?
<billybigrigger> no
<billybigrigger> pan i use for the newsreader
<billybigrigger> nzb is just for downloading binaries
<twb> Oh, you are an alt.sex.binaries weenie
<billybigrigger> bahaha
<billybigrigger> not quite
<twb> alt.sex.furries.binaries?
 * jmarsden thinks alt.sex.* preferences are probably off topic in #ubuntu-server :)
<twb> So, has anybody tried ext3's transparent compression functionality?  Is it reliable?
<twb> I'm wondering if I can/should turn it on for stuff like ~/Mail and ~/News, which are guaranteed to be lots of small text files.
<jmarsden> I've never tried it, but have wondered about it... is it still "an unofficial patch" ?  I'm not sure how much I trust an unofficially patched filesystem...
<billybigrigger> you doing anything important on that vps jmarsden? :)
<jmarsden> Nope :) I just left myself logged in after testing for keyboard lagginess that you reported :)
<billybigrigger> do you see it?
<jmarsden> No, it's lag-free for me.
<jmarsden> <jmarsden> billybigrigger: ssh to your VPS has no discernible lag from here in Southern California...
<billybigrigger> that vps is in cali, i'd sure hope not :)
<jmarsden> Looks like I'm ten hops and about 25ms away from it.
<mylogic> o.o
<jmarsden> billybigrigger: 1 100MByte test file makes the bandwidth of your VPS look better: 4.2Mbytes/sec scp transfer.
<billybigrigger> k i moved it to /var/www
<billybigrigger> 4% [>                                      ] 4,233,872    178K/s  eta 5m 37s
<billybigrigger> wget http://74.207.252.123/100MB.testing
<billybigrigger> i think i just need to get a VPS host here in canada or something
<jmarsden> Could be.
<billybigrigger> everyone else seems to be able to pull over a MB/s from it, and i can barely break 300KB/sec
<jmarsden> Are binaries from Usenet really worth all this effort? :)
<billybigrigger> no i actually have a host, thefrozencanuck.ca that i have www/mail and a bunch of junk on here on a VM on my home connection
<billybigrigger> i wouldn't mind having it hosted somewhere else
<jmarsden> OK.
<billybigrigger> but on a host that has a better connection than my home connection :)
<uvirtbot`> New bug: #486950 in php5 (main) "php5-cgi should be compiled with the --enable-pcntl option." [Undecided,New] https://launchpad.net/bugs/486950
<smackdaddy> whats a good webmail server for ubuntu 9.10 that lets users create their own accounts?
<Sam-I-Am> generally users shouldnt be creating their own accounts
<smackdaddy> well, yes , i mean that lets them change their passwords from within the webmail page
<billybigrigger> check out roundcube
<smackdaddy> i tried squirrelmail it didnt have it
<billybigrigger> dunno if you can change user/pass though, as it just reads your systems users
<smackdaddy> ah
<Sam-I-Am> usually password management is not a function of the mail client
<billybigrigger> i think you can setup roundcube to read users from a db though
<billybigrigger> Sam-I-Am, yeah exactly
<Sam-I-Am> what i've done in the past is made a web page for password changes
<crohakon> billybigrigger, you drive semi trucks?
<billybigrigger> nope
<billybigrigger> work on oil rigs :)
<smackdaddy> alright, thanks
 * smackdaddy installs roundcube
<crohakon> billybigrigger, damn... ever been to an asteroid? =)
<billybigrigger> ever been to an asteroid?
<billybigrigger> i don't understand your question
<crohakon> billybigrigger, do you often sing "Leavin on a jet plane"?
<billybigrigger> ahh...haha not in awhile
<crohakon> =)
<Sam-I-Am> billybigrigger: they have internet connections on those?
<crohakon> Sam-I-Am, of course they do.
<billybigrigger> yeah they do
<crohakon> Sam-I-Am, they have to send and receive data all the time. Most likely satellite?
<billybigrigger> yeah usually the operator's office usually wants to watch the rig data, and usually some bigshot's with all the $$$ in houston like to watch what your doing aswell :)
<crohakon> billybigrigger, one last off topic question... Are you in the gulf?
<billybigrigger> nope
<billybigrigger> i live/work in canada
<billybigrigger> eh
<crohakon> oh, nice
<pwnguin> (Error code: ssl_error_rx_record_too_long)
<crohakon> pwnguin, ssl with zen-cart? =)
<pwnguin> just followed the wiki
<pwnguin> https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
<pwnguin> crohakon: any idea?
<maxagaz> hi
<crohakon> pwnguin, was I right? Zen Cart?
<pwnguin> no
<crohakon> pwnguin, oh... nope, I can't help. I am getting the same issue with zencart and ssl
<pwnguin> i have no idea what zencart is
<pwnguin> im guessing a php app for ecommerce
<crohakon> pwnguin, shopping cart e commerce stuff
<pwnguin> crohakon: im pretty sure the problem is unrelated to your cart, except for the part where ecommerce requires SSL
<pwnguin> crohakon: check your virtualdirectory apache config
<crohakon> pwnguin, figured as much as well... I just reinstalled it without ssl as I am just playing around with it.
<crohakon> seeing if I like it
<crohakon> *shrugs*
<pwnguin> yea, i had <VirtualHost *:80>
<pwnguin> SSL dont like that
<Sam-I-Am> well you can run one ssl vhost... then the other ones wont work without other IPs heh
<pwnguin> well, i just have the one domain
<Sam-I-Am> time for zzz here...
<maxagaz> i have put my id_dsa.key in the .ssh/authorized_keys of a server, but still when i try to ssh to the server, it returns: Permission denied (publickey). why?
<pwnguin> because you did it backwards
<pwnguin> you need to put the .pub in the authorized keys file
<pwnguin> that way the server doesn't have your private key
<pwnguin> the id_dsa.key is stored wherever you wish to ssh FROM, and the id_dsa.pub is needed wherever you wish to ssh INTO
<pwnguin> maxagaz: there's a program that will actually deploy keys for you
<pwnguin> ssh-copy-id
<smackdaddy> how do i configure roundcube
<pwnguin> judging by my server logs, poorly
<pwnguin> seems like im always getting roundcube attack attempts =/
<smackdaddy> it sucks?
<smackdaddy> i cant even get it installed
<smackdaddy> or working..
<smackdaddy> its installed
<maxagaz> pwnguin, i don't have password access to the server, so ssh-copy-id won't work
<pwnguin> well, then you get to do it the hard way
<maxagaz> pwnguin, what is the hard way ? I already put the content of my user's id_dsa.key at the end of the authorized_keys of the distant user on the remote server
<maxagaz> pwnguin, is there something else to do ?
<pwnguin> maxagaz: yes. delete that, becuase it's the wrong thing
<pwnguin> maxagaz: do you know how public key encryption works?
<maxagaz> pwnguin, partly
<pwnguin> you want the user's public key on the server
<pwnguin> however, you put the private key on the server
<maxagaz> pwnguin, no, i did put the public key
<maxagaz> pwnguin, id_dsa.pub
<maxagaz> (pwnguin, sorry for saying id_dsa.key)
<pwnguin> then you have a long night ahead of you
<pwnguin> perhaps blow away the auth_keys file
<pwnguin> and maybe make sure the keys are matched
<maxagaz> pwnguin, actually i can access the server via another address and port, with password, so I've add the pub key from it using ssh-copy-id, now i can access the server from this way without password, but if i try to access the server from its other address and other port, it returns: Permission denied (publickey). Why?
<pwnguin> not sure. im not quite the expert at configuring servers yet
<crohakon> so, when I try to connect to my ftp server from outside my lan I get Response:	227 Entering Passive Mode (192,168,1,2,209,60) and Status:	Server sent passive reply with unroutable address. Using server address instead.
<crohakon> How do I fix this?
<jmarsden> crohakon: Tell your FTP server what your external address is and that it needs to use it in port commands.
<crohakon> I use vsftpd... where do I start?
<jmarsden> crohakon: the man page for vsftpd, I would think... :)  Let me look...
<crohakon> jmarsden, nothing in the man page
<jmarsden> Did you also read the man page it points to, man vsftpd.conf ?  I think not.
<crohakon> =(
<jmarsden> Hint: search for pasv_address
<crohakon> okay, what if I have a dynamic IP?
<jmarsden> I think you are somewhat stuck; you can use pasv_addr_resolve to resolve your dyndns hostname at vsftpd startup time, but if it changes underneath the vsftpd instance it will break until you restart vsftpd.
<jmarsden> Does your ISP really sanction file servers on dynamic IP addresses, by the way?
<crohakon> So I can used the pasv_addr_resolve=YES with pasv_address=whatever.dynhost.com
<crohakon> ?
<jmarsden> Right.
<crohakon> And that should work?
<crohakon> Great.
<crohakon> Thanks man.
<jmarsden> It will "work" until your dynamic address changes, I think.
<crohakon> Well, it now resolves, but still fails to connect.
<smackdaddy> i keep getting connection refused with vsftpd
<qman__> FTP is a nightmare, suggest SFTP instead
<smackdaddy> whats the command to open ftp
<jmarsden> crohakon: do you have the relevant range of ports open for incoming PASV FTP connections?
<crohakon> do they use something different then the normal port? I currently have the server listening on port 93
<crohakon> and I have the router set to forward all connections on port 93 to the server
<qman__> crohakon, you need both the FTP listening port and a range of high ports
<crohakon> How do I get that range?
<qman__> assigned to the FTP server, all forwarded
<jmarsden> crohakon: Yes.  Very much so.  To run an FTP server that supports PASV mode FTP you need a range of ports too. ... read the vsftpd.conf man page again... :)
<qman__> this is why I hate FTP, and suggest SFTP instead
<qman__> on top of only needing one port, the default is not filtered by your ISP
 * crohakon sighs
<qman__> and you won't have any dyndns issues
<jmarsden> crohakon: pasv_min_port and pasv_max_port are your friends .  As you are discovering, FTP was not designed to have FTP servers run behind home NAT/firewall boxes.
<jmarsden> It can be made to work, as long as you understand it.
<crohakon> those are not in the man page, but I guess I get how they work. pasv_min_port=5000 pasv_max_port=5100  and it will then use 5000 through 5100?
<qman__> yes
<crohakon> okay
<qman__> and you need one port per connection
<jmarsden> They are in my man page... but yes.
<crohakon> Is the page alphabetical?
<qman__> and it will choose randomly, so make sure you forward the entire range
<jmarsden> crohakon: No idea, I searched for the word "range" to find them quickly.
<crohakon> so if I only expect say, 4 connections at a time then I only have to have a 4 port range?
<jmarsden> Yes.
<qman__> technically yes, but you should have extras
<qman__> and be aware that one person may make multiple connections
<qman__> some clients transfer multiple files and browse at the same time
<qman__> opening lots of connections
<jmarsden> I've generally used 1000 ports for this on FTP servers behind NAT.  Just so there are plenty available :)
<jmarsden> 100 should be fine in practice.  4 .. could be limiting.
<qman__> yeah
<pwnguin> anyone know of a photo gallery webapp that's similar to the flickr API?
<pwnguin> or otherwise popular enough to have linux apps supporting it?
<crohakon> Response:	425 Security: Bad IP connecting. <---- getting this now =( damn
<qman__> as was mentioned before, FTP was designed before firewalls and NAT
<qman__> as such it's very difficult to make it work
<crohakon> I am almost to the point that I want to connect the server directly to the modem and place the router and switches behind it...
<crohakon> I have a spare nic card lol
<qman__> still not sure why you want FTP, SFTP is better in every way
<crohakon> Well, I already have vsftpd setup to work with my MySQL server for account names and such....
<crohakon> So, I kind of want to push on and make it work.
<qman__> ok
<qman__> well, check the connection log and see what IP your client is giving to the server
<crohakon> okay, so the log tells me that I am connecting from 192.168.1.3 (which is correct, it is the IP I have set for my laptop)
<qman__> ok, let me put this into perspective
<qman__> since FTP isn't designed to work with NAT, in order to allow external connections, you have to tell the FTP server it's using the external IP
<qman__> but when you do that, connections from LAN cease to work
<jmarsden> crohakon: Wait... I thought you were configuring this for connections from the outside...!
<twb> You can run FTP over a NAT
<qman__> so you can either go from the net, or you can go from local
<twb> You need to use some conntrack magic on the router
<qman__> but not both at the same time unless you configure the router specially
<crohakon> jmarsden, I am configuring it to work from the out side... but I also want to connect from the lan as well. I have friends that need to connect from the out side.
<qman__> and unless you have a router with dd-wrt or linux or something, you probably can't do that
<jmarsden> crohakon: qman__ is correct -- you didn't specify you needed this to work from the LAN earlier.  Unles you can make your router sing and dance, pick one or the other.
<crohakon> I honestly don't use the ftp access much as I mostly wget files to the server...
<qman__> the FTP server can only accept connections to a certain IP, and it must either be your LAN IP or your internet IP, not both
<jmarsden> crohakon: Then test it from the Internet, not from a machine on your lcoal LAN.
<crohakon> How do I test it from the internet?
<qman__> call one of your friends ;)
<jmarsden> crohakon: ssh out to some other box, ftp in from there...
<crohakon> ... *sigh*
<billybigrigger> open your ftp connection to your IP address should route outside the lan, and back in
<billybigrigger> ie 79.25.154.245 for example, not your LAN ip of 192.168.1.1 or whatever
<qman__> it would, but only if the router can handle it
<qman__> most routers can't by default
<crohakon> and I doubt this router can
<crohakon> So...
<qman__> it requires some magic
<crohakon> So, if I connect the server directly to the modem, and then route my other computer through it, would that resolve the issue?
<qman__> yeah, but it would bring up a whole bunch more
<billybigrigger> hehe not worth it
<qman__> you'd be running ftp on your router
<qman__> which is a bad idea
<qman__> every day of the week
<crohakon> modem <-- server <--- wireless/4port router <--- switches
 * crohakon sighs once more
<qman__> when you do that, your server becomes the router
<qman__> you have to configure NAT and masquerading
<qman__> and be very careful how you set up your firewall
<crohakon> qman__, I figured that.
<qman__> and running services on the router itself to the internet is a bad idea
<billybigrigger> whats wrong wtih sftp or scp?
<crohakon> okay, so, when it comes down to it I don't really care if I can ftp from inside my network. I mostly wget and edit files via ssh anyway.
<crohakon> My friend that is attempting to connect to it, however, is still unable to connect.
<qman__> then the configuration you have now is likely correct
<jmarsden> crohakon: What exact error does your friend see?
<crohakon> port forwarding is set correctly, conf looks correct as well
<crohakon> connection was closed by remote host
<qman__> what does the server log say
<crohakon> CONNECT: Client "xxx.yyy.zzz.vvv"
<crohakon> no other information
<qman__> I just made a connection attempt
<qman__> it asked me for a user/pass and gave me incorrect login
<qman__> so it's probably a problem with your friend's client
<crohakon> It seems he was using an SFTP client
<crohakon> fugu or something for max
<crohakon> mac
<crohakon> He is going to download a new client and try again. =)
<crohakon> thanks for everyones help thus far.
<jmarsden> crohakon: Assuming his Mac runs OS X, can't he open a Terminal window and use the command line ftp client?
<crohakon> jmarsden, I don't know.. never used a mac... and he is not exactly a power users...
<crohakon> user*
<jmarsden> OK.
<billybigrigger> i never touched a mac or osx but isn't it based on a linux kernel?
<qman__> BSD actually
<twb> OS X runs a FreeBSD-derived userland and a Mach-derived microkernel
<twb> Then they bolted on some GNU stuff
<twb> It's basically the sort of messy clustercruft you'd expect from the Unix Wars of the 1980s
<twb> (Fortunately, Debian runs perfectly well on any post-"old world" mac.)
<crohakon> he is running MacOS 10.4.11
<crohakon> I am trying to convert him to ubuntu, though not sure if it can install on his computer
<twb> crohakon: is it PowerPC or x86-64?
<twb> crohakon: Ubuntu will run on either, but I believe the former's support is unofficial
<crohakon> powerPC
<qman__> yeah, not every release has a ppc version, and they're generally unsupported
<qman__> but they do exist
<crohakon> btw, qman__ tested the ftp server and it works fine. Thanks for all the help.
<Bo7> Hello! How can I limit the bandwidth that my apache2 web-server is using?
<twb> Bo7: tx or rx?
<Bo7> upsteam mostly
<crohakon> Well, when I convince him to try ubuntu I will bother the people in #ubuntu =)
<twb> Bo7: first of all, look at your httpd logs and realize that most of it is web crawlers like the google bot.
<twb> Bo7: then, either write a robots.txt that simply tells them to bugger off, or instead actually fix your website so it is "cache friendly", e.g. using e-tag and expiry headers.
<Bo7> twb, well, I host some big files and I want to limit the total bandwidth for all downloaders, so the other apps don't suffer. I don't think robots is a big problem for me really
<twb> You could set up per-IP recency and rate limits in iptables.
<twb> Probably this can be done in apache, too.
<Bo7> aha, if I do that in iptables will it interfere with UFW which I use?
<twb> IIRC the hentai.plan9.de webmaster has set up something pretty solid, you could email him and ask for details.
<Bo7> but there's not like a simple config-setting in apache for limiting then?
<twb> I don't know.  #httpd (apache's channel) would
<twb> I tend to stick to extremely simple httpds like thttpd and busybox httpd.
<Bo7> allright
<martin-> Does the jeos edition of ubuntu 8.04 have lts?
<twb> LTS is provider on a per-package basis, AFAIK
<martin-> yeah, you're right
<twb> Whether any given package receives five years of support depends on something obscure
<twb> http://bazaar.launchpad.net/%7Enijaba/ubuntu-maintenance-check/trunk/
<twb> I use that to find out whether a package will be supported.
<martin-> but it doesn't matter anyway as there doesn't seem to be an amd64 version of jeos 8.04
<twb> I have to say I take a rather jaundiced view of just slapping together some branding on top of some arbitrary subset of the main archive.
<twb> Or does JeOS actually do something useful, like repace coreutils with busybox?
<twb> martin-: wikipedia claims there is an x86-64 version
<martin-> then where is it? :o
<twb> Oh sorry, it says "AMD x86"
<twb> I think they just mean "x86" and are writing for non-techs
<martin-> ok
<_ruben> jeos isnt even all that much smaller than a clean server install .. so disk footprint wouldnt be an issue .. it does come with fair ammount of less packages, which mostly annoyed me, stuff like tab completion and the likes
<twb> _ruben: it says 380MB -- I'm pretty sure a stock d-i install without tasksel tasks checked is more like 200MB
<martin-> disk footprint doesn't really matter
<martin-> more interested in the optimized kernel and the vmware-optimizations
<twb> martin-: what are they?
<twb> martin-: the jeos documentation conspicuously doesn't say
<martin-> no idea, it just sounds good :P
<twb> If Ubuntu wasn't partly FOSS, I'd be inclined to dismiss it as marketing vapourware
<martin-> the VMs I'm setting up have a very specific purpose (one DB and one application server)
<martin-> anything else doesn't matter
<martin-> well, yeah
<martin-> it's currently running some ancient red hat enteprise linux 4, which doesn't even have yum
<twb> I suspect all that jeos is is a preseed that disabled ubuntu-standard (but leaves ubuntu-minimal in), and forcibly installs openvm-tools, the FOSS fork of the crap that VMware wants guest OSs to taint their kernels with.
<_ruben> there's no vmware optimizations in jeos
<_ruben> its just a stripped down -server kernel (less modules)
<twb> And even that kernel tainting doesn't provide anything useful if you're using VMware Server, since hgfs isn't implemented there and you (presumably) aren't doing 3D graphics
<twb> _ruben: so they're using kernel packages that aren't in the main archive?
<_ruben> nor does it do open-vm-tools, as jeos isnt vmware specific
<twb> Heh.
<martin-> so nothing special about -virtual kernels?
<_ruben> only that it provides the bare minimum of modules for a vm to work
<twb> _ruben: depends on the VM, too, I expect :-)
<twb> _ruben: for example, some VMs might want ipt_*
<_ruben> and perhaps a few tweaked clock settings, which usualy dont need recompile anyway
 * \sh uses always the standard -server flavour with vmware modules ... which gives me a bit better memory sharing between the vms...but I'm not using vmware-server but vmware ESX
<martin-> esx here too
<_ruben> esxi here
<twb> As for me, I am eagerly awaiting LXC productization
<maxagaz> how to ssh with a given private key ?
<\sh> ssh -o IdentityFile=<path>/<filename of priv key> user@host
<\sh> or use ~/.ssh/config
<Gorlist> good day, does anyone here run fail2ban on 8.04, proftpd?
<twb> In current openssh-client, you can even use %r, %h, etc. in your .ssh/config
<twb> Gorlist: nope.  Have you considered migrating to SFTP (read-write access) + HTTP (read-only access)?
<Gorlist> ive not, using plesk however
<twb> And/or a simple iptables -m recent rule to limit repeated connection attempts from specific IPs?
<twb> plesk doesn't really have anything to do with how you provide remote file access to your users...
<Gorlist> ive considered that :) and may use it later on but trying to figure out this specific problem
<Gorlist> still would like to have fail2ban working, just getting a fault with proftpd
<twb> Depending on your use case, if -m recent was working you could get rid of fail2ban
<Gorlist> well at the moment im using ufw, though was going to sit down at somepoint, hopefully learn iptable setups as well as applying the rate limit
<twb> Hm, does fail2ban even use ipset when you're hooking it into iptables?  Or does it simply add ridiculous numbers of individual iptables rules to INPUT?
<Gorlist> ipset I believe, might be wrong however
<twb> Good, good.
<Zeboss> hello
<acalvo> someone using ldap with replication?
<twb> acalvo: what's your real question?
<acalvo> I've been working with ldap and replication for a month or so, but the last days one of the servers does not respond to queries. However, I can retrieve all the objects of the tree, and I can browse it thru the apache directory studio
<acalvo> and I was wondering why this behaviour, and if it's realted to the some cn=config attribute
<uvirtbot`> New bug: #236719 in ntp (main) "ntp doesn't support proxy" [Undecided,Invalid] https://launchpad.net/bugs/236719
<zul> morning
<jbernard> zul: morning
<jbernard> zul: made it back okay, no jetlag?
<zul> jbernard: yep no delays and no jetlag
<zul> jbernard: you?
<jbernard> zul: no delays for me, im in good shape
<zul> jbernard: coolio
<uvirtbot`> New bug: #228442 in virt-manager (universe) "KVM eats 100% CPU, Host Hardy64, Guest XP with more than 1 VCPU" [High,Triaged] https://launchpad.net/bugs/228442
<uvirtbot`> New bug: #239068 in tftp-hpa (main) "tftpd-hpa is not working on Edubuntu 8.04 upgraded system." [Low,Incomplete] https://launchpad.net/bugs/239068
<uvirtbot`> New bug: #399993 in tftp-hpa (main) "package tftpd-hpa 0.48-2.3ubuntu1 failed to install/upgrade: subprocess post-installation script returned error exit status 71" [Low,Invalid] https://launchpad.net/bugs/399993
<uvirtbot`> New bug: #415410 in squid-langpack (main) "MIR for squid-langpack" [Low,Incomplete] https://launchpad.net/bugs/415410
<uvirtbot`> New bug: #487098 in quota (main) "package quota (not installed) failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/487098
<uvirtbot`> New bug: #345712 in samba4 (universe) "package samba4-common 4.0.0~alpha4~20080727-1ubuntu1 failed to install/upgrade: subproces post-installation script gaf een foutwaarde 2 terug" [Undecided,Incomplete] https://launchpad.net/bugs/345712
<Italian_Plumber> is there a contest for oldest machine running hardy?  I have mine on a Pentium III 450... I'm sure I'm not the oldest.
<incorrect> i know someone running a PII
<incorrect> with 256mb
<Italian_Plumber> sounds fun
<incorrect> i would imagine we could find someone out there running a k6
<Italian_Plumber> thats an old AMD processor, right?
<incorrect> yes
<Italian_Plumber> equivalent to Intel....
<incorrect> Pentium
<incorrect> i think i might have a K6-233mhz
<incorrect> maybe i could find my P166
<incorrect> mm 16mb
<incorrect> that was an awesome machine
<Italian_Plumber> would it run on a 486 or 386?
<incorrect> suck it and see
<incorrect> depends if it is compiled for 686 or 386
<incorrect> i would imagine its 686 minimum these days
<Italian_Plumber> 686is equivalent to PII?
<incorrect> http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html#i386-and-x86_002d64-Options
<_ruben> there's still a 386 kernel avail .. wouldnt surprise if me if that'd get dropped sometime
<soren> stgraber: Heheh.... That thing I though was preventing LXC to work from libvirt.. That was in Jaunty. I'm getting old.
<soren> stgraber: The only reason it doesn't work in Karmic is because of Apparmor.
<soren> stgraber: If you switch libvirtd to complain mode, it works just fine.
<jdstrand> stgraber: you can also adjust the profile. See bug #480478 for details
<uvirtbot`> Launchpad bug 480478 in libvirt "libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc" [Medium,Triaged] https://launchpad.net/bugs/480478
<soren> jdstrand: I'm not entirely convinced that's sufficient.
<soren> jdstrand: I will know in a minute. You're supposed to be on holiday, by the way :)
<soren> jdstrand: Ok, so if I add that to the profile, what do I need to to do reload it?
<jdstrand> soren: apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.libvirtd
<jdstrand> soren: that will make it work with apparmor. as to how well lxc works with libvirt atm, I can't say-- I've heard 0.7.0 doesn't work too well
<soren> jdstrand: Obviously
<soren> Well, it seems to work for me.
<soren> I wasn't entirely sure about some of the interactions there, but it seems to actually do what I want it to.
 * jdstrand has no idea
<soren> jdstrand: Do you see any reason not to SRU this into Karmic?
<soren> It seems like very low hanging fruit.
<jdstrand> soren: I plan to  SRU it and another bug. but the SRU will use a different rule to enable it
<soren> jdstrand: Can I see it?
<jdstrand> soren: bug #484562
<uvirtbot`> Launchpad bug 484562 in libvirt "apparmor prevents libvirt-vnc certificate from being read" [Undecided,New] https://launchpad.net/bugs/484562
<jdstrand> soren: I think for bug #480478 I would actually use:
<uvirtbot`> Launchpad bug 480478 in libvirt "libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc" [Medium,Triaged] https://launchpad.net/bugs/480478
<jdstrand> /usr/lib/libvirt/* PUx,
<soren> jdstrand: Sorry, not the other bug, but the different rule.
<soren> What's P for?
<jdstrand> soren: the P says to transition to another profile
<jdstrand> soren: the U says to go unconfined if the profile doesn't exist
<jdstrand> soren: I would do this because in 0.7.2 virt-aa-helper is moving to /usr/lilb/libvirt
<jdstrand> s/lilb/lib/
<soren> I'm not sure I understand that. I mean.. This is being defined /in a profile/. How can the profile not exist?
<jdstrand> and therefore it would be more consistent and slightly easier on upgrades for people who modify the profile
<jdstrand> soren: the rule is a globbing rule
<jdstrand> soren: there are several helpers in /usr/lib/libvirt
<jdstrand> soren: in the future, one will have a profile, and the other two won't
<soren> Ok.
<jdstrand> soren: we can either be very specific and list the helpers individually, or stick with the globbing rule and use PUx
<jdstrand> I like the globbing rule so that it will work if libvirt adds more helpers
<soren> Right, ok.
<jdstrand> soren: actually, if you plan to be doing the SRU, perhaps use 'PUxr', I see 'r' is in the existing profile
<jdstrand> soren: but I plan to do the SRU next week
<soren> jdstrand: I'm in no hurry :)
<jdstrand> heh
<jdstrand> np
<soren> Ok, so the P transitions to another profile. Which other profile? How is that defined?
<soren> Oh, I see it at the bottom.
<soren> Let me just take that for a quick spin.
<jdstrand> soren: unless you name the profile explicitly using '->' in the rule, it will transition to a profile for the binary it matches
<jdstrand> soren: in this case, it will go unconfined for anything in /usr/lib/libvirt, cause there are no profiles defined for binaries in that dir
<jdstrand> soren: in 0.7.2, we will have /usr/lib/libvirt-virt-aa-helper
<soren> Oh, so the P is a no-op in this case?
<jdstrand> soren: yes. just there for consistency with the upgrade to 0.7.2 (for reducing the diff if people modified the profile on their own)
<uvirtbot`> New bug: #485361 in samba (main) "CIFS mounted drives do not allow write access to program other than nautilus, gedit or the command line" [Low,Incomplete] https://launchpad.net/bugs/485361
<stgraber> jdstrand: I'm pretty sure I'm the one who opened that bug ;)
<jdstrand> stgraber: oh, heh, so you are :)
<jdstrand> someone else hit it last week too, so I was thinking he reported it :)
 * jdstrand wanders off
<incorrect> how irritating sara.nl aren't giving the source to their dellomsa package
<stgraber> soren: started to play with lxc ?
<soren> stgraber: Yeah, just for giggles so far :)
<uvirtbot`> New bug: #486178 in ntp (main) "package ntp (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 127" [Low,Incomplete] https://launchpad.net/bugs/486178
<majuk> WOO HOO! Samba PDC makes me wanna UUUUHNNNN
<uvirtbot`> New bug: #454302 in munin (universe) "Missing dependency - apache_process plugin" [Wishlist,Triaged] https://launchpad.net/bugs/454302
<kshah> jeeeeez.. I'm really struggling here
<kshah> I've been trying to setup postfix to use /home/%u/Maildir to store mail
<kshah> and I've told dovecot to do the same
<kshah> now i see mail still coming in and using mbox
<kshah> except instead of /var/mail/user it's /home/user/mbox
<kshah> there is some key config setting i'm clearly missing
<essial> Hey guys, I have a mail server set up, and I can email anyone, BUT emails hosted at secureserver.net reject (as in, they can't recieve them). I am not on a blacklist, and reverse DNS APPEARS to be correct
<essial> I even opted out of that in-by-default blacklist
<essial>  (host mailstore1.secureserver.net[72.167.238.201] refused to talk to me: 554-p3pismtp01-003.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation.
<essial> host is metro1ems.com and every website that tests domains says it's clean and good
<ScottK> essial: Reputation services are all propietary and everyone uses a different one, so you've have to ask the people that run the server that's rejecting you,
<kshah> solved... mailbox_command... as my sys admin told me to do *sigh* listening
<essial> ok so basically I have to call godaddy then, right?
<ScottK> Yep
<ScottK> Good luck.
<essial> Yeah I had to do this once before
<essial> I really dislike godaddy
<majuk> 1and1 ftw?
<majuk> :D
<essial> I was thinking that maybe my reverse dns was not correct or something but I guess not
<billybigrigger> anyone here know a good vps host? preferably in canada?
<kshah> just use slicehost like everyone else ;)
<uvirtbot`> New bug: #288052 in dhcp3 (main) "/etc/resolv.conf inserts commas between Search Domains" [Medium,Confirmed] https://launchpad.net/bugs/288052
<kshah> that bot is making me wonder if their is a zero day policy for ubuntu
<ivoks> hi all
<ivoks> aj
<zul> hey ivoks
<zul> nijaba: done
<ivoks> hey guys
<nijaba> zul: that was QUICK :)
<nijaba> zul: thanks a lot
<zul> nijaba: well i just got it
<nijaba> zul: I know, I just wrote the request !
<nijaba> ivoks: hello Ante.  had a good trip back?  got your luggage too?
<ivoks> yes, got my luggage, but i'm very tired
<ivoks> i've spent 20 hours on planes and airports
<zul> only?
<ivoks> tomorrow i'm back in packaging business :)
<nijaba> ivoks: I bet you are more in the ubpacking business at the moment ;)
<ivoks> hehe
<ivoks> usually, i just leave my bags packaged and don't touch them for couple of days :D
<nijaba> Daviey: heya.  Safe trip back home?
<incentifit> Using ubuntu 9.10, I've set /var/www permissions to 0775 and group to root:publisher.  My user incentifit is a member of incentifit:publisher.  That user still cannot create new files and folders in /var/www.  What have I over looked?  (I've got notes from previous setup of 9.04 that work on 9.04 using same setup so I suspect something new or a bug)
<ivoks> incentifit: ls -dl /var/www
<incentifit> ivoks: I'm confused now.  I skimmed the -dl flags in man...  I sudo mkdir /var/www/hello then ran ls -dl /var/www and it returns nothing.  I plain ls shows the new folder.
<bogeyd6> uhm
<bogeyd6> that is impossible
<ivoks> ls -dl shows only the folder you are asking it
<ivoks> so ls -dl /var/www will not return /var/www/hello
<ivoks> just /var/www
<incentifit> right
<incentifit> ls /var/www shows the new hello
<ivoks> that's right
<orudie_> can i run xen on ubuntu server? if yes, what is the process of installing xen ?
<ivoks> so, what's confusing?
<ivoks> orudie_: xen?
<ivoks> orudie_: return to 21. century :)
<incentifit> I guess I expected the same... I need to reread ls -dl in the man.  So, what is it that you wanted me to return, which leads to an answer to my first question?
<ivoks> incentifit: -d doesn't do recursive
<incentifit> I don't see how ls -dl /var/www resolves the apparent permission issue
<ivoks> i do, that's why i asked
<orudie_> ivoks, what are you suggesting ?
<ivoks> you claim that /var/www has some permissions
<ivoks> i'd like to check them
<incentifit> ok...
<ivoks> so, please, paste the output of 'ls -dl /var/www'
<incentifit> ivoks: sorry, just sec...
<ivoks> or don't
<incentifit> drwxrwsr -x 3 root publisher 4096 2009-11-23 12:55 /var/www
<ivoks> ok
<incentifit> patience! :P  couldn't copy and paste
<ivoks> so, group publisher should be able to write there
<incentifit> yup
<ivoks> you do know you have setgid on that dir?
<incentifit> yes
<ivoks> and your user is member or publisher group?
<incentifit> yes
<imlad> Hello, what would I need to install on a client machine already running Karmic to run the 9.10 Server?
<ivoks> touch /var/www/testing_123 doesn't work?
<ivoks> orudie_: kvm
<incentifit> no, permission denied
<incentifit> confirmed cat /etc/groups shows my user in that group
<ivoks> did you log out and log in after adding that user into group?
<incentifit> yes,rebooted to
<bogeyd6> imlad depends, what services are you wanting to offer?
<imlad> bogeydo, I want to look at UEC on the same machine I am running my client on.
<incentifit> I've a very detailed setup of steps I created when building such a machine on 9.04.  I built many using those steps.  So, something is different about 9.10.  I suspect stronger protection, just dunno.
<ivoks> this are basic permissions
<incentifit> right
<ivoks> ls -dl /tmp/TEST/
<ivoks> drwxrwsr-x 2 root ivoks 4096 2009-11-23 20:33 /tmp/TEST/
<ivoks> touch /tmp/TEST/test
<ivoks> works
<ivoks> 9.10
<incentifit> chmod -R 0777 /var/www allows incentifit user to rw of course...
<incentifit> chmod -R 0775 /var/www and incentifit can no longer create files or directories
<bogeyd6> imlad i dont know much about the cloud, but here is something, http://www.ubuntu.com/cloud/private
<incentifit> cat /etc/groups shows user in group
<imlad> thanks, bogeydo.
<ivoks> incentifit: hm, it works here
<incentifit> and of course ls -l shows the user and group
<ivoks> ok
<ivoks> just to be sure:
<ivoks> adduser incentifit publisher
<kshah> I'm using postfix, and I have .forward file that I want to trigger a script, but I want to mail itself as well
<kshah> I can't seem to do this.. i"ve been trying for far far far too long
<incentifit> The user 'incentifit' is already a member of 'publisher'
<kshah> my .forward file looks like: | "echo 'awesome' >> /home/stream/foo.txt"
<lamont> kshah: \user, "|script"
<ivoks> incentifit: ok, chmod 777 /var/www
<kshah> lamont: is 'user' a variable there?
<ivoks> incentifit: then as user, touch /var/www/testing_123
<ivoks> incentifit: ls -dl /var/www/testing_123
<lamont> kshah: yeah
<lamont> the \ says "don't do forward file processing here, just use the user, dammit"
<bogeyd6> !permission
<ubottu> An explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions
<kshah> lamont: and thank you, #postfix.. was having too much trying holding their knowledge above my head
<kshah> friendlier crowd here
<bogeyd6> !help @ kshah
<ubottu> Sorry, I don't know anything about help @ kshah
<bogeyd6> !help | kshah
<ubottu> kshah: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<bogeyd6> kshah i meant !ohmy not help
<kshah> did i just get !help'ed after complimenting the channel :) ?
<kshah> heh all good
<lamont> kshah: actually, could you file a bug against postfix that the "manpage for aliases(5) does not document leading backslash"
<lamont> and I'll forward that upstream
<bogeyd6> !ohmy | kshah
<ubottu> kshah: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.
<kshah> amen!
<lamont> kshah: (postfix is my package in debian, you see...)
<lamont> kshah: and I'd rather be forwarding a user's original report than one of my own crafting
<kshah> lamont: and I thank you for it, I'll file that request. My only gripe was that the channel was less than kind to me
<kshah> (theirs not this one)
<lamont> fwiw, the procmail manpages document it, as does the sendmail aliases(5) manpage, as does......
<lamont> (I believe - haven't actually bothered to go verify any of that pile of festering assertion)
<kshah> i typically need to see examples / usage to be able to learn anything
<kshah> which I also fully recognize is unreasonable to expect all the time
<incentifit> ivoks: -rw-r--r-- 1 incentifit publisher 0 ............. /var/www/testing_123
<lamont> kshah: OTOH, the postfix aliases(5) manpage documents everything else about forward files --> iz bug
<lamont> kshah: if it's any help, I got told to go to #ubuntu last night.  meh.
<kshah> irc *sigh*
<lamont> mind you, I probably should have been there, I suppose.
<ivoks> hm
<ivoks> incentifit: same thing doesn't work if /var/www is 0775?
<kshah> I got told to use procmail which and got into an argument since I said I knew it could be done without.. and then the merits of add a component or not, etc, etc >> /dev/null
<ivoks> incentifit: just change permissions and try touch again
<incentifit> ivoks:  look at the permissions when doing 0777 see how publisher doesn't have write, is that right?
<ivoks> incentifit: /var/www isn't mounted share or something?
<incentifit> ivoks: no
<ivoks> incentifit: that's ok, umask controls that
<incentifit> ivoks: thanks for your help... I just got called into a meeting, be back later, thanks again
<ivoks> ok
<billybigrigger> jmarsden, ping
<bogeyd6> lamont this is server support channel and desktop support is frowned upon but not unheard of
<lamont> bogeyd6: and?
<lamont> the postfix question was definitely in-scope for this channel.  my grumpiness last night was actually in the devel channel, not here.
<billybigrigger> where can i find what the default MTU is set at for a 9.04 server install
<ivoks> 1500
<billybigrigger> hmm
<ivoks> ifconfig would give you that
<billybigrigger> well i just purchased a VPS host...
<billybigrigger> but it's not set in interfaces, just wondering where it gets the default value
<billybigrigger> anyway...
<billybigrigger> newark1.linode.com i get 100%[==============================================================================>] 95,545,644  3.04M/s   in 47s
<ivoks> 1500 is default value
<ivoks> that's the one you should use for ethernet
<ivoks> pppoe should be smaller 1492
<billybigrigger> while newark129.linode.com (my node) i only get anywhere from 400K/s to 800K/s
<billybigrigger> from the same server to my home connection
<ivoks> so, you know it's a mtu problem or you are guessing?
<billybigrigger> guessing
<bogeyd6> sounds like a guess
<bogeyd6> more likely oversold hosting
<billybigrigger> just wondering where i can start tweaking, if needed
<billybigrigger> yeah they claim 50Mbps PER NODE
<billybigrigger> my ass
<ivoks> it's vps
<billybigrigger> <mwalling> poor tuning?
<billybigrigger> <SelfishMan> could be many reasons
<billybigrigger> <mwalling> too many variables
<billybigrigger> <SelfishMan> MTU, window scaling, server load, node load, standard TCP sawtooth behavior, etc
<billybigrigger> <SelfishMan> also, urmom might be sitting on the tube limiting your bandwidth
<billybigrigger> yeah
<bogeyd6> !pastebin | billybigrigger
<ubottu> billybigrigger: pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at  http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<bogeyd6> billybigrigger were you upping or downloading
<bogeyd6> Cuz on a single 1gbs connect with two raid 5 scsi servers, can only get like 34.* mbs transfer
<billybigrigger> downloading from their servers to my house
<bogeyd6> for instance i just transfered a virtual machine -_-_-_-> 3,794,279,374 59.7M/s   in 97s
<ivoks> billybigrigger: problems with mtu would be 'i can see this site, but i can't see that site'
<ivoks> for example, you'd be able to see all web sites from your ISP, but not any other
<billybigrigger> well im not asking for the 50M/s they claim (6.25M/s) as my home connection maxes at 3M/s
<billybigrigger> but 400k-800K/s? come on
<bogeyd6> my guess is most likely is oversold VPS
<ivoks> mtu should be 1500 on ethernet
<bogeyd6> linode is famous for that
<billybigrigger> http://pastebin.ca/1684173
<billybigrigger> so apparently they blame the config on my node, ie fresh as can be 9.04 install
<ivoks> they have no clue
<billybigrigger> <SelfishMan> billybigrigger: Short answer is that your node probably isn't tweaked the way your home connection wants
<ivoks> i'm getting 5MB/s peek and 3,78MB/s average
<ivoks> http://69.164.211.53/Tailing-Aaron.mov
<bogeyd6> billybigrigger im checking that download speed right now
<bogeyd6> base ubuntu install
<billybigrigger> yeah
<bogeyd6> wget ftw
<billybigrigger> installed nano and wget
<bogeyd6> 15:32:57 (2.38 MB/s) - `Tailing-Aaron.mov.1' saved [95545644/95545644]
<billybigrigger> oh apache, and created my user
<billybigrigger> so why the hell do i get 400k from it?
<bogeyd6> cable modem?
<billybigrigger> yeah
<ivoks> maybe your MTU at home isn't right :)
<bogeyd6> wireless?
<billybigrigger> but from the same server, i can max out my connection
<billybigrigger> 100%[==============================================================================>] 95,545,644  3.04M/s   in 47s
<ivoks> 21:33:51 (3.77 MB/s) - `Tailing-Aaron.mov' saved [95545644/95545644]
<billybigrigger> ^^ newark1.linode.com
<uvirtbot`> billybigrigger: Error: "^" is not a valid command.
<billybigrigger> 100%[==============================================================================>] 95,545,644   478K/s   in 2m 58s
<billybigrigger> ^^ same file, same wget command from my linode newark129.linode.com
<uvirtbot`> billybigrigger: Error: "^" is not a valid command.
<billybigrigger> both have same hops and same ping
<billybigrigger> it's not my home connection
<ivoks> try from another location
<ivoks> try from that second server
<billybigrigger> what second server?
<ivoks> newark129.linode.com or whatever the name is
<billybigrigger>  thats my linode
<billybigrigger> the one your all downloading from
<ivoks> so, on newark1.linode.com wget from newark129.linode.com
<billybigrigger> i can't wget on newark1
<ivoks> then wget somewhere else
<ivoks> as you've seen
<ivoks> both bogeyd6 and i have normal speeds
<ivoks> and others on IRC had normal speeds
<billybigrigger> ok, but what i don't understand...
<billybigrigger> is that from the same datacenter....newark1 and newark129 are on the same connection
<billybigrigger> everyone else can get normal speeds, but from my node i can only get 400-800k
<ivoks> and only you
<ivoks> at home
<ivoks> everybody else gets a lot more
<ivoks> from that same server
<billybigrigger> but...
<ivoks> yet, you still think it's a server issue
<billybigrigger> from linode1 i can max out my connection at 3.0M/s
<ivoks> true
<ivoks> but if everybody else gets normal speed from newark129
<billybigrigger> i know it's not me
<ivoks> then problem isn't in that server
<billybigrigger> node configuration?
<ivoks> i give up
<uvirtbot`> New bug: #487280 in eucalyptus "move the database away from hsql" [Wishlist,Confirmed] https://launchpad.net/bugs/487280
<linuxamoeba> hello. i am trying to make a largish (11TB) ext4 partition with mkfs, and it keeps showing up in df as 2 tb. any ideas?
<embrik> when I sshfs to my server I get write-protected on every document I open on the client. Is there an option to the sshfs command to give my self direct write permissions?
<embrik> anybody knows about sshfs?
<linuxamoeba> embrik, when i've used sshfs as user x, i've always gotten user x's permissions
<linuxamoeba> i thought that was a major advantage
<linuxamoeba> you know anything about large ext4 partitions?
<kane_> embrik: sshfs takes uid & guid options, which are meant to solve the permission problems
<kane_> this is what i use in my scripts: sshfs TARGET MOUNTPIONT  -o uid=`id -u` -o gid=`id -g`
<SyL> linuxamoeba: You have an 11TB drive?
<linuxamoeba> SyL, hardware raid5
<SyL> linuxamoeba: have you checked how big the partitions are?
<majuk> Hey guys, I had to change the IP address of my PDC, now Samba is complaining that my domain already has a PDC at the old address. Restarted the server entirely, no change. Any ideas?
<linuxamoeba> syl, can i do that with something other than fdisk?
<majuk> Got it, wins.dat ftl
<linuxamoeba> syl, on closer inspection, fdisk won't let me create a partition bigger than 2tb
<majuk> linuxamoeba! This isn't a great solution, but you could bust it up into smaller chunks with LVM
<majuk> I dunno, nevermind, my idea sucks, gg thinking things through
<linuxamoeba> according to some internets (sic), i need GPT support in the kernel, which is probably not on by default
<pmatulis> linuxamoeba: what do you intend to do with this 11TB?
<linuxamoeba> back up another one:)
<crohakon> linuxamoeba, what on earth are you storing that is taking up 11TB? hehe
<linuxamoeba> lots of physics data
<majuk> crohakon! He's making a copy of the MIT cat brain.
<linuxamoeba> i have a sunfire x4500 (20tb) that hosts data + my users homes
<linuxamoeba> which makes backing things up sort of a pain!
<linuxamoeba> i tried again in parted rather than fdisk
<pmatulis> linuxamoeba: have you considered xfs?
<ahe> i just setup my first UEC but when i try to start a instance with euca-run-instances as described in the documentation i get this error message:
<ahe>    FinishedVerify: Not enough resources: vm instances.
<crohakon> majuk, I want a copy of the MIT cat brain. I bet it does not bite and claw me like my real cat does....
<linuxamoeba> i hadn't though of xfs
<linuxamoeba> i'll check it out
<ahe> my nc has vt extensions since i get matches for svm in /proc/cpuinfo
<linuxamoeba> (considered opensolaris + zfs!)
<pmatulis> linuxamoeba: it's made for large filesystems and/or large files
<bogeyd6> xfs makes data recovery nearly impossible, but in a properly admin'ed system you have backups
<bogeyd6> i use XFS, but all my servers include a /boot in ext3
<bogeyd6> !xfs | linuxamoeba
<ubottu> linuxamoeba: xfs is a high-performance journaling filesystem originally developped by Silicon Graphics for their IRIX OS. It is now fully supported by Linux so you can install Ubuntu on it if you wish. More info at http://en.wikipedia.org/wiki/XFS
<SyL> linuxamoeba: what OS is your 20TB running?
<linuxamoeba> solaris 10
<linuxamoeba> w/ zfs
<SyL> ahe: when you do a "euca-describe-availibility verbose" do you get anything?
<linuxamoeba> zfs+nfs serving to linux == hella slow!
<ahe> SyL: is this command in euca2ools?
<ahe> i get "command not found"
<ahe> did you mean "euca-describe-availibility-zones" ?
<ahe> with that i get the same list of preconfigured VM sizes that i can also see in the web interface
<pmatulis> linuxamoeba: are you running a 32-bit system?
<linuxamoeba> pmatulis, 64
<SyL> linuxamoeba: http://spiralbound.net/2008/01/11/how-to-make-gnarly-big-linux-filesystems
<SyL> ahe: yes, it's a euca-tools command. I might not be spelling it correctly.
<SyL> linuxamoeba: I love me some ZFS
<linuxamoeba> syl, thanks -- i found parted and gave it a try, it mkfs *seems* to be making a big one
<linuxamoeba> (fingers crossed)
<linuxamoeba> i love my zfs but don't love administratifying solaris
<ahe> SyL: euca-describe-availability-zones verbose returns the same list as shown on https://help.ubuntu.com/community/UEC/CDInstall
<SyL> ahe: right, but do you see anything under "free" ?
<ahe> SyL: got me
<ahe> everything 0000
<ahe> i installed both machines from a ISO/usb key
<ahe> and selected UEC in the installation menu
<linuxamoeba> allllmooosssttt theeeeereee...
<ahe> how can i find out which nodes are actually registered?
<SyL> ahe: if you hit tab a few times when you type "euca" it should show you all the euca-tools commands.
<SyL> I think euca-describe-regions is the command you are looking for
<ahe> SyL: i get something back that looks like an json error message coming from a webservice: http://pastebin.com/m70a13b0c
<SyL> ahe: that is a new error to me. have you looked on the server side logs to see if there is anything more useful?
<ahe> not yet but i'm about to do that
<SyL> yeah, check that next
<oneseventeen> is there a reason not to use the LAMP server collection of software?
<oneseventeen> (I normally shy away from automagic stuff, hence the Ubuntu Server install.)
<linuxamoeba> lamp == <3
<linuxamoeba> dev/sdb1             9.4T  167M  9.0T   1% /mnt/tank1
<linuxamoeba> close enough!
<kane_> linuxamoeba: there's usually a space reserved for root; you might want to shrink that a bit on 11TB
<linuxamoeba> hmm
<linuxamoeba> is there a way to check how much is reserved?
<ahe> SyL: thanks for the help so far there is nothing interesting on the nc but on the cc there are some java exceptions but i will check that tomorrow
<kane_> linuxamoeba: hdparm should be able to tell you
<linuxamoeba> hdparm doesn't tell me anything, probs due to raid controller in between :(
<SyL> linuxamoeba: you can remove the reserved with tunefs
<kane_> *nods*
<SyL> linuxamoeba: I think the standard is 10% of the total drive is saved for root
<linuxamoeba> that makes sense
<linuxamoeba> parted shows 10.5TB and i get 9.4
<linuxamoeba> i think 1% will do
<linuxamoeba> if that
<linuxamoeba> i did tune2fs -m 0.5 /dev/sdb1 and it claimed to work, but df still shows 9.4 TB.. do i have to do other things?
<SyL> linuxamoeba: are you doing df -h or just df?
<ScottK> Make sure you are comparing the same kind of TB.  Some are made of 1,000 Byte KB and some of 1,024 KB.
<linuxamoeba> that was df -h, good point
<linuxamoeba> but still, i wouldn't expect the difference to be a whole TB
<linuxamoeba> also it didn't change when i changed to reserved %
<SyL> you might need to remount it?
<linuxamoeba> i did, will again
<linuxamoeba> nope
<SyL> hrm... interesting.
<SyL> maybe some of it for journaling? =)
<SyL> ahe: you should do "tail -f /var/log/eucalyptus/cc.log|grep cores" and you should see something like this
<SyL> [Mon Nov 23 16:37:44 2009][020340][EUCAINFO  ]  node=192.168.1.103 mem=3804/1756 disk=247525/246461 cores=2/0
<linuxamoeba> that would be pretty sad for ext4 haha
<linuxamoeba> i could start over and tell it not to reserve so much in the first place
<ahe> SyL: oh thanks i'll try that
<linuxamoeba> sigh... any other thoughts before i re-reformat 10.5tb?
<Schmidt> If I want to host multiple mail domains on one server (with separate IP for every domain) should I select the Smarthost option when I do dpkg-reconfigure postfix or just Internet Site and enter all the domains I want ?
<SyL> linuxamoeba: which File system is it?
<linuxamoeba> ext4
<SyL> linuxamoeba: not off the top of my head. I would run fsck on it first though
<SyL> and check e2fsprogs helps any
<SyL> linuxamoeba: and also check esize2fs
<SyL> err... resize2fs
<linuxamoeba> resize2fs 1.41.9 (22-Aug-2009)The filesystem is already 2563476558 blocks long.  Nothing to do!
<linuxamoeba> fsck = happy
<SyL> hrm... intersting
<SyL> ok, my brain just turned off...
<SyL> linuxamoeba: I would see how much the filesystem takes for journaling. I can't think anymore today.
<linuxamoeba> ok
<linuxamoeba> is there a non-hdparm way to do that?
<SyL> I don't think so... I would look up some documents on ext4 by searching on google
<linuxamoeba> will do
<linuxamoeba> thanks for all the help
#ubuntu-server 2009-11-24
<incentifit> I've created a user, developer, that is a member of 'publisher' group.  I set ownership of /var/www to root:publisher.  Then, as developer, I make a new directory in /var/www.  I think I want that new directory to be owned by root:publisher.  Is that reasonable and possible?
<twb> billybigrigger: why wouldn't you use the existing www-data group?
<twb> You want /var/www to be setgid, I think.
<billybigrigger> eh?
<billybigrigger> twb, i think you meant incentifit but he's gone
<twb> Sorry.
<billybigrigger> np
 * twb fetches coffee
<billybigrigger> im sipping a tea
<billybigrigger> tastes good
<billybigrigger> anyone aware of a decent apache log analyzer?
<billybigrigger> or is it still a battle between awstats and webalizer? i haven't set one up in awhile and was wondering if something new has sprouted
<twb> You could probably run them both
<twb> IIRC they're both straightforward to set up
<billybigrigger> yes i know, just wondering if something else with a nicer graphing or anything
<billybigrigger> newer
<billybigrigger> fresh
<billybigrigger> :)
<twb> NFI
<maxagaz> is there a way to check what was the last upgraded packages on a system ?
<twb> maxagaz: /var/log/aptitude and /var/log/dpkg.log
<HFSPLUS> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<ScottK> Not anymore.
 * foxbuntu is glad he stays inside the Ubuntu community most of the time... #python makes him crazy everytime
<twb> foxbuntu: eh, if #python is the most annoying channel, #ubuntu is second-most
<twb> I was glad when I found the SNR in here acceptable, because sometimes I can't reproduce Ubuntu bugs on Debian (and thus use #debian on OFTC).
<foxbuntu> twb, I would agree there
<ninnypants> I'm running a postfix mail server, and when I send mail the from name defaults to my mailserver url instead of the value I get in php any idea why that is?
<ScottK> That's a sign you aren't setting it properly in your php.  Postfix will only do that if From is missing.
<ninnypants> my php is set correctly "From: ".$mail_from."<".$mail_email.">"
<ninnypants> and it's only the mail from variable that changes the actual email address it's sent from goes through correctly
<ScottK> Well I guess you know more about it than me and will figure it out then.
<ninnypants> I certainly wouldn't say that I know more than you but I had this section of code working before, and after 2 or so emails were sent correctly with it the problem started
<billybigrigger> anyone familiar with certificates and csrs?
<billybigrigger> im trying to create an insecure key for my mailserver and it's asking for a passphrase, just hitting enter repeats the question
<billybigrigger> is it not possible to create a server.key without a password?
<ninnypants> I'm having trouble with the from value on my emails not setting correctly. I'm using postfix and the wordpress mail function http://codex.wordpress.org/Function_Reference/wp_mail
<ninnypants> my code is: wp_mail($email, $mail_subject, $message, "From: $mail_from <$mail_email>"); but all of my emails show the from value as mydomain.com
<Dessan> ninnypants, it shows right on that page you listed how the header section is supposed to be included. Your code is not correct.
<ninnypants> not sure what you mean. my From: header is in the correct paramater slot am I missing something?
<Dessan> $headers = 'From: My Name <myname@mydomain.com>' . "\r\n\\"
<ninnypants> it still didn't change anything still shows it being from mailserverdomain.com
<Dessan> hmm how to debug this then.... Show me what you have now as code?
<ninnypants> could it be something with postfix because it was sending correctly for 2 emails or so before the problem started
<Dessan> oooh fun
<ninnypants> $headers = "From: $mail_from <$mail_email> \r\n\\"; wp_mail($email, $mail_subject, $message, $headers);
<ninnypants> that's the code
<billybigrigger> while we're on the postfix topic....i can't seem to get 250-AUTH=LOGIN PLAIN to show when i pass the ehlo localhost command while telneting into my server...any ideas?
<billybigrigger> no errors in mail.log
<Dessan> I haven't used postfix with my web app servers in a while. also the  . "\r\n\\" is important I would leave that as is and not include it in the ""
<ninnypants> could be a slow server before I upgraded my ram it took a long time for it to respond to telnet
<ninnypants> still no dice trying $headers = 'From: '.$mail_from.' <'.$mail_email.'>'."\r\n\\";
<ninnypants> just curious what is the importance of the \r\n\\ I've never had to use it when writeing my own code other than to seperate paramaters with \r\n
<Dessan> awesome. Well now that I'm sure its not you lets see what we can find. What do the email settings in WP look like?
<ninnypants> in the wp_mail function?
<Dessan> in the dashboard of WP under settings there should be a tab that says email
<ninnypants> nope nothing
<ninnypants> no tab that is
<ninnypants> I also just tried using ini_set to set the sendmail_from setting in the php.ini to the email address I want it to show up as being from with no luck
<ninnypants> Dessan: you there still?
<Omahn> Is it possible to use packemaker-openais in Karmic to run a load balancer with LVS or does it still have some essential parts of the clustering stack missing?
<hjm> Tried to install open LDAP on 9.10 server. I am not being asked for a password at installation, cannot query anything. How can I set the database password?
<alvin> hjm: See bug #447099 for that information
<uvirtbot`> Launchpad bug 447099 in openldap "No password set on install of slapd-2.4.18-0ubuntu1" [Undecided,Invalid] https://launchpad.net/bugs/447099
<ahasenack> hjm: in 9.10 the local root user is also the ldap root user as long as ldapi:// is used
<hjm> Thanx thats it
<benedikt> Im trying to follow this guide on mail filtering but it doesnt seem like spamassin is ever invoked. http://doc.ubuntu.com/ubuntu/serverguide/C/mail-filtering.html
<benedikt>  /etc/default/spamassin has "ENABLED=1" and I have followed the guide but no X-Spam headers show up in the message headers.
<benedikt> A X-virus-scanned header appears, so amvisvd seems to work and calles ClamAV successfully..
<VSpike> After an upgrade from 8.10 -> 9.04, my server fails a FS check at boot.  It's using a RAID1, which seems to be failing...
<mathiaz> kirkland: hi!
<mathiaz> kirkland: what was the outcome of the virt-manager demotion discussion at UDS?
<soren> mdeslaur: I heard back Gemalto people. Their tokens are only usable with Amazon :(
<mdeslaur> soren: darn :(
<soren> Insert "from the" at an appropriate place in that sentence. I don't know how that went wrong.
<mdeslaur> soren: I guess amazon subsidizes part of the token price, which is why they're so cheap
<soren> mdeslaur: Probably.
<soren> mdeslaur: If only "some other" company would do the same.... :)
<mdeslaur> hehe
<VSpike> what does this mean? http://pastebin.com/d2f650fe7
<pavelm> is anyone here familiar with UML ?
<pavelm> i'm getting the following error
<pavelm> I am getting the following error  http://pastebin.com/m26a90af8
<VSpike> even stranger http://pastebin.com/d7ffea8a6
<VSpike> The raid should be comprised of /dev/sdb and /dev/sdc
<VSpike> So what is md_d0?
<VSpike> THis seems relevant http://ubuntuforums.org/showthread.php?t=1168360&page=2
<Artimus> I've been following https://help.ubuntu.com/community/LDAPClientAuthentication to setup LDAP authentication. The problem is, only users with posixAccount objectClass are able to login. Is there anyway to get around that? I don't really have access to modify the LDAP.
<uvirtbot`> New bug: #487696 in samba (main) "[Samba] Error fcntl_lock: lock failed & cached_login don't run" [Undecided,New] https://launchpad.net/bugs/487696
<zroysch> why is it that every few minutes my connection, gmpc to mpd server and icecast stream all cut off when connected from the internet. but i can still ping
<zroysch> ssh connection
<freefall> Hi. just wondering how to create a alias for postfix i.e. mail sent to webmaster@example.com is sent to me@example.com
<freefall> Is there anyone nice enough to point me to docs on this subject?
<ScottK> freefall: Start with man postalias
<ScottK> I suspect that's what you want.
<lamont> or even man aliasees
<lamont> man aliases that is
<freefall> k thx!
<freefall> again thank you Scottk and Lamont, that exactly what I'm looking for, cheers!
<Deeps> hi, i've just installed 9.10 using the virtual machine option at boot time
<Deeps> trying to use iptables now, looks like the iptables package wasn't installed by default, installed it and getting fatal errors about missing modules
<Deeps> FATAL: Module ip_tables not found.
<Deeps>  i've tried installing linux-server and still getting the same error
<Bilge> >Deeps
<Bilge> DOOOOOOOOOO HO HO HO HO HO
<Deeps> i lie, i neglected to to actually install linux-server, my bad
<Bilge> derp
<Deeps> nm
<zroysch> where is ubuntu server's ssh log
<zroysch> i set sshd_config to LogLevel VERBOSE
<kane___> zroysch: have you read https://help.ubuntu.com/community/SSH/OpenSSH/Configuring ?
<middleman> add-apt-repository is not installed on 9.10
<zroysch> kane___: no, but I have checked the /var/log/auth.log file.
<zroysch> and it seems to not provide much reasons for why i continually get disconnected
<kane___> zroysch: intuitively i'd assume keep alive
<zroysch> i have keep alive set.
<kane___> and interval to somethin reasonable?
<zroysch> furthermore, i'm currently ssh'd into a centos server on the same lan, still across the internet, from the same lan
<zroysch> it doesnt disconnect unless i tell it to
<zroysch> KeepAlive yes
<zroysch> ServerAliveInterval 120
<zroysch> is what my /etc/ssh/ssh_config looks like
<freefallden> zroysch: are you using a public/private key authentication?
<zroysch> also its not just ssh that breaks down
<zroysch> the mpd connection and icecast stream also cut out
<zroysch> all happens at the same time
<zroysch> seems like tcp fails. ping works even during the downtime
<kane___> zroysch: you want your sshD_config, set keepalive there too, and clientaliveinterval
<kane___> zroysch: ah, ok, not just localized to ssh then
<zroysch> kane___: right. and the centos machine has no clientkeepalive line, and it stays up all the time
<zroysch> is there any way to find out why tcp connections across the internet seemingly fail for this one server
<zroysch> when i'm connected at home, on the same lan, its all good
<kane___> zroysch: just so i get this right; from your client machine, somewhere outside on the internet, you can ssh to 2 machines: an ubuntu and a centos one. the centos one behaves as you expect, but the ubuntu one sometimes drops all tcp traffic?
<zroysch> it seems so, i'm estimating that it is all tcp. i only connect with ssh, mpd, and an icecast stream to that server
<zroysch> i know icmp stays up during the 30sec-1min downtime, i can still ping it
<zroysch> well
<zroysch> scratch that its pinging the firewall not the server behind it
<middleman> Ubuntu server doesnt have "add-apt-repository" installed, how can I install it?
<zroysch> kane___: another point of interest is that when I connect to the ubuntu problem server from the office windows server (using putty, still across the internet) it appears to remain connected. (i am currently at school where i usually make my connections)
<billybigrigger> how come i've been waiting almost 24 hours for my A record and MX records to change to my servers new ip?
<billybigrigger> i thought a 1 hour TTL meant changes happen after an hour?
<benedikt> billybigrigger: there are a lot more factors to it
<benedikt> e.g. the negative ttl (how long before the dns server will be queried again for a record it has failed to find before)
<benedikt> anybody good with spamassasin/amisvd?
<ScottK> benedikt: What's the question?  Just ask it.
<android6011> >	a have a 1tb drive with serveral gbs of pictures and videos(some small clips others a few gb). Data recovery in case of failure could be crucial. Which filesystem would be best for me to use? it is not high performance drive so i dont think speed would be a factor
<zroysch1> http://pastebin.ca/1685806
<zroysch1> does any of this tell us WHY it is disconnecting?
<Italian_Plumber1> android: I would use ext3
<Italian_Plumber1> zroysch: what do you see there that's disconnecting?
<benedikt> ScottK: i asked earlier, i consider reposting to be rude. But i followed the server guide for mail filtering and spamassisin doesnt seem to be invoked, there are no X-Spam-* headers in mails
<benedikt> android6011: ext3. And if it is important data you should back it up, preferrably automaticly.
<RoAkSoAx> kirkland, what do you think on having testdrive doing something like "testdrive -t desktop" or "testdrive -t desktop -a i386" instead of having another executable to select a default iso image, or maybe both can be kept
<Maelos> Is there anything in ufw which would throttle traffic?
<Maelos> I added a couple masq/forwarding rules and am seeing horrible performance.  It could certainly be the network but thought I'd ask about ufw.
<benedikt> Maelos: how is the perfoance to and from the internet directly on the firewall machine?
<Maelos> benedikt: No issues there
<benedikt> Maelos: and check again with the machines behind it. Could have been a termpoary thing
<Maelos> I checked numerous times, it's definitely reproducable by putting the machines behind my Ubuntu server.
<ScottK> benedikt: My first thought is double check your configs as it doesn't take much to get things off kilter.
 * ScottK is sure you've done that, but do it again.
<benedikt> kilter...?
<benedikt> anything I didnt do as described in the guide is installing the spf pakage or dkim things, i use neither of those.
<ScottK> off kilter == bad.
<benedikt> ah. Ill go through it once again.
<benedikt> ScottK: also one thing that confuses me. in postfix/main.cf, content_filter is set to 127.0.0.1:10025 but in master.cf there is something set to listen to 10025 .
<benedikt> now everuthing is quadruple-checked
<zroysch> is there a gnome/linux application that will let me easily upload photographs to a site like imgur/imageshack ? like right click the file and upload or something in gimp
<blackxored> what's the iptables command to redirect one local port to another local port?
<ScottK> benedikt: Do you know for sure the mail is going into amavisd-new?
<benedikt> ScottK: the mails have a X-virus-scanned header
<ScottK> benedikt: OK, then we need to look in the amavisd-new config, not postfix.
<blackxored>  what's the iptables command to redirect one local port to another local port?
<benedikt> ScottK: pastebin from mail.log when a message arrived
<benedikt> http://pastebin.com/m64f2f09c
<ScottK> Looking
<benedikt> when the message get relayed to localhost:10024, its amavisd-new recieving the message
<soren> blackxored: iptables -t nat -I PREROUTING -p tcp --dport someport -j DNAT --to-destination the.other.ip
<ScottK> OK.
<benedikt> at least it is the amavis process listening on 10024
<blackxored> soren, to my own box from one port to another, just that
<ScottK> benedikt: Pastebin your amavis config where spamassassin is enabled?
<soren> blackxored: Oh, sorry, I misread your question.
<benedikt> ScottK: /etc/amavis/conf.d/15-content_filter_mode ?
<blackxored> soren, so?
<soren> blackxored: iptables -t nat -I PREROUTING -p tcp --dport someport -j DNAT --to-destination :otherport
<soren> blackxored: I think.
<ScottK> benedikt: Also, silly question, I imagine, but you do have spamassassin installed, right?
<benedikt> ScottK: yep :-)
<ScottK> benedikt: If that's where you changed it, yes.
<benedikt> ScottK: the guide states "First activate spam and antivirus detection in Amavisd-new by editing /etc/amavis/conf.d/15-content_filter_mode".
<benedikt> ScottK: http://pastebin.com/m3753a6ca
<ScottK> benedikt: Yes, but the config files waterfall, so you can also do it later, for example in 50-user.
<ScottK> I agree that looks correct.
<benedikt> just for reference, this is the guide
<benedikt> http://doc.ubuntu.com/ubuntu/serverguide/C/mail-filtering.html
<ScottK> benedikt: When you receive mail can you check using top or your favorite ps invocation to see if the spamassassin process runs?
<ScottK> That's the one to be using.
<benedikt> ScottK: it ran (spamd)
<djveer> what would be the best way to set up a basic Ubuntu web server with two machines that are identical? any suggestions?
<ScottK> benedikt: OK. then the problem is not adding headers, not not running.  For that you need to look at spamassassin configuration.
<RoAkSoAx> djveer, u mean a cluster?
<uvirtbot`> New bug: #487795 in samba (main) "Samba does not start well" [Undecided,New] https://launchpad.net/bugs/487795
<djveer> RoAkSoAx: Is that an option?
<djveer> i'm looking for some way to use both machines for high availability
<djveer> rather than just having one machine that could fail
<RoAkSoAx> djveer, so yes, clustering... HA Clustering. Have one machine active and the other passive waiting for the first one to fail... to take control of the service
<benedikt> ScottK: already did, didnt find any pre-specified options for that. im reading manuals so ill probably be able to sort this out
<djveer> RoAkSoAx: Is there any Ubuntu documentation on that?
<RoAkSoAx> djveer, we are working on having that, but yes :) this miught help you nout: https://wiki.ubuntu.com/UbuntuHighAvailabilityTeam/Heartbeat
<ScottK> benedikt: OK.  So it's narrowed down.  Once you get it sorted, would you let me know so we can get it added to the server guide?
<benedikt> ScottK: of corse i will. im not sure i have time to sort this out tonight but ill let you know
<djveer> RoAkSoAx: thanks very much :)
<ScottK> Thanks
<RoAkSoAx> djveer, are you running karmic?
<benedikt> who maintain the Server Guide? is it canonical/canonical employees or volunteers from the community?
<djveer> RoAkSoAx: um... i'm likely going to be running 8.04 LTS
<djveer> not sure what the codename for it is
<djveer> hehe
<djveer> i've been doing testing on 9.10 though.. which i'm sure is Karmic Koala
<RoAkSoAx> djveer, ok so the tutorial should suit you... since from karmic there are ongoing changes to the cluster packages and things work slightly different. Feel free to ping me if you need help
<djveer> RoAkSoAx: will do, thanks a million
<zul> benedikt: volunteers
<zul> benedikt: or volunteer (sommer)
<ScottK> benedikt: sommer is the person to talk to about server guid (and he's community, not Canonical)
<benedikt> zul and ScottK: thanks
<thenetduck> hi, I need help creating a new mysql user on my hardy heron server?
<benedikt> thenetduck: if you are a beginner with mysql i would suggest phpMyAdmin
<exitcode1> seconded. takes all the guesswork out of mundane admin tasks (like adding users)
<benedikt> i just recond only making it availble through https
 * ScottK points at the security record of phpMyAdmin and suggets thinking about it.
<benedikt> wich is way i suggested using only https
<thenetduck> benedikt: I have a rails server set up. I can access mysql via command line, I just don't know what to put in haha
<exitcode1> http://lmgtfy.com/?q=mysql+create+user&l=1
<thenetduck> thank you exitcode1
<axisys> how do I auto create a user's, who is in /etc/passwd, a home dir at first ssh login ? i am using pam_radius_auth to authenticate
<thenetduck> exitcode1: I however have searched google and don't understand it
<ahe> can i change the ip addresses of a eucalyptus cc and nc after they have been setup?
<axisys> here is my pam.d/sshd file looks like http://pastebin.com/f6e97a75
<exitcode1> okay, whelp... what do you have, what are you expecting, and what happens instead?
<axisys> actually better yet how do I do it even w/o having a entry in /etc/passwd ?
<axisys> users authenticates using radius
<thenetduck> exitcode1: i'm confused by the second part. CREATE USER user [IDENTIFIED BY [PASSWORD] 'password']
<thenetduck>     [, user [IDENTIFIED BY [PASSWORD] 'password']]
<thenetduck> exitcode1: do I have to enter the user and password twice?
<thenetduck> or is this example of how to make two users?
<benedikt> ScottK: this doesnt seem to be an issue, the headers are now showing. I have no idea way, I have backed every single step i have made, but they are still there. My best guess is that spamd has somehow been started with the wrong parameters and restarting the deamon fixed that.
<ScottK> benedikt: OK.  It's officially weird then.
<ScottK> Let us know if you figure something out.
<benedikt> I will.. But this doesnt make any sense. I am probably doing another very similar setup in the next few days, ill see how that one behaves
<ScottK> Great.
<benedikt> Now i just have to add a nice rbl to the config
<exitcode1> thenetduck: nah thats just for one user. they wanted you to be able to have the word PASSWORD as a label before the password for readability, just like the mandatory USER before the new user's name. has an example: http://dev.mysql.com/doc/refman/5.1/en/adding-users.html
<thenetduck> oh ok thanks
<thenetduck> so I have question about privileges,
<thenetduck> what kinds of privileges should I give a user so it can read/write for my website?
<thenetduck> for mysql
<mupp> lo
<mupp> Am I in the channel now?
<Dessan> depends on where you want to be
<Dessan> :P
<mupp> "This is NOT #ubuntu. | You have been sent to this channel because you are using a proxy service...."
<mupp> strange, Im not using any proxys
<mupp> anyways, I'm annoyed at tasksel, I thought you'd select what you want to install and not what to uninstall. And now all my programs are lost, including sshd...
<mupp> ****
<mupp> should be a warning
<mupp> o_O well, nothing to do about it now
<dknight> hello would iptables/ufw questions be better answered in #ubuntu?
<billybigrigger> why does apache2 not support phtml?
<jdstrand> Maelos: ufw does nothing with throttling traffic
<ivoks> billybigrigger: phtml?
<ivoks> isn't phtml just another name for php?
<ivoks> or you are talking about embedded perl?
#ubuntu-server 2009-11-25
<billybigrigger> php
<billybigrigger> firefox is asking me to save a phtml file
<billybigrigger> while trying to read index.php
<billybigrigger> i have the addhandler line for php in my apache2.conf
<billybigrigger> dunno why its asking to save a phtml, i've never seen that before
<orudie> how can I check the processor info ?
<SynchronousFuRom> Is anyone familiar with vsftpd? I'm currently having an issue with every file I upload having no permissions. I want everything uploaded to my folder to be, by default, set to permissions of 777.
<zul> mathiaz: ping
<mathiaz> zul: hellow fellow canadiow!
<zul> mathiaz: bonjour!
<zul> mathiaz: i already got the python dependencies for landscape and ubuntuone and launchpad in the canonical-application-support spec
<mathiaz> zul: oh ok.
<mathiaz> zul: I though the blueprint had been folded into the seed discussion
<mathiaz> zul: I was wrong. I'll update the seed blueprint then
<zul> mathiaz: i dont think so
<zul> mathiaz: okies cool...besides I dont think you dont want to spend time writing 21 MIR and MIR for associated dependencies right? ;)
<mathiaz> zul: python-celementtree was considered to not be needed anymore
<zul> noted i think ctype is apart of python2.6 as well
<mathiaz> zul: python-svn - there was an action noted to talk to the LP team (IIUC) to check whether python-subversion would be ok
<mathiaz> zul: smartpm-core is already in main
<ajmitch> mwhudson would know about python-svn, he's been dealing with bzr-svn
<mathiaz> zul: and for asterisk I'd sync up with Daviey and the other devs involved in Asterisk
<mathiaz> zul: and I'm not sure about the outcome of drupal 6
<zul> mathiaz: gotcha
<zul> mathiaz:i think drupalv6 was ok wwwconfig-common had to be stripped out though, whats everyone beef with wcconfig-common anyways?
<mathiaz> zul: you should ask the security team about wwwconfig-common
<mathiaz> zul: I don't think they're happy with having that package in main
<zul> mathiaz: i asked kees he wasnt sure why
<zul> <kees> zul: I wish I knew.  it seems like a good thing to me.
<ajmitch> wwwconfig-common was meant to be deprecated about 4 years ago, iirc
<zul> with what?
<ajmitch> dbconfig-common, various other bits & pieces I think
<zul> bah
<ajmitch> it's not very helpful I know
<zul> i wonder how it fail if that dependency would be removed
<ajmitch> eg http://lists.debian.org/debian-webapps/2005/06/msg00015.html from 2005 mentions it as deprecated - there's not really a decent set of tools for packaging web apps
<ajmitch> wwwconfig-common usually handles the database setup & some apache mangling
<ajmitch> I see what you mean... drupal6 depends on both dbconfig-common & wwwconfig-common
<ajmitch> looks like the only bit used is a restart script, too
<billybigrigger> hey all
<billybigrigger> http://pastebin.ca/1686380
<billybigrigger> anyone seen that before ^^^^
<billybigrigger> perl is complaining about locale settings
<twb> billybigrigger: it's because your remote server hasn't got the appropriate locale(s) installed.
<twb> And because OpenSSH transmits local information by default.
<twb> Either unset LANG and LC_* when you log in, configure ssh not to send them, sshd not to accept them, or simply install the locales you need on your servers.
<billybigrigger> i see that now
<twb> I think it's something like language-pack-en
<twb> Personally I preferred the old way of compiling only what you need at install time
<billybigrigger> language-pack-en language-pack-en-base
<twb> Yeah
<billybigrigger> its junk though as i only need en_CA\
<orudie> i'm trying to change the way my bash prompt looks by editting .bashrc in /home/username/.bashrc by adding line that looks something like this export PS1="\e[0;31m[\u@\h \W]\$ \e[m" and nothing changes :(
<billybigrigger> twb, anyway to remove all of the locales i don't need?
<twb> billybigrigger: you mean the en_* locales you don't need?
<billybigrigger> without remove the whole language-pack pkg?
<twb> AFAIK, no
<billybigrigger> dang
<billybigrigger> :) ah well
<billybigrigger> thanks
<twb> If you find out, let me know
<twb> I mean, short of installing localepurge or something...
<twb> Or writing dpkg 3.0 to understand i18n better
<billybigrigger> orudie, those changes *should* be immediate
<billybigrigger> orudie, maybe you have some invalid characters or something?
<billybigrigger> orudie, are you trying to do colors or something?
<billybigrigger> \e[0;31m[\u@\h \W]\$ \e[m
<billybigrigger> \e is fine...but right after.... [0
<billybigrigger> ???
<billybigrigger> should be \[0
<thenetduck> do you know where I can find a good tutorial on how to install ssl ?
<thenetduck>  no a hardy lts server?
<billybigrigger> check the server guide
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/index.html
<uvirtbot`> New bug: #401782 in qemu-kvm (main) "please build a static version of qemu-arm 0.11.x in a separate binary deb" [Wishlist,Fix released] https://launchpad.net/bugs/401782
<uzer> hello all, I am looking for a program to check pop mail and send an email based on who sends a mail
<billybigrigger> anyone aware of some decent cheap vps hosts either in canada or us?
<twb> Why the hell would you need a statically-compiled qemu-arm?
<twb> Hmph, "2) build a static version of qemu-arm so the binary can be copied into an arm chroot"
<twb> ITYM debootstrap --include qemu or similar.
<orudie> hi, how do i enable rewriteEngine other then specifying RewriteEngine on in /sites-available/mysite.net ?
<billybigrigger> anyone know why i might not be able to telnet into port 25 to test postfix and smtp-auth?
<twb> billybigrigger: firewall, or postfix isn't binding on that interface/port
<twb> billybigrigger: you ought to use netcat instead of telnet, too
<twb> Otherwise people will think you're old
<billybigrigger> 250-AUTH DIGEST-MD5 CRAM-MD5
<billybigrigger> tls isn't starting
<billybigrigger> i don't see STARTTLS anywhere
<billybigrigger> smtpd_use_tls = yes in /etc/postfix/main.cf
<billybigrigger> twb, any ideas?
<twb> Um, if you're getting a 250 then surely it IS listening
<twb> And neither telnet nor netcat will STARTTLS, so of course you won't get past that point.
<billybigrigger> yeah, telnet/netcat on localhost 25 work
<billybigrigger> so i have to test from outside my server
<billybigrigger> Nov 24 23:33:30 server dovecot: Fatal: imap-login: Can't load private key file /etc/ssl/private/cakey.pem: error:0906A068:PEM routines:PEM_do_header:bad password read
<twb> billybigrigger: just specify the external interface when you netcat.
<billybigrigger> don't see why it can't auth with that key
<billybigrigger> postfix uses the same key no problems
<twb> Dunno about ssl keys.
<billybigrigger> billybigrigger@timmy:/etc/postfix$ netcat 96.31.74.120 25
<billybigrigger> (UNKNOWN) [96.31.74.120] 25 (smtp) : Connection refused
<twb> billybigrigger: so either your firewall is blocking it, or postfix isn't binding to that interface.
<billybigrigger> don't have a firewall setup
<twb> As ss(1) what postfix is binding to
<billybigrigger> that i know of
<billybigrigger> this is a 9.04 server image on a vps
<twb> *Ask ss(1) what postfix is binding to
<billybigrigger> it already had apache installed with all the latest jaunty updates...who knows what they did to it :)
<jmarsden> billybigrigger:   sudo netstat -ntlp4 | grep :25      # on the server, outputs what?  (find out what it is listening on)
<billybigrigger> what is ss(1)?
<jmarsden> billybigrigger: man 1 ss   to find out :)
<twb> ss is basically the new netstat
<billybigrigger> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      32678/sendmail: MTA
<billybigrigger> ahh, i was using netstat as user, no wonder it wasn't showing me much
<billybigrigger> i need to practice up with netstat/netcat
<twb> btw, why does ss always use so much horizontal whitespace?  I have to pipe it into cat to get something readable
<jmarsden> billybigrigger: OK... see that 127.0.0.1 in there... that means it is binding only to localhost... not what you want.
<billybigrigger> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
<billybigrigger> jmarsden,  :) thanks
<twb> 104?
<twb> IPv6 is wacky
<billybigrigger> should i just listen on ip4?
<twb> billybigrigger: do you use IPv6?
<billybigrigger> not at all
<jmarsden> billybigrigger: I'd look for the inet_interfaces line in /etc/postfix/main.cf ...
<billybigrigger> inet_interfaces = all
<billybigrigger> inet_protocols = all
<billybigrigger> ok, just ran dpkg-reconfigure postfix and changed from all to ipv4
<billybigrigger> still has the weird ipv6 address in mynetworks though
<billybigrigger> anywho
<billybigrigger> what does the /8 and /104 mean? obviously i need to add my servers ip address in there...
<billybigrigger>  /8 is the class right?
<jmarsden> CIDR notation for a chunk of IPv4 address space.  You can just put your Ip address on the line without a /nn
<jmarsden> Or you can do 1.2.3.4/32 (same end result -- just one IP address)
<twb> 127/8 is the IPv4 loopback address range.  It's a full class A address.
<twb> *address range
 * twb grumbles about code that treats 127.0.0.1 differently from the rest of 127/8
<billybigrigger> hmm
<billybigrigger> added my ip/32, restarted postfix, ran netstat again and still only listening on 127.0.0.1:25
<twb> billybigrigger: try #postfix?
<billybigrigger> dead
<twb> Patience, grasshopper.
<billybigrigger> i asked there first...nothing but a bunch of /joins
<billybigrigger> :)
<jmarsden> billybigrigger: Check in /etc/postfix/master for anything that might be directing daemons to only listen on localhost ?
<twb> Possibly also dpkg-reconfigure postfix (after making a backup)
<twb> And postconf | grep
<jmarsden> postconf -n is probably enough (just look at what you have changed, not at everything)
<jmarsden> billybigrigger: If you want, pastebin the output of postconf -n somewhere and I'll take a quick look.
<billybigrigger> doh
<billybigrigger> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      32678/sendmail: MTA
<billybigrigger> 32678/sendmail: MTA
<billybigrigger> this vps is gay, has a bunch of stuff already preconfigured
<billybigrigger> not a clean fresh server install
<twb> billybigrigger: get rid of it, then
<billybigrigger> root     32678  0.0  0.1  66932  2344 ?        Ss   18:23   0:00 sendmail: MTA: accepting connections
<twb> Incidentally, does that PID strike anyone as awfully covenient?
<twb> Oops, 2**15 is 32768, not 32678
<jmarsden> twb: 32767 would be... 678??
<billybigrigger> im lost now
<kaushal> hi
<kaushal> I get console-kit-daemon[3863]: WARNING: Error waiting for native console 13 activation: Invalid argument in the syslog. Any clue what could be causing this issue ?
<billybigrigger> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      7296/master
<jmarsden> kaushal: Invalid lines in /etc/syslog.conf, especially one that tries to send syslog output to tty13 ?
<billybigrigger> 250-STARTTLS
<billybigrigger> but i don't see...
<kaushal> I am running ok
<billybigrigger> 250-AUTH LOGIN PLAIN
<billybigrigger> 250-AUTH=LOGIN PLAIN
<jmarsden> billybigrigger: Did you get postfix listening on all interfaces?
<twb> jmarsden: clearly he did
<twb> 17:57 <billybigrigger> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      7296/master
<jmarsden> twb: well, that could be on localhost
<twb> No, then it'd be 127.0.0.1:*
<twb> (Right?)
<jmarsden> Ah... OK.  Yes, by that I meant the 250 stuff.
<kaushal> jmarsden: i dont see anything in syslog-ng.conf
<billybigrigger> <sep> my working postfix have ...     tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     5192/master         keepalive (0.00/0/0)
<billybigrigger> from #postfix
<twb> kaushal: where's /dev/console pointing?
<twb> Oops, it's not a symlink
<twb> Hm, "invalid argument in the syslog." doesn't mean that console-kit-daemon is reading rsyslog.conf -- after all, that would be crazy
<jmarsden> kaushal: Others seem to have seen that kind of error in Ubuntu before, but no clear answers on the forums.  Bug 244218 might be related?
<uvirtbot`> Launchpad bug 244218 in consolekit "console-kit-daemon segfautls and error "Error waiting for native console" (dup-of: 269651)" [Undecided,Incomplete] https://launchpad.net/bugs/244218
<uvirtbot`> Launchpad bug 269651 in consolekit "console-kit-daemon crashed with SIGSEGV in g_str_hash()" [Undecided,Confirmed] https://launchpad.net/bugs/269651
<ninnypants> I'm trying to use wordpress' wp_mail function to send mail but every time my code(http://pastebin.org/56962) runs the from value of the email is my mail server's domain, but it's sent from the correct email address. I have a proper mx records setup for the domain I'm sending from, and I talked with someone on here last night, and they said the From header in my code(http://pastebin.org/56962) was correct. Any id
<billybigrigger> loves how quickly it dies here :)
<ninnypants> yeah it makes things hard some times
<jmarsden> ninnypants: Are you (or your code) confusing the envelope address and the From: header ?  The "From " header in unix mailbox format is not the same as the From: header line...
<ninnypants> probably this is my first server setup
<ninnypants> I just know that that is the way that you set up the headers for php's mail function
<jmarsden> I'm not familiar with wp_mail at all, but I've been running mail servers a long time (~15 years on Linux).  If you send the mail using PHP's mail function rather than wp_mail, are the results different at all?
<ninnypants> let my try
<ninnypants> strangely yes not sure why because wp_mail uses php mail function but now I feel somewhat stupid for staring at it for a day and not checking that
<jmarsden> ninnypants: So now you need to recheck the docs for wp_mail to see what it is expecting that you are not doing, basically :)
<ninnypants> the code was coppied straight from the wp docs because the code I was using wasn't cutting it and nothing changed
<ninnypants> if you check out the example at the bottom of the page you'll see what I mean http://codex.wordpress.org/Function_Reference/wp_mail
<jmarsden> Assuming wordpress is open source, you could read the wp_mail code, to really see what it does differently.  Maybe there is some config value somewhere that is looks at which you have not set?
<majuk> Hey guys, I'm looking for a way to instantiate a login.bat script on a per-group basis at login for Windows users (the groupings are on the server, not AD OUs). I found a doc that had some way to do this, but my google-fu is failing me. Anyone have an idea how to implement this?
<majuk> Oh, I'm using a Samba PDC. FYI
<jmarsden> majuk: I've never tried it, but would doing something like logon_script = scripts\%G.bat and having one foo.bat for each primary group name work for you?
<majuk> jmarsden! Hmmm... it very well might.
<ninnypants> jmarsden: it's using the PHPMailer class so not sure what's going on really never used PHPMailer before
<jmarsden> ninnypants: Well, can you get the desired resuly by just using the mail function instead?  if so... ignore wp_mail, problem solved :)
<majuk> The doc I read did something to the effect of reading the group the user was in and then copying a GROUP.bat in USER.bat so then for the [netlogon] portion of samba, you only needed /PATH/TO/LOGINSCRIPTS/%U.bat
<majuk> jmarsden! ^^
<majuk> But %G might work as well. I wonder how it would react if the user were in multiple groups though
<majuk> One way to find out! >
<majuk> >
<majuk> :D
<jmarsden> majuk: Sounds reasonable.  I've done the %U.bat thing (a long time ago), but never had to deal with that per-group... %G is the users primary group.
<majuk> jmarsden! Ah, right. I forget there is a primary. I'm a relatively new admin.
<jmarsden> majuk: man smb.conf has all the info on those %X substitutions... I did man smb.conf before writing my first response to you :)
<majuk> jmarsden! There's a man for the .conf file? Doesn't that beat all. Thanks man, I'll take a look at that.
<twb> majuk: man -k is your friend
<majuk> twb! ZOMG, 4 years of using Linux, never seen that before.
<majuk> Awesome. Thanks guys.
<jmarsden> No problem.  BTW... 4 years and you didn't ever do   man man    and read what was in there? :)
<majuk> LOL, no, no I hadn't.
<twb> majuk: then RUTE is your friend
<majuk> But now I will!
<majuk> twb! Nice, thanks for the recommendation. I'll have to peruse this sometime.
<majuk> I love IRC. :
<twb> majuk: you evidently aren't too bad, since you found it without asking for the URL
<majuk> twb! Well I know how to use Google. :)
<twb> Usually the conversation goes "RUTE." "RUTE?" "!RUTE"
<twb> FSVO RUTE
<majuk> Hahahaha, yea, I started in Gentoo, I'm used to doing some research before I ask questions, googling a term I haven't seen before is pretty par for IRC for me at this point.
<majuk> But anyway, thanks for the info. You guys, as always, are awesome.
<maxagaz> how to know which one of eth0 and eth1 the ppp0 interface is using ?
<yoshx> hello
<Ng> maxagaz: why would ppp0 be using an eth interface? are you doing some kind of tunnelling?
<maxagaz> Ng, i' just trying to know what hardware is ppp0 using
<Ng> maxagaz: I'm not aware of that question being easily answered without knowing more about the setup. ppp0 is either talking to local modem hardware or is being tunnelled over a network device, but afaik you can't tell from the ppp0 interface itself where the other end is, you'd need to inspect the pppd process that created it
<majuk> If anyone is looking for policy setting examples that don't revolve around Window's silly GUIs, I just found a gold mine.
<majuk> http://www.pcc-services.com/custom_poledit.html
<Vartan> hello
<Vartan> so i can actually add my server to the amazon cloud? so when i add a site it will be using the amazon servers also?
<soren> Vartan: It's not quite that simple.
<uvirtbot`> New bug: #488190 in unixodbc (main) "unixodbc doesn't cooperate well with freedts" [Undecided,New] https://launchpad.net/bugs/488190
<ahasenack> erichammond: are you around?
<acemo> how do i mount the raid filesystem from a live cd?
<chuck_> morning
<Daviey> afternoon chuck_
<Zeboss> hello
<tdn> How do I use a pgsql database for authentication instead of /etc/passwd and /etc/shadow?
<ivoks> anyone using NFS here?
<zul> yep
<zul> but not as complicated as you probably want it ivoks
<ivoks> well, my setup is basic
<ivoks> one nfs share, mounted on different ubuntu clients
<ivoks> users are in LDAP, so uids and gids are ok
<zul> pormap running?
<zul> portmap even
<ivoks> now, everything is working
<ivoks> it's just this problem that's been there always :)
<ivoks> when userA creates file, it creats it with it's umask
<ivoks> then userB can't change it
<yoshx> hello
<ivoks> now, i could change their umasks, but i do not want that, cause i'd like them to store files with 0660 permissions only on nfs share
<uvirtbot`> New bug: #488257 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/488257
<ivoks> that's doable with samba, but nfs doesn't have something like that
<ivoks> :/
<zul> which version are you using?
<ivoks> v3
<ivoks> but i think it applies for v4 too
<ivoks> i could use ACLs, of course...
<ivoks> or, forget about NFS
<ivoks> how do i set up a direcotry, on unix, which will force permissions on files created in it?
<ivoks> for example, each file created there should be 0660
<ivoks> i do know how to do that with ACL
<ivoks> man, we should have ACLs by default in ubuntu
<ivoks> in any linux distro.
<ivoks> unix permissions are just to simple
<zul> I would use acl
<ivoks> there's no other way
<ivoks> and we moved acl to universe
<ivoks> bah, we suck
<ahasenack> why was acl moved to universe?
<ahasenack> I thought samba was very close to requiring it, i.e., many of its features don't work without acl support
<ivoks> i'll fight for its comback to main
<Nexen|Zeboss> i'm tryin' to build a UEC, and i was wondering if anyone know the minimum CPU specs for CLC and CC ?
<RiSkOo> alguien habla espaÃ±ol?
<RiSkOo> :)
<uvirtbot`> New bug: #488285 in multipath-tools (main) "multipathd segfault" [Undecided,New] https://launchpad.net/bugs/488285
<majuk> Hey guys, I have a functioning Samba PDC, but when ever a Windows user logs in, I get this message flood my /var/log/daemon.log. Any idea why? Googling failed me. http://dpaste.com/125035/
<majuk> Again, everything works, so this error doesn't seem to be affecting my user in any way, I would just prefer my logs weren't stuffed with this message.
<ruben23> hi
<majuk> ruben23! Hola. Que paso amigo con queso?
<ruben23> majuk:hi sorry cant understand
<majuk> ruben23! That means "Hello, my friend with cheese"
<majuk> Or, what's up, rather
<ruben23>  majuk:very nice....
<ruben23>  majuk: are you a network admin..?
<Adam75> CPU INTEL P4 2.6GHz, 80 Gb HD, 512mb ram.. will this do for a server?
<majuk> ruben23! EEEEEERRRRRRRGGGGGG, wrong, ask your questions and someone will help if they can.
<majuk> That was my 'wrong answer' buzzer, needs work.
<majuk> Adam75! Depends on what you're serving, chacho.
<Adam75> majuk; I don't know yet. I'm thinking webserver or smth
<majuk> Adam75! Short answer: it should be fine. It's probably way over kill, in fact.
<\sh> majuk, depending on the load of the webserver...
<majuk> \sh! Precisely. Hence why that was the short answer.
<majuk> \sh! But if he doesn't even know what he's serving, that means he's not serving much of anything usually.
<majuk> So :P
<\sh> oh well.../me hasn't the "i need a server for home" users in mind ;)
<majuk> \sh! Indeed.
<zroysch> is there anyone around who is knowledgable in networking on ubuntu server
<zroysch> its getting very annoying to deal with this random disconnection that occurs when im connected to the server from the internet.
<bogeyd6> yes i am zroysch
<zroysch> hi
<bogeyd6> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<bogeyd6> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<bogeyd6> :))
<zroysch> ok, i'll try to describe my circumstance
<zroysch> currently i'm at panera bread
<zroysch> ssh'd to ubuntu server (on home lan)
<zroysch> also connected to the mpd server
<zroysch> listening to icecast stream
<zroysch> it'll disconnect at random.
<bogeyd6> the ssh or the icecast?
<zroysch> i ssh to the centos server, also on the home lan. it remains connected indefinitely
<zroysch> this behavior was repeated on university's network
<zroysch> and another restaurant
<zroysch> everything disconnects at the same time
<zroysch> for a minute or so
<zroysch> on the ubuntu problem server
<bogeyd6> ok
<bogeyd6> well there are lots of fault points to trouble shoot in the area.
<zroysch> when i'm at home on the lan (my laptop), it stays connected to the ubuntu server the whole time
<bogeyd6> what does /var/log/syslog tell you
<zroysch> i dont see anything there regarding an ssh connection or any of the other connections i know are failing
<\sh> zroysch, check on your centos box /etc/ssh/sshd_config for TCPKeepAlive setting...if it's enabled, there you go on your ubuntu box...but man sshd_config tells you TCPKeepAlive is spoofable..you need to look at the ClientAliveCountMax
<bogeyd6> so chances are it is either the network card in the server (assuming that this aint a virtual server) or the router/dsl modem is losing signal
<zroysch> its not a virtual server
<bogeyd6> \sh that doesnt solve his icecast disconnecting
<zroysch> i was suspect of the server nic, but wouldnt it act the same while i was at home on the lan?
<bogeyd6> zroysch yeah, but not as touchy on a lan as it does go over internet
<\sh> bogeyd6, if the centos box is on the same network as the ubuntu box...hmm..
<zroysch> my home network is setup like verizon modem -> pfsense router/firewall -> ubuntu server
<zroysch> yes centos is connected to the same router
<bogeyd6> i dunno, i think it has to be in that internet connection
<\sh> bogeyd6, then you would have the same disconnects on the centos box
<\sh> bogeyd6, or it's something like dhcp doing some re-requesting of ips in a faster interval
<\sh> if zroysch' server is getting it's ip via dhcp ;)
<bogeyd6> usually the dhcp server will give the same lease
<\sh> as I'm not using dhcp for my home machine, I don't have disconnects...
<\sh> bogeyd6, usally
<\sh> but I'm running on linksys with ddwrt...and have no problem with the ubuntu boxes (which I only use...no other linux here)
<zroysch> \sh: all servers in question are static ip'd
<zroysch> on the lan
<bogeyd6> zroysch can you pastebin the contents of /var/log/syslog and
<bogeyd6> let us know the url
<zroysch> \sh: #TCPKeepAlive yes
<zroysch> bogeyd6 http://pastebin.com/f5602195f
<bogeyd6> server log is surprisngly clean
<zroysch> it just happened again
<zroysch> ssh: connect to host xxx.xxx.xx.xx port 22100: Connection refused
<zroysch> now its prompting for a password again
<bogeyd6> hah, i got an ip trying to bruteforce a username in my auth.log
<zroysch> connected
<zroysch> uh oh
<zroysch> fuck him.
 * bogeyd6 knows how to secure me some ssh
<bogeyd6>  121.10.141.118
<zroysch> i wish my auth.log said something important regarding the ssh disconnects
<zroysch> chinese bastard
<bogeyd6> you can
<bogeyd6> set your logging level in sshd_config
<zroysch> i did
<zroysch> its verbose
<bogeyd6> set to debug
<zroysch> set
<bogeyd6> restart ssh
<bogeyd6> sudo /etc/init.d/ssh restart
<bogeyd6> disconnect and reconnect (if successful start)
<bogeyd6> auth.log is where it is logging
<zroysch> right
<bogeyd6> waiting for a disconnect?
<zroysch> always
<bogeyd6> tail -f /var/log/auth.log
<zroysch> i'm all anxious with anticipation this time
<zroysch> theres gonna be a log with all the answers
<bogeyd6> or no answer!
<zroysch> [365176.690020] TCP: Treason uncloaked! Peer xxx.xx.xx.xx:58985/49150 shrinks window 1453160483:1453162878. Repaired.
<zroysch> i get a shitload of these
<zroysch> imean a metric shit ton
<bogeyd6> it means its shrinking the tcp window
<bogeyd6> mostly we just wait for the disconnect and then see the errors leading up to it
<zroysch> Nov 25 13:31:15 userv sshd[23755]: debug1: server_input_global_request: rtype keepalive@openssh.com want_reply 1
<zroysch> i guess this is my client's serverkeepalive doing its thing?
<bogeyd6> yes
<zul> bah
<bogeyd6> zroysch maybe if you stop the tail it will disconnect faster
<zroysch> http://pastebin.ca/1687117
<zroysch> but i'm still connected
<zroysch> how/why is root connected? i never login as root
<bogeyd6> ruh roh :(
<bogeyd6> did you su root?
<zroysch> ubuntu doesnt even have a root i though
<zroysch> t
<bogeyd6> !root
<ubottu> Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<bogeyd6> but watch this
<bogeyd6> !noroot
<ubottu> We do not support having a root password set. See !root and !wfm for more information.
<bogeyd6> :P
<zroysch> i never set one
<zroysch> so i guess there isnt one.
<zroysch> my login i normally use has root access, but the username is not root
<\sh> sudo -i == you smell like root ;)
<bogeyd6> when was the last time you did a "sudo apt-get update && sudo apt-get upgrade"
<zroysch> dunno
<bogeyd6> check it out
<bogeyd6> could be a solution to our problems
<zroysch> http://pastebin.com/m7dc68cb2
<zroysch> that tell me anything?
<ivoks> yes
<ivoks> it says everything is ok
<zroysch> ivoks: everything is not ok.
<zroysch> bogeyd6: i have 5 days of uptime, so 5 days ago
<ivoks> i wasn't here from the begining, so i don't know what's your problem
<ivoks> but this log looks ok
<ivoks> if, of course, you do know who userveadmin is :)
<uvirtbot`> New bug: #488373 in mysql-dfsg-5.1 (main) "mysql-server-5.1 does not include the InnoDB engine" [Undecided,New] https://launchpad.net/bugs/488373
<zroysch> ivoks: yes i know him. i am him
<ivoks> awesome, so... what's the problem?
<zroysch> ivoks: the disconnects are happening at random, without my authorization.
<zroysch> from several locations on the internet
<bogeyd6> zroysch who is smmsp
<zroysch> i dont know
<ivoks> zroysch: disconnects?
<zroysch> 24 packages can be updated.
<zroysch> 10 updates are security updates.
<zroysch> i guess i'll do it
<bogeyd6> sendmail user
<bogeyd6> zroysch plz do
<ivoks> your ssh connection drops?
<bogeyd6> zroysch has it disconnected yet
<zroysch> bogeyd6 yes several times
<zroysch> i posted the pastebin from the tail on the one
<bogeyd6> the last pastebin proved nothing of a disconnect
<zroysch> huh
<ivoks> are you running nscd?
<bogeyd6> just showed closed as if you closed it
<zroysch> i didnt close it
<ivoks> bogeyd6: which pastebin is that?
<zroysch> http://pastebin.com/m7dc68cb2
<zroysch> this one, i guess
<ivoks> nope, it's this one
<ivoks> http://pastebin.ca/1687117
<alkisg> Is the following idea for passwordless ssh an acceptable way to control many standalone clients from a server?
<alkisg> 1) Create ssh keys for the root user on the server: sudo ssh-keygen
<alkisg> 2) Edit /etc/ssh/sshd_config on the clients, and specify: AuthorizedKeysFile /etc/ssh/authorized_keys
<alkisg> 3) Copy the public key of the server root user to the clients' /etc/ssh/authorized_keys
<alkisg> This way anyone with sudo privileges on the server could do: sudo ssh user@client and automatically logon there.
<alkisg> Any tactical problems with this approach?
<ivoks> anyway, neither of those show closed connection
<ivoks> zroysch: let's start from the beginning
<ivoks> zroysch: what is the problem? you randomly get disconnected from ssh?
<alkisg> That's to be used in a small classroom, with the teacher sitting on the server and controlling/administering the clients where the students sit.
<bogeyd6> ivoks only when crossing on his internet connection
<ivoks> zroysch: does it show 'disconnected' or the connection just times out
<ivoks> do you actually get disconnected or it looks like connection 'crashed'?
<zroysch> ivoks: when connecting from the internet (tried 3 different locations), my connections get dropped at random (ssh, mpd, icecast)
<ivoks> describe 'dropped'
<ivoks> do you get disconnect or it just stalls
<zroysch> this ubuntu server is on my home lan. the same home lan that the centos server is on where my ssh remains connected
<ivoks> for example, with ssh
<zroysch> it disconnects, and i am given the prompt for my local machine again
<ivoks> do you get returned to your client prompt or terminal 'freezes'
<ivoks> ok
<ivoks> what kind of connection do you have from your home to your ISP?
<zroysch> its verizion fios..
<zroysch> fiber to the house
<zroysch> a box outside that comes inside with coax to the verizon modem
<ivoks> i know what it is
<zroysch> then why did you ask
<ivoks> i asked what do you how, and i know what fios is
<ivoks> how? :)
<ivoks> have
<zroysch> yea, it was a weird way to ask i guess, so i was overly descriptive, as i thought its what you wanted
<zroysch> also, i believe not everyone gets fiber right up to their house
<ivoks> hm...
<zroysch> ok i just got a new kernel with the update
<zroysch> not sure if this is going to do anything but i'll reboot and see
<ivoks> zroysch: when it boots up, i'd like you to paste output from 'grep sshd /var/log/auth.log'
<ivoks> from one session
<bogeyd6> awesome zroysch
<zroysch> im not sure what you mean by one session
<bogeyd6> login to ssh and then repost auth.log
<ivoks> ssh into the server and wait until it drops connection
<zroysch> ok
<zroysch> rebooting
<zroysch> i gotta eat now
<zroysch> brb
<ivoks> heh
<ivoks> sshd doesn't disconnects him
<ivoks> i'm puzzeld by the fact that he gets his terminal back
<ivoks> otherwise, i'd bet on MTU
<bogeyd6> ivoks he claims on local lan its no issue
<ivoks> therefor MTU or some kind of firewall on modem
<\sh> ivoks, how does it fit with the centos box not disconnecting? ;)
<ivoks> different mtu
<zroysch> maximum transition unit?
<ivoks> but on fiber, mtu of 1500 should be ok
<\sh> hmm...nic mtu should be always 1500, or?
<\sh> (ethernet to be more precise)
<ivoks> not always...
<jbernard> \sh: GigE supports jumbo frames
<ivoks> sometimes with cisco vpn you can get problems if your mtu is 1500
<\sh> jbernard, yes...but your home dsl / cable modem won't have GigE ;)
<ivoks> \sh: this isn't dsl
<ivoks> it's fiber
<ivoks> zroysch: yes... could you try something?
<zroysch> at your service
<ivoks> zroysch: eth0 is the name of the interface?
<bogeyd6> im not convinced its the server
<zroysch> yes
<bogeyd6> im betting it has to be in the verizon modem signal or the firewall
<ivoks> zroysch: run 'sudo ifconfig eth0 mtu 1412'
<ivoks> let's give it some space :)
<bogeyd6> wat
<bogeyd6> dont do that
<ivoks> zroysch: on server, of course
<zroysch> yes
<zroysch> it was 1500
<uvirtbot`> New bug: #248142 in backuppc (main) ""RsyncdUserName" missing from "CgiUserConfigEdit" in Meta.pm" [Low,Invalid] https://launchpad.net/bugs/248142
<ivoks> i know
<ivoks> now observe if behaviour changed
<zroysch> centos server's mtu also 1500
<ivoks> i belive it is...
<zroysch> i'm telling you it is
<ivoks> so, does connection drop?
<bogeyd6> rotfl
<zroysch> will have to give it a minute
<ivoks> zroysch: by default, it's 1500 always
<zroysch> oh
<ivoks> Verizon FiOS expects an MTU setting of 1492.
<ivoks> there we go...
<ivoks> true, modem should do that, but it's verzion... expect unexpected :)
<zroysch> yea like a blown up gasline
<ivoks> ADSL also works on 1492
<ivoks> but clients on LAN shouldn't have 1492, only the gateway
<ivoks> i've seen couple of modems that don't clam mtu
<zroysch> so i should set the pfsense router to 1492
<ivoks> er... you have your own gateway?
<NorthByNorthWest> Hi! Desperately need help! My samba share, created with webmin cant be mounted... it just says "Cannot mount Window-share"
<zroysch> ivoks: well its a gateway for my lan
<zroysch> its the only computer connected to the vz modem
<ivoks> zroysch: it should have 1492 only on the modem side, on the eth side it should be 1500
<ivoks> zroysch: the thing is that modem needs to do claming
 * \sh loves his linksys and /me loves cable ;) 
<ivoks> zroysch: so, does connection drops?
<zroysch> ivoks: not yet
<ivoks> that's 7 minutes
<ivoks> did it last that long before?
<bogeyd6> NorthByNorthWest we dont support webmin here
<zroysch> its seemingly random
<ivoks> zroysch: it's not random, it depends on amount of data
<ivoks> zroysch: so, if you just log in, it won't drop that fast; but if you do just 'ps ax' it could drop in a second
<zroysch> ivoks: whenever i'm doing something in the terminal it seems to stay connected
<zroysch> its only when i go back to it after doing something else i find it disconnected
<ivoks> hm, interesting
<\sh> tcpkeepalive not set (first shot, and it's evil) and ClientAliveCountMax + ClientAliveInterval not set (which is a better alternative for SSHD) so modem (fw) drops connection when inactive (sometimes a standard doing of FWs)
<NorthByNorthWest> bogeyd6: Ok... screw webmin.... what if I pastebin the entry in the smb.conf?
<ivoks> NorthByNorthWest: go ahead
<\sh> webmin still alive? oh wow
<NorthByNorthWest> ivoks: http://pastebin.se/199725 this is just the share... need more?
<ivoks> right, if it disconnects on inactivity, then mtu might not help
<NorthByNorthWest> hmm... path missing?
<ivoks> lol
<NorthByNorthWest> ivoks: lol @ me? ;)
<ivoks> yes
<NorthByNorthWest> hehe... sometimes the solution becomes clear when describing it to someone else...
<ivoks> yes, that's very common
<ivoks> zroysch: so, still working?
<NorthByNorthWest> but Im a total samba noob... im just reading the other default shares in the file and making conclusions...
<zroysch> ivoks: so far so good
<NorthByNorthWest> ivoks: argh.... still cant mount
<ivoks> zroysch: that's 15 minutes now
<ivoks> NorthByNorthWest: did you restart samba when you added the path?
<NorthByNorthWest> ivoks: yes
<ivoks> NorthByNorthWest: /var/log/samba/log.smbd might help
<NorthByNorthWest> ivoks: http://pastebin.se/199726 doesnt tell me much...
<uvirtbot`> New bug: #300965 in backuppc (main) "updatedb.mlocate crashes the machine, when the backupcc-pool becomes huge" [Wishlist,New] https://launchpad.net/bugs/300965
<ivoks> zroysch: if it works out, see if you can set mtu to 1492 on your gateway, but only on the modem connection
<zroysch> ivoks: ok
<ivoks> NorthByNorthWest: do other share have spaces in name?
<zroysch> not sure still why the centos machine would be ok with the 1500 though?
<ivoks> shares
<NorthByNorthWest> ivoks: *ahem* nooo... :-[
<ivoks> zroysch: bad network configuration produces very strange behaviours
<NorthByNorthWest> ivoks: are underscores ok?
<ivoks> NorthByNorthWest: spaces are ok, iirc, but for testing remove them
<NorthByNorthWest> ivoks: yep... just removed spaces to begin with!
<NorthByNorthWest> ivoks: *gnarl* still not working... *chewing on my fist*
<ivoks> NorthByNorthWest: other shares work, and have same configuration?
<NorthByNorthWest> ivoks: should I pastebin the complete smb.conf?
<ivoks> NorthByNorthWest: sure
<zul> ivoks: want me to merge rhcs for you?
<ivoks> you can pm it to me
<ivoks> zul: from debian? no, i'll do it
<zul> ivoks:okie dokie
<ivoks> i have to add a patch 'exit 0' at the init script :)
<ivoks> right bellow #!/bin/sh
<ivoks> NorthByNorthWest: ?
<NorthByNorthWest> ivoks: its coming... doing copy-paste from a ssh terminal...
<ivoks> :)
<RoAkSoAx> ivoks, I think there's a way to make users save files in a specific directory and keep those files with the permissions of that folder... I just don't remember how to do it :P
<ivoks> there is. acl
<RoAkSoAx> ivoks, I think you can do that by not using acls, but just keeping permissions of file and folders. I remember I did that  so long ago :)
<NorthByNorthWest> ivoks: finally... http://pastebin.se/
<NorthByNorthWest> argh
<ivoks> RoAkSoAx: you can use setgid to keep group
<NorthByNorthWest> hey WTF???
<ivoks> RoAkSoAx: but that doesn't stop user of saving with permission she wants
<NorthByNorthWest> I pressed "Send" and it just killed all my input!!!!
<NorthByNorthWest> *ROOOAAARRRRR*
<ivoks> hit back
<NorthByNorthWest> *hulk is angry*   *hulk smash*
<RoAkSoAx> ivoks, what about setting umask?
<ivoks> of course, but that then applies for all dirs
<ivoks> files
<RoAkSoAx> oh ok :)
<zroysch> Ivoks
<zroysch> Read from remote host xxx.x.xx.xx: Connection reset by peer
<zroysch> Connection to xxx.xxx.xxx.x closed.
<ivoks> that's firewall cuting connection
<zroysch> so firewall needs mtu 1492 you say
<ivoks> on modem side
<ivoks> maybe there are too many connections for it?
<zroysch> what do you mean
<NorthByNorthWest> ivoks: well... mounted my local computers shared folder from the server instead... solved my problems for now... thanks for your help anyway! :)
 * ivoks busy
<mathiaz> ahasenack: hi - were you able to test bind9 with the ldap dlz in karmic?
<ahasenack> mathiaz: no, I couldn't come up with the queries it needed for the sdb schema
<ahasenack> mathiaz: and the package needs a patch
<ahasenack> (bind)
<mathiaz> ahasenack: hm - isn't dlz and sdb two different things?
<ahasenack> mathiaz: yes, and my config was for the sdb one
<ahasenack> mathiaz: which is what the bind package in mandriva supported back then
<ahasenack> mathiaz: dlz works with customizing queries
<ahasenack> mathiaz: so it's possible to write a config for it to use the sdb schema
<ahasenack> mathiaz: in theory, that is
<mathiaz> ahasenack: ok - bind9 is built with the ldap dlz plugin
<ahasenack> mathiaz: right, so these were my two difficulties: trying to make it work with sdb schema and the patch to make it work with current libldap
<mathiaz> ahasenack: oh - so ldap dlz needs a patch to work
<ahasenack> mathiaz: let me find the lp bug for it...
<mathiaz> ahasenack: and ldap sdb needs to have the schema sorted out
<ahasenack> mathiaz: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/227344
<uvirtbot`> Launchpad bug 227344 in bind9 "bind-dlz and ldap api: invalid use of "%" character" [Undecided,Confirmed]
<mathiaz> ahasenack: great - thanks
<ahasenack> mathiaz: regarding the sdb schema, it was just an attempt from me to not have to change the schema from sdb to dlz, so I thought I would give it a try and see if I could make the dlz config read the sdb schema
<ahasenack> mathiaz: but I got a headache while trying to understand how dlz does its thing :)
<mathiaz> ahasenack: right.
<ahasenack> mathiaz: specially when I saw that it relies on ordering of results or something like that
<mathiaz> ahasenack: IIUC the different between sdb and dlz is that dlz can do local caching while sdb does not?
<ahasenack> mathiaz: maybe, I vaguely remember something about that
<ahasenack> mathiaz: and dlz is supposedly included upstream,
<ahasenack> mathiaz: but in a contrib/ directory still
<mathiaz> ahasenack: right - sdb is also in the package
<mathiaz> ahasenack: I think I'll go with sdb+local slapd replica
<ahasenack> mathiaz: what do you mean sdb is in the package? We have a bind package patched with sdb?
<ahasenack> I mean, sdb+ldap
<mathiaz> ahasenack: hm - I think so: contrib/sdb/ldap
<ahasenack> interesting, maybe it just needs to be enabled at build time or something?
<mathiaz> ahasenack: yeah - may be.
<ahasenack> erichammond: fyi, I was trying to rebundle your dapper amis today
<ahasenack> erichammond: got bitten by the tar bug regarding sparse files
<ahasenack> erichammond: dapper has tar 1.15.1, which is the exact borderline version for this bug
<ahasenack> erichammond: I then downloaded latest tar from upstream, built it on a dapper machine and copied the resulting binary over to the running instance, adjusted PATH, and only then did the rebundling work
<Flare183> I've got a load of log files in my /var/log directory, would it been safe to delete the oldest compressed .gz file?
<davidnetherlands> hi ubuntu server community, i got a question
<Flare183> !ask | davidnetherlands
<ubottu> davidnetherlands: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<davidnetherlands> what are the recommended minimum hardware specs for a ubuntu 9.10 server (in terms of mhz or ghz, i know about RAM)
<ScottK> Flare183: As long as you don't need them.
<Flare183> ScottK: Alright, just checking
<davidnetherlands> and my second question.. where can i find some info on installing a ubuntu server on a computer with 2 hard disks.. say i want one small hd for the system and one big hd for the content (/var/www)
<Italian_Plumber> i'm running 804 on a pentium III 500
<Italian_Plumber> 512 MB Ram
<Flare183> davidnetherlands: All you have to do for the second question, is partition it correctly
<davidnetherlands> yeah ok italian plumber.. i'm close to that one.. p3 600mhz 512mb
<davidnetherlands> so it should work
<Italian_Plumber> I don't see why not.  I'd install hardy though, it's supported until 2013.
<Italian_Plumber> unless there's some awesome feature on karmic that you just have to have.
<Italian_Plumber> the big question is what are you oging to do with the server?
<davidnetherlands> flare183.. but during the installation i'm getting the partition screen.. and only later on (after this screen) i get to install a lamp server
<davidnetherlands> so how do i go about that?
<davidnetherlands> Italian_Plumber, i'm just experimenting arround with a nas.. a lamp server, maybe some ruby on rails
<Italian_Plumber> yeah your hardware should do just fine
<Italian_Plumber> I also have two hard disks
<davidnetherlands> thank you Italian_Plumber!
<Italian_Plumber> I installed hardy on the first one, not connecting the second one.
<davidnetherlands> ok
<davidnetherlands> and then?
<Italian_Plumber> afterwards, I connected the second one, mounted it in /media/data , and I was done.
<davidnetherlands> but what do you use your 2nd hd for?
<Italian_Plumber> extra storage
<Flare183> davidnetherlands: all you have to do is setup the partition stuff right, and then sudo apt-get install the rest of the stuff
<Italian_Plumber> I use it as a torrent box, nas, internal DNS, and SVN server
<davidnetherlands> okay.. nice..
<RoyK> how can I download a 'magnet' link from the ubuntu commandline?
<davidnetherlands> Flare183, how exactly? that is my next question.. where can i read something about 2 hard disks in a server setup?
<lenios_> what's a magnet link?
<Flare183> Ok, am I the only one that uses a server with a GUI?
<Flare183> Because I have to use my server as my desktop
<lenios_> you can install server softwares on ubuntu desktop
<Italian_Plumber> a server with a GUI is a desktop
<Italian_Plumber> a Desktop without a GUI is a server
<Flare183> Yeah that's what I'm doing
<Flare183> so yeah
<davidnetherlands> yeah okay.. i know about that
<Flare183> But it seems like I"m the only one that does that
<Italian_Plumber> I used to do that here at work.
<Italian_Plumber> My desktop also a server
<davidnetherlands> haha, being unique is not always a bad thing
<Flare183> Ahh ok
<Flare183> Sweet
<lenios_> i often have openssh-server on my desktop, i guess i'm unique too :p
<Flare183> lenios_: Same here
<Italian_Plumber> sometimes the lines are blurred.
<lenios_> kernel is not exactly the same on server edition and desktop edition
<Italian_Plumber> we have a server here at work with a GUI on it that really doesn't need one -- but the moron (my boss) that set it up didn't know that.
<lenios_> but it shouldn't make any noticeable difference
<DragonLord> does a minimal installation of ubuntu server fit on 512Mb HDD?
<Italian_Plumber> dragon: no
<Flare183> DragonLord: Tried it, no way
<Italian_Plumber> dragon: ... er well... that's a guess anyway.
<davidnetherlands> thanks guys, i'm gonna try it!
<davidnetherlands> bye
<DragonLord> Italian_Plumber, Flare183 ok
<Italian_Plumber> I wouldn't build any computer today without a 30-40GB hard drive.
<Flare183> Italian_Plumber: I agree with that
<Flare183> DragonLord: Np
<Italian_Plumber> I don't think you can buy a HD smaller than 80GB anymore.
<lenios_> requirements for server editions are 128mB of ram and 1GB of hdd
<DragonLord> I got a thin client I want to use like a Mumble server and it has 512Mb "HDD" in it :)
<Italian_Plumber> yeah now that lenois says that, I am reminded that you need at least 128MB to run MySQL.
<Flare183> haha I've got an old HP vetrca in here right next to me that I wish I could use as a server
<Flare183> vectra*
<Flare183> Its like dead ancient
<lenios_> i have server edition on a 4G eeepc
<erichammond> ahasenack: So you're saying that you have to use a non-dapper tar to bundle a dapper instance on EC2.
<lenios_> usage is 23.1% of 3.19GB, for those wondering
<erichammond> hm, gone.
<Italian_Plumber> lenois: that's a base install of karmic server?
<lenios_> with ssh server
<Italian_Plumber> oh... well ssh server .. .that's, what, 1MB?
<lenios_> well, remove 1MB from 710MB then
<Italian_Plumber> yeah I tried running a LAMP server with 64MB of RAM... didn't happen.
<Italian_Plumber> it was a VM
<Flare183> Italian_Plumber: I've done it with lower Memory
<Flare183> 32MB'
<Italian_Plumber> really?  see I figured it wasn't happening 'cause MySQL says it needs 128MB
<Flare183> I've got an old dell, that I put Arch Linux onto it and I had to put A LOT of swap on it.
<Flare183> Like I had to start using flash drives for swap haha
<Italian_Plumber> oh.  I'm talking hardy
<Flare183> Ahh ok
<Italian_Plumber> with conventional RAM
<Flare183> ahh ok
<Italian_Plumber> yeah my regular setup is with 576 MB of RAM... it's an old PC that someone said was "too slow"... but it runs hardy just fine.
<Italian_Plumber> I just got the thing and installed hardy right over it.
<Italian_Plumber> ... and boom! instant server.
<Italian_Plumber> just add water
<Italian_Plumber> and watch it grow
<Flare183> xD
<Italian_Plumber> now all I need are some big IDE drives
<Italian_Plumber> 'cause it has no SATA controller in it
<Italian_Plumber> or a PCI SATA controller
<Italian_Plumber> cheap, I know.
<Italian_Plumber> MAN it's quiet at the office today
<qman__> <Italian_Plumber> I wouldn't build any computer today without a 30-40GB hard drive.
<qman__> my file server uses a 4GB drive for the system
<qman__> and a separate raid for storage
<lenios_> if it's only for the system, it might be better to waste 3-4GB to have a system up and running in case of hardware failure
<qman__> lenios_, incidentally, several my storage drives failed on the same day, and I lost the RAID, while the 4GB root drive is still going strong
<qman__> just can't kill those old quantum fireballs
<qman__> bought new storage drives and built a second array, never even touched the root drive
<benedikt> ScottK: this spamassasin header thing is getting even weirder. Sometimes it doesnt show and sometimes it does. And i havent changed the config in the meantime
<ruben23> hi anyone can suggest, how to rescue forgotten username and password on an ubuntu-server..
<benedikt> ruben23: do you have physical access to it?
<ruben23> yes
<benedikt> then reboot into a live environment (if it can take the downtime), mount your / and chroot to it and run "passwd <user>"
<\sh> ruben23, or just change your kernel boot line on grub: init=/bin/bash ... no password prompt..or boot the rescue system from ubuntu which is also on grub
<ruben23> ok copy
<ruben23> thanks
#ubuntu-server 2009-11-26
<ruben23> hi
<ruben23> i have http setup on /var/www----> how do i download the folder and file i have on it. on remote area, by accesing its public Ip..
<ruben23> be able to view and download the file adn folder in it using url
<ruben23> anyone can suggest..?
<CppIsWeird> hello. i've got a box running ubuntu-server. I've tried putting two different sata cards in it and it does not pick up either card. i do not even see in dmesg anything about the card. neither of the cards logos prompts during boot. this box did have an sata controller card in the past and used it just fine. any ideas?
<CppIsWeird> hello. i've got a box running ubuntu-server. I've tried putting two different sata cards in it and it does not pick up either card. i do not even see in dmesg anything about the card. neither of the cards logos prompts during boot. this box did have an sata controller card in the past and used it just fine. any ideas?
<benedikt> CppIsWeird: does it show up in lspci?
<CppIsWeird> benedikt, no
<CppIsWeird> could i have disabled something in the bios a while ago? can options in the bios prevent sata cards from loading?
<benedikt> yes, its possible.
<CppIsWeird> hmm, well now i have to wait a few hours... i decided to do a release upgrade
<benedikt> took my half an hour on my 10 year old server
<billybigrigger1> hey all
<billybigrigger1> anyone alive?
<CppIsWeird> benedikt, i bet your internet is faster than mine
<qman__> CppIsWeird, could also be a dead PCI slot, it happens
<qman__> if you have a different slot, try it
<CppIsWeird> tried them all
<micahg> is the -server kernel gone in karmic?
<twb> That's what I heard
<ScottK> For i386, yes.
<ScottK> For amd64 there is still a server kernel.
<micahg> ah
<sbeattie> micahg: though in i386 land, the generic-pae sort of serves the same purpose.
<micahg> I thought the -server kernel had other tweaks besides pae
<twb> !pae
<ubottu> Sorry, I don't know anything about pae
<twb> micahg: you should be able to dget the amd64 .debs, dpkg -x them, and diff the .config.gzs
<twb> That ought to tell you exactly what is different
<twb> Oh, PAE = "I want to address all 8GiB but I can't use the native x86-64 build."
<billybigrigger1> do i have to manually create a /Maildir for root?
<billybigrigger1> i'm getting a bunch of permission denied errors on my mailserver
<billybigrigger1> Nov 26 04:17:58 li127-132 deliver(root): chdir(/root) failed: Permission denied
<billybigrigger1> they look similar to that one ^^^
<billybigrigger1> although i have my user account setup as an alias to root, so i thought they would redirect
<billybigrigger1> Nov 26 04:16:57 li127-132 deliver(root): stat(/root/.dovecot.sieve) failed: Permission denied
<billybigrigger1> does dovecot need the managesieve protocol enabled? i'm not sure really what it does, but i remember last time i setup a mailserver on my home server that the only protocol i needed, or ran, was imaps
<twb> 15:47 <billybigrigger1> Nov 26 04:17:58 li127-132 deliver(root): chdir(/root) failed: Permission denied
<twb> billybigrigger1: who does dovecot run as?
<twb> If it isn't the superuser, it probably won't have access to user's home directories -- including root's.
<marcelcohrs> can anybody give me a hand with vhosts?
<Dessan> What can we help with marcelcohrs
<Dessan> marcelcohrs, please keep chat in channel not PM's that way more people can help/learn.
<marcelcohrs> do you know how i set the permissions to my account to have full access r &w at my www folder?
<marcelcohrs> im connected via sshfs
<billybigrigger1> twb: postfix and dovecot-auth are both run as root
<twb> Is /root o+rwx ?
<billybigrigger1> manageseive-login, pop3-login, and imap-login are all run as dovecot
<billybigrigger1> although, according to dovecot doc's, protocols = none in dovecot-postfix.conf = login's managed via dovecot-auth
<marcelcohrs> Dessan: first thing, when i use sshfs to connect
<billybigrigger1> doesn't seem to be true though
<billybigrigger1> drwx------   4 root root  4096 Nov 26 02:22 root
<twb> billybigrigger1: OK, so it looks like li127-132 (whatever that is) isn't running as root
<billybigrigger1> where do you see that?
<twb> Either that or you have some kind of separate MAC in addition to the posix permissions
<twb> 15:57 <twb> 15:47 <billybigrigger1> Nov 26 04:17:58 li127-132 deliver(root): chdir(/root) failed: Permission denied
<billybigrigger1> li127-132 is my hostname
<billybigrigger1> given to me by the vps host for my node
<twb> Oh, linode
<billybigrigger1> i changed my hostname to timmy though
<billybigrigger1> sudo: unable to resolve host timmy
<twb> That was a dumb thing to do
<billybigrigger1> could explain those messages, i get that after typing every command
<billybigrigger1> why can't i change my servers hostname?
<twb> Because you haven't changed your server's hostname properly
<billybigrigger1> edit /etc/hostname and then $ hostname -F /etc/hostname
<twb> You must edit /etc/hosts, /etc/hostname and reboot or run hostname -F /etc/hostname
<billybigrigger1> ??? how else do you set it up?
<billybigrigger1> oooh didn't edit hosts
<twb> Because sudo can't resolve "timmy", it won't let you run sudo at all
<billybigrigger1> :P
<billybigrigger1> there we go
<billybigrigger1> messages gone
<billybigrigger1> now i wonder if i should change dovecot-postfix.conf to protocols = imaps
<billybigrigger1> instead of protocols = none
<twb> Does 8.04's d-i support the sshd option?
<twb> I thought it did, but I can't find it.
<twb> Oh, maybe I need to start d-i with "expert"?
<twb> "anna-install openssh-server" didn't work, either...
<twb> Grmph
<billybigrigger1> does phpmyadmin not exist in jaunty anymore?
<uvirtbot`> New bug: #488600 in php5 (main) "MySQLi Prepared Statements Not Working Correctly With UPDATEs" [Undecided,New] https://launchpad.net/bugs/488600
<billybigrigger1> E: Couldn't find package phpmyadmin
<crohakon> So, how can I make it so I can mount a directory on my server from my laptop?
<crohakon> NFS?
<twb> crohakon: any network filesystem will do
<twb> For ad-hoc use, I recommend SSHFS, though this isn't appropriate for heavyweight
<twb> billybigrigger1: it's in universe, because it receives no support.
<twb> billybigrigger1: universe was (stupidly) turned on by default in some earlier releases.
<ScottK> twb: That's a gross over-generalization.
<ScottK> There are ignored packages both in Main and Universe.
<ScottK> Certainly the odds are better in Main, but both are maintained.
<ScottK> twb: Also Universe is still on by default in new installs.
<crohakon> Okay, so I followed the server guide to install the NFS
<crohakon> But I cannot seem to mount it from my laptop
<qman__> crohakon, by default, ubuntu desktop doesn't have the nfs-common package installed, which is needed to mount nfs shares
<twb> I didn't say it was unmaintained, I said it didn't receive support.
<twb> Granted, I may still be wrong.
<twb> But I was thinking of support contracts rather than maintenance of the package.
<crohakon> nvm I got it working
<twb> I also didn't realize universe on in 9.10.  I thought it was off in 9.10, partly because that'd neatly explain billybigrigger1's problem.
<twb> crohakon: note that you shouldn't run NFS over an untrusted network (e.g. the internet).
<crohakon> They server is in my basement
<crohakon> =)
<crohakon> I just got tired of using FTP... making a change to a CSS file and uploading it. Now I can just open it directly and click the save button to update it.
<crohakon> hmmm
<crohakon> apparently I don't have permission to SAVE the file...
<crohakon> in exports I have: /srv *(rw,synv,no_subtree_check)
<twb> crohakon: your UIDs must be the same on both hosts
<twb> When using NFS, anyway
<twb> This is why NFS is typically used with LDAP or NIS.
<RoyK> twb: erm, sholdn't kerberos allow for different uids?
<twb> RoyK: I guess, if he's using krb
<twb> I assumed he was using bare NFSv3
<RoyK> authentication with UIDs only is not really secure to put it mildly
<twb> RoyK: that's why I mentioned this ;-) 17:39 <twb> crohakon: note that you shouldn't run NFS over an untrusted network (e.g. the internet).
<RoyK> heh - yeah
<RoyK> sshfs over such networks works well
<crohakon> It is just on my LAN...
<twb> RoyK: I suggested that, too.
<RoyK> crohakon: does the UID in question have write access to the dir?
<RoyK> as twb said, they must match on client and server
<RoyK> and setting up nis or ldap should be quite quick
<twb> I wouldn't bother to set up NIS/LDAP on a roaming laptop
<RoyK> nah
<twb> If it's a single-user network, just use usermod to make the UIDs of that one user match
<twb> usermod + find /home/alice -nouser -exec chown as root
<twb> Admittedly, I am a cowboy...
<RoyK> useradd -u x -g y
<RoyK> :P
<RoyK> usermod's too modern - easier to vi /etc/passwd / grop
<RoyK> s/grop/group/
<RoyK> :)
<crohakon> I figured it out... I had the file permissions set wrong.
<crohakon> =)
<crohakon> Thanks for all the information though.
<RoyK> :)
<crohakon> There, now I don't have to mess with FTP =)
<crohakon> Beautiful
<maxagaz> how to compile dhcp-3.0.5 with dhcp-3.0.5-ldap-patch ?
<maxagaz> where to put he patch so that's it's taken into account ?
<maxagaz> i can't find any readme about this
<jmarsden> maxagaz: Are you creating a Ubuntu package, or compiling from tarball?
<maxagaz> jmarsden, compiling from tarball
<maxagaz> jmarsden, and i can't find any eradme file for this patch
<jmarsden> If you do not know what it does and need a README for it, you probably should not be applying it!  But if you *want* to apply it, use the patch command just as you would for any other patch.
<jmarsden> man patch for lots of details, usually something like patch -p0 <patchfilename.patch   is what you need.
<maxagaz> jmarsden, i know what it does...
<jmarsden> Then why are you looking for a README??
<maxagaz> jmarsden, I didn't know the patch command to apply a patch
<maxagaz> jmarsden, but I know it adds ldap support for dhcp3
<jmarsden> If you have never used patch in your life, I would suggest doing some basic tutorials before trying to compile and use patched services on your server!
<maxagaz> jmarsden, before i apply the patch, where should i put the patch file, in dhcp-3.0.5 dir ?
<jmarsden> Anywhere you like... patch -p0 </some/path/to/where/you/put/the/file/dhcp-3.0.5-ldap-patch    would work if you really want :)
<jmarsden> Have you really never used a shell input redirect either??
<maxagaz> jmarsden, okay, but the command should be run in the dhcp-3.0.5 dir, right?
<jmarsden> Yes.
<maxagaz> thanks!
<jmarsden> No problem... but please, take more time to learn about software development before patching critical services on your servers.
<maxagaz> jmarsden, I'll try too, thank you very much
<jmarsden> No problem :)
<uvirtbot`> New bug: #488641 in ntp (main) "NTP client fails to install" [Undecided,New] https://launchpad.net/bugs/488641
<maxagaz> where is set the ip address of my vpn clients ?
<maxagaz> how does openvpn attribute an ip ?
<jmarsden> man openvpn and read the example in there ?
<maxagaz> with --ifconfig-pool  ?
<jmarsden> Sure, if that's how you are using openvpn.
<maxagaz> jmarsden, no, it's not...
<maxagaz> i'm trying to understand the config someone else made
<jmarsden> The most basic way would probably be openvpn --server NETWORK NETMASK   which sets up that stuff sanely for you, unless you (or "someone else")  are doing something 'clever'
<maxagaz> jmarsden, everything is configured in /etc/openvpn/server.conf
<maxagaz> vpn clients have addresses like 192.168.x.x
<maxagaz> there are some "push" in the config
<twb> Well, there are three "private use" ranges in IPv4 -- a VPN could use any of them
<maxagaz> Ok... server 192.168.101.0 255.255.255.0
<maxagaz> I guess it's this pool of addresses
<jmarsden> That's what I said earlier... --server NETWORK NETMASK :)
<jmarsden> In the config file the options drop the leading --
<jmarsden> As the man page says.
<maxagaz> jmarsden, yes sorry it makes sense now
<acalvo> hello and good morning
<maxagaz> What is the  P-t-P address ?
<maxagaz> Why can't I ping it ?
<maxagaz> in openvpn
<twb> Do you have a route to it?
<acalvo> anyone uses LTSP?
<maxagaz> twb, yes, i have a route to hit
<maxagaz> acalvo, i do
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<acalvo> twb: because if nobody uses that my question will get stuck in limbo
<maxagaz> acalvo, if you have problem configuring it, you probably better ask in #ltsp
<maxagaz> twb, my config is this :
<maxagaz>  ifconfig-push 192.168.101.73 192.168.101.74          iroute x.x.1.0 255.255.255.0
<acalvo> maxagaz: just to know your 2cents about it
<maxagaz> acalvo, 2cents about what ?
<acalvo> the experience with the LTSP solution
<maxagaz> acalvo, i don't unerstand
<acalvo> maxagaz: I mean if it suited your needs and you didn't experience any problem
<maxagaz> acalvo, i donfigured it, but i never use it actually, it was just a test
<acalvo> oh, ok, thanks
<twb> I'll tell you one thing: don't try to deploy LTSP5 on OpenSuSE 10
<twb> Or any LTSP on any SuSE
<twb> It's a ridiculous farce
<hagedorn> hi, while dumping huge mysql database to smb share this occours in /var/log/syslog:  CIFS VFS: Send error in SETFSUnixInfo = -11
<hagedorn> any ideas ?
<twb> hagedorn: CIFS is the network filesystem that Samba provides.
<hagedorn> i know
<hagedorn> maybe dump file too large
<twb> Google for SETFSUnixInfo = -11, then
<hagedorn> maybe symlink problem
<twb> Are you saying that /var/log/syslog is mounted over CIFS?
<twb> Because that would be bad juju
<acalvo> twb: thanks for the advice
<twb> LTSP5 on Ubuntu is easy to deploy, because its LTSP's target platform
<hagedorn> twb: no ,... syslog ist not mounted over cfis
<hagedorn> only a backup dir
<hagedorn> its a syslink problem at cifs
<twb> hagedorn: are both hosts running Ubuntu?
<twb> hagedorn: or is the CIFS server a Windows server?
<hagedorn> no
<twb> hagedorn: if both are unix then symlinks should Just Work.
<hagedorn> cifs server is manage trends stortrends server from ami
<hagedorn> think its a redhat oder cent os
<hagedorn> target server is 8.0.4.3
<twb> Shrug
<twb> ITYM "8.04.3"
<hagedorn> maybe i have to use nfs
<twb> Grr, 10.04's d-i puts grub on the wrong MBR, too
<twb> I hate grub so much
<acalvo> I guess LTSP can't handle windows machines, right?
<uvirtbot`> New bug: #488712 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.1 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/488712
<maxagaz> i'm trying to compile "dhcp-3.0.5" with a patch for ldap, but after "./configure", when I do "make", it returns this: make[2]: *** No rule to make target `-lssl', needed by `dhcpd'.  Stop.
<maxagaz> does someone knows why ?
<twb> acalvo: LTSP is just an OS.  It boots on anything - it doesn't matter what's installed on the hard disk.
<acalvo> ok, thanks twb
<twb> acalvo: if you mean "can I use my Windows machine as an LTSP *server*", then that would depend if your Windows machine is a DHCP, TFTP and NFS server -- which it probably isn't.
<acalvo> no, my question was if there is something similar that boots a windows-compatible os
<twb> I suspect you could prepare LTSP disk images and serve them from some of Microsoft's high-end server OSs
<twb> acalvo: what does "windows-compatible" mean?
<acalvo> the LTSP idea is quite interesting, but I'd like to do that with windows OSes
<acalvo> having an opensource server as PXE/DHCP/whatever is needed
<twb> acalvo: you mean that you want Windows thin clients?
<acalvo> something like that, yes
<twb> That is called "Microsoft Windows Terminal Server"
<acalvo> or any way to download a thin image from a server (thru pxe I guess)
<acalvo> twb: but that means you should have "Microsoft Windows Server XXXX", right?
<twb> No, TS is a server OS.
<twb> You license that instead of, say, Windows SBS.
<acalvo> in other words, you must pay for TS, right?
<twb> You must pay for a license (or violate copyright), yes.
<twb> If you want Windows, you're gonna have to pay for licensing.
<twb> Of course, once you have a running TS server, you can boot LTSP5 on your workstations and use them to connect to your TS server.
<acalvo> I'll try to find some way to auto download an image from a TFTP server
<acalvo> twb: ok
<twb> Note that netbooting isn't the same as a thin client -- LTSP is really the latter, but it has branched out into the former.
<twb> AFAIK there is no way to netboot Windows -- and if there is, it's probably not legal.
<acalvo> well, if only the community I managed will understand and swith to any form of GPL OS
<acalvo> will be perfect
<acalvo> but, while stucked with windows, everything is painful
<twb> FOSS code is plenty painful, too.
<acalvo> yes, but at least it lets you learn, understand and personalize
<acalvo> windows just let's you "run" (however it does)
<twb> I sure don't let my users understand or personalize their system.  Removing that functionality was one of the reasons DoJ got me to replace their existing Windows systems :-)
<twb> But I know what you mean :-)
<acalvo> I didn't mean to let the users do whatever they want (but they'll try however...), but for the IT dept to create a good OS which covers all the necessities
<acalvo> stick to the topic, I think I'll end up setting up a PXE server with TFTP, and deploy a new image once every week
<acalvo> the only thing is how to change the hostname of the windows machine...
<twb> If you think you can deploy a new SOE every week, you are batshit insane.
<twb> Or you are a student of the "agile development" school
<twb> (That being is a strict subset of the former class.)
<jetole> Hey guys. Does anyone know how I can tell which ethernet ports have an ethernet wire connected from the terminal?
<twb> jetole: ethtool or mii-tool
<jetole> yeah I was looking at the ethtool and ip man page but not sure what I am looking for
<jetole> oh, the --test option maybe
<jetole> nope
<twb> Just run it without args?
<jetole> ethtool: bad command line argument(s)
<jetole> For more information run ethtool -h
<jetole> thats what happens if I run it without args
<soren> mdz: Hi. About your comments on https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-automated-testing
<soren> mdz: Good point, I hadn't thought of that.
<soren> mdz: I was thinking we could do that in a PPA?
<soren> mdz: So instead of splitting it out and integrating into checkbox, we rely on the PPA's for this and just upload each package we want to test each day with no source changes.
<soren> The PPA's would even e-mail me (or whomever owns the PPA) about failures.
<Daviey> soren: If it's just to detect build failures, surely that would be better done locally - rather than using a PPA?
<soren> Daviey: Why?
<twb> soren: that abstract basically says "we gonna run tests".  Shouldn't a blueprint describe a change (e.g. "we're gonna test foo and bar from now on").
<soren> Daviey: What would I gain by spending time setting up a build environment when Launchpad gives me one for free?
<Daviey> soren: PPA is a limited resource, building packages just to see if they compile seems very wasteful.. not to mention slow.
<soren> twb: Meh. There's already too much duplicated information (work items in the status whiteboard and in the actual spec on the wiki).
<Daviey> Building a local build server isn't that difficult.
<soren> Daviey: I know. I have two of them. That's not really the point :)
<twb> soren: fair enough (re. "meh").
<Daviey> soren: well can you elaborate on your point?
<soren> Daviey: I could also build all my other packages locally and publish them somewhere.
<soren> Daviey: Yet I don't.
<soren> Daviey: Perhaps you can elaborate on the "limited resource" thing?
<twb> soren: oh; I didn't realize the page you linked to wasn't the spec itself.
<Daviey> soren: It's the same reason you build a package locally before putting it in a PPA..  it's slow, and i would have thought most people test build locally before making public.
<soren> Daviey: I'm not sure why it's more or less wasteful to run it on Launchpad instead of a local machine. Wasteful in terms of what?
<twb> You should farm off the compute effort to BOINC!
 * twb ducks
<Daviey> Unless i'm mistaken, the point of a PPA is making it easy to share things.. Using it as part of an automated test framework to look for FTBFS, seems to me, not what it was designed for.
<soren> Daviey: I test build locally for several reasons:
<soren> a) I'm already actively work on the package in question. Building the package locally is simply a natural step in working on the package.
<soren> b) There's no point bothering the buildd's with needless builds (which a broken build would be).
<soren> Neither applies in this case.
<furom> My screen goes black after an unknown period of time. If I start typing something, the screen shows the text that was previously there. I would like to disable this, can anyone tell me how?
<soren> a) This will happen daily, without humans being involved.
<twb> furom: is this on the tty, or in X?
<furom> twb: this is in the tty/shell.
<soren> b) The exact /purpose/ of this upload is to detect failures that crept in, so it's everything /but/ pointless to have this build run.
<twb> furom: first of all, check your cabling is secure
<soren> It console blanking. It's always been that way.
<Daviey> soren: I don't agree, but ho hum :)
<furom> twb: I run this in a virtualbox as part of my development environment.
<soren> Daviey: Which part do you disagree with, specifically?
<twb> furom: oh, that'll probably be a virtualization issue, then
<twb> furom: the virtual machine somehow isn't seeing that you're typing all the time.
<soren> twb: Er.. No. It's just regular console blanking. Linux has done this for ages.
<soren> (if not always)
<twb> furom: or you simply aren't typing, so the tty's screen saver (i.e. blanker) enables.
<twb> furom: the setterm manpage describes how to disable the tty screensaver.
<furom> twb: odd.... I've never ran across this issue before.... I figured it was just a screen saver. I spend quite a bit of time not typing in the shell which I know that causes it to go black.
<furom> twb: setterm?
<twb> furom: setterm.
<furom> twb: ohhh manual page for it... I see.
<soren> setterm!
<furom> twb: thanks.
<twb> You may wish to put the appropriate command in /etc/profile.d/no-blanker or in ~/.profile or similar.
<furom> I appreciate that a lot. I think the issue is solved.
<soren> Daviey: AFAICT, whether Canonical has to throw resources (hardware and man hours for setting up and maintaining) at a completely separate build infrastructure for this or just add another machine to the PPA buildd pool seems like a reasonably easy choice.
<twb> Presumably the choice is ultimately Canonical's anyway, since it's their kit?
<soren> Indeed.
<twb> Vaguely apropos: yay for dh_auto_test!  It taught me about tricking buildds into running upstream's tests
<soren> I wasn't thinking much about where the ressources were thrown. I was really soliciting feedback on the architecture.
<twb> (Unless they're smart enough to include "nocheck"...)
<alvin> I see this on every machine with a 3ware RAID card (read cache disabled). Where can that cache be enabled?
<alvin> [sda] Write cache: enabled, read cache: disabled, doesn't support DPO or FUA
<soren> twb: Wow. I had never heard of that.
<Daviey> soren: The fact that PPA can't easily do snapshots, makes it suboptimal IMO.
<twb> soren: it means that now Darcs' functional tests get run on armel, which GHC (the Haskell compiler) doesn't even officially support!  Whee!
<twb> alvin: IIRC I see that on every machine I've ever had.
<soren> Daviey: Snapshots?
<Daviey> soren: Archive snapshots, we did talk about this in that session :)
<alvin> twb: without 3Ware controllers? Because other machines are showing the cache as enabled.
<twb> alvin: I can't affore 3ware
<soren> Daviey: Hm... Sorry, I don't remember this at all. :(
<twb> alvin: I've had some IBM and HP kit cross my bench, but I think they had fakeraid.
<alvin> twb: In that case, I think your cache shouldn't be disabled too. You have the same problem.
<twb> Both times $boss was too stupid to buy the bloody RAID5 chip
<alvin> fakeraid doesn't count.
<Daviey> alvin: I have that on a 3ware box aswell - [   10.907602] sd 0:0:0:0: [sda] Write cache: disabled, read cache: disabled, doesn't support DPO or FUA
<soren> [    1.212404] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
<soren> On my laptop :)
<alvin> aha, I think soren's laptop has it right. Cache should be enabled.
<twb> alvin: well, in almost all cases I am using md raid.  If there's fakeraid or hardware raid underneath, it's off or set up as one-disk RAID0 arrays.
<alvin> Are you saying that fakeraid disables read cache?
<twb> Buggered if I know
<Daviey> alvin: I've just checked another 3ware box and got, [sda] Write cache: enabled, read cache: disabled, doesn't support DPO or FUA
<twb> I just assumed that it was crap gear and didn't care -- I'm mainly dealing with glorified mail/fileservers.
<alvin> Daviey: our experience matches mine. How's the performance?
<twb> [    2.988006] sd 1:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
<Daviey> great
<twb> I get that on my Eee PC 701, which is an SDD without any md raid or lvm
<Daviey> alvin: throughput has never been a problem, i always use 3ware when i want RAID5 and care about throughput.
<alvin> ok, the question is: how can that cache be enabled. 3Ware tools, or an ubuntu setting.
<twb> [   21.587035] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
<twb> ...that's a generic no-hw-raid, no-fakeraid SATA disk.
<twb> I guess I was only remembering the DPO/FUA part
<Daviey> pass.. i find it odd that i have two servers - both with different defaults.
<alvin> Daviey: I did have a lot of performance issues with 3Ware. There are a lot of bug reports and forum posts about that floating around. (e.g. bug 113532)
<uvirtbot`> Launchpad bug 113532 in linux-source-2.6.20 "3ware kernel driver 2.6.20 - 2.6.24 disk write performance extremely slow." [Undecided,Invalid] https://launchpad.net/bugs/113532
<alvin> twb: so it is right. It's only disabled on 3Ware controllers
<twb> I certainly would not bother with 3ware unless I needed enough throughput to justify all the extra babysitting and tuning
<twb> alvin: well, you could see the WRITE cache was disabled on my SDD.
<twb> I can't help thinking that if throughput is that important, I'll just hand the problem over to a big iron shop.
<alvin> twb: Oh, right. I only looked at the read cache. Is your performance ok? (= is the cache important? Am I missing something here? In my expeerience: disabled cache = horrible performance)
<twb> alvin: buggered if I know -- the most intensive things I deal with are tomcat, clamav, omscan (scalix), postgres, etc.  And none of those run on my Eee PC
<twb> The write speed on my SDD isn't fantastic -- if I queue up a lot of writes it's noticably slower than a SATA disk.
<twb> But I expected SDD to have a crap write profile
<soren> Daviey: I'm sorry that I seem to have forgotten about this snapshotting thing. It really doesn't ring a bell. Can you elaborate a little bit to jog my memory?
<alvin> twb: I have no experience with SDD. Too 'new' for me ;-) If I need performance, there are 15.000rpm SAS drives too.
<twb> alvin: oh, I should add that I have also deliberately pissed about with e.g. my ext2 filesystem's commit interval on the SDD box
<twb> alvin: that probably affects write speed
<alvin> twb: I would like to know what happens if you enbale the write cache (if possible), and mount with 'noatime' offcourse.
<twb> alvin: already using noatime, I dunno how to enable it
<twb> FSVO it = write cache
<acemo> how can i create gpt disks during the installation of ubuntu-server 9.10?
<alvin> twb: Me neither. Probably with hdparm. i'll read the manual
<alvin> acemo: You can't? What is going wrong? (I use lvm instead)
<alvin> twb: Setting your write cache is: $ sudo hdparm -W 1 /dev/sdX
<alvin> But the read cache... nowhere to be found
<twb> Now to install hdparm...
<alvin> Yes, it's not in the minimal installation (and that's not bad)
<n8ature> Hi, I am interested if anyone knows advantages of using OpenNebula over Eucalyptus
<soren> n8ature: I'd love to chat about that, but I'm on my wait out for an errand.
<soren> I'll see if I can catch you later, otherwise I'm around tomorrow as well.
 * soren runs
<n8ature> no problem.. sounds good
<soren> n8ature: Scratch that :)
<soren> n8ature: So.. OpenNEbula vs. Eucalyptus.
<soren> n8ature: They're both "cloudy" sorts of things, but they're really quite different, and serve different purposes.
<soren> n8ature: What are you expecting to use it for?
<ahasenack> is there an ec2 mirror for the security updates archive?
<ahasenack> apparently using the same host but the *-security repository seems to work
<twb> alvin: FYI: hdparm -W 1 /dev/sda ==> /dev/sda: setting drive write-caching to 1 (on) HDIO_DRIVE_CMD(setcache) failed: Input/output error write-caching = not supported
<alvin> twb: aaaw. Enabling write cache really affects performance. Maybe it is no longer needed with SDD drives?
<twb> Shrug
<twb> It'll be a really crap SDD -- it's soldered onto the mobo
<afeijo> can I install phpmyadmin 3 with apt-get, or only ver 2 ?
<uvirtbot`> New bug: #485899 in lm-sensors (main) "pwmconfig generates a blank values /etc/fancontrol" [Low,Confirmed] https://launchpad.net/bugs/485899
<lenios> afeijo, "aptitude show phpmyadmin" shows 3.2.2.1-1
<twb> afeijo: only one version of phpmyadmin will be integrated properly with your current release, and that is what you should use.
<afeijo> lenios: I use ubuntu 8.04, aptitude here shows 2.11.3-1ubuntu1.3
<afeijo> twb: so I have to update my ubuntu? what command to do that?
<lenios> afeijo : http://www.ubuntu.com/getubuntu/upgrading
<lenios> sudo apt-get install update-manager-core && sudo do-release-upgrade
 * twb grumbles
<afeijo> Checking for a new ubuntu release
<afeijo> No new release found
<afeijo> what?
<drmabuse_> Hello! Anyone experience with kerberos client on ubuntu?
<twb> Yeah, it was a pain in the arse
<twb> In the end I ran out of budget
<drmabuse_> Hello! Anyone experience with kerberos client on ubuntu?
<lenios> afeijo, you have to search for non LTS release, change prompt=normal in /etc/update-manager/release-upgrades
<twb> drmabuse_: that was for you
<lenios> ahah twb
<afeijo> lenios: thanks, its downloading :)
<Doorman352> drmabuse_: I can tell you it will corrupt a windows DC if you are not careful....
<twb> Doorman352: that's a FEATURE
<Doorman352> great......
<twb> Undermine th' system from within!
 * twb sells some Che shirts out of a van at 500% markup
<Doorman352> well it put my plans to phase out microsfot on hold...so the "system" wins.....
<twb> Obviously it didn't corrupt the DC *enough*'
<marek_> hi, can you help me with mysql config? i want to grant access to all users from my lan to all databases...
<marek_> i managed to do it with one user and one db, but i dont want to repeat all this stuff for every computer and db
<Doorman352> since it can't replace a DC in a one for one scenario, it only makes replacing existing infrastructure that much more difficult, since it wont play nice......
<soren> ahasenack: Stuff in -security is copied to -updates as well, so if you are pointing at the EC2 mirror for that, you should get the better bandwidth if the mirror is up-to-date. However, it's recommended to use security.ubuntu.com for -security so that you get security updates as quickly as possible. Just make sure you list security.ubuntu.com last (as order matters in sources.list).
<kane_> marek_: you probably want to ask in the #mysql channel, but here's a doc pointer: http://dev.mysql.com/doc/refman/5.1/en/grant.html
 * soren runs off for a while
<afeijo> I have a session thru ssh, I want to control it from another ssh, its possible?
<afeijo> to take it over?
<n8ature> afeijo: it is possible if you are using screen on the first session
<afeijo> I'm not :( that is the whole question, I should but I forgot lol
<n8ature> right, i don't know of another way, but that doesn't mean there is not one..
<afeijo> if my ssh connection is closed, the session running there will also be terminated?
<zul> soren: is all of those non ec2 cloud providers in your spec running xen?
<ahasenack> soren: thanks
<drmabuse_> Oh, thank you.
<drmabuse_> I'm trying to be very careful. Thank you for your ideas.
<drmabuse_> Goodbye.
 * matrix hi / selam
<alvin> Is there an 'ubuntu-server papercuts program'?
<zul> alvin: yes there will be one for lucid
<alvin> cool
<blackxored> where does drupal store its sites?
<incorrect> how can i set the locale to be something else, dpkg-reconfigure locales didn't do what i hoped for
<JanC> blackxored: I'm sure that is in the docs?
<blackxored> JanC, I'm using a turnkey appliance I want a quick site backup, that's it
<JanC> well, who provided the turnkey appliance?
<JanC> read the docs under /usr/share/doc/drupal6/
<JanC> especially README.Debian.gz
<RoyK> hi all. I'm setting up a home server with wlan and psk - is there a howto for this?
<Daviey> mathiaz: Would you have any reservations with mysql changing to upstart?
<mathiaz> Daviey: hm - though about that.
<Daviey> I don't know if this is something already on your radar or not
<mathiaz> Daviey: I think it's a good idea.
<mathiaz> Daviey: I think upstart should replace mysqld_safe
<mathiaz> Daviey: which has the same purpose as an upstart job.
<Daviey> exactly!
<Daviey> Great!
<mathiaz> Daviey: mysql init script is basically starting mysqld_safe, which takes care of  monitoring
<mathiaz> Daviey: that being said, mysqld_safe is a big shell script
<Daviey> Hopefully it should also get rid of the bug that keeps re-appearing of mysqld_safe respawning too fast.
<mathiaz> Daviey: so I'd make sure to review everything that it does
<mathiaz> Daviey: and make sure the upstart job does the same thing
<Daviey> I'm going to work with someone else, and will ping you with a branch.
<mathiaz> Daviey: overall I think it would be a great idea though.
<mathiaz> Daviey: replace mysqld_safe with an upstart job
<Daviey> wilco.
<unit3> Anyone have a suggestion on a simple way to get the ocfs2 / o2cb init scripts to wait until networking is actually fully started before they start themselves?
<unit3> My primary network interface is a bridge device on top of a bonding device on top of two physical nics, and apparently that takes too long to start for o2cb, it tries to start too soon, and then fails out on boot.
<pwnguin> Mozilla's working on a 1.0 version of their full weave server; anyone interested in getting it packaged on ubuntu?
<unit3> I think that'd be valuable, as long as it's not too much work.
<unit3> I could definitely see a use for that at work, having an encrypted, hosted sync source for people's firefox installs.
<pwnguin> the full server depends on apache and mysql and i think python
<pwnguin> the minimal server ive seen published and am trying out now wants apache, php and sqlite
<pwnguin> im not sure which would be more useful
<pwnguin> but it cant be that hard to package up either of em
<unit3> yeah. I think it depends on your goal. for personal use, the small install with sqlite is probably good. for corporate, you'd want mysql so you can do data replication and redundancy.
<unit3> either way though, shouldn't be a huge deal.
<pwnguin> i donno. people seem to think it's a huge trial to install the full version
<unit3> well, your call I guess, since you wanna package it. :)
<pwnguin> well, i'll try the minimal version for a short while and see if it's terrible
<unit3> heheh
<pwnguin> i dont really need enterprise grade sync
<pwnguin> unit3: do you use weave currently?
<unit3> pwnguin: no, been thinking about it, but haven't started yet.
<unit3> I know people here at work would use it if we had a local install of the server, though.
<pwnguin> i put it on my todo list and well, thanksgiving weekend is a big todo killer
<unit3> heheh
<jmarsden> unit3: Re: your startup scripts... a sleep 5 near the top of each of those two init scripts would be one (ugly, but probably effective) simple way to fix that.
<unit3> jmarsden: yeah, but then it'll break on package upgrade. I was hoping there was something less hack-y... maybe with upstart? not have the rc script autostart, and have an upstart script to check for network and then start it after?
<unit3> I'm not sure.
<jmarsden> unit3: I think fixing it "properly" will take you out of the realm of "simple" :)
<unit3> yeah. that's my feeling. damnit. :)
<pwnguin> arg why
<pwnguin> they wrote the create user script in php
<pwnguin> as a CLI
<jmarsden> pwnguin: That's a packaging problem because...?  Just Depends: php5-cli and it should be fine, I'd think?
<pwnguin> jmarsden: not really a problem, just that im ignorant
<jmarsden> OK :)
<pwnguin> hmm, this is gonna be a large pita until a get a valid cert
<billybigrig> if i can't sendmail out on my mailserver's smtp port from my house, there is a good chance my isp is blocking port 25 aren't they?
<billybigrig> forget send mail out, i can't even connect to it on 25
<jmarsden> billybigrig: Yes.  Just set it up to listen on 587 as well and send your mail to it that way.
<billybigrig> that is the submission port yes?
<jmarsden> Yes.
<Bookman> I ssh into a remote machine, start evolution and add an account.  Then close it.  When the user opens evolution the account is no longer there!  What gives?
<jmarsden> Bookman: Different $HOME in your login vs theirs?  if you log out, then ssh back in and run evolution is the account "still there" for you?
<billybigrig> jmarsden: great i have it half working now :)
<billybigrig> i can connect atleast, thank you
<jmarsden> billybigrig: No problem.
<billybigrig> just getting relay errors now i have to figure out, i'm positive it's not set to relay though....anywho thanks :P
<Bookman> jmarsden: No, account disappears as well.
<jmarsden> billybigrig: Turn on authentication in your email client so it tells the server who you are when sending.
<billybigrig> im trying to use authentication for the smtp server
<jmarsden> Bookman: Then... either each session gets a fresh home dir, or else someone/something is deleting that account as you log out?  If you run evo, create acct, exit evo, then in the same session run evo again is the account still there at least that long?
<billybigrig> trying to use ssl
<billybigrig> ill figure it out im sure
<Bookman> jmarsden: yes
<Bookman> jmarsden: the account is there
<jmarsden> OK, so... is something set up so you get a different $HOME dir each time you ssh to the server?  or is there a script run a session logout that is (accidentally?) resetting your evolution configuration?
<Bookman> jmarsden: the remote is a stock 9.10 installation.
<Bookman> jmarsden: whatever settings are there from the installation are still there
<jmarsden> Bookman: Aha... did you happen to specify encrypted home directories on the server?
<Bookman> jmarsden: server is 9.04 and no
<Bookman> Oh, sorry here.....
<Bookman> Confusion over terminology.
<Bookman> Remote was installed with no encryption
<Bookman> jmarsden: you still there?
<jmarsden> Bookman: I'm not sure what is happening, but it sounds like something is deleting or modifying ~/.evolution or wherever it sticks the config ingo
<jmarsden> *info
<Bookman> Ok, I will try to help the user do it himself locally and see if that sticks
<nijaba> sommer: hi.  Happy ThanksGiving.  Let me know what you think of http://www.ubuntu.com/products/whatisubuntu/serveredition/documentation now
<jmarsden> Bookman: Sounds like a good plan.
<jmarsden> nijaba: Literature is not usually spelled "Litterature" -- typo on that web page?
<nijaba> jmarsden: thanks.  fixed
<jmarsden> You're welcome.
<jmarsden> nijaba: Content seems fine to me.  You could make the IRC references be irc: links to the respective channels.  And whitespace around the title seems a bit odd, it might look visually better to have as much vertical whitespace above the large "Ubuntu Server Edition" as you have below it?
<Bookman> jmarsden: works locally, not via ssh
<Bookman> Weird
<Bookman> Can anyone verify?  I will file a bug
<nijaba> jmarsden: white space comes from the new template we are using.  at least it should be consistent with other server and cloud pages
<jmarsden> Bookman: That is weird... I'd say go ahead and file the bug.
<Bookman> Excellent, thanks for the help
<nijaba> jmarsden: irc:// for and irc link?
<jmarsden> nijaba: OK.  I'm a techie not a graphical designer type anyway :)  Yes.  irc://irc.freenode.net/%26ubuntu-server  or something close to that
<jmarsden> nijaba: See http://www.mozilla.org/projects/rt-messaging/chatzilla/irc-urls.html
<jmarsden> irc://irc.freenode.net/%23ubuntu-server   :)
<nijaba> jmarsden: thanks, works great
<jmarsden> No problem.
<Bookman> I don't understand.  I go to launchpad to file a bug and when I hit Report Bug, it just takes me to a wiki
<Bookman> Am I missing something?
<Bookman> Ah well, I tried to help by filing a bug....
<jmarsden> Bookman: I think there is a new system that wants you to specify a particular program/package to file the bug against... reading the wiki page should show you how to *really* file a bug.  Try https://bugs.launchpad.net/ubuntu/+source/evolution/+filebug
<Bookman> Wow, they are making is difficult for us to help here.....or at least it seems that way.  Thanks for the link.
<Bookman> Just have one bug page with pulldown boxes to narrow down the choices that they require.
<Bookman> Easy Peasy
<jmarsden> Bookman: The idea was to prevent so many bugs being filed with no packag specified, but like you. I'm not impressed with the way it turned out :)
<Bookman> Yup, makes no sense to make it difficult to report bugs.  If you had not helped me out, and thanks again, my bug would have gone unposted.
<soren> zul: I don't know for sure if all of them are. A lot.
<Djannakhan> Hi,  I've strange situation here (ubuntu server 9.10). I've a perfectly running apache2 server on my machine, while I'm pretty sure I didn't installed it, aptitude, apt-get and dpkg report it as not installed ! but it looks perfectly installed (look here : http://pastebin.ca/1688619 ) any idea of how to remove it properly ?
<uvirtbot`> New bug: #488833 in php5 (main) "php5 multiple security vulnerability :  CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292" [Undecided,Fix released] https://launchpad.net/bugs/488833
<billybigrigger> anyone here familiar with stunnel?
<billybigrigger> i'm trying to ssh into a remote server on port 2222 and binding to 2223, the server is using stunnel accepting on 2223 and redirecting to my secure news account on port 563
<billybigrigger> ssh thefrozencanuck.ca -L 2222:thefrozencanuck.ca:2223
<billybigrigger> and from stunnel.conf client=yes [nntp] accept = localhost:2223 connect = ssl-us.astraweb.com:563
<billybigrigger> so when i fire up pan should i not be able to connect to localhost:2222
<billybigrigger> when pan opens, it just sits there saying connecting....and times out, no errors, no errors in /var/log/stunnel4/stunnel.log on the remote server either
* soren changed the topic of #ubuntu-server to: Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html | http://www.catb.org/~esr/faqs/smart-questions.html | Be patient.  Don't ask to ask, just ask. | Doc and resources: http://tinyurl.com/ubuntuserverdoc | https://wiki.ubuntu.com/ServerTeam
<soren> nijaba: ^^
<nijaba> soren: thanks a alot
<soren> Sure thing.
<nijaba> billybigrigger: I have a script that I used with pan in the past to do stunnel.  Can pastebin it for you if you want, but I would advise you to have a look at LottaNZB which is what I am using now to replace pan and supports ssl directly
<billybigrigger> but the trick is, i need 2 seperate pc's to tunnel through a remote server i have to share the usenet account
<billybigrigger> so we both come from the same ip
<nijaba> sudo stunnel -c -d 127.0.0.1:563 -r news.powerusenet.com:443
<nijaba> pan &
<nijaba> billybigrigger: aha
<billybigrigger> aha! :)
<nijaba> billybigrigger: in that case launch the above on your tunnel server and tell pan to connect to it via an ssh redirect
<nijaba> billybigrigger: ssh -f -N -L 127.0.0.1:2000:127.0.0.1:563 <yourtunnelhostip>
<nijaba> billybigrigger: and have pan connect on 127.0.0.1:2000
<nijaba> billybigrigger: makes sense?
<billybigrigger> yeah
<nijaba> of course this is all for legal downloads, right...
<billybigrigger> of course
<billybigrigger> bind: Address already in use
<billybigrigger> channel_setup_fwd_listener: cannot listen to port: 2000
<billybigrigger> Could not request local forwarding.
<billybigrigger> that's on my machine at home
<billybigrigger> now i'm getting a bunch of these
<billybigrigger> 127.0.0.1:2000:127.0.0.1:
<billybigrigger> err .... channel 1: open failed: connect failed: Connection refused
<nijaba> billybigrigger: you may need to use another port if it is in use
<billybigrigger> no it's not in use
<billybigrigger> i had another instantce of ssh running
<billybigrigger> killed it
<billybigrigger> hmm
<billybigrigger> this aint working too weel
<billybigrigger> well
<billybigrigger> nijaba, ok, well i got it working some how :)
<billybigrigger> how do i verify that the connections between me and my server, and the server to my news server are secured?
<nijaba> billybigrigger: great!
<billybigrigger> channel 1: open failed: connect failed: Connection refused
<nijaba> billybigrigger: tcpdump...  if it is gibberish, it's should be good
<billybigrigger> im still getting a bunch of those, but pan is downloading on localhost:2000
<nijaba> billybigrigger: you may have reach a connection limit on the other hand.  This setup is going to be fun ti debug :P
<billybigrigger> i've got pan setup for 10 connections
<billybigrigger> if thats what you mean
<billybigrigger> or do you mean the connection limit on the tunnels?
<billybigrigger> 15:26:55.497508 IP li127-132.members.linode.com.ssh > cabo.local.35378: Flags [.], seq 23756641:23758089, ack 23408, win 2003, options [nop,nop,TS val 72473767 ecr 22613269], length 1448
<billybigrigger> doesn't look like gibberish to me nijaba
<nijaba> billybigrigger: look at the payload, not the enveloppe
<billybigrigger> not a networking guru
<soren> mdz: I've set https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-vmbuilder-multiple-outputs to "Review" in spite of not having written a formal spec. It's basically just a bunch of work items, so it seems like unnecessary overhead to spend time on a formal spec. If you disagree, I can write one up, but I'm leaving it like this for now.
<billybigrigger> how do i look at the payload nijaba
<billybigrigger> nijaba, what i'm attempting to do is packet sniffing i assume?
<nijaba> billybigrigger: yep
 * nijaba calls it a night
<billybigrigger> later
<billybigrigger> nijaba, thanks!!!
<Znuff> Hi
<Znuff> So, I was wondering. If I have a package, let's say bind9, I messed up the config files, I ended up removing the package bind9 (wich owns /etc/bind/named.conf), removed /etc/bind completely, installed the package again... but it complains about a missing named.conf, how's that?
<abta> Hi all
<abta> i installed UEC, everything works fine. but i have a problem with connection to running instance
<abta> via ssh, i am always promted for a password when executing ssh command "ssh -i mykey ubuntu@<ip>"
<abta> any hints?
<Znuff> remove the password from your key
<Znuff> or create a new key without a password
<KSid> hi guys,
<KSid> I don't have apache or mod_php installed however aptitude is telling me an update is available for both
<KSid> I do have php5 installed (which it also says needs updating) and apache-utils (which doesn't) but I haven't installed the actual apache server
<abta> ok thanks, i will give it a try
#ubuntu-server 2009-11-27
<billybigrigger> could having multiple a records on my domain cause my mailserver to timeout?
<billybigrigger> its hard to test if secure connections are working on the mailserver, as it sits there and connects forever
<billybigrigger> thefrozencanuck.ca.	1800	IN	A	69.164.212.132
<billybigrigger> thefrozencanuck.ca.	1800	IN	A	68.146.139.247
<billybigrigger> eventually, when thunderbird prompts me for a login password, it connects instantly
<billybigrigger> Nov 27 01:22:15 li127-132 dovecot: imap-login: Login: user=<biNov 27 01:22:15 li127-132 dovecot: imap-login: Login: user=<billybigrigger>, method=PLAIN, rip=68.146.139.247, lip=69.164.212.132llybigrigger>, method=PLAIN, rip=68.146.139.247, lip=69.164.212.132
<billybigrigger> eek
<billybigrigger> that looks like poop
<billybigrigger> Nov 27 01:22:15 li127-132 dovecot: imap-login: Login: user=<billybigrigger>, method=PLAIN, rip=68.146.139.247, lip=69.164.212.132
<epinky> what are your  MX records?
<billybigrigger> i take it rip=68.146.139.247 means that attempted timed out
<billybigrigger> mail.thefrozencanuck.ca. 925	IN	CNAME	thefrozencanuck.ca.
<billybigrigger> thefrozencanuck.ca.	1800	IN	MX	10 mail.thefrozencanuck.ca.
<billybigrigger> smtp sending is timing out
<billybigrigger> right now im trying to test imap/smtp without authentication
<epinky> mail.thefrozencanuck.ca is?
<billybigrigger> yeah
<epinky> mail.thefrozencanuck.ca is X.Y.Z.U?
<billybigrigger> ?
<billybigrigger> epinky, i don't understand
<epinky> ip of mail.thefrozencanuck.ca?
<billybigrigger> mail.thefrozencanuck.ca. 1538	IN	CNAME	thefrozencanuck.ca.
<billybigrigger> thefrozencanuck.ca.	1538	IN	A	69.164.212.132
<billybigrigger> thefrozencanuck.ca.	1538	IN	A	68.146.139.247
<billybigrigger> it's confused it think :)
<billybigrigger> 69.164.212.132 is the server's ip
<billybigrigger> 68.146.139.247 is old
<billybigrigger> like 4 days old
<epinky> Have you set up mail servers on 69.164.212.132 and 68.146.139.247 ?
<billybigrigger> doesn't seem like it wants to detach itself from my domain
<billybigrigger> yeah, 139.247 is my home ip...not running any services on it anymore
<billybigrigger> 212.132 is a vps i bought a few days ago
<billybigrigger> godaddy's domain manager just doesn't want to seem to let go of the old ip
<epinky> then remove thefrozencanuck.ca. 1538 IN A 68.146.139.247
<billybigrigger> i deleted that a record days ago
<billybigrigger> when i added the new one
<epinky> or add it like:
<billybigrigger> Total DNS:  (Available)
<billybigrigger> ARecord 	@ 	69.164.212.132
<billybigrigger> CNAME 	mail 	@
<billybigrigger> CNAME 	www 	@
<billybigrigger> CNAME 	ftp 	@
<billybigrigger> MX 	@ 	mail.thefrozencanuck.ca
<billybigrigger> that's all the records i have
<epinky> thefrozencanuck.ca. 1800 IN MX 20 mail2.thefrozencanuck.ca.
<billybigrigger> i only have the one mail server
<billybigrigger> mail2.thefrozencanuck.ca won't point anywhere
<billybigrigger> unless you want me to point it to the server's new ip?
<epinky> mail.thefrozencanuck.ca. 1538 IN A 69.164.212.132
<epinky> mail2.thefrozencanuck.ca. 1538 IN A 68.146.139.247
<epinky> thefrozencanuck.ca. 1538 IN CNAME mail.thefrozencanuck.ca.
<billybigrigger> wtf
<billybigrigger> as soon as i deleted the all my records, all A, CNAME, and MX records....
<billybigrigger> 68.146.139.247 immediatley points back to my home ip
<epinky> huh? "billybigrigger>	yeah, 139.247 is my home ip...not running any services on it anymore"
<billybigrigger> no i mistyped
<billybigrigger> yeah thats right
<billybigrigger> wow im confusing myself haha
<billybigrigger> 69.164.212.132 is my server's ip
<billybigrigger> 68.146.139.247 is my home ip
<X-M4-X> Im having trouble getting mysql and mail services working any ideas
<X-M4-X> its a new install if that helps
<jmarsden> X-M4-X: You'll need to be much more specific -- what packages did you install, how did you configure them, what do you mean by "having trouble" -- what exactly works, and what does not work?
<X-M4-X> rapache is working excelent i have never had apache 2.2 work this great..........mysql 5.1 community is the package i installed and i don't know where to begin for mail right now
<jmarsden> X-M4-X: How did you install mysql 5.1?   sudo apt-get install mysql-server    right?
<X-M4-X> apt get-install mysql-5.1-community
<X-M4-X> now i have entered the command you have given
<jmarsden> There does not seem to be an official Ubuntu package called mysql-5.1-community that I can see.   mysql-server is the metapackage that installs the version of mysql server appropriate for the version of Ubuntu you are running, and the related packages it needs.  So... did it work for you?
<X-M4-X> the command you gave did work
<jmarsden> Good :)
<twb> jmarsden: I bet his -community package just Provides: mysql-server, so it's a noop :P
<jmarsden> X-M4-X: For mail, you just need basic single domain SMTP and POP3/IMAP ?  Have you set up a mailserver on Linux before?
<X-M4-X> i had one on windows vista however i am strait noob to linux. i was advised to switch
<jmarsden> OK.  Which version of Ubuntu Server are you running?
<X-M4-X> newest one i believe 9.10
<jmarsden> OK.  Then    sudo apt-get install dovecot-postfix   should install both dovecot and postfix for you.
<jmarsden> BTW, to find out for sure which version of Ubuntu you have, do    lsb_release -d
<X-M4-X> i have like 3 Fails and 4 ok's
<X-M4-X> when it was trying to listen it said fail
<jmarsden> pastebin what you really saw and tell the channel the URL, so we can see the exact text, please
<jmarsden> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<X-M4-X> kk
<X-M4-X> The places fail are noticed are highlighted http://devteamsn.pastebin.com/f523369b8
<twb> X-M4-X: "Fatal: listen(0.0.0.0, 143) failed: Address already in use"
<twb> X-M4-X: that means dovecot can't start because something else is already using port 143.
<jmarsden> X-M4-X: Um... did you previously try to install some sort of IMAP daemn...
<jmarsden> *daemon
<twb> X-M4-X: use ss -l or netstat to find out what.
<X-M4-X> Maybe i was entering codes for security purposes almost 10 seconds after it installed so ill find out
<jmarsden> X-M4-X: if you don't know whether or not you already tried to install an IMAP daemon, you should probably learn to keep much better notes of what you do as you admin your server :)
<X-M4-X> *:imap2
<X-M4-X> maybe i do lol
<jmarsden> Please speak English... what did you install that does IMAP, before you installed dovecot-postfix ?
<X-M4-X> I have no idea maybe sendmail
<jmarsden> No, that's an MTA.  Seriously, keep better records!   If you really don't know, what does     sudo netstat -ntlp4 |grep :143  output?
<X-M4-X> mailagent
<X-M4-X> ssmtp
<mulvus> hey just a suggestion: now that some computers have kms, and hence full res terminal terminals maybe putting a background image would be good
<jmarsden> X-M4-X: That is the output of  sudo netstat -ntlp4 |grep :143    ... I don't think so.
<mulvus> obviously ubuntu logo related.
<mulvus> just so people know its powered by ubuntu
<X-M4-X> oh no its not those are two things i saw in the terminal that had anything to do with mail
<jmarsden> So...  what does     sudo netstat -ntlp4 |grep :143   output?
<X-M4-X> workin on it now
<jmarsden> X-M4-X: Try to follow instructions and not guess at stuff... twb and I both suggested you use netstat...
<twb> Actually I prefer ss now ;-)
<X-M4-X> hmm tcp 0    0  0.0.0.0:143    0.0.0.0:*   LISTEN    1519/portsentry
<jmarsden> X-M4-X: OK, so why are you running portsentry on a port you want to use for IMAP ?
<jmarsden> Stepping back, why are you running portsentry at all?
<X-M4-X> I used yolinux.com for a linux server security tutorial and i just followed it had no idea that it was going to conflict with my incomming/outgoing mail servers
<jmarsden> If you don't need it,  sudo apt-get purge portsentry  seems called for.  sounds like a rather old tutorial... don't follow tutorials you do not fully understand.
<epinky> portsentry rocks!
<X-M4-X> It is i just now see "apache 1.3"
<jmarsden> X-M4-X: OK, so  sudo apt-get purge portsentry     and then restart dovecot and you should be much closer to a working mail server.
<X-M4-X> how would i restart? forgive me i am new to this
<jmarsden> epinky: portsentry was cool in 1999, but we are now in 2009... what real benefit does portsentry bring today on an appropriately configured Ubuntu server?
<jmarsden> X-M4-X: sudo service dovecot restart
<X-M4-X> ah thank you
<X-M4-X> it didnt fail
<epinky> jmarsden: I know sendmail is also very old XD
<jmarsden> X-M4-X: Good.  Now you can read the Ubuntu Server Guide, and maybe follow that with some general linux documentation such as http://tldp.org/LDP/intro-linux/html/intro-linux.html so you can get a bit more up to speed.
<X-M4-X> alright now i can configure php & mysql and than purchase cpanel & whm
<jmarsden> Ewww.  If you really must :)  Stick with supported open source solutions on your server if you can.
<billybigrigger> the postfix/dovecot sections in the server guide don't really give a working mailserver either
<billybigrigger> :)
<billybigrigger> else i wouldn't have been asking a million questions in here the last couple of days
<jmarsden> billybigrigger: Or maybe you didn't quite follow them exactly?  I'll test them in a VM, I suspect they will work just fine for me :)
<X-M4-X> well if you know of a good client access panel and web host manager thats open source let me know lol
<billybigrigger> followed that guide a few times, yet it hasn't resulted in a working server yet
<billybigrigger> maybe i've done so much mucking around with configs i'm way off base now
<billybigrigger> who knows
<tomsdale> billybigrigger: long time no see. Do you know howtoforge - good general tuts for standart server config
<ScottK> If you find specific errors, please report bugs against the sever guide so we can get them fixed.
<billybigrigger> tomsdale, howdy
<jmarsden> X-M4-X: I'm not about to deal with all the details, but which ones have you tried, and how do you define "good" in this context?
<billybigrigger> yeah i used to follow howtoforge alot, wanted to give the server guide a go
<X-M4-X> good would be cpanel to me however there was one i had on my windows vista xampp weak server and lots of people loved, i think it was called zpanel only issue is it needed zend optimizer to be installed to the server
<jmarsden> X-M4-X: Well, if you define "good" as one commercial product, then of course you can't find a "good" open source panel :)
<X-M4-X> lol so true
<twb> A customer needs to demonstrate that RAID5 is too slow for his "write lots of little files" workload.
<twb> Is there a better benchmarking tool for this than bonnie++?
<epinky> twb: Dtrace?
<billybigrigger> phoronix?
<jmarsden> twb: Well, that customer's workload is the best benchmarking tool for that workload :)
<X-M4-X> i probably just sacrificed speed of my server lol
<X-M4-X> installed gui and web browser
<jmarsden> Ugh.  Now you have a not-quite-server hybrid machine.  Ask any gui-related questions in #ubuntu not in here :)
<X-M4-X> lol ill purge it later
<X-M4-X> Im going to take a chance here and say for dns server it would be apt-get install dns-server?
<jmarsden> X-M4-X: Stop guessing and read the Server Guide :)
<X-M4-X> Oh yeah i forgot i had that open
<billybigrigger> do you not need 2 machines for dns?
<billybigrigger> a primary and secondary?
<X-M4-X> i dont think so
<jmarsden> billybigrigger: For authoritative servers, yes (there are free secondaries around if you need one).  For a DNS server for your local use, you only need one machine.
<X-M4-X> Thanks for that bit of information...now i know if i ever need an authoritative server
<Sam-I-Am> billybigrigger: you dont need 2 machines for dns
<Sam-I-Am> billybigrigger: but it helps if you want some redundancy when serving dns to the outside world
<X-M4-X> i do need thet
<Sam-I-Am> its pretty easy
<jmarsden> X-M4-X: Did you do that when you ran your services using Vista?  If so, you should probably do the same on Linux.
<X-M4-X> no i just used one server with simple DNS plus and it worked perfectly
<jmarsden>  Then you don't "need" two servers for Linux -- one server will get you at least the same level of redundancy you had before.
<X-M4-X> lol
<X-M4-X> someone just tried to dos me
<billybigrigger> jmarsden, ok im following this guide for the last time
<billybigrigger> :)
<billybigrigger> sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
<billybigrigger> sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
<billybigrigger> sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
<jmarsden> I'm following it and documenting my progress and seeing how much of it I can script :)
<jmarsden> billybigrigger: wrong window :)
<billybigrigger> do i need to supply a CAfile if i did a self signed cert?
<billybigrigger> or just tls key and cert
<jmarsden> billybigrigger: Just follow every step of the guide and don't worry about it.
<billybigrigger> im getting an error
<jmarsden> At what point?
<billybigrigger> cannot load Certificate Authority data: disabling TLS support
<billybigrigger> i can pastebin the rest
<billybigrigger> it's postfix complaining about the CA cert
<billybigrigger> but i didn't create a CA cert, just self-signed
<billybigrigger> so i was wondering can i remove the smptd_tls_CAfile from main.cf
<billybigrigger> or will i disable TLS that way
<billybigrigger> ?
<jmarsden> So... you didn't actually follow the guide... and now you are complaining about an error... hmmm.
<billybigrigger> no
<billybigrigger> the guide gives you an option to create self signed cert, or use a CA
<billybigrigger> i've tried the CA every time, and thought i'd go with a self signed this time around
<jmarsden> You misread it, it give syou a list of commands to type and the refers to to a separte doc for "more details" on self signed keys.  Itr does not say "so skip all the above and read this"!
<billybigrigger> Whether you are getting a certificate from a CA or generating your own self-signed certificate, the first step is to generate a key.
<billybigrigger> i generated the key, and the self-signed it
<billybigrigger> what else do i need to do?
<billybigrigger> self-sign it, and run it through CA?
<jmarsden> I thought we were debugging the guide. To do that we need to start at the top of the guide and work through it, not deviating from what it says.
<jmarsden> That is what I am doing.
<billybigrigger> ok, i generated my key, all is fine there...
<jmarsden> I just got to the sudo /etc/init.d/postfix restart after the end of the cert part and it worked fine... OK.
<billybigrigger> which cert part? self signed?
<jmarsden> The whole part.  I did not read the "more details.  You are using the 9.10 Server Guide, right?
<billybigrigger> yeah
<billybigrigger> did you create a CA or self sign the cert?
<jmarsden> So tell me where it offers you two options, CA or self signed, on that page?
<billybigrigger> You can now submit this CSR file to a CA for processing. The CA will use this CSR file and issue the certificate. On the other hand, you can create self-signed certificate using this CSR.
<jmarsden> I created a CA, because that is what the guide says to do.
<billybigrigger> there's the option
<billybigrigger> right above Creating a Self-Signed Certificate
<billybigrigger> jmarsden, ........
<billybigrigger> so what am i supposed to do? create a CA then?
<billybigrigger> is that the *proper* way? even if the guide gives the option?
<jmarsden> If it works, then move on :)  Either way should work fine.
<billybigrigger> well back to my original question....
<billybigrigger> billybigrigger> do i need to supply a CAfile if i did a self signed cert?
<billybigrigger> because postfix is now complaining it can't find the CAfile, since i entered this into postconf, from the guide
<billybigrigger> billybigrigger> sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
<billybigrigger> which obviously doesn't exist
<jmarsden> I'd try without it then.
<billybigrigger> the guide also gives the option to use cryus or dovecot sasl with smtp-auth
<billybigrigger> which one do YOU use?
<jmarsden> dovecot
<billybigrigger> i'
<billybigrigger> hmmp
<billybigrigger> i tried cryus this time
<jmarsden> actually I think the whole guide could be simplified to use the new dovecot-postfix package as a starting point... but that's a discussion for after we test the guide as it now is :)
<billybigrigger> ok, according to the guide...once i see this from ehlo mail.thefrozencanuck.ca my testing is done and i SHOULD have a working smtp server...
<billybigrigger> 250-STARTTLS
<billybigrigger> 250-AUTH LOGIN PLAIN
<billybigrigger> 250-AUTH=LOGIN PLAIN
<billybigrigger> 250 8BITMIME
<billybigrigger> right?
<jmarsden> Probably, I can't make progress through it right now because you are asking too many questions too quickly :)
<billybigrigger> i see that perfectly...yet i still cant sendmail through thunderbird
<billybigrigger> hehe sorry for the q's
<billybigrigger> this guide needs a good thorough read-through
<billybigrigger> or a re-write
<jmarsden> Can you send mail using (for example)        date |mail -s "My test" user@someplace.else.com
<jmarsden> from the server itself.
<jmarsden> And that read through is what I was trying to give it...
<billybigrigger> no, because -bash: mail: command not found
<billybigrigger> :)
<billybigrigger> you mean while i'm netcat'd into port 25?
<jmarsden> well, easier to  sudo apt-get install heirloom-mailx    # but you can test that way too
<billybigrigger> not good with smtp commands :)
<jmarsden> Then do what I suggested and    sudo apt-get install heirloom-mailx
<billybigrigger> is it in universe?
<jmarsden> It's "just there" for me, when I run apt-get install, so I'd say yes it must be in universe or main :)
<billybigrigger> 9.10's apt sources come with universe disabled..so
<billybigrigger> got it now
<billybigrigger> jmarsden, ok that worked
<billybigrigger> sent a test to my hotmail account
<billybigrigger> From:  	    billybigrigger@mail.thefrozencanuck.ca
<billybigrigger> where is the from header read?
<billybigrigger> ie i want @thefrozencanuck.ca
<billybigrigger> is that myhostname = mail.thefrozencanuck.ca
<jmarsden> Talk about impatience!  You have not yet got your mail server working... why are you trying to customize it already?
<billybigrigger> ....
<billybigrigger> :-O
<billybigrigger> haha sorry, i am impatient today
<jmarsden> So how did you set up Thunderbird to authenticate when sending mail out via your mailserver?
<billybigrigger> just had my last cup of coffee just over an hour ago, and have been smashing my head on my desk for a few days over postfix/dovecot
<jmarsden> Other than denting the desk, results of that operation are not reliable.
<billybigrigger> server: mail.thefrozencanuck.ca port: 25 username: billybigrigger secure authentication: yes connection security: starttls
<billybigrigger> tbird's settings
<jmarsden> OK, and what error do you get from Thunderbird when you try to send mail using that connection?
<billybigrigger> it times out
<MenZa> billybigrigger: postfix is evil. :(
<billybigrigger> high five on that one
<jmarsden> OK.  So.. from the machine running Thunderbird, can you telnet to port 25 of your server?
 * MenZa slides billybigrigger a mug of hot coffee.
<MenZa> Stay strong.
<jmarsden> billybigrigger: You can set up sendmail if you prefer it and think it would be easier :) :)
<billybigrigger> jmarsden, no, because my ISP blocks 25
<billybigrigger> which is why i need to setup submission on 587
<jmarsden> So then of course Tbird times out!
<jmarsden> That is an invalid test of your server.
<billybigrigger> should i keep the same settings in tbird and just change the port to 587 then?
<billybigrigger> tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      4396/master
<jmarsden> Once you have the port 587 on the server opened, yes.    Eo you have an MX record for your server already in place?  So if I email billybigrigger@thefrozencanuck.ca is shoukd reach your server's port 25?
<billybigrigger> $ dig mx mail.thefrozencanuck.ca
<billybigrigger> mail.thefrozencanuck.ca. 1800	IN	CNAME	thefrozencanuck.ca.
<billybigrigger> thefrozencanuck.ca.	150	IN	MX	10 mail.thefrozencanuck.ca.
<billybigrigger> jmarsden, no because i haven't gotten imap/imaps configured, smtp is outbound, which you know already
<jmarsden> So... you didn't go through the guide all the way, and you are complaining about things not working and are trying to reconfigure stuff??  Hmmm.
<jmarsden> BTW I can't get to port 25 on 77.232.68.42 from here, and I can get to lots of other SMTP servers OK...
<jmarsden> So are you sure it is your ISP doing the port 25 blocking, not something at the server end?
<billybigrigger> tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      4396/master
<billybigrigger> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2072/sshd
<billybigrigger> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4396/master
<billybigrigger> only services i have setup so far are ^^^
<billybigrigger> ssh and postfix
<X-M4-X> i am too tired i think im just going to use this server to make my own site hold up
<jmarsden> billybigrigger: And no firewall or packet filtering anywhere in play at all, hardware or software?
<billybigrigger> no
 * billybigrigger checks iptables
<billybigrigger> no rules set
<jmarsden> And the server IP is 77.232.68.42 ?
<billybigrigger> no, where did you get that ip from?
<jmarsden> dig mail.frozencanuck.ca +short
<billybigrigger> PING thefrozencanuck.ca (69.164.212.132) 56(84) bytes of data.
<jmarsden> Ah, I left out the "the" :|
<billybigrigger> :P
<billybigrigger> jmarsden, ok, another thing with this guide, the dovecot.conf doc's state if you want to use smtp-auth, which im assuming i do, enter protocols = none in the dovecot.conf
<jmarsden> OK, your server is accepting mail on port 25 just fine.  I just sent you a test using it.  See if it is in /var/mail/billybigrigger
<billybigrigger> yeah i got it
<billybigrigger> accepting on 25, i thought imap/imaps pop3/pop3s accept mail on 143/993 etc..
<billybigrigger> ???
<billybigrigger> i thought smtp 25 was for outbound mail
<jmarsden> They do.  I was sending to you, so I sent *to* your SMTP server.  My mail was outbound to your port 25.
<jmarsden> Sounds like you are confused.
<billybigrigger> very
<jmarsden> SMTP is all about moving email around the Internet from mail server to mail server.  That is what it does, transport mail.  SMTP == Simple Mail transport Protocol.
<billybigrigger> imap just moves it from maildir through smtp then?
<billybigrigger> err dovecot
<jmarsden> POP3 and IMAP are for email clients who prefer not to use a shell account on your server and read email with the mail command (!), to have a way to get the mail to their local (non-server, perhaps non-Ubuntu) PC or laptop or whatever
<billybigrigger> fair enough
<X-M4-X> haha
<billybigrigger> so technically, i could run my mailserver just fine the way it is
<X-M4-X> i love this
<billybigrigger> if i wanted to send/recieve all my mail through a shell
<jmarsden> billybigrigger: Sure :)
<billybigrigger> but who wants that? :P not i
<jmarsden> If you only need that, you do not need dovecot at all.
<billybigrigger> no, what i'm really going for here is a roundcube/atmail setup for webmail
<X-M4-X> Im going to purge the gui's
<jmarsden> X-M4-X: Yay :)
<billybigrigger> stupid thing is, i never had this much problems setting up mail at home on my vm server
<billybigrigger> maybe i just need to have a smoke break...i'll brb
<jmarsden> OK.
<X-M4-X> lol i need a coffee break but i gotta wait a few hours
<X-M4-X> I feel like the gui just slows the server wayyyyyyyyyyyyy down
<jmarsden> That might be a sign it lacks RAM?
<jmarsden> But, don't add the GUI back anyway :)
<X-M4-X> Im adding more ram too :)
<X-M4-X> yeah................. now i remember why i added the gui
<jmarsden> No, learn to use Linux from the shell prompt, it will server you better in the long term anyway.
<jmarsden> I need to go AFK to eat with family... back in a while...
<X-M4-X> kk
<billybigrigger> jmarsden, still alive?
<X-M4-X> god this is HELL
<X-M4-X> is there a command to show all services?
 * MenZa quickly refills billybigrigger's coffee mug.
<billybigrigger> hehe
<jmarsden> X-M4-X: All active services, or all possible installed services??
<billybigrigger> MenZa, thanks, but im on pepsi now :P
 * jmarsden is back
<X-M4-X> all active
<MenZa> Eurgh, horrible substitute, billybigrigger!
<billybigrigger> yeah i don't drink much of it
<X-M4-X> dr. pepper FTW!
<jmarsden> X-M4-X: sudo netstat -nl
<X-M4-X> dang thats alot
<jmarsden> X-M4-X: Many of those are only listening on localhost, or on unix sockets, etc.
<X-M4-X> Ugh i shouldve left the GUI until i downloaded a panel to the document root folder
<X-M4-X> well im not re adding it now
<jmarsden> X-M4-X: Why?  Download the file using wget and untar it with tar ... what's the problem?
<X-M4-X> Thats what it was
<X-M4-X> im writing that command down
<X-M4-X> im trying to get into the document root and i forget what was it /var/www ?
<jmarsden> Unless you changed it, yes
<X-M4-X> ok now i will download the cpanel and prey something doesnt mess up on me...if i did everything in mysql right it shouldnt
 * genii hunts down his prey, the elusive coffee
<X-M4-X> lol i cant seem to rename that one file
<jmarsden> X-M4-X: what exactly are you typing and what is the result?
<X-M4-X> rename -n index.html?404=Y index.html syntax error (eval 1) line 1 near index.
<jmarsden> X-M4-X: quote the filename, ? is a special char.  mv 'index.html?404=Y' index.html    # should work
<jmarsden> What is with rename -n, mv is shorter to type :)
<X-M4-X> ok thanks i now know that the site i was downloading from is now parked
<jmarsden> X-M4-X: I don't think there is an "unpack remote website" command, so I can't help with that :)
<X-M4-X> lol
<X-M4-X> ugh anyone know what to do to unpack tar -e isnt working right
<X-M4-X> or at all
<jmarsden> WHat is the file you are untarring named ?
<X-M4-X> webcp-0.5.7.tar.gz
<jmarsden> tar zxf webcp-0.5.7.tar.gz
<jmarsden> Where did you get the idea of -e from, by the way?
<jmarsden> Did you try man tar
<jmarsden> I don't think tar *has* a -e option... :)
<billybigrigger> i think he was thinking of unrar -e
<jmarsden> Ah, maybe.
<X-M4-X> yeah..um its wanting to download every php file
<X-M4-X> http://socomgods.ath.cx/webcp/web
<jmarsden> Is the apache php module enabled?  I've helped someone with that issue before, but I forget the fix!
<X-M4-X> wait its not downloading php files its oi_gCQZv.part
<X-M4-X> what the hell thats not even listed as a file on the server
<jmarsden> It may be just the index file you are having an issue with??
<jmarsden> index.php or whatever it is called?
<billybigrigger> X-M4-X, make sure php5 is located in /mods-enabled/
<billybigrigger> and you might need to add the include for it
<billybigrigger> php that is
<billybigrigger> X-M4-X, /etc/apache2/mods-enabled/
<X-M4-X> LOL you are a step ahead of me
<billybigrigger> i thought you were having a problem with index.php wanting to download, and not open
<X-M4-X> it is its downloading and not executing on the server
<billybigrigger> anyway.../etc/apache2/mods-enabled/ should all be symlinks of /etc/apache2/mods-available, same goes with sites-enabled and sites-available
<jmarsden> X-M4-X: If you do  echo -e "<?php\nphpinfo();\n?>" >phpinfo.php      in /var/www/ can you then browse to it and see the output OK?
<jmarsden> (In other words, let's test to see if it is all .php files that are the issue, or just the index.php file)
<billybigrigger> might need to add an addhandler line for php in php.ini too
<X-M4-X> dude..........i dont even know how to open files
<billybigrigger> i remember having to do that just the other day with .phtml files
<jmarsden> billybigrigger: Slow down, one thing at a time :)
<billybigrigger> i'm just stating what i had to do the other day when i had the problem of firefox wanting to download index.php as a .phtml file
<jmarsden> billybigrigger: Yes, but it is too much for a newcomer to handle all at once :)
<jmarsden> X-M4-X: If you do   echo -e "<?php\nphpinfo();\n?>" >phpinfo.php      in /var/www/ can you then browse to it and see the output OK?
<billybigrigger> fair enough, i appologize for jumping into the conversation
<X-M4-X> I dont know how to do that
<billybigrigger> too much caffeine today :-O
<X-M4-X> ^^ i need some of that
<uvirtbot`> X-M4-X: Error: "^" is not a valid command.
<jmarsden> X-M4-X: You have a ssh shell into your server, or are typing at the server console, right?
<billybigrigger> X-M4-X, copy and paste that command into your terminal
<X-M4-X> i have both running
<billybigrigger> it will create a file called phpinfo.php with everything between " and " in it
<jmarsden> X-M4-X: So you need to become root using sudo -s, then cd /var/www and then type the command     echo -e "<?php\nphpinfo();\n?>" >phpinfo.php
<jmarsden> as billybigrigger says that creates a little test php file.
<billybigrigger> a very helpful test file i might add :P
<jmarsden> billybigrigger: Was it *you* I worked on this for some time ago? :)
<billybigrigger> oh very possibly
<jmarsden> :)
<billybigrigger> last time i remember you helping me was in jaunty+1 compiling kernels iirc
<billybigrigger> i could be wrong though
<jmarsden> billybigrigger: I don't think that was me.
<billybigrigger> fair enough
<jmarsden> X-M4-X: So, do we have a file named phpinfo.php in /var/www yet?
<X-M4-X> not yet
<X-M4-X> ssh is being gay
<X-M4-X> im just gonna do it via terminal
<X-M4-X> Ok still no
<billybigrigger> what's the problem X-M4-X ?
<X-M4-X> SSH is being weird and terminal has become in a loop
<X-M4-X> i reset the system
<X-M4-X> what was that code again?
<jmarsden> What was being displayed on the console before you reset it?  Maybe we need to fix that, first? :)
<X-M4-X> it just kept saying ">" over and over
<X-M4-X> never even stopped even after unplugging the keyboard that was very weirf
<X-M4-X> weird*
<jmarsden>  echo -e "<?php\nphpinfo();\n?>" >phpinfo.php
<X-M4-X> and i think i know whats up with ssh
<X-M4-X> it just repeted the code i inputed
<jmarsden> Did you forget the last part,   >phpinfo.php
<X-M4-X> *is making sure he put it in right*
<billybigrigger> copy/paste is beautiful :)
<billybigrigger> i love the way gnome ubuntu handles copy paste, highlight text, and middle click to paste...pure awesomeness :P
<jmarsden> What should normally be 2 second cut and paste into SSH has become a 20 minute task, and we're not there yet :)
<X-M4-X> now its wanting to download phpinfo.php
 * billybigrigger has a funny feeling libapache2-mod-php5 isn't installed
<jmarsden> OK, so all files are affected.  Let's try     sudo a2enmod php5
<X-M4-X> about 3 hours ago when i got here it is a brand new fresh install
<jmarsden> During the server install, what tasks did you select ?  LAMP?
<X-M4-X> idk ive slept since the install
<jmarsden> And you didn't document your install process...
<jmarsden> OK, what did   sudo a2enmod php5    do?
<X-M4-X> i got caught up in watching tv lol
<jmarsden> If that's how seriously you take learning Ubuntu server, you'll soon have a real disaster on your hands :)
<X-M4-X> ERROR: php5 does not exist
<billybigrigger> :-O
<X-M4-X> hello!!!!!!!!!!!!!!!!!! weve found the problem i bet
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/php5.html
<billybigrigger> better crack a can of dr.pepper and wipe the sleep from your eyes :P
<jmarsden> OK, so let's do   sudo tasksel install lamp-server
<jmarsden> So we install Apache, MySQL and PHP (of whichever of them are missing), and we'll try from there.
<jmarsden> billybigrigger: Those instructions are a bit long, I just ask tasksel to do all the work for me :)
<billybigrigger> fair enough
<X-M4-X>  ^
<billybigrigger> i prefer manual installing that is all
<billybigrigger> php is actually a breeze to install
<jmarsden> X-M4-X: Any better now?
<billybigrigger> better than the postfix/dovecot doc's imo tehehe
<X-M4-X> havnt done it yet had to kick my cat off the tower
<X-M4-X> still asking me to download
<jmarsden> Did you restart apache after installing the PHP packages?
<X-M4-X> well that would be a good idea wouldnt it....i forgot to do that
<jmarsden> sudo service apache2 restart
<X-M4-X> done
<jmarsden> OK, now retest
<X-M4-X> now its not asking me to download
<jmarsden> So now it works, at least for phpinfo.php .  Good :)
<X-M4-X> phpinfo works setup.php located at socomgods.ath.cx/webcp/web/setup.php  still wanting to be downloaded
<jmarsden> No, it doesn't it says: web://cp setup script
<jmarsden> Error: Web://cp is not configured correctly. Please check your settings.
<X-M4-X> You got it to execute?
<jmarsden> I browsed to it and this is what I saw, yes.
<X-M4-X> my systems messing up than
<jmarsden> Reload it, maybe your browser is caching?
<X-M4-X> yep
<jmarsden> So now you "just" need to fix webcp and you're all set :)
<X-M4-X> ok is ubuntu server based on debian?
<jmarsden> Yes, in that Ubuntu as a whole is based on Debian.
<jmarsden> But since I don't think you are a Debian expert/power user, I'm not sure how much that helps you out :)
<X-M4-X> well im done for tonight..........i have to get sleep as tomorrow is black friday i have to be up in like 3 hours
<X-M4-X> later
<jmarsden> OK, goodnight :)  And do read a Linux tutorial or three when you can, such as http://tldp.org/LDP/intro-linux/html/intro-linux.html
<billybigrigger> jmarsden, 1 more question for ya before you head to bed? or hang yourself in the bathroom
<billybigrigger> i bet your sick of q's aren't ya? :P
<jmarsden> OK ... go for it...
<billybigrigger> ok, i have dovecot setup now, i can login with thunderbird to my mail server via imaps, now from my house i can't netcat to mail.thefrozencanuck.ca 25, but i can on submission port 587
<jmarsden> OK.
<jmarsden> That sounds like your ISP doing its thing with port 25.
<billybigrigger> just in tbird, using port 587 using a username, with secure authentication and ssl/tls won't connect
<billybigrigger> it just times out
<jmarsden> So SMTP auth seems to be broken or something... wait a sec...
<billybigrigger> when i ran ehlo in netcat, i ended up seeing 250-starttls, but not 250 auth lines
<billybigrigger> like i did when i tested smtp
<jmarsden> If you test using    openssl s_client -connect mail.thefrozencanuck.ca:587 -starttls smtp     # you should see them.
<billybigrigger> so my problem lies in tbirds settings
<jmarsden> (BTW that is in effect a "really smart netcat" which does STARTTLS for you).
<jmarsden> Well,... maybe.  timing out is definitely odd.
<jmarsden> You can do the openssl s_client thing from the same machine Thunderbird is on, right? and the openssl s_client works?
<billybigrigger> yeah
<jmarsden> OK.  And Thunderbird is being told to use starttls on that connection, and to authenticate with a username and pw.  I'm not sure what is wrong there...
<jmarsden> In Thunderbird, you set the "secure connection" radio button to "TLS", right?
<billybigrigger> i might state im on tbird 3.0
<jmarsden> Ah... I only have 2.x here, it might have different dialogs.
<billybigrigger> its either none, starttls, or ssl/tls
<billybigrigger> its on ssl/tls
<jmarsden> Ah, no, set it to STARTTLS and try again.
<jmarsden> ssl/tls is for connections which always are SSL-encrypted.  Port 587 only uses the crypto after seeing a STARTTLS command...
<billybigrigger> Sending of message failed.
<billybigrigger> An error occurred sending mail: Unable to authenticate to SMTP server mail.thefrozencanuck.ca. The server does not support any compatible secure authentication mechanism but you have chosen secure authentication. Try switching off secure authentication or contact your service provider.
<billybigrigger> with STARTTLS ^^^^
<jmarsden> Well, that's better in a sense.  At least the two machines talk to each other now.
<jmarsden> What do you have set regarding authentication exactly?
<billybigrigger> wow
<billybigrigger> now it works
<billybigrigger> wtf hehe
<jmarsden> :)
<billybigrigger> i thought i had tried every combo in the smtp settings :P
<jmarsden> Apparently not.
<billybigrigger> nope
<billybigrigger> thanks :)
<jmarsden> No problem.
<billybigrigger> sigh...
<billybigrigger> test sent from hotmail still hasn't been recieved...
<billybigrigger> Nov 27 06:56:05 localhost postfix/smtpd[8154]: connect from bay0-omc4-s7.bay0.hotmail.com[65.54.190.209]
<billybigrigger> Nov 27 06:56:05 localhost postfix/smtpd[8154]: NOQUEUE: reject: RCPT from bay0-omc4-s7.bay0.hotmail.com[65.54.190.209]: 554 5.7.1 <billybigrigger@thefrozencanuck.ca>: Relay access denied; from=<billy.big.rigger@hotmail.com> to=<billybigrigger@thefrozencanuck.ca> proto=ESMTP helo=<bay0-omc4-s7.bay0.hotmail.com>
<billybigrigger> Nov 27 06:56:05 localhost postfix/smtpd[8154]: disconnect from bay0-omc4-s7.bay0.hotmail.com[65.54.190.209]
<billybigrigger> sigh....
<jmarsden> You didn't tell postfix you are @thefrozencanuck.ca, you told it you are @mail.thefrozencanuck.ca
<billybigrigger> ooooh misleading
<jmarsden> Email to billybigrigger@mail.thefrozencanuck.ca   should be received fine by you.
<billybigrigger> the test i sent to hotmail showed up as @thefrozencanuck.ca
<jmarsden> Then you half configured your system one way and half the other, I suspect.
<jmarsden> If hotmail shows you the RFC822 headers and smtp enveope headers, read them on that msg and look for where the msg really came from :)
<billybigrigger> rejected again
<billybigrigger> got er :)
<billybigrigger> any webmail clients i setup should be able to use port 25 right
<billybigrigger> i just need to use submission from home
<billybigrigger> seeing as port 25 is not blocked on my server
<billybigrigger> thanks for all the help jmarsden i finally got a working mail server :P w00t
<jmarsden> Right.  OK.  BTW, try something like    sudo postconf -e 'mydestination = mail.thefrozencanuck.ca, thefrozencanuck.ca, localhost, localhost.localdomain'
<billybigrigger> k
<jmarsden> So your mailserver believes it should accept mail for user@thefrozencanuck.ca
<billybigrigger> ok
<jmarsden> But for now... goodnight :)
<billybigrigger> myhostname = thefrozencanuck.ca
<billybigrigger> too?
<billybigrigger> or mail./
<billybigrigger> mail.
<jmarsden> I would leave that alone.
<billybigrigger> it was working with mail.
<billybigrigger> i'll leave it then
<jmarsden> Right.  You want it to work with both, so just adding the shorter one to mydestination *should* be enough.
<billybigrigger> k
<billybigrigger> right on
<billybigrigger> good night j
<jmarsden> Goodnight.
<uvirtbot`> New bug: #489071 in bind9 (main) "Bind9 unable to compile with DLZ due to static version request for libdb-4.2" [Undecided,New] https://launchpad.net/bugs/489071
<martin-> any reason the packages linux-image-server and linux-server are being "kept back" on 8.04 lts?
<martin-> or is the default update behaviour to never touch kernel packages?
<soren> mdz: Any particular reason I'm not the assignee of https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-automated-testing ?  I'm mostly asking because the burndown chart gets a bit confused by a bunch of work items assigned to some dude called "nobody".
<acalvo> soren: nobody usually does the work
<soren> acalvo: Yeah, nobody's quite the rockstar.
<twb> I am.
<acalvo> sure twb, you always are
<twb> I am a rock star.  I rock out.
<acalvo> rock out loud then
<\sh> soren, any reason why we shouldn't use && package puppet 0.25.x and friends for lucid?
<\sh> s/package/sync from sid/
<twb> \sh: would it require a sync of ruby, too?
 * twb is guessing
<\sh> twb, looks like it's using still ruby 1.8
<twb> Good-o
<\sh> (looking on p.d.o. unstable puppet)
<\sh> twb, I was just thinking about it...cause 2.5.x is the way to go
<twb> I would really hate puppet if the alternative wasn't cfengine...
<\sh> twb, that's why I tried puppet..and love it, because it has no hatefull syntax like cfengine ;)
<\sh> for me cfengine is like nagios, and puppet is like opennms...powerful but easy to use ;)
<twb> Puppet annoys me because I don't like putting puppet (or python, for that matter) on every host.
<twb> Er, s/puppet/ruby/
<twb> Particularly because the hosts (e.g. CentOS 4) I deal with usually need an out-of-band ruby
<twb> That, and $cow-orker tells me that it completely fails to cope with different versions of puppet on different hosts, i.e. you are forced to either keep everything at the version of your oldest distro, or forced to backport a newer puppet to those old boxes.
<\sh> twb, as a sysadmin + package maintainer I do say: backport the version you are using on your master...so this helps...we did that yesterday
<twb> \sh: that network was a collection of FC1 through to CentOS5
<twb> Backports = not fun
<twb> Oh, and the central server was of course the oldest one
<\sh> twb, ah...such an environment we don't use here...everything runs on the same OS + release...which helps
<twb> Yep, I agree
<twb> I would be a lot less annoyed with puppet if I was deploying it in a homogeneous environment, especially if all the hosts were in a single rack rather than in different countries
<\sh> hehe :)
<zul> morning
<ttx> smoser: ping
<zul> i think he is still on his holiday or donig black friday shopping
<ttx> zul: hm, he doesn't appear in the magic away list.
<zul> ttx: ah so it doesnt
<twb> Pfft, crazy Americans.
<twb> Black Friday may refer to: [...] Black Friday (shopping), day after Thanksgiving Day [...] Black Friday bushfires, a day of devastating bushfires in Victoria, Australia
<zul> ttx: should I put in the whiteboard why a package got rejected during the review? (python-celementtree)
<soren> \sh: I have no opinion on the subject.
<soren> \sh: I was just on a different mission when I did that upload. :)
<ScottK> twb: There are (IIRC) more than one Black Friday just in Ireland.
<ttx> zul: I'd not enter into too much detail in the whiteboard, but yes. Maybe use spec for details
<twb> Wouldn't surprise me in the slightest
<zul> k
<uvirtbot`> New bug: #489215 in net-snmp "snmpd sigserv" [Undecided,New] https://launchpad.net/bugs/489215
<COROh> hi.. need help ..Eucalyptus.. elasticfox.. putty instance access.. having key problems
<COROh> hi.. need help ..Eucalyptus.. elasticfox.. putty instance access.. having key problems
<jonny_boy27> any idea why apt-get dist-upgrade isn't working on a Feisty box I'm trying to upgrade?
<mdeslaur> jonny_boy27: feisty hasn't been supported in a long time
<jonny_boy27> I know it's not supported, that's why I want to upgrade my box ;)
<mdeslaur> jonny_boy27: well, apt-get dist-upgrade won't upgrade to a _newer_ release
<jonny_boy27> no? I was under the impression that it would
<jonny_boy27> oops, I meant intrepid, not feisty
<jonny_boy27> I got my 8 and 7 mixed up :P
<Pici> !dist-upgrade
<ubottu> A dist-upgrade will install new dependencies for packages already installed and may remove packages if they are no longer needed. Please see !upgrade for the proper release upgrade methods.
<mdeslaur> oh! well, yes, intrepid is still supported, and apt-get dist-upgrade should pull in intrepid updates
<mdeslaur> !upgrade
<ubottu> For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading
<jonny_boy27> aah, got it
<mdeslaur> soren: Dude! https://code.launchpad.net/~mdeslaur/vmbuilder/centos-support
<orudie> hi all i'm trying to set up postfix/dovecot on my new VPS. Here is what i see in mail.log after sending a test mail from my gmail to a user account on the box http://dpaste.com/125926/
 * matrix i need a decoder tool for buy ioncube decoder
<uvirtbot`> New bug: #489275 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade: le sous-processus nouveau script pre-installation a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/489275
<blackxored> in your experience what's the best log analyzer for squid cache proxy server?
<billybigrigger> orudie, seems like you missed a step somewhere
<billybigrigger> orudie, did you follow the server guide
<orudie> billybigrigger, i have debian server, but i followed ubuntu guide :)
<billybigrigger> did you install dovecot?
<orudie> yup
<orudie> its running
<billybigrigger> pastebin your main.cf
<billybigrigger> from postfix, and your dovecot-postfix.conf
<orudie> billybigrigger, http://pastebin.com/m4c5a6235
<billybigrigger> and your dovecot.conf
<billybigrigger> what dovecot package did you install?
<orudie> billybigrigger, yup just a sec
<billybigrigger> dovecot-common or dovecot-postfix?
<orudie> billybigrigger, i cant find dovecot-postfix.conf
<orudie> billybigrigger, dovecot-common
<billybigrigger> then you must have installed dovecot-common
<billybigrigger> dovecot.conf is the one then
<orudie> billybigrigger, i cant fit it in my terminal shell :)
<orudie> billybigrigger, to paste it
<billybigrigger> ok
<billybigrigger> open in nano or vi or whatever
<billybigrigger> look for mechanisms =
<billybigrigger> should be mechanisms = plain unless you have outlook clients, then you need to add login
<orudie> billybigrigger, mechanisms = plain login
<billybigrigger> then search for "socket listen {"
<billybigrigger> the master { section should be all commented out
<billybigrigger> and in the client { section....find path = /var/spool/postfix/private/auth-client
<orudie> billybigrigger, http://pastebin.com/m3a05ee1f
<billybigrigger> change your path to match ^^^
<billybigrigger> and restart dovecot
<billybigrigger> tail the mail.log as you try and resend your test email
<orudie> billybigrigger, so this path is wrong ? path = /var/run/dovecot/auth-client
<orudie> billybigrigger, thats what the ubuntu server guide says and i just checked /var/run/dovecot/auth-client exists
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/postfix.html
<billybigrigger> Configuring SASL
<billybigrigger> Next you will need to edit /etc/dovecot/dovecot.conf. In the auth default section uncomment the socket listen option and change the following:
<billybigrigger> path = /var/spool/postfix/private/auth-client
<billybigrigger>       mode = 0660
<billybigrigger>       user = postfix
<billybigrigger>       group = postfix
<billybigrigger> straight from the guide bud
<billybigrigger> path = /var/spool/postfix/private/auth-client is what i have on a working server
<orudie> billybigrigger, yes i see that you are right, but i just checked the path and the file aut-client is not there , but the directory path is there just no auth-client
<billybigrigger> billybigrigger@localhost:/var/spool/postfix$ sudo ls private/
<billybigrigger> anvil	     bounce  defer    error   lmtp   maildrop  proxymap    relay  rewrite  scalemail-backend  tlsmgr  uucp    virtual
<billybigrigger> auth-client  bsmtp   discard  ifmail  local  mailman   proxywrite  retry  scache   smtp		      trace   verify
<billybigrigger> Nov 27 16:19:50 server postfix/smtpd[28314]: warning: SASL: Connect to private/auth-client failed: No such file or directory
<orudie> billybigrigger, :)
<billybigrigger> ^^ is from your error, which means /var/run/dovecot/auth-client doesn't exist either
<uvirtbot`> billybigrigger: Error: "^" is not a valid command.
<orudie> billybigrigger, so you do have auth-client i dont
<billybigrigger> look in postfix/main.cf smtpd_sasl_path = private/auth-client
<billybigrigger> thats from my setup
<billybigrigger> thats where your error is coming from
<orudie> so what should i check ?
<orudie> billybigrigger, locate auth-client
<orudie> /var/run/dovecot/auth-client
<billybigrigger> The smtpd_sasl_path configuration is a path relative to the Postfix queue directory.
<billybigrigger> which guide are you following?
<billybigrigger> https://help.ubuntu.com/9.04/serverguide/C/index.html
<billybigrigger> err
<orudie> https://help.ubuntu.com/9.10/serverguide/C/postfix.html
<billybigrigger> not that one
<billybigrigger> ok, well your reading the same guide as me
<billybigrigger> it's all in there
<orudie> yeah i've been looking
<orudie> there
<orudie> for the past 3 days :)
<billybigrigger> if your reading that guide...
<billybigrigger> in /etc/postfix/main.cf smtpd_sasl_path = private/auth-client
<billybigrigger> and in /etc/dovecot/dovecot.conf path = /var/spool/postfix/private/auth-client
<orudie> billybigrigger, smtpd_sasl_path = private/auth-client says /etc/postfix/main.cf
<orudie> billybigrigger, my config
<billybigrigger> and your dovecot.conf
 * genii sips
<orudie> billybigrigger, http://pastebin.com/m3a05ee1f
<billybigrigger> ok, path = /var/spool/postfix/private/auth-client
<orudie> billybigrigger, is it normal to change the path even though the file doesnt exist ?
<billybigrigger> works for me
<billybigrigger> although i'm not on debian
<billybigrigger> but reading a guide on debianadmin.com shows path = /var/spool/postfix/private/auth
<billybigrigger> try it
<billybigrigger> what's the worst thats going to happen?
<billybigrigger> the same error? :P
<billybigrigger> i'd # comment that line out and insert a new one so you have the old path to revert back to though
<orudie> billybigrigger, ok i'm gonna try it now
<billybigrigger> remember to tail -f /var/log/mail.log while you send that test message
<orudie> billybigrigger, http://pastebin.com/m1d4b97dc
<billybigrigger> path = /var/spool/postfix/private/auth-clien
<billybigrigger> clien?
<orudie> :)
<orudie> yeah i saw i fixed it
<orudie> :)
<orudie> billybigrigger, good news http://pastebin.com/m754d2401
<billybigrigger> in postfix/main.cf what does mynetworks =
<orudie> billybigrigger, new error but i think its still not complete
<billybigrigger> !logs
<ubottu> Official channel logs can be found at http://irclogs.ubuntu.com/ - For LoCo channels, http://logs.ubuntu-eu.org/freenode/
<billybigrigger> oh
<billybigrigger> not mynetworks
<orudie> billybigrigger, :)
<billybigrigger> orudie, make sure mydestination= is setup properly
<billybigrigger> mydestination = mail.rootforum.net, server.wtfever.net, localhost.wtfever.net, localhost
<billybigrigger> is what you have
<billybigrigger> this is what it SHOULD look like
<billybigrigger> mydestination = rootforum.net, mail.rootforum.net, server.wtfever.net, localhost.wtfever.net, localhost
<billybigrigger> otherwise you need to send mail to @mail.rootforum.net
<billybigrigger> but i imagine you want to send mail to @rootforum.net
<orudie> billybigrigger, yes :)
<orudie> billybigrigger, ok i just changed the line
<orudie> billybigrigger, http://pastebin.com/m4ea07950
<billybigrigger> all is good then
<orudie> billybigrigger, thanks a lot, do you  mind to see if i can connect with thunderbird
<orudie> ?
<billybigrigger> sure
<orudie> billybigrigger, i keep getting connection refused from thunderbird
<orudie> billybigrigger, trying to add mail account to thunderbird :)
<billybigrigger> what protocols are you using?
<billybigrigger> imap imaps pop3 pop3s?
<orudie> billybigrigger, i Only want to use pop3
<orudie> billybigrigger, but i'm not sure whats setup :)
<billybigrigger> what do you mean your not sure?
<billybigrigger> YOU set it up
<billybigrigger> :P
<t0rc> I've installed ubuntu server on a machine without a monitor. Do I have to login to that machine before it will start sshd and other processes, such as LAMP, and what not, or does it do it automatically and is fine sitting at the login screen?
<billybigrigger> t0rc, ssh should be installed/started on first boot
<billybigrigger> orudie, sudo netstat -ntlp4 |grep LISTEN
<t0rc> billybigrigger, so even though it is sitting at the: login: whatever screen, it should be running sshd?
<billybigrigger> yeah
<billybigrigger> orudie, that netstat command will tell you whats open and accepting connections on your server
<t0rc> So if I picked, "do not configure network at this time" during installation, do I need to go configure the network now? or would it automatically figure out it needs DHCP?
<billybigrigger> hehe
<billybigrigger> t0rc, your going to need to plugin a monitor and configure networking before you can ssh
<t0rc> dammit lol
<t0rc> all right; how do I go about configuring the network then?
<orudie> billybigrigger, http://pastebin.com/m74837440
<billybigrigger> t0rc, can i ask why you didn't setup dhcp on install?
<billybigrigger> orudie, do you see dovecot listed there?
<billybigrigger> i would say you don't have any protocols in use :P
<billybigrigger> edit /etc/dovecot/dovecot.conf and look for protocols =
<billybigrigger> restart dovecot and run netstat again
<t0rc> billybigrigger, well I had it in a different room at the time of install and it wasn't connected to the LAN
<billybigrigger> t0rc, ahh
<billybigrigger> t0rc, honestly i've never setup networking from scratch
<billybigrigger> but....i imagine you could start at /etc/network/interfaces
<orudie> billybigrigger, dovecot.conf shows protocols = none , which protocol do you recommend ?
<billybigrigger> <orudie> billybigrigger, i Only want to use pop3
<billybigrigger> :P
<orudie> billybigrigger, yeah, it works for me on the other server , but do you recommend perhaps to use something else ?
<billybigrigger> i use imaps
<t0rc> billybigrigger, indeed, thanks. Do you know of a way to prevent external access to the machine? Say, I want to block all IPs except local ones?
<billybigrigger> t0rc, iptables
<billybigrigger> iptables --list should show any rules you have set...by default there all set to accept
<billybigrigger> you could change it to deny, and add an exception for your lan
<orudie> billybigrigger, so to define pop3 , the line should say: protocols = pop3 or protocols = POP3 ?
<X-M4-X> hello i need help setting up mysql
<billybigrigger> orudie, pop3
<billybigrigger> k i gotta run
<billybigrigger> payday so i need to get some bills paid and some shoppin
<billybigrigger> later
<orudie> billybigrigger, later thanks for help
<orudie> as soon as i changed protocols = none to protocols = pop3 , I get error  Can't use mail executable /usr/lib/dovecot/pop3: No such file or directory
<orudie> Fatal: Invalid configuration in /etc/dovecot/dovecot.conf
<X-M4-X> Can someone tell me how to edit files? Please,, it would be helpful thing to know
<bogeyd6> X-M4-X use nano
<X-M4-X> nano?
<guntbert> X-M4-X: use vi or nano (with sudo if necessary)
<bogeyd6> !nano | X-M4-X
<ubottu> X-M4-X: Text Editors: gedit (GNOME), Kate (KDE), mousepad (Xfce4) - Terminal-based: nano, vi/vim, emacs - For HTML/CSS editors, see !html - For programming editors and IDE, see !code
<X-M4-X> thanks now i can enter the incluedes for webcp
<X-M4-X> and enter mysql information
<bogeyd6> !mysql | X-M4-X
<ubottu> X-M4-X: LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<bogeyd6> :PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
 * bogeyd6 sexors ubottu
<X-M4-X> !mysql error access denied for root@localhost using password NO
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<ruben23> hi
<X-M4-X> so dont i need to enter my password?
<bogeyd6> X-M4-X not if you are the root user, there is typically no password for root@localhost
<bogeyd6> however if you are any other user you will not be able to use root@localhost
<guntbert> !root | bogeyd6
<ubottu> bogeyd6: Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo
<bogeyd6> !noroot | guntbert
<ubottu> guntbert: We do not support having a root password set. See !root and !wfm for more information.
<X-M4-X> root password isnt existant unless you set it, you will not be able to do anything
<bogeyd6> !sudo | X-M4-X
<ubottu> X-M4-X: sudo is a command to run programs with superuser privileges ("root"). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (Gnome, XFCE), or !kdesudo (KDE)
<guntbert> bogeyd6: so why did you ask X-M4-X "if you are the root user"
<bogeyd6> guntbert please re-read said lines from my client and then make a rational decision
<X-M4-X> I always just log in as root to my server its easier
<bogeyd6> X-M4-X not supported here brah
<X-M4-X> i need to get into mysql and set up webcp
<bogeyd6> X-M4-X i dont even know how to use webcp :)
<X-M4-X> me neither i would install cpanel but its not free
<bogeyd6> you gonna have to check their websitre
<X-M4-X> cpanel isnt free so i would find it nulled but thats illegal and i dont feel like getting raped in prison
<bogeyd6> X-M4-X http://www.web-cp.net/forums/login.php?redirect=../chat.php
<billybigrigger> orudie, you still having pop issues?
<billybigrigger> orudie, i don't think your following the guide to well :)
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/dovecot-server.html
<billybigrigger>  To install dovecot, run the following command in the command prompt:
<billybigrigger> sudo apt-get install dovecot-imapd dovecot-pop3d
<billybigrigger> if your never going to use imap or imaps, don't install dovecot-imapd
<orudie> billybigrigger, i installed pop3d and autheticated through thunderbird, now trying to figure out outgoing server
<billybigrigger> are you trying to connect from home?
<orudie> yup
<billybigrigger> hehe
<orudie> port 25 issue ?
<billybigrigger> i don't know your isp, but most isps block outbound port 25
<billybigrigger> yeah
<orudie> ISP ?
<orudie> ok
<billybigrigger> you need to use the submission port
<orudie> 587?
<billybigrigger> ie, edit /etc/postfix/master.cf and uncomment the submission stuff and restart postfix
<billybigrigger> yeah
<billybigrigger> then tell tbird to connect on 587
<ScottK> This is a good general practice even if 25 isn't blocked.
<X-M4-X> how do i add a mail account,
<orudie> submission inet n       -       -       -       -       smtpd
<orudie>   -o smtpd_tls_security_level=encrypt
<orudie>   -o smtpd_sasl_auth_enable=yes
<orudie>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
<orudie>   -o milter_macro_daemon_name=ORIGINATING
<orudie> i uncommented all that , is that right ?
<ScottK> A lot of public internet providers like ISPs and hotels transparently redirect port 25 through their MTAs even if they don't block it.
<billybigrigger> yeah
<orudie> billybigrigger,
<orudie> ok
<billybigrigger> orudie, yes
<billybigrigger> ScottK, good to know
<billybigrigger> so don
<billybigrigger> err.
<billybigrigger> so don't even bother using port 25, just setup all clients to use smtp 587
<billybigrigger> is what your saying
<ScottK> billybigrigger: For mail client to MTA submission, yes.
<ScottK> For some legacy MS clients you may also need SMTPS on port 465.
<X-M4-X> outlook & windows mail ftw!
<billybigrigger> bahaha
<orudie> billybigrigger, ok, i did that still having trouble with outgoing in thunderbird, however its giving a new error now about connecting to smtp server
<billybigrigger> are you using secure connection and STARTTLS?
<billybigrigger> or ssl/tls?
<billybigrigger> i have tbird setup on mine to use 587, with NO secure auth, and STARTTLS
<X-M4-X> guys i love my server lol
<billybigrigger> tbird 3.0 that is, im sure 2.0 is similar in dialogs, but maybe worded different
<orudie> billybigrigger, seems all ok now , was my thunderbird input
<orudie> billybigrigger, you have no idea how thankful I am
<billybigrigger> meh
<billybigrigger> i was in the same boat as your for the last couple of days :)
<orudie> billybigrigger, the only thing that I want to do still is spamassasin and antivirus
<billybigrigger> just passing what i learned from mr marsden :P
<billybigrigger> https://help.ubuntu.com/9.10/serverguide/C/mail-filtering.html
<billybigrigger> is your best bet :P
<X-M4-X> hey can i add an account to dovecot, is there a default one i can use to test on?
<billybigrigger> ?
<billybigrigger> unless you have setup virtual users, then just add a user to your system
<billybigrigger> user@yourdomain.com
<X-M4-X> I got my mail server to finally accept connections however i need to add an account.......thanks
<billybigrigger> use your non-root account
<soren> mdeslaur: You must be mad :)
<billybigrigger> X-M4-X, orudie did you both setup aliases for your root account?
<billybigrigger> ie, all mail sent to root@yourdomain.com forwarded to your non-root email
<X-M4-X> no
<orudie> billybigrigger, nope
<X-M4-X>  Ok i tried doing root@devhost     as in devhost being the servers hostname and it pops up again asking for a username
<billybigrigger> look into /etc/aliases
<billybigrigger> ie. webmaster:   root, then on a new line root:   yourusername
<billybigrigger> any mail to webmaster@ or root@ will be forwarded to your non-root mailbox
<X-M4-X> cd /etc/aliases  not a directory
<X-M4-X> maybe i should look in mail name?
<X-M4-X> actually i never set up aliases maybe i should do that first?
<jmarsden> /etc/aliases is a file, not a directory :)
<jmarsden> Look in it with less /etc/aliases    or edit it with  nano /etc/aliases  or whatever editor you prefer
<X-M4-X> k well postmaster:   root is the only line in the file
<jmarsden> X-M4-X: You should probably add a line that says    root: xm4x       and then run sudo newaliases (where xm4x is your username on the machine)
<X-M4-X> ok ill try that
<X-M4-X> ugh
<X-M4-X> asking for credentials
<jmarsden> Who is asking for what credentials when?
<unit3> anyone here using libvirt with kvm? I had a test setup with two machines, where live migration was working...
<unit3> and now it's busted, and I'm not sure why.
<unit3> the VM moves, but it's DOA at the other end.
<unit3> kvm is running, and you can connect to the console (serial and vnc), but the OS is hard locked.
<jmarsden> unit3: I've used KVM, but only on a single physical server.  Did you try asking in #ubuntu-virt ?
<unit3> oh, no, didn't know the channel existed. I'll head there, thx. :)
<jmarsden> No problem.
<orudie> billybigrigger, i added line root: user right under webmaster: root
<orudie> billybigrigger, any services to restart ?
<ryker> can anyone point me in the right direction on how to change the hostname on my 9.10 server?
<ryker> i've modified /etc/hosts, /etc/hostname, used hostname <name>, and it always changes back on reboot
<ryker> this is on the default ec2 image
<X-M4-X> ok i think i figured it out
<ruben23> jmarsden: hi, whats the purpose of KVM device
<jmarsden> There's a kvm device?  As in /dev/kvm ??   Or do you mean, a keyboard/video/monitor switch?
<ruben23> jmarsden: yeah, what KVM you mention about..?
<jmarsden> Oh, that wasn't a device.  In that context, KVM is a technology for running virtual machines.  See https://help.ubuntu.com/community/KVM
<ruben23>  jmarsden:ok sorry..
<X-M4-X> can i just not require authentication for testing purposes ??
<jmarsden> authentication for what service(s) for what purposes?   Like -- no passwords at all on all logins?  Bad idea :)
<X-M4-X> email
<jmarsden> Are you talking SMTP auth, or for ldap/pop3 login?
<X-M4-X> no auth required on incoming and outgoing server
<jmarsden> You could turn off SMTP auth (which should only be needed when you want to have the server relay a message to a remote domain)... then you'd have created an open relay and would get on various blacklists rather quickly...!
<jmarsden> Why is SMTP auth a problem for your testing?
<X-M4-X> I cant login to the mail server for anything
<jmarsden> Then you need to fix that.  Can your (non-root) user receive mail over SMTP OK?
<X-M4-X> i cant login with either one to any email client
<jmarsden> That doesn't answer my question.  You don't need to log in to send email to someone (otherwise you would be able to send me email unless I have you my password...!)
<jmarsden> *gave
<jmarsden> CAn you telnet to port 25 of the server and send an email to youruser@yourdomain.com     and have it be delivered to that user?
<X-M4-X> no it is asking for a username and password to be able to access the mail server
<jmarsden> That does not sound correct.  Is this server on the Internet?  Can you tell me its IP address and the user@domain.com email address of a user on that server?
<jmarsden> So i can test it from here.
<X-M4-X> i can put it on the internet give me a few minutes to get the ports forwarded for smtp and whats the imap port?
<jmarsden> 143, but I don't need that one on the Internet.   However, I have to go and do some real work for a client fairly soon...
<X-M4-X> ok well the ip is 67.9.256.96  user is admin@devhost
<X-M4-X> domain should just be devhost if not try admin@devteamsn.com
<jmarsden> Ok, let's see what I can find...
<jmarsden> Um.  256 is not a vaild 8 bit number...
<jmarsden> *valid
<jmarsden> So that is not an IP v4 address
<X-M4-X> oops sorry its 246 lol
<jmarsden> Do you *really* have a username of admin on that machine?  and it really has a domain name of devteamsn.com ?  It shows up as ubuntu.localdomain in the SMTP banner...
<jmarsden> I am not being prompted for a password to send you email, BTW.  I just keep getting told the email user I am sending to does not really exist, basically...
<X-M4-X> Really? how in the .......im switching mail clients   and how do you find ubuntu.localdomain i thought i changed that
<jmarsden> telnet 67.9.256.96 25  and read the banner :)
<jmarsden> I have to go, will probably be back here in a few hours... recheck your configuration carefully.  Look through everything   sudo postconf -n   outputs for anything you don't expect...
 * X-M4-X afk
<X-M4-X> ahhhhh
<abbec> i have a problem running bzr stat onan nfs4 share... anyone?
<X-M4-X> Im about to purge and reinstall the entire dovecot-postfix package
<abbec> i have a problem running bzr stat on an nfs4 share... the command just hangs.... help anyone?
<X-M4-X> anyone here
<bogeyd6> me
<X-M4-X> you know the mail server right?
<bogeyd6> !dovecot
<ubottu> IMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer for information on the SMTP protocol
<X-M4-X> i need to know how to change ubuntu.localdomain
<bogeyd6> X-M4-X https://help.ubuntu.com/8.04/serverguide/C/email-services.html
 * soren calls it a day (and week)
<uvirtbot`> New bug: #489384 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/489384
<X-M4-X> thanks but that failed
<mdeslaur> soren: oh? that qualifies me as being mad? :)
<X-M4-X> apt-get updates
<X-M4-X> oops
<X-M4-X> wrong keyboard
<X-M4-X> its always a good idea to run that command?
<flagg0204> i have an emi image that i am trying to get running with eucalyptus 1.6 on karmic.  the image was modified from euca-ubunut-9.04.  the disk size is 1.5G, but when i try and do a euca-run-instance with m1.small, it dies do to (not enough disk space on VM of type instance i-xxxxxx).  but if i use c1.medium is deploys just fine.  is the disk space for c1.small really 2gig as euca-describe-availability-zones verbose says?
<uvirtbot`> New bug: #489398 in drbd8 (universe) "Unable to use use LVM with DRBD block devices as PV" [Undecided,New] https://launchpad.net/bugs/489398
<claytron> hello
<claytron> anyone using Ubuntu with Linux Virtual Server (LVS) for load balancing?
#ubuntu-server 2009-11-28
<uvirtbot`> New bug: #489418 in krb5 (main) "Strange behavior of libkrb5 since karmic ..." [Undecided,New] https://launchpad.net/bugs/489418
<khelvan> Hello, I have a quick question - what is the proper shutdown command to shut down the server completely and not have it reboot to the recovery console?
<epinky> khelvan: sudo init 0
<ryker> khelvan: or 'halt' should work as well
<orudie> I still can't figure out how to make thunderbird stop asking me to verify the certificate on the server that I have set up
<Eloff> trying to install php5, but it tries to pull in libapache2-mod-php5, which removes mpm-worker and replaces it with mpm-prefork
<Eloff> that's not acceptable to me, how can I just install php5 without the apache crap?
<Eloff> (forgot to mention I'm using karmic)
<orudie> I had the same problem with my other server and I fixed it somehow just don't remember how :)
<Eloff> woot, just figured it out, install php5-cgi first
<Eloff> I got the idea looking at the package at: http://packages.ubuntu.com/karmic/php5
<Eloff> depends on libapache2-mod-php5 or php5-cgi or ...
<khelvan> epinky, ryker, thanks - sudo init 0 works great.
<X-M4-X> AH!
<X-M4-X> im getting more and more issues every minute
<pulledteeth> I'm trying to install samba4 and having a hell of a time with it. I can't access the shares from windows 7. I can, however, from XP
<pulledteeth> (Using ubutnu server, so hince why I am here)
<pulledteeth> Anyone at all got /any/ ideas?
<jmarsden> pulledteeth: Google for samba windows 7 problems and you will see plenty of ideas...!  Here is one example: http://www.tomshardware.com/forum/75-63-windows-samba-issue
<pulledteeth> been there
<pulledteeth> worked for a bit
<pulledteeth> kept bluescreening my PC. So I wiped samba. Now I can't even get back to where I can see the shares :|
<jmarsden> pulledteeth: You could try asking in #samba
 * pulledteeth nods
<pulledteeth> already am
<uvirtbot`> New bug: #485106 in euca2ools "euca2ools should read config and credentials from config file" [Wishlist,Confirmed] https://launchpad.net/bugs/485106
<mickster04> hey how do i change the text displayed after a remote logon thru ssh?
<ninjah> Is there a way to get Ubuntu to reread /etc/hosts?
<ninjah> Not sure if that's needed
<mickster04> ?
<ninjah> I'm trying to install the email system Zimbra. It's reading /etc/hosts but it doesn't like it
<ninjah> I don't know why
<ninjah> I made some changes but it still doesn't like it
<ninjah> Should be correct.
<mickster04> oh
<mickster04> i dunno im askin for help meself
<ninjah> I guess we're both lost
<ninjah> What's your problem? I must have mist it.
<mickster04> hey how do i change the text displayed after a remote logon thru ssh?
<mickster04> os my exacct question:/
<ninjah> change.... What kinda change?
<mickster04> well atm it tells me stuff like load an users etc
<mickster04> i wanna add to it
<billybigrigger> mickster04, you need to change your MOTD
<billybigrigger> message of the day
<billybigrigger> edit /etc/motd
<mickster04> i tried that it didnt seem to work:/
<ninjah> motd is the file.
<ninjah> you need to log out and log back in to see the change
<mickster04> i did
<mickster04> an it hasnt kept the changes
<ninjah> is this the message you see when you log in?
<mickster04> sudo nano /etc/motd
<mickster04> the one i had before i changed owt
<ninjah> hmm...
<ninjah> That's the file
<ninjah> and that's the command
<ninjah> strange
<mickster04> yeah
<mickster04> :/
<mickster04> i also get Last login: Sat Nov 28 06:53:54 2009 from mike-laptop.lan added
<mickster04> linux "servername" 2.6.31-15-generic-pae #50-Ubuntu SMP Tue Nov 10 16:12:10 UTC 2009 i686
<mickster04> at the top..
<mickster04> so it seems to match
<mickster04> but it never seems to save
<billybigrigger> sudo update-motd
<mickster04> command not found
<mickster04> wait
<mickster04> not still not found
<mickster04> ooh motf.tail allowed me to change sumat
<billybigrigger> oh update-motd is part of landscape
<billybigrigger> sorry
<mickster04> motd,tail*
<mickster04> how to set up a samba share properly?
<alkisg> Hi, I'm trying to use /etc/network/if-up.d/ethtool to specify some ethtool settings. Where does it get its $SETTINGS variable from? From /etc/network/interfaces? How would I export environment variables from /etc/network/interfaces?
<alkisg> I think what I'm asking is related to this sentence from `man interfaces`, but I'm not sure of its meaning: "Additionally, all options given in an interface definition stanza are exported to the environment in upper case  with  "IF_"  prepended  and  with hyphens converted to underscores and non-alphanumeric characters discarded."
<mickster04> anyone how to set up a samba share properly?
<abbec> i have a problem with the lockd in nfs4, anyone care to help?
<abbec> it says svc: failed to register lockdv1 RPC service (errno 97)
<abbec> this is causing problems with bazaar for example cause bzr stat makes os-level locking...
<abbec> how do i fix this?
<abbec> anyone having an idea????
<abbec> how do i start the lockd service?
<mickster04> samba isnt working!
<baccenfutter> hi folks... am I assuming correctly, that if I have OpenSSH in my ufw app list, ssh connection should work? or must I set additionalÃ¶ port rules?
<mickster04> well aslong as your router is set up? across a lan a shoulnt see why not?
<baccenfutter> I am testing in my LAN
<baccenfutter> when i disable ufw ssh works fine
<baccenfutter> when I enable it, it times out
<baccenfutter> second it = ssh
<mickster04> hmm
<baccenfutter> what's the sense of app filters, if I have to add additional port rules? 0o
<mickster04> well rules are for when its not just an app?
<mickster04> iunno
<baccenfutter> hm... *confused*
<baccenfutter> I'll get into trial-error then
<mickster04> have fun
<AnirbanHazra> A bad guy has pointed his domain name to my VPS ip .. and it is eating up my BW. How to block it. I am on Hardy
<uvirtbot`> New bug: #489535 in ethtool (main) "Sync ethtool 6+20090323-3 (main) from Debian testing (main)" [Undecided,New] https://launchpad.net/bugs/489535
<frojnd> Hello there
<frojnd> I am on a 8.4 LTS 32bit server at home
<frojnd> but I have to make / bigger since the server will also have lxde installed for my sis...
<baccenfutter> AnirbanHazra: man hosts.deny
<frojnd> so.. how can I backup settings?
<frojnd> I'll also install a 64bit version not since cpu is 64bit...
<frojnd> not=now
<baccenfutter> frojnd: don't install 64 just because your cpu is 64 bit
<baccenfutter> great...
<baccenfutter> AnirbanHazra: sry, that seems to not be what you are lookign for...
<AnirbanHazra> ??
<baccenfutter> AnirbanHazra: you could go about and tell apache to respond 0 bytes to a query on domain xy.tld
<AnirbanHazra> baccenfutter: How to do that ?
<baccenfutter> AnirbanHazra: hm... you could create a vhost pointing to an ampty dir
<baccenfutter> s/ampty/empty/
<baccenfutter> that would not be 0 byte respond, since headers are still transmitted, however it should lower the traffic volume
<baccenfutter> AnirbanHazra: what's the domain name pointing to you?
<baccenfutter> the one you wanna get rid of?
<baccenfutter> the "not your's"
<serpentologist> how to install git in Ubuntu? i installed git-core package from repository, but git-init-db command is not present
<baccenfutter> AnirbanHazra: if you wanna go cool, just place a google ad-sense klicky botty earning you mony on every page load coming from that domain ;)
<baccenfutter> AnirbanHazra: that should pi... the attacker off xP
<uvirtbot`> New bug: #489539 in ethtool (main) "Please sync ethtool 6+20090323-3 (main) from Debian unstable (main)." [Wishlist,New] https://launchpad.net/bugs/489539
<baccenfutter> AnirbanHazra: teh write a sencire email to the domain owner asking if he could link more domains on your IP^^
<baccenfutter> s/teh/then/
<baccenfutter> AnirbanHazra: other than that, I found this for you on google: http://mediakey.dk/~cc/block-referer-spam/
<peterlh> why does dspam mysql driver have Mysql-Server as a dependency? :/
<peterlh> woops.. nevermind
<Maleko> is it possible to check the state of server deamon app by pinging its port?
<AnirbanHazra> baccenfutter:  www.GalaxyMu.net ( sorry for late response )
<baccenfutter> AnirbanHazra: no bad, chat is an asynchronous medium
<baccenfutter> AnirbanHazra: check your query
<epinky> Maleko: mmm, ping on a port? maybe "tcping" could do the work
<Maleko> epinky the daemon app uses udp
<epinky> Maleko: http://www.helsinki.fi/~jppesone/code/UDPing/
<Maleko> java?
<uvirtbot`> New bug: #458352 in mountall (main) "Karmic - Corrupted Recovery Menu (dup-of: 456806)" [High,Incomplete] https://launchpad.net/bugs/458352
<ravenstein> Hello, is somebody using unionfs in the amazon ec2?
<uvirtbot`> New bug: #489585 in ntp (main) "Incorrectly messaging "Starting/Stopping NTP server" in ifup/ifdown scripts" [Undecided,New] https://launchpad.net/bugs/489585
<jdstrand_> baccenfutter: on the machine you want to allow ssh on, do 'sudo ufw allow OpenSSH' followed by 'sudo ufw enable'. That is all that should be required. If you have changed the port ssh listens on (ie, in /etc/ssh/sshd_config), then you will have to use 'sudo ufw allow <port>/tcp' instead
<jdstrand_> well, or change /etc/ufw/applications.d/openssh-server instead
<baccenfutter> jdstrand_: ah, now it makes sense, too ;) thx
<uvirtbot`> New bug: #489540 in mysql-dfsg-5.1 (main) "package zoneminder 1.24.1-1ubuntu2 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,Incomplete] https://launchpad.net/bugs/489540
<uvirtbot`> New bug: #489307 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade:  (dup-of: 108189)" [Undecided,Confirmed] https://launchpad.net/bugs/489307
<Jimbo> hi.. need little help with some crazy stuff.. when i'm trying to start app bash says no such file or directory, but.. when ls -l file is there.. i checked rights three times appears to be correct, but still nothing... i'm stucked.. could somebody help me? ;) or give an advice?
<buddyrnd> I'm trying to run powerdns on an ec2 instance... nslookup and dig are working fine from the instance itself but when i try from outside (via an elastic ip) i get a "connection timed out; no servers could be reached". port 53 is open, showing up on an nmap and i can telnet in to port 53
<jmarsden> buddyrnd: DNS uses both TCP and UDP, telnet only tests TCP... is UDP being blocked somehow?
<jmarsden> buddyrnd: also, see whether dig @yourserver example.com +tcp      works
<buddyrnd> jmarsden: i didn't open udp, i'll try that now thanks!
<jmarsden> You're welcome
<buddyrnd> that was it :D
<eqx311> hi
<eqx311> ec2-init and metadata .. is there some url reference to this subject ?
<trimeta> How easy is it to use the server install CD to set up a RAID 5 with 3+1 drives, but only physically have three drives at install-time (and drop in the fourth drive at some later point)?
<trimeta> In my setup, the fourth drive is going to be holding the data from an old system, which I'll first want to copy onto my new system before it gets integrated into the array.
<billybigrigger> mdadm should support a hotswap device
<trimeta> It's not hotswap, per se; it's a four-drive array with one parity drive, only I'm only going to be using three of those drives when actually installing.
<billybigrigger> sorry, i'm not familiar with R5
<trimeta> Ah, OK.
<billybigrigger> only have ever setup 1 and 10
<trimeta> What I currently have is effectively 10, though I'm using LVM to join the two RAID 1 devices rather than a RAID 0.
<trimeta> So the plan is to break one of those RAID 1s by swapping one of the drives for one of my new drives, copy everything onto the new drive, swap out the other three for my three new drives, make a new RAID 5 with those, copy over the data, then integrate the drive-with-old-data into the RAID 5.
<trimeta> It'd be nice if I could do much of that directly via the installer, rather than having to switch over to a different vterm and mess with mdadm and the vgstuff myself.
<trimeta> Especially since I don't entirely trust myself to set up the RAID 1 boot partition properly to ensure that I'll still boot regardless of which drive fails.
<trimeta> Hmm, I could create a new virtual machine to model the system and see how difficult setting things up is on it...
<trimeta> OK, the RAID setup in the server install CD will let me create my first device illegally; that is, I set up my RAID 1 boot area with 4 devices but don't actually assign the fourth spot (since it'll be added with the last drive). But when trying to make my RAID 5 with 4 slots and only 3 actual RAID physical volumes left, it won't let me even try.
<trimeta> Any advice for working around that? Or will I have to just do everything manually and then scan the drives to get the areas to install onto?
<trimeta> Before I go on, does anyone here know much about RAID?
<trimeta> I know there's "don't ask to ask, just ask," but if the room's empty...
<cemc> how can I calculate the exact size of a partition?
<kane_> cemc: depending how exact, df or fdisk will tell you
<jmarsden> trimeta: The room is not empty.  So ask your real question
<trimeta> jmarsden: I'd been asking before about related things with no answer; anyway, here it is.
<trimeta> I'm trying to set up a RAID 1, but I'm getting the error "mdadm: /dev/sda1 is too small: 0K". fdisk /dev/sda confirms that sda1 isn't that small; what's going on?
<trimeta> This was starting from a blank disk and creating the partitions in fdisk; nothing else has been done with the disk.
<jmarsden> trimeta: Is /dev/sda1 really the device node you think it is?  Googling for that error shows several threads about it, did you already read them?
<trimeta> It's the one I created with fdisk, yes.
<trimeta> Type fd, before you ask.
<jmarsden> Um.  So the device node is definitely a block device major 8 minor 1, you checked?
<trimeta> fdisk /dev/sda shows me the two partitions on that drive, sda1 and sda2.
<trimeta> And neither are zero in size.
<jmarsden> trimeta: That is not what I asked you at all.
<jmarsden> Did you verify that the device node /dev/sda1 is a block device with major 8 and minor 1?
<trimeta> How would I do that?
<jmarsden> Please don't answer "yes" when you mean "I don't know"... what does    ls -l /dev/sda1   output?
<trimeta> brw-rw----  1 root    root     9, 127   Nov 28 18:11 /dev/sda1
<jmarsden> Bingo.  9,127 ?
<trimeta> (Not copy-pasted per se, since I don't have shared buffer, but that's what it looks like.)
<jmarsden> Has this system used a SCSI disk as sda before?
<trimeta> It's a virtual machine with completely fresh disks connected to the virtual SATA controller.
<trimeta> So I have no idea what effect that has on this.
<trimeta> I figured that before I tried to do something complex with real hardware, I'd see what problems I ran into when using VirtualBox.
<jmarsden> Hmmm.  Something feels odd here.  In a (VirtualBox) VM here, /dev/sda is 8,0 and /dev/sda1 is 8,1.  Yours is 9,127...
<jmarsden> Somehow your set of device nodes is ... unusual, and that is what is causing this error.
<trimeta> Just ls'ing sda, sdb, and sdc gives me 8,0, 8,16, and 8,32.
<jmarsden> OK, so sda is 8,0 at least.  As a "dirty" fix, try    sudo mknod /dev/sda1 b 8 1
<jmarsden> and then try creating the array again.
<jmarsden> Might need to sort out sda2 similarly.
<trimeta> File exists.
<jmarsden> OK, rm it and then mknod it.
<trimeta> sda2 is correct, oddly enough.
<trimeta> OK, removing it and recreating it seems to have worked, at least insofar as ls is concerned...let's see what mdadm says.
<trimeta> Seems to have worked. Thanks!
<jmarsden> No problem.
#ubuntu-server 2009-11-29
<trimeta> Hmm...upon finishing the install and rebooting, I get the following:
<trimeta> GRUB loading.
<trimeta> error: biosdisk read error
<trimeta> And nothing more.
<trimeta> I don't know if that VirtualBox not booting successfully off of its virtual SATA controller, or something to do with how I made a RAID1 /boot partition.
<trimeta> *that's
<trimeta> Maybe I didn't mark things as bootable with fdisk when I should have?
<trimeta> Wait...after waiting a bit further, it appears to continue booting fine.
<jetole> hey guys, does anyone know how I can run a program on my linux nat box and see what bandwidth usage is per connection for all hosts on our network? something to help me isolate the source (and do a temp iptables block) when one user is slowing the network
<thenetduck> hey how can I transfer a file from my desktop via ssh to my server in the command line?
<thenetduck> 5:33 PM
<thenetduck> oops
<jetole> thenetduck: scp file.txt server.domain:
<jetole> also look into sshfs and afuse
<thenetduck> cool thanks jetole
<jetole> anything after the : is a path and name, your home directory on the server is the default
<jetole> for example scp file.txt server.domain:/home/jetole/Documents/October
<jetole> if that directory exists on the remote server it copies it there
<jetole> if the dir October doesn't exist then it copies file.txt to Documents with the new name October
<jetole> that works both ways, scp server.domain:myfile.txt file2.txt copies myfile.txt in your home dir on the server to your current server renaming it to file2.txt on your current server
<jetole> works a lot like the cp command
<jmarsden> jetole: for your bandwidth monitoring needs, ntop could be worth a look.
<jetole> well he left but no, ntop isn't. ntop is a neat past tense statistics tool but not designed for real time monitoring
<jetole> I found jnettop which seems to work real well
<jetole> I used another app in the past and was hoping I can find it again but so far no
<jetole> ah, found it, it was pktstat but I think I am gonna switch to jnettop
<maxagaz> hi
<maxagaz> sudo echo foo > bar doesn't work, what else should i use ?
<eqx311> ec2-init and metadata .. is there some url reference to this subject ?
<t0rc> what are some suggestions for remote server management? I've looked at Nagios, Zenoss, and Webmin. Any preference of the three? Zenoss looked the best. Anyone have experience with it on ubuntu?
<jetole> join #bash
<Mickster04> yo is it possible to use a wireless usb to get the connection for a server?
<Mickster04> sorry
<Mickster04> in order to connect the server to the internet/lan, can i stilck a usb pen in and get it to connect?
<mickster04> is ther anyway to get wireless working in ubuntu server?
<mickster04> is ther anyway to get wireless working in ubuntu server?
<siwon> hello all
<siwon> got a question about this
<mickster04> really?
<siwon> was going to use freenas to share my media across a network but it doesn't give me what i need which is supporting multiple drives of different sizes with media cobtebt on them already
<siwon> is the server addition good for this to share media exclusively and through a webgiu
<siwon> want to set it up with no monitor and forgert about it A
<mickster04> im sorry to say theres no one her
<mickster04> e
<siwon> also need to know if ubunto will support my promis tx 133 ide card??
<siwon> ah wel nothing new
<siwon> theres never anyone in the freenas channel either and i just get the feeling they don't give a shit about anyone in there forums
<mickster04> ya
<thenetduck> hi, I created a key and we issued an ssl cert from godaddy. the problem is I forgot the password to the key I created. I was wondering if there is something I can do now?
<jmarsden> There are people here.  If I knew whether Ubuntu supported a Promise TX133 I'd offer an opinion... but I don't :)
<thenetduck> or do I have to regenerate my key?
<thenetduck> also, if I regenerated my key, will I have to be re-issued an ssl cert?
<ScottK> thenetduck: You should probably ask Godaddy.
<jmarsden> thenetduck: I think you need to ask GoDaddy; they may do another cert for you for free, or they may want to charge you all over again...
<qman___> thenetduck, in all likelihood, yes, and yes
<qman___> though godaddy may be able to help you
<ScottK> siwon: There is a link in the topic on asking good questions.  My first advice is read it, follow it's advice, and then, if you need to, come back and ask again.
<qman___> siwon, I don't know if it will support your exact card, but I use Promise TX4s with Ubuntu without issue
<qman___> the best way to find out is to try it
<siwon> Yeah i'm just going to give it a shot cause I haven't tried the server edition and it did'nt work for me with the home version of jaunty
<siwon> TY
<siwon> basicly I just want to pool my drives together but for some reason i can't find any good software that will do that without having some kind of raid configuration that will eliminate space on larger drives, i looked into drobo but i'm not paying money for something that slow
<qman___> siwon, that's because there really isn't a way to do that
<qman___> drobo just dynamically reconfigures RAID setups
<qman___> that's why it's slow
<qman___> a complex RAID setup is the only way to utilize multiple differently-sized disks with redundancy, without reducing your size to the smallest drive
<siwon> Ah maybe i'll go buy a have dozen 500 gig drives on sale and do a raid 5 array then
<siwon> and slowly migrate my files to them, but then i'm back to buying another MB and ram again
<siwon> K TY
<siwon> night
<billybigrigger> a dozen 500g drives?
<billybigrigger> 1TB+ are just getting cheaper
<FireCrotch> Using 1TB drives for a RAID 5 is ridiculously stupid.
<FireCrotch> When one of the drives fails and has to be replaced, the array will have to be rebuilt.  During the rebuild, the chances are enormous that you'll encounter an unrecoverable read error on one of the other drives, making the entire rebuild fail and losing all the data
<maxagaz> what means UG flag in "route -n" ?
<thenetduck> hi, I just installed an SSL certificate on my server and now my site doesn't load. This is my first ssl cert and I was wondering if anyone could help me trouble shoot it?
<thenetduck> I don't know where to start
<thenetduck> log files ore something?
<jmarsden> thenetduck: what exactly happens when you restart apache2 ?  What message(s) do you see ?
<jmarsden> maxagaz: man route  will tell you what the flags mean.  U = up, G = gateway.
<jmarsden> thenetduck: Any luck restarting apache2 and telling me what happens when you do? :)
<thenetduck> jmarsden: ;) haha ya just did it, here is the pastie
<thenetduck> http://pastie.org/718893
<jmarsden> OK... not much there... does    apache2ctl -t   say much of interest?
<thenetduck> jmarsden: sorry I got a million  people typing at me haha, im going to focus on our convo how
<jmarsden> I was thinking maybe you had a 300bps dialup modem connection to the Internet or something :)
<thenetduck> jmarsden: no i'm just very rude to nice people that are willing to help me, I appoligize
<jmarsden> Ok, so... what does   apachectl -t    say ?
<thenetduck> do I run apache2ctl - in the init.d ?
<jmarsden> Just at the shell prompt.
<thenetduck> says the command not found
<thenetduck> here is a list of that directory
<jmarsden> Hmmm.  It works here... let me check.
<thenetduck> http://pastie.org/718900
<jmarsden> No, that's not relevant...  Ah,  try   /usr/sbin/apache2ctl -t
 * jmarsden has a custom $PATH so i can get at things in /sbin and /usr/sbin automagically :)
<jmarsden> It should do a syntax check on your apache2 config file(s)
<thenetduck> err.. that didn't work either
<thenetduck> doh
<thenetduck> nm
<thenetduck> i did bin not sbin
<thenetduck> one sec
<jmarsden> thenetduck: You should be able to cut and paste from this IRC session into the ssh session you have open to your server... right?
<thenetduck> correct
<jmarsden> OK... so how did cut and paste leave out the "s" from the command I suggested??
<thenetduck> I didn't cut and paste it
<thenetduck> Ill start doing that
<thenetduck> sorry
<jmarsden> Good idea.  I usually put extra white space around commands I suggest to make it extra easy to cut and paste them :)
<jmarsden> It just saves time.
<thenetduck> ooh cool thanks
<jmarsden> OK... so... what does    /usr/sbin/apache2ctl -t     really output? :)
<thenetduck> apache2: Could not reliably determine the server's fully qualified domain name, using 174.143.158.207 for ServerName
<thenetduck> Syntax OK
<jmarsden> OK, so that's not the problem.  Time to read the logs.  Please pastebin the output of     	sudo tail -20 /var/log/apache2/error.log
<jmarsden> By the way, you should fix your networking to avoid the "Could not reliably determine..." warning, but it's not critical for now.
<thenetduck> http://pastie.org/private/fyyuseoo2qmhqo8zyzksja   that was a neat trick
<thenetduck> ok in my vhost or something?
<thenetduck> I don't believe the gem errors are effecting it because it was working before the ssl cert setup
<jmarsden> Probably you need to check the line in /etc/hosts that starts with 174.143.158.207
<jmarsden> The real (SSL) issue looks like you put files in the wrong places, or the files you supplied do not contain what you think they contain, so apache is all confused trying to read them.
<thenetduck> doh!
<thenetduck> ok, so I have 4 files currently....
<thenetduck> gd_bundle.crt  jobcept.com.crt  www.jobcept.com.csr  www.jobcept.com.key
<thenetduck> err.. I most likely should have sent that in a private message
<jmarsden> No, that's fine.  Just don't put the contents of the .key file somewhere public.
<thenetduck> How can I fix that?
<jmarsden> I'm just creating myself a set of similar files... wait a sec.
<thenetduck> wow thanks so much jmarsden when i'm smart i'm going to help you someday lol
<jmarsden> OK... pastebin me the output of   file *jobcept*     (when you are in the directory where those files are)
<jmarsden> file tries to tell me/us what kind of file each one is.
<thenetduck> http://pastie.org/private/a664ny877l3xbxudefs0bw
<jmarsden> BTW, did you create these files yourself or did you pay some SSL cert vendor to create them for you?
<thenetduck> i created them myself
<thenetduck> no wait
<suzy1> what are u talkin about
<thenetduck> I payed godaddy to create two of them
<thenetduck> I created two myself then I supplyed godaddy with one and they gave me two more back haah
<jmarsden> OK.  Hmm, that's "interesting"... I get example.key:   PEM RSA private key   example.crt:   PEM certificate  example.csr:  PEM certificate request
<thenetduck> I was following this tutorial http://serverfault.com/questions/60363/how-do-you-set-up-ssl-on-ubuntu-with-apache2-and-ruby-on-rails
<jmarsden> Can you pastebin jobcept.com.crt for me please?
<thenetduck> sure one sec
<jmarsden> The tutorial looks reasonably sane to me at first glance.
<thenetduck> jmarsden: how do we do a private chat?
<jmarsden> If you do /msg jmarsden  that should work reasonably well
<jmarsden> Do you see my msg to you now?
<jmarsden> OK, that looks fine to me.  You can see all the info it contains by doing    openssl x509 -text <jobcept.com.crt      # by the way
<jmarsden> So, what lines did you add to your apache config to use the SSL cert ?
<thenetduck> ok
<thenetduck> um
<thenetduck> I might have missed that part of the tutorial
<thenetduck> one sec
<jmarsden> You must have done something so apache knows to use it... :)
<thenetduck> my vHost setting take care of that correct?
<jmarsden> Probably.  A bunch of lines all starting with SSL is what I'm expecting...
<thenetduck> one sec ill past you my /etc/apache2/sites-avalible/jobcept
<thenetduck> http://pastie.org/private/zjhd3xxxg6eglbvope3a
<thenetduck> is that what your looking for?
<jmarsden> Yes... except that they look correct :)
<thenetduck> hum....
<jmarsden> Can you pastebin me the output of     ls -l /etc/apache2/ssl/      please?
<thenetduck> http://pastie.org/718923
<jmarsden> ah.  Unless your apache2 is running as root (which would be very bad), there is no way for it to read the files...
<jmarsden> why did you set their permissions and ownership the way they are now?
<thenetduck> jmarsden: the tutorial tells me to set the permissions to 400
<thenetduck> http://serverfault.com/questions/60363/how-do-you-set-up-ssl-on-ubuntu-with-apache2-and-ruby-on-rails
<jmarsden> Which is probably fine... but owners of root and git?
<thenetduck> it says to do this sudo chmod 400 /etc/apache2/ssl/*
<thenetduck> oh... I have to user accounts, I might have done one with one user and the other with the other
<thenetduck> actually I don't really know how that ended up like that
<jmarsden> I think they should be owned by www-data but I'm not sure... checking...
<jmarsden> Hmmm.  Let's try that.  So  do      sudo chmod www-data /etc/apache2/ssl/*
<jmarsden> and then restart apache2 with      sudo service apache2 start
<thenetduck> it says: chmod: invalid mode: `www-data'
<thenetduck> Try `chmod --help' for more information.
<thenetduck> i currently just have two users, darkwing and it
<jmarsden> My mistake... make that sudo chown www-data /etc/apache2/ssl/*
<jmarsden> You have a bunch of other "system" users, actually, and one of them is www-data
<thenetduck> oooh
<jmarsden> To see them all, try     cut -d: -f1 </etc/passwd
<jmarsden> Just don't ask me what they are all for :)
<thenetduck> haha, ok ill look that up
<jmarsden> OK, so... did the chown and then restart of apache help?
<thenetduck> err.. no, but I know Passenager needs me to do a touch on a file in my rails app so i'm doing a "cap deploy" to make sure it does that really quick
<thenetduck> see if that makes it kick in
<thenetduck> no that didnt work
<jmarsden> OK, let's look at the error log again:   sudo tail -20 /var/log/apache2/error.log
<thenetduck> jmarsden: oh I did have to use this command becaues the one you used to restart didn't work: sudo /etc/init.d/apache2 restart
<jmarsden> OK, that's fine.
<thenetduck> http://pastie.org/718938
<jmarsden> Ah, my custom $PATH strikes again... sudo /usr/sbin/service apache2 start    would work for you...
<jmarsden> Still   Init: Private key not found    in there... let me think...
<maxagaz> jmarsden, ok thanks and sorry
<thenetduck> what does that error message mean? that it can't read it? or that the server just can't find it?
<thenetduck> would it say that if it was the wrong key ?
<jmarsden> I think it means the key is bad/corrupted/not in the right format for a key...
<thenetduck> hum, well I wonder if it had something to do with the removing of the password step in the tutorial
<thenetduck> if by doing that it some how messed the key up
<jmarsden> Can you pastebin me the .key file (I'm not going to use it to pretend to be your web server) and put the URL in your private msg window?
<thenetduck> hey, I would like my server to default to the https vs http   but right now when you type in mysite.com it goes to the http. Is there a way to default my server to https?
<jmarsden> thenetduck: You can make your index.html on the http:// side auto redirect to the https:// side.
<thenetduck> oh that's a great idea. btw I was able to get my sites ssl cert re-issued and it works great now
<jmarsden> Good :)
<FireCrotch> thenetduck:: A better way to do it would be to use Apache's RedirectPermanant directive
<thenetduck> FireCrotch: can I do that in my vhost file?
<FireCrotch> thenetduck: yes, you can.  RedirectPermanant / https://yoursite.com
<thenetduck> FireCrotch: thanks!
<FireCrotch> thenetduck: You're welcome :)  BTW you have to spell Permanent correctly, which I failed to do. My apologies
<thenetduck> haha it's ok, I can spell either.
<thenetduck> can't*
<maxagaz> what's wrong in my syntax ? => route add 10.203.1.0 netmask 255.255.255.0 gw 192.168.101.2
<FireCrotch> route add -net 10.203.1.0... etc
<FireCrotch> maxagaz
<maxagaz> ok thanks
<maxagaz> I got it
<thenetduck> FireCrotch: thanks, that worked great, I have a question, did most of the guys here go to school to learn about this?
<thenetduck> not that you would know haha
<FireCrotch> thenetduck: Well, I'm sure some of them did.  I learned Linux on my own before going to school to get my degree in computer networking, and I had a couple of basic Linux classes
<jmarsden> thenetduck: I got a Computing and Information Systems degree... back in 1983.  Linux didn't exist then... :)
<thenetduck> holy cow jmarsden I wasn't even born then haha
<thenetduck> thats cool though
<FireCrotch> jmarsden: I'm sure you learned all about Unix though, and a lot of that knowledge transfered over, I'm sure
<thenetduck> jmarsden: was it all unix based?
<maxagaz> how to delete this route with this mask 192.168.101.0   192.168.101.2   255.255.255.252 ? I have the same with another mask
<jmarsden> actually, we didn't officially have access to Unix machines where I was at school.  I did get to play on one PDP-11 some in some other department of the school, but that was "extra-curricular"
<jmarsden> thenetduck: All my Unix/Linux knowledge is self taught.  Having the degree as a theoretical background helps though.
<jmarsden> So does working with Linux since 1994 :)
<maxagaz> or just set it down
<thenetduck> ya I would say. That's way cool though, your way good
<jmarsden> :)
<jmarsden> maxagaz: route del    and the exact same stuff you used to create it should work to delete it.
<jmarsden> maxagaz: route del -net 192.168.101.0 mask 255.255.255.252 gw 192.168.101.2     # I hope :)
<maxagaz> jmarsden, i got it thanks
<jmarsden> You're welcome.
<mike> hello
<Guest60099> some help please about server kernel
<Guest60099> i had a ubuntu 9.04 server and upgrade to 9.10 but i having 2.6.31-14-generic-pae as kernel
<Guest60099> is this right?
<Guest60099> hello,anyone?
<pmatulis> Guest60099: how much ram do you have?
<Guest60099> 512... does it matter for server kernel?
<Guest60099> Recommended Minimum Requirements for server is 128MB...
<Guest60099> 1)is anybody here? 2)can anyone help me? thank you
<pmatulis> Guest60099: the pae kernel is fine for you
<Guest60099> on 8.10, 9.04 the kernels always had the "server" indication eg 2.6.31-14-server... so generic pae is normal for a server?
<Pici> Guest60099: yes
<Guest60099> ok...thank you
<Guest60099> goodbye
<ryker> anyone know how to install a package such as ddclient without having apt-get start the daemon automatically after install?
<ryker> no one around, or just no one has any idea how to do this?
<pmatulis> ryker: i googled 'apt-get install prevent daemon starting' and found some hack
<pmatulis> ryker: i suppose you could also alter the source and build the package yourself
<ryker> pmatulis: i didn't see that.  i googled the same search terms -prevent
<ryker> too lazy to build the package myself ;)
<ryker> yeah, adding 'prevent' helps a lot
 * ryker fails at google
<matrix> Hello
<matrix> does ubuntu suppport hardware raid?
<matrix> still here guys
<jmarsden> matrix: Yes.
<jmarsden> That is, it supports some hardware RAID controllers...
<RayzoR> I have some questions about Ubuntu if someone is willing to discuss with me over AIM.
<matrix> i need some informations
<matrix> do you have link ?
<matrix> jmarsden ?
<jmarsden> Ubuntu  should support all the hardware raid controllers Debian does.. so look at http://wiki.debian.org/LinuxRaidForAdmins
<jmarsden> Some discussion of controllers is at http://www.clintoneast.com/articles/linux-sata-raid.php
<jmarsden> FakeRAID (and why it is bad) is discussed at https://help.ubuntu.com/community/FakeRaidHowto
<jmarsden> matrix: What are you really asking here?
<jmarsden> RayzoR: Ask your questions about Ubuntu server here.  Ask about Ubuntu Desktop in #ubuntu.
<RayzoR> Well I just want the difference really.
<RayzoR> I'm still pretty new to Linux and I want to learn about the differences and which one is more user friendly.
<RayzoR> Like if anyone has AIM it'll be better because I'm doin a research project and I'd like some expert opinions
<guntbert> RayzoR: for such discussions #ubuntu-offtopic would be better suited
<RayzoR> Alright.  Thank you.
<jmarsden> RayzoR: In general the way to find out how friendly a Linxu distro is (for you) is to run it.  Most can be run off a LiveCD without installing anything to your local hard disk, so this is simple and a good way to do this kind if "research".
<matrix> guys
<matrix> what kind of mail server should i use for ubuntu ?
<pmatulis> matrix: postfix is very common with ubuntu
<matrix> do you know  a documention
<matrix> for postfix ubuntu ?
<pmatulis> matrix: have you checked the ubuntu server guide?
<genii> The server admin guide, probably, has info on it
<genii> https://help.ubuntu.com/9.10/serverguide/C/index.html
<dgr> matrix: Also check out the community documentation - https://help.ubuntu.com/community/Postfix
<lamont> matrix: other than the fact that we run postfix chrooted by default, the postfix docs are 99.99% spot-on
<lamont> as in upstream postfix docs
<ScottK> Much of the Postfix related stuff in the community documentation is pretty outdated.
<lamont> and then there are all the other docs people are pointing you at, which are much more how-to than the gory details-laden upstream docs
<lamont> matrix: and ScottK knows more about the state of ubuntu postfix docs than I do, by far
<dgr> Perfect opporunity to login and update it ;-)
<MatBoy> are there any opensource solution like landscape ?
<pmatulis> no
<uvirtbot`> New bug: #400599 in vm-builder (universe) "Crash when building xen image" [Undecided,Invalid] https://launchpad.net/bugs/400599
<MatBoy> pmatulis: really ?
<ScottK> MatBoy: If you're just going to doubt the answers you get, why ask?
<MatBoy> ScottK: because I can't believe no-one ever made such thing yet
<uvirtbot`> New bug: #370950 in lm-sensors (main) "[Upgrade Request] lm-sensors 3.0.2 (jaunty) -> lm-sensors 3.1.1 (dup-of: 336418)" [Wishlist,Triaged] https://launchpad.net/bugs/370950
#ubuntu-server 2010-11-29
<rougeleaf> How do I setup ownership of a folder, so when a user via ftp or webaccess creates a folder it is not root? Every time a FTP or www-data user makes a new folder it is owned by root
<twb> You can't.
<rougeleaf> So every time they make a file I have to go to command line and chmod to give them permission?
<twb> Or fix your FTP server.
<rougeleaf> How can I go about that?
<twb> My preference would be to stop using FTP altogether and start using SFTP
<PatrickDK> sounds like your using ftp as root
<PatrickDK> cause it makes the files owned by the user
<PatrickDK> and so the user would have to be root
<PatrickDK> running ftp and web as root?
<rougeleaf> I made a new user for it
<PatrickDK> you have the sticky bit on for the parent dir?
<twb> I don't think the sticky bit does what you think it does.
<rougeleaf> I don't know sticky
<PatrickDK> I think I'm thinking of group sticky
<PatrickDK> not sticky :)
<PatrickDK> the suid/sgid bits for directory
<rougeleaf> How do I check how the programs are running?
<rougeleaf> rather what user they are running under
<PatrickDK> normally via ps axu
<PatrickDK> but depends
<PatrickDK> like ftp normally will run as root, and change to the user that logs in
<rougeleaf> I don't see the proftpd, but apache is running under www-data
<rougeleaf> there it is... It is running under proftpd for user
<eriksson25> Hi, how can I set so that a folder created in a sub folder gets its rw persmisson for the group automaticly
<eriksson25> Anyone in that could give a hint?
<qman__> eriksson25, umask
<qman__> depending on how you create the subfolders, there are ways to force the create mask
<eriksson25> Well, It one folder /hdd/temp And my user eriksson creats folders there automaticly. They are created with 744 permissions. But I want them to be 777. How would I set that up?
<qman__> you could set your umask, but that will affect things globally
<qman__> the best way would be to configure whatever it is that is creating them to set the permissions the way you want
<eriksson25> how do you meen globaly? is umask efecting everything? not just one folder and sub folders?
<qman__> setting your umask changes the default permissions for all files created by your user
<eriksson25> Ohh, oki I see.
<eriksson25> Well, its rtorrent making this subfolders.
<eriksson25> Well, its time to sleep, but will take a look closer to umask tomorrow. Thanks for the help.
<qman__> ah, I had a similar issue with torrentflux
<qman__> I ended up setting a cron job to change the group periodically
<qman__> there's definitely a better way, I just didn't bother to dig
<eriksson25> =)
<Psi-Jack> During setup of Ubuntu 10.04.1, I setup iSCSI, not for the /, but for /home. Since doing that, the network setup completely ignores /etc/network/interfaces and uses DHCP instead of the static IP I specifically assigned it.
<twb> Psi-Jack: "set up iscsi" how?
<twb> Psi-Jack: also pastebin "cat /etc/network/interfaces; ip l; ip a; ip r"
<Psi-Jack> From the disk manager during installation.
<Psi-Jack> As I said, /etc/network/interfaces is correct, I gotta run to work, but I can make a screenshot of the actual kvm screen of the bootup, which shows what's going on.
<twb> Did you do the install using the server CD?
<Psi-Jack> Yep
<twb> I haven't dealt with iscsi before; I might need to grovel through the code in places in /usr/share/initramfs-tools/
<Psi-Jack> What's a good quick image paste site? ;)
<twb> NFI; I don't do images as a rule
<twb> With kvm -console or -nographic or ptys, you can get its output as text.
 * Psi-Jack shrugs. "Can't really give you the exactness that I need then. This is a kvm guest, and I have a snapshot of the kvm boot up process.
<twb> Psi-Jack: no problem; I'll just go back to what I was doing :-P
<Psi-Jack> You do that.
<Psi-Jack> *coughs*jerk*coughs*
<twb> Well, yes.
<twb> The nice thing about being a volunteer is I don't have to be polite.
<euphoria1> how do install wireles tools when i have no internet connection on ubuntu-server
<ruben231> hi guys is it possible like for ruben user my home directory is MIR3 another folder..
<ruben231> because if i creatre user ruben the home directory will still be like ruben also...is it possible to rename but still home direcoty of ruben..?
<twb> ruben231: I don't understand the question.
<Psi-Jack> And no, twb, you don't /have/ to be polite, but it would sure be nicer. I mean, if you don't want to help, volunteer, why the hell bother attempting and end up being a douche about it? Seriously.
<twb> Psi-Jack: plonk.
<Psi-Jack> What I am experiencing is obviously a VERY serious bug in Ubuntu 10.04.1, the way it's designed or what it does specifically during setup to cause this issue.
<Psi-Jack> It only happends WHEN I setup iSCSI during the partitioning phase of the installation. If it's done afterwards, it doesn't happen.
<Psi-Jack> Done post-install that is, manually installing open-iscsi, etc.
<cappicard> hey folks. i'm trying to get xen to work in ubuntu maverick.  If I follow the instructions, i dont get the initrd created unless i do mkinitramfs. And when I boot, i get a kernel panic.
<cappicard> during make linux-2.6-pvops-install, I get dpkg: version '/boot/xen.gz' has bad syntax: invalid character in version number
<Psi-Jack> cappicard: Xen is no longer really supported. Recommend kvm.
<veovis1> Can anyone please recommend a command line application to convert flacs to both mp3 and aac?  One application for each task would be fine as well.  I want to point it at my music folder, have it read the subdirectories and convert everything in them, and put the results, with the same structure, in an aac folder and an mp3 folder respectively.
<MrPPS> hi all, apparently Ubuntu's php packages are still running a vulnerable version? < php v5.3.3 i believe
<MrPPS> is this the case?
<andol> MrPPS: What vulnerability would that be?
<lifeless> andol: 'php'
<andol> lifeless: Yes, but I have a feeling that MrPPS is referring to something more specific.
<meatflag> MrPPS: my php5 package is showing 5..2-1ubuntu4 as the version.
<MrPPS> meatflag, andol: php 5.3.2 and before are known to have multiple vulns, including RCE
<andol> MrPPS: Yes, but say Ubuntu 10.04 for example. It doesn't provide PHP 5.3.2. It provides 5.3.2-1ubuntu4, which is PHP 5.3.2 plus a set of security fixes.
<ajmitch_> MrPPS: security fixes are backported & applied to 5.3.2
<MrPPS> andol, ajmitch_ - thanks for letting me know, i wasn't aware of the situation/setup
<MrPPS> much appreciated, and thank you for your time!
<cappicard> Psi-Jack, there. kvm is running so much better. I'm now installing XP into it. kvm is on my server. I Have the virtual manager on one of my desktops.
<Psi-Jack> kvm IS much better, in every way.
<ruben231> hi guys if i have a sers whihc belongs to the 2 groups - how do i specify the home directory..of taht user..?
<cappicard> how's it with actual usb devices?
<Psi-Jack> That's why Red Hat is going with it, Canonical is too.
<Psi-Jack> cappicard: How's your IOMMU support?
<cappicard> well, i don't know. i have a phenom quad4. how can i check?
<cappicard> ah ok. i see it. i should be fine. looked in /etc/apparmor.d/abstractions/libvirt-qemu
<cappicard> xp setup is taking abit longer than normal, but it's copying files.
<twb> Is there any real alternative to puppet (for lucid)?
<joschi> twb: depends on what you want to do and why exactly you are looking for an alternative
<twb> I want configuraton management
<joschi> twb: e.g. cfengine3 is also in the package tree
<twb> preferably something that doesn't feel like it's maintained by cowboys
<twb> I guess I should try cfengine; the only reason I haven't is because everyone seems to enthusiastic about replacing it with puppet or chef
<joschi> twb: well, take a look at cfengine3 or bcfg2 then
<twb> There's also landscape, but it's no good for me because I can't control the server side
<joschi> twb: landscape has a different scope
<twb> http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software
<twb> ubuntu-serverguide doesn't endorse any implementation
<mvo> hey, good morning. I'm working on screen integration for the release upgrader, and have a (hopefully simple) question. when doing "screen ls" (as a example) it will run but then print "[screen is terminating]". is there a way to keep it from cleaning the screen on exit?
<lifeless> mvo: the man page is usually win
<lifeless> mvo: I can't see anything there
<twb> mvo: set zombie mode on
<mvo> lifeless: thanks, I looked there first but did not find anything
<mvo> twb: thanks! let me try this
<twb> You may prefer something designed for that role, e.g. nohup script -c 'f x y' &, where f is your program and x and y are its arguments.
<mvo> twb: right, the "ls" was a bad example, my idea is to run the text-mode release upgrader inside screen and that requires that the user is able to interact with the window
<twb> Why inside screen?
<mvo> as a safeguard if e.g. network drops during the upgrade briefly
<twb> Fair enough
<twb> I guess zombie is most appropriate
<mvo> thanks twb, zombie works nicely
<uvirtbot`> New bug: #682581 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.5 failed to install/upgrade: le sous-processus post-installation script a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/682581
<twb> In squid, the default appears to be "cache up to 100MB"
<twb> But du -smx /var/spool/squid shows it using 116MB when it filled the disk
<twb> So: WTF?
<veovis1> Sorry about the frequent re/disconnects from veovis_muaddib.  I'm trying to set up ZNC.  I have it working for the most part, but for some reason the webadmin isn't working.  I'm connecting on the port I assigned, and I keep getting an error saying that the server unexpectedly dropped the connection in my browser.
<twb> To answer my own question: looks like the problem was dropping CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH before starting upstart
<twb> So squid was creating spool dirs with "rwxr-x--- proxy proxy", which it wasn't able to search/delete.
<twb> "adduser root proxy" fixed it
<twb> (That and dialling the cache cap down to 50M, leaving 50M to 70M of the disk unused.)
<uvirtbot`> New bug: #682592 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/682592
<milligan> Does anyone here have any experience with amavisd-new? I'm trying to set @spam_kill_level_maps = (read_hash("/etc/amavis/conf.d/kill_level") .. but it appears to just ignore the hashes I define in the file .. ? The content of my kill_level file is { "user@domain.tld" => 5.0 }.
<kai> hi folks
<kai> on what basis does landscape decide that a system requires a restart?
<lieuwe[49ft]>  i'm trying to get ampache set up, but it says "Ampache.cfg.php Exists [ERROR]" and "Ampache.cfg.php Configured? [ERROR]", any idea what i'm doing wrong
<lieuwe[49ft]> ?
<lieuwe[49ft]> hey, i installed ubuntu-server with php support, but it doesnt seem to work, it just gives 404s for each and every php file
<mrmist> that would normally suggest that it's not looking where you think it should be looking for the files
<milligan> Does anyone here have any experience with amavisd-new? I'm trying to set @spam_kill_level_maps = (read_hash("/etc/amavis/conf.d/kill_level") .. but it appears to just ignore the hashes I define in the file .. ? The content of my kill_level file is { "user@domain.tld" => 5.0 }.
<pmatulis> milligan: missing semicolon at the end?
<milligan> pmatulis, guessing, or does each line require a semicolon ?
<milligan> or after the } ?
<pmatulis> milligan: yes
<pmatulis> ...5.0};
<milligan> testing
<milligan> If that's the solution, I don't know if I should celebrate or kill myself
<pmatulis> milligan: you can also start it in debug mode.  maybe will help?
<milligan> didn't help :(
<pmatulis> milligan: actually, i believe you always need the following form:
<pmatulis> @spam_kill_level_maps = (\%some_hash, $sa_kill_level_deflt);
<milligan> how do I define %some_hash ?
<pmatulis> milligan: like you did before
<pmatulis> milligan: but the file would contain "user@domain.tld 5.0" (no quotes)
<milligan> I've tried writing one entry pr line, but that generates errors.
<milligan> so, instead of \%some_hash, I would put @spam_kill_level_maps = (\read_hash("myfile"), $sa_kill_level_deflt); ..and put one entry pr line, space separator for the score?
<pmatulis> milligan: yeah
<pmatulis> milligan: you can hardcode the default value if you want (or use the variable)
<pmatulis> ($sa_kill_level_deflt)
<milligan> yep. doesn't accept one entry pr line with space though
<pmatulis> milligan: what version are you running?
<milligan> amavisd-new-2.6.4
<milligan> the only syntax I have made work is 'user@domain.tld' => X.X, where x = score.
<pmatulis> milligan: maybe try without an external file for now
<milligan> well, "work" is relative :P
<pmatulis> @spam_kill_level_maps = (
<pmatulis> { '.domain1.com.au' => $sa_tag2_level_deflt, '.domain2.com.au' => $sa_tag2_level_deflt }, \$sa_kill_level_deflt
<pmatulis> );
<milligan> that works
<pmatulis> milligan: ok, good
<milligan> Any idea why the read_hash doesn't work though ?
<milligan> Maybe missing some perl module or something ?
<pmatulis> milligan: did you try starting in debug mode?
<milligan> the config is set to debug mode ..
<milligan> plus this is a live server, so there's quite a lot of traffic on it :p
<pmatulis> milligan: yeah, restarting amavisd-new constantly is not great then
<milligan> I guess there's no significant gain in having the pr user rules in a separate file .. ? I would be fine maintaining an array in my config file for the few times it's needed?
<pmatulis> milligan: it's a matter of organization.  subjective
<milligan> yep
<pmatulis> milligan: but i know the amavisd-new ML is pretty helpful.  i would send your question there
<milligan> Is there any way I could easily maintain such a list via a database, without involving creating separate classification groups .. ?
<milligan> yeah, I've signed up for the ML. Waiting for approval :)
<pmatulis> milligan: i'm pretty sure you can put anything in MySQL
<milligan> that's what I thought as well .. just wondering if you know from the top of your head to do it for this specific need :)
<pmatulis> milligan: no, i never did it
<patdk-wk> seperate classification group?
<milligan> it would be great to have a dynamically maintainable list, instead of having to restart amavis for every user that wants personal settings.
<patdk-wk> I maintain per domain settings in mysql for amavisd
<milligan> I need pr user .. and the server is strictly relaying. Just a filter, nothing more.
<patdk-wk> I also have amavisd rip out a whitelist based on the horde address book :)
<patdk-wk> well, amavisd documentation is all about per user database usage
<milligan> I have been reading up on it lately .. but I found mostly stuff involving pretty heavy config changes to start using it.
<patdk-wk> just write your own sql, and it's all good
<milligan> I can write my own query for each lookup .. ?
<patdk-wk> http://pastebin.com/KxxFDSCr
<patdk-wk> pretty much all you need to adjust the basic stuff per user, or domain, or whatever you put in the address field
<milligan> Fair enough .. and where do I tell amavis to do a DB lookup ?
<patdk-wk> ok, you really need to read the amavisd docs
<cappicard> hey folks. when i try installing xp pro, kvm is freezing when i try booting it after text-based setup completes.
<andy> hey guys what do you guys recommend for server monitoring
<andy> i am currently looking at ebox
<Pici> andy: Monitor or control?
<andy> Pici, monitor
<jpds> Nagios/sysstat/cacti/munin/...
<jpds> I personally like sysstat.
<Pici> andy: For long term stuff I use munin/cacti
<andy> haha thans again jpds
<andy> Pici, by long term stuff you mean for servers running for a long time?
<Pici> andy: For analyzing trends over a long period of time.
<andy> Pici, so you use multiple softwares to monitor and control. Ebox (zentayl) claims to be like an all in one
<Pici> andy: I don't use any dashboard for server control.  I prefer the console.
<hggdh> mdeslaur: ping re. test of JDK
<mdeslaur> hggdh: hi!
<hggdh> mdeslaur: morning sir. Do you still need it tested (AMD64)?
<mdeslaur> hggdh: Daviey is currently testing it. Thanks!
<hggdh> mdeslaur: roj, sorry for being on vacation ;-)
<Daviey> slacker :)
<mdeslaur> hggdh: don't apologize for that! :)
<hggdh> Daviey: slacker, and happy!
<Daviey> :)
 * mdeslaur likes turkey too :)
<hggdh> Daviey: BTW...
<zul> i like turkey in october
<andy> hey guys. I need to run diagnostics on a hard disk which may be faulty on one of my server boxes. Can you guys recommend which tool to use?
<hggdh> Daviey: do you want me to re-run the euca update?
<Daviey> hggdh: might be a good idea, did you see my comments?
<Daviey> (on the bug)
<hggdh> Daviey: yes, I did. I really wonder who is caching it...
<hggdh> will run it again
<Daviey> hggdh: I'd also like you to check the From field, please.
<Daviey> andy: "badblocks" -- might be the tool you want.
<patdk-wk> andy, well, smartctl, then badblocks
<patdk-wk> but first I would back it up probably with dd_rescue
<andy> thanks guys
<hggdh> Daviey: will do
<uvirtbot`> New bug: #522725 in bind9 (main) "host crashed with signal 7 in dns_rdataset_init()" [Low,Incomplete] https://launchpad.net/bugs/522725
<burntoutlamp> hey folks, I just set up a samba file share and I have force group 770 etc all the way I wanted on Ubuntu 10.04 and when users of a group created files and folders everything was fine. now, I have the same access denied issue. as I did before groupshare
<burntoutlamp> group force*
<uvirtbot`> New bug: #682736 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/682736
<XeNoT_> anyone knows how to bind iSCSI on 1 specific NIC?
<SpamapS> XeNoT_: for listening?
<XeNoT_> for connecting
<XeNoT_> at the moment it keeps trying to connect to the target with all my interfaces which is annoying
<syn-ack> SpamapS, Got a second for a /pm?
<zul> ttx: ping
<SpamapS> zul: <accent>le pong!</accent>
<arrrghhh> maybe you guys will be the better crowd to ask...
<arrrghhh> i have a failing hard disk that i'm trying to recover data from for a friend, and it's spewing a ton of stuff into my logs... it actually filled my root partition, because /var encompasses it...
<arrrghhh> is there any way to get the logs to calm down while i trouble shoot the disk?
<SpamapS> arrrghhh: stop rsyslogd
<arrrghhh> oh ok
<arrrghhh> and can i just delete kern.log and syslog.1, or should i just append nothing to the file...?
<arrrghhh> i'd rather not reboot if i can help it...
<SpamapS> arrrghhh: safer to just purge them
<arrrghhh> k
<SpamapS> arrrghhh: meaning cp /dev/null /var/log/kern.log
<arrrghhh> ah ok
<arrrghhh> i was going to > /dev/null
<arrrghhh> but i guess they're both the same eh?
<SpamapS> arrrghhh: though I *think* rsyslogd will recreate them, I don't know that for 100% sure
<zul> SpamapS: est-que tu savois le test due likewise-open?
<SpamapS> arrrghhh: yeah same thing ;)
<arrrghhh> awesome.  thanks :D
<SpamapS> zul: non, merde!
<zul> SpamapS: sacre bleu!!!
<arrrghhh> lol
<highvoltage> lol!
<SpamapS> zul: c'est la vie
<zul> SpamapS: pas rien
<highvoltage> (I learned lots of new french swear words recently if anyone needs it)
<zul> highvoltage: quebecqouis french or french french
<highvoltage> zul: well, quebecqouis french (but some french french too)
<zul> highvoltage: oh so like collis and tabernac?
<arrrghhh> crap, i keep getting permission denied even with sudo..?
<arrrghhh> sudo cat /dev/null > /var/log/syslog.1, then bash: /var/log/syslog.1: Permission denied
<arrrghhh> i've never had to blow up my logs before.
<SpamapS> arrrghhh: sudo is just calling cat .. your shell is doing the >
<arrrghhh> oh right.
<SpamapS> arrrghhh: sudo sh -c 'cat > blah'
<arrrghhh> i see why your command is more straightforward now :P
<jpds> arrrghhh: echo "" | sudo tee /var/log/syslog.1
<arrrghhh> jpds, cool.  i think i'm good now...
<air^> or just "sudo -s" and it will give you an root shell :)
<arrrghhh> ah right
<arrrghhh> so many ways to skin a cat...
<arrrghhh> :D
<air^> indeed :)
<resno> im adding anew drive to my ubuntu server, how do i go about getting it setup to be used as a /home drive?
<SpamapS> resno: you'll need to partition it first, then add a filesystem, then sync the existing /home data onto it, and then add it to /etc/fstab
<SpamapS> resno: unless you're using LVM, if thats the case, its a little more complex
<resno> i dont believe i am using lvm
<resno> i want to continue using the current drive... just add this one on SpamapS
<SpamapS> resno: right, so first step is partitioning which you can do with parted or fdisk
<resno> right, ive had a ltitle experince with that
<resno> SpamapS: should i use ext3?
<resno> err, ext4
<SpamapS> resno: for simplicity sake, ext4 is probably the right choice
<euphoria1> how to get wifi tools when i have no internet? on ubuntu server
<euphoria1> ?
<euphoria1> damn
<SpamapS> euphoria1: USB key?
<euphoria1> yes
<euphoria1> its usb
<SpamapS> Cromulent: ++ for that nick. :)
<Cromulent> ha :)
<resno> SpamapS: im checking out the /etc/fstab file. do i need the uuid when i add the new drive?
<euphoria1> SpamapS ?
<euphoria1> weird
<euphoria1> no one uses ubuntu server
<euphoria1> all guides say apt get apt get but
<SpamapS> euphoria1: I'm saying, put them on a USB key
<euphoria1> ok
<euphoria1> stupit ubuntu server
<euphoria1> no wifi on ubuntu server
<euphoria1> weird and stupido
<SpamapS> resno: yeah, you can get it after you mkfs with dumpe2fs -h /dev/XXX
<SpamapS> euphoria1: wifi on a server? ;)
<SpamapS> euphoria1: do you have broadcom wifi?
<euphoria1> i dont have another internet source
<euphoria1> im sharing internet with guy next door
<euphoria1> so no other solutions bro
<resno> SpamapS: broadcoms are the worest :(
<resno> SpamapS: so, should i make the option "/home" like the current drive? or how do i tell it that it can spill onto the new drive?
<SpamapS> resno: you should first mount it somewhere else and copy all of the files with rsync
<SpamapS> resno: so, 'mount /dev/XXX /mnt' then 'rsync -a /home/ /mnt/'
<euphoria1> SpamapS how to access usb key
<euphoria1> on ubuntu server bro
<SpamapS> resno: then when you've verified its all there, mv /home /home.old and mkdir /home and mount -a
<SpamapS> euphoria1: 1st, not your bro. ;) second, it should be mounted automatically I think.. not sure about on a server.
<resno> lol
<euphoria1> pff
<euphoria1> SpamapS
<euphoria1> stupido
<euphoria1> just like server :))
<resno> SpamapS: im curious why should i rsync everything to that drive?
<SpamapS> euphoria1: thanks for letting me know that you don't want any more help from me.
<SpamapS> resno: because when you mount it, it will overlap the old stuff, so it will all disappear
<resno> SpamapS: ah... really?
<qman__> SpamapS, nope, no automount on server, have to do it manually
<qman__> that's provided by gnome/KDE apps
<wieshka> ey - how can i allow user foo to run /etc/init.d/bar with /etc/sudoers file? foo ALL=NOPASSWD:/etc/init.d/bar ?
<SpamapS> qman__: ah that makes sense
<qman__> wieshka, yes
<qman__> let me find the guide
<wieshka> hmmm, still does not works - do i need to add maybe something to $PATH ?
<qman__> user      ALL = (ALL) NOPASSWD: /etc/init.d/bar
<qman__> full guide http://www.sudo.ws/sudo/sudoers.man.html
<wieshka> qman__ thx, i will give a try
<wieshka> i was close :)
<wieshka> huh, it still asks for password
<wieshka> after closing visudo screen, sudoers file is reloaded and active ?
<qman__> yes
<wieshka> strange
<qman__> you may need to re-log
<qman__> it should just take effect but I would try that before banging your head against the wall
<wieshka> yeah, i already tried even new ssh session
<RoyK> qman__: shouldn't be necessary to re-login
<wieshka> so my line is zabbix ALL=(ALL) NOPASSWD: /etc/init.d/zimbra
<RoyK> wieshka: is zabbix listed other places in sudoers?
<wieshka> whno
<wieshka> no
<wieshka> it last on only empty
<wieshka> it is last and only entry
<RoyK> k
<wieshka> I just wrote .sh script for zabbix agent what monitors via zabbix Zimbra services for me
<wieshka> but now i have problems with running this script
<RoyK> wieshka: perhaps it'll need the full command with arguments - I have solved that with a shell script that does restarts
<wieshka> as user "zabbix"
<RoyK> icinga  ALL=(ALL) NOPASSWD:/usr/local/bin/tw_cli, NOPASSWD:/usr/local/icinga/libexec/restart_mail_system.sh
<qman__> according to the manual, the commands can simply be comma separated
<qman__> don't need two NOPASSWD:s
<wieshka> RoyK ok - lets try little workaround with shell script
<RoyK> qman__: oh, ok
<wieshka> so, according to tips and guide this line should allow to user zabbix run this to shell scripts with no asking passwword: zabbix ALL=(ALL) NOPASSWD:/etc/zabbix/zimbra/zimbra_status.sh, /etc/zabbix/check_zimbra.sh
<wieshka> i am correct ?
<ruben23> hi guys i want to create different directory with that setup of permission on user, any siggestion steps how to implement it on my case -------------------->http://i51.tinypic.com/24pcadu.jpg
<zul> hggdh: can you bring up that kernel bug in the weekly meeting?
<hggdh> zul: yes, I can and will. Just tested with today's ISO, no luck
<zul> freaking hell
<hggdh> zul: this means no testing for alpha1 as of now :-(
<RoyK> which bug is this?
<hggdh> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/676245
<uvirtbot`> Launchpad bug 676245 in linux "Broadcom NetXtreme II BCM5709 -- no network found on ISO install" [High,New]
<hggdh> RoyK: ^
<RoyK> k
<solid_snake> what is everything that I need to have an online webserver?
<Pici> !lamp
<ubottu> LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<solid_snake> Pici, so using tasksel to install that should do fine? correct?
<Pici> Short version: sudo tasksel install lamp-server
<Pici> solid_snake: Yes
<solid_snake> Nice!
<RoyK> solid_snake: for a simple webserver, apache or lighttpd will do, lamp is mysql+php in addition to that
<syn-ack> lighttpd is actually one heck of a webserver too.
<syn-ack> Anymore I prefer it over Apache in a lot of cases.
<SpamapS> lighttpd sits somewhere between apache and nginx in the scalability game.. but its code is actually readable, so it wins the maintenance war against nginx IMO. ;)
<syn-ack> haha
<syn-ack> SpamapS++
<uvirtbot`> New bug: #682865 in vsftpd (main) "memory leak in vsftpd" [Undecided,New] https://launchpad.net/bugs/682865
<Daviey> SpamapS: Does nginx still not have a code repository ?
<SpamapS> Daviey: dunno about that, I just recall that it was developed mostly in secret.
<SpamapS> Daviey: its been crazy popular, so I'd be surprised if it hasn't gotten a little better since 18 months ago when I last checked.
<Daviey> SpamapS: hope so!
<uvirtbot`> New bug: #600783 in euca2ools "euca-bundle-vol, euca-bundle-image use invalid sha1sum" [Undecided,Fix committed] https://launchpad.net/bugs/600783
<ZacharyNewb> hi
<IrishWristwatch> hi
<ZacharyNewb> I need a bit of help
<SpamapS> ZacharyNewb: we can probably help you, maybe you can ask a specific quesetion?
<ZacharyNewb> I'm a rather new user to ubuntu
<ZacharyNewb> I've install server
<ZacharyNewb> got the firewall working
<ZacharyNewb> web server
<ZacharyNewb> print server
<ZacharyNewb> however, trying to setup ftp I'm having trouble with permissions
<ZacharyNewb> vsftpd
<ZacharyNewb> is what I'm using
<ZacharyNewb> it's not allowing users to creates folders
<ZacharyNewb> I get a 550 error
<ZacharyNewb> in the ftp client
<SpamapS> ZacharyNewb: do you get any errors in /var/log/daemon.log and/or /var/log/syslog ?
<eriksson25> Hi, anyone using rtorrent and know how you make it to create folders with diffrent permissons.
<ZacharyNewb> That's a no.
<ZacharyNewb> There are log files, but they're blank with nano
<IrishWristwatch> ZacharyNewb, does the user you are logging in with have the proper permissions in the directory you're writing to?
<IrishWristwatch> you can check the permissions with ls -l
<IrishWristwatch> and you can change the permissions with sudo <user>:<user> (-R for recursive) /path/to/directory
<ZacharyNewb> I did have to chown the folder to be able to write files to it
<ZacharyNewb> but I can't make folders
<ZacharyNewb> using ls -l
<ZacharyNewb> I get "drwxr-sr-x" for the folder
<ZacharyNewb> my folder in blue text
<IrishWristwatch> but it is owned by the user you're logging in with your ftp
<ZacharyNewb> ah, no
<ZacharyNewb> um
<ZacharyNewb> yes, actually
<IrishWristwatch> I see
<IrishWristwatch> What is this FTP for anyway, are you sure you want to use something that's that insecure?
<IrishWristwatch> unsecure*
<ZacharyNewb> it's a personal server, I'm okay with this for now for certain means
<ZacharyNewb> actually
<ZacharyNewb> what would you suggest that's easy to set up?
<ZacharyNewb> I can't get any friggin torrent daemon to work
<ZacharyNewb> I use my network, Windows 7 to connect to the server using putty
<ZacharyNewb> ftp seems like the easiest way to manage large amounts of folders/files
<IrishWristwatch> you want a nice torrent server with a webui I suggets deluge
<IrishWristwatch> deluge + deluge-webui
<ZacharyNewb> I was trying deluge
<ZacharyNewb> but it doesn't seem to work
<patdk-lap> zachary, scp or sftp :)
<ZacharyNewb> sudo apt-get install deluge deluged deluge-webui
<ZacharyNewb> and nothing, can't access it
<ZacharyNewb> I know it was installed, but completely unable to interface, do ANYthing with it
<IrishWristwatch> ZacharyNewb, patdk-lap is right, SFTP is the best way to go
<IrishWristwatch> It uses the OpenSSH server to encrypt your file transfers.
<IrishWristwatch> Unlike FTP, which everything including the username and password are transported in cleartext.
<ZacharyNewb> Yes, I know, susceptible to man in the middle
<ZacharyNewb> but I'm a home user
<IrishWristwatch> I know, but still.
<IrishWristwatch> It's the principle of the thing.
<IrishWristwatch> Also it's in my opinion easier to set up.
<IrishWristwatch> As for the deluge webui, http://blog.bsodmike.com/articles/installing-and-configuring-deluge-1-0-7-in-ubuntu-8-10-with-web-ui-interface/
<ZacharyNewb> My problem is that these things seem to be very hard to setup
<IrishWristwatch> That is the guide I followed a few years ago to set it up.
<IrishWristwatch> And it works flawlessly.
<ZacharyNewb> I don't see how any of this is user intuitive
<IrishWristwatch> And with Deluge you can make an autoadd directory, so all you have to do is save a torrent file to your autoadd directory over something like a Samba share
<ZacharyNewb> sounds good
<ZacharyNewb> First thing first
<ZacharyNewb> what would you suggest for sftp?
<SpamapS> So you guys are mostly just doing this to share, what, ISO's of free software?
<IrishWristwatch> SFTP is already installed if you have OpenSSH server installed.
<jiboumans> smoser: ping?
<IrishWristwatch> But, for a client I recommend Filezilla
<IrishWristwatch> Which is available for Linux/Win/Mac
<IrishWristwatch> You log in using the same credentials as your Unix user.
<jiboumans> smoser: have a moment to help me debug that cloud-init thing we spoke about last week?
<IrishWristwatch> Now I don't know if you want to do this, since you said this was only a local server, but if you want to add extra security you can setup a chroot for the user, which pretty much locks them into their home directory so they can't browse the root directory from their client
<zacharynweb> sorry about that
<uvirtbot> New bug: #682898 in gwt (main) "Sync gwt 1.6.4-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/682898
<zacharynweb> clear
<zacharynweb> IrishWristwatch: What would you suggest for sftp?
<IrishWristwatch> server or client?
<IrishWristwatch> GUI Client, FileZilla, CLI Client, just plain "sftp"
<klaas> lftp :)
<zacharynweb> IrishWristwatch: Newb Question, does the server need another daemon installed for me to use filezilla to connect to it with sftp?
<IrishWristwatch> no, the sftp daemon is actually OpenSSH server
<zacharynweb> I like filezilla
<zacharynweb> awesome
<IrishWristwatch> SFTP is FTP over SSH
<zacharynweb> and putty provides the ssh
<zacharynweb> I have filezilla installed and putty
<zacharynweb> how would I make this work?
<IrishWristwatch> putty provides ssh, but you don't need putty for sftp
<IrishWristwatch> filezilla does it all
<zacharynweb> awesome, I'll try it
<IrishWristwatch> zacharynweb, you should also check this out if you want to add extra security
<IrishWristwatch> http://www.ericstockwell.com/?p=54
<zacharynweb> what do I need to do with filezilla to connect to my server?
<IrishWristwatch> Because basically, with SFTP the user could view any file he/she could with plain ssh
<IrishWristwatch> which in some cases causes security problems
<IrishWristwatch> chroot makes it so with sftp they are locked to their home directories, or directory of your choice
<zacharynweb> ah
<zacharynweb> I use chroot
<IrishWristwatch> and are not free to roam your entire hard drive
<IrishWristwatch> ah, perfect then
<zacharynweb> I noticed that problem.
<IrishWristwatch> you can make a group "sftponly" and add these users to them
<IrishWristwatch> then make a rule in your sshd_config
<zacharynweb> I was making users to access the console/terminal remotely through putty
<IrishWristwatch> ah
<zacharynweb> bt didn't want extra people, ftp users to be able to login with putty as well
<zacharynweb> and basically view the entire drive
<IrishWristwatch> you can change that by changing their shell
<zacharynweb> found the configuration file responsible for users able to connect via ssh and modified it
<IrishWristwatch> /usr/sbin/nologin or /bin/false
<zacharynweb> yeah
<zacharynweb> So what do I need to do to connect with filezilla?
<IrishWristwatch> you need the port number of your OpenSSH server, and the users credentials
<zacharynweb> have
<zacharynweb> Response:	SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
<zacharynweb> Error:	Cannot establish FTP connection to an SFTP server. Please select proper protocol.
<IrishWristwatch> don't use quick connect
<IrishWristwatch> go to File > Site Manager and create it there
<zacharynweb> successful
<IrishWristwatch> :]
<zacharynweb> cool
<zacharynweb> finally, an easier way to edit text files
<zacharynweb> lol, or transfer things
<zacharynweb> That was indeed easier
<zacharynweb> I'm with you, fuck FTP
<zacharynweb> sudo apt-get autoremove vsftpd
<IrishWristwatch> FTP is an old protocol that needs to go away.
<zacharynweb> I was using it because it felt easy
<IrishWristwatch> Yeah, and you can feel comfortable using it over the internet, no need for those passive/active mode bs, and it's as secure as SSH
<zacharynweb> for some reason
<zacharynweb> users I added using "adduser" aren't showing with the command  "users"
<jiboumans> looks like there's a problem with the us-east1 mirror in aws:
<jiboumans> W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/lucid-updates/main/source/Sources.bz2  Hash Sum mismatch
<jiboumans> W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/lucid-updates/universe/source/Sources.bz2  Hash Sum mismatch
<IrishWristwatch> zacharynweb, what do you mean
<IrishWristwatch> the command "users" just show who's currently logged in
<zacharynweb> ah
<zacharynweb> IrishWristwatch: I want to remove all the current users but two
<IrishWristwatch> eh, don't
<zacharynweb> don't... know?
<IrishWristwatch> some of those users are "system users", which the system uses for daemons
<IrishWristwatch> if you delete them you might break stuff
<zacharynweb> hehe.
<zacharynweb> I think I may have already
<IrishWristwatch> welp
<zacharynweb> alright, I want to delete all but two of the users I've created
<IrishWristwatch> if you do "cat /etc/passwd" you can see all the users on your system, as well as their shell
<zacharynweb> delete all the users I've created except for two I want to stay
<IrishWristwatch> most of these system accounts are locked anyway, so you can't log in through ssh or su
<IrishWristwatch> Delete the users you created, or delete the users that were created with the server installation?
<IrishWristwatch> Because the system doesn't need the users you've created.
<IrishWristwatch> Also, you can explicitly deny everyone (except the users you want) from accessing ssh
<zacharynweb> delete what I created
<IrishWristwatch> that's easy
<IrishWristwatch> userdel user
<zacharynweb> I created extra users for that damned ftp application, nonprivliged and blah blah blah
<IrishWristwatch> or deluser
<zacharynweb> IrishWristwatch: I've tried following various tutorials, or explanations online, I also can't deluge to work
<IrishWristwatch> http://blog.bsodmike.com/articles/installing-and-configuring-deluge-1-0-7-in-ubuntu-8-10-with-web-ui-interface/
<IrishWristwatch> did you follow that one
<IrishWristwatch> also, did you open a port in your firewall?
<zacharynweb> I'm inside my network right now
<zacharynweb> even using the network ip, I'm unable to connect, inside the firewall
<ikonia> IrishWristwatch: who gave you that link
<IrishWristwatch> google
<zacharynweb> I haven't followed your recent link yet
<IrishWristwatch> And it's what I used to set it up.  Why?
<IrishWristwatch> Is it not correct anymore, ikonia ?
<zacharynweb> waiting for deluge and various other crap to uninstall before I follow instructions
<ikonia> IrishWristwatch: I just know the guy who writes that page
<IrishWristwatch> Oh, interesting.
<IrishWristwatch> His site went down a while back
<IrishWristwatch> I'm glad it's now online again.
<IrishWristwatch> zacharynweb, what user did you set it up to run as
<zacharynweb> don't remember
<zacharynweb> I don't think I even got that far
<IrishWristwatch> lol
<ikonia> I'm surprised he's writing it as he's not really a linux guy,
<IrishWristwatch> zacharynweb, I don't know what to say, really.  Just follow that site to the letter and it should work.
<zacharynweb> IrishWristwatch: Could you link me to those instructions again?  I had to refresh my irc a few minutes ago, it was cleared
<IrishWristwatch> http://blog.bsodmike.com/articles/installing-and-configuring-deluge-1-0-7-in-ubuntu-8-10-with-web-ui-interface/
<IrishWristwatch> ikonia, his stuff has been helpful
<zacharynweb> I disconnected from the ethernet cord at my dock area, it switched to wireless and reset my irc, thanks
<IrishWristwatch> no problem
<zacharynweb> IrishWristwatch: My server is guiless
<IrishWristwatch> zacharynweb, that shouldn't be a problem
<IrishWristwatch> those instructions are all over commandline
<IrishWristwatch> and then the gui stuff is through the web browser of your comupter
<IrishWristwatch> since it's a web ui
<zacharynweb> Are you interested in photography?
<IrishWristwatch> a little.
<zacharynweb> Following your instructional link,
<zacharynweb> Where it says "deluged -d"
<zacharynweb> I get the error message, "deluged is not installed"
<zacharynweb> do I need to install it?
<zacharynweb> because it seems unusual for linux that I would have to go around searching for multiple things to install
<zacharynweb> IrishWristwatch: problem
<IrishWristwatch> What is it?
<IrishWristwatch> oh
<IrishWristwatch> try
<IrishWristwatch> sudo aptitude install deluged deluge-webui
<zacharynweb> what does that do?
<IrishWristwatch> installs the proper packages
<IrishWristwatch> it seems like you're missing deludge
<zacharynweb> running it again
<zacharynweb> deluged -d
<zacharynweb> "There is a deluge daemon running with this config directory"
<zacharynweb> "you cannot run multiple daemons with the same config directory set"
<IrishWristwatch> ohh, seems like it's already running
<zacharynweb> "if you believe this is an error you can force a start by deleting /home/%user%/.config/deluge/deluged.pid.
<IrishWristwatch> try killall deluged
<zacharynweb> lolsy
<IrishWristwatch> although
<IrishWristwatch> you shouldnt run it from the command line anyway
<IrishWristwatch> you should set up the user config file
<IrishWristwatch> and then make the init script and start it through that
<zacharynweb> I now just enetered "deluge -u web"
<zacharynweb> and it seems like it's frozen
<zacharynweb> in the blackness
<IrishWristwatch> press ctrl+c
<zacharynweb> the little green box, hanging below the command I just made
<zacharynweb> ah, lol
<zacharynweb> ...
<zacharynweb> "unable to connect"
<zacharynweb> 192.168.1.250:8112
<IrishWristwatch> look
<IrishWristwatch> don't start it over the command line
<IrishWristwatch> First make the /etc/default/deluge-daemon and the /etc/init.d/deluge-daemon files
<zacharynweb> ah, missed that
<IrishWristwatch> When you create your /etc/default/deluge-daemon file, then specify the user you want it to run as
<IrishWristwatch> Also zacharynweb , the reason it was unable to connect is because when you press ctrl+c, it kills the program
<IrishWristwatch> if you want to send a program to the background you just add an & at the end
#ubuntu-server 2010-11-30
<zacharynweb> cool
<zacharynweb> I'm making these two files
<IrishWristwatch> ok
<IrishWristwatch> do you know how to use nano?
<IrishWristwatch> Nano is good beginner command line text editor
<IrishWristwatch> I assume you do, since you've edited some files already.
<zacharynweb> I used wget to download the .txt file from that link
<zacharynweb> cp to rename it from the .txt file
<IrishWristwatch> there is an easier way you can do it over putty
<IrishWristwatch> just do
<IrishWristwatch> sudo nano /etc/default/deluge-daemon
<IrishWristwatch> with putty, you just right-click to paste
<IrishWristwatch> then ctrl+o to save, ctrl+x to exit
<zacharynweb> IrishWristwatch: I haven't been able to right click to paste.. I've tried.
<zacharynweb> rather not bother you with my stupidity there if it does work
<zacharynweb> either way, files are there
<zacharynweb> deluge-daemon started
<zacharynweb> IrishWristwatch:   Awesome, I now have a web UI.
<IrishWristwatch> with putty, there should be an option then, honestly I don't know why you can't
<IrishWristwatch> awesome
<IrishWristwatch> :D
<zacharynweb> oh..
<zacharynweb> IrishWristwatch: ...wtf
<IrishWristwatch> password is deluge
<zacharynweb> IrishWristwatch:  Right clicking at all in putty just pasted everything.
<IrishWristwatch> lol yeah
<IrishWristwatch> you are supposed to copy the text from the website, then rightclick into nano
<IrishWristwatch> but whatever
<zacharynweb> could of sworn I'd tried to copy paste already, and it didn't work, and ctrl + v didn't work either
<zacharynweb> I even tried going to the upper left and clicking "file, edit... no paste...?"
<zacharynweb>  lol
<zacharynweb> anyway
<zacharynweb> logged into webui
<zacharynweb> IrishWristwatch:  do you have any tips about usint the deluge client?
<IrishWristwatch> the webui is technically the client
<IrishWristwatch> but, if you mean the gui client you download, it's pretty much a great replacement for utorrent
<IrishWristwatch> As for the webui, just go to the options and specify the directory you want the files to download to
<IrishWristwatch> and make sure those directories are owned by the user deluge is running under
<IrishWristwatch> Also, make an autoadd directory, then make sure that directory is shared over a samba/nfs share
<IrishWristwatch> that way you can easily add torrents just by saving them into that directory
<IrishWristwatch> if you have windows, you can even set up a drive map (which is basically giving a network share/ samba share a drive letter)
<IrishWristwatch> So that way you can just access that drive letter, and you'll be at your Samba share.
<zacharynweb> I don't have that working yet
<zacharynweb> IrishWristwatch: Are you feeling patient enough to tell me about that?
<IrishWristwatch> Have you set up Samba yet?
<zacharynweb> no
<zacharynweb> definitely not
<IrishWristwatch> ok well
<zacharynweb> I discovered linux a couple weeks ago.
<IrishWristwatch> I can tell you how to setup a simple share, but I won't go into too much detail about the entire range of stuff you can do with samba
<IrishWristwatch> since there are like a bajillion things
<draven_sol> is there a reason that apt-get upgrade is holding back my kernel on 10.04 server?
<zacharynweb> have accessible network drive storage from windows?
<zacharynweb> that sounds awesome.
<IrishWristwatch> yeah
<IrishWristwatch> Samba is tailored towards windows
<IrishWristwatch> NFS is tailored towards unix
<IrishWristwatch> and ubuntu can do both so take your pick
<IrishWristwatch> If you're one windows, do Samba shares
<IrishWristwatch> on*
<zacharynweb> sounds good
<zacharynweb> what would you suggest?
<zacharynweb> you can tell me to use google
<zacharynweb> if you'd like.
<IrishWristwatch> Are you using windows or ubuntu as your main desktop?
<draven_sol> zacharynweb, for a *nix to *nix share i use NFS
<zacharynweb> windows as my main computer
<draven_sol> zacharynweb, to share to windows pc's i use samba
<IrishWristwatch> Then use Samba shares
<zacharynweb> will
<IrishWristwatch> yeah what draven_sol said
<zacharynweb> I'll look it up
<draven_sol> https://help.ubuntu.com/community/Samba
<IrishWristwatch> zacharynweb, are you using server 10.04 or 10.10>?
<IrishWristwatch> Just curious.
<smoser> jiboumans, sorry, i'm out now. i'll maybe be back in sometime tonight, failing that, tomorrow
<zacharynweb> the latest one I think
<zacharynweb> this is weeks old
<jiboumans> smoser: sure thing. also, note that one of the mirrors is having checksum errors (see paste above)
<jiboumans> catch you later/tomorrow
<IrishWristwatch> Ah, you should use 10.04 LTS in the future.
<IrishWristwatch> Simply because Canonical will support it until 2015
<IrishWristwatch> Whereas 10.10 will only has an 18-month support lifetime.
<smoser> jiboumans, we're hoping thats in the progress of being fixed...
<zacharynweb> Yeah, 10.10
<smoser> per canonical IS ticket
<zacharynweb> huh what?
<jiboumans> smoser: ta... cloud-config chokes on that btw and aborts =/
<smoser> jiboumans, which region ?
<jiboumans> us-east-1
<jiboumans> smoser: ^
<IrishWristwatch> yeah zacharynweb, just something to remember in the future
<zacharynweb> IrishWristwatch: what do you mean support?
<smoser> yeah, thanks.
<zacharynweb> IrishWristwatch: remember what?  What's the problem?
<IrishWristwatch> Support, meaning, security updates and package updates
<IrishWristwatch> Patches, fixes, etc
<IrishWristwatch> Read this, zacharynweb https://wiki.ubuntu.com/LTS
<zacharynweb> ah, so I should keep to the LTS
<IrishWristwatch> for servers, I would.
<zacharynweb> more support
<zacharynweb> understandable
<IrishWristwatch> Just for the convenience of not having to upgrade
<zacharynweb> I will in the future
<IrishWristwatch> however, there are sometimes benefits of having a later version of Ubuntu, like 10.10 or other future release, simply because they might have features that aren't on the LTS
<IrishWristwatch> so you should research it before you install
<twb> IMO the rule of thumb is "if this host is mission critical, it should run LTS"
<zacharynweb> IrishWristwatch: I undestand, I'll kep that in mind for the future.
<IrishWristwatch> :]
<SpamapS> IrishWristwatch: backports are a way to have the best of both worlds in that case.
<wqapol> How aboutmanually updating to the latest version while keeping up ith LTS?
<IrishWristwatch> I'm wary of backports.
<SpamapS> wqapol: that can get ugly because libraries might have to be upgraded.
<wqapol> I mean manually updating only the packages deemed necessary.
<wqapol> SpamapS: Libraries in the sense?
<SpamapS> IrishWristwatch: you should be. But its a way to introduce only a little bit of the newer, less-tested releases into an LTS.
<IrishWristwatch> linux programs use system libraries
<IrishWristwatch> if you have a newer program, but an old library, it can cause unexpected results
<IrishWristwatch> is basically the gist of it
<wqapol> Hmm I see.
<IrishWristwatch> This is kind of less common if you use apt-get, since it will tell you if you have a missing or outdated dependency, but yeah
<IrishWristwatch> Skaag: interesting.
<Skaag> what is?
<IrishWristwatch> The backports.
<Skaag> I just arrived here...
<Skaag> you sure you mean me?
<Skaag> :)
<IrishWristwatch> Oh, I meant SpamapS
<Skaag> haha :)
<IrishWristwatch> Whoops.  :P
<Skaag> I'm trying to find out if the LSI2008 SAS Controller is supported in Ubuntu Server. I read somewhere in Google an old post from 2009 about it being supported in Ubuntu Desktop but not in Ubuntu Server.
<Skaag> But that's probably just outdated, and from before the Lucid times... how do I find out for sure?
<Skaag> Personally, I see no logic in it being supported in Desktop, but not in Server...
<IrishWristwatch> If it works on Desktop, chances are it works on Server
<Skaag> that's what I thought, too
<Skaag> I guess worse case, I'll use them JBOD
<IrishWristwatch> Are you doing RAID 0, 1, or other?
<Skaag> and then either try to compile a kernel with a port of the driver from Redhat or SuSE (those are officially supported), or wait for someone else to do it ;-)
<Skaag> Raid 5 I guess
<IrishWristwatch> Plus, I think Ubuntu Server might be able to do a software raid 5
<IrishWristwatch> but don't quote me on that.
<Skaag> of course it can
<Skaag> I did that many times
<IrishWristwatch> Well alright then :P
<nickmoeck> Considering that it has a RHEL 5 driver, I see no reason that it wouldn't work in Ubuntu. Might have to prod the manufacturer for the driver source or a .deb package for Ubuntu
<Skaag> right
<zacharynweb> IrishWristwatch:  If you'd like to see some of what I'm doing with my server...
<Skaag> I will write them back with that response
<IrishWristwatch> zacharynweb, do you need help with something?
<zacharynweb> IrishWristwatch:   http://beyond-sight.com/photography/    http://beyond-sight.com     etc
<zacharynweb> IrishWristwatch: Nothing else more so far.   Thank you so much for helping me so far.
<IrishWristwatch> this is being hosted from your server?
<zacharynweb> IrishWristwatch: Yes.
<IrishWristwatch> Cool
<IrishWristwatch> Skaag, what is the full model name of that card?
<IrishWristwatch> zacharynweb, looks good.  :]
<zacharynweb> IrishWristwatch: currently  http://beyond-sight.com is down
<zacharynweb> IrishWristwatch:  That was my very first webpage, however, I poorly programmeed the php, so the paths need to be rewritten to work with linux paths and directories
<zacharynweb> IrishWristwatch:  it looks much nicer
<Skaag> IrishWristwatch: I don't know yet... didn't buy the machine
<Skaag> all I know is that the chip is: LSI2008 chip
<IrishWristwatch> Question Skaag , what's a pretty reputable brand of RAID controllers for Linux/Ubuntu
<Skaag> 3Ware and MPT, I guess?
<Skaag> MPT comes with IBM Hardware
<Skaag> and 3Ware is a pretty decent raid controller
<eriksson25> Hi, anyone using rtorrent and know how you make it to create folders with diffrent permissons.
<zacharynweb> IrishWristwatch: Samba looks like a doozy to configure.  No questions yet though, our linux god-tier hero, you. lol
<IrishWristwatch> oh please.
<SpamapS> I had an 8 port 3ware SATA card that I used to run a giant (for the time) RAID 5+0
<Skaag> 9503?
<IrishWristwatch> Skaag, I've always wanted to make a RAID config
<IrishWristwatch> but I'm always too damn cheap to buy 4 hard drives
<Skaag> well, a good raid config can give you a serious performance boost or reading data very quickly.
<IrishWristwatch> Yeah I bet
<IrishWristwatch> since it's all parallel access
<Skaag> and the controller does much of the work, if the driver is well written.
<Skaag> and 3Ware adapters have a memory module that can be upgraded
<IrishWristwatch> zacharynweb, it can be pretty crazy at first
<IrishWristwatch> but if you want to setup a simple share and skip all of the other stuff for later
<IrishWristwatch> then it's pretty easy
<zacharynweb> IrishWristwatch: How would I do that?
<IrishWristwatch> eh, I guess I'll just PM you the commands
<zacharynweb> IrishWristwatch: and truthfully I consider myself a technician with windows
<zacharynweb> but anything server wise or outside windows, I'm a newb
<IrishWristwatch> don't worry
<IrishWristwatch> Linux is easier to learn than windows.
<datz> Yea, it's all just point click :P
<datz> having joins,parts,quits ignored really messes up my sense of passed time
<UndiFineD> datz, http://ubuntuforums.org/showthread.php?t=315262
<datz> humm, well.. I'm not using gnome, or xchat, and my joins,parts,quits are already hidden. :P
<datz> but not I know. ;)
<datz> It's easier to leave leave your irc client up all the time and follow what's going on if there isn't semi useless join/part spam. :)
<datz> irssi ftw btw
<UndiFineD> indeed
<Patrickdk> heh, you need useless join/part spam, to break up the conversations
<datz> hahah
<datz> it does serve to do that. But I if you can distinguish one conversation from another, you'll be fine too.
<datz> -I
<twb> In dhclient.conf, is this an ubuntuism?  send host-name "<hostname>";
<twb> Because it works on my lucid hosts but not my squeeze hosts
<twb> If I replace <hostname> with a literal hostname, it works on both
<twb> Apparently it IS a tiny ubuntu-specific patch
<twb> Dunno why it wasn't pushed upstream...
<IrishWristwatch> zacharynweb, how'd it go?
<laxa8831> hi
<laxa8831> can i set a folder within a samba share to read only when the entire share it r/w?
<laxa8831> i have a folder withing a drive id like to protect, but maintain r/w access to the rest of the drive
<UndiFineD> laxa8831, you could: chmod 755 the directory
<UndiFineD> only owner would have rwx capabilities
<laxa8831> can the owner be multiple people, or would i have to set up a group
<UndiFineD> you set a group for that
<laxa8831> ok
<UndiFineD> <ubottu> An explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions
<laxa8831> and system permissions take precendence over samba, correct?
<laxa8831> im having a bit of trouble with this
<laxa8831> ive set the owner of the test folder to ABCD
<laxa8831> and chmod to 755, but still everyone on network can create and delete files in that folder
<UndiFineD> maybe samba is running as ABCD
<UndiFineD> and therefore has all the right on that directory
<laxa8831> im using ls -l
<laxa8831> and can see the rights on the folders
<laxa8831> but i cant change them from drwxrwxrwx
<laxa8831> ive made a folder called test to play with
<laxa8831> ie, sudo chmod 755 test
<laxa8831> and the permissions dont change
<laxa8831> the owner is root
<laxa8831> cant seem to change that either
<laxa8831> ok, this is interesting
<laxa8831> when i created a folder from a network share, it appears to be owned by root
<laxa8831> is that supposed to happen?
<laxa8831> is there something im missing for chmod directory functions?
<laxa8831> this is a real head scratcher lol
<laxa8831> feel a bit like homer simpson...
<laxa8831> and when i try ls -l /test
<laxa8831> it cant find the directory
<draven_sol> laxa8831, are you locally on the machine?
<draven_sol> laxa8831, the command to change owner is: chown <user> <group> <filename>
<draven_sol> laxa8831, to change the owner of a file which is owned by root you'll need to use: sudo chown ...
<laxa8831> ok, i dont think ive set up groups yet, just individual users
<UndiFineD> !addgroup
<UndiFineD> ubottu does not know
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<KB1JWQ> I promise I'm not trolling-- but why would I use ubuntu server over debian?
<twb> KB1JWQ: predictable release dates, better security
<twb> KB1JWQ: also, my customers know of Ubuntu, so they sometimes ask for it.
<KB1JWQ> twb: Security is something of a nebulous concept; how're you measuring it?
<twb> KB1JWQ: default options in GCC is the most obvious one
<twb> KB1JWQ: ubuntu also ships with some apparmor profiles enforced by default
<twb> KB1JWQ: there was an LWN article recently about the former, and Debian was pretty much the worst of the five-or-so distros profiled.
<twb> KB1JWQ: https://wiki.ubuntu.com/Security/Features
<KB1JWQ> Reading
<KB1JWQ> I do find Upstart to be annoying.
<twb> Me too
<twb> KB1JWQ: try #ubuntu-hardened if you want to discuss security more
<KB1JWQ> Past the obnoxious startup magic, it seems almost like they'd handle roughly the same way?
<twb> Well, they're closer to one another than they are to, say, RHEL or Solaris
<KB1JWQ> I can do RHEL, CentOS, or Debian in my sleep.
<KB1JWQ> Ubuntu's still something of a strange animal.
<twb> For most purposes you can treat Ubuntu as Debian
<cappicard> hey folks. i'm trying to get bridged networking working, but i'm seeing DHCP packet received on vnet0 which has no address
<cappicard> this is kvm
<cappicard> xp running inside kvm.
<twb> cappicard: on the host, pastebin "ip l; ip a; ip r; brctl show"
<twb> Also pastebin the kvm command you're running, or the libvirt config file if you're using libvirt.
<cappicard> http://pastebin.com/JFdhMMvB
<twb> Well the first problem is that you don't have any VM ifaces attached to your bridges
<cappicard> http://pastebin.com/1CsVGNwd
<veovis_muaddib> I'm running Ubuntu server 10.04 as a multi-purpose home server, how would I go about getting it to go into a low power mode when unused, and wake again when I need it.  I enabled WoL in my BIOS, but neither my computer nor my phone seem to be able to wake it with magic packets
<veovis_muaddib> Whoops, period instead of question mark
<KB1JWQ> veovis_muaddib: Onboard NIC?
<veovis_muaddib> KB1JWQ: Yeah, I'm using the onboard NIC, I don't have a PCI NIC in there
<twb> veovis_muaddib: install sleepd or similar
<twb> veovis_muaddib: note that the magic packets usually need to originate on the same ethernet segment
<twb> veovis_muaddib: i.e. no wireless
<veovis_muaddib> twb: trying now.
<twb> sleepd just makes it go to sleep, not wake up
<veovis_muaddib> twb: I can't send a magic packet FROM wireless?  That could kill it for me
<twb> veovis_muaddib: I don't think so
<veovis_muaddib> twb: crap.
<twb> veovis_muaddib: you could ssh into your WRT and have IT send the actual frame, I guess
<twb> I started looking into that but lost interest when dinner arrived or something
<veovis_muaddib> twb: lol.
<KB1JWQ> Frames actually will traverse wireless.
<KB1JWQ> So it shouldn't be an issue provided that the originating point can SEND a wake packet.
<twb> If you say so
<veovis_muaddib> KB1JWQ: If they will go over wireless, then I wonder what my problem is....  I've sent magic packets from Wake for iOS and WakeUp for OS X.  Come morning I can test from a Windows 7 or Arch Linux machine, but they're not always available
<veovis_muaddib> twb: The sleepd man page says nothing about waking from anything other than keyboard and mouse, and Google's failing me.  Do you know if it can, or even better, how to do it?
<veovis_muaddib> *I'm probably failing to supply Google with the right keywords, but still.....
<UndiFineD> http://gsd.di.uminho.pt/jpo/software/wakeonlan/mini-howto/wol-mini-howto-3.html
<twb> veovis_muaddib: sleepd has ONE JOB -- when it decides the system is idle, it runs a command -- usually pm-suspend, which places the system in suspend-to-ram state.
<twb> WAKING from that state is not something sleepd is involved in
<veovis_muaddib> twb: Ah, yeah, now I remember you saying that earlier...  Sorry
<twb> For a desktop, you have something like gnome-power-manager instead of sleepd
<veovis_muaddib> So I have sleepd installed, and am working on configuring it.  Do you know if it will wake on ssh or smb activity?
<twb> It doesn't "wake"
<twb> But you can tell it not to sleep when there is network activity, IIRC
<KB1JWQ> I'm weird; I like my servers to be "up."
<twb> Re ssh, -w If set, sleepd will also check idletime based on utmp. This will prevent the system from sleeping while remote connections are active. It uses the time limit from -u.
<KB1JWQ> You can quiesce the disks, you can turn off peripherals, but I want to be able to hit it.
<twb> KB1JWQ: you would freak out when you saw the crazy stuff in Apple's current NICs
<veovis_muaddib> KB1JWQ: I'm at a friend's house with it, and they're demanding that it be in low power mode when not in use
<KB1JWQ> twb: I'm experiencing those issues now.  I assure you I know. :-)
<twb> KB1JWQ: it'll power down the whole device, except for the NIC, which will respond to a different MAC and handle the start of, I don't know, the TCP handshake -- and then it'll start up the "real" machine to deal with the actual request
<twb> I read about that and went ".... GTFO"
<veovis_muaddib> twb: What?
<veovis_muaddib> twb: That's nuts
<KB1JWQ> twb: That's insane.
<veovis_muaddib> twb: Mostly the change MAC part
<veovis_muaddib> I'd be troubleshooting that for days
<twb> Yup
<veovis_muaddib> Glad my mac is my client and not my server.  I'd give up on getting that working
<twb> I think it was mostly their embedded gank, not workstations
<veovis_muaddib> ah
<cappicard> is kvm capable of doing remote sound or is RDP to the guest the only way?
<cappicard> kvm is living on my headless server
<twb> cappicard: kvm is not a remove framebuffer protocol
<twb> I imagine you could arrange something using pulseaudio or nas, but I've never tried it.  Neither X11 nor RFB (VNC) support remote audio.
<veovis_muaddib> cappicard: I have yet to find anything that will allow remote audio in any way.  If you find something, I'd appreciate a link.
<veovis_muaddib> looking at pulse and nas now though
<twb> In theory you could even just tunnel /dev/dsp over ssh or something
<UndiFineD> veovis_muaddib, how about a phone ? :P
<veovis_muaddib> UndiFineD: lol
<veovis_muaddib> UndiFineD: Though, on that topic, that is a device I'd like to pipe audio to...
<syn-ack> Derek.
<syn-ack> veovis_muaddib, Pulse Audio does.
<syn-ack> supposedly.
<veovis_muaddib> syn-ack: Yeah, twb mentioned it, so I'm looking at it now.  All Google is showing are people having problems with it
<syn-ack> I've never used it in such a fashion, myself, so...
<twb> I saw it done once with asterisk, I think
<syn-ack> interesting.
<syn-ack> I never even thought about doing that with Asterisk.
<twb> I don't mean using asterisk to tunnel the noises
<twb> I mean he used pulseaudio to tunnel noises asterisk made/received/something
<syn-ack> No, the hold music, right?
<syn-ack> ah
<syn-ack> twb, That's still an interesting take on it, though...
<cappicard> hmm...
<UndiFineD> o/ nigelb
<nigelb> haha
<alcy> anyone deploying a mysql cluster on 10.04 around here ? can't seem to find the right way to setup 'em up. don't want to use mysql binary packages, but ubuntu's are not reliable either.
<twb> Define "not reliable"
<alcy> ...not not reliable per se, but its broke...there are open bugs with high priority but the maintainer hasnt replied.
<alcy> this is the bug https://bugs.launchpad.net/ubuntu/+source/mysql-cluster-7.0/+bug/576528 ... but it doesn't seem serious functionality wise.
<uvirtbot> Launchpad bug 576528 in mysql-cluster-7.0 "auto-install-tester can not install/remove this package:  trying to overwrite '/usr/bin/my_print_defaults', which is also in package mysql-server-core-5.1 0:5.1.41-3ubuntu12" [High,Confirmed]
<alcy> hence, the important query. :) is anyone deploying them on 10.04 ? if yes, are they using the repo packages ?
<SpamapS> alcy: who is the "maintainer" ?
<SpamapS> alcy: looks like that package does need some love. ;)
<alcy> SpamapS: zul
<SpamapS> alcy: how is zul the maintainer of mysql-cluster-7.0 ?
<alcy> "Original Maintainer: Chuck Short <zulcss@ubuntu.com>" ...zul on irc :)
<SpamapS> alcy: but thats not really "the maintainer" ;) MOTU is as much responsible as anyone else
<SpamapS> alcy: that High confirmed bug seems like a duplicate of another one..
<SpamapS> alcy: anyway, I would agree with you that it needs some love.
<alcy> SpamapS: meanwhile, at my machine installation "hangs" at this "/etc/init.d/mysql: line 116: /etc/mysql/debian-start: No such file or directory invoke-rc.d: initscript mysql, action "start" failed." there's a defunct mysql process. got a clue ?
<alcy> actually not a mysql process, its apt only.
<SpamapS> alcy: weird
<alcy> anyway, i am copy-pasting that file from another machine
<SpamapS> alcy: I'm getting close to pass-out level of exhaustion.. so I'm not feeling all that clever right now
<alcy> SpamapS: heh, thanks for the help anyway :)
<nigelb> 31
<nigelb> gah
<Psi-Jack> Is there no package in Ubuntu 10.04.1 that has dlm_controld.pcmk for pacemaker's dlm?
<twb> apt-file will tell you
<Psi-Jack> I used apt-file to search for it, with no results, which seems a little odd to me.
<SpamapS> Psi-Jack: Psi-Jack what is the file?
<Psi-Jack> dlm_controld.pcmk
<SpamapS> Psi-Jack: cman has /usr/sbin/dlm_controld
<SpamapS> I have no idea what a pcmk is
<Psi-Jack> Pacemaker
<Psi-Jack> cman's dlm_controld is compatible with RHCS, where dlm_controld.pcmk is compiled for pacemaker.
<TeTeT> wasn't there a PPA for all of the high availability stuff? That might contain working packages
<nigelb> https://launchpad.net/~ubuntu-ha/+archive/ppa
<Psi-Jack> Hmmm.. A testing PPA, deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main
<uvirtbot> New bug: #683007 in openvswitch (universe) "openvswitch-datapath-dkms binary package contains object files" [Undecided,New] https://launchpad.net/bugs/683007
<zacharynewb> hello
<uvirtbot> New bug: #683008 in openvswitch (universe) "debian/patches/debian-changes-1.1.0~pre2-5ubuntu3 is unnecessary" [Undecided,New] https://launchpad.net/bugs/683008
<ttx> zul: late pong
<[diablo]> morning
<[diablo]> anyone recommend the best clustering FS to use for the following please:
<[diablo]> I have 2 x machines running Ubuntu Server 10.10, with KVM/libvirt
<[diablo]> for storage I have an iSCSI LUN made available to (currently) one machine
<[diablo]> the KVM machine slices the LUN (/dev/sdb) into partitions with LVM
<[diablo]> so each guest is on a physical partition
<[diablo]> well, lvm partition I should say
<[diablo]> I am looking for a method to migrate a guest from one machine to the other... seems clustering is needed
<fale> hi
<fale> I'm looking for the meta package ubuntu-server, but I can't find it :( any suggestions about where I can find it?
<joschi> fale: what does this package provide in your opinion?
<fale> joschi: the list of the packages that is needed to be installed to have the ubuntu-server cd ;)
<joschi> fale: try ubuntu-standard
<fale> joschi: are you sure that is the server list?
<joschi> fale: no, but that's the package installed. of course there's also the task list 'server', but that's no single package ;)
<joschi> fale: `man tasksel`
<fale> joschi: that's interesting :) I'll look into it, thanks :)
<alcy> wonder why mysql is ignoring some settings in my.cnf. can't get around debugging this, any clue ?
<alcy> afaik, the configuration directives are under the right sections
<alcy> to be specific, the master-host dire3ctive for implementing replication is not getting changed.
<fale> joschi: I wonder why some things are made with meta-package (like ubuntu-desktop...) and other with tasksel :/
<intheloopback> Does somebody has experience with backuping a VM? Do you backup a stopped or running VM? Which method do you use?
<Error404NotFound> how can i force a specific PHP version to be used for a vhost? I have compiled php5.2.14, enabled fastcgi and my vhost configuration is at http://pastebin.com/jB0AbK7Z but for some reason if i don't use php5 module, php5.3.3 is used. I want to use php5.3.3 for all other stuff while php5.2.14 only for this vhost.
<Error404NotFound> intheloopback, if vm is hosted on a lvm volume, you can take snapshot while vm is running, i believe.
<jussi> is this still the correct way to install lamp (10.04)  "sudo tasksel install lamp-server" - the docs on h.u.c are very old (talk about 7.04)
<Error404NotFound> jussi, thats correct way as long as tasksel is present on system :)
<jussi> thanks!
<pmatulis> intheloopback: it depends what you want to back up
<intheloopback> pmatulis: ideally the entire vm from the host systems, but I think that this can produce an inconsistent copy. But at least I need to backup home directories, web server and a MySQL database
<pmatulis> intheloopback: so shut down the guest and copy it's file image (or lvm volume) somewhere
<mdlueck> We have been having difficulties attaching USB HDD's to our servers since upgrading to 10.04 LTS. https://bugs.launchpad.net/bugs/645211  Using the work-arounds to get the drives to show up connects them as if at USB 1.1 speed which is unacceptable. Suggestions?
<uvirtbot> Launchpad bug 645211 in linux "USB HDD and Flash Drives no longer recognized" [Undecided,New]
<Slyboots> Hello
<Slyboots> im curious; anyone able to suggest a decent web-based system manager for Ubuntu server? Right now I have to ssh in and do everything via the CLI.. but since Im building a NAS server its preferable to have control over a web-interface
<Psi-Jack> Slyboots: Webmin
<Slyboots> I thought that was incomptable with Ubuntu
<Psi-Jack> Personally I've found OpenSUSE makes a better NAS server than Ubuntu.
<Psi-Jack> Slyboots: No, #ubuntu doesn't support it. Webmin supports Ubuntu, however.
<Slyboots> Mm
<l3dx> Psi-Jack: why do you prefer opensuse?
<Psi-Jack> l3dx: Simplified, secure, yast2 can configure... practically almost anything from GUI, TUI, and cli.
<pmatulis> has anyone used the phoronix test suite with lucid?  i've found that their tests don't build at all
<TheNetuno> hola como esta too aka?
<uvirtbot> New bug: #673654 in clamav (main) "Upcoming clamav release with security fixes" [Undecided,New] https://launchpad.net/bugs/673654
<kirkland> smoser: hey
<kirkland> smoser: I'm trying to launch a desktop image from http://uec-images.ubuntu.com/desktop/natty/current/
<kirkland> smoser: first, I note that the "current" symlink is pointing to 11/26
<kirkland> smoser: but second...
<kirkland> kirkland@x201:~$ ec2-run-instances ami-a7a650ce --instance-type t1.micro --region us-east-1 --key ec2-keypair
<kirkland> Client.AuthFailure: Not authorized for images: [ami-a7a650ce
<smoser> 1129 is failed build
<kirkland> smoser: 'sup with that?
<kirkland> smoser: okay ... and my failure?
<smoser> kirkland, i'll look at it in a bit. "that should'nt happen" :)
<kirkland> smoser: k
<hggdh> isn't there a meeting now?
<zul> yes
<hggdh> where?
<Daviey> hggdh: yes, previous overunning
<hggdh> oh, OK
<uvirtbot> New bug: #683198 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/683198
<smoser> kirkland, i have no idea what went wrong there.
<smoser> those ids do exist, they just have no attributes
<phretor> the logrotate process was <defunct> on one of my systems, so I just `sudo logrotate /etc/logrotate.conf` to see if it restarted. Now it disappeared from the proc table: how can I check if logrotate is in a sane status?
<kirkland> smoser: okay
<kirkland> smoser: i was able to start a maverick instance and try x2go
<smoser> it seems to me it has to be an issue on the amazon side
<smoser> note, that you cant boot an i386 natty instance anyway (bug 669496)
<uvirtbot> Launchpad bug 669496 in linux "natty fails ec2 boot on i386 or t1.micro" [Critical,Confirmed] https://launchpad.net/bugs/669496
<b0gatyr> morning, can someone explain to me how or in what way having multiple DNS 'A' records that point to a  single IP can help a webserver?
<patdk-wk> heh?
<patdk-wk> if one of your webservers is down
<c0nv1ct> b0gatyr, so it works with www.domain.com as well as domain.com?
<smoser> kirkland, i swear that is ec2 failure
<smoser> the us-west-1 amis for that build are good
<smoser> but other regions disappeared.
<kirkland> smoser: okay
<smoser> its not like my scripts make up numbers.
<smoser> they register, and check exit codes of 'ec2-register' and the like. i've never seen this before.
<phretor> any idea about my logrotate question?
<ikonia> phretor: what was the question, I missed it
<phretor> ikonia: the logrotate process was <defunct> on one of my systems, so I just `sudo logrotate /etc/logrotate.conf` to see if it restarted. Now it disappeared from the proc table: how can I check if logrotate is in a sane status?
<b0gatyr> c0nv1ct: well not sure, but if you do a 'dig' on wikileaks.org for example the query returns multiple A records pointing at the same IP
<ikonia> phretor: if it's defunct it's probably dead/zombied
<ikonia> phretor: if it's not showing that state, it's probably running fine (at a basic level)
<c0nv1ct> b0gatyr, oh, in that case i have no idea how that is useful
<ikonia> phretor: on ubuntu logrotate is launched from cron I think so it shouldn't be running all the time
<ikonia> not %100 certain though
<phretor> ikonia: I see, so it might be running fine. I will check tomorrow if rotate logs exist.
<b0gatyr> c0nv1ct: the IPs do resolve to amazon EC2 .. maybe using elastic IPs?
<smoser> JamesPage, i would like to get some of your time at some point... i'd like to have our ec2 tests into hudson, but really have no idea what that would mean.
<smoser> s/mean/entail/
<JamesPage> smoser: no problem; I'm intending spending some time this week on test automation
<zacharynewb> hi guys
<zacharynewb> can someone help me set up a samba share?
<T3CHKOMMIE> hey guy, need help finding an old bash command i forgot.
<uvirtbot> New bug: #683222 in php5 "php-fpm children constantly exiting (immediately)" [Undecided,New] https://launchpad.net/bugs/683222
<T3CHKOMMIE> the command runs a dos-like gui tool on ubuntu server that lets you select server roles and such
<T3CHKOMMIE> its much like when you install the server you can hit space bar and select ldap server lamp server printer server... etc
<TeTeT> T3CHKOMMIE: tasksel maybe
<zacharynewb_> Hhi guys
<zacharynewb_> can someone help me setup a samba share?
<T3CHKOMMIE> TeTeT, thanks i think thats it lemme give it a shot.
<TeTeT> zacharynewb_: probably this will help: https://help.ubuntu.com/10.04/serverguide/C/samba-fileserver.html
<zacharynewb_> thanks, I'll look
<T3CHKOMMIE> zacharynewb_, samba is pretty simple i can help you if you get stuck.
<zacharynewb_> T3CHKOMMIE: I appreciate it.
<zacharynewb_> T3CHKOMMIE: I followed those instructions
<zacharynewb_> T3CHKOMMIE: and I can see that there's a "share" and now my server is showing up on the windows network, but my login is being rejected
<T3CHKOMMIE> have you messed with the config file?
<T3CHKOMMIE> /etc/samba/smb.conf
<zacharynewb_> T3CHKOMMIE: Yes, I did. I figured it out though
<slyboots> Hello again :)
<aljosa> i have a big folder (~75GB) filled with 1kb files and i need to delete folder or everything inside. rm -rf big_folder would take a long time and occupy cpu, any suggestions on howto remove big_folder fast?
<zacharynewb_> T3CHKOMMIE: When I first installed Samba, it said "enter new samba password"
<T3CHKOMMIE> zacharynewb_, great. thats about all you need
<zacharynewb_> and I gave it a password
<zacharynewb_> It's not using my login password for my user account on the server
<T3CHKOMMIE> oh, interesting. never had a set up a smb password
<slyboots> This might be rather simple; but it has me puzzled.. "Got Ubuntu setup as a NAS with several services downloading files for me and placeing them into folders and whatnot.. What I want to have happen is when it create files in certain folders for thsoe files to inheret certain permissions
<T3CHKOMMIE> are you running ubuntu server?
<zacharynewb_> yeah, the guy who told me about it said it was weird too
<slyboots> Mainly Group Read/Write
<zacharynewb_> T3CHKOMMIE: Yes, GUIless Ubuntu 10.10
<slyboots> I think this can eb done by Umask? Im just not sure how
<T3CHKOMMIE> how did you install samba?
<zacharynewb_> slyboots:   sudo chmod g+s  or something like that, it makes it so anything new created in the folder inherits that parent folders' permissions.
<slyboots> And thats a permanent effect?
<slyboots> Mm.. (s) Set user/Group ID on execution
<zacharynewb_> slyboots: So I've read.
<slyboots> Sounds perfect
<zacharynewb_> T3CHKOMMIE: I installed with "sudo apt-get install samba"
<zacharynewb_> slyboots: Please do go check it first, I'm new to linux, but I had to address that same issue
<zacharynewb_> slyboots: I was having issues where the folder, that belonged to the user, wasn't letting them write to it, turns out the child files/folders didn't have the same permissions
<zacharynewb_> sudo chmod made it so they inherit automatically, but like I said, new to linux.  I'm a computer technician with windows and hardware, but not linux and mac
<slyboots> hmm
<zacharynewb_> T3CHKOMMIE:  I can't create files or folders using the samba share
<zacharynewb_> I can view the files in the shared folder with a password
<zacharynewb_> but I can't write
<slyboots> Yea thats not working anyway
<T3CHKOMMIE> zacharynewb_,
<T3CHKOMMIE> its a permissions issue.
<slyboots> New files inside the folder dont inherent the permissions
<T3CHKOMMIE> you can chmod your folders
<T3CHKOMMIE> or you can change your smb.conf file to allow read/write
<zacharynewb_> slyboots: New files that are created inherit permissions automatically, from what I read.
<qman__> by default, new files that are created get permissions based on the user that created them
<zacharynewb_> slyboots: There was another seperate command, to recursively go through the folders and sub folders and files to change all their permissions to match the parent, but I forget it
<slyboots> Yea chmod -R
<qman__> if you want to set other permissions, see the "create mask" "force user" and "force group" directives
<slyboots> But I want this to happen automatically..
<qman__> slyboots, ^
 * slyboots blinks
<Psi-Jack> And it's directories. Not folders. :p
<zacharynewb_> similar
<Psi-Jack> How is a graphical icon similar to a directory containing files?
<Psi-Jack> man ls, what's "NAME" say about it?
<Psi-Jack> ls - list directory contents
<zacharynewb_> damn it
<Psi-Jack> Show me 1, just 1 manpage that refers to directories as "folders", and I will pay you $20 for it.
<zacharynewb_> The folders are owned by "zacharyguest" to limit privleges
<zacharynewb_> slyboots: What's the command to manually take ownership everything in a folder?
<slyboots> chown user:group -R foldername will do it
<Psi-Jack> directory.
<zacharynewb_> lol
<zacharynewb_> FOLDER
<Psi-Jack> d, i, r, e, c, t, o, r, y, simple.
<zacharynewb_> not as simple as "folder"
<slyboots> Why is it so complicated to have inheretered permissions
<Psi-Jack> As I said, show me 1 single manpage that talks about directories as if "folders", $20.
<zacharynewb_> directory uses more awkward keys and more of them, thus, more complicated.
<Psi-Jack> Shorthand is dir.
<zacharynewb_> yeah..
<zacharynewb_> well
<Psi-Jack> Wanna talk complicated, you.
<zacharynewb_> GRR
<zacharynewb_> I'm a windows user
<zacharynewb_> You should see my battlestation.
<slyboots> Or like.. having two groups with two differet permissions.. that seems to be actually impossible
 * Psi-Jack holds back his laughter, only for a second.
<Psi-Jack> Okay, guys, wanna learn something?
<Psi-Jack> ACLs!
<slyboots> ACL's are *not* fun
<Psi-Jack> yes, Linux has them for every native filesystem.
<slyboots> I'ave already tried that
<Psi-Jack> Hell, even nautilus and dolphin have support for gui-enabled ACL editing.
<zacharynewb_> OMG IT WORKS
<zacharynewb_> I LOVE ALL OF YOU
<datz> even me?
<zacharynewb_> MY SAMBA SHARE IS BEAUTIFUL
<zacharynewb_> YES, EVEY YOU, SMALLS
<zacharynewb_> even*
 * datz got a free ride
<zacharynewb_> my beautiful server
<zacharynewb_> and the printers are showing too
<zacharynewb_> I love you linux
<Psi-Jack> zacharynewb_: Now, try setting up two servers with DRBD drive replication, iSCSI exporting multiple lvm logical volumes with pacemaker's cluster stack. clvm, dlm, and iscsi-tgtd or iet.
<zacharynewb_> what do you guys think about wikileaks?
<zacharynewb_> Psi-Jack: WTF are you saying?
<Psi-Jack> Oh, and a VIP for the active one of the replication.
<zacharynewb_> Psi-Jack: SPEAKEH ENGLISH, mother tucker
<zacharynewb_> Psi-Jack: what is drbd drive replication?
<Psi-Jack> It's perfect English. Just wayyyy over your head, folder-speaking varmint.
<zacharynewb_> Psi-Jack:  yes, advanced linux work is indeed over my head
<slyboots> Good to see the rude linux guru is alive and well :P
<zacharynewb_> Psi-Jack: html, php, batch, basic TIBASIC, javascript, java, VB, are not over my head. :D
<Psi-Jack> zacharynewb_: DRBD is where you have a two physically different systems replicating the same device, partition, or volume.
<Psi-Jack> Over the network.
<Psi-Jack> Like Raid1 over the wire.
<zacharynewb_> Psi-Jack: sharing the same device between both of them?
<zacharynewb_> Psi-Jack:  that doesn't sound too hard
 * Psi-Jack chuckles.
 * zacharynewb_ can chuckle too
<Psi-Jack> And no, not sharing the same device.
<Psi-Jack> Two seperate devices sharing the /exact/ same content.
<Psi-Jack> Mirrors.
<Jon__> dumb question, where can i find a trustworthy ubuntu 10.10 aws ami with < 10gb file size
<linuxnewb> seriously doesn't sound hard.
<Psi-Jack> Jon__: aws ami?
<Jon__> ami for amazons ec2 free tier
<Jon__> they only let u use 10gb for free
<Jon__> and ubuntu only does 15gb ami's
<linuxnewb> Psi-Jack:   Btw, do you by chance know the 72 character long key for the latest wikileaks file?
<Psi-Jack> No clue. Don't use Amazon EC2,.
<Psi-Jack> I run my own equivalent of EC2, out of my home.
<zacharynewb> :D
<Jon__> your own equivelent being vmware or what
<Psi-Jack> kvm, of course.
<Jon__> nice
<Psi-Jack> Vmware by itself sucks.
<zacharynewb> Psi-Jack: Can I share a samba share over the internet using my domain name/
<zacharynewb> ?
<Psi-Jack> And it's extremely too hardware dependant.
<Jon__> yeah im on comcast so to host games im using vps's and amazon right now
<Psi-Jack> I'm on Brighthouse, yet, I have business class service for only $8 more a month than normal.
<Psi-Jack> With 5 IPs.
<Jon__> geez, nice deal
<zacharynewb> Actually, one reason I was setting up my server is so that other people coule use it
<Psi-Jack> I'm about to upgrade to their Lightning service, which is 40 MBit down, 5 MBit up.
<zacharynewb> I'm on verizon fios, decent 3 MB/s connection with low ping
<Jon__> fios = comcast at basic package
<Psi-Jack> Which even beats Fios.
<zacharynewb> um
<Jon__> yeah that lightning service would be nice
<zacharynewb> Comcast fucking sucks
<Psi-Jack> zacharynewb: LANGUAGE!
<zacharynewb> sorry
<Jon__> Comcast is actually pretty good in my opinion
 * Psi-Jack gets his wooden stick out, ready.
<Derek> i'm having trouble setting up a KVM of lucid that i can just SSH into as soon as it's created
<Jon__> and its speeds are exactly the same as fios at the basic package
<Jon__> if you pay extra then yes fios will be faster
<zacharynewb> using comcast, we were throttled, they blocked torrent traffic, iffy connections, customer suppoer was terrible
<zacharynewb> high ping
<Jon__> verzion doesnt?
<zacharynewb> Not that I've noticed
<zacharynewb> or not enough that I've cared to notice
<Jon__> i try to stay under my 250gb cap with comcast
<Jon__> thats the only downside
<Psi-Jack> Blocked torrent traffic to known obvious illegal sites, you mean.
<Jon__> yeah comcast isnt blocking my private trackers at all
<Jon__> and when i was hosting games they wernt blocking all the random connections to my house
<zacharynewb> Jon__:  Psi-Jack  When I was room mating last year, we had two fios connections into our house
<Jon__> although technically i am break tos when i use it to host my website or games
<Psi-Jack> Doesn't block legit trackers, either, like the one OpenOffice used to be on, before Oracle owned them.
<zacharynewb> Psi-Jack:  Jon__   We ran servers on one, a room mate was a security clearance web administrator, had his own setup as well
<Jon__> nice zach
<Psi-Jack> zacharynewb: Uh huh.. Not impressive at all.
<zacharynewb> on the other fios connection, we gamed, netflix, movies, PS3, Xboxs, hosting things. Pretty awesome
<smoser> kirkland, ping
<zacharynewb> Psi-Jack: Hey, our setup was prety awesome
<Psi-Jack> I doubt it.
<kirkland> smoser: pong
<smoser> i just put a "package" of my bug 625364 hack together
<uvirtbot> Launchpad bug 625364 in pm-utils "lenovo/thinkpad T400[s]/T500/W500/X60 suspend fails" [Critical,Confirmed] https://launchpad.net/bugs/625364
<smoser> https://launchpad.net/~smoser/+archive/ppa/+packages
<smoser> should i put a link to that in the bug ? or does that ultimately not useful
<Psi-Jack> Oh dang, I thought this was ##Linux for some reason. ;)
 * Psi-Jack chuckles.
<kirkland> smoser: i don't see a pm-utils build in that ppa
<smoser> no pm-utils
<smoser> lp-625364-hack - 0.1
<Psi-Jack> But still.
<Derek> anyone know how to KVM of lucid that i can just SSH into as soon as it's created, i've tried the --addpkg and --ssh-key builder options and neither lets me ssh in once done
<kirkland> smoser: wow, that's the name of the package?
<smoser> yes.
<kirkland> smoser: well, that's not how I would have done it :-)  but okay...
<smoser> why not ?
<zacharynewb> Psi-Jack:  Why do you doubt me?
<smoser> if i build a pm-utils package, then pm-utils gets reved and my package removed, and your thinkpad overheats
<Psi-Jack> zacharynewb: 2 servers, hardware Raid10 6-drive setups running DRBD replication, exporting iSCSI volumes for kvm servers and shared storage for clustered virtual kvm webservers, including replicated LDAP servers for centralized authentication. 4 physical servers, 2 of which running the actual active-passive failover routing of the network, also the host systems running multiple kvm servers,
<kirkland> smoser: yeah, agree with that
<Psi-Jack> clustered and live-migratable between any 4 physical servers, on demand, manually, or on failover.
<Psi-Jack> 2 Physical systems running dedicated mysql, replicating with active-failover.
<kirkland> smoser: i'd probably just a) put your script in people.canonical.com/~smoser
<Psi-Jack> 2 physical systems running dedicated postgresql, also replicating with active warm standby for failover.
<kirkland> smoser: and put the 1-line needed to sudo wget that script to the right location
<zacharynewb> Psi-Jack:   See, individual systems is my thing, I have little experience with anything outside a basic network
<Psi-Jack> zacharynewb: And that's just the start of what I have, at home, live. ;)
<zacharynewb> Psi-Jack: I bet you can't hack my server
 * Psi-Jack just shakes his head. "Grow up, moron."
<smoser> kirkland, meh... this way i can actually deliver an update with a fix.
<smoser> but the point is the same.
<Psi-Jack> I can program, as in hack, all day long, perfectly good interfaces for management of such things.. Which ironically, I am. ;)
<smoser> is it even helpful to make it easier for people to get a hack, not a real fix.
<kirkland> smoser: as could you re-upload to people.canonical.com
<smoser> yes, but then someone would have to know they should go get it
<smoser> we have this network aware archive management thingy
<smoser> called 'apt' and it runs and pulls down packages and installs them.
<smoser> its really nice
<kirkland> smoser: hmm, yeah, but I'm not going to leave your ppa in my sources.list
<smoser> :)
<Psi-Jack> smoser: Like, Bacula?
<kirkland> smoser: i have no idea what kind of crack you're putting in there
<Psi-Jack> Oh, no. LOL
<smoser> oh, i have lots of crack there.
<kirkland> smoser: and if i add your ppa, i've essentially given you root on my box
<smoser> most of it just waiting to root kirkland's machine.
<Psi-Jack> kirkland: But hey, at least it's all GPG signed.
<kirkland> $ grep smoser /etc/apt/sources.list; echo $?
<kirkland> 1
<smoser> if grep kirkland /etc/passwd; then sudo -Hu kirkland ssh-import-id smoser && email smoser ip-address; done
<Jon__> im very proud of myself
<Jon__> i can download via console with wget now
<kirkland> smoser: heh
<zacharynewb> Psi-Jack: I made my server to serve me, to do things, and to learn
<zacharynewb> Psi-Jack: If someone can hack my server, I'd like to learn about it.
<kirkland> cat /etc/hosts.deny
<kirkland> ALL: PARANOID
<kirkland> smoser: :-)
<smoser> yeah, i could have dropped the 'sudo'
<zacharynewb> if learning about it takes someone screwing with my server, awesome. :D
<smoser> as it runs as a post script, so as root anyway
<kirkland> smoser: okay, so the fact that you packaged your fix is "nice", but i'm just saying not necessary
<Jon__> ive been lucky no1's tryed to mess with mine
<smoser> but my question remains.
<zacharynewb> Jon__: thats no fun
<Jon__> it is when ure learning like me
<kirkland> smoser: which is... should you drop a link to it in that bug?
<smoser> does it "help" anything, or does it actually hurt it.
<smoser> right.
<zacharynewb> Jon__: learning through harsh hilarious examples is fun
<Jon__> lol true
<Jon__> so in the interest of securing my servers and not running as root
<Jon__> i created a user and gave him a pass
<zacharynewb> you get to see how water drowns your base and all of your workers
<Jon__> then logged in as him
<zacharynewb> Jon__:  Ever played Dwarf Fortress?  Dying is called "fun"
<zacharynewb> or how a golbin squad comes in and kills you
<Jon__> however when i try to use sudo he isnt in the sudo list
<Jon__> how do i do that
<Jon__> i tryed df i couldnt get into it, people i play with on minecraft love talking about df
<kirkland> smoser: meh, i don't think it hurts; but i don't think it necessarily helps either
<kirkland> smoser: sorry to be non-committal
<zacharynewb> Jon__:  Dwarf fortress has a crappy user interface
<smoser> well, i tihnk it does help. since i split up the fix into 2 comments...
<zacharynewb> Jon__:  but it's a lot of fun
<smoser> ie, one that has the fix, and one that says "oh that didn't work, put it in a different location" :)
<smoser> anyway
<jiboumans> smoser: hi
<smoser> i have other things to do. that package is there.
<kirkland> smoser: that's fair
<smoser> jiboumans, hey
<zacharynewb> Jon__:  Also, you HAVE to have a graphics pack, or you'll be stuck with the original crappy ascii art pictures
<jiboumans> smoser: got a moment to look into this cloud-init business?
<Jon__> ah
<smoser> yeah
<Jon__> yeah i had no graphics pack
<Jon__> and it all looked identical
<jiboumans> smoser: awesome. i have an instance running that exhibits the problem and i can reproduce it
<kirkland> smoser: the one thing I would do, though, if you do point to a package in that bug is create a new ppa under your name just for this hack
<jiboumans> it looks like the 'runcmd' sections make it onto the instance jsut fine and if i run it manually it does what i expect, but i can't see any evidence of it being run by cloud-init
<jiboumans> smoser: what info do you want/need to debug it?
<zacharynewb> Jon__: Dwarf fortress is like minecraft, except MUCH larger, you have other fortresses working against you, and you're god controlling a bunch of miners under you to build an entire economy
<kirkland> smoser: so that people adding your ppa to get the package get only this package, and not all of your other crack
<smoser> what is "it" ?. do you have a user-data file ?
<smoser> you should have something in /var/lib/cloud/data/scripts called 'runcmd' (i think thats its name)
<jiboumans> smoser: it's sent as data as part of a boto call to launch instances
<jiboumans> smoser: yup, i have that
<smoser> i'm guessing this is 10.04 ?
<zacharynewb> I seriously want that key to wikileaks
<jiboumans> smoser: you got it :)
<smoser> if you have that runcmd script, then i would surely think that it does get run
<smoser> whats the ami ?
<jiboumans> smoser: it's not being run as far as i can tell. is there an artifact in the logs that shows me that it ran?
<jiboumans> smoser: ami-0e1bec67
<smoser> jiboumans, testing a script here really quick to make sure it "works for me"
<smoser> you do know, though, that that is a daily, and might jsut be deleted tomorrow, right ?
<jiboumans> smoser: eh.. no
<jiboumans> damn it, did i look at the wrong list?
<jiboumans> i wanted latest updated release by you
<smoser> http://uec-images.ubuntu.com/server/releases/lucid/
<smoser> but, with better machine formated at http://uec-images.ubuntu.com/query/
<smoser> specifically http://uec-images.ubuntu.com/query/lucid/server/released.current.txt
<smoser> ok, but on to your problem...
<jiboumans> smoser: thanks for catching that
 * jiboumans updates his scripts
<smoser>   /var/lib/cloud/data/scripts/runcmd is written by cloud-init (/etc/init/cloud-config-misc.conf)
<smoser>  and is executed by /etc/init/cloud-run-user-script.conf
<jiboumans> http://nopaste.snit.ch/26298 # this is mine
<smoser> its output will go to the ec2 console
<smoser> hm..
<jiboumans> i'm not seeing the 'hello world', there's no /etc/hostname.userdata and the hostname is set to the ec2 default
<jiboumans> so none of those 3 seem to have actually run
<jiboumans> is there something in the losg that tells me that cloud-run-user-script has run?
<smoser> so if you run: sudo cloud-init-run-module once-per-instance user-scripts execute run-parts --regex '.*' /var/lib/cloud/data/scripts
<zacharynewb> I've set up a samba share, can I access it over the internet via my domain name?
<smoser> what do you see (that is taken from cloud-run-user-script)
<zacharynewb> if I can, what ports does it need, and what security issues should I worry about?
<jiboumans> smoser: privmsg'ing output
<smoser> ok, given "already run" indicates it already ran
<smoser> :)
<smoser> you probably have a marker file in /var/lib/cloud/sem/user-scripts.i-*
<smoser> which is what is written when it runs
<smoser> remove that and try above again
<jiboumans> smoser: after running it (even though it said 'already ran'), the /etc/hostname file is updated *and* the /etc/hostname.userdata file exists with the new hostname
<patdk-wk> heh, it's not all about being able to access >2-3gigs of cache ram? :)
<patdk-wk> oh opps
<smoser> hm.. it doesn't seem likely... you're sure that wasn't the case before ? you can look at the code path in /usr/bin/cloud-init-run-module
<smoser> it doesn't seem likely to me that it would run that and also say that it already ran
<smoser>     if cloud.sem_has_run(semname,freq):
<smoser>         sys.stderr.write("%s already ran %s\n" % (semname,freq))
<smoser>         sys.exit(0)
<jiboumans> smoser: i can fire up another instance and just give you access if you like
<jiboumans> smoser: yes, i'm sure, i checked both files before
<jiboumans> i didn't check the marker files
<smoser> jiboumans, sure
<jiboumans> smoser: http://nopaste.snit.ch/26300
<smoser> or, if you dont have anything private in user-data, you can just give me what you had there.
<smoser> and i can launch my own
<jiboumans> let me double check
<smoser> jiboumans, i suspect that something is blocking run-user from running
<smoser> and it always would have run, just very late in the game and you were always looking before it did run
<jiboumans> smoser: the only private section is our puppet section
<jiboumans> i'm removing that, but i'm not sure if it would affect anything, so i'm letting you know
<smoser> well, that should be unrelated. you can just remove it. yeah.
<smoser> oh
<smoser> that is it
<jiboumans> hmm?
<smoser> that user script will now block on the puppet portion being consumed
<smoser> it wont run until puppet stuff is finished
<jiboumans> what is 'finished'?
<zacharynewb> What ports do I need enabled to access my samba share?
<jiboumans> smoser: just until /etc/init.d/puppet start has returned?
<smoser>  /etc/init/cloud-run-user-script.conf has 'start on (stopped rc RUNLEVEL=[2345] ... and stopped cloud-config-puppet ... )'
<smoser> look in /usr/share/pyshared/cloudinit/CloudConfig.py for what puppet does. but i suspect that htat is what is blocking..
<smoser> maybe we're running down a rathole, but try removing the puppet section and running it.
<smoser> i think you'll get your runcmd stuff run
<jiboumans> i'll give that a go... and puppet does take some time to set up
<jiboumans> hmm
<smoser> then, add it back in, and i thikn that when you ssh in, you'll see a process 'cloud-init-cfg config-puppet' running
<smoser> this would explain why that change magically happened even though it was "already run"
<smoser> (ie, the timing was just right)
<jiboumans> that would make sense
<jiboumans> let me go give that a try
<jiboumans> smoser: indeed, upon login the cloud config for puppet is running
<jiboumans> let's see what happens when that's done
<jiboumans> smoser: there's a few minutes between when the puppet timestamp and the runcmd timestamp are put in place though:
<jiboumans> -rw-r--r-- 1 root root   13 2010-11-30 18:40 user-scripts.i-efda9282
<jiboumans> -rw-r--r-- 1 root root   13 2010-11-30 18:36 config-puppet.i-efda9282
<jiboumans> and from the ps output during that time, nothing cloud-config/init related appears to be running
<smoser> well its waiting on *something*
<smoser> it could be waiting on "stopped rc RUNLEVEL=[2345]"
<jiboumans> *nods* so it introduces a few minutes of lag but it does all run
<jiboumans> looks like about 6'ish from the timestamps
<jiboumans> smoser: thanks for looking into it with me though
<smoser> you can try each of those dependencies in turn
<smoser> i wonder if puppet ens up causing 'rc' to hang
<smoser> s/ens up/ends up/
<smoser> jiboumans, note, that you can 'rm -Rf /var/lib/cloud' and reboot, and it will think its first boot (other than your non-local stuff)
<smoser> so do that, edit the dependencies in that upstart job, and try rebooting
<jiboumans> smoser: i'm happy to know what's going on and the only fix on my side is to delay monitoring by a few mins
<jiboumans> smoser: if it's helpful to trace this down i'm happy to share my userdata of course
<smoser> i'm not sure what would be delaying the output of that job.
<smoser> one thing you could do
<smoser> launch an instance
<smoser> ssh in
<smoser> then run something like
<newb> could someone help me a bit with accessing a samba share over the internet?
<smoser> jiboumans,
<smoser> ujobs=$(cd /etc/init && ls | sed -n 's,.conf$,,p') ; while sleep 2; do for j in ${ujobs}; do status ${j}; done > status-$(date +%s).log 2>&1; date; done
<smoser> that would, very hackily, watch that status of upstart jobs, then diffing them over time you could see what is taking so long
<Derek> do you have to have a gui to do a first sign into a kvm linux?
<zul> kirkland: where is mathias diagram again?
<kirkland> zul: in the spec
<zul> thanks
<toddnine> Hi guys.  I'm trying to create a runit file for a plain java program and not having a lot of luck.  https://gist.github.com/3d9524579fdb41306351  I need to change directories then execute the java program.  This works in a bash script but not runit
<smoser> cjwatson, around ?
<newbish> hey, could someone help me?
<aetaric> !ask | newbish
<ubottu> newbish: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<newbish> I have installed deluge, and ufw seems to be blocking torrents
<newbish> how would I add a rule to ufw allowing deluge to download?
<newbish> I've already tried sudo ufw allow deluge
<newbish> and deluged
<jdstrand> newbish: if this is the client, then do:
<jdstrand> sudo ufw allow 6881:6891/tcp
<newbish> this is the daemon on the server
<newbish> jdstrand:  ^
<jdstrand> I don't know offhand what port it listens on
<newbish> isn't there a way to set ufw just to allow the program deluge to connect to the internet?
<newbish> it's easy to allow ports
<newbish> and I'm sure I can set specific ports
<newbish> for deluge
<jdstrand> newbish: no, it doesn't work like that. you need to either know the port/protocol, the service name as in /etc/services or use an application profile. in the case of deluge (eg sudo ufw allow OpenSSH), there isn't an application profile
<jdstrand> at least that I am aware of
<jdstrand> 'sudo ufw app list' will give you a list of application profiles
<jdstrand> that are on your system
<newbish> jdstrand: I might be able to find the service name
<jdstrand> http://dev.deluge-torrent.org/wiki/Faq#WhichportsshouldIuse has some info
<newbish> How would I access my samba share over the internet?
<RoyK> newbish: it's possible, using the ip address given the needed ports are open, but I wouldn't recommend it - the SMB protocol sucks rather badly over a high-latent link
<qman__> newbish, it's also a Very Bad Idea (TM) from a security standpoint, and many ISPs block it on this basis
<newbish> qman__: RoyK  I was thinking about it, but you're probably right
<qman__> for simple file transfer, SFTP is an easy and secure way
<RoyK> newbish: if not considering security, the SMB protocol is extremely chattery, so each request will make a bunch of hi, ho, yes, no, sure?, well, really?, dunno, well - check, can I?.........
<qman__> if you need the functionality of samba, go for a VPN instead
 * slyboots brain melts into goo trying to figure out the firewall
<RoyK> qman__: the chatting will still be a problem if not on a low-latency link
<qman__> yeah
<slyboots> Using ufw.. does this ruleset make sense for the following case: Allow machines on the local network access port 53; and deny everyone else
<slyboots> 127.0.0.1 53               ALLOW       192.168.1.0/24 53
<slyboots> 53                         DENY        Anywhere
<slyboots> Thats To / Action / From
<qman__> no
<qman__> machines on the local network will not contact 127.0.0.1
<qman__> they will contact your interface's IP
<slyboots> So I have to give the servers IP address
<qman__> e.g. 192.168.1.1
<slyboots> Okay; so if I fix that.. that ruleset works?
<slyboots> Its all NAT'ed off anyway.. but it doesnt hurt
<qman__> get rid of the second rule
<RoyK> slyboots: you'll soon find out if you try
<qman__> and just change to a default drop
<slyboots> RoyK: That seems like a *terrible* way to test
<robbiew> smoser: am I right to assume bug 669496 only affects ec2 images, not the ISOs?
<uvirtbot> Launchpad bug 669496 in linux "natty fails ec2 boot on i386 or t1.micro" [Critical,Confirmed] https://launchpad.net/bugs/669496
<jdstrand> slyboots: you can a) not give anything at all and just use 'from', b) give the server's address for 'to' or c) specify the interface
<newbish> where can I view the system log?
<RoyK> slyboots: only way to test
<smoser> robbiew, correct. only i386 and t1.micro. the isos should boot.
<RoyK> newbish: dmesg or /var/log/*
<slyboots> RoyK: I prefer the "Ask about to see if it make sense before lowering it into the pit of lions"
<RoyK> slyboots: you can't really get to the lions with that sort of stuff
<robbiew> smoser: thnx... skaet_ was freaking me out there for a minute :P
<slyboots> So if I just say allow all from $localnet/53 without stating a to.. that'll work also?
<RoyK> slyboots: remove the DENY rule, that's implicit by default
<qman__> slyboots, the second rule will probably prevent your server from making DNS requests
<jdstrand> slyboots: assuming you have a default deny policy (the default in Ubuntu, and can be seen with 'sudo ufw status verbose'), then only one rule is required
<RoyK> qman__: not really, those rules are in the INPUT table
<slyboots> Well currently I have it set to allow all at the moment
<jdstrand> well, probably not-- all is allowed on loopback and these are incoming rules
<qman__> ah
<slyboots> But thats so it wont kill my SSH :P
<smoser> well, she should freak out, and kick those kernel developer bums in the rear
<smoser> :)
<slyboots> Its a hour's drive away so that would be.. annoying
<RoyK> slyboots: you'll have to add an explicit rule to deny ssh to kill it
<jdstrand> slyboots: sudo ufw allow OpenSSH
<slyboots> I want to keep SSH going lol
<RoyK> jdstrand: allow ssh
<slyboots> Okay.. give me a sec
<jdstrand> slyboots: do that before enabling the firewall and you should be fine
<cjwatson> smoser: on holiday, but SMS me (number in directory) if I'm urgently needed
<RoyK> not OpenSSH
<smoser> cjwatson, not quite that urgent. :)
<smoser> i'll open you a bug for your reading
<jdstrand> RoyK: ssh will work, but there is an application rule for sshd (see ufw app list)
<newbish> I can't figure out what's keeping deluge from downloading
<RoyK> jdstrand: and what does that include that /etc/services doesn't?
<jdstrand> RoyK: also, /etc/services has both udp and tcp listed for ssh, which is less precise than required
<newbish> it's showing a large number of seeders and peers
 * slyboots grrs
<slyboots> The Syntax on ufw is.. so weird -.-
<RoyK> jdstrand: well, indeed, but who listens to 22/udp anyway :P
<jdstrand> RoyK: in the case of OpenSSH, it will do ssh/tcp
<RoyK> slyboots: try manual iptables syntax :)
<newbish> but it's giving me an error in downloading
<slyboots> RoyK: I actaully did a course in linux networking.. but that was years ago and I've pretty much forgot it all
<slyboots> lol
<RoyK> ufw is a frontend to iptables - it simplifies stuff and adds a truckload of rules you wouldn't have thought of
<newbish> RoyK:  I've just looked in the download folder for deluge.  There aren't any files or folders, so I suspect that deluge isn't being allowed to create the file to download to.
<jdstrand> slyboots: see the ufw man page. there is a simple syntax (ufw allow foo) and an extended syntax based on BSD's PF (ufw allow in on eth0 from 192.168.0.1 to any port 22 proto tcp)
<slyboots> Okay; so teh new rule is now.. Anywhere                   ALLOW       192.168.1.0/24 53
<newbish> RoyK: I have it set so that deluge is run as my username
<cjwatson> smoser: ok
<RoyK> newbish: can that user write to the given directory?
<slyboots> That should be OK?
<newbish> RoyK: I think so,  I also chowned it.
<jdstrand> slyboots: no, you are allowing 192.168.1.0/24 from port 53
<jdstrand> slyboots: you want:
<RoyK> newbish: test it
<newbish> sudo chown zachary -R /folder/
<jdstrand> sudo ufw allow from 192.168.1.0/24 to any port 53
<newbish> it's still not downloading
<jdstrand> slyboots: please see the man page. it should help make everything clear
<newbish> oh what do you know
<newbish> RoyK: It started just now
<slyboots> Okay okay; so.. 53  ALLOW       192.168.1.0/24
<slyboots> think I'm getting it now
<jdstrand> slyboots: the basic idea is there is a 'to' clause and a 'from' clause
<slyboots> I've the man page on another screen; its just not making a hell of a lot of sense.. But I think I have it now
<jdstrand> either can be omitted depending on the rule...
<slyboots> The new rule allows any trafic from the local LAN on port 53; to port 53 on the server only
<jdstrand> slyboots: I wouldn't word it that way
<slyboots> As apposed to allowing said trafic to ANY port on the server.. as long as it was over port 53?
<slyboots> *source port was 53
<jdstrand> slyboots: it allows hosts in the local LAN to connect to this host on port 53
<jdstrand> slyboots: well, I am not sure what rule we are talking about any more :)
<jdstrand> (I described '53  ALLOW       192.168.1.0/24')
<slyboots> Yes; Thats the rule I have now
<jdstrand> hosts in the 192.168.1.0/24 network are allowed to connect to port 53 on the machine you added the rule on
<slyboots> :)
<qman__> that's effectively enough provided everything else is working
<qman__> there are some spoofing attacks under certain cirumstances where that would allow more than you want
<qman__> but if your DNS server is not your gateway/router, you don't have to worry about it
<slyboots> Cool
<jdstrand> fyi, the default Ubuntu kernel uses rp_filter for source address verification
<MuSh> hi
<RoyK> 10Gbps network, check, 10Gbps NICs, check, SAS 6gbps controllers, check, but no mapping between physical location of drive and the device name :(
<slyboots> Im tstarting to think just using iptables woudl be simpler
<slyboots> :P
<jdstrand> actually, that is overstated. the kernel doesn't, but a default Ubuntu install sets that in /etc/sysctl.d/10-network-security.conf
<jdstrand> slyboots: if you are going to set it up yourself, you might want to check out all the stuff ufw is doign behind the scenes in /etc/ufw so that you have everything you need
<jdstrand> and by 'it', I mean 'just use iptables'
<MuSh> jdstrand, why ufw is inactive at system startup?
<MuSh> i have used sudo ufw enable and i tryed  sudo sysv-rc-conf ufw on
<MuSh> but it's inactive at system startup...why?
<jdstrand> MuSh: sudo ufw enable is enough to both start it now and enable it on boot. When it doesn't start on boot it is almost always because there is another firewall program or script that runs after it and flushes ufw
<slyboots> haha
<slyboots> sound.. fun :)
<qman__> I'm fairly impressed with UFW
<qman__> it provides 90% of the functionality in an easy to use way
<jdstrand> qman__: glad to hear. I would like to add qos and FORWARD support, but haven't been able to get to it yet
<qman__> good to know
<jdstrand> it would also be fun to have network-manager integration and firewall profiles so that when say you are at home the firewall is more open and when you are on the road very closed
<jdstrand> (obviously configurable)
<qman__> yeah, definitely a good idea
<MuSh> jdstrand, for example? i haven't idea
<jdstrand> MuSh: well, you could start with 'dpkg -l|grep -i fire' and see if anything jumps out at you
<qman__> yeah, and if you've done any other firewall-related configuration on it, look there
<qman__> such as iptables-save
<jdstrand> MuSh: beyond that, a 'grep -r iptables /etc' might give details
<jdstrand> s/details/hints/
<jdstrand> MuSh: is this perchance on a virtualized hosted server?
<MuSh> with "dpkg -l|grep -i fire" the output is  "ii  ufw 0.30.0-1ubuntu2 "
<MuSh> jdstrand, no
<lithpr> hello.  When installing 10.10 server, i am prompted as to whether i want to install a LAMP stack bundle.  In the server guide, i see info on installing each of these seperately.  Where can i learn more about the bundle it is offering to install?
<qman__> lithpr, it installs just the basic LAMP, apache httpd, php5 as an apache module, and mysql
<MuSh> jdstrand, http://pastebin.ubuntu.com/538423/
<lithpr> okay, thanks.  i'll give it a try.
<qman__> effectively the same as installing apache2, libapache2-mod-php5, and mysql-server
<lithpr> excellent, thanks guys!
<jdstrand> MuSh: based on your version of ufw, it looks like you are running ubuntu 10.10
<jdstrand> MuSh: ufw in 10.10 uses upstart, and so the sysv-rc-conf command is not needed
<jdstrand> MuSh: what are the contents of /etc/init/ufw.conf?
<MuSh> jdstrand, http://pastebin.ubuntu.com/538428/
<jdstrand> that looks fine
<jdstrand> MuSh: can you give the output of:
<jdstrand> sudo /lib/ufw/ufw-init stop
<jdstrand> sudo /lib/ufw/ufw-init start
<MuSh> http://pastebin.ubuntu.com/538431/
<jdstrand> MuSh: can you paste your /etc/ufw/before.rules file? if you don't want it public, feel free to privmsg me
<jdstrand> but based on that, it looks like something in there has a bad netmask
<uvirtbot> New bug: #682593 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/682593
<ScottK> SpamapS: Would you be able to prepare an SRU for Hardy for Bug 551655?  I'd be glad to upload it.
<uvirtbot> Launchpad bug 551655 in spamassassin "open-whois.org is cybersquatted and its rules should be removed from Spamassassin" [Undecided,Fix released] https://launchpad.net/bugs/551655
<RoyK> LEGO ftw! http://www.youtube.com/watch?v=6LHdGIBSq9s
<SpamapS> ScottK: re spamassassin bug, I'd be happy to. Who can accept it for Hardy?
<ScottK> SpamapS: It'll be ~ubuntu-sru, but I can upload it to the queue.
<SpamapS> ScottK: as of right now I can't assign it to myself.
<SpamapS> I mean I can assign the main task, but it has not been accepted for hardy yet.
<ScottK> I can do that.
<ScottK> SpamapS: All approved and pointed at you now.
<SpamapS> ScottK: sweet.. building a hardy chroot now, but probably won't have it done till tomorrow or Thursday.
<ScottK> OK.
<SpamapS> If my wife would let me work on ubuntu all 18 hours a day that I'd need to to keep up with the SRU load.. things would be different. ;)
<ScottK> Right. I'm married too, so I won't question that prioritization.
<GCS> Hi all!
<Callum__> okay, my print server can print anything, but jobs that have Japanese characters in them
<Callum__> seriously, anything thats completely in English is fine, and even Arabic and Chinese work fine
<Callum__> but Japanese, makes my printers freeze up and the job doesn't get done
<Callum__> I'm thinking its font related, any ideas? I have the ttf-msttcorefonts packages installed on the computers that I am printing from
#ubuntu-server 2010-12-01
<arrrghhh> anyone ever used ddrescue?  i never have before, and it's been running for a few days now... the 'image' file is still 0b.
<arrrghhh> it appears to be doing something however... it just doesn't seem like anything fruitful.
<SpamapS> arrrghhh: whats it supposed to do?
<Slyboots> Not sure what I've misconfigured hrere but..
<arrrghhh> SpamapS, rebuild a complete disk image i would assume?
<Slyboots> Setup dnsmasq and dhcp3 server on my network.. working fine
<Slyboots> But if I ping a local machine.. it seems to be routing it via the *external* interface
<Slyboots> so if I poing the fileserver.. its pining my external ip instead of the internal
<SpamapS> arrrghhh: rebuild from what?
<The_Tick> I have a 10.4 box I did an upgrade on, and now I have a few packages which seem to be in limbo
<SpamapS> Slyboots: ping it from where?
<Slyboots> ... wait somethings really fucked up here
<The_Tick> I've tried clearing the cache, dpkg removing and then apt-get -f installing
<Slyboots> if I ping *anywhere* like   DHCP Server . . . . . . . . . . . : 192.168.1.199
<Slyboots>   DNS Servers . . . . . . . . . . . : 192.168.1.199
<Slyboots> woops
<SpamapS> The_Tick: define "in limbo" ?
<Slyboots>                                       67.215.65.132
<Slyboots> C:\Users\Shinything>ping orange
<Slyboots> Pinging orange.slyboots.lan [67.215.65.132] with 32 bytes of data:
<Slyboots> Reply from 67.215.65.132: bytes=32 time=39ms TTL=53
<Slyboots> I dont have a machine called orange
<SpamapS> Slyboots: please do NOT paste
<SpamapS> Slyboots: http://paste.ubuntu.com
<Slyboots> Sorry; my bad
<arrrghhh> SpamapS, dead hard drive?   isn't that what ddresuce is for?!?
<The_Tick> SpamapS: sec I'll get you a paste :)
<SpamapS> arrrghhh: ok so its rebuilding from a hard drive that has lots of errors?
<arrrghhh> SpamapS, can't mount the disk.
<Slyboots> Pining real hosts like google.com work; but anything thats not a fully formed domain pings that IP address
<SpamapS> Slyboots: right, so dnsmasq is mapping everything to your external IP
<arrrghhh> it's pretty hosed.  ddrescue seemed to be a last resort attempt.  i can't exactly go down to the platters...
<Slyboots> Im not even sure who 67.215.65.132 is..
<Slyboots> Thats *not* my ip address
<The_Tick> SpamapS: http://paste.ubuntu.com/538513/
<SpamapS> arrrghhh: right, so ddrescue is going to go through and repeat reads over and over, taking the most commonly returned bytes. But if the disk isn't working, it might not even be able to get anything.
<arrrghhh> SpamapS, that seems to be the case, but how can i tell?  it  looks like it's doing something productive, but the output file is 0b.
<The_Tick> does fdisk -l even work?
<arrrghhh> no
<Slyboots> Anyone idea what the heck I've done o.O
<The_Tick> arrrghhh: any way you can get it fsck'd?
<The_Tick> or is that out of style since 2002?
<arrrghhh> lol
<arrrghhh> i have no clue if i can fsck it
<The_Tick> SpamapS: it's been a while since I used an apt based system, but I'm pretty sure I'm just doing something wrong here
<The_Tick> arrrghhh: is it a box next to you, or remote?
<arrrghhh> The_Tick, it's in the other room :P  my box, a buddy's hdd.  obviously not the boot disk here.
<SpamapS> Slyboots: are you sure dnsmasq is answering queries for slyboots.lan authoritatively?
<The_Tick> oh that's good
<Slyboots> Okay' its only machines that arnt fully formed domains..
<The_Tick> arrrghhh: so back in 02 we'd just reboot in the dc and fsck the disks
<The_Tick> to see if there were file system errors
<Slyboots> ping google routes to that IP address
<Slyboots> ping google. doesnt
<arrrghhh> well i'm pretty sure it was an ntfs drive
<Slyboots> and .com pings.. well google
<The_Tick> do you care about the data on it?
<arrrghhh> The_Tick, yes... trying to recover data is the only goal at this point.
<SpamapS> Slyboots: that means your DNS search path isn't working right tho
<arrrghhh> recovering the hard disk itself would be nice, but i think that ship has sailed.
<Slyboots> would that be dnsmasq or dhcpd?
<The_Tick> arrrghhh: spindle based disk right?
<arrrghhh> Slyboots, sounds like that winpoop client you're using :P
<arrrghhh> The_Tick, yes... what other kind is there, ssd?
<The_Tick> yea
<arrrghhh> ah
<arrrghhh> yea... definitely spindle based :P
<The_Tick> does it click? :P
<arrrghhh> well that's the odd thing... kind of is my best answer.
<The_Tick> ok
<The_Tick> turn it off
<The_Tick> put it in a ziplock
<arrrghhh> been there.
<The_Tick> put it in the freezer for 30 minutes
<The_Tick> bah
<arrrghhh> :P
<arrrghhh> this isn't my first rodeo.
<euphoria1> how to go to usb key in ubuntu-server
<The_Tick> ya, figured
<arrrghhh> it doesn't click like normal tho.
<arrrghhh> by normal i mean almost constant.
<The_Tick> euphoria1: check if it's mounted with df -h -T
<SpamapS> honestly, haven't you guys learned to use "the cloud" yet for your data? ;)
<The_Tick> if it is, just cd to the thing under "Mounted on" on the right
<arrrghhh> it clicks once when it spools down.  like it'll spin up, i'll try to access it... CLICK, then the disk spins down, waits a sec and spins back up.
<euphoria1> nope
<euphoria1> isnt mountet
<The_Tick> euphoria1: then you need to figure out how to mount it :)
<euphoria1> how to mount
<arrrghhh> SpamapS, not mah data :P
<The_Tick> euphoria1: I don't know
<arrrghhh> i told this dude to backup his pics... didn't listen to me.
 * Slyboots hrms
<The_Tick> arrrghhh: this is going to sound odd
<SpamapS> If my laptop dies today, I'll slap a new HDD in it, install maverick again, and U1+IMAP+Launchpad+Google will have all my data
<arrrghhh> k
<The_Tick> arrrghhh: go to #windows05 on dalnet
<euphoria1> how to mount usb key
<The_Tick> ask in there
<The_Tick> they sometimes have good ideas
<arrrghhh> lol really?
<The_Tick> ya
<The_Tick> they don't just use windows
<arrrghhh> man.  i've thrown all my guns at it.  even hiren's boot cd.
<The_Tick> but just talk about how the disk is screwed
<The_Tick> not about how it's on linux
<arrrghhh> never had to use something like ddrescue.
<arrrghhh> hrm ok.
<The_Tick> have a mac?
<Slyboots> So. rather confused what the solution might be
<The_Tick> I had one disk that just wouldn't go
<arrrghhh> i don't really care how i fix it, i just want to fix it.  no, too cheap/not trendy enough to own a mac :P
<The_Tick> disk rescue 2 got it
<arrrghhh> disk rescue 2?
<The_Tick> some app
<euphoria1> how to mount usb key
<arrrghhh> oh.  mac stuff.
<The_Tick> euphoria1: put that into google, see if it brings up anything
<arrrghhh> lol
<The_Tick> SpamapS: any ideas on the problem in my paste?
<qman__> euphoria1, mkdir /media/usb; sudo mound /dev/sdb1 /media/usb
<qman__> replace sdb1 with whatever your USB key is
<qman__> mount*
<arrrghhh> and mound with mount :P
<arrrghhh> sorry
<The_Tick> qman__: he can just use fdisk -l to see it right?
<qman__> yes, or dmesg
<qman__> when you plug it in it usually pops on screen
<The_Tick> ok, so not any different, thought it was
<arrrghhh> there's 10 ways, ls -lah /dev/disk/by-uuid
<arrrghhh> qman__, -server? :P
<The_Tick> arrrghhh: heh
<The_Tick> arrrghhh: any ideas on http://paste.ubuntu.com/538513/
<The_Tick> or qman__ ? :)
<qman__> arrrghhh, by pops on, I meant the messages, new device sdb on USB blah blah blah
<arrrghhh> taking too long to load, losing interest
<arrrghhh> qman__, haha fair enough;.
<arrrghhh> man failed to load at all
<Slyboots> Anyone any idea?
<Slyboots> Beyond "Dns search path" not working
<The_Tick> arrrghhh: the paste did?
<arrrghhh> Slyboots, didn't you read what i said?
<arrrghhh> The_Tick, yes...
<The_Tick> well let me solve that :)
<arrrghhh> porn&irc work, so it's your link :P
<Slyboots> arrrghhh: What? other than "your client sucks"
<arrrghhh> Slyboots, lol no you need to fix your client.
<Slyboots> Its Windows 7 o.O
<arrrghhh> but yes, your client sucks.
<arrrghhh> ...#ubuntu-server?
<Slyboots> ... Yea thats really helpful
<The_Tick> http://pastie.org/1337129
<qman__> The_Tick, I can't get to your link, not sure if it's down or what
<Slyboots> Yes.. Im running the DNS/DHCP on ubuntu-server
<qman__> that one works
<Slyboots> Windows 7 is my client
<The_Tick> new paste website, I choose you
<The_Tick> ooh, they even have fancy bash color coding
<SpamapS> The_Tick: looking now
<The_Tick> thanks guys
 * Slyboots rubs his eyes
<Slyboots> this is stressful
<The_Tick> Slyboots: dns problems?
<qman__> The_Tick, well, something is wrong with procps, but what that is isn't clear
<The_Tick> qman__: agreed
<qman__> try clearing out your apport reports so it makes one
<arrrghhh> The_Tick, looks like you've got two issues.  the upstart issue with procps, and the dependency issue with initramfs-tools
<The_Tick> that's where I'm lost
<SpamapS> The_Tick: I think you might need to do a force on the procps configure
<arrrghhh> "package udev is not configured yet"
<arrrghhh> ^^ initramfs-tools problem
<uvirtbot> arrrghhh: Error: "^" is not a valid command.
<arrrghhh> sorry bot... :S
<arrrghhh> didn't mean to give you heartburn.
<qman__> yeah, ^ was a very poor choice of command character
<Slyboots> The_Tick: Moved my DHCP server onto my ubuntu box
<The_Tick> Slyboots: is the old one still up?
<Slyboots> But now if I ping anything thats not a fully formed domain name; it pings $host.slyboots.co.ul
<Slyboots> But some random IP
<Slyboots> No
<The_Tick> go get that one back up
<SpamapS> tho, I'm a little confused as to what jobs procps starts
<The_Tick> then change the scope on the new one to another internal network
<The_Tick> and only allow for 2 clients so you can troubleshoot
<The_Tick> that way you're less stressed
<Slyboots> Well I know it works fine if I take the other DHCP server up
<SpamapS> ahh a task
<Slyboots> Its not a *huge* deal; normal DNS resolution to say "google.com" is fine
<SpamapS> The_Tick: check /var/log/daemon.log
<Slyboots> Its oonly non-valid domains like "testbox" or whatever; resolve to that random IP address
<The_Tick> grep for "error" or anything else?
<The_Tick> Slyboots: try going to testbox.
<The_Tick> add the period
<arrrghhh> it seems like your issue is client side Slyboots.  the dns append thing on your network connections
<Slyboots> Yea; adding the peroid stops it pining "No such host"
<Slyboots> Which is.. correct behavior
<The_Tick> Slyboots: it has to do with dns
<The_Tick> not really the dhcp
<The_Tick> SpamapS: nothing really there
<The_Tick> qman__: so how do I clear that?
<The_Tick> I'm googling but if you know off hand
<Slyboots> This was working fine for weeks before I moved the DHCP server
<arrrghhh> Slyboots, this happens on all your client pcs?
<The_Tick> arrrghhh: ya, I see that, but I'm not sure why it's not going through whenever I play the cleanup the package game
<arrrghhh> The_Tick, did you try forcing it?
<qman__> The_Tick, I don't know, I was searching too
<SpamapS> The_Tick: ok, well its probably failing trying to run the commands in /etc/init/procps.conf
<Slyboots> Same behavoir
<arrrghhh> Slyboots, so you don't have anything in the append dns suffix section?
<Slyboots> in dnsmasq?
<The_Tick> arrrghhh: trying to figure out the syntax
<arrrghhh> no on your client pcs
<The_Tick> SpamapS: now to cat that file, bwa ha
<arrrghhh> The_Tick, i would think just a dpkg-configure udev
<The_Tick> oh crap
<The_Tick> it's sysctl
<The_Tick> arrrghhh: which fails :)
<Slyboots> Mmm
<Slyboots> "DNS Suffix Search List: slyboots.lan"
<arrrghhh> The_Tick, oic.  odd.
<arrrghhh> Slyboots, ....
<The_Tick> ooh
<Slyboots> Is that wrong o.O?
<arrrghhh> LOL
<Slyboots> I thought that was just like a local network name
<arrrghhh> dude.
<arrrghhh> that appends that suffix on anything that it considers local.
<qman__> nothing wrong with it, but that's where it's looking
<The_Tick> http://pastie.org/1337144
<arrrghhh> Slyboots, told you it was your client :P
<Slyboots> Actually no
<Slyboots> It was the server
<The_Tick> oh man, this looks like stupid firewall crap
<Slyboots> dhpd3 has an optional "domain name"
<arrrghhh> oh you had the server specify that value in the dhcp option?
<arrrghhh> yea.
<Slyboots> Just commented it out and.. well now its working
<arrrghhh> lol
<arrrghhh> that's only if you're in a domain.
<qman__> Slyboots, that is a correct configuration for a local zone, but you have to actually have the zone configured
<qman__> that's how I have mine set up
<qman__> but I have a DNS zone with my local addresses and names
<Slyboots> Ah; well since Im not 100% what it does.. and disabling fixes it
<Slyboots> I'll just leave it disabled :)
<arrrghhh> hahaha
<arrrghhh> yea i try not to enable something unless i know what it does.
<arrrghhh> i hate configuring things on our cisco call manager servers lol
<Slyboots> Ah its all good pratice :)
<Slyboots> Its a leanring experiance
<Slyboots> "Hmm.. turning this on causes me to catch fire.. think I'll leave it off"
<arrrghhh> well gotta learn how to troubleshoot dude :P
<arrrghhh> if you put your feet aflame, gotta know how to put 'em out ;)
<Slyboots> :D
<SpamapS> oh wonderful.. looks like a bunch of canonical's properties are suffering right now.. :p
<arrrghhh> haha
<arrrghhh> "properties"?
<SpamapS> arrrghhh: launchpad, ubuntu one.. things Canonical owns.
<arrrghhh> oh, ok.
<arrrghhh> meh.  shuttleworth can just pump more monies into the engine.
<The_Tick> oh crap
<The_Tick> that was it
<arrrghhh> poop?
<SpamapS> The_Tick: that might be a legitimate bug
<The_Tick> SpamapS: could be
<SpamapS> The_Tick: or did you just put bad stuff in sysctl.d ? ;)
<The_Tick> I didn't, but I'm sure there might be other junk that was
<The_Tick> anyhow, commented out things that it errored about
<SpamapS> The_Tick: either way, thats why we need console logged back. ;)
 * SpamapS is working on it
<Slyboots> woo' thats local DNS and DHCP working
<Slyboots> Fun times!
<The_Tick> SpamapS: if the package didn't mess with it, I can get you the files that I had to comment things out on
<The_Tick> if that'll help
<The_Tick> in fact, I can just paste it all
<Slyboots> Right'; next fun thing to get going is.. network boot
<arrrghhh> Slyboots, pxe booting to image machines or for lstp?
<arrrghhh> or ltsp, whatever it is lol
<Slyboots> image machines
<arrrghhh> nice.  do you use clonezilla?
<Slyboots> I use XBMC and I'm playing with the idea of pushing the OS over NFS :)
<Slyboots> I'vfe not even tested it yet; just playing with the idea
<arrrghhh> hrm
<The_Tick> I don't think I'd go that far with a video setup
<arrrghhh> yea i figured out how to pxe boot and drop linux images real easy.
<The_Tick> you want it to work and forget about it
 * Slyboots nods
<Slyboots> It doenst look terribly complicated
<The_Tick> just get it to connect to the nets
<arrrghhh> i'd like to figure out how to just throw iso's at a pxe server and image machines at will.
<arrrghhh> haven't figured that out yet.
<The_Tick> arrrghhh: vmware esxi :P
<arrrghhh> lol
<The_Tick> or rather, the citrix vm software
<The_Tick> you can build templates
<The_Tick> and it reads iso's
<arrrghhh> yea i guess our network crap was all prebuild images...
<arrrghhh> since all the hardware is pretty similar they just baked in the drivers.  bah.
<arrrghhh> what i really want probably isn't possible.  just me dreamin :P
<The_Tick> sure it is
<qman__> I recently had to get a pxe DOS image working to install windows XP on a laptop
<arrrghhh> being able to drop linux images via the network is very nice.
<qman__> which had a dead DVD drive and could not boot from USB
<The_Tick> qman__: I might have to find the old debian netboot install to get linux onto a libretto 50ct
<arrrghhh> qman__, sounds like fun :P
<qman__> linux images should be a lot easier
<arrrghhh> qman__, they are pretty easy.
<arrrghhh> i was able to set it up pretty easily, i was surprised.
<arrrghhh> the most difficult part was probably setting up dhcp on the server instead of my router.
<arrrghhh> and that wasn't too difficult :P
<qman__> one of those "eventually" things
<qman__> I'd like to get a basic PXE image going on my main DHCP server
<qman__> as someone who works on computers, it'd be nice to not have to burn and swap CDs to test hardware and install operating systems
<arrrghhh> qman__, well when you do, https://help.ubuntu.com/community/PXEInstallServer <--- all i needed.
<arrrghhh> yep, that's why i did it.
<arrrghhh> much easier to image machines thru pxe.  just wish i could drop windoze images as easily haha
<qman__> yeah, not so simple there
<arrrghhh> assuming their machine is licensed for the version of windows i'm installing, and i use their key i assume that's legit... but not really a topic for this room.
<arrrghhh> i guess the pxe linux server that drops windows images is.
<qman__> I speculate one could get a windows XP ready-to-install image, but then you still have to convert to ntfs and wait on the install
<arrrghhh> I'm sure with BartPE it'd be doable.
<arrrghhh> if not... dare i say easy?
<qman__> the only other way is to install XP and set it up for imaging
<arrrghhh> i should look into it.
<qman__> which is possible but you still run into problems sometimes
<arrrghhh> yea, driver-related mosly.
<qman__> for vista and newer I have no idea
<arrrghhh> mostly.
<arrrghhh> for 7... that probably isn't such an issue.
<qman__> trouble is though, you'd need a different image for each type of license key
<qman__> different editions, OEM or retail, and even different OEM images
<arrrghhh> damn windows.  yea, i guess pxe should stick to linux.
<arrrghhh> :P
<qman__> certain HP and Dell licenses won't work with generic OEM discs
<arrrghhh> until recently microsoft didn't even have their own imaging system.
<qman__> you need an HP/Dell specific version
<qman__> fortunately they mostly did away with that mess with vista
<qman__> a lot less discs
<arrrghhh> ha
<qman__> but it's still a mess of licenses, one of the best benefits of linux
<arrrghhh> indeed
<qman__> it's a bit off topic, but did you know windows 7 home premium can't backup to a network share?
<arrrghhh> lol
<arrrghhh> no, and fail.
<arrrghhh> even third party software?
<qman__> a misfeature, disabled intentionally to make you pay more
<qman__> no, the built in tools
<arrrghhh> oic
<patdk-lap> heh, I didn't think home editions could do any networking stuff
<arrrghhh> indeed.
<arrrghhh> lol they can't even network.
<arrrghhh> no internets, must buy ultimate edition for that...
<qman__> it's the same tool as the professional version
<qman__> just disabled
<patdk-lap> I finally hit the ipv6 issues in windows, that we have had in some linux things for awhile now
<qman__> gotta have a USB disk or use DVDs
<patdk-lap> as programs start to use ipv6 in windows
<patdk-lap> what makes me really upset, is you have to have ultimate edition, if you want to use a language other than english :(
<arrrghhh> patdk-lap, really?  what about that stupid starter edition, that they don't even sell in the US?
<patdk-lap> well, I'm english native
<Slyboots> I've seen a few netbooks with STarter edition on it
<patdk-lap> but I do like to type in other languages, so ultimate is required :(
<patdk-lap> I guess I could just dualboot two copies of windows to work around it, but not fun
<arrrghhh> Slyboots, really?  i didn't think they sold it in the states.  or was there an even more basic edition?
<qman__> yeah, it has other language support, but it's crippled
<ScottK> Would you all mind taking the bitching about Windows elsewhere.  It's off topic here.
<shauno> I'll have to be a pedant, and point out you don't need windows ultimate to use multiple languages.   every OS I have does so just fine :)
<arrrghhh> indeed.  didn't realize you had a question... didn't think we were bothering anyone that did have a question.
 * patdk-lap hands out spankings to the channel
<arrrghhh> lol
<arrrghhh> ScottK, what's your question?
<ScottK> arrrghhh: Whether I have a question or not doesn't make bitching about Windows on topic.
<arrrghhh> oh no it's definitely OT.
<ScottK> So please take it elsewhere.
<arrrghhh> i just don't see it bothering anyone unless we are preventing people from getting support.
<ScottK> I tend to read this channel in case people have questions.
<euphoria1> im connecting
<euphoria1> to my wifi through ubuntu-server
<euphoria1> but i get no internet
<ScottK> So the continuing chatter causes me to keep checking.
<ScottK> It's annoying.
<arrrghhh> awwww
<arrrghhh> sorry to annoy you.
<arrrghhh> euphoria1, have you tried iwlist?
<yann2> qman__, http://www.fsf.org/bulletin/2007/fall/antifeatures/ :)
<Slyboots> arrrghhh: aye; seen at on a few acer netbooks at the airport
<arrrghhh> or what is it.... iwscan or something?
<Slyboots> I didnt think it was used at all but.. go figure
<euphoria1> yes
<arrrghhh> euphoria1, can you see networks?
 * patdk-lap wonders what exactly conecting to my wifi through ubuntu-server means
<euphoria1> yes
<euphoria1> i installed all drivers
<euphoria1> etc
<patdk-lap> laptop -> ubuntu-server -> wifi?
<euphoria1> im connecting to the wifi server
<euphoria1> but still no internet connection on the server
<arrrghhh> i'm assuming he has a router that is wifi, and a usb dongle or something on the server to connect to the router.
<euphoria1> no
<arrrghhh> euphoria1, am i correct in that assumption or are you trying to make the ubuntu server a wifi router?
<euphoria1> im using usb card
<euphoria1> no
<euphoria1> i share internet with guy next door
<arrrghhh> ...
<euphoria1> so thats why i use wifi for server
<arrrghhh> "share"
<arrrghhh> so why'd you say no to my first question?
<arrrghhh> you weren't saying no to me perhaps.
<arrrghhh> anyhoo
<patdk-lap> does he have an AP? or just another wifi dongle thing?
<arrrghhh> euphoria1, let's start at square one.  what does "sudo iwlist scan" give?
<euphoria1> my essid
<arrrghhh> ok
<arrrghhh> did you configure it in /etc/network/interfaces?
<patdk-lap> arrrghh, this is what he wants, internet -> ubuntu-server+usb wifi -> internet for neighbor
<euphoria1> yes
<euphoria1> arrrghhh im connecting to my essid all
<euphoria1> but still no internet connection
<arrrghhh> is it wpa?
<arrrghhh> patdk-lap, i don't think so...
<euphoria1> wpa psk
<arrrghhh> euphoria1, do you have wpa supplicant installed?
<euphoria1> yes
<euphoria1> all of them
<arrrghhh> all of them?
<euphoria1> tools
<euphoria1> wpa suplicant
<euphoria1> wlan tools
<arrrghhh> wpasupplicant
<arrrghhh> you used wpa_passphrase to convert the key to hex, put it in the interfaces file?
<arrrghhh> can you pastebin your /etc/network/interfaces?
<euphoria1> its on my server
<euphoria1> cant copy paste
<arrrghhh> ...
<arrrghhh> you don't have ssh?
<arrrghhh> how do you access the server?
<patdk-lap> pastebinit :)
<arrrghhh> i was going to suggest ix.io :P
<euphoria1> im on my server
<euphoria1> right now
<euphoria1> here im just with laptop
<arrrghhh> you have no LAN?
<arrrghhh> oh right, stealing internet from your neighbor...
<arrrghhh> :P
<euphoria1> :P
<arrrghhh> well start typin.  just put in the wireless interface stuff, you can skip the hex psk
<arrrghhh> i think there's a manual way to connect with iwconfig.
<arrrghhh> euphoria1, have you tried that?  connecting manually with iwconfig?  there definitely is.  i've just never had the need to put wifi on my server.
<arrrghhh> definitely a way that is.  man iwconfig for the madness.
<Callum__> hey look., there's people in here that talk
<Callum__> good, cause I have my own issue ^_~
<Callum__> okay, so my print server can print anything, but jobs that have Japanese characters in them.. seriously, anything thats completely in English is fine, and even Arabic and Chinese work fine
<Callum__> but Japanese, makes my printers freeze up and the job doesn't get done
<Callum__> I'm thinking its font related, any ideas? I have the ttf-msttcorefonts packages installed on the computers that I am printing from, and installed it on the server but to no avail
<arrrghhh> sorry dude... i don't print in japanese i guess :P
<arrrghhh> http://tlug.jp/craigoda/writings/linux-nihongo/node68.html
<arrrghhh> maybe that'll help if you haven't seen it.  i would hope you have already tho...
<faranda> hi there...
<faranda> I have running a hardy (ubuntu 8.04) with kernel 2.6.36
<faranda> I have problem with apparmor
<faranda> I build a deb package from source apparmor-2.1+1075
<faranda> the problem is in the init script
<faranda> root@hardy:~# /etc/init.d/apparmor start
<faranda> Loading AppArmor profiles - failed, Do you have the correct privileges?: Failed.
<faranda> anybody help me with apparmor in ubuntu 8.04, kernel 2.6.36 ?
<faranda> when I run init script, show me the message :    Loading AppArmor profiles - failed, Do you have the correct privileges?: Failed.
<faranda> when I run apparmor_status, show me the message :    apparmor module is loaded.  You do not have enough privilege to read the profile set.
<fluvvell> Hi guys, I've just got a nice new quad core IBM x3100 M3, I'm going to install server 10.04 on it, but I'm not sure whether to use the onboard raid, or whether to use software raid and go throught the setup hurdles
<qman__> faranda, sorry, but I don't know much about it, and since you're not using supported packages, most people here won't be able to help
<qman__> best place to start looking is at where it's looking for the profiles, and the permissions/existence of them
<faranda> qman__: ok, I check that. Thanks
<uvirtbot> New bug: #430681 in ec2-init (main) "package ec2-init (not installed) failed to install/upgrade: subprocess installed post-installation script killed by signal (Interrupt)" [Undecided,Expired] https://launchpad.net/bugs/430681
<banker247> what is the best way for a small organization to host vtigercrm on its own servers and allow outside access?
<faranda> qman__: the problem is compatibility with apparmor 2.1 and kernel 2.6.36
<faranda> I change the kernel to 2.6.35-23.41
<faranda> everything ok
<april__> what happens if i delete '.bashrc' and '.bash_logout' from a users /home directory-
<UndiFineD> bash shell would revert to the default set in /etc
<databits> what is the irc command to open up a new server window ?
<banker247> can you access your local host without it being on a router?
<qman__> databits, depends on your client
<qman__> banker247, 127.0.0.1 will be accessible as soon as the network stack is loaded
<banker247> qman__, i'm having problems connecting to it remotely..
<banker247> i used no-ip to set everything up.. so its not just my ip i can connect locally but outside my LAN its not letting me in
<qman__> banker247, well, do you have internet access?
<banker247> yes
<qman__> if you do, and you're sharing that internet access, you're behind a router
<qman__> you must configure port forwarding or DMZ in that router
<banker247> the computer i'm trying to login to my localhost is not here its at another place
<qman__> "localhost" means 127.0.0.1
<banker247> right
<banker247> can i open something in private chat for u?
<qman__> I don't mind
<databits> what is the command to check and see what service's I have running on my server ?
<joschi> databits: `ps aux` for example
<joschi> databits: or `pstree`
<joschi> databits: or `service --status-all`
<joschi> databits: all depending on what you exactly mean by "service"
<databits> well I have a irc server running on my linux box, and I'm not able to connect to the server so I want to check and see if it is running
<databits> I have the worst memory, I'm having a hard time remember what type of irc daemon I even have running on here lol
<databits> I had a little network issue, where all my downstream bandwidth was being ate up.  So I shut down my server, to check and see if it was something running off my linux box
<databits> now everything seems to be running but my irc d
<databits> ah it is unreal I beleive
<databits> what is the command to search the drive for a directory ?
<databits> Unable to connect to server (Connection refused)
<databits> looks like the server is blocking the request
<jay3> hmmm I always wanted to know how to set an irc server up there databits
<databits> unreal is an excellent ircd.  Woudl you like me to send the Daemon over to you ?
<databits> jsy3 ?
<jay3> sure
<jay3> please and thank you
<databits> here you are sir
<jay3> hang on
<jay3> gotta setup something to accept the request
<databits> ok
<databits> I'm pretty new to the whole linux game, and I was able to get it setup and running in a night
<databits> so if you half was know what you are doing, should be no problem for you :)
<jay3> yeah I run a new irc client so takes few to get the hang of things
<databits> I love this daemon because it is has so many different configurations and settings
<jay3> ok adding you to my dcc here
<databits> I run windows 7 for all my client machines, and have a linux server for all my daemons
<jay3> yeah I run here
<jay3> windows 7 as well
<databits> awesome
<jay3> ok try again
<jay3> please and thank you
<jay3> acidmax is the client which I have to turn off two options
<databits> whats your email I will just shoot you an email real quick... does not seem to want to work right now
<jay3> yeah
<jay3> there ya go just sent you a private message
<jay3> for my email
<jay3> its mtbardal4545@hotmail.com
<joschi> jay3: do yourself a favor and don't install unreal ircd from an untrusted source
<databits> joschi: it is solid... running same package myself for quite a while now
<databits> no issues
<joschi> jay3: there are several ircds in ubuntu's package repository which you could use. they are tested and signed, in contrast to the file from databits
<databits> there you go jay3
<databits> joschi: I did a lil research, and found that unreal was one of the best ircd's out their. Unreal is not in the repositories.  Otherwise I would have installed it from their, trust me.  kind of a headache for a noob.  I got it working though... Yay!
<databits> I checked out some of the other IRCd's in the repositories, and none of them had the features or config's like unreal does.
<banker247> http://www.000webhost.com/ will this be able to run apache2 and vtigercrm?
<ajushi_> hi everyone. I've installed UEC and got it up and running but when I create a volume and attach it to an instance it appears and disappears. and in my instance I can't seem to see it using sudo fdisk -l
<uvirtbot> New bug: #683548 in clamav (main) "[regression] Bytecode/JIT errors when scanning some PDFs" [Undecided,New] https://launchpad.net/bugs/683548
<soko> On 10.04 with Apache 2.2.14 (which has SNI) I have 2 SSL sites configured yet I still get "[warn] _default_ VirtualHost overlap on port 443, the first has precedence". I thought that with SNI one can have many SSL sites on the same IP/port. Is there anything extra I need to configure?
<databits> what is the command to search for a file or folder ?
<uvirtbot> New bug: #683601 in puppet (main) "Class-level dependencies not honored" [Undecided,New] https://launchpad.net/bugs/683601
<alcy> After installing heartbeat, there is a /etc/heartbeat directory as well as /etc/ha.d directory with same contents. the init script refers to ha.d. so...any particular significance of the heartbeat directory ?
<zacharynewb> Hi.
<zacharynewb> Everyone! :D
<zacharynewb> HI
<zacharynewb> Hello, how are you?
<Psi-Jack> Heh fun.. Found a bug in the dovecot init.d script.
<Psi-Jack> In fact, it's not a problem with dovecot's script itself at all, but ubuntu's lsb-init functions.
<databits> there is a configuration option for postfix "sendmail_path =" I'm unsure as to what goes here.  Can someone help me out plz
<lucascastro>  /J #ubuntu-quality
<lamont> databits: the default is /usr/sbin/sendmail
<lamont> and there should be no need to change it
<databits> well it is empty
<databits> just says = blank
<databits> lol
<patdk-wk> did you use postconf to find that out?
<lamont> where?
<patdk-wk> sendmail_path = /usr/sbin/sendmail
<databits> I'm using nano editor to edit the config file
<patdk-wk> use postconf
<patdk-wk> postconf shows you what postfix sees
<lamont> there is sometimes this thought that one should have config file with every option on the planet specified.  this nearly always leads to tears.
<databits> how do I go about using postconf ?
<lamont> sendmail_path is not in the delivered main.cf, which is minimalist in nature
<patdk-wk> type postconf :)
<databits> all that did is list all the config stuff their are alot of blank options
<databits> does not allow me to edit any of them
<patdk-wk> it shows you ALL settings for postfix
<patdk-wk> and what they are currently set to
<patdk-wk> what does the sendmail setting say?
<databits> I can't go back up that high
<patdk-wk> postconf | grep sendmail
<lamont> man postconf
<databits> I'm not worried about seeing what they are allready set to ... I need to set the settings so it will work
<patdk-wk> if your changing that settings, something is probably wrong, or your doing something extreemly odd
<patdk-wk> cause your going give yourself headaches down the road
<databits> Ive never setup postfix before
<lamont> there are about 40 lines in the stock postfix/main.cf.  sendmail_path is not one of them
<databits> their was not a main.cf file in the directory so I had to get a blank config and cp to the directory
<lamont> rm /etc/postfix/main.cf; dpkg-reconfigure postfix
<databits> thanks lamon
<databits> lamont
<lamont> it sounds like when you installed it, you told it "no configuration", so it did what you said. :(
<databits> I'm running a website, and I want to have email accounts for the site
<databits> which I can receive email through php forms and what not
<databits> so I would choose internet site ?
<lamont> most likley
<lamont> it's more a question of how you deliver mail - internet site, or internet site with relay host
<lamont> if you have to relay mail out through some other mail server, you want the latter
<databits> well basicly I'm running my webserver which has the php form's on the linux server which is running the mail server
<databits> so I want to be able to use sendmail command to take the data in the form and send it to the smtp server on the linux server
<SlimG> Has anyone set up DevMan (HP UPS Agent) on linux, and know what the difference between DevManRA and DevManBE is? I need one that can listen to the serialport
<databits> so I can access the emails which are created... also I want to be able to send email's out using my domain which I'm going to be purchasing later today
<lamont> databits: with a relay host then. and that host is the linux server
<patdk-wk> databits, make sure you get all your hostnames setup correctly for sending email
 * lamont needs to wander
<patdk-wk> reverse dns, forward dns, mx, and helo names
<databits> thanks for the help so far... I will be back in just a quick few have to go pick something up real quick
<databits> hopefully help will still be around :)
 * ZacLnxNewb_ loves you guys for helping him  become more familiar with his linux server
<uvirtbot> New bug: #683650 in dovecot (main) "status_of_proc is returning incorrect error code" [Undecided,New] https://launchpad.net/bugs/683650
<zul> soren: yeah so really just the one apport hook is needed because you only have one configuration file for everything now and it will provide a list of the packages that are installed as well
<soren> zul: I understand why we only need one. I just don't understand why it only gets installed for nova-api.
<soren> zul: And not nova-common, for instance.
<zul> hmm....lemme think about that
<zul> soren: for some reason if i do source_nova.py it wont register with apport
<databits> you still around everyone for help ?
<databits> so I want to select internet with smarthost correct ?
<patdk-wk> you only want smarthost IF you are forwarding all outgoing email to another email server, that will send on your behalf
<patdk-wk> if you are sending emails directly to gmail/yahoo/hotmail/.... then no
<databits> ok excellent... and any emails that would be made in a form will be able to be received with no issue also correct ?
<patdk-wk> that doesn't have anything to do with any of that :)
<patdk-wk> but generally, unless you really screw something up, yes
<RoyK> databits: you probably want a smarthost if you're on a public ISP, they may block SMTP to avoid spamming
<patdk-wk> residentual isp
<databits> I'm trying to remember how I had it setup before
<databits> I almost think I was using comcast mail server for my smarthost last time I had a mail server
<RoyK> patdk-wk: try to telnet zimbra.karlsbakk.net 25
<RoyK> if you reach it, you don't need to use a relay
<patdk-wk> why do I care?
<patdk-wk> I'm already running like 30+ email server without smarthosts
<RoyK> then no worries
<databits> ya I'm able to connect :)
<databits> awesome
<databits> should I have it setup to only relay mail for the local host ?
<RoyK> usually, unless your users need to use it as a relay host. if so, setup authentication for that
<RoyK> opening up for public relay isn't very wise.....
<databits> I just wanna be able to connect to it using outlook to send and receive mail
<databits> I want people to be able to send me mail at my .com address, and I want to be able to send mail from my .com address
<databits> 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128__
<databits> that is what the default is
<RoyK> then you'll need to open for smtp from your users. if they are on a separate subnet, just open up for that. if they're on the net somewhere, you'll need to use smtp auth
<databits> should I just click "ok" ?
<databits> Running newaliases
<databits> newaliases: warning: valid_hostname: misplaced delimiter: ubuntu.hsd1.mi.comcast.net.
<databits> newaliases: fatal: file /etc/postfix/main.cf: parameter myhostname: bad parameter value: ubuntu.hsd1.mi.comcast.net.
<databits> I keep receiving those error's and I'm deleting the config file and running the dpkg conf without those parameters
<cemc> databits: postalias maybe?
<lamont> drop the trailing dot.
<soren> zul: That doesn't make installing it just for nova-api correct :)
<databits> I'm not even telling it to put those
<zul> soren: yeah i know im working on it :)
<databits> awesome got it working
<databits> now lets see if I can get this bad boy to really work
<databits> is postfix both an smtp server an pop or just smtp ?
<databits> how do I setup mail accounts ?
<b0gatyr> greetings
<JanC> databits: postfix is an SMTP server
<databits> ok so I need a pop or imap server to receive mail from my php form's then correct ?
<databits> smtp server is just for sending mail right ?
<databits> I need to catch some zzz's maybe my brain will be working a lil better then.   I will talk with you guys in a few hour's.  Thanks for the help
<zul> hggdh: yay it looks like the bnx2 bug is fixed
<ZacLnxNewb> Hi
<patdk-wk> heh
<patdk-wk> smtp is for receiving email
<patdk-wk> imap/pop are used to read email out of a mailbox
<ZacLnxNewb> Does anyone know how to enable people to send texts to your server?
<patdk-wk> but smtp is used for basically everything else, as it's normally the only thing allowed to go from server to server
<ZacLnxNewb> send texts to, and recieve?
<patdk-wk> ZacLnxNewb, by texts you mean sms?
<ZacLnxNewb> patdk-wk: Yes, sir
<patdk-wk> using real sms or email?
<patdk-wk> the easy way to do sms, is to just connect a phone to the server
<ZacLnxNewb> patdk-wk: preferably real sms
<Steve[cug]> ok, I have a question about UEC.  mainly is there a way to manage it almost like vmware server and the like?
<Steve[cug]> a web ui that will let you see the console and such
<ZacLnxNewb> patdk-wk: however I am interested in setting up an email server too.
<patdk-wk> the more proper way, and more expensive is to use a sms gateway provider
<ZacLnxNewb> patdk-wk: Is there any way to do so without any extra expense?
<patdk-wk> ya, connect a cellphone to your server :)
<patdk-wk> that is really the cheapest option
<ZacLnxNewb> alright, so scratch tht
<ZacLnxNewb> I want to play around with email serving
<ZacLnxNewb> what would you suggest?
<patdk-wk> any email server :)
<smoser> jiboumans, i dont know if i mentioned to you https://launchpad.net/~smoser/+archive/lucid-kernel-upgrades
<smoser> i'm somewhat hoping that our next round of image updates will be launchable with pv-grub kernels (although probably not registered with them by default due to bug 682831)
<uvirtbot> Launchpad bug 682831 in plymouth "lost console output early in boot" [Medium,Fix released] https://launchpad.net/bugs/682831
<ish_> hey guys, what do you guys use for power conservation on your servers?
<patdk-wk> the off switch, or halt command
<ish_> har har
<ish_> is there a need to have a software that will lower power consumption when ur system is idle?
<patdk-wk> not really
<veovis_muaddib> ish_: I've been looking for the same thing, I've been given a few suggestions but they're not working for me
<patdk-wk> most all of that is kernel toggles
<veovis_muaddib> I'd like to be able to go into low power mode and wake up for ssh, smb, or vnc access, or cron jobs
<ish_> lol same here
<patdk-wk> how do you mean low power mode?
<patdk-wk> in order to do that you have to wake up on every network packet
<patdk-wk> and process that packet to see if it is for one of them
<patdk-wk> and that means well, not sleeping
<MrMintanet> I had a question, if that's ok?
<patdk-wk> and unless you turned off speedstep or cpu scaling in your cpu, it already goes into low power mode
<patdk-wk> use powertop :)
<ish_> isnt powertop for laptops?
<patdk-wk> what is different about laptops and servers?
<patdk-wk> they are both computers
<patdk-wk> they both normally have acpi
<veovis_muaddib> MrMintanet: Of course it's okay, that's what this is here for
<MrMintanet> Thanks
<MrMintanet> Just wanted to be sure I wasn't going to get directed to Google or something
<pmatulis> MrMintanet: it depends on your question
<patdk-wk> that depends on the question :)
<veovis_muaddib> MrMintanet: A lot of people still will
<veovis_muaddib> MrMintanet: See?
<MrMintanet> Well, I'm a Windows Admin
<MrMintanet> And I've got a handle on Ubuntu now
<pmatulis> MrMintanet: just ask the question
 * patdk-wk waits for the paragraph
<MrMintanet> I want to setup a server that will run non-intrusive virus scans over the network.
<e1ven> Can anyone post an example of an upstart script which fires off multiple daemons? I need to fire up two different copies of a Database (mongodb) on separate ports- In an init script this is pretty straightforward, but with upstart it isn't really sure how to shut them down- stop: Unknown instance:"     I'm using start-stop-daemon to track the PIDs  (with --pidfile and --make-pidfile). Being able to look over someone else's
<e1ven> upstart script that fires multiple daemons might help
<MrMintanet> And I want it to send out email notifications of it's findings
<MrMintanet> Can anyone make any suggestions as to how I should consider approaching this "challenge"?
<patdk-wk> sounds like you want an idr with virus scanning
<MrMintanet> idr?
<patdk-wk> ids :)
<JanC> scan what for virusses?  HTTP, shares, e-mail, ...?
<JanC> or "everything", as patdk-wk suggests?  âº
<patdk-wk> it won't work for any ssl stuff
<MrMintanet> everything,r eally
<MrMintanet> really*
<MrMintanet> I want it to be able to scan .pst files too
<MrMintanet> For outlook email
<patdk-wk> pst's don't go over the network
<patdk-wk> unless your doing remote logins via smb
<patdk-wk> and then you can't access the pst's if outlook is open
<ish_> veovis_muaddib, i think i found it. its called wakeonlan
<MrMintanet> Hmm
<veovis_muaddib> ish_: That requires a specific packet to be sent before it will work, and for some reason it's not working at all for me
<MrMintanet> Well, then if we disregard the .pst part, is this something that I can do with Ubuntu Server?
<veovis_muaddib> ish_: But my friend who's helping me troubleshoot it has it working on his machine, and it's pretty cool
<patdk-wk> making wakeonlan work requires bios and network card support, and sometimes also os support :)
<MrMintanet> If so, where do you think I shoudl start my studdying?
<MrMintanet> studying*  Sheesh, I can't spell today.
<UndiFineD> but setting up a mail server around exchange is possible to scan mail
<veovis_muaddib> patdk-wk: Yeah
<patdk-wk> veovis_muaddib, what *computer* is it? model numbers help :)
<ish_> veovis_muaddib, oh jeez. that sucks about sending the packet
<veovis_muaddib> patdk-wk: Custom machine, let me find the motherboad serial in my search history
<patdk-wk> veovis_muaddib, lshw :)
<veovis_muaddib> *model number, not serial
<veovis_muaddib> not sshed in, it's off
<patdk-wk> ish, depends, if it's your only machine, ya, not much fun
<patdk-wk> but if you have a router, you can program the router to watch for stuff attempting to use it on the network, and send the wakeonlan for you
<veovis_muaddib> Wouldn't that need something like OpenWRT?
<patdk-wk> veovis_muaddib, basically, yep
<patdk-wk> or any other computer, to do the watching
<patdk-wk> do not great for a single server usage deal
<patdk-wk> so
<ish_> patdk-wk, i have about 20-30 machines. They are rarely used at night.
<patdk-wk> ish, workstations?
<ish_> servers
<MrMintanet> What is an "IDR"?
<patdk-wk> MrMintanet, I meant ids, intrusion detection system
<MrMintanet> I have a sonicwall
<MrMintanet> But my users also use mobile broadband cards
<MrMintanet> Which completely bypass the IDS
<patdk-wk> well, that won't work then
<patdk-wk> the only thing you can is scan their drives
<patdk-wk> personally, just using software on their machines would be best
<patdk-wk> second best option I would do is a centeral backup server, then just scan the backups
<MrMintanet> Ok, then is there an Open Source version of Symantec EndPoint?
<MrMintanet> I use Acronis for that.
<patdk-wk> see if there is an acronis backup mounter, that would be ideal :)
<veovis_muaddib> patdk-wk: I'm on an ASRock n68pv-gs, and using the onboard NIC.  It was meant to be a friend's desktop, but needs changed and it became a server.
<MrMintanet> If you install GUI on Ubuntu Server, are you pretty much a complete idiot?
<patdk-wk> depends on your needs
<ZacLnxNewb> Hi,  I'm connecting to my server with filezilla through SFTP, however I don't seem to have permission to view files ?
<veovis_muaddib> MrMintanet: There are ways to do it, and reasons to do it... It depends on what you need
<MrMintanet> Im' really struggling with CLI
<patdk-wk> veovis_muaddib, it says it supports wakeonlan
<MrMintanet> I feel that I need to get my head around it, but don't know where to begin
<patdk-wk> so you probably have wrong bios settings
<veovis_muaddib> MrMintanet: If you're going to install a GUI, I recommend Openbox or awesome.  Openbox is a floating wm like Windows and OS X, and awesome is a tiling wm that you'd have to see in action and play with first
<patdk-wk> MrMintanet, your still thinking like a windows admin :)
<patdk-wk> in windows they sell *solutions*
<MrMintanet> I know
<veovis_muaddib> patdk-wk: I have boot on lan enabled, that's all I've found in the BIOS
<patdk-wk> generally in opensource and stuff
<MrMintanet> I am trying to break free of those chains
<patdk-wk> you have to build it, by layers
<MrMintanet> I am interviewing for a job in a 100% open source shop
<patdk-wk> so you have to think of what is required to get the result you want
<ZacLnxNewb> MrMintanet: Linux is indeed scary because you can't entirely visually see all the pretty colors...
<ZacLnxNewb> MrMintanet:  But linux is still very beautiful in it's use. ;)
<MrMintanet> I agree
<MrMintanet> The most difficult time I have is with CLI
<ZacLnxNewb> I don't seem to have permissions with my SFTP to view all my files on my server
<MrMintanet> Any suggestions on where to speed learn CLI, by chance?
<MrMintanet> Maybe a little song that will help me remember things?
<MrMintanet> lol
<veovis_muaddib> ZacLnxNewb: Diving into Arch Linux is either terrifying or amazing fun.  Diving into Ubuntu Server, is pretty different, but not scary
<ZacLnxNewb> veovis_muaddib: Well, true
<veovis_muaddib> MrMintanet: On a personal machine, get Arch Linux running
<MrMintanet> Arch Linux?
<veovis_muaddib> It's a build your own system distro
<veovis_muaddib> LFS takes more time, but it teaches you more as well
<veovis_muaddib> either one is great for learning
<ZacLnxNewb> so, could someone perhaps help me?
<MrMintanet> Forgive my ignorance, but isn't that what Ubuntu Server is?
<patdk-wk> veovis_muaddib, so far looks like probably, pci devices power on, needs to be on probably
<veovis_muaddib> ZacLnxNewb: I'm not good at configuring ftp.  I always leave it very insecure because it's a pain
<veovis_muaddib> sorry
<ZacLnxNewb> veovis_muaddib: ACtually
<patdk-wk> veovis_muaddib, I don't see anything else in there, but if there is any type of, low power mode, make sure it's off
<ZacLnxNewb> veovis_muaddib:  SFTP is basically already set up server side
<ZacLnxNewb> veovis_muaddib: I seriously didn't have to configure ANYTHING to connect with SFTP
<veovis_muaddib> MrMintanet: Ubuntu server is quite configured.  Like RedHat/CentOS, it does a lot for you.  Arch Linux and LFS throw you in and make you configure everything yourself
<ZacLnxNewb> veovis_muaddib: I can tell you how I did it if you'd like to see
<ZacLnxNewb> veovis_muaddib: Trust me, very VERY easy
<MrMintanet> It sounds painful
<ZacLnxNewb> veovis_muaddib: It was incredibly painful in windows
<patdk-wk> painful is good, it causes you to learn
<MrMintanet> True
<veovis_muaddib> patdk-wk: I've played with some of the settings in power, and I'm pretty sure everything is off like that....
<patdk-wk> the bad is, you make lots of security mistakes :)
<ZacLnxNewb> veovis_muaddib: so I avoided it because I thought it was hard
<ZacLnxNewb> veovis_muaddib: but it's actually very simple on linux
<veovis_muaddib> MrMintanet: If you think it sounds painful, then it's not for you.  I think it sounds awesome, so I love it
<MrMintanet> What is a quick and easy virt. app I can use on Ubuntu-Desktop?
<veovis_muaddib> MrMintanet: Virtualization?
<MrMintanet> Yea
<veovis_muaddib> ZacLnxNewb: Just a recommendation on which server you used would be nice
<ZacLnxNewb> veovis_muaddib: You don't need a server. :D
<veovis_muaddib> Virtualbox was developed by Sun before they were eaten, it's a pretty good one MrMintanet
<MrMintanet> Thx
<veovis_muaddib> ZacLnxNewb: I mean which ftp daemon...
<MrMintanet> Ok, here's a question
<ZacLnxNewb> veovis_muaddib:  SSH on the server acts as the SFTP serveR
<veovis_muaddib> ZacLnxNewb: Oh
<ZacLnxNewb> veovis_muaddib: You don't have to install ANYthing
<ZacLnxNewb> veovis_muaddib: Seriously, it's already there. :D
<veovis_muaddib> ZacLnxNewb: Okay, I'll have to play with that, I forgot about that
<ZacLnxNewb> veovis_muaddib: Just install filezilla client on your windows pc
<MrMintanet> If I'm using CLI on a server, and have no idea what the correct command is to install an app, how would I go about finding out if all I had was CLI?
<veovis_muaddib> I barely use ssh for tunneling, let alone sftp
<patdk-wk> sftp is part of ssh
<patdk-wk> ftps is ftp over ssl
<ZacLnxNewb> veovis_muaddib: Goto "file" -> "Site manager"  and choose SFTP, and enter your login info that you use to access the server from putty, and VOILA!! Connected with SFTP !
<veovis_muaddib> ZacLnxNewb: Don't have Windows atm, kind of annoying when I want to play games.  I'm stuck with TF2 and L4D2 on Mac, and that's about it
<ZacLnxNewb> veovis_muaddib: Trust me though, I'm SO HAPPY,
<ZacLnxNewb> veovis_muaddib: because I gave up on configuring it on windows
<veovis_muaddib> ZacLnxNewb: No doubt.
<ZacLnxNewb> and on linux
<ZacLnxNewb> It's SOO EASY. :D
<ZacLnxNewb> I like, broke out in happy tears!
<veovis_muaddib> ZacLnxNewb: lol
<ZacLnxNewb> it's so elegant!
<MrMintanet> If I'm using CLI on a server, and have no idea what the correct command is to install an app, how would I go about finding out if all I had was CLI?
<UndiFineD> man
<UndiFineD> man <command>
<ish_> veovis_muaddib, have you been able to play starcraft 2 on ubuntu?
<veovis_muaddib> I have a question on the topic of filesharing:  I run OS X, Linux, Windows, and an Xbox on my home network.  I run XBMC on each of these, and I stream videos through SMB on my server.  Is there a better way?
<ish_> veovis_muaddib, damn wine wont work for me on it for some reason
<patdk-wk> veovis_muaddib, nfs?
<ZacLnxNewb> veovis_muaddib: stream videos via Samba?
<ish_> veovis_muaddib, try ushare
<veovis_muaddib> ish_: I gave up on configuring WINE myself, and only use other people's wrappers now.  Plus, on the OS X side, I have SC II, so I haven't tried in Linux
<veovis_muaddib> ZacLnxNewb: Yeah, it's as unpleasant as it sounds
<veovis_muaddib> patdk-wk: ish_: I'll look those up, thanks
<patdk-wk> well, windows isn't really going do nfs
<cole> veo: playing SC II right now with wine...works perfectly
<patdk-wk> but I stream videos over smb all the time
<ish_> CIFS/SMB for windows
<patdk-wk> but normally use nfs, cause it's mythbuntu to mythbuntu
<veovis_muaddib> patdk-wk: Probably will have to keep the SMB open for the xbox anyway, so I can use it in Windows
<patdk-wk> what about just supporting dlna?
<ZacLnxNewb> veovis_muaddib:  patdk-wk    So what should I use for my PS3 and Xbox360 for video streaming?
<ish_> cole, did it work the first time for you? I try installing it from my cd and it says error
<veovis_muaddib> patdk-wk: But with 720p, smb feels like RealPlayer
<patdk-wk> must be your smb  or server :)
<veovis_muaddib> ZacLnxNewb: Different software for each :P
<ish_> veovis_muaddib, ushare works awesomely
<cole> ish_: log into battle.net and use the installer that you download
<ish_> cole, oh darn i should have thought of that. I will give it a go tonight
<ZacLnxNewb> veovis_muaddib: what would you suggest for each?
<cole> ish_: wine caused a kernel panic twice during the download but the install wass flawless
<ish_> cole, lol
<veovis_muaddib> ZacLnxNewb: I think I have a bookmark for 360, I don't have a PS3, I can hear Ratchet calling for me, but haven't had the cash to pick one up
<veovis_muaddib> ZacLnxNewb: http://ubuntuforums.org/showthread.php?t=794489 Is in my todo folder.  I can't vouch for it working, I haven't even read the whole thread
<veovis_muaddib> Okay, it's 9:48 am here and I stayed up all night...  I'm going to go watch "Terminator: The Summer Glau is Hot Chronicles" to keep myself up and get on a better schedule.  I don't process the neurotransmitter that makes you feel tired properly...
<veovis_muaddib> Adios
<ZacLnxNewb> veovis_muaddib: take care
<MrMintanet> Installing NBR on Virtualbox while I wait for download
<MrMintanet> Incredibly simple
<MrMintanet> Thanks for the suggestion
<UndiFineD> MrMintanet, I am glad you like it
<MrMintanet> I've used VMWare Workstation, and it was very easy, but I really do find Virtualbox to be much easier to use.
<uvirtbot> New bug: #683743 in mysql-5.1 (main) "Please investigate adjusting the mysql apparmor profile to support akonadi" [Undecided,New] https://launchpad.net/bugs/683743
<patdk-wk> can someone point me to the right channel or howto: I want to build my package for hardy and lucid, 32bit and 64bit, and what the best method is, or is using 4 vm's the best?
<SpamapS> patdk-wk: I use sbuild
<SpamapS> patdk-wk: basically, install mk-sbuild, and run 'mk-sbuild --arch=i386 hardy' and that will create a hardy-i386 schroot which you can use for compiling source packages with 'sbuild -A -d hardy-i386 file.dsc'
<patdk-wk> file.dsc? I normally do a dpkg-build... currently
<patdk-wk> and it makes that stuff
<SpamapS> patdk-wk: debuild source in the source dir will create the .dsc
<SpamapS> err
<SpamapS> debuild -S
 * patdk-wk goes to create a vm to try it on :)
<SpamapS> patdk-wk: you don't really need a vm for this ;)
<patdk-wk> well, I figure having a build vm, with all the sources of crap I want, will keep things cleaner
<patdk-wk> and I can move that vm around whereever I want to
<patdk-wk> like, a reinstall of my system, or server, won't affect it :)
<MrMintanet> Ok, just installed Ubuntu on Virtualbox, and it's being dumb
<uvirtbot> New bug: #683640 in spamassassin (main) "status_of_proc is returning incorrect error code" [Undecided,New] https://launchpad.net/bugs/683640
<MrMintanet> :)
<Psi-Jack> hey.. I'm trying to gather a list of lsb-init init.d scripts that call "status_of_proc -p", other than bind9, dovecot, openbsd-inetd, rsync, spamassassin, and ssh, and would like to request if people could do this and pastebin any results they get: grep "status_of_proc -p" /etc/init.d/* | grep -v -E 'bind9|dovecot|openbsd-inetd|rsync|spamassassin|ssh'
<MrMintanet> "No required driver detected for unity."
<MrMintanet> I only get that problem when loading NBR
<timo> Psi-Jack: openvpn
<Psi-Jack> Ahh, one I hadn't seen, thanks will check it out.
<timo> Psi-Jack: do you need the paste?
<Psi-Jack> If just that one, nah. ;)
<timo> Psi-Jack: just that one on my box
<Psi-Jack> Making a bug report and adding what it effects when fixed.
<Psi-Jack> And yep. Definitely effected.
<Psi-Jack> basically there's a major flaw in lsb-init's init-functions that causes pid-file determination to completely fail everything if said service is /not/ started, no matter what, which is completely wrong.
<ish_> whats a good channel for hacking
<Psi-Jack> ish_: ##php, #python, #java, #c, #ruby, etc.
<Psi-Jack> Oh, excuse me, not #c, but ##c
<ish_> i meant white-hat hacking
<Psi-Jack> ish_: Hacking == Programming
<ish_> eh most of the world uses that word for network breaching
<Psi-Jack> Wrong.
<Psi-Jack> That's exploitation, security penetration, defacing, phracking, etc.
<Pici> ish_: ##security
<ish_> Pici, tried it says invite only
<Pici> ish_: register/identify then
<ish_> Pici, hmm so no need to get an invite then?
<Pici> ish_: correct.
<ish_> Pici, sry for silly question. Where do i go to register?
<Pici> !register | ish_
<ubottu> ish_: Information about registering your nickname: https://help.ubuntu.com/community/InternetRelayChat/Registration - Type Â« /nick <nickname> Â» to select your nickname. Registration help available by typing /join #freenode
<MrMintanet> Do I install Virtualbox-Extras on the host or client computer?
<b0gatyr> MrMintanet: client computer.
<b0gatyr> better yet "guest" machine
<ish10> sweet im in now
<uvirtbot> New bug: #683769 in clamav (main) "package clamav-milter 0.96.3 dfsg-2ubuntu1.0.10.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/683769
<ish10> how do u guys hide join msgs by default in xchat every time you start
<Psi-Jack> ish10: #xchat
<RoyK> seems zfs is getting into debian http://robertmh.wordpress.com/2010/11/27/about-zfs-in-squeeze-2/
<air^> RoyK: :O
<air^> RoyK: so, this will be zfs + linux kernel? wasn't there some license issues related to that?
<RoyK> there is - zfs is licensed under a BSD-like license
<air^> RoyK: but it's allowed to still link it directly from the installer?
<air^> or is this now a gray zone.
<RoyK> seems it's with kFreeBSD
<RoyK> so no linux there
<air^> ah, fsck.
<air^> we'll just wait for btrfs then :P
<RoyK> I have stopped waiting for btrfs
<RoyK> setting up 250TB on OpenIndiana these days
<air^> :)
<air^> with ZFS? or ext4?
<RoyK> zfs
<air^> so, bsd ?
<RoyK> openindiana
<air^> *googling*
<air^> "Licensing: coming soon..." ?
<RoyK> air^: licensing will be BSD-like
<RoyK> air^: /j #opensolaris
<RoyK> erm
<RoyK> air^: /j #openindiana
<pmatulis> anyone here have much success in using 'apt-cdrom add' on a loopback mounted ISO?  it seems completely broken on 10.04
<Slyboots> Mm.. well now that I have ubuntu sort of going and the LVM in place..
<Slyboots> Got to think about power-managment.. spinning down drives and whatnot when tis not in use
<Slyboots> (But in a way that wont murder the RAID)
<patdk-wk> SpamapS, ok, I have sbuild installed and kindof working
<patdk-wk> but it keeps bitching about known filesystem aufs
<SpamapS> patdk-wk: paste.ubuntu.com maybe?
<SpamapS> Slyboots: drives use a really, really tiny amount of power when compared to CPU's ;)
<patdk-wk> http://pastebin.ubuntu.com/538762/
<SpamapS> patdk-wk: are you running a custom kernel?
<SpamapS> patdk-wk: grep aufs /proc/filesystems
<patdk-wk> linux-virtual
<patdk-wk> not in there
<zul> smoser: is the stuff in lp:cloud-init current?
<SpamapS> patdk-wk: ahh! maybe its not enabled in virtual kernels
<patdk-wk> guess I'll uninstall the vm kernel :(
<SpamapS> patdk-wk: or use lvm
<SpamapS> patdk-wk: or btrfs
<smoser> zul, yes, i think so
<patdk-wk> ya, I was thinking I should probably do lvm, but that was after the fact I found out about it :)
<uvirtbot> New bug: #683801 in rrdtool (main) "rrdtool1.3.8 in Lucid needs an update" [Undecided,New] https://launchpad.net/bugs/683801
<patdk-wk> heh, kernel change fixed :(
<patdk-wk> now some odd build errors with apt
<patdk-wk> heh, it helped to install ia32-libs :)
<Slyboots> Mm..
<Slyboots> What sort of measures do you have to take to get power managment working in Ubuntu server?
<Slyboots> Im thinking primarlly of speed-stepping and perhaps having the HD's sleep when not in use? (But in a way that wont damage the RAID array)
<patdk-wk> none?
<Slyboots> ?
<Slyboots> Do I not need to.. like install something or?
<patdk-wk> nope
<patdk-wk> if you want to adjust the harddrive sleep, use hdparm to do so
<patdk-wk> but really, harddrives generally don't sleep
<patdk-wk> too much log writting and stuff going on
<syn-ack> That's why those WD green drive die so quickly. :/
<patdk-wk> even on my laptop, the best I can do, to maximize power usage, and cut from 18watts to 15watts
<patdk-wk> if you do that on a server, your talking about well, a few percent if that
<Slyboots> Mm
<patdk-wk> I get more powersavings from dumping the drive completely and using ssd, than sleep mode on a rotating disk
<patdk-wk> and really the biggest power draw is a monitor :)
<patdk-wk> after cpu and video cards :)
<Slyboots> Well its a file-server :P
<patdk-wk> go about underclocking your cpu and video card :)
<Slyboots> Dont have a videocard
<patdk-wk> unless you have >10 drives, it's not really worth powering down the harddrives
<patdk-wk> and even then, I wouldn't
<Slyboots> well what about speed-stepping
<patdk-wk> enable it in your bios
<patdk-wk> if your cpu supports it
<SpamapS> Slyboots: the speed step stuff I think you just need to install pm-utils
<SpamapS> kirkland: ping ^^ Slyboots wants to reduce power usage on his server.
<patdk-wk> ah, pm-utils is installed on all my systems
<patdk-wk> so I never noticed
<patdk-wk> hmm, everything works except hardy i386
<patdk-wk> gpgv won't run
<T3CHKOMMIE> hey guys, im a little confused as to why i have 3 virtual hosts on one server working and resolving correctly, i added a 4th virtual host pointed to a new document root but that new subdomain cannot resolve to the new virtual hosts docuemt root. any ideas do i need to refresh /flush something?
<SpamapS> jcastro: dude.. http://askubuntu.com/tags/ubuntu-server/faq     *nice*
<SpamapS> T3CHKOMMIE: you should only need to reload the apache service (service apache2 reload)
<T3CHKOMMIE> ya, it looks like the DNS didnt refresh as fast as i had like.
<T3CHKOMMIE> i gave it about 10 min and its working just fine now.
<T3CHKOMMIE> thanks for the help1
<SpamapS> jcastro: btw.. I am evil today  http://askubuntu.com/users/813/spamaps
<SpamapS> reputation: 666 ;)
<zul> SpamapS: looks like debian already has 5.1.53 packaged soon
<jcastro> SpamapS: heh, awesome
<SpamapS> zul: in unstable?
<zul> looks like it
<jcastro> SpamapS: you're my hero of the day, I've never even heard of debi before
<jcastro> SpamapS: yeah that FAQ generator is awesome, feel free to link it from a team page or something
<SpamapS> jcastro: debi is awesome if you're building packages. :)
<pting> what parameters do i add in my fstab for sshfs to perform a sudo -i upon connecting?
<remix_tj> pting: what? sudo -i while connecting?
<remix_tj> what command do you use by hand?
<pting> remix_tj, i want to switch to root upon connecting with a different user for the mount
<remix_tj> there's no way to do it
<pting> remix_tj, i see, i'll just connect as root then, thanks
<remix_tj> only connecting as root can allow you to operate like root
<zul> SpamapS: experimental
<SpamapS> zul: well thats something. :)
<SpamapS> zul: I'll hold off on the merge then
<patdk-wk> spamaps, I found it to be useless :)
<patdk-wk> as I was going upload it to a ppa and didn't know it compiled them :)
<patdk-wk> but it does take me to another question, I have the source I want compiled to be available for hardy and lucid, but I can't see a way to upload to a ppa for both, and if I attempt to upload twice one for each, it complains
<SpamapS> patdk-wk: oh hahaha
<patdk-wk> but atleast that did solve my, compile it if I want to :)
<SpamapS>  /win 27
<SpamapS> doh
<soren> SpamapS: Yeah, nothing interesting in /win 27.
<SpamapS> soren: all the good stuff is in /win 3
<soren> SpamapS: /win 3 is ok. /win 61 is where all the cool kids are, though.
<Pici>  /win 3 is actually this channel on my client.
<SpamapS> Pici: ^5 for /win 3
<RoAkSoAx> lol /win 3 is also this channel for me
<hallyn_> ScottK: on bug 673654, i'm not clear on next step - do we ask kees to take a look, or were you just going to apply the patches, or someone else?
<uvirtbot> Launchpad bug 673654 in clamav "Upcoming clamav release with security fixes" [Medium,Confirmed] https://launchpad.net/bugs/673654
<nertil> nertil@Maverick:~/psybnc$ uptime
<nertil> -bash: /usr/bin/uptime: Input/output error
<nertil> sudo: unable to execute /sbin/reboot: Input/output error
<nertil> weird
<nertil> cant doo any commands
<nertil> anyone?
<hallyn_> ttx: hey, i'm looking at bugs 681598 and 570944 - was anything ever decided about what to do about pam_winbind and use_authtok?
<uvirtbot> Launchpad bug 681598 in samba "passwd doesn't work with pam_winbind" [Undecided,New] https://launchpad.net/bugs/681598
<uvirtbot> Launchpad bug 570944 in samba "passwd : gives "Authentication token manipulation error"" [Medium,Triaged] https://launchpad.net/bugs/570944
<hallyn_> (I'd ask slangosek but don't see him on)
<hallyn_> nertil: i think you have disk errors
<nertil> hard disk?
<hallyn_> y
<nertil> hum
<soren> nertil: dmesg might give a few hints.
<hallyn_> where do /usr/bin and /sbin sit?  on local disk?  or is this nfs?
<nertil> local
<hallyn_> nertil: so as soren suggested, does dmesg give you any hints?  What about output of df and mount?
<ScottK> hallyn_: I've already talked to the security team about it.
<soren> Ryan_Lane|food: It depends on your packaging, really.
<Ryan_Lane|food> soren: yeah, would be good to get opendj packaged. I'm sure forgerock would be appreciative
<soren> Ryan_Lane: How are you building the packages now?
<Ryan_Lane> pbuilder
<soren> Ok, good.
<soren> Ryan_Lane: Do you have the source packages published anywhere?
<Ryan_Lane> yeah. in wikimedia's repository
<Ryan_Lane> which is: deb-src http://apt.wikimedia.org/wikimedia hardy-wikimedia main universe
<hallyn_> ScottK: ok, and they're taking it and runnig with it?
<ScottK> hallyn_: I believe so.
<hallyn_> ok, thx.
<Ryan_Lane> I should make a small change before getting it added
<soren> Ryan_Lane: It's a native package?
<Ryan_Lane> what do you mean by native?
<soren> It only has a single tarball in it, with both upstream code and the packaging stuff.
<Ryan_Lane> oh. yes.
 * soren shrieks as he realises this is Java stuff
<Ryan_Lane> :D
<soren> Ok, your major obstable is going to be not using the jars shipped in the tarball, but rather the ones in the Ubuntu repository.
<Ryan_Lane> which jars?
<Ryan_Lane> ah. in lib?
<uvirtbot> New bug: #683890 in cloud-init (main) "config-grub does not run" [Low,Fix released] https://launchpad.net/bugs/683890
<soren> Ryan_Lane: In ext/, lib/ and resource/
<soren> Ryan_Lane: There's 51 of them.
<soren> Sorry, 59.
<Ryan_Lane> I don't see that many on install
<soren> Ryan_Lane: Great!
<Ryan_Lane> there's like 14
<soren> Ryan_Lane: That makes your job way easier.
<Ryan_Lane> and most of them are specific to opendj
<soren> Ryan_Lane: If they're built form the source package, that's fine.
<Ryan_Lane> activation, mail, and je are likely the only non-opendj ones
<soren> Ryan_Lane: Step 1 is to enumerate the ones it needs at runtime that aren't built, but just bundled.
<soren> Ryan_Lane: ...and find out if they're packaged in Ubuntu.
<soren> Ryan_Lane: Does that distinction make sense to you?
<Ryan_Lane> yeah, shared libs should come from other packages
<soren> Precisely.
<Ryan_Lane> my concern is how this will affect upgrades
<Ryan_Lane> I also don't know how upgrades should be handled
<Ryan_Lane> there isn't anyone to backport fixes for this
<Ryan_Lane> soren: I was going to simply keep the package up to date with the upstream stable releases
<soren> Ryan_Lane: Yeah. Maybe getting it in shape for Ubuntu proper isn't worth the effort.
<Ryan_Lane> it doesn't matter much for me, as I'm maintaining it anyway :)
<Ryan_Lane> but it's a much better server than openldap, and others could benefit
<Mip5_> Hi - ubuntu 10.04.1, ltsp, raid1. After updates yesterday (that got interrupted), I restarted, ran dpkg --configure -a, and apt-get update && apt-get dist-upgrade. It appeared to work okay, got an ncurses notice about grub, and installed it to all 3 disks in teh array, but now I get dropped into the initramfs shell
<Mip5_> The error I get is that disk-by-uuid/ xxx can't be found . I have been able to boot into an older kernel, and am in that way now. I'm not sure how to fix this. Folks from ubuntu-ltsp recommended I try here. Here's a link to postbin with info on blkid, /etc/fstab, and grub.cfg:
<Mip5_> http://ltsp.pastebin.com/nmEfrmBZ
<smoser> kirkland, zul ping
<smoser> either of you know what i should do if i found a bug in a package i have in -proposed at the moment ?
<RoAkSoAx> smoser: I believe if it has not yet been released as an update, you can just prevent that from happening or ask someone to decline the package
<ScottK> hallyn_: I put the diff for the clamav security fix in the bug.  If you were to make debdiffs for each release, that would certainly speed the security team's work.
<smoser> ScottK, ^ you probably know for sure above
<smoser> I'm asking specifically about bug 671103, and the missed fix described in bug 683890
<uvirtbot> Launchpad bug 671103 in cloud-init "backport grub-legacy-ec2 from maverick to lucid" [High,Fix committed] https://launchpad.net/bugs/671103
<uvirtbot> Launchpad bug 683890 in cloud-init "config-grub does not run" [Low,Fix released] https://launchpad.net/bugs/683890
<ScottK> smoser: Is it a new bug to the proposed package or does it exist in the released package too?
<ScottK> If it's just in proposed, comment in the bug and tag it "verification-failed".
<smoser> well, its not really a regression.
<smoser> part of the fix just wont run
<smoser> which would then, not really fix the problem
<ScottK> That still qualifies as verification failed.
<smoser> so i tagged verification failed
<jdstrand> hallyn_: it absolutely would speed up the process. please follow https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing%20an%20update
<ScottK> We don't want to give people updates that don't fix the problem.
<smoser> and in the other, regression-proposed
<jdstrand> hallyn_: it would also help with core-dev cred
<smoser> so what happens from here ? someone drops the -proposed package, and i can upload a new one ?
<smoser> ok. i have to run, please, if anyone here can help push those along, or tell me what i need to do to do so, i would really appreciate it. i'll check back in later.
<hallyn_> ScottK: jdstrand: np, i'll do that tonight or tomorrow.  thanks
<jdstrand> sbeattie: fyi ^
<jdstrand> hallyn_: thanks!
<tomsdale> I just updated my ubuntu 10.04 server with lvm partitions and grub cannot remember where it previously was installed. It asks me to  choose between sda and sda1 (ext2 not lvm)
<tomsdale> is it ok to install on sda or can this lead to problems because of lvm?
<Patrickdk> is it the only os on that computer?
<tomsdale> yers
<Patrickdk> I would go with sda :)
<Patrickdk> or, I always go with sda :)
<tomsdale> Me too - but I'm confused because it should have been on there already - so why does it forget. it's a remote vm - so lets hope it comes up :-)
<Patrickdk> depend on how long ago it was you updated it
<Patrickdk> there was a change a few months back
<tomsdale> install is 3 month old.
<Patrickdk> that made a file in grub so it knew where it should go, before that it did a good guess
<Patrickdk> so you might of not had it
<Patrickdk> and when you update it, it gets that, notices it doesn't know, and asks you to basically confirm what it thinks
<tomsdale> ok, makes sense - let's see whether it comes up :-)
<tomsdale> Patrickdk: it came up fine - thx a lot
<quizme> hey
<quizme> i normally use Ubuntu at home and for my personal web server, but at work they're running fedora.  So, I'm thinking for my work computer to be on Fedora.  Do you think that's a good idea?  (They said most programmers use Mac though...)
#ubuntu-server 2010-12-02
<uvirtbot> New bug: #683955 in tftp-hpa (main) "Please upgrade tftpd-hpa in lucid to at least 5.0-14" [Undecided,New] https://launchpad.net/bugs/683955
<uvirtbot> New bug: #683957 in qemu-kvm (main) "guest ata controller becomes unresponsive" [Undecided,New] https://launchpad.net/bugs/683957
<queso_> If I write a bash script to be run at startup as root, where is that standard location for the script to be placed and how do I make sure it starts at boot?
<zul> SpamapS: around?
<toddnine> can anyone get to mirrors.ibilio.org?  It appears to be down
<shauno> Connecting to mirrors.ibiblio.org|152.46.7.65|:80... failed: Connection refused.
<toddnine> lame
<toddnine> thanks for checking, wasn't sure if it was a local issues
<lifeless> http://downforeveryoneorjustme.com/mirrors.ibiblio.org :)
<toddnine> lifeless: There's a site for everything!
<icek> I have ubuntu-desktop, how do i change it to ubuntu-server?
<qman__> swap kernels and purge a lot of packages
<Billy_D_Kidd> its easy reinstall then
<Billy_D_Kidd> ping
<Gadu> I have a ruby script that I want to run on my server (it's an IRC bot).
<Gadu> I tried starting it via SSH and tried setting it to start in /etc/rc.local to no avail.
<Gadu> if I close out of my SSH session the script stops
<Gadu> is there anyway to run it short of plugging a monitor and keyboard in?
<_mud_> what command do you have in /etc/rc.local?  are you running the bot as root, some services will not allow root@ to connect via irc
<demonspork> I am using rsync via ssh and it is taking forever between two servers I know get insanely high bandwidth between them (both in data centers) and is still refuses to move quickly
<_mud_> Gadu: look into running a cron for the bot?
<Gadu> "cd /home/username/folder && ruby script.rb" is what I have (it ran successfully with "sudo /etc/rc.local"
<Gadu> but it still closes when I close the ssh session
<_mud_> Gadu, or 'man screen' - would not suggest running it as root btw.
<Gadu> I wouldn't run it as root either, but I'll take anything that makes it stay up lol
<_mud_> easy way run it in a screen and detach it
<_mud_> see: man screen
<demonspork> Gadu, screen is a fantastic way to run things like that
<Gadu> I've looked into screen for another use but was unsuccessful, I'll give another try to screen lol
<demonspork> ctrl A and then press D will disconnect from the screen
<demonspork> screen -x to reconnect to it
<Gadu> and if I want, say, 3 separate screen sessions?
<_mud_> type:  screen - then run your app - cnt+a and cnt+d = detaches it
<_mud_> screen -r pid#
<demonspork> screen -x [id]
<demonspork> pid
<demonspork> or you can name the screens with -S
<_mud_> hmm -x?  what the diff from -r ?
<demonspork> screen -S myserver
<demonspork> -x allows you to connect multiple times
<demonspork> -r will only connect to a detached screen
<_mud_> ah
<_mud_> been using it for 15 years never knew
<Gadu> screen -S alpha > CTRL+A > CTRL+D > ?
<demonspork> lol
<demonspork> Gadu, yes
<Gadu> what to recall alpha?
<demonspork> that disconnects you from the screen
<demonspork> well, it if is the only screen, screen -x will reconnect you
<demonspork> but if you want to name it specifically
<demonspork> screen -S alpha -x
<demonspork> will reconnect to existing screen named alpha
<Gadu> I seriously love you guys right now
<demonspork> I learned a lot of advanced stuff recently so that I could use a screen session to inject commands into a minecraft server console
<Gadu> that game worth buying? I've seen some gameplay but don't know much
<Gadu> erm, that's probably off topic. continue in PM?
<demonspork> it is worth buying
<demonspork> I run a minecraft server and it is forcing me to learn web development
<demonspork> http://minecraft.brbuninstalling.com/map/
<demonspork> this is what is currently running (my issue earlier with rsync moving deathly slow)
<demonspork> I am about to stop this, archive the entire thing and move it
<_mud_> rsync full ?  or differential ?
<demonspork> well, first tried a differential
<demonspork> and then I remembered that every single file that I was moving was going to be different from the files of the same name on the destination
<demonspork> so I jsut deleted everything and started from scratch on the destination
<demonspork> still, same slow transfer rate
<_mud_> yep yep ;)  server maps?  they ploting ubuntu servers now?
<demonspork> huh?
<demonspork> plotting ubuntu servers?
<_mud_> in the channel topic, sorry I jumped
<_mud_> never been on openprojects for years
<_mud_> errr freenode now
<Gadu> ok, now is there a way I could have what I start in my 3 screen session when the computer boots?
<Gadu> sessions*
<demonspork> Gadu, crontab
<demonspork> use "man crontab" for more information
<Gadu> this will allow me to start this stuff when it boots with user priviledges?
<Gadu> privileges*
<demonspork> yes
<Gadu> man this is exciting
<demonspork> @reboot is the special flag for starting at reboot
<demonspork> @weekly for weekly
<demonspork> @monthly
<demonspork> stuff like that
<_mud_> or as a user use "crontab -e" but look up formatting
<demonspork> or you can get more advanced and do the full minute hour day week month configuration
<Gadu> at startup is great =P
<Gadu> do I have to login for crontab to begin? or will it startup with the user's privileges without the user logging in?
<demonspork> Gadu, crontab is not session dependendant at all
<demonspork> is is executed by the cron daemon which runs as a system service
<demonspork> and each user's crontab is run with thier username
<Gadu> Ð¾ÑÐ»Ð¸ÑÐ½Ð¾
<Gadu> again, I love you
<demonspork> where can I do a speedtest on my server?
<demonspork> because these 2 servers only seem to be getting 4mb/s between each other
<demonspork> which is much slower than the 25MB/s I can move stuff back and forth between them
<Gadu> so moving things is 200mbps, what activity is getting the 32mbps?
<demonspork> no, 4mbps
<demonspork> like slower than my DSL at home's download speed
<Gadu> 0.5MB/s then?
<demonspork> oh wtf
<Gadu> 4MB/s = 32mbps
<demonspork> each connection is being throttled to that speed
<demonspork> fucking hell
<Gadu> interesting
<demonspork> can I add workers to rsync
<demonspork> hmm
 * demonspork looks at the man page
<Gadu> perhaps try SCP instead of rsync?
<Gadu> XD
<demonspork> frick, rsync doesn't seem to support using multiple workers
<demonspork> well, even the apache server is only giving me the files at that max speed
<demonspork> but I am downloading it straight to my house at the exact same speed
<IrishWristwatch> hello
<fluvvell> ok, I've installed 64bit 10.04 with software raid on a new quad core IBM x3100 M3, its quick but the fans are running fairly hard. When on the desktop live disk (while configuring the raid1 array) things were much quieter,
<fluvvell> question: What packages help control fan speeds on server?
<banker247> i have a question as i've just setup an apache2 and mysql server
<banker247> if someone is trying to bruteforce you won't their attemps fail if you lockout on 3 failed attemps?
<ttx> hallyn: no -- I was standing by after https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/comments/15
<uvirtbot> Launchpad bug 570944 in samba "passwd : gives "Authentication token manipulation error"" [Medium,Triaged]
<ttx> hallyn_: it's one of those things where picking the right default ("works for most") is difficult
<ttx> hallyn_: so it probably needs to be handled by extra logic in pam-auth-update
<fluvvell> is there a way to backup all samba users passwords, and import them to the a new machine?
<fluvvell> ttx, re banker247's  3 attempts, have you ever used fail2ban?
<ttx> fluvvell: no
<fluvvell> I've got it configured here for ssh login attempts - has a default 10 minute lockout of the ip address (adds an iptables entry)
<fluvvell> I think it can be configured for a number of different servers.
<banker247> fluvvell, no.. i mean. if i lockdown the server after 3 attemps for 3 minutes each time. then ... how can it possibly be cracked if i have a 256bit pw?
<banker247> they can always change their ips heh
<fluvvell> I see your point
<banker247> so theoretically you would be impossible to be cracked however you could still be compromised if you slipped up somehow right?
<fluvvell> they get 1440 wrong attempts each day on a 32 character password?
<fluvvell> It would be nice for the administrator to be somehow alerted after a few weeks that someone was trying to get in :_)
<fluvvell> so, does anyone know about what 64bit packages to look for to calm the cpu fan down a bit? They were quiet on the live desktop edition...
<fluvvell> Or are they kernel modules?
<Guest16722> Hi all. I've setup a secondary MX server running postfix amongst other things, and I've written a simple perl script to sync the relevant files over SSH, then restart the daemons over SSH when a file update occurs.  This runs every 15 minutes.  I've managed to dump most config directives unique to each host (such as mydestination, myorigin) into its own file which I can simply exclude
<Guest16722> in rsync.  The problem is myhostname, I can't seem to find a way to remove it from the main.cf file...
<Guest16722> This becomes an issue because I run the postconf command each time on the second MX over SSH to set myhostname to what it needs to be, but this means every 15 minutes, rsync thinks it needs to update main.cf each time, which in turn means that the mail-related services are restarted each time.  I don't like this. :-(
<Guest16722> I'm all out of ideas...does anyone have any?
<SpamapS> Guest16722: sorry there aren't many people up at this hour...
<SpamapS> Guest16722: what files are you syncing every 15 minutes?
<Guest16722> That does seem to be the case.  I understand.
<Guest16722> Let's see...
<SpamapS> Guest16722: have you heard of 'puppet' ?
<Guest16722> my @localFiles = ("/etc/postfix/",
<Guest16722> "/etc/default/spamassassin",
<Guest16722> "/etc/amavis/",
<Guest16722> "/etc/clamav/",
<Guest16722> "/etc/razor/");
<Guest16722> I have not heard of puppet.
<SpamapS> Guest16722: it will help you template the config files and will only reload postfix when the files actually change.
<SpamapS> Guest16722: its a configuration management system.
<Guest16722> Interesting...
<SpamapS> Guest16722: we've all written rsync / ssh / etc. syncing thingies.. Puppet makes it all better. ;)
<SpamapS> Guest16722: anyway, I have to sleep now. Good luck checking out puppet. :)
 * SpamapS goes zzZZZZZZzzzz...
<Guest16722> Thanks.
<lvh> Hi
<RoyK> ho
<lvh> I've got a spare box and I'd like to try maverick's virtualization stuff on it
<lvh> The wiki appears to suggest qemu: is that a reasonable suggestion performance wise?
<lvh> I used it in the past and it was slow as molasses
<lvh> (not disparaging qemu per se: it was great for what I used it, performance wasn't the problem)
<lvh> Is the packaged qemu already patched to use kvm?
<uvirtbot> New bug: #684084 in openssh (main) "ssh X11 forwarding does not work for KDE applications" [Undecided,New] https://launchpad.net/bugs/684084
<sstraw> I'm tearing my hair out here.
<sstraw> Trying to install some Perl CPAN modules.  Ubuntu Server 9.10
<sstraw> Standard stuff, but an endless series of prerequisites for some things, and it's not all installing successfully.
<sstraw> starting with a basic "install Bundle::cpan"
<sstraw> (er, Bundle::CPAN)
<sstraw> problem is that too many of the tests seem to fail in one prerequisite or another, causing them not to install, with a trickle effect.
<sstraw> For instance, can't get Module::Build to install successfully, and a pile of other things are dependant upon it.
<sstraw> the tests cumulatively take a long time to run as well, which makes the repeated CPAN operations that much more painful.
<sstraw> Is there some way to download a PACKAGE of Perl+CPAN modules so that I can skip trying to get the chicken-v-egg dependancies to resolve?
<alvin> sstraw: Are the modules you need not available through the default repositories? A lot of CPAN modules are made into .deb packages.
<alvin> sstraw: I do not have a lot of experience with CPAN. (Only used it to install 1 module and it worked)
<sstraw> really irritating:  "Could not make - Unknown Error".  How useful.
<uvirtbot> New bug: #684110 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New] https://launchpad.net/bugs/684110
<alvin> sstraw: Do you have the package build-essential installed?
<milligan> Anyone here that uses geany? If so, do you know how I can load the documentation for a library and load the api realtime ?
<ScottK> SpamapS: Thanks for the spamasassin SRU.
<SpamapS> ScottK: no problem. :) I used to be a heavy, heavy SA user.. intereesting to see that not much has changed.
<ScottK> 3.3 is a bit different, but not much has.
<ScottK> People seem to keep hiring Spamassassin developers and then the disappear.
<SpamapS> I've been behind a Barracuda for about 3 years now.. pretty much kills any SA configuration I've ever tried.
<ScottK> AFAIK that's SA plus some special sauce.
<SpamapS> pretty much
<SpamapS> closely monitored and managed SA
<ScottK> Plus a shit ton of data and an IP reputation system.
<SpamapS> I built something similar in 2002, sold it to about 10 businesses in socal with contracts for support.. but thats right when barracuda landed and they were WAY ahead of me.
<SpamapS> Mine was also an IDS using Snort ... but nobody understood why that was useful. :-P
<hggdh> JamesPage: got a Q for you, available?
<JamesPage> hggdh: sure
<hggdh> JamesPage: how do we update the tests on Hudson? I pushed an updated dns-server to bzr
<JamesPage> hggdh: the tests are not held centrally, but on each slave so they need to be pulled to each slave individually.
<hggdh> JamesPage: OK, then we need to update the slaves (I do not have access, I guess)
<JamesPage> hggdh: I've been working on packaging the slave framework and dependencies today; both mercury and bowlan are running this now.
<hggdh> JamesPage: additionally -- IPv6 localhost entry in /etc/hosts changed from Maverick to Natty. Would this be a bug?
<uvirtbot> New bug: #683379 in cloud-init (main) "user prompted twice on ec2 grub-pc upgrade from 1.98-1ubuntu7 to 1.98-1ubuntu8" [High,In progress] https://launchpad.net/bugs/683379
<JamesPage> hggdh: not sure to be honest
<JamesPage> hggdh: interestingly the test was still working?
<hggdh> zul: network is now working on the test rig. OTOH, we now fail to find a harddrive in partman :-(
<hggdh> JamesPage: no, it failed -- this is why I updated it
<hggdh> JamesPage: but now I wonder if this could be seem as a regression
<JamesPage> hggdh: looks OK to me - http://204.236.234.12:8080/job/natty-server-i386_dns-server/9/testReport/test/DnsServerTest
<JamesPage> I found and resolved a couple of core issues today whilst I was packaging
<JamesPage> 1) the preseed for all but minimal virtual was not using -generic-pae kernel.
<JamesPage> 2) minimal virtual install size test does not take into account testing overlay (25MB).
<JamesPage> hggdh: let me merge in you update and we can re-run.
<pmorris> How do I change the screen resolution on a server?
<hggdh> JamesPage: weird. When I ran dns-server locally, it failed because on Natty IPv6 localhost is now called ip6-localhost
<hggdh> so now I am confused :-(
<JamesPage> hggdh: thats weird
<JamesPage> hggdh: I've updated the package and upgraded bowlan and mercury
<JamesPage> hggdh: and kicked off dns-server jobs for both archs
<JamesPage> hggdh: packages are in ppa:james-page/usit
<JamesPage> hggdh: want to get it to a place where all is working fine before we merge back into trunk
<hggdh> JamesPage: ack, makes sense
<JamesPage> hggdh: need to update the docs - have made a few other improvements whilst packaging
<JamesPage> hggdh: like remove gpxe requirement - makes the install cleaner
<hggdh> woot!
<JamesPage> hggdh: I've put the code branch under lp:~ubuntu-server-iso-testing-dev/ubuntu-server-iso-testing/1.0-RC1
<JamesPage> hggdh: you should be able to push changes to it as well now.
<hggdh> JamesPage: roj
<MrMintanet> Hello.
<MrMintanet> How is everyone this morning?
<MrMintanet> Anyone here work in a colocation datacenter recently?
<MrMintanet> Can someone help me with load balancing?
<Ninjix> anyone having trouble with the two latest 2.6.32 lucid kernels running as KVM guests?
<cemc> Ninjix: trouble?
<smoser> jdstrand, could you read https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/684110 real quick ?
<uvirtbot> Launchpad bug 684110 in bind9 "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saÃ­da de erro 1" [Undecided,New]
<smoser> i'm tihning its app armour related, but not smart enough to tell for sure.
<jdstrand> smoser: the upgrade failed because named did not start because it is trying to /var/lib/named/etc/bind/named.conf which is not in the default apparmor profile
<jdstrand> s/trying to/trying to read/
<jdstrand> smoser: and hi! :)
<smoser> :) thanks.
<smoser> so would some local configuration prior to that installation have triggered that ?
<smoser> (i realize thats bind9 specific question. surely the default 'apt-get install bind9' on lucid is not busted)
<jdstrand> smoser: absolutely. /etc/bind/named.conf is the normal location for that file and is allowed read in the apparmor profile
<Ninjix> cemc: yes, I can't get 2.6.32-25 or 2.6.32-26 to post after grub handoff
<Ninjix> 2.6.32-24 works fine
<jdstrand> smoser: so the user changed location of the file, possibly trying to chroot bind (wild guess)
<cemc> Ninjix: lucid guest? 32/64 bit ? on what host?
<jdstrand> smoser: we do allow /var/lib/bind/**, but the user did /var/lib/named/...
<Ninjix> lucid 64bit guest on Proxmox
<smoser> ah. ok. yeah, i see. jdstrand thank.
<jdstrand> smoser: bottom line, the user needs to adjust the profile. I would point him at https://wiki.ubuntu.com/DebuggingApparmor
<Ninjix> another Proxmox user has reported the same problem with his Lucid guests running on AMD proxmox host
<jdstrand> smoser: which conveniently also discusses apparmor and chroot environments, in case the user was trying to do that
<cemc> Ninjix: oh, proxmox. I'm not familiar with that... I have a lucid host with KVM I could try on
<smoser> jdstrand, awesome
<jdstrand> smoser: so he should be able to figure it out on his own
<Ninjix> I've been able to confirm the problem only happens on AMD cpu
<Ninjix> my Intel cpu based hosts/guests are fine
<Ninjix> so I'm trying to triangulate what's changed on Proxmox + Ubuntu + AMD
<Ninjix> backtrack from there
<Ninjix> find it strange that a minor revision of Ubuntu kernel would cause such a boot problem but...
<cemc> Ninjix: proxmox uses kvm too, right?
<Ninjix> cemc: yes
<Ninjix> the latest version uses Ubuntu 2.6.35 kernel with Debian 5 userland
<Ninjix> so I'm hoping some in channel has a host running on AMD and can test a KVM ubuntu guest
<cemc> well I do have a host on AMD, but it's an ubuntu 10.04
<cemc> with KVM installed on it, and a couple of guests
<Ninjix> and no issues with latest kernels for the guests?
<cemc> not sure, I have to try, hold on
<Ninjix> thanks
<cemc> Ninjix: and that's only on 64bit lucid guests?
<cemc> I have a 32bit lucid guest here which runs just fine with 2.6.32-25-generic
<Ninjix> cemc: ok thanks for testing. I've only got 64-bit guests
<cemc> Ninjix: I'll install one in a minute
<cemc> Ninjix: btw, what's the error, or what happens when you try to boot with -26 kernel?
<Ninjix> that's the tough part. no errors or anything else is displayed even with quiet removed from grub2 config
<cemc> Ninjix: so what happens? you see the grub menu, press enter on the -26 kernel and then ?
<Ninjix> freeze
<tarvid> is ftp connection tracking on by default?
<tarvid> in 9.10
<tarvid> and what's with
<tarvid> lrwxrwxrwx 1 root root 15 2010-02-21 13:24 blkid.tab -> /dev/.blkid.tab
<tarvid>  /dev/.blkid.tab does not exist
<tarvid> run blkid once and it is there so why the symbolic link before the file is created?
<tarvid> how do I find which package contains blkid?
<ssureshot> why is ssh listening on tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      2107/0   ?
<ssureshot> it isn't there right after a fresh boot
<Pici> tarvid: dpkg -S `which blkid`
<Pici> Or use apt-file in place of dpkg -S if you don't have it installed yet.
<Pici> (its util-linux btw)
<tarvid> thanks
<Ninjix> cemc: looks like it has something to do with SMP
<tarvid> ubuntu-bug doesn't like that package
<tarvid> libblkid1 maybe?
<tarvid> yes
<Pici> tarvid: libblkid1 also comes from the same source package.
<Ralchev> Hey guys, I have a problem when I try to use SSH .. i'm getting this http://paste.ubuntu.com/539042/
<Thund3rX> Hi guys, does someone know where I could find some reading about arguments why Ubuntu Server( or Debian based Linux) would fit the security hardening needs in an enterprise: each time we're dealing with the security people, they keep pointing us to Red Hat for the state of art standard hardening
<Ninjix> Ralchev: looks like the SSH account doesn't have write priv on it's home directory listed in /etc/passwd
<Ninjix> Thund3rX: Have you asked Canonical marketing people?
<Ninjix> I bet they have something on the shelf since they have scored some bigger customers lately
<Ralchev> Ninjix, it has, it was running great this morning
<Ninjix> Ralchev: same error for other accounts?
<Ralchev> Ninjix, what other accounts? it is the second time im getting that error, when I reboot it is ok, but it has to be fixed. Look at this thread http://www.linuxquestions.org/questions/linux-hardware-18/system-went-into-read-only-mode-429779/ it seems that the guy has the same problem like me
<lvh> hey, when configuring a bridge interface, do I actually have to set bridge_stl and friends?
<lvh> I thought brctl just used defaults when you didn't
<pmatulis> lvh: that's right
<Ninjix> Ralchev: do you have console access?
<lvh> pmatulis: Which one is right
<Ralchev> Ninjix you mean direct access?
<lvh> pmatulis: It uses sensible defaults or you really need to set it
<Ninjix> Ralchev: yes
<Ralchev> not rly, but I am able to find
<Ralchev> I mean
<Ralchev> it is hard to get ;d
<Ralchev> the serv. is in my office
<pmatulis> lvh: the former (sensible).  you really just need to assign an interface (bridge_ports).  that said, if you have multiple bridges then you may need to set some settings, not sure
<lvh> pmatulis: Nah I just have one
<lvh> pmatulis: Unless, well
<lvh> pmatulis: Unless virtualbox decides to secretly make one when I'm not looking
<Ralchev> http://paste.ubuntu.com/539048/
<Ninjix> Ralchev: you could try using SFTP to copy the /var/log/syslog and /var/log/dmesg and look for clues
<JamesPage> hggdh: Hudson is now showing a full set of correct results (aside from the samba-server test - see note on i386 version)
<JamesPage> hggdh: I've updated the ISO test tracker with this information
<JamesPage> hggdh: we now have three slaves up and running (two permanent) so should burn through quickly next time an ISO is published
<jpds> Thund3rX: SELinux by default?
<JamesPage> hallyn_: are you aware of bug 683700?
<uvirtbot> Launchpad bug 683700 in qemu "tasksel 'Virtualisation Host' fails to install" [Undecided,New] https://launchpad.net/bugs/683700
<hallyn_> JamesPage: no
<JamesPage> hallyn_: thought I might bring it to your attention;
<hallyn_> yes, thank you :)
<hallyn_> i'm in the middle of tearing apart a vmcore, but will look at it in a bit
<JamesPage> hallyn_: np - I think that we have missed the opportunity to fix for Alpha 1 so probably not mega urgent
<hggdh> zul: yes, another serious issue on the test rig. Opened bug 684304 High
<uvirtbot> Launchpad bug 684304 in linux "cciss module does not identify resources" [High,New] https://launchpad.net/bugs/684304
<hallyn_> JamesPage: hm have you been talking to kees at all about it though?
<hallyn_> (as per cjwatson's comment)
<hallyn_> i.e. iiuc it's not a qemu-kvm depends problem, but a msr-tools one
<Ninjix> cemc: We've got a LP bug posted now
<Ninjix> https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/669818
<uvirtbot> Launchpad bug 669818 in qemu-kvm "Update to 10.04 2.6.32-25 as KVM Guest no longer boot" [Medium,Invalid]
<hallyn_> hm.  well, maybe qemu-kvm shouldn't recomment cpu-checker then, since it's also non-kvm qemu
<JamesPage> hallyn_: guess that was my question really :-)
<Ralchev> Ninjix well, i can't connect thru sftp, maybe i will have to reboot it and get syslogs
<hallyn_> JamesPage: i don't even know hwat cpu-checker does, lemme go look at the src :)
<hallyn_> JamesPage: seems to me it should be perfectly safe to make it a Suggests.  woudl that suffice for what you need?
<hallyn_> all righ ti'll just go propose that for merge and let kirkland yell at me if it's wrong
<kirkland> hallyn_: i think it needs to be a recommends
<kirkland> hallyn_: why does someone want to drop it to suggests?
 * RoyK thinks he needs zfs on ubuntu soon
<hallyn_> kirkland: see bug 683700
<uvirtbot> Launchpad bug 683700 in qemu "tasksel 'Virtualisation Host' fails to install" [Undecided,New] https://launchpad.net/bugs/683700
<hallyn_> kirkland: it's bc cpu-checker is now in universe
<kirkland> hallyn_: ah, poke kees about that one
<kirkland> hallyn_: it's him juggling things around ;-)
<kirkland> kees: ^
<hallyn_> kirkland: it just seems a bit heavyweight to basically require it, when using non-accelerated qemu is perfectly legitimate
<kirkland> hallyn_: okay, drop it, and then hang around here and answer all the questions that come up with people asking why their kvm don't worky
<kirkland> hallyn_: all this does is print a warning that tells people that, before they come here to ask
<hallyn_> so if it's suggests, it won't install it by default?
<hallyn_> i wonder if kees is out today
<hggdh> robbiew: ping on UEC issues for alpha1
<robbiew> hggdh: pong
<robbiew> Daviey: kirkland: zul: who typically does the Ubuntu Server UEC ISO testing?
<robbiew> http://iso.qa.ubuntu.com/ doesn't look good for us
<Spirits-Sight> any ideas on a headless / keyless system for server to run latest LAMP / Ubuntu server)  I just want to be able to connect eithernet wire and power and install server to work with dynDNS for IP addresss control
<kirkland> robbiew: team effort, usually
<robbiew> well...we need some "effort" for http://iso.qa.ubuntu.com/qatracker/test/4820 and http://iso.qa.ubuntu.com/qatracker/test/4821 :)
<robbiew> SpamapS: ^^
<hggdh> robbiew: usually I run it
<robbiew> hggdh: ah...
<hggdh> robbiew: but the resources I have (the so-called UEC test rig) are failing to load Natty due to a kernel bug on the cciss module
<robbiew> hggdh: doh!
<hggdh> robbiew: no discs are identified
<Spirits-Sight> any advice I am in the boston USA area "any ideas on a headless / keyless system for server to run latest LAMP / Ubuntu server) I just want to be able to connect eithernet wire and power and install server to work with dynDNS for IP addresss control"
<hggdh> robbiew: so I am stuck -- cannot test it, don't have local hardware to do it
<ZacLnxNewb> Hi.
<ZacLnxNewb> How is everyone?
<hallyn_> JamesPage: do i understand correctly that the intent is for hudson to auto-test http://iso.qa.ubuntu.com/ ?
<hallyn_> (whereas up to maverick we did them by hand)?
<hggdh> hallyn_: this is one objective, yes
<sleepyowl> Hello Everyone, are the package repositories down for intrepid? I can't run sudo apt-get update without getting multiple 404 errors.
<Spirits-Sight> any advice I am in the boston USA area "any ideas on a headless / keyless system for server to run latest LAMP / Ubuntu server) I just want to be able to connect eithernet wire and power and install server to work with dynDNS for IP addresss control"
<mgolisch> sleepyowl: i think intrepid stuff is only on the archive servers
<mgolisch> try old-releases.ubuntu.com
<patdk-wk> sleepyowl, intrepid eol was like a month or so ago
<patdk-wk> so you shouldn't even get updates if you use old-releases :)
<jo-erlend_> Spirits-Sight, you'll have to elaborate. That didn't make much sense.
<patdk-wk> jo-erlend_, sounds like he wants hardware recommendations
<jo-erlend_> yes, I got that, but the details were unclear at best.
<patdk-wk> I didn't even see details :)
<jo-erlend_> Spirits-Sight, dyndns isn't used for "IP address control", but only for name resolutions, pretty much identical to a phone book. The program ddclient is in the repositories and can be installed to update your dynamic dns provider. As to the other questions? Need more information.
<Spirits-Sight> jo-erlend_: I am wanting to buy a server that is good for running a database directory type system and also a minior website, I will run LAMP and want to have a at less two harddrives one for the database and the other for the websites and server.  I would like to be as small but allow at less another harddrive if needed
<jo-erlend_> Spirits-Sight, are you going to house it yourself, or do you want to place it in a colocation center?
<Spirits-Sight> jo-erlend_: true sorry I was not clear I ment for it to be the name resolutions for the two websites that will run off the system
<sstraw> alvin (in response to a circa 6h old query): yes, build-essential, and libc6-dev packages were both installed (although not when I'd initially started, and CPAN issued no complaints about missing libs).  I'd subsequently run 'clean Bundle::CPAN' and retried the install, but no change.
<Spirits-Sight> house my self as right now and for the next year or two it would be cheaper for me to have it my self
<Spirits-Sight> jo-erlend_:  ^^^
<Spirits-Sight> jo-erlend_: I think it would be cheaper
<sstraw> SpamapS: When driving around down in the valley, one can spot quite a number of Barracuda company vehicles - they do those "wrap" deals on, IIRC, PT Cruiser type minivans.
<jo-erlend_> Spirits-Sight, the reason I'm asking, is that servers usually are built using a form factor similar to that of a big pizza box 1U, and taller. You'll probably need that if you want it in a colocation center, but if you're housing it yourself, then you have much more options.
<jo-erlend_> Spirits-Sight, it'll probably be a lot cheaper, and you don't have to depend as much on other people, except for electricity and connection at home, of course.
<sleepyowl> thanks for the responses guys. I was using a official ubuntu ec2 image (ami-5059be39). Does anyone know the ami id of the most recent ubuntu image by change?
<sleepyowl> chance*
<jo-erlend_> Spirits-Sight, but a LAMP server really doesn't require much power, so pretty much any PC you can get your hands on will do the trick.
<jo-erlend_> Spirits-Sight, but why do you need different harddrives for the documents and the database?
<Spirits-Sight> jo-erlend_: its the database that I worry about as its will have over 500,000 listings and it will have to download to server and process files that will go into the database and then update every say 3 months
<Spirits-Sight> just from one source
<Spirits-Sight> I am looking for a small system any advice?
<Spirits-Sight> jo-erlend_: headless system would be best
<patdk-wk> Spirits-Sight, that sounds like a light database load
<Spirits-Sight> really?  the database (foundation) of it is a address/contact systems of entities (non-profits, agency, schools etc)
<jo-erlend_> Spirits-Sight, I agree with patdk-lap. The data might seem enormous to you as a human being, but for a computer and a good database, that's nothing. And any PC can be used as a headless and keyboardless server.
<patdk-wk> the biggest question when it comes, and you won't really know for sure till you have it up and running
<patdk-wk> is how much ram you will need, to get the performance you want
<Spirits-Sight> jo-erlend_: really :-) cool any advice on a very small system that would do the job
<patdk-wk> Spirits-Sight, I would probably go with any dual core system, most likely
<Spirits-Sight> patdk-wk: anymake? any ideas on very small chasie?
<jo-erlend_> Spirits-Sight, Lian Li PC-V354B seems like a good and small chassis for micro-atx. Then you'll need a motherboard, some ram, a processor and some disks.
<Makere> lian li's are awesome
<patdk-wk> ok, I'm like getting into some endless loop here :(
<patdk-wk> I install lucid in a vm, it puts in grub-pc
<patdk-wk> I install linux-virtual, it switchs the system to grub, but doesn't update the mbr, so grub2 still boots, and no kernel updates happen, cause menu.1st is used not grub.cfg
<jo-erlend_> patdk-lap, what kind of VM? Some details?
<Spirits-Sight> jo-erlend_: OK any ideas on already built system?
<patdk-wk> I install grub-pc, and it goes into an endless loop about I didn't select a place to install grub
<patdk-wk> jo-erlend, esx
<patdk-wk> this is the 4th one I had issues with, but this was my first new isntall from scratch, I thought it was just me :)
<jo-erlend_> Spirits-Sight, sorry, no I don't. I always build stuff like that myself. It really isn't difficult.
<Spirits-Sight> jo-erlend_: I done that in the past I was hoping not to have to do it this time :-)
<Spirits-Sight> jo-erlend_: whats is the smallest form factor made?
<cemc> Ninjix: I've updated that bugreport of yours. I've found some strange thing too, is there some way you could verify that?
<jo-erlend_> pico-itx is fairly small, but then you'll also have a lot fewer options.
<patdk-wk> how can I just tell grub2 where to install to?
<jo-erlend_> Spirits-Sight, ^^
<jo-erlend_> patdk-lap, you've read this? https://help.ubuntu.com/community/Grub2
<Spirits-Sight> jo-erlend_: why you say that? what would it limit?   also what you think about this type of system?  http://www.stealth.com/littlepc.htm?gclid=COHYlYqazqUCFUFN5QodBl8dyQ
<SpamapS> sstraw: Yeah barracuda seems to lay the marketing on pretty thick.
<patdk-wk> jo-erlend_, ya, that url doesn't help
<patdk-wk> I just tested it alittle
<patdk-wk> dpkg-reconfigure grub-pc goes into loop on vm
<patdk-wk> but on my real desktop and laptop it gives me a harddrive list
<patdk-wk> ah, no device.map file
<patdk-wk> nope, making device.map didn't help :(
<Daviey> ScottK: Hmm.... clamav update.... i'm pretty sure my configs were working before upgrade...
<Daviey> Setting up clamav-daemon (0.96.4+dfsg-1ubuntu1~lucid1) ...
<Daviey>  * Starting ClamAV daemon clamd
<Daviey> ERROR: Incorrect argument format for option BytecodeSecurity
<Daviey> ERROR: Can't open/parse the config file /etc/clamav/clamd.conf
<Daviey>    ...fail!
<Spirits-Sight> jo-erlend_: would you go with SDD or standrad type drive?
<Spirits-Sight> jo-erlend_: should I say can Ubuntu handle either also?
<uvirtbot> New bug: #684367 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/684367
<Spirits-Sight> jo-erlend_:  you there?
<ZacLnxNewb> hey guys
<ZacLnxNewb> sup?
<ikonia> ubuntu server support is up
<ZacLnxNewb> cool
<uvirtbot> New bug: #684398 in mysql-dfsg-5.1 (main) "mysqld crashes on certain ALTER TABLE queries (MySQL Bug #31145)" [Undecided,New] https://launchpad.net/bugs/684398
<uvirtbot> New bug: #684399 in samba (main) "package winbind 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/684399
<uvirtbot> New bug: #684418 in clamav (main) "package clamav-milter 0.96.4 dfsg-1ubuntu1~lucid1 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/684418
<air^> hello.
<air^> got an ubuntu-server running, pretty basic headless server.
<air^> it's gonna have ssh open to extranet. what's the recommended precautions to take?
<ikonia> ok
<ikonia> install ssh
<air^> got ssh installed.
<ikonia> it's that simple
<air^> and that's the only port I got open in my fw (apple timecapsule)
<ikonia> ok
<air^> I was considering something like fail2ban, or similar, to ban any script kiddies, etc.
<ikonia> on your extranet ?
<air^> er. s/extranet/internet
<ikonia> well you can use tools such as fail2ban, no problems with that
<air^> maybe I could simply deny all except a few known hosts.
<air^> that should make things pretty simple.
<ikonia> you could do that with iptables or tcp_Wrappers
<air^> or just by using hosts.deny / hosts.allow ?
<ikonia> that is tcp wrappers
<air^> ah. ok. :)
<guntbert> air^: set up key based login
<air^> so, basically, I'll put ALL: ALL in hosts.deny, then allow the ip's I want in hosts.allow?
<air^> guntbert: I do in fact use keys already, so maybe I should disable passwd login
<guntbert> air^: that was my point
<air^> ok, checking sshd_config
<air^> PremitRootLogin should probably be set to no.
<resno> hello all
<elasticdog> does UEC not use the front-end machine's /etc/eucalyptus/eucalyptus.conf file to configure the available IP address pool?
<resno> i was checking my "messages" log and say a repeating error msg about my drive. "hard restting link" http://dpaste.com/282363/
<air^> guntbert: ok. password set to no, and confirmed working. :)
<resno> hey air^
<air^> hey
<elasticdog> http://pastie.org/1342671 is what I put in there (and the VNET_DNS), but even with restarting everything, available IPs don't seem to change
<air^> resno: not that I know anything about your issue, but first google result points to disable some write cache to fix it.
<guntbert> air^: just don't worry about brute force attempts...
<air^> guntbert: ok. sure. maybe it's good enough to simply not allow password logins.
<guntbert> air^: on the servers I manage it is...
<resno> air^: what did you you google? im havne tbeen getting much of anything useful
<air^> resno: http://www.google.fi/search?sourceid=chrome&ie=UTF-8&q=ata+hard+resetting+link
<resno> air^: thanks :)
<air^> np :)
<air^> resno: another of those says issue was a faulty power supply.. might you be overloading your?
<jcastro> kirkland: so they descoped Places a bit and ideas for byobu Places do not make sense anymore.
<resno> air^: heh, i just read that. and i hope not causes its new and fairly large
<air^> guntbert: ok, thanks. It will probably do just good for me as well :)
<jcastro> kirkland: however, I think a manpages.u.c Place would  be totally awesome
<jcastro> https://wiki.ubuntu.com/Unity/Places/Ideas
<resno> air^: well, i routed out the psu. this error occured way ebfore i got the new one....
<air^> resno: which version of ubuntu? what hw?
<resno> air^: 10.04 lts. and i believe the error refers to my WD green drive
<air^> oh. teh green ones.
<resno> how can i check which drive is ata4?
<resno> air^: you no likey?
<air^> try " cat /proc/scsi/scsi "
<air^> at least my drives show up there :)
<resno> that listed the drive... but i dont see an ata 4 anywhere
<resno> i dont even see a 4 anywhere
<resno> the hosts are scsi3
<resno> air^: let me mention one other thing, i am running this through a pci to sata card
<resno> which could entirely be the problem
<air^> yeah, might be.
<resno> when im doing heavy hdd stuff, the io jumps and i dont like the setup at all.
<resno> soonish ill need to move to something better
<resno> ha, i couldnt figure out why everything on google was in a different language air^
<air^> :D
<resno> silly me
<kirkland> jcastro: okay;  go for it
<eriksson26> Hi, anyone it that is good at mdadm. I created my second array, but it didnt get added in the mdadm.conf so when I rebooted the computer it isnt there. Hod do I reactivate it?
<patdk-lap> normally just pick any drive and tell mdadm to activate it
<patdk-lap> and it should find the other drives
<eriksson26> patdk-lap> How do you meen? I have it md1 added in fstab. How do I activate md1?
<eriksson26> I have two md arrays, and I only want to activate md1, not md0
<patdk-lap> mdadm --assemble --scan --verbose /dev/md1 /dev/sd? /dev/sd? ....
<uvirtbot> New bug: #684451 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/684451
<ikonia> mdadm --build ?
<patdk-lap> that is for very very old arrays
<ikonia> very old ? it's just for arrays that you don't want to use existing meta data for
<eriksson26> I jsut have to find what disk was in the array...
<patdk-lap> ikonia, Build a legacy array without superblocks.
<patdk-lap> all the arrays I have made for several years now have superblocks
<patdk-lap> eriksson26, try blkid
<patdk-lap> it might help
<eriksson26> Its just that I got 18 disks, devided up in two arrays, and the last one I created but its information didnt get included in the .config
<eriksson26> But I will sort it out, its ok.
<fluvvell> what network interface is a virbr0  ?
<jiboumans> what tool can i use in a script to partition a drive on a vanilla ubuntu server ec2 install? i basically want to take a device (say /dev/sdf) and put one partition on it, which i'll subsequently format as ext3. fdisk only seems to let me do this menu based, so it's not easily scriptable. thoughts?
<patdk-lap> eriksson26, try mdadm -Ebsc partitions
<patdk-lap> it will scan all drives and tell you what they where setup for
<patdk-lap> jiboumans, use parted
<jiboumans> patdk-lap: taking a look, thanks
<eriksson26> patdk-lap I got two arrays, with number of devices and uuid.
<eriksson26> Running the --assemble I just got not identified in config file for all /dev/xxx
<eriksson26> Oki, got it half way. added the string, from mdadm -Ebsc partitions, to the mdadm.config
<eriksson26> But then I got problem, it got assebled with only 4 out of 5 disks.
<ScottK> Daviey: Please file a bug with your config details.  I didn't see that in testing.
<eriksson26> When I rin, cat /proc/mdstat the missing disk is under its own md_d1 that I have never created.
<eriksson26> Anyone recognice this problem?
<osmosis> i just installed the latest kernel using apt-get, but its not in my /boot/grub/menu.lst.  update-grub isnt helping either.  why isnt it being detected?
<osmosis> when i run update-grub, it shows the new kernel, but it still doesnt end up in the /boot/grub/menu.lst
<patdk-lap> osmosis, probably cause your using grub.cfg
<osmosis> patdk-lap, its 8.04.4, grub 0.97 ...but good guess.
<jiboumans> patdk-lap: for future reference, parted doesn't work on ebs volumes as they're not real scsi devices and xen is doing 'funny business' with them. looking into sfdisk now
<patdk-lap> jiboumans, ah heh :)
<patdk-lap> I am not sure I ever used parted on a xen system
<fluvvell> Is it possible to backup samba users/password tables and restore during a bare-metal recovery?
<fluvvell> eriksson26, Ive seen it
<patdk-lap> osmosis, not sure :(
<osmosis> patdk-lap, i killed the existing menu.lst  and replaced it with a default. then ran update-grub, fixed.
<patdk-lap> probably a bad edit or something in the file
<osmosis> patdk-lap, i would think it would have thrown an error then.  might have something to do with "package maintainer has a new version of menu.lst" msg.
<fluvvell> eriksson26, I got around it by setting up the raid partitions using a live distro with mdadm installed , then activating the raid array during the install later.
<fluvvell> eriksson26, I created the partitions with fdisk.
<fluvvell> eriksson26, I think it means your /etc/mdadm/mdadm.conf file is not set up
<eriksson26> mm, I found something about it googeling, Think I fixed it but wount know untill tomorrow. when the owner reboots it. I am doing it over remote desktop
<fluvvell> eriksson26, well it happened to me last time I built a 10.04 server from scratch, I discovered the install process is broken for making raid arrays. This time, I created the partitions seperately and then assembled them during the install
<eriksson26> mm, I had it working perfectly, then I rebooted the server but the info wasent in the .config so I got this problem trying to do it manualy. But I will just reboot it with a corect .config and I hope it works beter.
<osmosis> patdk-lap, argh..oops, now my grub is broke
<patdk-lap> fun
<baggar11> eriksson26: I just went though this stuff with mdadm
<baggar11> eriksson26: looks like you need to --stop /dev/md_d1 to get that missing disk back into the other assembled array
<eriksson26> baggar11, I did that and fixed the .config file. Did you need a reboot or could you activate it manualy?
<baggar11> activate as in assemble the missing peice?
<baggar11> of your array?
<baggar11> once I released that md_d1 disk from that [md device], then I could use it in another array with no problems
<baggar11> for rebooting, you'll want to run mdadm --scan --devices >> /etc/mdadm/mdadm.conf
<lvh> VMBuilder.exception.VMBuilderUserError: Invalid suite: "maverick". Valid suites are: dapper gutsy hardy intrepid jaunty karmic lucid
<lvh> Wait, is that normal?
<lvh> I'm running maverick
<lvh> https://help.ubuntu.com/10.10/serverguide/C/jeos-and-vmbuilder.html
<lvh> says --suite maverick is fine
<lvh> https://bugs.launchpad.net/ubuntu/+source/ubuntu-vm-builder/+bug/654656
<lvh> aha, okay
<uvirtbot> Launchpad bug 654656 in ubuntu-vm-builder "ubuntu-vm-builder in maverick does not build maverick VMs" [Undecided,New]
<lvh> right
<ZAHER> which kernel model I need to run iptables under openVS
<lvh> creating a new VM doesn't actually work
<lvh> http://bpaste.net/show/11879/
<lvh> E: Failed getting release file http://archive.ubuntu.com/ubuntu/dists/maverick/Release
<lvh> Doesn't appear to have an internet connection
<lvh> but no idea why
#ubuntu-server 2010-12-03
<sako> hey all, so i have a .deb that i would like to package up for ubuntu 10.04 and put it up on my launchpad ppa
<sako> what are the steps i would have to take?
<sako> i looked at the packaging docs, seems like everything is written for packaging from the groun up
<osmosis> any ideas how to fix this kvm issue? pci_add_option_rom: failed to find romfile "pxe-rtl8139.bin"    Could not initialize SDL - exiting
<tarvid> securitymetrics complains about apache and openssl versions. Just upgraded to 10.04.1 and that won't do the trick. How to I get current versions of Apache and openssl?
<patdk-lap> tarvid, as long as your upgraded, your ok
<patdk-lap> it's saying the patch is in the new version, but ubuntu back ported the patch to the lucid version
<tarvid> securitymetrics only looks for the version
<patdk-lap> yep
<tarvid> how about maverick?
<patdk-lap> same issue
<patdk-lap> your always going have the same issue, unless you run a really bleeding edge version that is unstable
<tarvid> so how do I make them go away?
<patdk-lap> this is why they make a comment field, and you type in, patch backported, ignore
<tarvid> I don't think that will avoid the failure notices to my customer
<patdk-lap> then your going have to go bleeding edge
<patdk-lap> or teach them about backported patchs
<tarvid> the customer probably won't be impressed. SecurityMetrics either
<patdk-lap> hell, I all the people that use rhel know abut it, their whole distro is designed around backported everything
<patdk-lap> years out of date
<patdk-lap> actually, sounds like your being annoying here
<patdk-lap> I have never had a auditor have an issue
<patdk-lap> as long as you point to the CVE patchs
<patdk-lap> maybe you want to use gentoo? or debian unstable?
<patdk-lap> though, I don't believe there is currently a debian unstable
<tarvid> Ooooo, I've done Gentoo. I am too old for that.
<tarvid> I'll try pointing them to the package listings and if that fails, look for the version numbers and patch the binaries
<tarvid> them being the auditor
<patdk-lap> you could always be annoying
<patdk-lap> and remove the version number from the apache id :)
<patdk-lap> so it doesn't advertize it
<tarvid> I try
<tarvid> This has been one of those days. ftp-passive til about 4 and now openssl and apache
<tarvid> Not good for ones equanimity
<tarvid> You probably know the answer to this morning's question - is ftp connection tracking on be default? I found no way to turn it on like we used to
<lvh> when configuring a bridged interface, I should give it a static IP in the same range as my physical card but a different IP, correct?
<pmatulis> lvh: treat the bridge like a normal interface.  forget about the physical card (no ip there)
<lvh> pmatulis: Well, I gave it an IP in the same range as the physical card and networking didn't actually work
<lvh> (see paste)
<lvh> 00:56 <lvh> http://bpaste.net/show/11879/
<lvh> works with or without the proxy
<lvh> (sorry, *fails* with or without the proxy)
<GeekyAdam> hi all. i need to install 32bit compatibility libraries for 64bit ubuntu server. is it as easy as a "apt-get isntall <package name>"?
<smoser> GeekyAdam, ia32-libs
<GeekyAdam> smoser: i was looking at libc6-i386 (GNU C Library: 32-bit shared libraries for AMD64). wrong answer?
<tarvid> patdk-lap, thanks for your advice, giving up for the day, back at it tomorrow
<twb> A correct solution for biarch requires dpkg3.  ia32-libs works by simply providing 32-bit versions of a handful of libraries "because they're the ones you probably want".
<qman__> GeekyAdam|zzZZ, ia32-libs is a metapackage which contains several libraries for that purpose, and probably contains the one you mentioned
<uvirtbot> New bug: #656646 in cloud-init (main) "transient network/keyscan issues" [Low,Confirmed] https://launchpad.net/bugs/656646
<databits> I just registered my domain, and when I surf to "mydomain.com" I'm getting the godaddy pop up, but if I surf to "www.mydomain.com" it is directing to my server.  does anyone have any idea what the issue is ? I want to be able to open up my site by typing mydomain.com
<twb> databits: you have no A record for the domain itself.
<twb> That and your ISP is a jerk
<databits> I have an a record
<databits> my a (host) is under host it says @ and points to my ip
<twb> Also, you don't own mydomain.com -- it was registered in 2000.
<databits> then under the cname I see host "www" and under points to it says @
<RoAkSoAx> clear
 * datz finds twb's humor humorous
<jgould> Looking for some help with NFS configuration
<kaushal> hi
<kaushal> I installed linux-image-server on 10.10 how do i make it default kernel ?
<databits> I need to get a good imap server going on my server
<databits> does anyone have any suggestions for a good imap server ?
<twb> databits: the ubuntu server guide describes dovecot, iirc
<databits> I found a decent one.
<databits> twb: what is the command to check system resources used.
<twb> That depends on the resource
<databits> I'm ssh'ed into my server and it is laggy as hell.  I'm trying to figure out what is causing it
<twb> Probably network I/O
<databits> well I'm 144 mbit wireless to the router, and it is hardwired to the router
<databits> their should be no issue lol
<twb> I don't know how to check that, except perhaps indirectly with netstat -nap, uptime (for load), iostat
<databits> I have never had a problem now it just started out of the blue
<databits> isn't their a way to check the processor load ?
<twb> Yes, uptime
<databits> what is the command ?
<twb> It's caleld the "load average".
<twb> databits: uptime
<databits> thanks
<databits>  03:34:58 up 2 days,  2:20,  2 users,  load average: 0.08, 0.10, 0.13
<databits> hmmm their should not be another user logged on
<twb> "The system imposes a maximum of 3 samples, representing averages over the last 1, 5, and 15 minutes, respectively."
<databits> or could that be my webserver ?
<twb> databits: I don't know; I'm not on your network
<twb> databits: now check the I/O load.
<databits> how do you check to see which user's are logged on ?
<twb> databits: w or who
<JanC> the number of "users" is actually the number of login sessions
<databits> USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
<databits> root     pts/0    192.168.1.114    01:46    1:46m  0.31s  0.31s -bash
<databits> root     pts/1    192.168.1.114    03:24    0.00s  0.26s  0.00s w
<databits> hmmm that must have been another putty window that I closed out
<twb> databits: don't log in as root
<databits> I'm installing some stuff right now
<twb> That is no excuse.
<databits> how do you kill a user's session ?
<twb> pkill -u fred
<twb> Or just yank the power cable out
<twb> Depends how much they're annoying me
<JanC> databits: if you log out it should stop the session
<databits> I wanted to kill the other root session
<databits> I'm logged in as another account now
<twb> pkill -u root is probably going to shit your whole system
<twb> Don't do that
<databits> ok now how do you check the io load ?
<twb> 19:31 <twb> I don't know how to check that, except perhaps indirectly with netstat -nap, uptime (for load), iostat
<JanC> iotop is nice too
<JanC> databits: also check memory
<JanC> if your memory is full and the system is swapping constantly...
<databits> how do you check the memory ?
<twb> Bah
<databits> iotop checks disk read and writes
<twb> databits: ps
<JanC> iotop also shows swaping
<twb> Technically I think the term is "paging"
<twb> But TUIs are for wimps
<databits> dosn't look like anything is swapping
<databits> does anyone know of a command that will bring up a reading of my network bandwidth like iotop or iostat ?
<databits> JanC: how do you check the memory ?
<JanC> if you aren't swaping, memory is not an issue
<JanC> but the basic command to see memory usage is 'free'
<databits> JanC: thanks
<databits> well darn... now my webserver just went down lol
<JanC> eh
<databits> everything went down lol
<databits> probably that kicking the root off eh lol
<databits> this is really bothering me why my ssh is so laggy
<databits> it has never been like this
<twb> Probably you're running phpbb or something and someone already rooted it
<databits> twb: what do you mean ?
<databits> darn I can never remember how to start alot of this stuff ... I need to write a startup script to start all my services lol
<twb> What I mean is "grumble, darn kids with their insecure PHP crap, get off my lawn"
<JanC> phpbb isn't as bad as in the past anymore, I think?
 * JanC also remembers the times when they got security fixes every couple of weeks  ;)
<databits> restarting to see if this will fix any of my issues
<twb> JanC: all I bother to remember is "PHP is created by retards for retards, if you deploy anything written in it you WILL be compromised.  Film at 11"
<twb> Having a high barrier to entry is a *good* thing -- it keeps the riffraff out
<databits> w
<JanC> twb: when talking about necessary barriers; somebody just asked me "what software do I need to install to start a hosting company"...  ;)
<twb> JanC: cpanel and a paypal gateway
<twb> >duck<
<databits> hmmm still having major lag
 * RoyK += 0xc0ffee
<binBASH> rofl twb :D
<databits> ok wow I feel like a retard trying to figure this cyrus imapd out :)
<databits> can someone help me out ?
<beerpages> Erstelle dir deine eigene Umfrage - Beispiel: http://www.beerpages.de/view/2H/Anti-%22Die%20%C3%84rzte%22%20Kampagne
<databits> anyone alive ?
<databits> working on getting cyrus working with postfix
<databits> I'm pretty close to getting everything up and running by when I use the cyradm to create mailboxes
<databits> it is just hanging up, and is stating that it is not able to connect to the server
<databits> I'm able to telnet to port 25 on the localhost though.  kinda stumped here
<databits> nevermind I got it
<databits> damn I'm getting good at this stuff heheh I can't remember command's worth a crap but I'm getting better :)
<maedox> Subversion via Apache delivers .pdf in firefox as text/plain instead of application/pdf or octet-stream. Anyone with tips on how to fix it? Tried some of the things Google gives me with no results what so ever.
<databits> maedox: what is the command to run multiple shells on one ssh session
<databits> I want to run multiple command prompts
<databits> in one shell
<maedox> My issue is only with firefox it seems. What the h***. All PDFs work fine with Chrome and IE.
<maedox> databits: I don't understand the question. What exactly are you trying to do?
<databits> I wanna be able to switch between two cli prompts in the same windows
<eriksson26> Anyone that can help me readd a disk to a mdadm raid? it says removed, and is counted as preferred minor. But it nothing wrong with it.
<SlimG> How do I make sshd start _after_ network on boot, reason: sshd won't autostart on boot if I set ListenAddress to a address
<maedox> SlimG: set it to depend on network.
<databits> instead of running to putty window's I want to just use the same screen and use a command to switch between windows
<SlimG> maedox: How do I do this?
<maedox> databits: byobu or screen might help you.
<maedox> SlimG: I'm not exactly sure, but it should be in the upstart docs.
<SlimG> thanks maedox
<databits> maedox: thanks bro
<databits> maedox I have 4 screen created lol I'm trying to figure out how to close and switch between the different screen's lol
<xperia> hello to all. does anybody know a step by step guide for how to install and run urchin on a ubuntu server ?
<trapmax> any good printed books about apache / ssl techniques?
<ScottK> Daviey: Did you get your clamav question sorted?
<RoyK> hi all. I'm setting up a test machine here now to do a comparison between OpenIndiana and zfs-fuse on ubuntu. This is not fair, but I want to see the numbers. Does anyone know a good and preferably easy-to-use/automated disk benchmark suite, preferably one that can show the results as pretty graphs...
<popey> RoyK: bonnie++ ?
<RoyK> popey: what about the graph part?
<popey> http://www.linux.com/archive/feature/139743
<popey> that was the result of me typing "bonnie++" into google.
<zealiod> the following works fine for limited an IPs download, but does nothing to the upload... what am i missing? http://www.nomorepasting.com/getpaste.php?pasteid=35053
<uvirtbot> New bug: #684685 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/684685
<Daviey> ScottK: With Alpha 1 work, being patch pilot and some other stuff i've been having to do - i haven't had a chance to reproduce it
<Daviey> sorry
<zul> mmmmmmm......donoughts
<Ninjix> coffee....
<trapmax> beer
<Ninjix> scotch
<trapmax> raised fist gig in 5 hrs
<uvirtbot> New bug: #683828 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/683828
<uvirtbot> New bug: #683958 in quagga (main) "Upgrade quagga in lucid" [Medium,Confirmed] https://launchpad.net/bugs/683958
<smoser> jdstrand, you want to sponsor bug 43574 ?
<uvirtbot> Launchpad bug 43574 in server-papercuts "Needs Ubuntu-style init script" [Wishlist,Fix committed] https://launchpad.net/bugs/43574
<smoser> the fix is there.
<jdstrand> smoser: I'd be happy to if you ack the fix. there was a question from you and a response from Dan DeMaggio that went unreplied
<jdstrand> heck, if you ackd it I'd even upload it :)
<smoser> i don't really see the question .
<smoser> the upstart jobs provides equal functionality to the sysvinit job
<smoser> we can open another bug for "should support respawn"
<doko> smoser: who cares about the cluster stuff within the server team?
<smoser> RoAkSoAx,
<jdstrand> smoser: is the workaround in comment #5 ok? if so, can you ack it in the bug?
<doko> RoAkSoAx: ping
<smoser> i dont know if hte workaround in comment 5 is ok or not
<smoser> i'd have to test
<jdstrand> me either
<smoser> ok. i'll try really quick
<jdstrand> smoser: since it is a server papercut and assigned to you, I was just trying to drive the bug to conclusion
<jdstrand> smoser: thanks
<smoser> it shoudl hvae gotten in
<smoser> just was missed
<smoser> and then it was too late to get into maverick
<smoser> it is ready
<smoser> i'll test the respawn suggestion and comment
<jdstrand> smoser: if you could attach a debdiff/update the merge so I can upload exactly what you are acking, that would be fantastic
<smoser> i'll update the merge
<jdstrand> smoser: thanks! :)
<jdstrand> smoser: and I hope you didn't think I was being testy in the bug with the "Won't Fix" comment. it wasn't clear from the bug what the intention was wrt this feature, and I hate extremely old bugs that noone plans on fixing :)
<smoser> oh, i think you're a real jerk, jdstrand, but not only for that :)
<jdstrand> smoser: back atcha babe
<jdstrand> :)
<banker247> anyone know about webinar solutions for ubuntu similar to gotomeeting?
<patdk-wk> banker247, I have used several that work on my system
<patdk-wk> none of the open public ones though
<patdk-wk> but hp's works, and so did some other company's
<banker247> patdk-lap, whats the pricing?
<patdk-wk> pricing? it's for hp support staff to talk to you :)
<patdk-wk> it's not open :)
<patdk-wk> I wish I could remember that other company's name though, cause they where using someone else to provide it, so you could buy from them
<patdk-wk> but can't remember, been several months
<patdk-wk> oh I know now :)
<patdk-wk> it was a microsoft webinar product
<patdk-wk> suprised the crap out of me
<patdk-wk> but it was completely java based, so it worked fine
<uvirtbot> New bug: #649833 in cloud-init (main) "uec images motd suggests tasksel, but tasksel not installed" [Medium,Fix released] https://launchpad.net/bugs/649833
<tomsdale> What should be the name in a  MX record? I have this data and it doesn't work. mail 	70.38.122.58 	MX. Should it be the full domain name instead of mail?
<patdk-wk> mx records should always have a valid dns name, ip isn't valid
<patdk-wk> example.com MX 10 mx.example.com
<patdk-wk> mx.example.com A ip-of-mx-server
<hggdh> kirkland: can you give me the euca2ools tests?
<tomsdale> ok thx patdk-wk, let me try this
<b0gatyr> greetings
<tomsdale> it works, thx again. So for the record you need a chain. MX record domain.tld points to A record and A record points to IP.
<patdk-wk> tomsdale kindof
<patdk-wk> MX record points to name, and the name returns normally A or AAAA
<patdk-wk> and/or
<patdk-wk> hell, it can even return 100 A's if it wanted to :)
<hggdh> soren: thank you for commiting the autobuilder changes, I had forgotten
<jdstrand> smoser: fyi, I'm done patch piloting for the day. feel free to ping the patch pilot (see '/topic' in #ubuntu-devel) if another pilot doesn't pick up the xinetd changes
<smoser> jdstrand, well, i just pushed the branch
<jdstrand> smoser: (I think the next one will be available on monday)
<smoser> if you want to ...
<smoser> lp:~smoser/ubuntu/natty/xinetd/bug43574
<arrrghhh> is there any way to speed up forwarding X apps over ssh?  they are dog slow, even on my LAN.  I'm not at home right now, and they are painfully slow...
<jdstrand> smoser: I've got a meeting in a few and AA duties. I'll try to get to it though. If I can't, please don't hesitate to ask an on duty pilot
<jdstrand> smoser: and thanks for your work on it! :)
<robbiew> Daviey: SpamapS: either one of you interested in covering Server in the release meeting?
<uvirtbot> New bug: #684804 in cloud-init (main) "cloud-init should fetch image-data as well as user-data" [Undecided,New] https://launchpad.net/bugs/684804
<[diablo]> afternoon all
<[diablo]> anyone know why I can not do an nfs import on a Ubuntu Server 10.10 KVM guest please
<[diablo]> fails everytime
<gravyface> grabbed the latest 10.04lts AMI image for EC2; have tried several keypairs I've generated, along with several usernames (root, ubuntu, ec2-user, etc.), but still getting publickey denied when SSHing in.
<[diablo]> do the virtual kernel support NFS?
<zul> hggdh: ping are you going to be using the testrig this afternoon?
<hggdh> zul: no, all yours. But be aware of bug 684304
<uvirtbot> Launchpad bug 684304 in linux "cciss module does not identify resources" [High,New] https://launchpad.net/bugs/684304
<veovis_muaddib> I have awesome set in my .xinitrc, now how do I get x to start with ubuntu server?
<veovis_muaddib> This upstart seems so complicated when I'm used to inittab
<zul> hggdh: *sigh*
<[diablo]> damn, that is annoying ... no NFS kernel module in virtual
<[diablo]> have to use stock
<hggdh> zul: plus Ã§a change, etc
<hggdh> zul: we need to discuss SRU tracking
<hggdh> smoser: we need to discuss EC2 testing & QA ownership
<hggdh> kirkland: I need the euca2ools tests
<smoser> hggdh, we can discuss whenever.
 * hggdh /msg smoser so, what do we need to do?
<veovis_muaddib> I have awesome set in my .xinitrc, now how do I get x to start with ubuntu server?  This upstart seems so complicated when I'm used to inittab...
<veovis_muaddib> Whoops, meant to post to #ubuntu since this channel seems pretty dead right now
<ish10> hey guys i have 22 clusters, and i dont have a NAS, i wanted to share 1 machines hard disk on all the machines to get a shared drive. Is that possible? and how?
<arrrghhh> ish10: are they all on the same LAN?
<ish10> arrrghhh, yes they are
<Psi-Jack> Is anyone here knowledgable with LVS routing techniques? If so, I need to pick your brains for a few on a problem I'm trying to solve.
<arrrghhh> ish10: samba if the clients are windows, nfs if you're all linux.
<Psi-Jack> I know, I'm asking to ask, but it's a topic that is less well-known than other simpler topics.
<resno> is lvm a format similar to how ext3 and ext4?
<resno> or is lvm a total different concept?
<resno> for instance can i format it lvm and ext4? or is it either or?
<resno> ok, im adding a new hard drive and am curious if ishould have installed lvm
<arrrghhh> resno: do you know what LVM is?
<blistov> Can someone point me in the direction to a how to to setup a dhcp3 server which automatically updates dns?
<resno> arrrghhh: i do.
<arrrghhh> resno: ok... then what's the problem?
<squidly> anyone have issues with generating ssh-keys keys with passphreases and not able to use them to login into a server?
<arrrghhh> squidly: nope... do you have the key on the server?
<blistov> I've got it set up the way I think it should work, but getting the error "dhcpd: if pfSense.test.com IN A rrset doesn't exist add pfSense.test.com 900 IN A 192.168.1.22: timed out.
<squidly> arrrghhh: yea.. my this generated key keeps giveing me white space errors and what not
<arrrghhh> blistov: https://help.ubuntu.com/community/dhcp3-server
<arrrghhh> squidly: not sure what you mean by that..
<squidly> debug3: Not a RSA1 key file /home/cvantassle/.ssh/id_rsa.
<squidly> debug2: key_type_from_name: unknown key type '-----BEGIN'
<squidly> that
<resno> arrrghhh: im not sure. im found something im reading at the moment
<arrrghhh> blistov: looks like you have a bad value in there.  you just point it to your DNS server.
<arrrghhh> squidly: have you checked that file?
<squidly> arrrghhh: i'm not sure what it's supposed to look like..
<arrrghhh> squidly: the file should be "authorized_keys"
<arrrghhh> i don't know if the name is important, i think it is.
<squidly> arrrghhh: that is from my ssh client
<arrrghhh> and it should just have ssh-rsa and a bunch of jibberish after it that is the key.
<arrrghhh> squidly: i'm talking about the server.  the server has to have the key in order to work...
<squidly> for the public or the private?
<blistov> arrrghhh, Which option do you think it is?  Been fighting with this all morning.
<squidly> arrrghhh: the server does have the key public key
<arrrghhh> squidly: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<arrrghhh> blistov: i'd have to see your dhcp config.
<arrrghhh> blistov: but as always, if you don't know what an option does it's probably best to not enable it :P
<blistov> arrrghhh, http://pastebin.ca/2009779
<blistov> arrrghhh, yea, the config is pretty lean right now.
<arrrghhh> blistov: why do you have the DNS as the loopback?
<arrrghhh> 127.0.0.1 as the domain-name-server?!?
<arrrghhh> look over that doc i sent
<arrrghhh> http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBMQFjAA&url=https%3A%2F%2Fhelp.ubuntu.com%2Fcommunity%2Fdhcp3-server&rct=j&q=dhcp%20server%2C%20ubuntu&ei=vy35TPqIF4WglAfc26DhBw&usg=AFQjCNEfxPMjBxTV8ndJGxMk1RKX4BPkfQ&cad=rja
<arrrghhh> damnit
<arrrghhh> https://help.ubuntu.com/community/dhcp3-server
<blistov> arrrghhh, Mudunno.  I just noticed that the dns was overridden in a few lines later, with 10.0.0.10
<blistov> switched that to 192.168.1.1 and now I'm closer.  Permission errors updating the test.com.jnl
<blistov> arrrghhh, named[1404]: /etc/bind/test.com.zone.jnl: create: permission denied
<arrrghhh> blistov: did you read that doc?
<arrrghhh> lots of good examples in there.
<blistov> arrrghhh, The dhcp3-server doc?  Yes. No reference to updating dns though.
<arrrghhh> you point the dhcp server to your dns server...
<blistov> arrrghhh, yea, it was pointed correctly.  Turns out the /etc/bind directory was not writable by bind group.
<arrrghhh> ah
<arrrghhh> that'll do it
<blistov> arrrghhh, chmod 774 /etc/bind and is working now.
<blistov> Thanks for you help man.
<arrrghhh> np.  don't think i helped any, but hey :P
<blistov> arrrghhh, ah, pointed me in the right direction :)
<arrrghhh> :D
<uvirtbot> New bug: #684874 in rabbitmq-server (main) "Merge rabbitmq-server 2.2.0-1 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/684874
<blistov> arrrghhh, One more question.  Lookups from the default root servers in db.root are very slow (to the point of timing out on the first attempt).
<blistov> arrrghhh, Any idea why this may be?
<arrrghhh> i'd trace the network traffic
<arrrghhh> see where you're having slowness.
<blistov> arrrghhh, the first request seems to be going out to 192.168.1.254 ??
<blistov> Once that times out, it completes immediately with the first ns in db.root
<arrrghhh> you've got an error in your config somewhere
<arrrghhh> probably in you dns config, not sure.
<arrrghhh> or in you dhcp config, where it's pointing your dns to
<bluethundr_> so what do you do when your apt repo 404's? http://pastebin.ca/2009805
<arrrghhh> bluethundr_: can you ping us.archive.ubuntu.com?
<bluethundr_> arrrghhh, yep!
<arrrghhh> bluethundr_: hrm.  1 sec.
<patdk-wk> how can I fix a server to boot, without a network card, when I have a nfs in fstab?
<patdk-wk> it just hangs forever in mount.all
<uvirtbot> New bug: #684879 in bacula (main) "package bacula-director-mysql (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/684879
<arrrghhh> bluethundr_: that doesn't exist... i don't know why it would direct you to something that doesn't exist tho.
<arrrghhh> bluethundr_: i would just grab a deb that does exist for your setup, once you have libldap2-dev installed it shouldn't complain about the dependency.
<bluethundr_> arrrghhh, actually an aptitude update -y seemed to take care of it
<bluethundr_> sorry for the alarm :)
<arrrghhh> lol
<arrrghhh> ok
<bluethundr_> heh
<bluethundr_> thanks for the input regardless!
<arrrghhh> needed to refresh your repo's :P
<arrrghhh> not sure why that wasn't my first conclusion, d'oh.
<bluethundr_> so it would seem
<bluethundr_> me neither lol
 * arrrghhh should've known that.
<resno> is there a way to provide dead drive resistance to lvm?
<resno> data parity? i think its called
<arrrghhh> resno: don't think so... you'll need raid on top of lvm.
<resno> well then
<arrrghhh> http://www.gagme.com/greg/linux/raid-lvm.php <---- see the "Initial set of LVM on top of RAID"
<zul> hggdh: do you want to discuss SRU stuff on monday?
<hggdh> zul: deal
<hggdh> zul: and daily VCSs
<zul> hggdh: sure
<lvh> I'm trying to use virt-manager to connect to a remote KVM/QEMU virtual machine over SSH. However, that appears to want to use root access, and root logins are disabled on that machine. Is there a way to instruct virt-manager to use sudo instead of root? virt-viewer -c qemu+ssh://lagavulin.local/system MongoDB, the only problem is I can't figure out how to tell virt-manager to use my normal user.
<lvh> virt-manager would be better since I still need to set stuff such as networking
<resno> arrrghhh: thanks, ill take a look at that.
<blistov> Is there any way I can bypass doing external dns on my server and instead just tell clients to use 8.8.8.8 ?
<arrrghhh> blistov: yea, just specify that in the dhcp settings or manually configure the clients.
<blistov> arrrghhh, thans.
<blistov> thanks.
<blistov> Now I just figure out how to turn off external dns resolution on the server and I'm set.
<blistov> dns order is now 192.168.1.1, 8.8.8.8
<blistov> Would work fine except that 192.168.1.1 is trying to do external resolution as well ...
<arrrghhh> hrm.
<arrrghhh> blistov: sorry i'm not a dns expert, i know enough to be dangerous...
<panfist> is it possible to get a list of packages which i have selected for manual installation?
<databits> how do you switch between screen's in the "screen" program ?
<panfist> C-a then the number of the screen
<panfist> the first one is 0
<uvirtbot> New bug: #684875 in linux (main) "Patch to Natty 2.6.37-virtual breaks non-EC2 users" [High,Confirmed] https://launchpad.net/bugs/684875
<baggar11> databits: or (C-a + C-a), or (C-a + ")
<xperia> hello. i have big problem here with php and database. have this error message here in the logs.
<xperia> [Fri Dec 03 19:38:49 2010] [error] [client 192.168.1.1] MDB2 Error: not found (-4): [Error message: extension sqlite is not compiled into PHP]\n
<xperia> does anybody know how i can fix this problem ?
<pmatulis> xperia: missing package?  investigate: 'aptitude search php | grep sqli'
<zamarax> hello, I have a script to launch some PID files for a t38modem, I placed this in /etc/init.d/, made it executable, and added a symlink to /etc/rc0.d/ but still it refuses to launch on boot, any idea's?
<databits> when I press C+a it is just cycling through the last two screen's.  it does not alow me to put a screen number in
<pmatulis> zamarax: use rc2.d instead
<pmatulis> zamarax: 0 is for halting your machine
<zamarax> haha, I obviously missed that somewhere
<zamarax> thanks, trying it now :-)
<zamarax> just out of curiousity as well, what is rc1.d then?
<xperia> pmatulis: looks like it is installed => php5-sqlite                     - SQLite module for php5
<xperia> i have changed some files in /etc/php5/conf.d/ that are related to pdo_sql
<xperia> maybe this is problem. looks like i have broke something with sql
<xperia> pmautulis: here is the output of the apache error log http://paste-bin.com/view/9968f313
<xperia> need help with this. my sites that use sql databases are broken at the moment
<zamarax> ok that worked on starting it, the last thing is, there are 2 scripts and have to be launched in a specific order, when is the modem script the second is the fax script, I need the modem to launch first then the fax script, should I simply add a sleep 10 to the fax script?
<zamarax> or is there a better way
<pmatulis> zamarax: sleep sounds good unless there is something you can do to test the modem
<zamarax> not really, but does rc2.d have a boot order? I'm worried about the fax launching first, waiting 10 seconds and then moving on to other scripts, if this is the case it will just slow down booting but still run before the modem script
<zamarax> or is that even possible?
<pmatulis> zamarax: if you place the modem script first then that one will run first
<zamarax> that's what I don't understand, how do you place them in order like that?
<zamarax> are they run alphabetically?
<pmatulis> zamarax: you should just run a main script from /etc/rc.local.  that script will call the 2 other scripts.  that's what i would do
<pmatulis> zamarax: you shouldn't really mess with the init stuff as it can cause conflicts when the system is updated
<pmatulis> zamarax: do you understand?
<zamarax> I think so, just basic script in rc.local to call the 2 other scripts right?
<pmatulis> zamarax: right.  and put a 'sleep 10' between the calls
<zamarax> cool
<zamarax> thanks
<xperia> okay have maked a "sudo php -m" to show which modules are loaded into php but could not find one module for sqlite
<xperia> http://paste-bin.com/view/96a1cdbd
<xperia> instead i get this error message
<xperia> PHP Warning:  Cannot load module 'SQLite' because required module 'pdo' is not loaded in Unknown on line 0
<zamarax> pmatulis, am I missing something from the script http://pastebin.ca/2009877
<databits> how do you close screen's for the "screen program"
<databits> NM I got it firgured out
<SpamapS> funny
<SpamapS> I never close screens
<SpamapS> I just exit the shell or detach from the session
<SpamapS> databits: so whats the answer?
<databits> exit lol
<databits> SpamapS: smart ass lol
<databits> now shoot... I was learning this stuff yesterday.  how do you open up a new screen lol I forget
<arrrghhh> screen
<databits> lol
<databits> wow, perm. damage I swear
<arrrghhh> seriously, just type 'screen' and hit enter.
<arrrghhh> dain brammage?
<guntbert> databits: <ctrl> a c
<databits> I know lol... I was laughing at myself
<guntbert> databits: :)
<databits> ok now time to see if I can do some damage with this cyrus, and postfix setup :)
<databits> @ubuntu:/etc# cyradm --user cyrus localhost
<databits> IMAP Password:localhost> cm user.toto
<databits> createmailbox: Permission denied
<databits> :(
<tarvid> any quick thoughts on ftp connection tracking? I had it in Karmic
<ScottK> Any time someone mentiones ftp, my thought is "It's 2010 for goodness sake.  The '90s were over a long time ago."
<tarvid> Until I come up with an LXC like solution it is the safest means for clients to upload files
<tarvid> and even then ftp will be the lowest resource intensive method
<tarvid> and the same could be said for smtp, pop etc.
<arrrghhh> tarvid: sftp?
<tarvid> might do, I'll try a few Windows and Mac clients
<arrrghhh> winscp does it
<arrrghhh> not sure about mac clients, but i'd assume they'd be able to natively do it since it's just freebsd underneath.
<tarvid> I think filezilla will do that. Is that port 22?
<arrrghhh> yes
<arrrghhh> by default
<tarvid> so I will be inviting ssh logins with username and password?
<arrrghhh> chroot jail
<arrrghhh> sftp is ssh basically
<arrrghhh> just does to ftp what ssh did to telnet.
<tarvid> time to mull, thanks but it would be neat to get ftp connection tracking working again
<SpamapS> tarvid: everything serious supports SSH uploads
<arrrghhh> tarvid: ftp just isn't recommended because just like telnet, it's unencrypted traffic.
<SpamapS> tarvid: and check out 'scponly' for a limited shell that only supports scp commands
<arrrghhh> SpamapS: what if you don't trust your clients...?  chroot jail i'm assuming is the only option.
<SpamapS> arrrghhh: right, scponly actually chroots by default
<billybigrigger> is it possible/safe to dd a live system?
<billybigrigger> i want to backup my currently running desktop
<SpamapS> billybigrigger: no
<SpamapS> billybigrigger: not even close to safe
<billybigrigger> k
<billybigrigger> livecd it is, thanks guys
<billybigrigger> err SpamapS :P
<SpamapS> billybigrigger: if you want to backup your system, backuppc works.
<billybigrigger> SpamapS, so does dd :)
<SpamapS> billybigrigger: no
<SpamapS> it does not
<SpamapS> It does for an unmounted volume
<billybigrigger> livecd and dd
<SpamapS> backuppc can actually backup while you're mounted and have a chance at being restorable without filesystem corruption.
<billybigrigger> your telling me won't backup my system?
<billybigrigger> hmmm
<SpamapS> billybigrigger: I'm telling you that you should be careful using dd. It will work if you shutdown cleanly and boot into a livecd, yes.
<SpamapS> billybigrigger: but if you don't want to do that.. there are a bunch of solutions.. tar.. rsync.. lvm snapshotting.. that will allow you to get a backup from your system without shutting it down.
<billybigrigger> dd if=/dev/sda of=~/sda.img
<SpamapS> billybigrigger: what if your new disk isn't the same size as sda ?
<billybigrigger> it won't be
<SpamapS> dd will copy the partition table with the wrong size
<billybigrigger> i'm trying to split 500gb into 2 x 250
<ZAHER> Hi all,  which kernel modules I need to run iptables?
<billybigrigger> SpamapS, good point
<SpamapS> billybigrigger: don't get me wrong, there are some good things about that. You can always resize the partition table...
<SpamapS> billybigrigger: but, if it were me, I'd mount the volumes and make tar's of each one
<SpamapS> billybigrigger: and then just record the output of 'fdisk -l /dev/sda'
<billybigrigger> will your backuppc work for my scenario?
<SpamapS> billybigrigger: truth be told, backuppc is probably overkill
<billybigrigger> so...
<SpamapS> billybigrigger: https://help.ubuntu.com/community/BackupYourSystem
<SpamapS> ZAHER: they're already included in the system, just run 'sudo iptables -L' and the ones needed will be loaded.
<SpamapS> ZAHER: the -L is not for "load" btw, its for "list rules"
<SpamapS> ZAHER: you might want to check out 'ufw' which is an easy firewall for ubuntu.
<SpamapS> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist.
<SpamapS> billybigrigger: good luck, I have to run out for a bit
<ZAHER> SpamapS: I have VPS under openVZ and the kernel don't have any modules
<billybigrigger> SpamapS, thanks
<arrrghhh> ZAHER: can you use ufw?
<ZAHER> no
<arrrghhh> i would recommend that.  it makes things very easy.
<arrrghhh> why?
<ZAHER> arrrghhh:  I can install it but it's don't work
<arrrghhh> ...
<ZAHER> arrrghhh: ...?
<arrrghhh> it's already installed
<databits> does anyone know the location of the postfix log's off the top of their head ?
<arrrghhh> you're using ubuntu-server right?
<arrrghhh> databits: somewheres in /var/log i'd bet.
<arrrghhh> /var/log/maillog
<jdstrand> arrrghhh: fyi, some VPS don't compile all the necessary netfilter code to use ufw. People can use /usr/share/ufw/check-requirements to see if this is the case
<tarvid> mail.log mail.info mail.err etc
<arrrghhh> jdstrand: that sucks.  ZAHER did you catch that?
<ZAHER> arrrghhh: yes,I use ubuntu server 10.04 but it's custom edition work under openVZ
<arrrghhh> ZAHER: so if you run that check-requirements does it fail?
<jdstrand> (actually, 10.04 doesn't have the check-requirements script, but the issue is the same)
<jdstrand> (oh wait, I misread that as '8.04', please disregard)
<arrrghhh> haha
<jdstrand> :)
<databits> arrrghhh: thanks
<arrrghhh> np
<databits> @ubuntu:/etc# cyradm --user cyrus localhost
<databits> IMAP Password:localhost> cm databits.toto
<databits> createmailbox: Permission denied
<databits> anyone have any idea's ?
<arrrghhh> no rights?
<databits> so you think I need to raise the right's for user cyrus ?
<arrrghhh> i have no clue what cyradm is
<arrrghhh> but permission denied says you don't have permission to do whatever you're trying to do :P
<xperia> hello to all. i am missing pdo.so and pdo-sql.so in /usr/lib/php5/20060613+lfs/ and get becouse of this allways the error message
<xperia> PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20060613+lfs/pdo.so' - /usr/lib/php5/20060613+lfs/pdo.so: cannot open shared object file: No such file or directory in Unknown on line 0
<xperia> Unable to load dynamic library '/usr/lib/php5/20060613+lfs/pdo_sql.so' - /usr/lib/php5/20060613+lfs/pdo_sql.so: cannot open shared object file: No such file or directory in Unknown on line 0
<xperia> how can i install this pdo.so php5 modules in ubuntu ? looks like i have deleted it somehow becouse till yesterday it worked
<uvirtbot> New bug: #623609 in grub2 (main) "grub-pc needs some help in uec instances" [High,Fix released] https://launchpad.net/bugs/623609
<Cygnus_Rift> Hey everyone, could anyone run me through the troubleshooting steps for an FTP server on Ubuntu 10.10?
<Cygnus_Rift> Anyone?
<Cygnus_Rift> Hello?
<guntbert> Cygnus_Rift: from your description in #ubuntu I didn'd understand your problem
<Cygnus_Rift> What don't you understand?
<Cygnus_Rift> The problem is I still can remote connect to my ftp server, even though all the settings and set-up should be correct
<Cygnus_Rift> *can't
<Cygnus_Rift> I forwarded ports 20-22 to my statically addressed server
<guntbert> Cygnus_Rift: please use my nick, so that I get highlighted
<Cygnus_Rift> How do you do that?
<guntbert> Cygnus_Rift: can you connect (from outside) to any other services on your machine?
<guntbert> Cygnus_Rift: type gun<tab>
<Cygnus_Rift> No, I've tried to set up an ssh server too. Same issue
<guntbert> !tab | Cygnus_Rift
<ubottu> Cygnus_Rift: You can use your <tab> key for autocompletion of nicknames in IRC, as well as for completion of filenames and programs on the command line.
<Cygnus_Rift> guntbert: Didn't know that the tab trick worked in here.
<guntbert> so cannot reach any service on your machine from outside?
<guntbert> *so you
<Cygnus_Rift> guntbert: Nope
<Cygnus_Rift> guntbert: I believe it has something to do with my ISP or my router
<guntbert> Cygnus_Rift: I'd blame the router ... do you have a local firewall set up?
<guntbert> Cygnus_Rift: many ISPs block server ports
<Cygnus_Rift> A firewall on the router?
<Cygnus_Rift> guntbert: I was told that, but I wasn't sure. If thats the case, I wouldn't know how to enable the ports except by contacting my ISP
<guntbert> Cygnus_Rift: your ISP won't .... , try to set up a service on some uncommon port (ie apache on 7000), don't forget to forward
<Cygnus_Rift> guntbert: I have already tried that with an ssh server on port 1201, that turned out the same results
<guntbert> Cygnus_Rift: I'd try with something really easy (from the client's point of view) - thats why I suggested apache
<Cygnus_Rift> guntbert: I believe I have already installed apache on my server too and tested it locally. The test page worked.
<Cygnus_Rift> guntbert: I just haven't tested it remotely
<guntbert> Cygnus_Rift: try to ask your ISP which  ports they block (its often in the FAQs)
<guntbert> Cygnus_Rift: and else set the apache to listen on (say) 12500, and try it from outside
<Cygnus_Rift> guntbert: How would I connect to my apache server if not through port 80 which most HTTP requests go through?
<guntbert> Cygnus_Rift: but if its really a ISP/router issue you might have better success in ##networking
<guntbert> Cygnus_Rift: in your remote browser type http://<your.address>:<thePortYouUse>
<Cygnus_Rift> guntbert: Ah, alright. I was going to say, if I forwarded all router port 80 requests to my server, no other computers could surf the web
<Cygnus_Rift> guntbert: all ---> my
<guntbert> Cygnus_Rift: port 80 is the one most likely blocked :-)  (ISPs usually disallow servers...)
<Cygnus_Rift> gunbert: Don't you need port 80 to surf websites though?
<guntbert> Cygnus_Rift: no, you can use any port the server listens on (you surely have seen links to some.url:443)
<Cygnus_Rift> gunbert: I mean for a normal web browser with a default setup
<guntbert> Cygnus_Rift: no problem, just append :portnumber (like http://88.17.94.30:7000)
<guntbert> remember to use <tab> with nicks :-))
<arrrghhh> hey all, can i use a serial connection to connect ubuntu-server to say a router?
<raubvogel> Does anyone know why the dovecot-common package needs mysql?
<arrrghhh> raubvogel: i think that's for the user-database, if you're not doing LDAP or passwd-files.
<arrrghhh> http://wiki.dovecot.org/HowTo
<raubvogel> But I am doing ldap. I really do not want to add anything I do not need
<raubvogel> If I can get away with
<arrrghhh> hrm.  not sure... and i've never used it.  my google-fu hasn't turned up anything extremely useful.
<xperia> hello to all. how can i install in ubuntu the php5 pdo extension ? i get this error message here
<xperia> sudo php -v
<xperia> PHP Warning:  Cannot load module 'SQLite' because required module 'pdo' is not loaded in Unknown on line 0
<xperia> PHP 5.2.6-2ubuntu4.6 with Suhosin-Patch 0.9.6.2 (cli) (built: Jan  6 2010 22:03:33) Copyright (c) 1997-2008 The PHP Group
<xperia> what for package need to be installed ?
<lenios> xperia, you did apt-get install php5-sqlite ?
<xperia> lenios: yeah i did apt-get install php5-sqlite but it had no effect
<xperia> need to reinstall php5
<lenios> xperia, can you paste the result of : dpkg -l | grep php ?
<lenios> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<cokegen> hi ... need to know if the server ISO has wireless support in the installer
<cokegen> anyone knows ?
<cokegen> the server or the alternate ISO
<xperia> lenios: thank you a lot for your help. http://paste-bin.com/view/93f65177
<xperia> i just did "sudo apt-get remove --purge php5" and wanted now to reinstall php5 with "sudo apt-get install php5" but it dont works anymore
<xperia> so i am total lost now
<cokegen> compile it by hand ;-)
<cokegen> not the idea, but php, along with other stuff is the only stuff I do by hand
<cokegen> always better, you really have control
<cokegen> of course, always depending on what you want to do
<xperia> hmmm should i do it really. well the only reason for this problem is becouse the pdo modules for php were missed in ubuntu or better debian but i am not that save with compiling such a package cokgen
<cokegen> it's not hard, really
<cokegen> there are several guides on the net
<cokegen> I went from apache to lighttpd to nginx
<cokegen> the best right now is without of doubt nginx + php 5.3.3 with fpm
<xperia> hmmm sound nice
<cokegen> the lastest stable php release incorporates FPM in the core
<lenios> xperia, this should do it:  apt-get install php5-sqlite && sudo /etc/init.d/apache2 restart
<lenios> what doesn't work when trying to install php5?
<xperia> lenios: it say me interpid repository can not be found anymore
<lenios> intrepid ?!
<lenios> what ubuntu version do you have?
<xperia> well its my server i dont want change too much :-) now i am full broken
<xperia> full web server is no working anymore as i removed php5
<xperia> lenios: PHP 5.2.6-2ubuntu4.6 was last time i used
<cokegen> when you do an apt-get install php5 what do you get ?
<xperia> cokgen: Fehl http://de.archive.ubuntu.com intrepid-updates/main php5 5.2.6-2ubuntu4.6
<xperia>   404 Not Found [IP: 141.30.3.82 80]
<cokegen> well, that's another problem
<cokegen> switch your mirror and do an apt-get update
<cokegen> in /etc/apt/sources.list
<xperia> ahhh okay will do that in the apt sources list
<cokegen> bc the 404 is that apt-get is not finding the package
<cokegen> so the problem is not with php5
<xperia> yeah and now after changing and a apt-get update i et ignore allways
<xperia> sudo apt-get update
<xperia> Ign http://security.ubuntu.com intrepid-security Release.gp
<xperia> Ign http://security.ubuntu.com intrepid-security Release
<xperia> Ign http://archive.ubuntu.com intrepid Release.gpg .....
<cokegen> xperia: anyway, I know it's not standard procedure, but I always recommend learning to compile it
<cokegen> paste the error
<xperia> cokgen really asking me what i should do compile or full upgrade
<cokegen> well, first you have a problem with apt
<cokegen> then you should be able to install php5 again
<xperia> ahh okay well then let make it that way
<cokegen> what error is throwing ?
<cokegen> the apt-get update commadn
<xperia> http://paste-bin.com/view/240dea77
<cokegen> pastebin your sources.list man
<cokegen> that's the problem
<cokegen> you have bad repos there
<xperia> cokgen i get this when i am doing a apt-get update and this here is my sources.list now http://paste-bin.com/view/54a341e1
<cokegen> see ... I come from debian
<cokegen> don't know where you can get a list of working repos
<cokegen> but ask anyone here they should be able to give you a working list
<xperia> cokgen thank you a lot
<cokegen> but the problem is there, I can guarantee you
<cokegen> have to go ... see ya
<xperia> see ya have a nice day
<lenios> xperia, cat /etc/issue
<lenios> try http://repogen.simplylinux.ch/
<JanC> xperia: intrepid is out of support now
<JanC> xperia: so no more security releases, etc.
<JanC> the repositories are still available, but moved to another server
<JanC> in most cases you don't want to use it anymore though
<xperia> i am doing now a full upgrade. thing is compiling newest php will need newest packages so a upgrade is needed
<xperia> have done based on a how-to sudo do-release-upgrade and it looks good at the moment with upgrade.
<xperia> you are all great people thank you a lot for your help and support especially lenios, cokegen and JanC
<xperia> allways nice when you have a crisis like full server non working and people exist how help ones
<xperia> hope just the upgrade will not break too much stuf :-(
#ubuntu-server 2010-12-04
<trimeta> Quick question: my ssh session terminated when I was running aptitude upgrade on my server; it looks like it was in the beginning of reinstalling grub on the boot hard disks when the session died.
<trimeta> I'm reasonably confident it didn't actually begin to write any changes, so that's not a problem, but I've still got an aptitude process running and I do need to go back and tell it to run the installation. How do I do that?
<lenios> trimeta, apt-get install -f
<trimeta> That will work even if there's apparently an aptitude process still running and holding the lockfile?
<lenios> this will try to fix any package
<trimeta> And if not, is it safe to kill that process?
<lenios> aptitude is still running?
<trimeta> Apparently; that's what pgrep -p aptitude says.
<trimeta> But I'm the only user logged in, and I'm not running it.
<lenios> if it's stuck, i guess you have no choice but to kill it
<trimeta> OK, killed; now to run the command you suggested.
<trimeta> ...Lock file still used.
<lenios> you have to remove the lock file
<trimeta> It's an empty file, so I just rm it?
<lenios> yes
<trimeta> That got me "E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem."
<lenios> then do it
<trimeta> And when I ran that, I got "debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable"
<lenios> debconf?
<lenios> try lsof | grep config.dat
<trimeta> Nothing.
<lenios> sudo?
<trimeta> Yeah, that changed things: now I'm getting "frontend   7105     root    4rW     REG              251,1      44378     655367 /var/cache/debconf/config.dat"
<trimeta> I have no idea what "frontend" is, though...
<trimeta> Aside from the fact that ps -l confirms that it's currently running.
<lenios> you might want to kill this process
<trimeta> OK, now "sudo dpkg --configure -a" seems to be working.
<trimeta> It gave me the grub configuration screen again, and I proceeded as usual.
<trimeta> Running aptitude upgrade again produces no errors or unusual output.
<trimeta> I think this has probably worked...but sine it's about time I rebooted the server anyway, I might as well do so now and see if it actually installed properly.
<aragon_> hola, buenas noches
<xperia> hello again. i am doing here the upgrade from interpid to jaunty but for some reason now the upgrade process hangs on depmod for a while and do nothing
<xperia> http://paste-bin.com/view/7403fdd8
<xperia> its like it is waiting for something cpu usgae is very low and it does nothing do now since 10 to 15 minutes
<xperia> really bad
<aragon_> hi
<xperia> server at least is still availble and working
<xperia> aragon_ hello
<aragon_> hello Translates expected my problem
<aragon_> I have problems with my lampp, I put different password security and the data base is not active
<xperia> you mean mysql database ?
<xperia> or what database ?
<aragon_> yes is lampp
<aragon_> mysql
<aragon_> lampp server
<lenios> weird xperia
<aragon_> is disabled after giving my lampp security
<xperia> aragon_ well do this here to know iw mysql first is working "sudo /etc/init.d/mysql status"
<xperia> lenios: its just sit there and do nothing
<xperia> now since 15 to 20 min
<xperia> should i do a manul modprobe
<aragon_> command not found
<xperia> he ?
<xperia> thi must work
<lenios> xperia, try something
<xperia> lenios i am hearing
<lenios> it must be stuck, not sure if modprobe can solve that
<xperia> yeah i guess that too
<lenios> ctrl + d / ctrl+c?
<aragon_> I have installed the qt4 prawns and ide
<xperia> lenios looks like ssh got disconected hmm
<xperia> Write failed: Broken pipe
<xperia> i have still other ssh connection
<aragon_> alguien sabe espaÃ±ol
<xperia> what now looks like upgrade process stoped becouse of ssh connection closing
<lenios> aragon_, try #ubuntu-es maybe
<aragon_> ok
<lenios> xperia, you're not using screen?
<aragon_> thank
<xperia> i have done it over ssh
<lenios> you can recover it, then
<xperia> yes ssh conection is no problem
<xperia> i can reconect but how processing with upgrade further
<xperia> last time i used "sudo do-release-upgrade"
<xperia> it downloaded all new packages
<xperia> and prelaced a lot of software with new version but then it stoped hmmmm
<qman__> if you stop the process, you can run another do-release-upgrade
<qman__> I had a machine reboot mid-upgrade for some reason
<qman__> and was able to continue that way
<xperia> qman:: okay will try again "sudo do-release-upgrade" hope just not that all packages will be redownloaded again
<qman__> packages are cached in /var/cache/apt/archives
<qman__> unless that directory has been wiped, it will not need to redownload anything
<xperia> qman__ looks very good. it proccess again with the upgrade very fast.
<xperia> it does every package from new check for reinstalling if it is old
<uvirtbot> New bug: #685028 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/685028
<mklappstuhl> hey
<mklappstuhl> how can i reduce the size of my ubuntu server installation by 230M ?
<mklappstuhl> are there any huge packages i could remove?
<mklappstuhl> or a way to show bigger packages?
<Yompa> I'm no expert (disclaimer here) but I believe you can install a minimal server with the alternative CD. Then just add the parts you want/need.
<jgould> Anyone have any experience with NFS>?
<mklappstuhl> could i just remove the 'locales' plugin or could this cause trouble
<mklappstuhl> s/plugin/package/ - lool
<jgould> How do you tell if nfsd is exporting a directory?
<phrix> hi all... I'm running MM... I've install apache2, php5, mysql, and phpmyadmin... but I cant open localhost/phpmyadmin... any clue??
<uvirtbot> New bug: #685014 in php5 (main) "Please merge php5 5.3.3-5 (main) from Debian unstable" [Wishlist,In progress] https://launchpad.net/bugs/685014
<osmosis> is there a way to write all 0's to all unused space on my HD?
<patdk-lap> osmosis, zerofree :)
<patdk-lap> or the slow way, dd if=/dev/zero of=temp bs=1M
<osmosis> patdk-lap, hmm...but my partition size is 500GB with 1.9GB used.  qcow2 file is 80GB.  creating the tmp file would fill up the whole 500GB, which seems a bit overboard.
<patdk-lap> you never said how you wanted to do it, you just asked how to do it :)
<patdk-lap> use zerofree
<patdk-lap> better question gets a better answer :)
<osmosis> how do I view the changelog for a package before installing the update?
<patdk-lap> the last change? or all changes?
<ZacLnxNewb> Hi
<ZacLnxNewb> What would be best for logging the ip addresses of anyone who visits my server?
<ZacLnxNewb> the website, to be exact?
<patdk-lap> your webserver :)
<ZacLnxNewb> yes
<patdk-lap> I know, that is why I answered your question
<ZacLnxNewb> patdk-lap: I mean, which piece of software would be best to run on the server to record ip addresses of visitors?
<ZacLnxNewb> I don't plan on misusing  this information or anything
<ZacLnxNewb> just curious
<patdk-lap> your webserver
<arrrghhh> lol
<arrrghhh> dive deeper man!
<patdk-lap> your webserver is the best software to use to log the ip of peple using your website :)
<ZacLnxNewb> patdk-lap: So it automatically does it?   or are you trolling me? :p
<patdk-lap> you mean to parse the logs of ips and find out what people do? or something more?
<patdk-lap> cause your question to just log ip's, it does by default
<ZacLnxNewb> nah, just record ip addresses of any connection to a file
<ZacLnxNewb> "this ip conneted"
<ZacLnxNewb> "this ip connected"
<ZacLnxNewb> so on
<patdk-lap> what webserver do you use?
<ZacLnxNewb> patdk-lap: ubuntu 10.10
<patdk-lap> ok, so you use that os, but what webserver? :(
<patdk-lap> apache, lighttpd, ngix, ..............
<arrrghhh> i'm going to bet apache
<arrrghhh> $10 on apache!
<patdk-lap> dhttpd, thttpd, ......
<ZacLnxNewb> patdk-lap: apache
<patdk-lap> check the access logs in /var/log/apache2/
<arrrghhh> ZacLnxNewb, $10 please :P
<ZacLnxNewb> patdk-lap: spectacular. :D
<ZacLnxNewb> arrrghhh: Psh, you probably could just look it up easily using who is or something
<ZacLnxNewb> and my deluge torrent server won't save the port settings for some reason
<arrrghhh> haha i was just jokin
<arrrghhh> didn't do any pokin around tho.
<arrrghhh> i'd say apache is probably the most popular
<patdk-lap> apache is what is installed by default when a webserver is needed by something else
<ZacLnxNewb> I use it as a print/web/sftp/file server
<ZacLnxNewb> and at the moment, I'm sing my main page to auto-redirect traffic to the wikileaks ip address
<arrrghhh> lol
<ZacLnxNewb> definitely lol
<ZacLnxNewb> deluge web ui won't save the port settings
<ZacLnxNewb> they don't stick
<arrrghhh> hrm.  i use rtorrent... sorry.
<arrrghhh> <insert rtorrent ftw statement here>
<ZacLnxNewb> hm
<arrrghhh> it was a pain to learn, i'll admit it.  but i freakin love it now that i took the time to learn it.
<arrrghhh> i used torrentflux before, and the webui felt very disconnected from the actual torrent applications running underneath... plus, 1 torrent 1 process is not cool.
<ZacLnxNewb> arrrghhh:  what do you think of my action towards wikileaks?
<ZacLnxNewb> arrrghhh: yeah, multiple processes sounds like a pain in the ass
<ZacLnxNewb> lol
<ZacLnxNewb> I just accidently used the fword talking to my mother
<arrrghhh> classy
<arrrghhh> no comment dude, on all of it :P
<ZacLnxNewb> arrrghhh: Well, I've been hanging out with the guys all night
<ZacLnxNewb> she really doesn't care, it slipped and I generally don't use it
<ZacLnxNewb> arrrghhh: no comment on wikileaks?  that a negative connotation?
<ZacLnxNewb> :p
<arrrghhh> eh you take it as you wish.
<arrrghhh> best part about no comment.  you're not sure if i'm pleading the 5th or what ;)
<ZacLnxNewb> I believe in openness and free speech. :D
<ZacLnxNewb> I don't think it's an appropriate response that people are basically disabling their website
<ZacLnxNewb> so
<ZacLnxNewb> I'm trying to help. :D
<sunit> hello
<sunit> I am trying to use ubuntu 8.04 LTS
<Cromulent> oh good
<sunit> If I install gnome with apt-get install ubuntu-desktop , will there be any problem ?
<sunit> becuase I have installed 8.04 LTS server in one machine
<sunit> then installed gnome . some days everything was ok
<sunit> later I am getting error that gnome is not automatically loaded
<sunit> I have to give startx command to login into gnome desktop
<sunit> I am getting error : Failed to initiaze HAL
<sunit> after giving ok in that error box , I am logging into desktop
<sunit> can anybody tell me , where is the problem ?
<sunit> and what shall I do ?
<linze> 10.10 is the latest
<linze> hmm
<linze> btw good morning all
<[diablo]> morning
<[diablo]> anyone have any idea why the virtual kernel has no NFS support
<Weyrling> Hi. Running Ubuntu-Server 10.04 (LTS) with Apache2/PHP5. PHP has suddenly stopped interpreting .php files and instead the source gets served by Apache. Believe server was running fine before last 'apt-get upgrade' (Yesterday), but can't be 100% sure since PHP isn't used everywhere in the server. PHP files are served with type: application/x-httpd-php, FastCGI of PHP fails also. Perl CGI works fine though. Anyone else experienc
<Weyrling> ing similiar problems or have an idea?
<Weyrling> Have made sure that libapache2-mod-php5 is installed and a2enmod'ed into Apache. Also Apache reports on start up that 'PHP' module is loaded.
<Weyrling> Also have removed the <IfModule mod_userdir.c> entry from php5.conf also, tried running apt-get --reinstall on apache2, php module and php itself earlier as well. Just starting to run out of ideas now.
<Weyrling> Actually nvm, not sure if I re-installed Apache itself. But PHP and the PHP modules at any rate. Apache itself is running just fine otherwise.
<jgould> I'm getting no such device when I try to mount an NFS share.  Any ideas?
<qman__> Weyrling, check the checksums on your php binaries, or the package downloads in /var/cache/apt/archives
<qman__> I've seen bad downloads cause this problem before
<Weyrling> qman__: Thanks, will need to check that. Is there an easy way to do that or do I need to go hunting for the checksums, etc?
<Weyrling> debsums?
<qman__> well, the package's sum should be easy to find, but the binaries not so much
<qman__> you'd have to find a known good system
<Weyrling> Hmm, well the debsums program reports the Apache modules a-ok at least. I also cleared the cache and re-downloaded and re-installed php5, php5common, libapache2-mod-php5, libapache-mod-fastcgi but it doesn't seem to have helped.
<Weyrling> Did the same for Apache itself as well now. It seems like that for some reason the PHP interpreter isn't invoked at all when a .php file is attempted accessed, but instead it just gets served as a normal file. The PHP executables themselves don't seem to error when I start them.. and the modules get loaded fine. It's as if there'd be something wrong with the settings but I hadn't touched them before the problem began. The PHP
<Weyrling> module loads up fine and mod_fastcgi also... They just don't catch on, even though the file type seems set correctly too (application/x-http-php or so).
<Weyrling> Ah, rewriting into the mod_php5 specific AddType/AddHandler values seems to have enabled it partially for the site now at least. Will see if it helps for the rest of it too..
<Weyrling> Well buh, something in the updates apparently had made it so that I had to do an explicit +ExecCGI instead of just ExecCGI on the FastCGI handler. Well, fine enough for me though, site seems to be working again.
<Weyrling> Alright, good luck everyone else then, I'm off.
<paddy__> I am trying to set up ufw but it seems to block all connections and will not log anyting. I am sure I have got the rules set up right. ufw status works show 22/tcp alow in anywhere and I have set logging to full yet nothing is hapening. as soon as i disable the firewall i can ftp and ssh again (i have done a rule for ftp). I realy have  no idear what is whrong.
<ruben23>  hi guys any sugested firewall application for linux..? which is GUI- i can install directly.
<Cromulent> ruben23: just use ufw if you want a simple firewall
<ruben23> how about application
<Cromulent> ruben23: just learn ufw
<Cromulent> I doubt it will take longer than 2 minutes to set it up
<paddy__> Cromulent: unless you are me, do you think you could help with my problem posted earlyer?
<Cromulent> paddy__: what does "sudo ufw status verbose" tell you?
<ikonia> paddy__: can you telnet to the ports
<paddy__> that it is active, logging is on full, defaults are deny in allow out
<paddy__> and rules are as previously stated
<paddy__> what does new profiles: skip mean?
<paddy__> Cromulent: ikonia ^
<Cromulent> paddy__: paste the output
<paddy__> here or bin?
<ikonia> paddy__: deny out ?
<Cromulent> bin
<ikonia> paddy__: you know your appllications need to respond too
<paddy__> allow out
<ikonia> deny in ?
<paddy__> ikonia: yes
<ikonia> paddy__: you need "allow in" to hit the port
<ikonia> paddy__: to ssh in - that is an incoming connection
<paddy__> ikonia: the defaults are deny with alow in for 22 and 21
<Cromulent> paddy__: your output should look something like this http://pastebin.com/RUUDyumr
<ikonia> paddy__: you know it's iptables, so the allow needs to be before the deny
<paddy__> ikonia: the output is the same
<paddy__> Cromulent: ^
<ikonia> paddy__: output is the same as what ?
<ikonia> paddy__: can you telnet to port 22 ?
<paddy__> ikonia: it is the same is Cromulents output
<ikonia> paddy__: can you telnet to port 22 ?
<paddy__> ikonia: from local or remote?
<ikonia> paddy__: try both, see if they differ
<ikonia> they shouldn't
<paddy__> connecting to server failed
<paddy__> what server should i telnet to from server?
<ikonia> what ?
<ikonia> paddy__: show me the commands you're using, exactly
<paddy__> the bad server is remote
<ikonia> paddy__: show me the exact commands you're using
<paddy__> ikonia: cant go out
<ikonia> paddy__: show me the exact commands you're using
<paddy__> firewall is blocking everything
<ikonia> paddy__: show me the exact commands you're using
<paddy__> telnet google 80
<ikonia> and that's being blocked ?
<paddy__> works on my machine
<paddy__> but not on server
<joschi> looks abit incomplete to me
<ikonia> paddy__: on the server, to "iptables -L" and pastebin it please
<paddy__> fatal module ip_tables not found
<paddy__> ikonia: i guess thats bad
<Cromulent> paddy__: you need to use sudo
<ikonia> errrr not sure how you have a working firewall
<ikonia> ahh yes
<ikonia> sorry, I take that for granted, sudo iptables -L
<paddy__> http://pastebin.com/Y8UzrFDt
<Cromulent> paddy__: can you actually paste the output of sudo ufw status verbose too? because the output you just posted does not have any allow rules
<ikonia> paddy__: and if you stop the firewall, you can telnet to google.com on port 80 ?
<paddy__> http://pastebin.com/0E4JePeZ
<paddy__> ikonia: tenet works if i disable ufw
<ikonia> what was that last paste you sent me
<paddy__> starting ufw i just got ERROR: problem running ufw-init
<paddy__> http://pastebin.com/0E4JePeZ is status verbose
<ikonia> paddy__: ok, so that is the firewall active, but you can't do anything with it out going ?
<jdstrand> paddy__: can you do: 'sudo ufw disable ; sudo /lib/ufw/ufw-init start' and paste the output?
<paddy__> Skip starting firewall: ufw (not enabled)
<jdstrand> oh duh
<jdstrand> paddy__: can you do: sudo ufw enable ; sudo /lib/ufw/ufw-init stop ; /lib/ufw/ufw-init start' and paste the output?
<paddy__> how do i pipe all of that to a file jdstrand
<jdstrand> paddy__: I really only need the last command, so just add '> /tmp/out' to the end.
<paddy__> load of errors in prev commands
<paddy__> last one is problem running /etc/ufw/before.rules
<paddy__> problem running /etc/ufw after.rules
<paddy__> problem running 'lib/ufw/user.rules
<jdstrand> paddy__: can you put "sudo sh -c '/lib/ufw/ufw-init stop ; /lib/ufw/ufw-init start' > /tmp/out" into a pastebin?
<jdstrand> paddy__: well, the contents of /tmp/out that is
<jdstrand> meh
<jdstrand> you probably need 2>&1 at the end of that
<paddy__> still same
<jdstrand> paddy__: can you paste the output?
<paddy__> jdstrand: 2> is http://pastebin.com/QQguzdm1
<paddy__> 2>&1 prints everything to scren
<jdstrand> paddy__: can you run: 'sudo /usr/share/ufw/check-requirements' and paste the output
<paddy__> http://pastebin.com/q3bG1as8
<paddy__> irssi just saved me, i almost pasted the whole thing here instaed of the url, whoops
<jdstrand> paddy__: that is not the output of check-requirements
<paddy__> http://pastebin.com/u0J8SFAB
<jdstrand> paddy__: your kernel doesn't have the required configuration to run ufw
<paddy__> jdstrand: how fix?
<jdstrand> paddy__: recompile your kernel or use a standard Ubuntu kernel
<paddy__> how do i change to a standard ubuntu kernel?
<jdstrand> paddy__: do you own this machine or is it a hosted environment?
<paddy__> i am on a vps
<paddy__> jdstrand: but I have serial acces
<paddy__> jdstrand: which is why when i killed ssh connections i was ok
<jdstrand> paddy__: you need to talk to your VPS and show them the output of the check-requirements command. it is possible they will tell you 'no' at which point you must use standard iptables with simple rules
<paddy__> *access
<paddy__> jdstrand: can I not change the kernel?
<jdstrand> paddy__: if you must go to standard iptables, please use 'sudo ufw disable' first
<jdstrand> paddy__: I don't know. you need to talk to your VPS
<ruben23> hi guys where i can find the iptables file of ubuntu server..?
<paddy__> jdstrand: is there no easy way to do it?
<jdstrand> paddy__: you have to be able to reboot the machine and select a kernel. the VPS provides the kernel. you need to talk to them
<paddy__> jdstrand: I can do that, in grub?
<jdstrand> paddy__: possibly. but aiui most VPS control the kernels in use for security reasons
<joschi> paddy__: what kind of virtualization is being used?
<ruben23> guy can i manipulate directl from iptables on ubntu server..?
<joschi> paddy__: if it's OS-level virtualization (e. g. openvz, virtuozzo, linux-vserver, ...) you can't change the kernel or load custom modules
<paddy__> joschi: openvz
<paddy__> I cancled my vps
<ikonia> whoa
<ikonia> that's a big step to take
<paddy__> ikonia: it was only a toy ;)
<xperia> hello to all. somehow i am not able to do "sudo do-release-upgrade" it breaks allways with error message
<xperia> /usr/bin/dpkg returned a error code
<xperia> Your system is unusable ? can somebody help me with this ?
<ikonia> xperia: was it up to date before you did do-release-upgrade
<ikonia> xperia: what process have you followed for the upgrade
<xperia> ikonia: yes it was full up to date and it worked 100% but i have did a system clean with the ubucleaner script that remove some stuff from the server like not used linux kernels and got then before the upgrade allways the error message that smething with the linux kernel thing is not right when i performed a sudo apt-get upgrade
<uvirtbot> New bug: #685201 in squid (main) "shutdown_lifetime setting behavior does not match doc" [Undecided,New] https://launchpad.net/bugs/685201
<xperia> and now the release upgrade also breaks at same problem it say
<ikonia> ubucleaner ? where di you get that
<ikonia> "did"
<xperia> from the net it is like ccleaner but for ubuntu.
<ikonia> that's not an ubuntu package, and you don't know what it does
<ikonia> why did you not just clean the machine yourself
<xperia> make a search on google ubucleaner think i got it from opendesktop
<ikonia> I have no idea why you would run untrusted scripts like that
<xperia> well needed somethign automatic and did not know that something like this exist in ubuntu
<ikonia> "needed" ? what makes you think y ou needed to "clean" you ubuntu machine
<xperia> well the release upgrade breaks becouse of ubuntu-linux-modules-2.6.24-19-server
<ikonia> breaks in what way
<xperia> looks like package manager has problems like before the upgrade
<xperia> about this modules that were probably removed
<ikonia> the package manager had a problem before the upgrade ?
<ikonia> so you knew the package manager had a problem, and you still did a distribution upgrade ?
<xperia> ikonia yes it right it complained about the same thing. thinked with a upgrade it will solve the problem but it does not.
<xperia> needed free space on the disk
<xperia> how can i fix this package manager problem becouse of the deleted modules probably ?
<ikonia> sorry, that's just a crazy approach, the core component that controls package installation is having a problem, I'll use the problematic package to upgrade it's self
<ikonia> xperia: re-install the package that deleted the modules
<ikonia> that contained the deleted modules
<xperia> so i would need to install the linux server kernel 2.6.24-19 probably ?
<xperia> okay let me looks if i can find it
<ikonia> if that contains the modules you deleted, then yes
<xperia> ikonia_ i get this error here
<xperia> FATAL: Could not open '/boot/System.map-2.6.24-19-server': No such file or directory
<xperia> what does this mean ? this is my file list of /boot http://paste-bin.com/view/db4b29e5
<ikonia> xperia: it means the file is not there
<xperia> any possibility to fix that easy so dpkg dont search anymore for it
<ikonia> xperia: remove the package, and re-add it
<xperia> ikonia: just have fixed the problem now. needed only to create this missing file with touch and now everything works like it should. thank you a lot for your very friendfull help
<xperia> http://ubuntuforums.org/showthread.php?t=831658
<ikonia> xperia: well done
<ikonia> nice trick on dpkg
<RoyK> http://pastebin.com/tYpKYbuY
<ikonia> RoyK: what do you want me to do with that ?
 * RoyK is just grinning
<veovis_muaddib> ikonia: I expect he's bragging about the available space
<ikonia> oh, a pointless post
<osmosis> with kvm, im getting the error  "Could not initialize SDL - exiting". What does that mean?
<patdk-lap> how can I go about putting nfs in fstab, without having mountall hang on boot when the network cable isn't plugged in?
<RoyK> patdk-lap: autofs?
<ivoks> noauto?
<ivoks> there's also an additional option for nfs in fstab, iirc
<ivoks> _netdev
<ivoks>               (used to prevent the  system  from  attempting  to  mount  these
<ivoks>               filesystems until the network has been enabled on the system).
<patdk-lap> royk, no, autofs isn't a solution
<garymc> Hi Guys anyone know how I would install Mcrypt for php?
<ivoks> garymc: apt-get install php5-mcrypt
<patdk-lap> ivoks, but _netdev isn't a flag I'm suppost to give it, it's something that mount does internally for network filesystems
<garymc> ivoks and is that it?
<ivoks> garymc: yes
<garymc> do i need to configure anything?
<ivoks> nope
<garymc> cool. My php programmer has asked for it. Whats it for?
<ivoks> patdk-lap: that option is explicity for that as far as i understand
<patdk-lap> I can't find _netdev in the man pages
<ivoks> man mount
<ivoks> garymc: http://www.php.net/manual/en/intro.mcrypt.php
<garymc> ivoks that didnt seem to work
<ivoks> garymc: it works
<ivoks> garymc: but your question wasn't complete
<garymc> i typed "apt-get install php5-mcrypt and it didnt install anything
<ivoks> garymc: it should've been 'what do i have to do to enable mcrypt module in apache's mod-php'
<garymc> oh.....what do i have to do to enable mcrypt module in apache's mod-php
<ivoks> then it's already installed
<garymc> ?
<garymc> how do I know its already installed?
<ivoks> dpkg -l | grep php5-mcrypt
<garymc> Ahh it says so
<patdk-lap> ivoks, still hangs at mountall with _netdev
<ivoks> when you install php plugin
<garymc> ok so do I need to enable it or something?
<ivoks> it's available for php, but you have to remember that apache needs to reload the php module to pick up all the new plugins
<ivoks> so, restart apache
<ivoks> patdk-lap: are you mounting /home maybe?
<patdk-lap> nope
<patdk-lap> I'm mounting /var/www/virtual
<ivoks> then that's a bug
<patdk-lap> using lucid 10.04 installed today :) all updated
<ivoks> still a bug
<ivoks> it should obey _netdev
<ivoks> _netdev is irrelevant on cifs and nfs shares. And mountall understands _netdev.
<ivoks> https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/504224
<uvirtbot> Launchpad bug 504224 in mountall "NFS mounts at boot time prevent boot or print spurious errors" [Medium,Fix released]
<ivoks> Note that you can get around the recovery shell by using the "nobootwait" option it /etc/fstab for /home.
<patdk-lap> I tried nobootwait, optional, bootwait, _netdev
<patdk-lap> none fixed it
<patdk-lap> and this is for /var/www/virtual, not /home
<ivoks> ask in #upstart :)
<patdk-lap> heh :)
<ivoks> note that it's saturday
<patdk-lap> but there are 23 users :)
<patdk-lap> and I did read that bug report and comments like 3 times before I asked :)
<resno> ive got a question about setting up raid and lvm :)
<resno> ive got a 2TB drive and a 1TB drive. can i parition the 2TB into 1TB sections and use raid5?
<cokegen> resno: I'm not that into raid, but it would miss the point
<cokegen> you can almost do anything with software raid
<cokegen> (I could be wrong however)
<resno> cokegen: i know its mising the point, but i dont really want to backup stuff, i just want to protect my data from a failed drive when using lvm
<patdk-lap> resno, that won't protect anything :)
<patdk-lap> if the 1tb goes down, your protected
<patdk-lap> if the 2tb goes down, your screwed
<patdk-lap> so using the 1tb is pointless, and using raid5 is just going slow down the 2tb drive
<patdk-lap> and cause the 2tb drive to seek like nuts
<joe> hi , anyone can private help ?
<resno> patdk-lap: so whats the solution to my problem?
<patdk-lap> don't do it :)
<resno> what should i do?
<patdk-lap> make a 1tb partition on the 2tb drive, use raid1 on that 1tb drive and the 1tb partition on the 2tb drive
<patdk-lap> you have redundant 1tb now
<patdk-lap> and you can do whatever yo uwant with the extra 1tb on the 2tb drive
<resno> i dont really care about data redundancy though
<resno> i need the space more so then the redundancy
<patdk-lap> " i just want to protect my data from a failed drive when using lvm"
<patdk-lap> that is redundancy
<resno> the whole thing of having 2 drives that could fail and ruin it all is scaring me
<patdk-lap> well, everything you said, will loose all your data if either fail
<patdk-lap> well, the 2tb is ok, you would be ok
<patdk-lap> but if the 2tb fails, you loose all
<patdk-lap> and you don't gain any space
<patdk-lap> so it's moot
<resno> i wouldnt gain the extra space on that?
<patdk-lap> on what?
<patdk-lap> how does using raid5 over 3 1tb drives (2tb usable) give you more space than 2tb drive?
<resno> paritioning each drive to 1TB and raiding it?
<resno> oh ok
<patdk-lap> your solution is to use each drive as it's own drive
<patdk-lap> if you want all space, and don't caare about redundancy
<patdk-lap> then whatever drive fails you loose, but not the other
<resno> so not using lvm?
<patdk-lap> not sure
<patdk-lap> I normally just put lvm on each drive
<patdk-lap> I think if you lvm both drives together into one lvm, it makes a raid0 out of it, givin you the issue again
<patdk-lap> but I have never done that, so
<resno> so lets just say i dump the lvm
<resno> and install each drive alone...
<resno> how do i get data to start using it?
<patdk-lap> get data?
<patdk-lap> wget?
<resno> how i instruct the server to use that space
<patdk-lap> fstab
<patdk-lap> mount
<cokegen> if you ask me, I'd prefeer doing 2 single backups on those different disks
<patdk-lap> anything you normally would do with a drive
<patdk-lap> ya, I would do a raid1 if 1tb over them
<resno> ive never done anything like this... so this is all new
<patdk-lap> then use the 1tb unprotected for junk
<patdk-lap> you hav enever installed a harddrive? usb stick? cdrom? :)
<cokegen> never did software raid
<resno> never did software raid
<patdk-lap> we aren't talking about software raid at all
<resno> and this is my first time messing with adding anew drive since the fresh install
<patdk-lap> cause everytime I give you the options, you say, no
<cokegen> if I were you I'd just backup things twice
 * patdk-lap wonders back to ospf land
<resno> ive already just about tapped out the 1TB drive i have running. so im looking to increase my data storage
<patdk-lap> he wants what every mythtv user wants, but I haven't found one that is reliable
<patdk-lap> seperate harddrives with seperate fs's on them
<patdk-lap> but mount them as one large drive
<cokegen> drbd is another option
<patdk-lap> no raid, if one drive dies, you loose that info, but not everything
<resno> yes, thats exactly what i want...
<cokegen> sorry, drdb would be: http://www.drbd.org/
<cokegen> have some friends using it on production servers and work like a charm
<patdk-lap> drbd is more data redundancy
<cokegen> yeah, on another machine, I know
<patdk-lap> resno said he didn't want redundancy
<cokegen> zfs over fuse ?
<cokegen> if you want to trade off some performance
<patdk-lap> never thought zfs was reliable
<cokegen> it is, just that you loose a good deal of performance
<patdk-lap> there are like 3 different fuse things to do this, each of them failed horrible for me
<resno> im looking for a solution to maximize the space on the new drive and previous one
<patdk-lap> just format and mount them, done :)
<cokegen> resno: mind that there's no perfect solution to every problem
<resno> cokegen: ive learned that
<cokegen> why not 2 copies with rsync over the 2 disks ?
<cokegen> separately
<cokegen> I mean, if you just need backups
<cokegen> if you need to actively use that space it wont work
<patdk-lap> rsync? backups?
<cokegen> well, he isn't 100% clear on what he want
<patdk-lap> he wants to have 3tb of drive space
<patdk-lap> he doesn't want backups
<cokegen> just giving him some ideas
<patdk-lap> he wants as many files as possible to be working, if one fails
<cokegen> hmmmm
<resno> i like lvm, but dont like the danger it presents
<cokegen> lvm in itself is not a danger
<cokegen> but trying to have 3 tb on those 2 disks ONLY is
<cokegen> just taht
<cokegen> want security, use zfs, or raid 1
<cokegen> (some level of security)
<patdk-lap> the mythtv people worked around it by just mountingeach drive as it's own drive
<cokegen> think on a failing power source too as a point of failure
<patdk-lap> then having the myth software write to whatever drive has the most free space
<cokegen> is what I told him
<cokegen> just mount each drive separately
<resno> patdk-lap: ill look at what myth pepole setup then
<cokegen> no FS will save you if the power source fails real bad (and it happens)
<resno> you guys server admins?
<cokegen> I kinda am
<cokegen> that's why I'm telling you, there's always more than one way to do things
<cokegen> in that department at least
<resno> yea, lvm seems like a great solution...
<cokegen> I use it
<cokegen> it's cool to grow
<resno> but i dont like the concept of any one driving failing and everything crashing
<cokegen> with reiserfs you can even grow your fs on the fly without unmounting
<cokegen> can't you have another machine and go backing up once a day ?
<cokegen> I found THAT to be the most reliable solution on small setups, really
<cokegen> that way you only use one disk and the cost is low
<cokegen> in the worst case you loose a day of work or less
<cokegen> if raid fails you need to recover
<joe> anyone familiar with linux vps + ubuntu ?
<cokegen> it's a pain in the ass
<resno> cokegen: i do have another machine i can back up to but it doesnt have that much space
<cokegen> add there another disk
<cokegen> problem solved
<cokegen> you can't have security without spending some money
<cokegen> not with only 2 disks
<patdk-lap> heh? everyhing I think supports growing the fs on the fly while mounted, ext2, ext3, ext4, xfs
<cokegen> no, ext3 doesn't
<cokegen> you have to unmount first
<cokegen> not sure ext3
<cokegen> and xfs
<patdk-lap> I grow ext3 all the time mounted
<cokegen> I'm 99.5% sure you can't do that
<cokegen> I'll google it
<cokegen> that's one of the good points of reiser btw
<joe> anyone can help with linux vps + ubuntu karmic
<patdk-lap> man resize2fs
<patdk-lap> "The resize2fs program will resize ext2, ext3, or ext4 file systems.  It can be used to enlarge or shrink an unmounted file system
<patdk-lap>        located on device.  If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the  kernel  supports  on-line resizing."
<patdk-lap> been using it for like 4 years now
<cokegen> I don't know if it's safe
<Nafallo> karmic? building on a version that's only supported for another few months?
<cokegen> but it's a good thing to know if you say it's working
<cokegen> I read somewhere that online resizing with extX was not safe
<patdk-lap> did you happen to notice the date it said that?
<cokegen> but it seems that it works
<resno> joe: what kinda help ?
<patdk-lap> I know years and years ago, it wasn't
<osmosis> if I do   sudo rm file , then realize a made a mistake, ..is there a way to undo?
<cokegen> yeah, probably years ago
<cokegen> 2 to 3 years
<resno> osmosis: i think its gone when you erase it
<cokegen> again, good thing to know
<cokegen> patdk-lap: http://tldp.org/HOWTO/LVM-HOWTO/extendlv.html
<cokegen> that's were I read it :P
<cokegen> old docs
<cokegen> and it was dangerous on etch which was the distro I was using at the time
<patdk-lap> ya, that was pre-2006
<patdk-lap> in 2006 resize2fs online resizing was added
<cokegen> osmosis: unmount as that partition as quick as you can and try some utils in the system rescue cd @ http://www.sysresccd.org/Main_Page
<cokegen> in reality, I'm going back to linux
<cokegen> so there are things I need to "refresh"
<cokegen> was tired with the lack of hardware support on the desktop and well, the other day tried a maverick livecd and everything was working
<cokegen> seems the perfect time for a comeback
<patdk-lap> heh, I've been using ubuntu since feisty
<patdk-lap> and using slackware since '95
<cokegen> I was started in '95 too
<cokegen> with an infomagic cd set
<patdk-lap> I have one slackware system still running
<cokegen> had slackware, debian and red hat plus a mirror of some ftp's
<cokegen> and in 2000 or 2001 was sick of always having to do stuff to normally work
<cokegen> so I went to windows on the desktop, never for servers, but to work I only needed putty and that was it
<cokegen> and well, the ubuntu pple did a great job polishing stuff
<cokegen> is really almost there
<patdk-lap> the only thing that kept me off unix for desktop, was the ungodly amount of screen space X used
<cokegen> the flash player is the only thing that I can't make it work 100% ok
<patdk-lap> use noflash :)
<cokegen> yes, I know
<cokegen> it's more of a security concern these days
<cokegen> anyway, when I go to youtube it doesn't work ok
<cokegen> fullscreen hangs, and other problems
<cokegen> anyway, it's a proprietary piece of shit
<cokegen> I'll not blame linux this time
<cokegen> adobe should work on an open source player ... it's good for everyone, and no one but them will be able to reproduce something like flash to work on
<cokegen> but it will open the door to proper implementations on different OS's and that kind of stuff
<cokegen> sucks always having that one little problem that's too big to do the switch
<cokegen> I do web development so I care about flash ... have to
<qman__> did you try with a different browser? flash was unusable in firefox for me, but in chromium it's ~98%
<qman__> stutters sometimes but watching videos works fine
<cokegen> have to test chromium
<cokegen> is that I just installed maverick on my other machine
<cokegen> was trying everything on a liveusb with persistence
<cokegen> to actually see if it was worth the shot
<cokegen> worth the try
<cokegen> (my english is not that good, sorry ;-)
<cokegen> I really like chromium/chrome but there's nothing like firefox/firebug to do web development
<cokegen> neither opera nor chrome are good in that regard
<Dibbler__> Evening all , I need 2 dhcp servers on the same subnet , which are physically 2 networks connected by a "TUN" . Is there a comprehensive document somewhere i can read through so i don't overlook anything . A dhcp on either side of the tun needs to assign ip's from diffrerent pools to machines on their respective sides. I would need to block packets with requests , to pass over the tun i would think , probably more to it .. Atm i have it set up funct
<Dibbler__> i said tun didn't I .. i meant TAP
<cokegen> Dibbler__: what about just blocking 68 from trespassing the tun ?
<cokegen> bc each dhcp should reply only requests from each side
<cokegen> so, I say just do some iptables magic and block 68 (or whatever port dhcp is running, can't remember) from going from one side to the other
<Nafallo> Dibbler__: sounds like it would be easier to use subnetting and routing. are there a reason that's not an option?
<Dibbler__> thats how it is running now
<cokegen> of course, if the machines are in the same subnet that is bc the machines have to work together
<Nafallo> subnets have nothing to do with reachability
<Dibbler__> no
<Dibbler__> they are communicating fine :)
<cokegen> Dibbler__, what about blocking 68 from one side to the other ?
<Dibbler__> it's flippin windows
<Dibbler__> i don't want to change all the firewall rules on all the computers to include other subnets for filesharing
<Nafallo> Dibbler__: so... if it's working now, I have to ask what you're trying to achieve?
<cokegen> you don't have to
<Dibbler__> like i said
<Nafallo> oh.
<cokegen> you have to just block 68 from one side to the other
<cokegen> is that possible ?
<Dibbler__> the fact it's reachable and routing nicely doen't mean disocovery works etc
<Dibbler__> it's not ,
<Dibbler__> i cant block traffic from one side to the other
<Dibbler__> well i could
<Dibbler__> but that would only block replies
<Dibbler__> i can block 68 .. but to where
<Dibbler__> they don't have an ip atthat point
<Nafallo> Dibbler__: block on the interface level
<Nafallo> not ip
<cokegen> what links that "TUN" ?
<Dibbler__> i could block outgoing 68 yes
<cokegen> 2 linux boxes ?
<Dibbler__> yes 2 ununtu servers
<Dibbler__> ubuntu
<cokegen> well, do an iptables rule to block 68 from one side to the other
<cokegen> problem solved
<Dibbler__> i could block 68 from both mac's to their respective other sides
<cokegen> you have one dhcp server on each side
<Dibbler__> well side would mean machine in this case
<Dibbler__> since there are no "sides"
<Dibbler__> dince it's tun
<cokegen> one or more machines
<Dibbler__> and therefore bridged
<Dibbler__> and 1 interface
<cokegen> aha
<cokegen> you're right
<Dibbler__> so on some level i would need to deny packets .. lvl 3 with a specific header from crossing over
<Dibbler__> that's not firewall stuff
<Dibbler__> thats above
<cokegen> can't you configure the dchp server on each side to assign a different pool range ?
<Dibbler__> yes
<cokegen> that way you can completely block 68 from each side and no ip address would overlap
<Dibbler__> oh yes i can
<cokegen> machines still communicating etc etc
<Dibbler__> but imagine a machine with no fixed address
<Dibbler__> being connected
<Dibbler__> why would any of the dhcp's think it's his to give an ip to
<cokegen> don't understand ...
<Dibbler__> take a switch , connect 2 dhcp servers
<Dibbler__> connect a client
<Dibbler__> which one will give the ip
<Dibbler__> theres no difference
<Dibbler__> when using tap
<qman__> you have two ubuntu machines with tap or tun interfaces
<Dibbler__> i want to use tap
<qman__> you simply need to block packets on 67:68 from going through those interfaces
<Dibbler__> i am using tun
<cokegen> you need some physical separation
<Dibbler__> there is only 1 interface
<cokegen> vlan
<Dibbler__> the bridged one
<qman__> iptables -A OUTPUT -o tun0 --sport 67:68 -j DROP
<qman__> something like that
<Dibbler__> thee is no traffic
<Dibbler__> there
<cokegen> but if you connnect everything to a switch then there are no "sides"
<Dibbler__> exactly
<Dibbler__> the tap is a bridge
<Dibbler__> there are no sides
<qman__> Dibbler__, you apply the rule to your bridging interfaec
<qman__> it still works
<qman__> you just create the rule based on the interface, not the IP
<Dibbler__> but output from where
<Dibbler__> the input and output are both tap
<qman__> it doesn't matter
<Dibbler__> there is no firewall involvement
<qman__> yes, there is
<qman__> it is an interface, the firewall applies
<qman__> it doesn't matter what kind of magic it's performing to bridge the networks, there are still two tap interfaces
<Dibbler__> if you put a 68 67 frop on eth0
<qman__> and you can still filter traffic on those tap interfaces
<Dibbler__> what is going to prevent 2 computers from using it
<Dibbler__> no
<qman__> you don't use eth0
<Dibbler__> you can't
<qman__> you use tap0
<qman__> yes, you can
<qman__> I use a tap interface with openvpn, the firewall still applies
<Dibbler__> there is no difference between it being eth0 or tap
<Dibbler__> i would need to filter on level 3
<Dibbler__> the actual requests
<qman__> it's not as complicated as you're making it
<cokegen> why not redirect all traffic through separate interfaces ?
<Dibbler__> then i would need diff subnets
<Dibbler__> and thats how it works now
<qman__> just because the networks are bridged doesn't mean the interfaces go away
<qman__> you can still filter traffic
<cokegen> no, bc you can block just dhcp
<enquora> I'm having trouble with a borked package installed from a ppa.    aptitude purge problem package list  is intended to remove data and configure files as well as uninstall, right?
<Dibbler__> there is only 1 interface qman
<Dibbler__> rules need a source and a dest
<qman__> no, they don't
<qman__> you can simply drop all traffic from anywhere to anywhere on the DHCP ports
<cokegen> how not qman__ ?
<qman__> on your VPN interface
<Dibbler__> see
<cokegen> anywhere IS a source or a dest
<Dibbler__> anywhere to anywhere
<qman__> and that solves the problem
<Dibbler__> there is no to
<qman__> it doesn't matter whether you're using bridging or tunneling, it'll work
<Dibbler__> if you make a bridge there are no filters between the interfaces on an ip level
<qman__> enquora, purge removes all configuration files as well as the package
<qman__> Dibbler__, yes there are
<cokegen> Dibbler__ is right
<qman__> just because it's not routed doesn't mean you can't filter it
<cokegen> a bridge is like connecting those 2 int to a switch
<cokegen> directly
<cokegen> physical separation is not possible
<qman__> the traffic still passes through the interface, and netfilter still processes it
<Dibbler__> netfilter does ipx now does it ..
<qman__> who said anything about ipx?
<Dibbler__> me
<Dibbler__> just now
<Dibbler__> becaus ethat will pass on a bridge
<Nafallo> wait. what are you trying to achieve again?
<Dibbler__> 1 subnet on 2 physical locatiuons connected through a tap
<Dibbler__> i need a dhcp on both sides
<qman__> even if netfilter doesn't process the ipx traffic, the traffic is still going through an interface
<qman__> and netfilter can still filter it
<Nafallo> and why do you need to block dhcp at all?
<qman__> I have a configuration this way
<qman__> it works
<Nafallo> just make each dhcp server serve half the subnet?
<cokegen> yeah, that's what I said Nafallo
<Dibbler__> with dynamic ip's .. how would i prevent one or the other from giving it
<cokegen> the thing is that the interface is bridged and he has no "sides"
<Nafallo> Dibbler__: why do you need to prevent it?
<Dibbler__> discover will be sent
<qman__> there are still two sides to a bridge
<cokegen> to have a "side" he'll need physical separation
<Dibbler__> there is no ip at that point
<Dibbler__> both dhcp wil reply
<Nafallo> just let whatever dhcp answers faster give the ip?
<Dibbler__> then what if the tap disconnects
<cokegen> ip doesn't mean that if you connect that to a switch the traffic isn's available
<cokegen> to me it seems you need physical separation
<cokegen> like a vlan or something like that
<Nafallo> Dibbler__: you're on the same subnet... why does it matter?
<cokegen> or just connect either side to different network interfaces
<cokegen> but yes, Nafallo is right, you're trying to do that on the same subnet
<cokegen> there's no point on that
<Nafallo> the client won't throw away the IP just because it can't reach the DHCP server. at least not until after the dhcp timeout.
<Dibbler__> N: it matters becaus ethey are in different locations
<Dibbler__> but i supose i could just do with the 1 thne
<Dibbler__> then
<Dibbler__> and hope for the best
<qman__> the only reason it would matter is the default gateway setting
<Dibbler__> yes that too
<qman__> when the bridge dips those with addresses from the other side will not be able to reach the internet
<Dibbler__> yes
<Dibbler__> they both have different def gateways
<Dibbler__> so yes
<Dibbler__> thats why i need 2 lol
<Dibbler__> and thats why i asked
<Nafallo> meh. no one said anything about reaching the Internet :-P
<qman__> but like I said, a simple firewall rule blocking DHCP solves this
<qman__> it's not that complicated
<Dibbler__> believe me Qman
<Dibbler__> you can't block a bridge if it goes nowhere but on both sides of it
<qman__> there's no such thing as a bridge that goes nowhere
<Nafallo> Dibbler__: qman__ didn't tell you to block the bridge...
<qman__> you are bridging two networks together
<Dibbler__> it goes from one side of the bridge to the other
<Dibbler__> and you can't filter trafic on that
<Dibbler__> on an ip level
<qman__> yes, you can, because there are still two tap interfaces
<cokegen> yes, you can
<Nafallo> ignore the bridge for a bit. it's just an interface on top of other interfaces.
<cokegen> what about a virtual interface to help a bit
<Dibbler__> taps are virtual interfaces
<qman__> not needed
<cokegen> block the traffic and then do the tap to the other
<Nafallo> also, you don't want to block it on an ip level. you want to block it on an interface level. (phy)
<qman__> right
<qman__> just block all DHCP traffic in and out of the tap interfaces
<Nafallo> stop digging up the stack :-P
<qman__> it's a virtual interface, but it's still an interface
<qman__> and you can still create rules that use it
<Dibbler__> but there is nothing going in and out the tap interfaces
<qman__> yes, there is
<Dibbler__> wait sec
<Dibbler__> 1 sec
<qman__> all traffic that goes between the two sides of the bridge goes through the tap interface
<Dibbler__> http://www.shorewall.net/OPENVPN.html#id36132361
<Dibbler__> so everything is clear
<Dibbler__> this is what im talking about
<Dibbler__> bottom bit , bridging 2 networks
<qman__> yes
<Dibbler__> i get 1 bridge on each firewall
<qman__> this is also what I'm talking about
<garymc> my server is handing php a wrong timezone of 01/01/1970 anyone know how I fix this?
<Dibbler__> that is a bridge of the phys interface and the tap interface
<qman__> the way openVPN works is by creating virtual interfaces
<qman__> all traffic that goes across the bridge goes through those virtual interfaces
<qman__> and you can apply firewall rules to those interfaces
<Dibbler__> br0
<Dibbler__> on both firewalls
<Dibbler__> have a look
<cokegen> garymc: php.ini
<cokegen> give me a sec
<garymc> yeah but what have I got to set?
<qman__> then you simply block it on br0 as well
<qman__> it's not hard
<garymc> ive uncommented date.timezone =
<garymc> and added UTC on the end
<Dibbler__> quote "The Shorewall configuration is just a Simple Bridge."
<garymc> but its not fixing it
<qman__> you're digging too deep
<Dibbler__> LOL
<qman__> have you even tried to set the rules?
<qman__> you're confusing theory and simplified explanations with how it actually works
<Dibbler__> at the moment it's 2 subnets
<Dibbler__> seriously i'm not
<cokegen> phpinfo() says that php.ini is actually loaded ?
<qman__> it's not magic, all traffic passes through interfaces
<cokegen> http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
<qman__> and all interfaces can have rules applied
<Dibbler__> it doesn't
<qman__> that's how it works
<Dibbler__> no
<qman__> yes
<garymc> cokegen : yes
<Dibbler__> you can only filter level 5 with a firewall
<Dibbler__> bridges are level 3
<garymc> HOw can I test my time settings are correct
<cokegen> I have date.timezone = UTC
<cokegen> and it HAS to work
<Dibbler__> there is no ip level traffic
<Dibbler__> believe me
<uvirtbot> New bug: #685284 in linux-meta (main) "Deadlock in n_tty_read()" [Undecided,New] https://launchpad.net/bugs/685284
<garymc> yes i have added mine to that. It was commented out.
<garymc> Once I change I ran /etc/init.d/apache2 restart
<Nafallo> if there are no ip traffic, what is it then?
<garymc> not working
<Nafallo> are you trying to do dhcp over something else than ip?
<Dibbler__> your dhcpdiscover is not ip level
<cokegen> garymc: phpinfo() should say something like Loaded Configuration File => /srv/php/etc/php.ini
<cokegen> with the php.ini at the end
<cokegen> also, comment other date.something stuff in php.ini
<cokegen> and of course restart apache or whatever webserver you have (if you actually have one)
<qman__> Dibbler__, dhcp happens on IP
<Dibbler__> yes
<qman__> I can't explain it any clearer
<Dibbler__> yes it does
<qman__> all traffic passes through interfaces
<Dibbler__> source address 0.0.0.0
<qman__> firewall rules apply to interfaces
<Nafallo> http://en.wikipedia.org/wiki/Dhcp#DHCP_discovery
<Dibbler__> dest 255.255.255.255
<Dibbler__> i know
<qman__> your VPN/bridge/whatever does not change that fact
<Dibbler__> no no it doesnt
<qman__> you just need to find which interface your traffic is passing through, and filter it
<Dibbler__> and you can't filter traffic between branches of a bridge
<qman__> yes, you can
<Dibbler__> on an ip level
<qman__> you can filter on every interface that exists
<qman__> even if no routing occurs
<garymc> php 5.2.10
<qman__> even if they don't have IPs assigned
<Dibbler__> i think i found what i need
<Dibbler__> ebtables does layer 3 filtering
<Dibbler__> ill have a look at that
<Dibbler__> thank you for trying guys
<cokegen> garymc: worked ?
<Nafallo> Dibbler__: you are telling me iptables -A INPUT -i tap0 -j DROP wouldn't cause any disruption in your tunnel traffic?
<Dibbler__> br0
<Dibbler__> in this case
<Dibbler__> not tap
<Nafallo> Dibbler__: br0 is on top of tap0 and ethX.
<Dibbler__> yes
<Nafallo> Dibbler__: you are climbing to far in teh OSI stack again.
<Dibbler__> i will try
<Dibbler__> but once you make a bridge
<Dibbler__> your tap and ethX iterfaces get no Ip velel address or anything
<Dibbler__> really guys
<Nafallo> just stop thinking about the damn bridge for a bit :-P
<Nafallo> :-)
<lifeless> Nafallo: oh hai
<Nafallo> hi lifeless :-)
<Dibbler__> once it's there
<Dibbler__> the interfaces connected to it have no lvl 5 traffic
<Dibbler__> you can't make rules
<Dibbler__> and yoy din't seem to believe me
<Nafallo> fine. you can't make rules :-)
<Nafallo> I give up
<Dibbler__> again i am sorry
<Dibbler__> i hope you never have to do this
<Nafallo> I'm running a bridge with 7 mixed virtual and physical interfaces in production.
<patdk-lap> level5 traffic? your blocking http cookies? :)
<Dibbler__> http://forum.soft32.com/linux2/Ebtables-stop-DHCP-ARP-ftopict40834.html
 * Nafallo shrugs
<garymc> HOw do I update php5.2.10 to 5.3? or the lates version?
<cokegen> garymc: worked ?
<garymc> no I got disconnected
<garymc> I think I need to update php
<ivoks> ebtables?
<ivoks> come on man :)
<ivoks> iptables -m physdev --physdev-in eth1
<ivoks> iptables -m physdev --physdev-in eth0
<Dibbler__> Nafallo , again i'm sorry to have bothered you
<ivoks> kthxbye
<Nafallo> hi ivoks :-)
<Dibbler__> i'm fine now , i have found what i needed ,
<garymc> ok whats the best way to update php withour busting anything?
<Nafallo> Dibbler__: good. :-)
<cokegen> garymc: always better to have the lastest php but you don't need it to fix that
<lifeless> garymc: apt-get upgrade
<garymc> no?
<patdk-lap> upgrading php will always bust php :)
<garymc> I dont wanna do that
<ivoks> so manu people want php 5.3
<ivoks> just to realize their app doesn't work
<ivoks> and i hate web developers
<garymc> ok so what do you suggest?
<cokegen> and I hate you
<cokegen> :D
<ivoks> kill webdevs
<ivoks> :)
<ivoks> why do you need php 5.3?
<cokegen> 90% of the php code out there sucks
<patdk-lap> I'm pretty happy with php 5.3 :)
<ivoks> just because of the number or what?
<patdk-lap> didn't have anything broke from the upgrade
<garymc> well my php developer is running a test version on his server which is working and hes running 5.3
<cokegen> and php in itself sucks, just like any other language for the web
<garymc> my server is running 5.2.10
<cokegen> there's very little that doesn't work from 5.2 to 5.3
<ivoks> garymc: tell your web developer that isn't how work is done
<cokegen> it's very well documented
<ivoks> you have production and then you copy prouction env to create staging
<lifeless> http://devzone.zend.com/article/11701?
<garymc> ok im lost on what to do here
<patdk-lap> or you just make your program compatable :)
<ivoks> you don't let your web dev to come up with some random stack that's impossible to maintain
<lifeless> http://www.php.net/manual/en/migration53.incompatible.php
<patdk-lap> garymc, you using karmic?
<patdk-lap> cause lucid comes with 5.3, and lucid is lts, so
<garymc> errrm cant remebr if I upgraded or not
<cokegen> garymc: what problem do you actually have
<lifeless> garymc: have your web dev read the migration docs, and get him to code compatibly
<ivoks> cokegen: his problem are web devs :)
<cokegen> I don't think upgrading php will fix it
<cokegen> ivoks: so I'm the problem ? :D
<garymc> hes writing a script that shows a date , but on my system its showing 01/01/1970
<ivoks> :)
<cokegen> with what function exactly ?
<cokegen> date() ?
<ivoks> date was there before i was born :)
<lifeless> garymc: and on your system
<cokegen> yes, but I think the problem is the data he's providing to the date() function
<lifeless> garymc: if you run 'date' in a shell, what does it show?
<cokegen> if you provide date() with null you get 01/01/1970
<garymc> here is the string hes using echo date('d/m/Y', strtotime('next friday'))
<cokegen> so the problem could be something else
<cokegen> echo strtotime('next friday');
<garymc> ok yes possibly and Im oblivious to what it is
<ivoks> Nafallo: hi :)
<garymc> lifeless : Sat Dec  4 21:27:38 GMT 2010
<cokegen> and echo strtotime('next friday'); ?
<cokegen> should give you a timestamp (that's php code of course)
<cokegen> not in a shell
<cokegen> garymc: also, is date/time support enabled in a phpinfo() ?
<garymc> ill look now
<garymc> yes its enabled
<cokegen> you need to see if echo strtotime('next friday'); is actually returning an int (timestamp)
<ivoks> php 'echo strtotime('next friday');'
<ivoks> will that work?
<ivoks> nope :)
<patdk-lap> php -r 'echo strtotime("next friday");'
<garymc> where do I put that? in terminal window?
<cokegen> on code
<garymc> on code?
<cokegen> just do a new php file and put <?php echo strtotime('next Friday'); ?>
<cokegen> see what that gives you
<cokegen> should give you an int
<garymc> 1291939200
<garymc> what the hell is that ? ^
<patdk-lap> php -r "print date('d/m/Y', strtotime('next friday'));"
<ivoks> that's date
<ivoks> that's Fri, 10 Dec 2010 00:00:00 GMT
<cokegen> well, then that date line should never give you 01/01/1970
<cokegen> you're looking somewhere else man
<ivoks> i bet he doesn't have connection to sql :)
<cokegen> date is independent from whatever config you have providing the 2nd paramenter
<garymc> ok it must be the php code my pdev is using
<ivoks> php -r "print date('d/m/Y', '0');"
<ivoks> that's 1/1/70
<cokegen> ivoks,  THAT should give you 01/01/1970
<ivoks> yep
<cokegen> unix epoch
<cokegen> but not with 1291939200
<cokegen> I say impossible
<ivoks> of course
<ivoks> that's what i'm saying
<ivoks> he's 'dating' 0, instead of meaningfull time
<cokegen> maybe he placed the code somewhere else etc etc
<ivoks> he's feeding 0 to date()
<garymc> would updateing be harmful?
<cokegen> well, it seems php is NOT the problem
<cokegen> so I'd recommend against upgrading in this case
<ivoks> problem is in web dev, as always :D
<ivoks> make that 'php wana be web dev'
<garymc> am i gonna mess up php if i try upgradE?
<ivoks> garymc: we can't tell you if upgrading php will help or not
<ivoks> garymc: cause date() function isn't the problem
<ivoks> garymc: you don't know where it is, and it's very hard for us to find it for you
<cokegen> fuck ... x-chat dies on me
 * cokegen is starting with all the linux idiosyncrasies
<garymc> ok i need to upgrade php
<coketo> why's that ?
<garymc> Apparently there are other reasons I need to upgrade php
<garymc> does "apt-get upgrade" upgrade everything?
<coketo> for security, not much from the functionality perspective
<garymc> not just php?
<coketo> apt-get upgrade php
<coketo> (I think)
<garymc> you think i will break php?
<ivoks> you should update whole distrbution
<coketo> I agree with ivoks
<garymc> will it mess any of my current setup?
<ivoks> if you have php 5.2, then you are in pre-lucid
<garymc> I got a working web server on there etc
<garymc> it an LTSP server
<garymc> Linux Terminal Server Project
<ivoks> do you even know which version of ubuntu you have?
<garymc> I have upgraded from jaunty to karmic
<garymc> I think im on karmic
<garymc> ubuntu 10 something
<ivoks> karmic is 9.10
<garymc> what command tells me my version?
<ivoks> lsb_release -a
<garymc> Karmic 9.10
<garymc> it also says "No LSB modules are available"
<ivoks> that will be EOL in 5 months
<garymc> So If I upgrade will it delete my SQL server or anything?
<ivoks> no, it will upgrade
<garymc> ok so whats the command to upgrade the whole system?
<garymc> apt-get upgrade
<ivoks> you are maintaining that server since jaunty?
<garymc> yes
<ivoks> and you don't know basic functions of apt?
<garymc> well, im in and out of use, ive got a bad memory used to smoke alot of pot
<ivoks> you need to update to current karmic patches and fixres
<ivoks> apt-get dist-upgrade is used for that
<garymc> can i not do that with one command?
<Nafallo> do-release-upgrade does all that surely?
<ivoks> Nafallo: i don't think it updates current release
<garymc> Ok so could you tell me the exact command I need to use?
<Nafallo> not sure if it did back in karmic, but pretty damn sure it did in 10.04.
<ivoks> i did, a minute ago
<garymc> apt-get dist-upgrade
<garymc> ^ yes
<uvirtbot> garymc: Error: "yes" is not a valid command.
<ivoks> yes
<garymc> ok im going to do it
<ivoks> you should do that reguallry
<ivoks> if you didn't, then your system is full of security holes
<garymc> ok its running now
<garymc> i guess its gonna take a while
<ivoks> Nafallo: i didn't do do-release-upgrade since hardy :)
<garymc> ivoks
<Nafallo> ivoks: your systems wouldn't be covered by support then ;-)
<garymc> it failed
<ivoks> Nafallo: eh?
<ivoks> Nafallo: from hardy to lucid
<ivoks> garymc: hit the panic button!!!
<Nafallo> ivoks: pretty sure our only supported options would be to use the upgrade-manager these days. I could be wrong though.
 * Nafallo shrugs
<ivoks> garymc: since you never did security updates, your system probably doesn't know where to find them
<garymc> it says to try apt-get update
<ivoks> that's why you should run apt-get update first
<garymc> ok lol
<ivoks> Nafallo: you didn't understand me
<ivoks> Nafallo: i haven't run do-release-upgrade on anything newer than hardy; all my servers are LTS
<Nafallo> ivoks: ah. sorry. yes. makes sense now :-)
<Nafallo> ivoks: I'm obviously a bit disappointed that your laptop isn't running the latest and greatest, but that's not my concern ;-)
<ivoks> it's maverick :p
<Nafallo> oh. and you would have done it through the gui... never mind.
 * Nafallo blames the party last night :-P
<garymc> Ivocs : I ran upgrade but it says im still 9.10
<ivoks> of course you are
<ivoks> don't you read?
<garymc> yep I ran apt-get dist-upgrade and it hasnt upgraded me but looked like it went smooth
<ivoks> 22:21 < ivoks> you need to update to current karmic patches and fixres
<ivoks> now you are on up to date karmic
<ivoks> to upgrade to ubuntu 10.04
<garymc> Ohhh right, so what do I do?
<ivoks> you should run do-release-upgrade
<garymc> so
<garymc> apt-get release-upgrade
<ivoks> khm
<garymc> khm?
<ivoks> 22:36 < ivoks> you should run do-release-upgrade
<garymc> so in terminla type "do-release-upgrade" ?
<garymc> ok its away
<garymc> ok it says  I f I continue an additional ssh daemon will be started at port '9004'
<ivoks> we know how it goes
<ivoks> we've done it... lost of times, if not a hunderd :)
<garymc> OK, I dont mean to be a pain
<cap_00> i updated 10.4 this morning now my network interfaces are missing
<ivoks> talking about perfect timing :)
<garymc> you gotta be kidding me!!
<cap_00> can anyone help me either undo the update or walk me through claming the network interfaces
<ivoks> cap_00: dmesg | grep eth
<garymc> ARRRRHHHHH!!!! Dont be saying this shit
<cap_00> i don't get anything under that command.... nada
<ivoks> cap_00: do you know what network cards you have?
<garymc> my screen is just sitting at Calculating changes.. is this normal?
<cap_00> lshw -C network shows both my interfaces as UNCLAIMED
<cap_00> intel, built into the mobo
<ivoks> cap_00: uname -a says what?
<ivoks> wait... unclaimed?
<ivoks> uname -r
<cap_00> ya, first one says linux server 2.6.32-26-server yada yada
<ivoks> lspci | grep Ethernet
<ivoks> paste it on the pastebin
<cap_00> pastebin?
<ikonia> garymc: please control the language
<ivoks> pastebin.ubuntu.com
<cap_00> oh
<garymc> sorry
<cap_00> k
<cap_00> i can't ssh, obviously so i'm writting everything out by hand
<ivoks> oh,right
<ivoks> then just type the model
<databits> anyone here familiar with cyrus ?
<ivoks> Intel Corporation XXXXXXX Gigabit Network Connection
<ivoks> that XXXXXXX
<ivoks> type it here :)
<ikonia> ivoks: do "sudo ifconfig -a" do you see an eth device for it
<cap_00> 82573L and 82573E
<ivoks> those are supported
<Patrickdk> hmm, I have an 82574L, e1000e driver
<ikonia> sorry, that was for cap_00
<ivoks> looking at 82575EB
<cap_00> ya, everything was working fine until this morning when i updated using apt-get update
<ivoks> cap_00: lsmod | grep e1000
<ivoks> then lsmod | grep igb
<cap_00> ifconfig only shows lo even though i name eth0 and 1 in /etc/networking/interfaces
<cap_00> k jas
<ikonia> sounds like the modules are not loaded
<cap_00> ya
<ivoks> i don't understand you cap_00
<ivoks> :)
<ivoks> ah, Just A Second
<Patrickdk> what exactly do you have in interfaces? :)
<cap_00> neither lsmod did anything
<ivoks> interfaces aren't the problem, at least not yet
<ivoks> modprobe e1000e
<Patrickdk> hhm
<ivoks> modprobe igb
<ivoks> not sure which one is for that model, but one of those must be
<cap_00> FATAL: Module e1001e not found
<ivoks> e1000e
<cap_00> same
<ivoks> you don't have e1000e module?!
<cap_00> says...
<ivoks> /lib/modules/2.6.32-26-server/kernel/drivers/net/e1000e/e1000e.ko
<ivoks> do you have this file?
<cap_00> all config files need .conf: /etc/modprobe.d/aliases, it will be ignored in a future release then the fatal part
<ivoks> ah
<ivoks> mv /etc/modprobe.d/aliases /etc/modprobe.d/custom-aliases.conf
<ivoks> depmod
<ivoks> modprobe e1000e
<cap_00> did mv and not found
<ivoks> kernel module not found?
<cap_00> i think so
<cap_00> FATAL: module e1000e not found
<ivoks> ls /lib/modules/2.6.32-26-server/kernel/drivers/net/e1000e/e1000e.ko
<ivoks> does that ^ file exist?
<cap_00> it's called e1000.ko on my box
<cap_00> in the /e1000/ dir
<ivoks> there are both e1000 and e1000e
<ivoks> i asked for e1000e
<cap_00> i only have the e1000 when i do ls /lib/modules/2.6.32-26-server/kernel/drivers/net/
<ivoks> how's that possible?
<ivoks> did you run out of disk space?
<cap_00> good question
<cap_00> nope
<Patrickdk> maybe his fs got corrupted
<cap_00> 50gb free
<ivoks> then just install the package again
<Patrickdk> or apt didn't finish unpacking the kernel?
<Patrickdk> apt-get install --reinstall linux-server
<cap_00> how, i'm not on the net anymore
<Patrickdk> actually, need the real package
<ivoks> dpkg -i /var/cache/apt/archives/linux-image-2.6.32-26-server*/deb
<Patrickdk> cap_00, doesn't matter, unless you did an apt-get clean
<ivoks> bah
<ivoks> dpkg -i /var/cache/apt/archives/linux-image-2.6.32-26-server*.deb
<cap_00> it won't overwrite any server files will it? like samba?
<ivoks> no
<ivoks> just broken kernel
<ivoks> Patrickdk: that would just reinstall meta package ;)
<Patrickdk> I realized that after I type it :)
<cap_00> no such file or directory
<cap_00> :(
<ivoks> boot an older kernel
<Patrickdk> usb stick time :)
<Patrickdk> or that :)
<ivoks> so, someone was tampering with your files
<ivoks> if the cache is empty, someone deleted it
<cap_00> i was in the middle of trying to get KVM to bridge to my lan
<ivoks> and i find it... strange that only modules missing are those you need :)
<cap_00> other then that, all i did this morning was apt-get update and apt-get upgrade
<ivoks> dist-upgrade i hope
<cap_00> oh no!!!!!!!!!1
<cap_00> just upgrade
<ivoks> upgrade wouldn't install new kernel
<ivoks> so, you were broken before you did apt-get
<cap_00> wow
<cap_00> ok, we'll lets fix it
<databits> [17:48] <databits> Dec  4 17:44:39 ubuntu cyrus/imap[12980]: executed
<databits> [17:48] <databits> Dec  4 17:44:39 ubuntu cyrus/imap[12980]: accepted connection
<databits> [17:48] <databits> Dec  4 17:44:39 ubuntu cyrus/imap[12980]: badlogin: [192.168.1.114] plaintext databits SASL(-13): authentication failure: checkpass failed
<cap_00> so i need 10.4 LTS image on a bootable usb?
<cap_00> or will a CD do?
<ivoks> no
<databits> does anyone have any idea what might be causing this issue ?
<ivoks> you need to boot and older kernel
<Patrickdk> hold down shift while you boot
<Patrickdk> use down arrow
<ivoks> if you don't have, copy the deb to the usb stick
<cap_00> is there a live 10.4 command line server usb ? i thought i tried and failed
<cap_00> or just install to a usb drive?
<ivoks> you just need usb stcik
<cap_00> got one
<ivoks> it is 386 or amd64?
<cap_00> oooooh copy that file from the cd?
<cap_00> 64
<ivoks> http://hr.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-26-server_2.6.32-26.48_amd64.deb
<ivoks> download this
<ivoks> copy to stick
<ivoks> install on server
<ivoks> of course, if you have needed usb modules :)
<cap_00> lol lets hope
<cap_00> the backup drive is usb and it worked last week...
<ivoks> your system broke between last reboot and now
<cap_00> oh right...
<cap_00> fingers crossed
<ivoks> it would be smart to find out when, who and why
<cap_00> i'm the only one with root priveledge.... ???
<ivoks> if $who is someone you don't know or $why just sounds stupid, you'll need to reinstall the system :)
<cap_00> really?
<ivoks> then i guess you know who $who is :)
<cap_00> lol
<ivoks> unless you have some disorder
<cap_00> i hope not
<ivoks> http://en.wikipedia.org/wiki/Dissociative_identity_disorder
<ivoks> like this one
<cap_00> lol
<cap_00> let me check the raid 1 array to see if something is up there
<ivoks> or... of course... maybe you just think that you're the only root
<ivoks> while reality is somewhat different
<cap_00> raid looks fine
<ivoks> it's not raid
<ivoks> if it would be raid, you won't be able to boot
<ivoks> it user
<cap_00> just wanted to make sure it wasn't something hardware.......... ish
<ivoks> it's user
<cap_00> how do i see a full list of priveledged users?
<ivoks> that's what i'm saying... if it's hardware problem on raid, then your FS wouldn't know who it is and refused to work
<ivoks> members of admin group
<ivoks> /etc/sudoers
<osmosis> beautiful!  if my server gets too high a load average...all my virtual guests go crazy with CPU Stuck issues. wait a go kvm!
<ivoks> and, what lots of people forget, /root/.ssh/authorized_keys
<ivoks> osmosis: or... you could ask first
<osmosis> shuttleworth says it right here, ubuntu is not a server distro.  http://www.markshuttleworth.com/archives/517
<cap_00> i'm the only IT guy here, and certainly the only one that knows linux
<ikonia> nice job promoting your own distro to business when you are supposed to want to compete with Redhat
<cap_00> not that i'm much past a newb with a book
<shauno> I don't see anything in that post that says it's not a server distro
<ivoks> ikonia: ?
<ikonia> ivoks: shuttworth's blog post
<ivoks> ikonia: what about it?
<ivoks> ikonia: have you read it?
<yann2> osmosis, what version are you using?
<ikonia> ivoks: pretty much
<ivoks> it mentions server 4 times
<ivoks> once, where it says that server is ahead of desktop
<osmosis> yann2, LTS 10.04.  Its been out for 7 months, and still not stable for virtualization
<ivoks> and other three times in links
<yann2> osmosis CPU stuck you say? on  the guest or the host?
<ivoks> osmosis: i do high cpu work on VM, and other VMs don't have a problem
<osmosis> ivoks, shuttleworth says that his focus is on improving the desktop
<osmosis> yann2, guest
<yann2> osmosis, what are the guests?
<ivoks> "it just wasnât being delivered in a way that would take it beyond the server, or to the general public."
<yann2> 10.4 too?
<osmosis> forget about it. ive been trying to get it fixed for months.
<osmosis> yann2, also 10.04 LTS
<yann2> have been running 10.4 hosts and vms for a while, havent had any issues yet, but relatively low load. I've got CPU stuck issues on a specific sun server and with hardy though :)
<shauno> I think that it's safe to agree that linux is doing better in the server space that on the general public's desktop.  he doesn't negate the work on -server anywhere in that.
<yann2> kvm-pxe is broken in lucid though, but easily circumvented by using maverick's
<osmosis> oh well, dont worry about it. im just frustrated. sorry to vent. bye
<ivoks> or, even easier
<ivoks> yann2: all the files are there, just in the wrong place
<ivoks> simple cp solves the issue
<cap_00> usb works
<yann2> ivoks, kvm-pxe? maybe, not sure, there was a symlink story, but I think it didnt work even with the symlinks (as far as I remember)
<cap_00> but can't install file
<ivoks> cap_00: how come?
<cap_00> i can install it right from /mnt/usb/ right?
<yann2> I think there was another bug behind the one you mention :)
<garymc> Wow this takes a long time
<ivoks> yann2: i've been using pxe boot since lucid was released
<ivoks> yann2: i've pxe booted lots of machines on lucid
<ivoks> not sure what you are talking about
<cap_00> says no such file or directory :(
<ivoks> cap_00: did you mount the drive?
<cap_00> unless i'm missing a typo.... sudo dpkg -i /mnt/usb/linux-image-2.6.32-26-server_26.32-26.48_amd64.deb
<cap_00> ya i can ls
<ivoks> cap_00: did you mount the drive?
<ivoks> ok
<ivoks> does installation starts?
<ivoks> or it tells that /mnt/usb/linux-image-2.6.32-26-server_26.32-26.48_amd64.deb doesn't exist?
<cap_00> doesn't exist
<ivoks> is that the only .deb file there?
<cap_00> yup
<ivoks> try sudo dpkg -i /mnt/usb/linux*deb
<cap_00> ok
<ivoks> that way making a typo is much harder
<cap_00> error processing /mnt/usb/...... conflicting packages - not installing linux-image2.6.32-26-server
<cap_00> that seems very bad :(
<cap_00> it also says -virtual conflicts with -server
<ivoks> virtual?
<cap_00> i installed kvm libvirt-bin ubuntu-vm-builder
<ivoks> is that virtualized server or normal server?
<cap_00> and linux-image-virtual for kvm
<ivoks> no man
<ivoks> :)
<ivoks> linux-image-virtual is for virtualized machines
<cap_00> woops....
<ivoks> for guests
<cap_00> why would i do that
<cap_00> remove?
<ivoks> yes
<cap_00> reboot?
<ivoks> no
<ivoks> you have half-installed kernel now
<cap_00> 32.8kb of pain gone
<ivoks> the one you installed from usb stcik
<ivoks> stick
<ivoks> first, remove all virtual kernels
<cap_00> it still says conflicts
<cap_00> how?
<ivoks> apt-get remove linux-.*virtual.*
<cap_00> couple of damaged link warnings
<cap_00> says may need to re-run boot loader
<ivoks> did it finish?
<cap_00> which i did this morning after the udate......... all cause i installed the virutal kernel on my host?
<cap_00> i think it did
<ivoks> did it finish?
<ivoks> whell, do you have shell or not?
<ivoks> :)
<cap_00> yes
<ivoks> install the kernel from usb stick
<cap_00> k
<cap_00> YAY!
<ivoks> now reboot
<cap_00> *bows down*
<ivoks> http://en.wikipedia.org/wiki/Dissociative_identity_disorder
<ivoks> ^^
<uvirtbot> ivoks: Error: "^" is not a valid command.
<cap_00> lol
<cap_00> they're up now
<cap_00> should i do a apt-get upgrade to clean anything up?
<ivoks> dist-upgrade
<cap_00> k
<cap_00> that'll keep me on 10.4 lts right?
<ivoks> yes
<cap_00> y
<ivoks> do-release-upgrade moves you to newer version
<ivoks> perfect command name
<cap_00> lol
<ivoks> i'm serious
<ivoks> :)
<cap_00> warning: linux-server linux-image-server cannot be authenticated
<ivoks> update
<cap_00> y/n?
<cap_00> k
<cap_00> i did linux-image-virtual for kvm like a week ago lol and just rebooted this morning
<cap_00> it's stuck at 0% connecting to us.archive.ubuntu.com
<ivoks> ah... us
<ivoks> can't do right... anything :)
<cap_00> lol
<ivoks> it's actually cname for UK mirror, iirc
<ivoks> or not
<cap_00> may need to tweak the network connection i can't ping google.com
<cap_00> i can only ping machine's on my lan
<ivoks> well, that's another story now
<ivoks> and since it's almost 1AM over here
<ivoks> i'll pass this one :)
<cap_00> lol ok
<cap_00> thanks for all your help, i should be able to peice this together
<ivoks> np, good night
<cap_00> night
<garymc> im still upgrading :S
<garymc> should I reboot server once relaese upgrade is completE?
<cap_00> ouch
<garymc> or does it do it automaticly
<garymc> cap_00 what you mean?
<garymc> am i about to get my fingers well and truly burnt?
<cap_00> i was joking
<garymc> :S phew
<garymc> gota go pick missus up now too
<ivoks> do-release-upgrade will guide you
<garymc> still upgrading... it goes on on and on like Ariston
<cap_00> sleep typing ;)
<ivoks> no, last smoke and last beer
<garymc> ok ill be back in 20 mins if your still here
#ubuntu-server 2010-12-05
<cap_00> ivoks you're awesome
<cap_00> i'm back up
<cap_00> where can i take a course on ubuntu or some trainning to know all that?
<ivoks> training.canonical.com
<ivoks> or #ubuntu-training
<ivoks> that would be a good first step
<cap_00> awesome, i'll take one soon
<ivoks> make that
<ivoks> http://www.ubuntu.com/support/training
<cap_00> i'm sure work wouldn't be to happy if this had of happened on monday morning instead of saturday
<ivoks> well, you were the all variables in equation.. so :)
<cap_00> yuuuup
<cap_00> one quick question for you before you go?
<cap_00> do i need to turn on a gui in order to log into kvm for the first time? i tried putting the openssh-server in the --addpkg but it never seemed to work for me unless i messed up the bridged network config
<cap_00> maybe not so quick lol
<cap_00> thanks a million ivoks, i owe you a beer or 10
<ivoks> nope
<ivoks> ah, he left
<ivoks> didn't have a change to mention vnc :)
<ivoks> chance
<cokegen> anyone knows how to configure compiz ?
<cokegen> stupid question to ask here, I know
<garymc> im upgrading ubuntu to latest version it now asking if I want to keep localy modified files or install package maintainers version? What should I do?
<jgould> depends on what you've done to the local fiels
<garymc> ok ill keep the current versions
<jgould> I did that and kept my locally modified files so I didn't lose my samba config
<garymc> god it goes on this upgrade
<garymc> hope the whole thing doesnt come crashing down
<jgould> I did that and lost a very customized samba config
<jgould> Now if only I could get my NFS working, I'd be happy
<garymc> system is rebooting. Fingers crossed
<garymc> touching wood
<garymc> It works.... well website does an stuff also fixed my previous date issue today
<garymc> good night
<garymc> Thanks ivoks
<aarcane> anyone have a working extables-addons-source ?  mien gives error messages every time I run m-a a-i xtables-addons-source :(
<lucascastro> does someone know something about monitor authentications ?
<databits> what is the default directory for the imap.conf, and smtpd.conf ?
<jhansonxi> I have a pair of Apache2 sites (www, www-other).  How do I restrict the BackupPC alias (in conf.d) so that /backuppc only exists in www?
<Starhero> Hello
<Starhero> Anyone know of a twitter CLI app that actually works? Trying to through it into a script for an auto update...
<Starhero> The ones i have tried give me a 401 unauth error
<Starhero> the pass is correct with the username
<Cromulent> Starhero: are you sure? 99% of times I have thought the app was broken it turned out I had done something wrong
<Cromulent> recheck the password / username
<Starhero> I have quite a few times
<Starhero> What do you use? I'll do more testing on what app you speak of...
<Starhero> even gotweet isnt working
<Cromulent> Starhero: the app I referred too was a general app not a specifc - as in when one has a problem with a given app it is generally down to user error
<Cromulent> sorry I should have been clearer
<Starhero> hmm I trhink maybe it is because something called Oauth isn't installed....I have see referances to it ...but i think that is an embeded class or something i am not sure
<CppIsWeird> I have a raid 5 setup using mdadm. My server has been on for a few days with little activity. All of the sudden I noticed the sound of my hard drives working a lot more then they should. I checked the state of the raid 5 and it says "clean, recovering" and has a rebuild status of 31%. this raid has been built and active for many months, what does this behavior mean?
<CppIsWeird> listed under "Active Devices : 4, Working Devices : 4, and Failed Devices : 0"
<Doble> whats the uptime of your server cppisweird?
<Doble> is it possible it has crashed or had a power failure ?
<CppIsWeird> no, it does not boot back up after a power failure
<CppIsWeird> uptime is 4 days
<aarcane> CppIsWeird, check your smart status, there should be something in there.
<a1fa> anyone familiar with taskset?
<a1fa> i split two processes across two different cores, but only one is crunching while other one is idle?
<joschi> anyone familiar with octopussy (http://www.8pussy.org/)?
<ckvcom> register
<uvirtbot> New bug: #685426 in tftp-hpa (main) "package tftpd-hpa 5.0-11ubuntu2 failed to install/upgrade: el subproceso script post-removal instalado devolviÃ³ el cÃ³digo de salida de error 127" [Undecided,New] https://launchpad.net/bugs/685426
<Sparsh> Hello, I have a ubuntu 10.04 64 bit server which is used to server as much as 40Million web requests per day
<Sparsh> the request ranges from all over the world and ofcourse involved millions of different IP addresses
<Sparsh> I am not sure how to best configure the server as far as IP conncetions setting is involved
<ivoks> sunday is perfect timing for that question :)
<ivoks> are there any problems with current setup?
<ivoks> Sparsh: ^
<Sparsh> there are some problems btu I am not sure if they are because of this issue
<Sparsh> last night we had 504s
<Sparsh> and a lot of connections were refused
<Sparsh> so I guess we reached the saturation and our server wasnt accepting more connections from IPs
<Sparsh> but I dont know where to start investigation and fix
<ivoks> web server is?
<Sparsh> yea. it got Varnish Cache on it
<Sparsh> only varnish and pound cache on it.. with backend connected with 5 apache servers on a round robin basis
<ivoks> so... http error messages are above ip
<ivoks> if you get http error messages, then your ip communication is ok
<Sparsh> possible SYN flooding on port 80. Sending cookies
<Sparsh> this is one of the error we got
<ivoks> you'll get those all the time
<Sparsh> and also our monitoring scripts reported 504s (Gateway Timeout)
<Sparsh> what does this error mean
<ivoks> nothing to worry about unless you get it bunch of times and no one can access the web
<ivoks> let's start all over again
<Sparsh> hmm.. but how to check the IP tables / IP connections related configuration
<Sparsh> sure
<ivoks> we are talking about varnish or apache machine?
<Sparsh> varnish machine to start with
<ivoks> so, that machine reports 504 when accessing apache?
<Sparsh> Yes,
<ivoks> then you have a problem
<Sparsh> http://monitor.wingify.com/munin/visualwebsiteoptimizer.com/varnish.visualwebsiteoptimizer.com.html#Varnish
<Sparsh> this is a munin graph
<Sparsh> there were a lot f backend conn failures
<ivoks> yes
<ivoks> and you have a very bad cache hit/miss ratio
<Sparsh> all we know is something went very wrong yesterday.. but what exactly is something I have jst started investigation
<Sparsh> its usually around 70
<Sparsh> because we ourselves force pass to a few web requests
<Sparsh> our config demands hit for only one specific type of request
<ivoks> well, have you seen your 'connection through firewall'?
<Sparsh> how exactly to see that
<ivoks> http://monitor.wingify.com/munin/visualwebsiteoptimizer.com/varnish.visualwebsiteoptimizer.com-fw_conntrack.html
<Sparsh> ohh sorry..
<Sparsh> the big chunk of data missing is because we switched the website to our backup server cluster
<ivoks> i have a website with half the traffic you get
<Sparsh> when we realized that something is going bad with it
<ivoks> but with only 2 apaches
<Sparsh> do you also use some sort of caching system ?
<Sparsh> for us response times is the most critical thing.
<ivoks> and with bigger cache hit/miss ratio
<ivoks> i use varnish too
<Sparsh> okay, we have recently moved to varnish and still trying to learn
<Sparsh> 2 days back we moved completely from nginx based load balancing to varnish front
<ivoks> it takes time
<ivoks> was there a reason for that?
<ivoks> was nginx failing? :)
<Sparsh> well nginx was sending request to apache servers
<Sparsh> then we installed varnihs
<Sparsh> and started routing traffic via varnish
<Sparsh> so it was nginx->varnish->apache which is a waste.. so we removed nginx and let varnish face the traffic
<ivoks> ok
<Sparsh> and suddenly we realized http://monitor.wingify.com/munin/visualwebsiteoptimizer.com/varnish.visualwebsiteoptimizer.com-fw_forwarded_local.html has shot up
<Sparsh> and still increasing
<Sparsh> and I wonder we arent doing something correctly.. maybe ip connections are active for a lot longer then required
<ivoks> there's no single anwser for this setups
<ivoks> every setup is customized to your needs
<Sparsh> http://paste.org/pastebin/view/25768
<ivoks> this isn't unusal graph
<Sparsh> this is the varnish settings we have at the moment
<ivoks> on my less frequent web, it's ~18k
<Sparsh> hmm
<ivoks> so, when you used nginx
<ivoks> i guess your servers had public ips?
<ivoks> nginx wasn't doing nating, right?
<Sparsh> yes
<Sparsh> it was again a very basic kinda default setup and there wasnt any NATing
<ivoks> and now there is NATing?
<ivoks> varnish has public ip, while apaches have private ips
<ivoks> that explains ipconntrack
<ivoks> if you don't do NAT, then there aren't connections to track
<Sparsh> hmm.. sorry but I am not exactly aware of this
<Sparsh> is ipconntrack bad ?
<ivoks> no
<Sparsh> what exactly is it
<ivoks> that's a normal thing
<ivoks> when your machines does NAT, it tracks the connections
<Sparsh> if there is any efficiency issues here
<ivoks> looking at your graph, you don't have that many connections
<ivoks> you have 10x less than i do
<Sparsh> well during peak its around 400 req/sec
<ivoks> i'm talking about ipconntrack
<Sparsh> okay
<ivoks> your peek is 2k
<ivoks> which is... low
<Sparsh> okay.
<Sparsh> anything else which is unusual in the graphs which you can spot
<Sparsh> or any other variable / config on the server which might be important to the type of setup we have
<ivoks> no, everythin looks fine
<ivoks> you should look at your apache servers
<ivoks> one thing i'm missing on this graphs
<ivoks> if varnish server is doing NAT, why do you have only eth0
<Sparsh> what does it mean
<ivoks> you know what NAT is?
<Sparsh> I have some idea YES, but ofcourse wont say I know it all
<ivoks> so, if you have private network on eth0
<ivoks> your kernel does NAT to eth1
<ivoks> or eth1 to eth0
<ivoks> http://en.wikipedia.org/wiki/Network_address_translation
<ivoks> or you don't do NAT?
<Sparsh> my /etc/network/interfaces
<ivoks> does your varnish server have a public ip?
<Sparsh> auto lo
<Sparsh> iface lo inet loopback
<Sparsh> auto eth0 eth0:1
<Sparsh> iface eth0 inet dhcp
<Sparsh> iface eth0:1 inet static
<Sparsh>  address 192.168.162.141
<Sparsh>  netmask 255.255.128.0
<ivoks> don't paste here
<ivoks> and what address does it get from dhcp? public or private?
<Sparsh> public
<Sparsh> But I would want to confirm
<Sparsh> how can I do that
<Sparsh> any particular commands I should run on the server
<ivoks> ip a
<ivoks> if it's a public, then you have an ok design for small office, but a bad one for serious web sites
<Sparsh> http://paste.org/pastebin/view/25770
<Sparsh> consider this as a serious website
<ivoks> then get your self additional ethernet card
<Sparsh> and ?
<ivoks> connect your private machines to isolated, private network
<ivoks> don't have them all on the same swith (public and private)
<Sparsh> okay
<Sparsh> right now we have a hosting on Linode
<ivoks> that's a basic thing to do
<Sparsh> okay
<ivoks> this all is on linode?
<Sparsh> yes
<Sparsh> around 12 servers on linode
<Sparsh> we are thinking of moving dedicated
<ivoks> then i must say i'm surprised it works so well :)
<ivoks> 40 milion visitors per month...
<ivoks> that's 10x my country has citizens :D
<Sparsh> haha, where are you from
<ivoks> croatia
<ivoks> anyway... separate private from public
<Sparsh> well we have struggled to get this setup working but we are struggling even more now
<Sparsh> okay
<ivoks> linode hosts virtual machines
<Sparsh> yes
<ivoks> so you have additional overhead there
<Sparsh> hmm..
<ivoks> i use linode too, but not for stuff like this
<ivoks> for stuff like this we use, almost, dedicated DC :)
<Sparsh> hmm
<ivoks> linode is awesome, but you have to be aware of its limitations
<ivoks> i doubt it can handle that many requests
<Sparsh> yea i guess now we have started realizing the limitations
<Sparsh> If you odnt mind, can I add you on skype. YOu have been very very helpful to me. I am working with wingify which develops visualwebsiteoptimizer.com and this all setup is for this website
<Sparsh> we have some script which gets added to clients website which this setup sends.
<ivoks> well, we can stay on IRC and I can help you when i have time
<ivoks> or... we can go skype, but that will become serious, not pro bono :)
<Sparsh> sure whatever you prefer
<ivoks> *not pro bono*
<ivoks> http://en.wikipedia.org/wiki/Pro_bono
<ivoks> :)
<Sparsh> aah :)
<garymc> HI I upgraded ubuntu to latest version last night but now my LTSP doesnt work no more :(
<ivoks> :)
<garymc> hi ivoks you still here
<garymc> well its broken my system
<garymc> any idea how I can get this fixed?
<ivoks> yes, for a minute... i'll be out for next 10
<garymc> Website works etc which is a plus, but now nobody in the office can log into the LTSP side of the server
<garymc> :(
<ivoks> do you know what's the problem?
<ivoks> on a tech level, not on a 'user' level
<garymc> no
<garymc> all i know is when we turn a Computer on that runs off the LTSP it now says BOOT DISK FAILURE
<garymc> which means it isnt booting from the LTSP server no more
<garymc> normaly get that when the cable is unplugged
<ivoks> ok
<ivoks> that's a good start
<ivoks> i guess ltsp boots from nfs?
<garymc> its like a year since I touched it.... n
<garymc> yes i think so, that rings a bell
<ivoks> check if nfs is running on your server
<garymc> how
<ivoks> ps ax | grep nfs
<garymc>  3910 pts/0    S+     0:00 grep nfs
<ivoks> so, it's not
<garymc> EEeeeek
<ivoks> going out for a smoke
<ivoks> we'll solve this when i get back
<garymc> ok thanks
<garymc> your a saint
<garymc> :S
<ivoks> i don't believe in ferrys :)
<garymc> i beleive in fairys
<garymc> :)
<ivoks> or that :)
<garymc> nice smoke?
<ivoks> fairies
<Doble> hi folks, im trying to set up a tf2 server, and when doing so ive started and stopped the program a few times, but it appears it hasn't stopped properly, as according to ps it is still running, however when i try to kill it via the PID it doesnt seem to work, can someone help ?
<ivoks> garymc: ok, let me install nfs, to see how it starts and stops
<ivoks> i don't have lucid with nfs yet :/
<garymc> ok
<ivoks> garymc: ok does /etc/init.d/nfs-kernel-server restart helps?
<garymc> let me try
<garymc> no such file or directory
<ivoks> /etc/init.d/nfs-kernel-server restart
<garymc> no such file or directory
<ivoks> is there a file /etc/exports
<garymc> nope
<garymc> could it be anything to do with ethup etc?
<ivoks> hm... ltsp doesn't use nfs
<garymc> ok....
<ivoks> it's using nbd
<garymc> ok..
<ivoks> so, how does the problem look like on your think client?
<ivoks> you power it on
<ivoks> it starts booting from network
<ivoks> get's the ip and then starts booting?
<garymc> normaly yes
<garymc> but now says BOOT DISK FAILURE
<ivoks> before even getting to boot from network?
<garymc> yes
<ivoks> or it tries and fails
<garymc> im not at the office Im being told this over the phone
<garymc> :S
<ivoks> ok
<ivoks> let's assume tftpd or dhcp isn't working right
<garymc> ok
<ivoks> ps ax | grep tftp
<ivoks> stgraber: around?
<garymc> ax command not found
<ivoks> garymc: i said 'ps ax'
<garymc> dont think he/she is as I posted this in the LTSP channel no response
<garymc>  1359 ?        Ss     0:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 /srv/tftp  3941 pts/0    S+     0:00 grep tftp
<ivoks> ok, so that works
<garymc> ok
<ivoks> ps ax | grep dhcp
<garymc>  should I pastebin this one
<garymc> i best had
<garymc> http://pastebin.ca/2011070
<ivoks> so, that's running too
<garymc> ok
<ivoks> then you can't get BOOT FAILURE
<garymc> im thinking maybe I should have updated through the GNOME and not the Terminal
<garymc> *upgraded
<ivoks> you would get that message on a PC if your boot devices do not exist
<ivoks> and clearly, pxe boot does
<ivoks> if there's an error in pxe boot, it would look totally different
<garymc> could the netwrok switch be faulty in the office?
<ivoks> check your /var/log/syslog
<ivoks> look for DHCP entries
<ivoks> see if there are errors or odd behavior
<garymc> look with me :S http://pastebin.ca/2011075
<ivoks> so, it works
<ivoks> you might want to forward your email for root to the user
<garymc> yeah I remeber seeing dovecot failures last night when it was installing
<ivoks> system is trying to send you an email
<ivoks> maybe it's related to the problem
<garymc> how do I fix that then?
<ivoks> in /etc/aliases
<ivoks> add root: your_username
<ivoks> and then run newaliases
<garymc> ok so at command prompt type:
<garymc> root : garymc
<garymc> newaliases
<garymc> none of them commands are working
<ivoks> i said:
<ivoks> root: garymc
<ivoks> it's not a command
<ivoks> it's something you type in
<ivoks> in /etc/aliases.db
<ivoks> in /etc/aliases
<garymc> and save
<garymc> ok ive added that lin in aliases "root:garymc
<ivoks> yes
<ivoks> newaliases
<ivoks> then run newaliases
<garymc> ok done
<garymc> so what does that do?
<ivoks> it will forward email for root to you
<ivoks> do all the computers have that error BOOT FAILURE
<ivoks> or just one?
<garymc> all of em
<ivoks> did they try powering it off and back on (computer, not server)?
<garymc> yes
<garymc> im gonna get them to do it again
<ivoks> hm
<ivoks> have you been playing with firewall?
<ivoks> on server
<garymc> i aint done nothing but upgraded last night
<ivoks> ok
<ivoks> install tftp-hpa
<garymc> apt-get tftp-hpa ?
<ivoks> apt-get install tftp-hpa
<garymc> doing it
<garymc> done
<garymc> it said selcecting previously deselected package
<garymc> should i get the terminals tested again?
<ivoks> no
<ivoks> do:
<ivoks> tftp localhost
<garymc> yes
<garymc> im there
<ivoks> status
<ivoks> does it say Connected to localhost.localdomain
<ivoks> ?
<garymc> Connected to localhost
<ivoks> ok
<garymc> Mode: netascii Verbose: off Tracing: off Literal: off
<garymc> Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
<ivoks> ok, quit
<garymc> ok
<ivoks> go to /var/lib/tftpboot/ltsp
<ivoks> is there anything in it?
<ivoks> my guess - not
<garymc> yes
<garymc> there is another folder
<garymc> i386
<garymc> in there there is pxelinux and aload of files
<ivoks> ok
<ivoks> mkdir /root/ltsp-backup
<garymc> ok
<ivoks> mv /var/lib/tftpboot/ltsp/* /root/lts-backup/
<ivoks> sudo ltsp-build-client
<garymc> NOTE: Root directory /opt/ltsp/i386 already exists, this will lead to problems,
<garymc> please remove it before trying again. Exiting.
<garymc> error: LTSP client installation ended abnormally
<ivoks> mkdir /root/ltsp-backup-opt
<ivoks> mv /opt/ltsp/i386 /root/ltsp-backup-opt/
<ivoks> sudo ltsp-build-client
<garymc> ok its doing something
<ivoks> yes, that will take some time
<ivoks> it will build new OS for the clients
<garymc> ok
<garymc> I hope this works
<garymc> will my users still be there with there files etc?
<ivoks> no clue :)
<garymc> :S
<ivoks> but you backed up your old config, so...
<garymc> ok
<garymc> did i.....:S
<ivoks> yeah
<ivoks> go to /root/ltsp-backup-opt/
<ivoks> there should be home subdirectory in it
<ivoks> and there should be all the files from your users
<ivoks> are they?
<garymc> i cant find it
<ivoks> well go to /root/ltsp-backup-opt/
<ivoks> what do you have there?
<ivoks> i386, right?
<garymc> i cant find root/ltsp-backup-opt/
<ivoks> /root/ltsp-backup-opt/
<ivoks> you created it
<garymc> shit found them
<garymc> whoops sorry for swearing
<garymc> yes its there
<ivoks> how many users?
<garymc> I cant find the users
<ivoks> in home
<ivoks> how many directories?
<ivoks> 10? 100?
<ivoks> 1000?
<garymc> hold on
<ivoks> i have to go soon
<garymc> none :S
<garymc> no users in home
<ivoks> 12:02 < garymc> shit found them
<ivoks> did you found them or not?
<garymc> ooooh shit, no I found the backup folder
<garymc> no users inhome
<ivoks> we are talking about backup folder
<garymc> yes
<garymc> no users in the home part
<ivoks> problem is that you don't have a clue about what you are doing
<ivoks> go to /root/ltsp-backup-opt/i386/home
<ivoks> type in ls
<ivoks> are there any directories?
<garymc> no. none :(
<garymc> no files
<garymc> no directories
<ivoks> so, what did you find then?
<ivoks> when you said you found them
<garymc> nothing an empty folder
<garymc> I found the backup folder.
<garymc> ltsp-backup-opt
<ivoks> ok
<garymc> its still rebuilding
<garymc> i take it its gonna take a while
<garymc> this isnt gonna mess up my Apache web server on here is it?
<ivoks> no :)
<garymc> ok good
<ivoks> you have that thin client manager, right?
<garymc> what you mean?
<ivoks> http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-tcm.html
<garymc> ltsp installation completed
<ivoks> i don't see where it pulls home from :/
<garymc> yes, but I can only acces that when im at the ofice
<garymc> AShh all my users are still there
<garymc> its in /home
<garymc> ok rebuild is done
<garymc> should I ge tit tested at office?
<ivoks> yes
<garymc> will do
<ivoks> and stay with them at the phone
<ivoks> try to figure out if the machine is actually looking for network booting
<garymc> it should be they are set to check network boot first
<garymc> disk boot failure still
<garymc> should i reboot server?
<ivoks> you can try, but that shouldn't solve anything
<ivoks> i have to go now
<ivoks> good luck with booting your clients
<garymc> ok thanks
<ivoks> you need to go to the office and see what's really going on
<ivoks> booting problems is easy to debug
<ivoks> but you have to know where the problem is happening
<ivoks> simple line BOOT FAILURE doesn't say much
<Dibbler_> can someone tell me if there is a more permenent solution these days when running dhcp3 server on a bridge , from the side of dhcp3
<Dibbler_> atm i'm using a post-up pre-down script on br0
<Dibbler_> but it doesn't seem the way to go tbh
<garymc> ivoks : Im gonna go to office verry soon. ill be back on irc when I get there if your about would be great.
<garymc> everyone gone?
<databits> "FATAL: introduce_user() loop detected"  can someone help me out with this little issue that I'm having ?
<databits> I'm able to get anope connected to my unreal ircd but it is giving me that error.
<uvirtbot> New bug: #685505 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/685505
<uvirtbot> New bug: #685514 in net-snmp (main) "snmpd doesn't run as root by default - it should" [Undecided,New] https://launchpad.net/bugs/685514
<xperia_> hello to all. i have big problems after the upgrade to maveric with the memcached service sometime this line in php $memcache->set("MyVar", "MyContent", false, 0); stores the value other times it dont store it even the variable dont exist in memcache
<david506> Hello,
<david506> I have a machine here that does not have "vmx" in the flags portion of cpuinfo. Is it still possible to run kvm even if it's slow, I want to test out kvm before installing it on a proper server.
<xperia> hello to all. i am using this script here on a ubuntu maveric server. normaly this script should output the success message but it does not. what is wrong with memcached in ubuntu ? before the upgrade it worked everything well
<xperia> http://paste-bin.com/view/raw/6b16c45d
<xperia> does this script works okay on your side ?
<ivoks> garymc: ok :)
<cledu> Is there a single virtual machine image that I can load on my desktop to test out UEC locally? Trying to set it up on a single image so far has been a pain.
<garymc> Hi Ivoks
<garymc> I managed to fix it by my self :)
<garymc> with the help of google
<garymc> I changed a setting in a file rebooted server an HEY PRESTO
<ivoks> nice
<ivoks> finally learning :)
<garymc> ivoks : I did this https://bugs.launchpad.net/ubuntu/+source/ltsp/+bug/573975
<uvirtbot> Launchpad bug 573975 in tftp-hpa "pxe image fails to boot: "Forbidden directory" (dup-of: 531123)" [Medium,Confirmed]
<uvirtbot> Launchpad bug 531123 in tftp-hpa "pxe boot with tftpd-hpa failed with error: Forbidden Directory" [High,Fix released]
<garymc> take a look
<ivoks> excellent
<ivoks> you found a bug
<garymc> I dont knwo did i?
<cledu> Anyway -- there's a lot of setup that goes into setting up UEC and it would be really nice to have an easy-to-try virtual appliance available for testing and development.
<ivoks> so, you changed /etc/default/tftpd-hpa?
<garymc> yes
<garymc> was i on the right track
<garymc> it was a pot luck go
<ivoks> hm...
<ivoks> can you paste it on pastebin.ubuntu.com
<garymc> paste what?
<garymc> ivoks
<ivoks> content of /etc/default/tfpd-hpa
<garymc> yeah no probs
<ivoks> and paste the http link here
<garymc> ivoks : http://pastebin.ca/2011217
<garymc> I added  --secure
<ivoks> without --secure it doesn't work?
<garymc> well it didnt
<garymc> News back after adding it it worked
<ivoks> ok
<garymc> Have to see for myself when i goto office in morning
<ivoks> i guess ltsp requires secure connection to tftp
<ivoks> i'd like to hear reasons for that :)
<ivoks> can they log in and use computers?
<garymc> there was one person left at office and they could login and use the computer
<garymc> after i added secure
<ivoks> ok then
<ivoks> all files in place?
<garymc> yes seem to be
<garymc> Ill know for sure in the morning
<ivoks> awesome
<ivoks> all your problems are gone
<ivoks> make sure you maintain that server
<ivoks> apt-get update ; apt-get dist-upgrade
<ivoks> that for updating security fixes
<garymc> yes i will
<garymc> cheers
<xperia> could it be that php in ubuntu maverick is broken for memcache ? anybody here who is able to save values in memcache over php. i am using this test script here on my ubuntu maverick server and it does not work! => http://paste-bin.com/view/raw/ffe58b69
<xperia> it should however as it worked before the upgrade
<izze> hey all
<izze> anyone know how to connect to ubuntu ec2 instance with out the default ubuntu username?
<ivoks> xperia: where does it fail?
<xperia> ivoks: i have used this howto here https://wincent.com/wiki/testing_memcached_with_telnet to test memcached ovet telnet and it works great in the console. all values are stored like it should be
<xperia> if i use however this php script that worked before the upgrade however none of the Values are stored in memcache http://paste-bin.com/view/raw/ffe58b69
<ivoks> xperia: so, again, where does it fail? this script prints different errors depending on where it fails
<xperia> the line $memcache->set('MyTimeStamp', $timestamp, 0, 0) does not works for some reason in php after the ubuntu upgrade
<xperia> i do not get the print("SUCESS3"); line and becouse of this no value is somehow stored after the upgrade. for me it looks like php memcache is broken in maverick
<ivoks> SUCESS1<br>PHP Notice:  MemcachePool::delete(): Server 127.0.0.1 (tcp 11211, udp 0) failed with: CLIENT_ERROR bad command line format.  Usage: delete <key> [noreply]
<ivoks> this is what i get with this script
<ivoks> problem with this script
<xperia> ivoks hmm how did you get this additional debug messages. i just get outputed SUCESS1 and Deleted here
<ivoks> is that it dies if MyTimeStamp doesn't exist
<ivoks> with php-cli
<ivoks> when i remove:
<ivoks> if($memcache->delete('MyTimeStamp')) print("SUCESS2<br>");
<ivoks> i get:
<ivoks> SUCESS1<br>Deleted<br>SUCESS31291567348<br>
<ivoks> then again:
<ivoks> SUCESS1<br>Not Deleted<br>FILETIME = 1291567348SUCESS31291567397<br>
<xperia> ivoks woow you are great
<xperia> man you solved the problem big compliments but really strange that it does die if you want delete something that do not exist. this was not allways that way
<xperia> is this a bug ? i guess yes !
<xperia> must be in package php5-memcache
<ivoks> don't know
<ivoks> i hate php
<xperia> this connection breaks to memcache in the php script make sure a lot of scripts non functional i guess
<xperia> ivoks really ? woow how do you then programm websites ithout php ?
<ivoks> i think logic in this script is bad
<ivoks> deleting an object without checking if it exists...
<xperia> okay i will fix it here then. ivoks i thank you really for this great help. you are awesome man !
<ivoks> maybe [noreply] would help
<ivoks> Usage: delete <key> [noreply]
<ivoks> i guess it wouldn't fail then
<ivoks> np
<xperia> ivoks this feature does not exist in the package php5-memcache => http://www.php.net/manual/de/memcache.delete.php
<xperia> ehh sorry => http://www.php.net/manual/en/memcache.delete.php
<ivoks> my german is rusty
<xperia> geoip sorry
<xperia> here it show full english even of the geop
<xperia> well what we can say that php breaks memcache 100% when you delete something that does not exist
<xperia> will just inform the php group about this
<ivoks> don't know... but that's where you are
<stgraber> ivoks: I'm around now ;)
<ivoks> stgraber: too late :D
<ivoks> stgraber: we had an issue with ltsp client not booting
<ivoks> stgraber: turns out tftpd did do 'secure'
<ivoks> stgraber: is there a reason why client would require secured connection? :)
<stgraber> tftp and secure in the same sentence always sound a bit weird ;)
<ivoks> yeah
<ivoks> anyway
<ivoks> guy added --secure to tftpd and things worked out
<ivoks> it was an update from karmic to lucid
<izze> hi anyone have any exp with ubuntu on ec2?
<izze> ssh to ubuntu@ec2instance works
<izze> but trying ssh newuser@ec2 does not work, even when pointing to the key file. for example:
<ermo> Hello folks :)
<uvirtbot> New bug: #685590 in dovecot (main) "dovecot 1.2.9 not compatible with thunderbird" [Undecided,New] https://launchpad.net/bugs/685590
<SpaceBass> hey folks
<SpaceBass> I installed kernel sources but can't find the build directroy - any idea where it gets installed?
<shauno> SpaceBass: I think the source package just installs a tarball.  try dpkg -L linux-source-(version)
<SpaceBass> shauno, thanks
<SpaceBass> found the tarball
<SpaceBass> the package Im trying to compile still insists the kernel source doesnt exist, even when I give it the explicate path.... think its the package
<AndyGraybeal> space bass, as in the fish or the sound?
<xperia_> hello to all. i have upgraded my ubuntu server but for some strange reason apache or php are searching now files in the directory /usr/share
<xperia_> where is this strange path defined to search my files there
<xperia_> as a examle if i call this url here  => http://wificom.ch/javascript/test.js
<xperia_> i get this strange apache error
<xperia_> [Sun Dec 05 20:05:03 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/test.js
<xperia_> together with the message file can be not found
<SpaceBass> AndyGraybeal, bass as in bass, not bass
<SpaceBass> xperia_, it sounds like the web root has been changed
<SpaceBass> xperia_, whats defined in /etc/apache/config
<xperia_> SpaceBass: will just look at it. maybe /etc/hosts was changed too after upgrade
<AndyGraybeal> SpaceBass: thanks for clearing that up.
<SpaceBass> AndyGraybeal, :D - its bass as in the insturment
<AndyGraybeal> :)
<AndyGraybeal> i liked the dry british styled humor.
<xperia_> SpaceBass: i have nothing with webroot in /etc/apache2/apache2.conf
<SpaceBass> xperia_, sorry, its documentroot and its defined in /etc/apache2/sites-available/default
<xperia_> SpaceBass: http://paste-bin.com/view/a7f68601
<xperia_> it is set right and i am able to call the files in this document root but calling files in sub directory lead allways to the message file could be not find and i get the error message in apache error log
<xperia_> [Sun Dec 05 20:05:03 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/test.js
<xperia_> the file http://wificom.ch/javascript/test.js exist however
<xperia_> it is heavy strange and i dont know what exactly really the problem is
<xperia_> SpaceBass: example => http://wificom.ch/test.html works ! => http://wificom.ch/javascript/test.html does not work
<xperia_> File exist however ! => ls -la /var/www/wificom/javascript
<xperia_> -rw-r--r-- 1 root root    81 2010-12-05 20:04 test.html
<xperia_> any help for this heavy strange error. before the upgrade everything worked like it should !
<xperia_> looks like apache search allways in usr/share when it comes to subdirs
<ivoks> you again
<xperia> ivoks yeah its me :-) have problems after server upgrade :-)
<ivoks> what's up?
<dominicdinada> anybody good with WAN here ?
<xperia> ivoks: well as said this url => http://wificom.ch/test.html works ! this url however => http://wificom.ch/javascript/test.html does not work
<xperia> i get allways the error message [Sun Dec 05 20:05:03 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/test.js
<ivoks> You don't have permission to access /javascript/ on this server.
<ivoks> ok
<xperia> the file exist however and path is right => ls -la /var/www/wificom/javascript
<xperia> -rw-r--r-- 1 root root 81 2010-12-05 20:04 test.html
<ivoks> is there an .htaccess file in /var/www/wificom/javascript
<xperia> i have changed allready permissions but it does not help as apache looks for some strange reason in /usr&share instead of the document root directory  http://paste-bin.com/view/a7f68601
<xperia> ivoks: .htaccess file does not exist in /var/www/wificom anywhere
<ivoks> there's never a strange reason
<ivoks> are you sure it's looking in /usr/share?
<ivoks> you pasted a link to ..javascript/test.html
<ivoks> and then pasted the error for javascript/test.js
<xperia> ivoks: based on the error log it apache2 look to find this files in /usr/share
<xperia> [Sun Dec 05 20:05:03 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/test.js
<ivoks> it's test.js
<ivoks> but the link is test.html
<xperia> well okay test.html exist also but dont load also
<ivoks> therefor, i'm sure you have rewrite somewhere, with broken rules
<ivoks> do you see test.html in error log?
<ivoks> tail your log now
<ivoks> i've asked for nonexistingfile.html
<ivoks> do you see that in error log?
<xperia> ivoks: okay here are the files http://paste-bin.com/view/a271382e
<xperia> and here is error log
<xperia> [Sun Dec 05 20:04:39 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/test.html
<xperia> [Sun Dec 05 20:05:03 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/test.js
<ivoks> ok
<ivoks> how about nonexistingfile.html?
<ivoks> http://wificom.ch/javascript/nonexistingfile.html
<ivoks> in your logs
<xperia> [Sun Dec 05 21:28:26 2010] [error] [client 192.168.1.1] File does not exist: /usr/share/javascript/nonexistingfile.html
<xperia> [Sun Dec 05 21:28:29 2010] [error] [client 93.138.88.10] File does not exist: /usr/share/javascript/nonexistingfile.html
<ivoks> ok
<xperia> last ip is probably yours
<ivoks> and there's no /var/www/wificom/.htaccess?
<xperia> it drives me crazy this problem most of my ites are broken but they worked without any problems before the upgrade
<ivoks> most of your sites?
<ivoks> so, not just this one?
<ivoks> then go to /etc/apache2
<ivoks> and run:
<ivoks> grep -sr javascript *
<xperia> ivoks: all of my vhost sites on this server have this problem
<xperia> ls -la /var/www/wificom/
<xperia> drwxr-xr-x  3 root root 4096 2010-12-05 20:57 .
<xperia> drwxrwxrwx 26 root root 4096 2010-12-04 18:01 ..
<xperia> -rw-r--r--  1 root root    0 2010-08-13 21:03 index.html
<xperia> drwxr-xr-x  2 root root 4096 2010-12-05 20:06 javascript
<xperia> -rw-r--r--  1 root root   81 2010-12-05 20:57 test.html
<xperia> so no .htacces file anywhere
<ivoks> if all have problem, then your system wide config is broken
<ivoks> go to /etc/apache2
<xperia> vhost works but as you try to access subdir nothing is loaded
<xperia> ivoks okay i am in /etc/apache2
<ivoks> grep -sr javascript *
<ermo> I've just finished migrating my home server.  Thing is, I get dropped to an (initramfs) prompt because my software raid-10 partition backing my lvm volume group isn't started automatically.  I simply need to mdadm --assemble my raid partitions and then the boot continues.  Do you folks have an idea of what I could try?
<xperia> "/etc/apache2$ sudo grep -sr javascript *"
<xperia> conf.d/javascript-common.conf:Alias /javascript /usr/share/javascript/
<xperia> conf.d/javascript-common.conf:<Directory "/usr/share/javascript/">
<xperia> mods-available/deflate.conf:          AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
<ivoks> there you go
<ivoks> conf.d/javascript-common.conf:Alias /javascript /usr/share/javascript/
<ermo> I'm not entirely sure that my raid metadata is version 0.90 -- I suppose I should check that ...
<xperia> ohhhhh man how did that happen !
<ivoks> xperia: check
<xperia> its crazy such thing
<ivoks> xperia: dpkg -S /etc/apache2/conf.d/javascript-common.conf
<ermo> I should also mention that my dmesg says that the requisite raid modules are loaded :)
<xperia> ivoks: "/etc/apache2$ sudo dpkg -S /etc/apache2/conf.d/javascript-common.conf"
<xperia> dpkg: /etc/apache2/conf.d/javascript-common.conf could not be found
<xperia> ivoks: file exist however !
<xperia> i try it again to recheck
<ivoks> xperia: that check is only for packages
<ivoks> xperia: it means that no package created that file
<ermo> Hrm. I should probably use --update the next time I assemble the arrays.
<xperia> hmmm this knoweledge that you have is beyonf my horizont sorry asking such dumb questions as i am new user and learning but what does that mean. it was not cleared after the upgrade and need now to be removed ?
<xperia> hmm i really asking me how this files where installed. it must be done by the upgrade process as i have never installed this files
<xperia> ivoks: thinks know now what the reason is for this files where installed !
<xperia> "/etc/apache2/conf.d$ ls -la"
<xperia> lrwxrwxrwx 1 root root   24 2009-11-01 16:02 gallery -> /etc/gallery/apache.conf
<xperia> lrwxrwxrwx 1 root root   45 2010-12-04 19:24 javascript-common.conf -> /etc/javascript-common/javascript-common.conf
<xperia> its gallery. it was updated and asked me if i want to use the new config files for the new package and it has then installed this link  javascript-common.conf -> /etc/javascript-common/javascript-common.conf
<xperia> in apache2/conf.d
<xperia> well maybe also not
<shauno> http://packages.ubuntu.com/natty/javascript-common
<ivoks> well, there you go
<ivoks> now you know everything
<ivoks> why would anyone package systemwide alias for /javascript is beyond me
<shauno> wasn't me :)
<xperia> i have just done a "/usr/share/javascript$ ls"and got this here as result
<xperia> /mootools$ ls
<xperia> mootools-core-jm.js  mootools-core-server.js  mootools.js          mootools-more.js     mootools-more-yc.js
<xperia> mootools-core-nc.js  mootools-core-yc.js      mootools-more-jm.js  mootools-more-nc.js
<ivoks> mootools
<ivoks> i like the name :)
<ivoks> footools
<ivoks> bartools
<ivoks> kidding
<xperia> looks like this need files/scripts use this global path
<shauno> libjs-mootools appears to recommend javascript-common
<ivoks>  Web applications that use JavaScript need to distribute it through HTTP. Using a common path for every script avoids the need to enable this path in the HTTP server for every package.
<ivoks> what are these guys smoking?
<xperia> all my vhost sites are broken because of this since days after the upgrade ! winning heavy
<shauno> it seems that installing webapps from repo is going to end up an all-or-nothing approach
<ivoks> yeah
<ivoks> stupid
<ivoks> Javascript maintainers
<ivoks> xperia: so, as an easy way ouy
<xperia> cool i am hearing
<ivoks> open up /etc/javascript-common/javascript-common.conf
<xperia> yes
<ivoks> and rename that alias from /javascript to /braindeadpackage
<ivoks> and then, in gallery, if you are using it, find /javascript/ paths and replace them with /braindeadpackage/
<ivoks> pure existance of this package is a bug
<shauno> and next time every domain you host gets clobbered, change them again ;)
<xperia> ha ha ha okay will do and then restart the apache server. about gallyer i have installed it but dont know really if it is becouse of gallery or other package was the reason. but i will check it out
<ivoks> my rule: never install we apps from archive
<ivoks> we, developers, tend to be smarter than we are
<ivoks> and then fuck up
<ivoks> pardon my language
<xperia> good working on fix now:. ivoks you are a awesome person really. such expert people like you should have more in the world:
<xperia> shauno thank you also a lot for the help. thinked since hours i am lost becouse of this strange problem
<ivoks> thanks
<ivoks> i'm going out for a smoke now
<xperia> ivoks: have nice pause and time
<ruben23>  hi guys i install dnsmasq but the problem is when i used the linux box as dns aside for gateway- PC will timeout and wont connect to internet if i make it dhcp it will connect.
<shauno> that's a little unnerving.  the only packages I can find (on .04) that depend on libjs-mootools are myphpadmin and midori.
<shauno> midori's a gtk-webkit browser.  why's it pulling in packages that'd alter your apache config?
<xperia> shauno: well while the upgrade myphpadmin was updated and i was asked if i want to install the new config files. based on your research i would say it is becouse of phpmyadmin then with a possibility of 80%
<xperia> i will just restart the webserver and test if phpmyadmin still works
<shauno> xperia: most likely myphpadmin, yes.  not many people install gui webbrowsers on -server ;)
<xperia> ruben23: i itself use bind9 and dont use dnsmasq. resolves everything on bind9 here  =>https://help.ubuntu.com/community/BIND9ServerHowto recomend using also bind9 instead of dnsmasq
<xperia> ivoks: shauno:my sites works now great. so the fix recomended by ivoks worked great. all my sites now are running the way like before. checking now phpmyadmin how it works.
<xperia> shauno: well everytime i install something it is recomended to install it from the repo. all external packages are a security treat. i never thinked that webapplication would make anyproblems and till yet did also not had any problem.
<ivoks> idea is to create common packages, that all web apps could use
<ivoks> mixing non-archive with archive web apps then results in this kind of problems
<ivoks> fwiw, webmails are much smarter
<ivoks> they create /webmail or /roundcube aliases
<ivoks> but leave it disabled by default
<ivoks> so you have to enable it; therefor, you are aware of that alias
<ivoks> this, with /javascipt is just nonsense
<xperia> ivoks: tested now also phpmyadmin and it works still same. so the change in the alias does not affect really a lot phpmyadmin. looks like this mootools is not really used a lot here.
<aarcane> can I use apparmor to allow users to run programs with elevated permissions ?  (similar to pfexec or sudo)
<ivoks> aarcane: afaik, apparmor is for restricting
<aarcane> ivoks, I know it's primary use case is restricting, but it'd be nice if it could simplify the use of certain semi-administrative apps (let certain users use certain apps in elevated mode automatically)
 * ivoks shrugs
 * ivoks 4
<ivoks> ups
<aarcane> oh well.
 * aarcane off to do some programming school work~
<aarcane> thanks ivoks.
<xperia> see you all next time need to write at my websites. have all nice time. bye
<aristo> hi, does anyone knows a way to setup a mailserver with a dinamic ip using bind9 as dns?
<qman__> aristo, in order for a mail server to work reliably it needs a static IP
<qman__> DNS can take up to 48 hours to propogate, and during that time you won't get any mail
<aristo> qman__ i'm aware of that, the problem is that currently our isp is not able to give static ip
<aristo> i tried with DynDns and others services but i cannot receive any incoming mail from  outside
<qman__> ok, but installing bind on your server won't really help in this case, unless you already host your own internet DNS
<qman__> is your ISP also blocking port 25?
<qman__> most residential ones do
<aristo> lemme verify that
<qman__> also, most spam filters will block you
<qman__> static IP is basically a requirement to get taken off their lists
<aristo> nmap online shows only 22, 80 and 110 ports opened
<fluvvell> aristo, do you have a choice of isp ?
<aristo> well basically not
<fluvvell> does basically not mean cost to high?
<aristo> means that here are only 3 mayor isp
<aristo> all 3 sucks
<JanC> eh, there must be access providers that sell internet access to companies, right?
<fluvvell> and none of them have fixed ip addresses available?
<electrofreak> I have a concern... I started out with 3 2TB Samsung drives in RAID-5... each drive has 4x500GB platters. I just bought another of what I thought was the same drive... but I discovered after receiving it in the mail that is is actually a new model... with 3x666GB platters. What are the implications of adding it to my RAID5?
<electrofreak> do adaptec RAID cards care? I have a 5405
<cokegen> electrofreak: I think none
<electrofreak> cokegen, can it affect performance?
<c0nv1ct> i wouldnt think it could decrease it, since the 3x666GB would be faster...  i'd guess that the array would be limited by the slower drives you already have
<c0nv1ct> and by "faster" i dont really mean by that much ;)
<electrofreak> c0nv1ct, yea... performance wise, there isn't that much difference... but yes, the newer model is apparently faster
<qman__> electrofreak, the physical construct of the drive is completely invisible to the rest of your hardware
<qman__> it's handled entirely in the disk's own controller
<cokegen> qman__ is right
<cokegen> there are no problems but the "speed" thing
<qman__> right
<cokegen> I just removed the quiet and splash part of my grub entry
<qman__> your RAID will only perform as well as the slowest, smallest drive you have
<cokegen> I'm trying to get console output at bootup
<qman__> and having a wide variation in performance can cause spikes and such
<qman__> but just one newer model shouldn't be a problem
<cokegen> but that didn't worked ... anyone knows how ?
<qman__> cokegen, that's because of upstart
<qman__> or rather, plymouth
<qman__> in order to get console output at boot you have to modify the plymouth upstart scripts
<cokegen> qman__ thx
<cokegen> I come from old linuxes
<qman__> I really hate it too
<qman__> here's what I did
<qman__> in /etc/init/plymouth-splash.conf, comment the exec line at the bottom
<qman__> exec /bin/plymouth show-splash
<electrofreak> cokegen, qman__, I just thought there might be some timing thing that can throw the RAID controller off...
<qman__> and the same line in /etc/init/plymouth.conf, near the bottom
<qman__> I think that's all I had to do
<electrofreak> qman__, ooo, I hate that splash screen... but that plymouth thing is 10.10, right? I'm running server 10.04
<qman__> no
<qman__> it's actually new as of 9.10 IIRC
<qman__> and it's in 10.04
<electrofreak> oh, so disabling it would be the same...
<qman__> it really should be configurable
<qman__> removing quiet splash really should disable it
<qman__> but it doesn't, you have to go modify those files
<electrofreak> qman__, just comment out this whole post-start script block, right? (in /etc/init/plymouth.conf)
<qman__> no, just the exec line
<qman__> I mean, you could
<qman__> I just did the one line
<electrofreak> qman__, well, the whole if statement is just for that 1 line, heh. I figured it'd be fine to just comment out the whole block.
<qman__> and really, the whole plymouth-splash.conf could be commented/removed/disabled
<qman__> but I don't know of a way to disable things in upstart
#ubuntu-server 2011-11-28
<exutux> hi all
<exutux> how can I see wich mirror does apt uses?
<patdk-lap> it gives you the ip when it runs
<exutux> patdk-lap: uhm well but if I want to change it?
<patdk-lap> than change it
<exutux> patdk-lap: where?
<exutux> if I want to use main mirror or other on APT where I can change it?
<exutux> there is an easy way or I need to change repos on sources.list?
<PerfM> yesssssssssssss
<PerfM> I love ubuntu channels
<lunaphyte_> hi.  i'm having some trouble installing bind9 via apt-get.  http://dpaste.com/662518/
<lunaphyte_> as you can see in the pastebin, it complains that the post-installation script exited with status 1, but when i run the script manually, it exits with status 0.  how can i further troubleshoot?
<twb> lunaphyte_: dpkg --configure?  Why are you doing that?
<lunaphyte_> because it broke during the initial install process.  it's half installed.
<lunaphyte_> apt-get install bind9 does effectively the same thing.
<twb> Purge and reinstall it
<lunaphyte_> i've done that, but i'll try again
<twb> If you're running /var/lib/dpkg/info/foo.postinst by hand, you should analyse it and probably pass some args
<lunaphyte_> twb: for reference: http://dpaste.com/662521/
<lunaphyte_> twb: yes, i'm trying to figure out which argument i might pass to it.
<lunaphyte_> ah, 'configure', perhaps
<twb> It's something like "configure 1.9 2.0"
<lunaphyte_> aha, yes
<twb> the debian policy has exact details
<lunaphyte_> ok, thanks.  this should get me a bit further.
<lunaphyte_> http://dpaste.com/662522/
<twb> If you get to the point where you are looking in /var/lib/dpkg/info to fix a problem, you are into Deep Magic
<twb> If you were a newbie I'd say "forget it, just reinstall from scratch"
<patdk-lap> heh, so far my issues have been easy to fix for that
<patdk-lap> normally conflicting file, or just manually stopping a service, cause auto stop failed
<patdk-lap> wonder if that might be a dash vs bind issue
<twb> If bind is assuming /bin/sh is bash it needs to be shit-canned
<twb> I would be surprised if that's the case, though.  Maybe in 2007 that might've happened, not today
<patdk-lap> ya, it hsouldn't not in a package like that
<patdk-lap> but from that error, first thing that comes to mind
<patdk-lap> but then, I haven't used bind since pre-2005
<patdk-lap> or maybe longer
<lunaphyte_> aha.  it's rndc-confgen
<lunaphyte_> which is actually an openssl error
<lunaphyte_> there's the deep magic :)
<lunaphyte_> so the post install shell script for bind9 runs rndc-confgen, which of course uses openssl, since it does some cryptographic hash stuff.
<twb> +1 for nsd3
<lunaphyte_> when making changes to openssl.cnf, i'd overlooked a particular setting, leaving an invalid reference to a nonexistent file.  this caused the openssl engine to choke [which was what the actual message was referring to], and so rndc-confgen choked.
<lunaphyte_> heh
<twb> lunaphyte_: good to know that you fixed it, tho
<lunaphyte_> a little bit of a goose chase, but that's always the case with openssl, it seems.
<lunaphyte_> i should have know better.  i've seen those sort of message types enough to know it was openssl.  at least it was my fault though.
<lunaphyte_> *known
<twb> So how is that migration to pki going? ;-P
<lunaphyte_> migration to pki?
<twb> That new ssl implementation that isn't openssl nor gnutls
<twb> moco and gnome stuff already use it
<lunaphyte_> oh.  that's a new one to me.
<lunaphyte_> do you have an url to share?  my googling isn't returning many clues
<twb> it's libnspr or libnss or somethign stupid like that
<lunaphyte_> oh - nss?
<twb> Not nss as in nsswitch tho
<lunaphyte_> yeah, there are a few folks out there jumping on that bandwagon
<lunaphyte_> i'm not super thrilled about it, to be honest.
<twb> AFAICT gnutls doesn't work and openssl can't be used by binary distros for licensing reasons.
<twb> If nss can be both legal and reliable, then IMO it wins
<lunaphyte_> i'd prefer to have a larger group be able to get along and all contribute to existing projects, rather than these seemingly non stop iterations of yet another choice.
<twb> Assuming it doesn't add in e.g. "insecure" or "unproven" into the mix ;-)
<twb> lunaphyte_: nss has been around for a while; didn't it come out of netscrape?
<lunaphyte_> funny thing about gnutls, there are lots of people who have "lots of problems" with it, but when you really start digging into things, you find out that the vast majority of the problems are the user's fault.
<twb> I'll tell you what my problem is
<twb> Using openldap on both ends only TLS port (not 389), and slapo-ppolicy, it completely fails to work until I relink it against openssl.
<lunaphyte_> in fact, a lot of the time, the problems that people have are because gnutls is much more strict about security in certain contexts then openssl
<lunaphyte_> oh - that's where i recognize the nick from :)
<twb> And I complained to the openldap people about this and they basically said "fuck you.  PS: it is TOTALLY legal to link against OpenSSL, Debian are retards"
<lunaphyte_> yeah, i know the openldap folks don't like gnutls.
<twb> I grant you this is not necessarily gnutls' fault
<lunaphyte_> i use openldap with gnutls, and have no issues.
<twb> You probably are using starttls
<twb> Or not using ppolicy
<twb> Or you're using a non-LTS release so the whatever bug has been fixed :-)
<lunaphyte_> there were some hurdles to overcome, but not insurmountable.  i use starttls, ldaps, and ppolicy.
<lunaphyte_> although i which i didn't have to use ldaps.
<lunaphyte_> *wish
<twb> Oh and #openldap also wanted me to use something other than padl on the client side
<lunaphyte_> yeah, that's was probably me bitching about that
<lunaphyte_> padl stuff sucks.
<twb> No it was hyc
<twb> He wanted me to buy a support contract from him or something
<lunaphyte_> oh, heh.  yeah, i think we both fels the same way.
<lunaphyte_> *feel
<lunaphyte_> oh, hmm.
<twb> I'm not keen on pulling third-party libraries in when it comes to security
<lunaphyte_> he's not always real interested in spending time supporting things he doesn't like
<twb> Yeah I understand that
<twb> Frustrating for me as a user
<i3luefire> <i3luefire> ok. i am having issues getting the transmission-daemon to keep its edited json settings file after a restart. i followed to seperate guides to set it up(http://1000umbrellas.com/2010/10/04/updated-transmission-installationconfiguration-on-ubuntu-server)and(https://trac.transmissionbt.com/wiki/EditConfigFiles) neither worked
<i3luefire> <i3luefire> i am running ubuntu-server 11.10
<lunaphyte_> but that's probably where the support stuff came in.  symas pays the bills mostly with the support stuff, as far as i know.
<i3luefire> http://pastebin.com/SaZvGHYW                                      http://pastebin.com/UafzH6j2
<lunaphyte_> twb, patdk-lap: thanks for the help.
<lunaphyte_> time to run.  long drive tomorrow.  have a good night.
<pppurple> is there any one that would be able to answer a few questions about ubuntu/linux before i try switching to that OS blind?
<Resistance> pppurple, for server or desktop use?
<pppurple> hmmm guess not
<SpamapS> pppurple: somebody responded
<SpamapS> 22:13 < Resistance> pppurple, for server or desktop use?
<pppurple> desktop
<pppurple> sorry i guesss i didnt see it. i got d/c
<SpamapS> #ubuntu is a better place to ask about Ubuntu desktop
<pppurple> aww yeah, i guess this is the server channel
<SpamapS> tho many of us are users of it
<pppurple> thanks
<pawan_tejwani> I am not able to boot into ubuntu server after it has been installed on the system
<pawan_tejwani> I guess there is some problem with the hardware BIOS, can anybody help me with hardware BIOS configuration ?
<twb> SpamapS: haha, I thought pppurple was some obscene XMPP-over-dialup thing until I saw the nick in scrollbacl
<mtaylor> Daviey: you awake yet?
<mtaylor> SpamapS: how about you?
<uvirtbot> New bug: #894279 in cloud-init (main) "cloud-init fails to fetch metadata with OpenStack" [Undecided,New] https://launchpad.net/bugs/894279
<SpamapS> mtaylor: yeah I'm up fixing libmysqlclient B.S. still :)
<mtaylor> SpamapS: wow. lovely
<SpamapS> mtaylor: down to about 25 problem children from 111 on Thursday
<lifeless> SpamapS: thats quite some familty
<lifeless> SpamapS: hey, do you know of an existing API service (self hostable :P) similar to what I just described on the lp dev list ?
<SpamapS> Yeah, and I thought Octomom with her 14 kids was bad enough
<lifeless> mtaylor: ^
<mtaylor> lifeless: um. I may not be following the lp dev list at the moment- archive link? (or summary)
<lifeless> https://lists.launchpad.net/launchpad-dev/msg08512.html
<SpamapS> lifeless: reading
<mtaylor> lifeless: still reading - but just as a thought completely out of left-field ... have you considered co-opting diaspora?
<SpamapS> lifeless: my mind jumps to graph databases.. really isn't that whats needed.. "is this person in the interest graph of that event?"
<lifeless> SpamapS: perhaps
<lifeless> SpamapS: for a foaf traversal query, much more so
<lifeless> SpamapS: but this isn't really a graph heavy problem
<mtaylor> lifeless: other than diaspora (which is much larger than what you're looking for, although ultimately also what you're looking for)
<mtaylor> lifeless: I do not know of an existing API service like that
<lifeless> I struggle to think of diaspora as a service TBH :)
<mtaylor> lifeless: well sure.
<mtaylor> lifeless: but a diaspora server by its nature considers timelines, events, and event subscriptions
<mtaylor> lifeless: so the probably not correct thought here is merely that, if the overall design of the thing you're talking about looks a lot like a social network ...
<mtaylor> lifeless: then perhaps using a server written to be a node in a distributed social network wouldn't be ridiculous (with specific data sources implemented as 'apps' or whatnot)
<SpamapS> and it quacks like a social network..
<mtaylor> SpamapS: quack quack
<SpamapS> ok.. enough fighting autoconf
<lifeless> mtaylor: perhaps :P
<mtaylor> SpamapS: bwahahaha
<lifeless> mtaylor: OTOH I suspect we're still at least 1 may be 2 OOM's higher volume than diaspora
<mtaylor> lifeless: entirely probable
<SpamapS> I don't know diaspora's underlying design, but just the fact that its made to be sharded makes me think it should scale incrementally..
<mtaylor> lifeless: although that's diaspora the services vs. diaspora the server
<lifeless> mtaylor: you can't know that one scales will till the other has scaled successfully
<mtaylor> lifeless: ++
<lifeless> I have a deep and abiding trust that folk I've never heard of can write a highly scalable efficient and robust service...
<mtaylor> hehe
<lifeless> e.g. not something I'll take on faith :)
<mtaylor> I did consider replacing my blog with a diaspora server
<mtaylor> I could do that and then post a few more inflamatory blog posts and we could test scaling :)
<lifeless> hahah
<SpamapS> mtaylor: we're all still rubbing salve on the burns from your heinous crime of asking to have the gnome 2 clock brought back. ;)
<SpamapS> ok, autoconf vanquished.. time to slep
<SpamapS> sleep too
<mtaylor> perhaps I could do one pointing out the differences between text fonts and display fonts
<mtaylor> and why you don't want a the characteristics of a display font in a text font
<mtaylor> I'm sure that would stomp on the last remaining shred of goodwill anyone has for me :)
<jamespage> morning all
<mtaylor> morning jamespage
<jamespage> hey mtaylor - hows things?
<mtaylor> jamespage: good! I'm causing trouble as usual
<mtaylor> jamespage: you?
<jamespage> mtaylor, so I see :-)
<jamespage> mtaylor: all good my end!
<koolhead11> hi all
<lynxman> morning o/
<uvirtbot> New bug: #897120 in apache2 (main) "apache2-suexec-custom changes permissions on suexec binary" [Undecided,New] https://launchpad.net/bugs/897120
<Daviey> mtaylor: i'm always awake
<koolhead11> hey lynxman Daviey :)
<Daviey> hey koolhead11
<koolhead11> Daviey: making list title whats new in "12.04" for discussion. I am following this http://status.ubuntu.com/ubuntu-precise/group/topic-precise-servercloud-workloads.html
<koolhead11> along with ubuntu cloud blog fridge
<koolhead11> is there any other place i can look for same
<Daviey> http://status.ubuntu.com/ubuntu-precise/group/topic-precise-servercloud-infrastructure-deployment.html
<Daviey> http://status.ubuntu.com/ubuntu-precise/group/topic-precise-servercloud-service-orchestration.html
<koolhead11> thanks Daviey
<Daviey> Anyone seen Arnaud on irc?
<Daviey> koolhead11: np
<uvirtbot> New bug: #897161 in apache2 (main) "Apache2 incorrectly sends HTTP_REQUEST_TIME_OUT to many requests" [Undecided,New] https://launchpad.net/bugs/897161
<koolhead11> spice spice
<koolhead11> Daviey: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-glusterfs-mir  let me know if i can help with this :)
 * koolhead11 has some good friend over there :D
<Daviey> koolhead11: If you want to help with that, i'd be most pleased :)
<koolhead11> Daviey: tell me how can i
<Daviey> koolhead11: check the package works, and see what depends it has for us to consider putting it in main.
<koolhead11> ok
<tefx> at the risk of lookign and sounding like a noob its bveen years since i did it last nbtu how the hell do you set up private ns servers and then bind the domain usign bind lols
<tefx> cos i spent the last 16 hours on it and my head about to explode if i dotn get somewere with it
<koolhead11> jcastro: around
<Daviey> smoser: are you alive yet?
<zul> morning
<stgraber> hallyn: good morning. Just wondering why ubuntu-sponsors is subscribed to bug 869590 as you apparently have upload rights for libvirt in lucid
<uvirtbot> Launchpad bug 869590 in libvirt "KVM migration fails when tunnelled due to parsing error in qemu monitor" [Medium,In progress] https://launchpad.net/bugs/869590
<hallyn> stgraber: i think that got auto-subscribed.  What I was actually waiting on is bug 869553 to get fix released, as without that this fix is not sufficient.
<uvirtbot> Launchpad bug 869553 in libvirt "Apparmor prevents KVM tunnelled migration" [High,Confirmed] https://launchpad.net/bugs/869553
<stgraber> hallyn: ok, sounds good. Should I unsubscribe sponsors then?
<hallyn> and that one is waiting on jdstrand to have some time to verify if the fix is ok, or if we somehow need to be more specific.
<hallyn> stgraber: yes, thanks.
<robo> hello: i need to install a php pecl extension and found a RedHat RPM for it. What's the cleanest way to install this pecl extension? Use alient and convert the RPM or just use PECL to install it?
 * jdstrand is trying to catch up... deluge of irc backlog and email is crazy :)
<hallyn> stgraber: yeah comment #5 is where it happened.
<hallyn> jdstrand: i understand, this isn't by any means urgent i don't think, not many ppl using tunneled migration, else they'd be yelling :)
<stgraber> hallyn: argh, that's bdmurray's bug bot, again :) though I think it now adds some logic to detect upload rights and not subscribe sponsors/reviewers for no reason :)
<hallyn> stgraber: maybe there's some way we can tag a patch to have the bot ignore it?
<stgraber> hallyn: yeah, I remember us discussing a magic tag, something along the lines of leave-this-bug-alone, mostly for the kernel bugs though (where the bug bot comments every time a new kernel is uploaded)
<robo> n/m. dh-make-pecl seems to be the proper way to install pecl packages :-)
<RoyK> which pecl extension is this?
<RoyK> oh
<RoyK> pecl == pear?
<robo> RoyK, it's mongo
<robo> and pecl != pear
<robo> pecl is written in C, pear is written in php
<robo> so a rule of thumb is use the pecl package. If it doesn't exist then use pear
<RoyK> k
<robo> but the tricky part is getting pecl to work with the package manager
<robo> that's where dh-make-pecl comes in
<RoyK> same applie to pear or mixing any other package managers like perl CPAN etc
<robo> yeup
<lynxman> jamespage: ping
<jamespage> lynxman: pong
<jamespage> wassup
<lynxman> jamespage: got the latest debdiff for you, before I created it just wanted to check that the changelog looks good :)
<lynxman> jamespage: http://pastebin.ubuntu.com/752558/
<jamespage> 1.2.1-0ubuntu3 -> 1.2.1-0ubuntu2.1 (see https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging)
<jamespage> lynxman: ^^
<lynxman> jamespage: aah cool
<lynxman> jamespage: does the rest look sane?
<jamespage> lynxman: I think so
<jamespage> lynxman: stick it on the bug and I'll take another look
<lynxman> jamespage: cool, ty!
<remix_tj> sono gay
<remix_tj> fucked remote assistence with assholes friends -_-
<Tm_T> remix_tj: ...
<lynxman> jamespage: it's in the bug now, #884908
<jamespage> bug 884908
<uvirtbot> Launchpad bug 884908 in mcollective "Package dependencies need work" [Medium,In progress] https://launchpad.net/bugs/884908
<raubvogel> Let's say I create a iptable rule in my firewall (ubuntu 11.04) to forward traffic from anywhere port 5432 to 10.0.0.24 port 22
<jamespage> lynxman, uploaded :-)
<raubvogel> iptables -L -t nat shows me the rule
<lynxman> jamespage: \o/
<lynxman> jamespage: thank you sir *bows*
<raubvogel> Should I also see it in, say netstat -apn | grep 10.0.0.24 ?
<SpamapS> raubvogel: no
<SpamapS> raubvogel: netstat is at a layer below iptables
<raubvogel> SpamapS: Aha. Any suggestions for finding out why it is not working?
<SpamapS> raubvogel: or, actually.. above it.. depending on how you look at it. Either way, iptables gets in front of netstat
<SpamapS> raubvogel: /proc/net/ip_conntrack might prove helpful
<SpamapS> raubvogel: iptables -L -t nat --verbose  might also prove useful
<raubvogel> SpamapS: /proc/net/ip_conntrack should provide connections that are alive/taking place, right?
<hallyn> stgraber: am i supposed to have upload rights to libcgroup?
<stgraber> hallyn: in precise, yes, are you trying to upload to something else?
<RoyK> raubvogel: iirc, yes
<hallyn> stgraber: yeah, oneiric-proposed
<stgraber> hallyn: ok, let me change oneiric too then (I need to run the command once per release ...)
<hallyn> stgraber: thanks!
<stgraber> hallyn: should work now
<hallyn> i'd  consider applying for coredev to stop this sillyness, but last few days have proven i have some things to learn yet.
<hallyn> thanks, i'll repush :)
<stgraber> having packagesets be per release is useful sometimes but also a pain in cases like this :) In most cases if someone can upload to the current release, I'm also fine with them uploading an SRU (as SRU need additional review anyway)...
<hallyn> yeah that was my thought - sru has extra approvals anyway
<hallyn> ppetraki: could you take a look at the dmesg output in https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/893450/comments/5 and tell me if it looks kosher?
<uvirtbot> Launchpad bug 893450 in udev "KVM guest fails to autostart sometimes with virSecurityDACRestoreSecurityFileLabel error" [Undecided,New]
<ppetraki> hallyn, sure
<hallyn> ppetraki: thanks!
<raubvogel> SpamapS: No seeing anything there. And in /var/log/messages.log I see Nov 28 11:11:36 vpn kernel: [2166490.865348] IN=eth0 OUT=eth1.64 SRC=66.172.33.139 DST=10.0.0.24 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6960 DF PROTO=TCP SPT=55688 DPT=22 WINDOW=14600 RES=0x00 SYN URGP=0
<SpamapS> raubvogel: you also need to allow those natted packets in your FORWARD rules
<raubvogel> SpamapS: this is how it looks like : http://pastebin.com/PB4TzQEM
<SpamapS> raubvogel: iptables -L FORWARD -v
<ppetraki> hallyn, so that snippet looks fine. With regards to configuration, scanning the sd devices in LVM would be unnecessary, though it should't cause any harm either. To checkout the disks you can use the smartutils, run short and extended tests.
<SpamapS> raubvogel: FORWARD is not in the nat table
<ppetraki> hallyn, using smart tools: http://askubuntu.com/questions/78600/disk-utility-reports-slower-initial-spinup-time-via-s-m-a-r-t/81369#81369
<uvirtbot> New bug: #897303 in bacula (main) "bacula-common-mysql uninstallable due to conflicting files" [Undecided,New] https://launchpad.net/bugs/897303
<raubvogel> SpamapS: I forgot the prerouting entry, http://pastebin.com/hcV0djZv
<hallyn> ppetraki: thanks.  too bad :)  it sure seems slow coming up
<ppetraki> hallyn, well, SATA is slow (14-20 sec spinup), and the block devices are stacked. Could be a UDEV problem or storage stack advertising that it's ready before it really is. I'd need to see the logs from the actual failure to comment intelligently.
<hallyn> ppetraki: here https://launchpadlibrarian.net/85667014/syslog.txt   is the actual error that i'm trying to figure out  (i.e. '/devices/virtual/block/dm-2')
<ppetraki> hallyn, hmm, would need udev verbose logging and a better understanding of how many LVs the system actually has
<ppetraki> hallyn, that includes snapshots
<ppetraki> hallyn, if it is a scan issue, than making the rootdelay really big would help, like 3-4 mins
<ppetraki> hallyn,*updated title*
<hallyn> ppetraki: ok, so i need to go back and find the recommended way to ask users for udev logs
<hallyn> verbose ones, that is :)
<ppetraki> we have a troubleshooting section on UDEV, but that involves killing it and starting it in the foreground with super logging iirc
<hallyn> maybe https://wiki.ubuntu.com/DebuggingLvm
<hallyn> i'd better try that out in a kvm first
<smoser> adam_g, is there some document that discusses '<type>_orchestra_provisioning_server._tcp</type>' in avahi ?
<ppetraki> hallyn, wish we had a ramdisk switch for that
<adam_g> smoser: what do you mean?
<smoser> is there somthing that discusses the naming convention ?
<hallyn> well it's out of date for certain.  /scripts/init-premount should be scripts/init-top
<smoser> ie, why the _
<ppetraki> hallyn, changing /etc/udev.conf to udev_log="debug" and then rebuilding the initrd might also work
<smoser> you had "_orchestra_cobbler._tcp"
<hallyn> ppetraki lemme try
<ppetraki> hallyn, cool
<smoser> adam_g, following your lead i'd pick "_orchestra_provisioning_server._tcp", but i dont really know why
<adam_g> smoser: looking now
<smoser> https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/893189 comment 1
<uvirtbot> Launchpad bug 893189 in orchestra "avahi advertisement support disabled" [High,Confirmed]
<adam_g> smoser: for something specific, all man pages and other uses use that convention so...
<hallyn> ppetraki: well that sends the debug output to /var/log/boot.log, but not from initramfs' udev.  not sure if that's needed for this bug.
<hallyn> but i think we can just have him update /usr/share/initramfs-tools/scripts/init-top/udev and then update-initramfs...
<adam_g> smoser: i believe the convention is part of the dns-sd specs http://www.dns-sd.org/ and, looking at it, arbitrary service types might be abusive. perhaps keeping the type _http._tcp and filtering by the service name may be better? i'll take a look how other services use it
<hallyn> think i'll update https://wiki.ubuntu.com/DebuggingUdev
<smoser> adam_g, squid-deb-proxy uses: http://paste.ubuntu.com/
<smoser> so we're no worse.
<adam_g> smoser: yeah, ive got a few services insatlled here that are using "non-standard" service type
<storrgie> I'm installing ubuntu server 11.10 here, I have / on a md volume. When I get to the grub portion of the install I see 'executing grub-install /dev/sda failed this is a fatal error' and I really cant work beyond this
<SpamapS> smoser: I take issue with s-d-p since it can't use PPA's or external sources
<smoser> unrelated, SpamapS
<SpamapS> smoser: I guess my point is that it advertises something it cannot doe
<SpamapS> do even
<SpamapS> smoser: if all we're doing is logging into cobbler, why are we advertising orchestra and not cobbler?
<smoser> cobbler explicitly disabled their avahi advertising. it wouldn't make much sense imho to advertise a servie that is not something we control and the upstream explicitly *stopped* advertising.
<storrgie> with 11.10 can you install to a software raid1?
<smoser> and it seems to me to make more sense to me as an orchestra thing, as the one thing we're expecting right now to use it for is registration, which is not a cobbler (specific) thing.
<smoser> SpamapS, ^
<smoser> adam_g, i realized my pastebin fail above.
<smoser> it seems pastebinit is broken
<smoser> it seems pastebin.ubuntu.com doesn't like stuff that starts with '<?xml"
<smoser> http://paste.ubuntu.com/752758/ is better.
<smoser> anyway.
<adam_g> smoser: thats cool, was looking at squid-deb-proxy.service when you pasted
<smoser> i just blindly run pastebinit and copy and paste the output.
<SpamapS> smoser: meh, did upstream give a reason for disabling their avahi?
<smoser> bug 893189 has a link to the commit.
<uvirtbot> Launchpad bug 893189 in orchestra "avahi advertisement support disabled" [High,Confirmed] https://launchpad.net/bugs/893189
<smoser> i dont really care either way, and we can put it in cobbler, but the one thing we're going to use this for is not cobbler.
<SpamapS> smoser: oh? We're not doing direct cobbler xml-rpc anymore?
<smoser> well, we are. but the cobbler-enlist stuff isn't from cobbler.
<smoser> so i dont' know.
<SpamapS> ... maybe it should be. ;)
<smoser> i dont feel strongly, but i personally feel "orchestra" is a better place for that.
<smoser> well....
<smoser> interesting
<SpamapS> for enlist, it makes sense that it would be its own thing.. thats why we have the API. But for avahi.. just finding "the cobbler server" .. seems like that would be advertising *cobbler*. :P
<smoser> it would look to me jus from that diff and nothing eles, that cobbler probably advertises '_http._tcp'
<smoser> which is clearly not sufficient.
<SpamapS> yeah, we don't want _http .. we want _cobbler_on_http .. :)
<SpamapS> Anyway, I prefer loose coupling during heavy innovation, so this probably makese sense to have outside cobbler until we know it works.
<smoser> ok.
<RoAkSoAx> smoser: I agree with you, a better place might be orchestra itself
<smoser> RoAkSoAx, so how would you think i should land this.
<smoser> do you want an upstream release for it ?
<smoser> or commit to upstream
<smoser> and then release a new ubuntu with a patches patch
<smoser> RoAkSoAx, ^
<smoser> and https://code.launchpad.net/~smoser/orchestra/add-avahi/+merge/83664
<adam_g> RoAkSoAx: ping
<RoAkSoAx> smoser: this should probably be upstream orchestra
<RoAkSoAx> adam_g: pong
<smoser> yes.
<smoser> but to get a fix in today
<smoser> do you want re-release an upstream orchestra
<smoser> versus just an ubuntu
<smoser> the merge proposal above is against upstream.
<RoAkSoAx> smoser: i can release upstream orchestra
<Daviey> hey o/
<smoser> RoAkSoAx, ok then, you want to just pull that change and release ?
<adam_g> RoAkSoAx: nvm..  orchestra-import-isos now requires an argument to do the imports where it did them by default previously. ill fix and push to you soon
<RoAkSoAx> smoser: yp will od
<Daviey> smoser: if this is in the cobbler package, advertise it as cobbler - if it is in the orchestra package, orchestra-cobbler IMO
<RoAkSoAx> adam_g: `yeah it does, check that it wont break the update-settings nor the check for correct commands and so on
<RoAkSoAx> Daviey: i think this should be orchestra side
<RoAkSoAx> Daviey: as this are features for orchestra rather than features we would upstream cobbler
<smoser> Daviey, yes. its going into orchestra package at the moment.
<adam_g> RoAkSoAx: huh? the cronjob that gets installed doesn't do anything now.
<smoser> and advertised as orchestra.
<Daviey> okay, great
<RoAkSoAx> adam_g: err cause of the no argument I pressume
<RoAkSoAx> err i mean cause of the argument we need now
<smoser> RoAkSoAx, i've verified that adding that file to /etc/avahi/services/ results in 'avahi-browser --all' listing
<smoser>  eth0 IPv4 Orchestra Provisioning Server on brickies     _orchestra_provisioning_server._tcp local
<smoser> so if you could get a new package out sooner than later, that would be very nice.
<Daviey> Should we look to rename cobbler-enlist to orchestra-client-enlist ?
<Daviey> smoser: Does it expose ipv6 out of interest?
<smoser> i did not.
<smoser> but i can make it
<smoser> http://paste.ubuntu.com/752819/
<Daviey> great
<smoser> Daviey, do you want it to ?
<Daviey> I think we should..
<SpamapS> Seems like it should stay named cobbler-enlist
<smoser> RoAkSoAx, if you're that merge proposal, please re-pull it. i just added ipv6
<SpamapS> Unless there is a plan to have it enlist in some super-service?
<SpamapS> (which is why I also am puzzled why we aren't just advertising cobbler on avahi)
<dkn> anyone catch that mad sale on the intel 320 SSD's? $1/GB!
<RoAkSoAx> smoser: ok, will take care of it in a bit
<RoAkSoAx> adam_g: is yout fix gonna be ready anytime soon?
<adam_g> RoAkSoAx: i will
<RoAkSoAx> adam_g: so that I just release once
<adam_g> RoAkSoAx: yeah, wait on me. ill let you know when its good to go
<RoAkSoAx> adam_g: cool thanks
<RoAkSoAx> smoser: merged. will be released once adam_g sends his fix over
<smoser> k
<smoser> gracias
<RoAkSoAx> smoser: do you want a new binary package for it? or should it be shipped with the provisioning server?
<smoser> the merge proposal shipped it with the provisioning server
<smoser> did you not see that ?
<smoser> or did i not do it right
<RoAkSoAx> smoser: no it is fine, i was just double checking
<RoAkSoAx> whether you want it where it is, or a new -publish package
<RoAkSoAx> Daviey: here's what koan --replace-self does: http://pastebin.ubuntu.com/752851/
<smoser> i think it makes most sense to be in provisioning-server
<RoAkSoAx> smoser: ok
<Daviey> RoAkSoAx: is that what we want?
<RoAkSoAx> Daviey: if we easily want to re-install a system i think it would be desirable
<Daviey> RoAkSoAx: right, but if we can work out a sane way to hard code a url to ipxe.. (other than embdedding a script), that seems to have a cleaner solution
<Daviey> Ie, every reboot will recided to reinstall or boot local
<Daviey> regardless of firmware pxe.
<Daviey> and dhcp next-server.
<RoAkSoAx> Daviey: basically, it just downloads the initrd,linux palces it /boot, updates grub, and when it restarts, it does the installation
<RoAkSoAx> Daviey: yeah its 2 different approaches
<RoAkSoAx> Daviey: i'll look into ipxe now
<Daviey> RoAkSoAx: Do you think koan is superior?
<RoAkSoAx> Daviey: idk if superior, but koan definitely been made to be a helper tool for cobbler
<RoAkSoAx> Daviey: I'm gonna look into ipxe-grub
<RoAkSoAx> Daviey: cause, you wanna use ipxe-grub *after* the system has been registered, but not installed right?
<RoAkSoAx> Daviey: while koan, is for when the system has already been installed
<Daviey> RoAkSoAx: no, this satisfies the reinstal scenario, where we don't have dhcpd access.
<RoAkSoAx> Daviey: ok, so why use ipxe when koan is already in place then
<RoAkSoAx> Daviey: i mean, we already have the way of doing so
<Daviey> RoAkSoAx: Using koan you need to access the client machine, right?
<RoAkSoAx> Daviey: we can either use koan an adapt it to automatically look for the orchestra server
<RoAkSoAx> Daviey: yes you do
<Daviey> if we can do this via pxe, we don't need to access the machine
<Daviey> just tell cobbler to reinstall, and powercycle using power control
<Daviey> right?
<RoAkSoAx> Daviey: so you mean a "remote" command?
<Daviey> yeah
<RoAkSoAx> Daviey: right, we can tell the machjine that the remote command is koan
<RoAkSoAx> Daviey: or ipxe already supports something similar
<RoAkSoAx> Daviey: IIRC, cobbler had a feature on which would allow remote control for reinstallas and stuff but was removed
<Daviey> RoAkSoAx: right, but if we can use ipxe scripting - we get this for free..
<Daviey> The same model works if it is hardware pxe boot, or ipxe then
<RoAkSoAx> Daviey: ok let me look into ipxe first
<RoAkSoAx> and then I'll be able to give a better opinion
<Daviey> great!
<uvirtbot> New bug: #897373 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/897373
<adam_g> RoAkSoAx: expected behavior if i  run  'orchestra-import-isos -u -i' ?
<RoAkSoAx> adam_g: show show error, either one of them should work
<RoAkSoAx> or usage
<vasosanitario> alguem me passa lista de regras de iptables
<kirkland> could someone nudge Bug #887344 along?
<uvirtbot> Launchpad bug 887344 in tmux "[MIR] tmux" [Medium,Confirmed] https://launchpad.net/bugs/887344
<kirkland> (Daviey)?
<adam_g> RoAkSoAx: conflicts with which? lp:orchestra ?
<RoAkSoAx> adam_g: yes
<adam_g> RoAkSoAx: oh jeez, i was based on the ubuntu branch. one min
<RoAkSoAx> adam_g: lol no worries, gonna go for lunch will merge when I get back
<adam_g> cool
<elz89> I am having problems when setting up slapd. I would like to know how to remove it properly, plus all configuration, so that I can start over?
<Daviey> hallyn: Soft-freeze for a1 is now live... Makes sense to wait until end of week to remove etherboot?
<Daviey> Doesn't seem to be something we need to acquire a freeze request for, right?
<adam_g> RoAkSoAx: rebased on trunk, sent another proposal
<RoAkSoAx> adam_g: cool will merge it in a few
<elz89> sudo apt-get purge slapd doesn't seem to remove everything?
<SpamapS> elz89: what did it leave behind?
<jdstrand> hallyn: I seem to be having a problem with qemu and -usb. see http://paste.ubuntu.com/753100/
<jdstrand> hallyn: basically, on oneiric if I specify -usb, I get a UHCI Host Controller without having to do anything else. on precise, I do not
<jdstrand> hallyn: this might be a 0.14.1 vs 0.15 thing, but http://wiki.qemu.org/ChangeLog/0.15 wasn't enlightening. have you seen this? am I doing something wrong?
<jdstrand> hallyn: hello btw :)
<jdstrand> I'm going to file a bug
<jdstrand> hallyn: fyi, bug #897466
<uvirtbot> Launchpad bug 897466 in qemu-kvm "UHCI Host Controller no longer present with -usb" [Undecided,New] https://launchpad.net/bugs/897466
<RoAkSoAx> smoser: orchestra released
<kirkland> looks like you guys are kicking butt on Orchestra today :-)
<RoAkSoAx> kirkland: hehe :)
<hallyn> jdstrand ok thx will look tonight
<Xelmep> HELP About PPTP Server on Ubuntu 10.04 !!!
<Xelmep> HELP About PPTP Server on Ubuntu 10.04 !!!
#ubuntu-server 2011-11-29
<kaushal> Hi
<Resistance> !ops | excess flooder!
<ubottu> excess flooder!: Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
<Xelmep> HELP About PPTP Server on Ubuntu 10.04 !!!
<kaushal> is there a way to know a specific server got unresponsive for some wierd reason and there is no option left except for reboot ?
<Xelmep> kaushal: you need to reboot machine ?
<kaushal> yeah
<kaushal> since its not responsive
<Xelmep> from terminal or SSH ?
<kaushal> can i know the reason for being unresponsive ness ?
<Xelmep> you try with sudo reboot ?
<kaushal> i mean what caused the server to crash or not responsive
<Resistance> okay, i think i got jcastro's user dealt with by contacting that user another method ;P
<Xelmep> HELP About PPTP Server on Ubuntu 10.04 !!!
<twb> Don't use PPTP, it's weakly encrypted.
<Xelmep> twb: what to use better ?
<twb> ipsec/l2tp or openvpn
<Xelmep> do you know any tutorial
<Xelmep> ?
<kaushal> twb: hi
<Xelmep> how to install and configure
<twb> Xelmep: not off the top of my head.  Have you checked the Ubuntu Server Guide?
<twb> https://en.wikipedia.org/wiki/PPTP#Security_of_the_PPTP_protocol
<kaushal> is there a way to check "what caused the server to crash or not responsive" ?
<Xelmep> not
<Xelmep> i checked for pptp
<twb> Technically you could use EAP-TLS with PPTP, in which case it's no worse than using EAP-TLS for 802.11 WPA2-Enterprise, but I have never seen that in the wild
<Xelmep> aha
<Xelmep> ok
<Xelmep> what is better openvpn or ipsex
<Xelmep> ipsec
<Xelmep> :)
<twb> But at that point you're rolling out an TLS cert hierarchy anyway, so you're better off using something else.
<Xelmep> ok
<Xelmep> thanks
<twb> Xelmep: well, ipsec is a standard part of IPv6, so IMO it's a better thing to learn long-term
<Xelmep> i will try to install openvpn
<twb> Xelmep: for a simple point-to-point connection openvpn is very easy, for a hub-and-spoke layout it requires you to understand how TLS/x.509 work
<Xelmep> ok
<Xelmep> thank you, now i will try to install and configure
<Daviey> RoAkSoAx: How is it going?
<RoAkSoAx> Daviey: good good
<RoAkSoAx> Daviey: you?
<RoAkSoAx> lol
<Daviey> RoAkSoAx: tired :)
<Daviey> RoAkSoAx: Were you able to look at ipxe?
<RoAkSoAx> Daviey: looking at it now
<RoAkSoAx> Daviey: though for what I'm reading in the documentation, it might be easier to use koan cause eoither way, we ould have to 1. flash the rom of the NIC, 2. chainload, and chainload means telling the DHCP to use the ipxe rom
<Daviey> RoAkSoAx: great, i'd love to hear what you think.. But i need to go afk now.  Can you let me know when you are done, and i'll see it in scrollback?
<Daviey> RoAkSoAx: wait, flash to nic?
<Daviey> Nooo
<Daviey> You /can/ do that.. but it's a pure option.
<RoAkSoAx> Daviey: right, that's why I'm saying option 1: Flash NIC, option 2: PXE chainloading with ipxe
<Daviey> Currently, grub-ipxe plugs into grub like another kernel
<Daviey> So we chainload from grub.
<RoAkSoAx> Daviey: right, let me look at grub-ipxe then and we can catch up later or tomorrow morning
<Daviey> RoAkSoAx: Yeah, if you apt-get install grub-ipxe, you'll see the option in grub menu.
<Daviey> It'll give you a menu, but you can embed a script which hard codes (or other stuff) options
<Daviey> So we can gather from avahi where cobbler is, and inject it into the binary.
<Daviey> meaning that we are not dependant on dhcpd options.
<Daviey> The problem is, it's not clear to me if we can embed the script file without re-compiling.
<RoAkSoAx> Daviey: right, if this is only for reinstallations maybe koan is better option
<RoAkSoAx> Daviey: if this was for the cases on which we have a system without a OS yet, then is more useful
<RoAkSoAx> Daviey: koan (before the avahi stuff was removed from cobbler) was supposed to be able to automatically discover where the cobbler server is and boot from there
<Daviey> RoAkSoAx: noooo
<Daviey> How is it more useful with systems with no OS?
<Daviey> If the system has no OS, it has no grub - and therefore no grub-ipxe.
<RoAkSoAx> Daviey: exaclty
<RoAkSoAx> Daviey: that' was my point :) why do something that is already done by koan :)
<Daviey> uh?
<RoAkSoAx> Daviey: so, I install grub-ipxe, reboot, and the grub allows me to PXE boot, right?
<Daviey> RoAkSoAx: Right, that requires we ssh into the client.. and run the command?
<Daviey> RoAkSoAx: yup
<RoAkSoAx> Daviey: that means we need to install grub-ipxe and reboot whenever we want to reinstall
<RoAkSoAx> Daviey: so in a way, ssh into the client, and run the command, correct?
<Daviey> RoAkSoAx: Perhaps a phone call would help explain the point?  This seems to be circular.
<RoAkSoAx> Daviey: yeah I think that would be best. But we can take it tomorrow if that's better for you since you were on your way out :)
<twb> #dovecot is asleep
<twb> Anyone care to sanity check my dovecot change to enable a virtual (i.e. non-PAM) account?
<twb> http://paste.debian.net/147395/
<twb> I'm a little bit scared to try it on the production system without any testing or peer review -- also I don't know offhand how to generate an SSHA
<SpamapS> reading
<SpamapS> twb: my dovecot is weak.. but it looks sane enough.
<twb> OK, thanks
<pukeko> hi all, i have a handful of vms that will be running apache2 and various websites, i want to put an accelerator "in front" to point to machines based on requested url -- is squid the way to go or is something like varnish "better" what else is there ?
<twb> pukeko: main problem with varnish is you need to install cc
<lifeless> I'd use squid always, but then I'm a *tad* biased
<twb> Also I wanted to do LDAP-backed HTTP auth to lock down access to most of my http backends, so I ended up using apache's mod_proxy :-/
<twb> lifeless: squid's a pretty traditional (read: old fuddy-duddy) choice :-)
<lifeless> twb: heh
<pukeko> ..ok then squid is fine.. all i want it to do is direct traffic via url request, can i config it not to cache ?
<pukeko> or do i just tell it to not cache anything over some tiny kb ?
<lifeless> either of the abve
<twb> I also looked at nginx but the fact it has other baroque stuff like a pop3 proxy built in, that kinda spooked me
<pukeko> ok thanks for the help.. bbl
<auston> Hi
<auston> Does anyone here can help me on the Ubuntu server? I'm very new to Ubuntu.
<koolhead17> auston: just ask :)
<auston> I have just installed Ubuntu server 11.10 and has configured 2 NIC. Going to use for DHCP and Firewall purpose.
<auston> But I wish to know step by step how to setup for DHCP first.
<koolhead17> auston: https://help.ubuntu.com/10.04/serverguide/C/
<auston> I just installed dhcp3-server but when accessing the .conf file it stated New File. Is that the correct way?
<SpamapS> auston: even better, https://help.ubuntu.com/11.10/serverguide/C/ (updated for 11.10 changes)
<SpamapS> I believe 11.10 uses isc-dhcp-server
<auston> I try to install using isc-dhcp-server for 11.10.
<ikonia> auston: what's the problem ?
<auston> having problem downloading isc-dhcp-server
<koolhead11> hi all
<ikonia> auston: can you explain beyond " a problem"
<Takyoji> Having difficulty with /etc/security/groups.conf not autoassigning certain groups (i.e. plugdev) to LDAP users on the client system, thoughts?
<Takyoji> I have pam_group.so included just fine for PAM and everything, yet it does not work.
<auston> Now, I'm able to download and installed the isc-dhcp-server. Just now was due to the internet connection problem.
<auston> I got error msg when restart isc-dhcp-server. It says, "Configuration file errors encountered -- exiting.
<auston> I found the problem with the line missing ";" at the end of file
<pukeko> is this ok for an quick and dirty /etc/hosts file 192.168.0.77 www.example.com,support.example.com,ftp.example.com ?
<pukeko> i mean are the commas allowed ?
<auston> why i always got problem to ifup with my eth1? It says, R.. file already exist! when I editting the network interface conf file.
<RoyK> Berge: ikke ISDN dialup, med andre ord?
<RoyK> return -OWRONGWINDOW;
<Randolph> hi all
<eagles0513875> !virt-manager
<soren> RoyK: Never realised you were Danish.
<soren> RoyK: Or is that also valid Norwegian?
<eagles0513875> hey guys i need some help
<eagles0513875> how can i get virt-manager to connect to the local host for xen
<soren> virt-manager -c xen:///
<soren> I think.
 * soren never really used Xen.
<eagles0513875> im setting that up via the GUI yet its saying it cannot connect
<soren> Er..
<soren> Did you try the command I just gave you?
<eagles0513875> yes that worked but for some reason its not seeing the hypervisor
<soren> Ok.
<eagles0513875> which is already installed
<soren> IIRC, you need to enable...
<soren> er...
<soren> the http endpoint?
<eagles0513875> xend has been started
<eagles0513875> ? not understanding what you mean
<soren> Can you pastebin your xend config? Maybe that'll job my memory.
<soren> jog my memory, even.
<eagles0513875> soren: http://paste.ubuntu.com/753444/
<soren> Ah, yes, there we go.
<soren> ADd this:
<eagles0513875> humm i did ifconfig
<eagles0513875> i have 2 bridges
<soren> (xend-unix-server yes)
<soren> ...and you should be golden.
<soren> (well, restart xend afterwards)
<soren> The xen:/// driver in libvirt talks to Xen through that interface.
<eagles0513875> which interface
<eagles0513875> the virbr
<eagles0513875> and do i need to have the bridge scripts uncommented still
<eagles0513875> guess not im connected :D
<eagles0513875> soren: is the a gui front end to create the vm's
<soren> No, not network interface.
<soren> I don't understand your last comment?
<eagles0513875> do i use the command line to create the guests or is there some gui based application to create virtual machines
<soren> I don't know what people do nowadays.
<eagles0513875> ok ty
<ikonia> soren: how is the xen libvirt intergration these days ?
<soren> ikonia: No clue. I don't use Xen if I can avoid it.
<soren> Which I can.
<ikonia> ha ha, same as me then
<eagles0513875> whats everyones aversion to xen what advantages does kvm have over xen
<ikonia> thats why I didn't know how the xen/libvirt intergration was
<ikonia> eagles0513875: make up your own mind, if you like xen, use it
<eagles0513875> ikonia: i know im just wondering what advantage for instance does kvm have over it
<ikonia> personal preference
<eagles0513875> ok
<ikonia> read the tech spec pages, they do things differently
<soren> eagles0513875: I find kvm to be much more architecturally sound than Xen.
<soren> eagles0513875: I also prefer its security model.
<soren> eagles0513875: And the fact that it doesn't require a non-Linux kernel to work.
<eagles0513875> humm will have to do some research into it :)
<eagles0513875> soren: what do you mean by non linux kernel? you mean one that has it compiled into it like xen used to need
<smb> soren, the last point is sort of mood since 3.x ;)
<eagles0513875> smb: exactly lol
<soren> smb: No, it's not.
<eagles0513875> yes it is soren
<soren> No. It. Is. Not.
<soren> I'm not talking about the patched Linux kernel.
<eagles0513875> ahh ok
<smb> but I would agree that it takes longer to get it working. it has a lot of knobs and twiddles all of which one can get wrong
<soren> I'm talking about the Xen hypervisor kernel. Which is entirely different.
<soren> The Xen hypervisor is an operating system kernel. It's based off of a microkernel called Nemesis.
<smb> soren, Ok, that is true
<soren> On top of that, you run your dom0.
<m3ridian> I've got a virtual 10.4LTS Server running. After a reboot (a new kernel had previouly been installed) this morning it's unable to start. It doesn't matter which kernel I select. The only thing I see on a normal boot is a black screen and a _  . If I boot in recovery I can see it detect the disks attached but after running "Begin: Running /scripts/init-bottom ..." and returning "Done."
<m3ridian> the machine freezes and does not seem to be alive.
<soren> And all of your domU's.
<auston> I having problem to bring up eth1
<soren> auston: Go on..
<auston> i managed to installed and configured isc-dhcp-server and able to obtain the ip from eth0 but unable to access internet.
<ikonia> dhcp/internet access are two totally different things
<ikonia> auston: what gateway and dns servers did you setup in your dhcp server to give to the clients
<auston> the local network ip is 192.168.76.0 gateway 192.168.76.23
<ikonia> not what I asked
<ikonia> re-read what I asked
<auston> eth0 ip: 192.168.76.245, eth1 ip: 192.168.76.5
<ikonia> again, not what I asked
<auston> gateway to the router, dns server to local server.
<ikonia> ok, so test each component
<ikonia> 1.) can you client do a dns lookup
<ikonia> your
<auston> managed to get local dns server ip
<ikonia> no
<ikonia> what is the point of that
<ikonia> you can't get to the internet
<ikonia> can you lookup internet addresses
<auston> the ubuntu server itself is able to access internet
<ikonia> again, not what I'm asking
<ikonia> why are you not answering the questions I am asking
<auston> I'm not too sure where to look for
<ikonia> right, so if you don't know say "I don't know how to do that" rather than just providing random information
<ikonia> on the client type "nslookup www.google.com"
<auston> ok, i got response from client: **** Can't find address for server...
<ikonia> ok, so there is your problem
<ikonia> or at least the start of your problems
<auston> I have setup 2 NICs on the ubuntu dhcp server. Eth0 connected to the router and eth1 connected to client.
<_ruben> and both in the same subnet at first glance, which tends to be asking for trouble
<ikonia> agreeed
<auston> But the client managed to get ip from dhcp server but not able to connected to the internet. Only the server itself can do.
<auston> Both server and client configured using the same subnet mask
<ikonia> auston: DNS !!!
<ikonia> auston: your client can't resolve addresses, that is reason 1 it can't connect to the internet - fix that
<auston> But can't even ping to local dns server using ip.
<ikonia> I give in
<ikonia> pinging a dns server does not mean it can use it as a name resolver
<ikonia> auston: your client cannot use the DNS server you have set as a resolver, fix that
<auston> Do I need to change the DNS setting from dhcp?
<ikonia> no
<ikonia> I'll say it again - the DNS server you have set the client to use, is not responding to public internet zone lookups from your client
<ikonia> you need to FIX the DNS server you have set to accept connections from your client and do public lookups
<RoyK> soren: norwegian :)
<soren> RoyK: Ok :)
<soren> auston: Why are both your interfaces on the same subnet?
<auston> As I'm not sure how to do that for both interfaces. Thought it can route the traffic from eth1 to eth0 interface.
<soren> Why would you want to route from one interface to the other if they're connected to the same network?
<auston> Because client conneted to eth1 interface needed to get ip from the server and this server will be acting as a firewall once the internet connection is done.
 * RoyK somewhat guessed soren was danish by the name
<soren> auston: So both interfaces are in fact connected to the same network right now?
<soren> RoyK: I'm not very good at being under cover :)
<RoyK> hehe
<pukeko> question, /etc/hosts ... whats the syntax for "cnames" ? are they comma separated or can i put them on a new line ?
<pukeko> ie
<soren> No commas.
<pukeko> 192.168.0.7  www.example.com
<soren> Just put multiple names on the same line.
<pukeko> 192.168.0.7  www.example2.com
<soren> Separated by whitespace
<soren> No.
<soren> 192.168.0.7 www.example.com www.example2.com
<pukeko> thanks
<soren> Sure.
<pukeko> is it ok to stick a squid reverse in front of a CalDav server ?
<koolhead11> i have downloaded image http://uec-images.ubuntu.com/oneiric/20111110/oneiric-server-cloudimg-amd64.tar.gz
<koolhead11> what is default username/passwd for this to login ?
<koolhead11> or is it restricted to login via key-pair
 * koolhead11 pokes smoser 
<uksysadmin> koolhead11, hello
<uksysadmin> use your key and log in with ubuntu@
<lynxman> koolhead11: smoser is sleeping ;)
<lynxman> koolhead11: it's normally ubuntu/ubuntu afaik
<lynxman> koolhead11: if it's juju deployed then just your ssh id will suffice with ubuntu@ as uksysadmin said
<uvirtbot> New bug: #897632 in postfix (main) "package postfix 2.8.5-2~build0.11.04 failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ ÑÑÑÐ°Ð½Ð¾Ð²Ð»ÐµÐ½ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ post-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 75" [Undecided,New] https://launchpad.net/bugs/897632
<sanderj> Hi. What do I need to do in  my firewall or ftp server to get active mode ftp working behind nat?
<koolhead11> hola uksysadmin lynxman
<capeta> I'm trying to create my own .deb package of nginx using checkinstall but it don't work, I'm using the sources of 'apt-get source nginx' and downloading the two new modules manually. It configure, using the ./configure with the same parameters of the official package plus new modules, compile (make) but the .deb generated (by the checkinstall) don't work. Anyone knows what I'm doing wrong?
<koolhead11> capeta: try #ubuntu-motu better place with l33ts :D
<koolhead11> lynxman: uksysadmin i remember yesterday able to login the instance with ubuntu/password
<capeta> ok
<uksysadmin> koolhead11, I've never logged in using a password to the uec images - ubuntu/ubuntu ?
<koolhead11> uksysadmin: i have curious issue with mine, juju needs zookeeper installed as 1st pkg once it gets started/initilized
<koolhead11> then only juju ststus will work
<uksysadmin> does bootstrap not do that for you?
<koolhead11> uksysadmin: bootstrap will do only if my network/nova has direct internet access
<koolhead11> which i dont have
<uksysadmin> ah - yeah I'm battling with that since I've been playing
<uksysadmin> could do with being able to set proxies in the process
<koolhead11> uksysadmin: you mean during bootstarp
<koolhead11> ?
<uksysadmin> yeah - is that possible?
<koolhead11> juju bootstrap --proxy= ?
<koolhead11> :D
 * uksysadmin is a n00b
<uksysadmin> ;-)
<koolhead11> uksysadmin: me too
 * uksysadmin is attending charm school on Friday
<koolhead11> come to #juju am troubling hazmat there, and talking on same issue
<koolhead11> uksysadmin: me2 :D
<uksysadmin> I noticed ... I'm there
<uvirtbot> New bug: #855711 in bacula (main) "Bacula director not listening " [Undecided,New] https://launchpad.net/bugs/855711
<koolhead11> http://uec-images.ubuntu.com/oneiric/20111110/oneiric-server-cloudimg-amd64.tar.gz this is the image i am using
<koolhead11> the euca-get-console-log says this :-
<koolhead11> http://paste.ubuntu.com/753592/
<koolhead11> lynxman: i can confirm that you cannot book cloud-images with any password, I am building an image from a Oneiric ISO and doing modifications :P
<koolhead11> *log
<lynxman> koolhead11: aww shucks
<koolhead11> lynxman: am happy, finally learning how to play with bundling my own ubuntu image :D
<koolhead11> hola Daviey :)
<koolhead11> lynxman: i see your tweet :P
<lynxman> koolhead11: wha?
<koolhead11> lynxman: :D
<koolhead11> beer
<uvirtbot> New bug: #897663 in image-store-proxy (universe) "don't connect to imagestore.canonical.com" [Undecided,New] https://launchpad.net/bugs/897663
<elb0w> Anyone ever have an issue building cuda on 11.04?
<smoser> koolhead11, there is no username and password combination
<smoser> there is a user 'ubuntu', but you cannot login via password unless modificatoin is done.
<smoser> please read https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward
<smoser> lynxman, just for your info
<smoser> ^
<koolhead11> smoser: thanks sir. creating one image for myself because i need to add proxy-info for apt before uploading to bucket
<koolhead11> and will ahve to add cloud-init pkg too inside it
<koolhead11> lynxman: i spent like good time trying hit and trial :P
<smoser> koolhead11, so you're just wanting to add apt-proxy config ?
<lynxman> smoser: oh cool, ty :)
<koolhead11> smoser: yes because my nova is running via proxy
<smoser> i'm paticularly interested in this as I'm trying to make that "just work" and use local proxy or mirror if available.
<koolhead11> and when am staring juju-bootstrap, 1st thing it does is tries to install zookeeper
<smoser> koolhead11, i wonder, would it be acceptable to you to set up a dns name "ubuntu-proxy" in the default domain ?
<smoser> this is not working yet, but that is one way i'm considering allowing that to "just work"
<koolhead11> smoser: i doubt :(
<smoser> no?
<koolhead11> i will simply add /etc/apt proxy file
<smoser> can you think of some other way that it could "just work" ?
<koolhead11> and add the proxy server detail
<smoser> koolhead11, right. and that will work fine.
<koolhead11> smoser: :)
<smoser> but you're not the only person that will hit this
<smoser> and i want to make it easy for it to "jsut work" without modification of the images.
<koolhead11> smoser: hehe. :D
<smoser> so i'm looking for input from you
<smoser> why wouldn't you be able to add a dns name ?
<koolhead11> smoser: because that proxy server is my desktop machine running different subnet :(
<koolhead11> btw hazmat has filled a bug on same
<smoser> do you have a number? i dont see anything like that
<smoser> i really dont think juju should do proxy configuration
<koolhead11> smoser: 1 sec
<koolhead11> smoser: https://launchpad.net/bugs/897645
<uvirtbot> Launchpad bug 897645 in juju "juju should support an apt proxy for private clouds" [Undecided,Confirmed]
<koolhead11> smoser: also wondering why z00keeper is also not installed on cloud image :P
<smoser> koolhead11, the most immediate answer is "its not in main"
<smoser> the second would be, that it is probably at this point still an unlikely package to be installed.
<koolhead11> smoser: http://paste.ubuntu.com/753662/
<koolhead11> first thing juju does once i run juju status
<koolhead11> :D
<smoser> the only other issue with zookeeper is that it depends on java and thus its probably a 50M additional footprint installed (complete guess)
<smoser> koolhead11, can you get the rest of that ...
<smoser> i'm interested in "Need to get" and "After this operation,  XXXX will be used"
<koolhead11> smoser: pasting it
<koolhead11> wait
<koolhead11> :D
<koolhead11> smoser: http://paste.ubuntu.com/753667/
<smoser> koolhead11, you shorted me...
<smoser> there should be a line like "After this operation" ?
<smoser> i can figure it out myself easily enoug, though.
<zul> good morning
<koolhead11> smoser: http://paste.ubuntu.com/753480/  euca-get-console-output :P
<koolhead11> hola zul
<zul> hi koolhead11
<lynxman> zul: good moaning :)
<smoser> koolhead11, i thought i had a bug for this.
<smoser> but just opened one, bug 897688
<uvirtbot> Launchpad bug 897688 in cloud-init "cloud-init should support apt-proxy and hostname based mirror selection" [Undecided,New] https://launchpad.net/bugs/897688
<koolhead11> smoser: apt.conf  is what i used simply added proxy server and port
<smoser> koolhead11, above, regarding zookeeper, "127 MB of additional disk space"
<koolhead11> smoser: 127 0.o
<smoser> so we'd grow the images from ~ 600M to 725, which is a 20% growth
<smoser> yeah.
<koolhead11> smoser: better leave it
<smoser> so its not an easy thing.
<koolhead11> let juju handle it :P
<koolhead11> smoser: the cloud image is 205 MB i think :P
<smoser> 205 compressed download.
<smoser> 600~ filled filesystem.
<koolhead11> smoser: o00h
<smoser> the disk image you get is a qcow compressed sparse disk
<koolhead11> cloud-publish-image takes good time :P
<smoser> the cloud-init 'make-iso' stuff that i pointed you at is the start at making scripted modifications to the images easy to do.
<smoser> ie, you could easily
<smoser>  * download image
<smoser>  * boot image with cdrom attached with userdata that did:
<smoser>   * install zookeeper and other juju stuff
<smoser>  * change local mirror
<smoser>  * shutdown
<smoser>  * publish modified image
<smoser> i guess other things to do there would be something like: 'apt-get clean' and some other "clean up my mess" stuff, but the point being local modification is easy without having to even be root.
<koolhead11> smoser: i used KVM and did exactly same, am now at last step :D
<smoser> you did it via user-data ?
<smoser> juju could easily publish doc on how to do that before uploading your own cloud image, and could do it all via one program wrapper.
<koolhead11> smoser: i booted the machine via KVM and then used VNC viewer to connect it and do needed modification
<smoser> yeah... i just don't like having to have you interact with it.
<smoser> as then its un-reproducible
<smoser> clearly here its fine, but a fully reproducible solution is much nicer.
<smoser> thanks for your input by the way. this has been helpful.
<koolhead11> !user-data
<koolhead11> smoser: would you please point me to the user-data doc/method doc i should look into
<smoser> https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward
<smoser> you can probably figure it out from there.
<smoser> do the bzr brandch of cloud-init as shown, then look at 'user-data' in cloud-init/doc/ovf
<smoser> it is just cloud-init userdata.
<smoser> just put a '#!/bin/sh' script there that does everything you want, then cleans up, then shuts down.
<koolhead11> smoser: thanks again.
<smoser> if you have questions, please let me know. this is somethign that "should work" but is very admitteldly not documented well.
<Xelmep> Help please ~
<koolhead11> smoser: one help. i have my custom image booted, but am not getting anything from euca-get-console-output useful, as i got from the cloud image
<koolhead11> ?
<koolhead11> is there specific package i need to add in the image to get that
<smoser> how did you make the custom image ?
<smoser> just by modifying the original?
<koolhead11> smoser: yes and adding proxy information
<smoser> you should get console output still.
<smoser> i suspect somethign went wrong and it did not start.
<Xelmep> How to see local IP in Virtual Server
<Xelmep> ?
<koolhead11> smoser: i get instance ID and time i-0000002c 2011-11-29T14:40:37Z
<koolhead11> :(
<RoyK> Xelmep: ?
<smoser> i suspect somethign awry in openstack
<Xelmep> RoyK: i vant to configure VPN server
<koolhead11> smoser: but when am booting yours cloud image i get the console output :P
<Xelmep> byt i don`t know how to see local IP
<RoyK> Xelmep: what vpn server? what hypervisor? what sort of system?
<Xelmep> Ubuntu server
<RoyK> !vpn
<ubottu> For more information on vpn please refer to https://wiki.ubuntu.com/VPN
<smoser> koolhead11, right. but nothing you did shoudl have changed that :)
<smoser> oh...
<smoser> did you upgrade grub by chance?
<koolhead11> smoser: no. :P
<koolhead11> let me upload original image and see if i get console output
<smoser> koolhead11, i'm almost out of ideas.  do you have access to the nodes ?
<koolhead11> yes
<koolhead11> manually added 100 mb zookeeper and pkg, still juju status giving same error
<Morrigand> Where can I find a guide of dir changes from 8.04 to11.10?
<zul> who is running the meeting today?
<Morrigand> It seems that apache config files have moved and I cant get drupal happy
<zul> ok not me
<pythonirc1011> My IT department runts its own Dropbox server (where one can drop and retrieve files from). Does anyone know what software I could use to run my own?
 * lynxman looks at the channel topic
 * koolhead11 plans to go home
<Daviey> smoser: no Actions from last week?
<smoser> i didn't think i did last week.
<smoser> i though tyou did.
<Daviey> smoser: my bad, it was jamespage
<Daviey> jamespage: no actions from last week?
<jamespage> Daviey: nope
<Daviey> great :)
<imperialwicket> can someone help me with how to disable default server responses in apache2?
<imperialwicket> default and default-ssl are disabled, and all my sites-enabled have explicit servername directives...
<imperialwicket> other than that, vanilla installation
<koolhead11> zul: let me know when you want me to test keystone thing
<tubuntu> high everybody
<tubuntu> anyone can help on openldap with lucid?
<tubuntu> i'm following the server guide
<tubuntu> but there is a pb when creating the backend, error: "ldap_add: Other (e.g., implementation specific) error (80)
<tubuntu> 	additional info: <olcModuleLoad> handler exited with 1"
<tubuntu> well ggling led me to consider i'm loading the module twice
<tubuntu> but when adding a frontend with  a test user admin ldap pass is not recognized
<uvirtbot> New bug: #855030 in nova "Encountering sporadic AMQPChannelException" [Critical,Fix committed] https://launchpad.net/bugs/855030
<tubuntu> debug log:
<tubuntu> slap_listener_activate(8):
<tubuntu> >>> slap_listener(ldap:///)
<tubuntu> connection_get(10): got connid=1000
<tubuntu> connection_read(10): checking for input on id=1000
<tubuntu> ber_get_next
<tubuntu> ber_get_next: tag 0x30 len 34 contents:
<tubuntu> op tag 0x60, time 1322584896
<tubuntu> ber_get_next
<tubuntu> conn=1000 op=0 do_bind
<tubuntu> ber_scanf fmt ({imt) ber:
<tubuntu> ber_scanf fmt (m}) ber:
<tubuntu> >>> dnPrettyNormal: <cn=admin,mydomain>
<tubuntu> conn=1000 op=0 do_bind: invalid dn (cn=admin,mydomain)
<tubuntu> send_ldap_result: conn=1000 op=0 p=3
<tubuntu> send_ldap_response: msgid=1 tag=97 err=34
<tubuntu> ber_flush2: 24 bytes to sd 10
<tubuntu> connection_get(10): got connid=1000
<tubuntu> connection_read(10): checking for input on id=1000
<tubuntu> ber_get_next
<tubuntu> ber_get_next on fd 10 failed errno=0 (Success)
<tubuntu> connection_close: conn=1000 sd=10
<urthmover> how do I get the pretty server information screen on a non ubuntu-server system?  What is the package called that shows ip, dish space etc. on the ubuntu-server command line?
<genii-around> !pastebin | tubuntu
<ubottu> tubuntu: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<tubuntu> ubottu: ok
<ubottu> You're welcome! But keep in mind I'm just a bot ;-)
<tubuntu> slapd log: http://paste.ubuntu.com/753823/
<tubuntu> why dn is invalid? is it because the admin user is not added yet?
<jdstrand> Daviey: sorry, no progress on keystone mir. doko had some comments to say about it though. I hope to get to my part this week
<Weisse> how do I make cron test if a script is executable before running it?
<Daviey> jdstrand: thanks
<SpamapS> Weisse: cron runs each line through a shell.. so    [ ! -x /usr/bin/foo ] || /usr/bin/foo
<Daviey> jamespage: not seeing anything like the errors here, http://pb.daviey.com/5yon/ on precise preseeded installs?
<adam_g> zul: did you have a cobbler bracnh around that has new methods for storing hw inventory related things?
<zul> adam_g: i have an untested patch
<adam_g> zul: can i peak?
<zul> sure
<jamespage> Daviey: hrm - I've not done one today
<jamespage> other than the standard ISO tests which kinda preseed
<zul> adam_g: i was going to add support for it but: http://people.canonical.com/~chucks/cobbler/
<SpamapS> I don't think I'll ever make it to a server team meeting at 1600 UTC when we're on standard time. 0800  - 0830 is the heart of chaos in this house. :-P
<adam_g> zul: ah, cool thanks
<zul> adam_g: if you want to do it thats ok as well
<adam_g> zul: i might.  i was going to start doing the client side stuff, wanted to get an idea of what needed to get added to the server for each bit.
<RoAkSoAx> Daviey: ping
<Daviey> RoAkSoAx: Hey sailor
<RoAkSoAx> Daviey: so I foudn this: http://pastebin.ubuntu.com/753850/
<zul> adam_g: if you want to do the client side stuff i can do the server side stuff. i just a list of flags needed to add
<RoAkSoAx> Daviey: but been testing it, and doesn't seem to be working
<Daviey> RoAkSoAx: oh dude
<Daviey> That is amazing.  Where did you find that?
<RoAkSoAx> Daviey: http://comments.gmane.org/gmane.network.etherboot.gpxe/1600
<Daviey> http://lists.ipxe.org/pipermail/ipxe-devel/2011-April/000592.html
<Daviey> Great!
<zul> Daviey RoAkSoAx: there is a patch floating around that adds better gpxe support to cobbler than what we have
<RoAkSoAx> Daviey: but doesn't seem to be working though, been trying to manually pass arguments and stuff but shows syntax error
<Daviey> zul: dig it out if you have it to hand.. note we don't care at all about gpxe.
<Daviey> RoAkSoAx: interesting.. So i tried grub-ipxe, and i got a syntax error from a default install.. so something is wonky
<Daviey> We need to fix that regardless
<RoAkSoAx> Daviey: that's weird, I didn't get syntax error on default install
<Daviey> I wonder if my dhcp was pushing out bad config then?
<Daviey> maybe
<RoAkSoAx> Daviey: maybe
<Daviey> RoAkSoAx: if we can get this working, i am so overjoyed you would not believe
<RoAkSoAx> lol
<zul> adam_g: do you have a list that you are gong to send to the server?
<ahs3> Daviey: hrm.  looks like you've got a pxe-kexec sponsor that's already uploaded the package to Debian...
<ahs3> Daviey: ...so you're in the NEW queue already
<adam_g> zul: not yet, no
<zul> adam_g: k cool send me the list when you do
<Daviey> ahs3: yeah \o/
<Daviey> ahs3: I hope you didn't spend time looking it over?
<hallyn> ahs3: long as we're talking sponsors :)  any more thoughts on netcf?
<ahs3> Daviey: fortunately, not yet.  so cool.  you're on your way.
<ahs3> hallyn: working on the upload right this minute, actually....
<Daviey> ahs3: That is great!  I did try to ping you a few times, but assumed you were away
<Daviey> thanks!
<smoser> Daviey, so this is moderately bad.
<smoser> where moderately is overly nice
<smoser> do we have any option to other than release noting "cloud images do not boot in recommended cloud or on recommended hypervisor"
<smoser> bug 897795
<uvirtbot> Launchpad bug 897795 in linux "-virtual kernel missing rtl8139 drivers" [High,In progress] https://launchpad.net/bugs/897795
<Gamoholic> I am having a problem setting up Ubuntu Server 11.10 x64 on an HP xw4400 workstation. Intel C2D, 3GB DDR3, Ati Radeon 5450, Corsair SSD. It installs perfectly, but won't boot after the install. It acts like it going to boot, but then the screen goes to sleep. When I try the recovery mode it goes to the screen, but it's like my keyboard is frozen, I can't do anything. Anyone have any idea
<Gamoholic> what could cause this? I haven't had much trouble with Ubuntu Server before.
<Gamoholic> oops, I meant DDR2
<zul> smoser: you are right that is kind of bad...and kind being on the high scale
<Daviey> smoser: To put into context, this is Alpha 1 right?
<smoser> yeah, people dont expect that to boot.
<smoser> but silly me did.
<smoser> is there any potential of getting that fixed though?
<Daviey> smoser: Would it make sense to push for a fix when A1 lands, and we defer cloud image release?
<Daviey> smoser: I'm really not sure it's worth asking for a kernel respin for A1 at this stage.
<utlemming> Daviey, smoser: we already have to do a respin of the images due to bug 897680
<uvirtbot> Launchpad bug 897680 in ubiquity "Precise Desktop 64Bit: libc6 fails to install if "install 3rd party software" is selected" [Critical,Fix released] https://launchpad.net/bugs/897680
<smoser> utlemming, wrong bug number ? what do i care about desktop install path for cloud images.
<Daviey> utlemming: erm, i mean a kernel build vs a respin
<smoser> Daviey, personally i dont tihnk its unreasonable to ask for a respin.
<smoser> https://launchpad.net/ubuntu/+source/linux
<smoser> shows that a new kernel hit the archive 23 hours ago.
<smoser> i found it didn't boot 1 hour ago.
<Daviey> ffs
<smoser> thats pretty good
<utlemming> smoser: we're installing the bad version of libc6 -- I matched the bad version of libc6 -- but the replication step comment #5 fails to match the cloud-images
<utlemming> so no repsin needed
<smoser> wait. surely we do not have libc-bin:i386 installed.
<smoser> in an amd64 image
<utlemming> noaXess, we don't
<utlemming> damn auto correct -- n.o. we don't
<zul> Daviey: what was that django app that i use as an example for dashboard?
<Daviey> zul: one example:
<Daviey> mumble-django - Mumble-Server web interface
<Daviey> python-django-mumble - Mumble-Server config application for Django
<zul> Daviey: thanks
<koolhead17> dashboard :)
<Corey> http://security.ubuntu.com/ubuntu/pool/universe/i/icinga/ <-- Hey, a package I want!  What do I need to have in sources.list to reflect this?
<Mhaddog> I need help setting up RAID on ubuntu server 11.10
<Mhaddog> it is showing my fake raid drive, but it is displaying it as read only
<pmatulis> Mhaddog: why bother with fakeraid?
<kees> Corey: you need to enable the "universe" repository
<Mhaddog> i eas doing soft RAID anf got no where...
<Mhaddog> actually I wanted soft raid... but apparently ubunut is not even seeying my drives...
<pmatulis> Mhaddog: start by entering your computer's bios, removing any raid config that may be present, and then disabling fakeraid, foreva
<Gamoholic> Never mind about my booting problem, hitting Ctrl-Alt-F1 fixed it
<pmatulis> Mhaddog: then install using sofware raid
<Mhaddog> I didi try that, I setup the sata as regular and got nothing, will ahci mode work? i didnt try it
<Mhaddog> let me reset it again and set it to ahci
<pmatulis> Mhaddog: are you sure you â   removed configuration AND â¡  disabled it ?
<Mhaddog> remove configuration, u mean kill the raid arrangement??
<pmatulis> Mhaddog: of course
<Mhaddog> done both....
<Mhaddog> ok I got 3 options, Ide mode, AHCI mode and RAID mode, what u suggest between IDE and AHCI ?
<pmatulis> Mhaddog: then what happens during the install, does the installer see all disks?
<Mhaddog> I will let you know
<Mhaddog> ok, review in ahci mode and raid disable
<Mhaddog> going into the installer...
<Mhaddog> @ installer
<Mhaddog> let me get to the parition part
<RoyK> anyone here ever setup MPI? on ubuntu?
<pmatulis> MPI?
<Mhaddog> I'm on the partition disks
<Mhaddog> got them.....
<Mhaddog> finally...
<pmatulis> Mhaddog: good work
<Mhaddog> ok so I setup a soft raid....
<Mhaddog> now
<pmatulis> in a manner of speaking, yes
<Mhaddog> swap at teh begining correct?
<pmatulis> anywhere will do
<pmatulis> what level of raid are you thinking of?
<Mhaddog> 5
<pmatulis> how many disks do you have?
<Mhaddog> ok it said that I only have one partition....
<Mhaddog> 3
<pmatulis> alright
<Mhaddog> I havent setup a raid 5, I always do a raid 1 or 0 in centos...
<Mhaddog> so, I'm a little lost in this installer....
<Mhaddog> do I need to parition them first before add them to the raid MD device?
<pmatulis> no
<Mhaddog> ok so it is only seeing one disk
<pmatulis> you said it saw all 3
<l0n> Mhaddog - are you sure you want to do software RAID 5, it may slow things down and if one disks fail, another could fail during the rebuild in which case you lose everything :/
<Mhaddog> i need the redundancy,
<Mhaddog> it is not a database server, just will be a file sharing/data dump one
<l0n> hmm, RAID 1 might be better, RAID 6 if you have another disk or just copy everything off daily to another drive
<Mhaddog> I though of raid 6, but disks are expensinve at this time, so I got two new ones and an a old boxed one....
<l0n> idd, are you sure you need RAID, are you really changing that much that often? Would a nightly manual backup be enough, that will also protect you against accidental deletion and make recovery easier if something goes wrong (no need to try and mount a sw RAID array in recovery mode)
<Mhaddog> yes, about 5K audio files per day
<Mhaddog> i will put a 1tb drive as an internal backup.... when I can get it out of my asterisk box
<l0n> fair enough sounds reasonable
<Mhaddog> we are talking about a good 15 to 20 gb per day more or less
<Mhaddog> so I think raid 5 is the most convenient one...
<Mhaddog> a little more speed than plain mirroring
<Mhaddog> and a little added redundancy
<l0n> I think writes will be slower because of parity calculations in sw but reads will be faster
<Mhaddog> ok this is strange, unles I make a parititon on the dirve, it does not let me select it for the RAID group (md device)
<hallyn> Daviey: so just to be clear, you did look at the etherboot+ipxe packages, and saw no problem?  I should just uplaod them as soon as soft freeze ends?
<l0n> Mhaddog - this might help (it gives you the general idea of how it works) : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/System_Administration_Guide/ch-software-raid.html
<Mhaddog> thx I know that one.... I think the fake raid left paritions in there... I'm dd on teh drives...
<Mhaddog> I cannot create ext partitions....
<Mhaddog> thx for your help
<Daviey> hallyn: I did have a look, but please let me have another
<Daviey> OTP right now
<l0n> np :)
<hallyn> Daviey: ok, no hurry (until monday :)  just checking to make sure i understood right.  (which i didn't :)
<Daviey> hallyn: I only sniffed it, not confident enough to upload it myself :)
<Daviey> hallyn: but hey, if you did it - i'm sure it's great
<hallyn> Daviey: you weren't watching cjwatson's msgs to me yesterday apparently.
<Daviey> hallyn: we live and learn, right? :)
<Daviey> If that is the worst thing you've ever done, you are in a better situation than me :)
<hallyn> Daviey: so we hope.  If I could make headway in these bugs i'm looking at, i'd spend somet time looking for dput wrappers to automatically show me debdiff against current archive version, etc.
<Daviey> hallyn: So i don't sign my uploads until i am happy with them to be uploaded.
<Daviey> hallyn: mkdir tmp ; cd tmp ; pull-lp-souce $PACKAGE ; cd .. ; debdiff tmp/*.dsc *.dsc | less
<hallyn> Daviey: yeah, i'll write my own if i want to, but i recall discussions from people about the wrappers they'd already written, and i figure they're checking for mistakes i haven't even dreamed of yet.
<hallyn> Daviey: I *was* happy with it :)  problem was my changelog convinced me i was in the right tree, but i hadn't freshly downloaded one.  which is why a script that always fetches it fresh and does a debdiff is in my future.
<Daviey> cool
<Mhaddog> I got lost
<koolhead17> Daviey: i can see gluster pkg for 11.10 http://download.gluster.com/pub/gluster/glusterfs/LATEST/Ubuntu/11.10/
<Daviey> koolhead17: right, it's been in Ubuntu for ages, including a hardy backport.
<koolhead17> so when installing gluster is said it means apt-get install gluster <from iur repo>
<koolhead17> got it
<Daviey> koolhead17: glusterfs is in the ubuntu archives
<zul> probably not the latest and greatest though
 * koolhead17 trying to find out who is doing pkging for gluster at http://download.gluster.com/pub/gluster/glusterfs/LATEST/Ubuntu/11.10/
<ertyiuy> hello
<ertyiuy> i m on TTY mode on ubuntu server
<ertyiuy> ubuntu lucid
<ertyiuy> how to select ?
<ertyiuy> anyone there ?
<Xelmep> I need help about counter strike server
<Pici> Xelmep: what sort of help?
<RoyK> nice - MPI running nicely - soon 136 cores in a cluster...
<Xelmep> Pici: I WANT IN MY VPS TO Install and run cs server
<Xelmep> can you help me how to install and run
<Xelmep> then to connect slients from other pc-s
<jMCg> Xelmep: go to the control panel, click on the Install-and-run CS Server button. Done
<Xelmep> i have access only with SSH and Webmin
<Xelmep> jMCg: i have access only with SSH and Webmin
<Pici> Xelmep: the linux steps here should help, as well as the external links: https://developer.valvesoftware.com/wiki/Dedicated_server
<Xelmep> thanks Pici
<Xelmep> i will try to do it now
<Xelmep> tell me after install i will need to create stages to server
<Xelmep> ?
<Xelmep> or i will need to connect then to create
<Xelmep> ?
<Pici> Xelmep: stages?
<Xelmep> yes
<Xelmep> stasis
<Pici> Xelmep: I don't know what you mean.
<Xelmep> pici: if you want to play a game you need to create game and select stasis
<Xelmep> understand me
<Xelmep> ?
<Pici> Xelmep: If you are asking how to administrate the game once you have gotten it running, then you'll need to look at Valve's documentation.
<zul> jdstrand: i uploaded a fix python-keystoneclient
<jdstrand> zul: ack
<zul> robbiew: ping http://lists.linuxfoundation.org/pipermail/virtualization/2011-November/018995.html
<zul> Daviey: ^^^
<robbiew> zul: interesting
<robbiew> so they have it for A15 (which I don't care about atm)...but also ARMv7?
<zul> robbiew: i dunno maybe its a project for someone to try
 * robbiew posts to #ubuntu-arm
<Daviey> zul: nice find
<robbiew> Daviey: rbasak is back next week...maybe something we can throw at him
<robbiew> keep him busy ;)
<Daviey> robbiew: works for me :)
<Daviey> robbiew: You'll provide some ARM hardware with virt extensions?
<robbiew> absolutely....top of my list
<Daviey> lol
<chudapati09_> I'm having some issues setting up a mail server, is this the right channel to look for help?
<Daviey> chudapati09_: yes!
<robbiew> zul: are you familiar with http://xen.org/products/xen_arm.html
<robbiew> Samsung's efforts?
<zul> robbiew: no im not
<chudapati09_> Daviey: okay wonderfully. I'm building a web server to host multiple websites. I got everything working except the mail server. I'm using linode to host my vps and I've been following their tutorials. Here is the link I've been following, http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid. I got up to the part where it tells me to restart dovecot, so I tried "service dovecot restart". But then I ge
<Daviey> chudapati09_: you were cut off after "But then i ge"
<Daviey> chudapati09_: try, sudo /etc/init.d/dovecot restart
<chudapati09_> Daviey: But then I get this "restart: Unknown instance:". i'm doing all this as root. I tried to start dovecot and it worked. but then I did "service dovecot status", and I get this "dovecot stop/waiting"
<chudapati09_> Daviey: when I try to get the status for it I get "dovecot stop/waiting"
<Daviey> chudapati09_: then try 'start' :)
<Daviey> rather than restart
<chudapati09_> Daviey: Same thing
<chudapati09_> happens.
<hallyn> zul: are you around?
<hallyn> zul: seems i don't have upload perms to qemu-kvm-spice.  Would you mind pushing http://people.canonical.com/~serge/qemu-spice.debdiff  ?
<zul> hallyn: almost eoding
<hallyn> ok
<hallyn> RoAkSoAx, ^  ?  pretty please? :)
<RoAkSoAx> hallyn: sure
<hallyn> RoAkSoAx, thanks!
<ewook> chudapati09_: did you try /etc/init.d/dovecot restart ?
<Datz> Hi, I'd like to have the server stats that are displayed in my ubuntu server box on log in, also displayed in my desktop box. Am I able to just copy /etc/motd/ contents to the desktop from the server?
<chudapati09_> ewook: I get this message, "dovecot start/running, process 4664", I'm assuming that's a good sign. But when I do "/etc/init.d/dovecot status", I get "dovecot stop/waiting"
<Datz> oh I see it's a symbolic link..
<RoAkSoAx> hallyn: done
<hallyn> RoAkSoAx, thx
<RoAkSoAx> welcome ;)
<wiredfool1> I've got a master/spare db system where the master is contacted on a fixed ip address that's brought up on whatever machine is the master at that point. Last night, 1/2 hour after switching the ip addresses, I got an arpwatch notification that it had gone back. There were (new) established connections to the master ip, but the ip wasn't in ifconfig.   I've seen it happen once more since then. I'm really not sure why I'm getting the arps are happeni
<wiredfool1> the (old) master is 8.04, spare is 10.04
<alamar> your question got cut off on " the arps are happeni"
<wiredfool1>  I'm really not sure why I'm getting the arps are happening, or why the connections are being accepted on the spare.
<alamar> what do you use for migrating the ip addresses etc?
<wiredfool1> ifup, ifdown, this time manually
<alamar> do you use a cluster suite with RAs (like pacemaker)
<wiredfool1> nothing automatic
<alamar> so ip addr show does NOT show the address on the slavenode BUT there ARE active connections to that address on the slave node?
<wiredfool1> yes, for slave == old master
<wiredfool1> as reported by netstat -an.
<alamar> could you please verify with "ip addr show"?
<wiredfool1> http://pastie.org/2941346
<wiredfool1> http://pastie.org/2941352
<wiredfool1> that one with ip addr show
<wiredfool1> is ifconfig lying?
<alamar> could you also do a "ip link show" please
<wiredfool1> http://pastie.org/2941366
<alamar> i meant, ip link show up
<alamar> sorry
<wiredfool1> http://pastie.org/2941371
<alamar> well everything should be fine, but to be sure you could try deleting the address from the interface completely
<alamar> but I agree there should'nt be established connections to that address on that host
<alamar> shouldn'T
<wiredfool1> ifconqq
<wiredfool1> I've never seen this before.
<wiredfool1> it's not wanting to delete the address, it's just silently failing
<alamar> how do you try to delete the address?
<wiredfool1> sudo ifconfig eth1 del 10.0.0.25 netmask 255.255.255.0
<wiredfool1> with and w/o the netmask
<alamar> try sudo ip addr del 10.0.0.25/24 dev eth1
<alamar> maybe this is more verbose
<wiredfool1> is ip a replacement for ifconfig?
<wiredfool1> that does seem to work
<alamar> ifconfig is "kind of obsolete" in the sense that it uses an obsolete kernel interface to the networking code
<alamar> (it uses interface aliases eth0:1 etc. for "emulating" multiple ip addresses etc.)
<wiredfool1> ah
<alamar> iproute2 (that's the package ip comes with) is more modern and has way more options
<alamar> (a lot of it is advanced stuff a lot of people never have to deal with like policy routing)
<alamar> wiredfool1: did this kill the "ghost" sessions?
<wiredfool1> I actually killed them off a while ago, I'm just trying to figure out why right now so it doesn't happen again just after I go to bed tonight.
<alamar> well by deleting the address this should ensure that. but it would be interesting why you had connections running over an interface that's in down state
<alamar> maybe it's related to ifconfig not working correctly.
<wiredfool1> I don't know. The config on _this_ machine has been stable for O(years)
<wiredfool1> the other of the pair was upgraded to lucid last week
<wiredfool1> this was the first failover since then
<wiredfool1> only thing I can think is that there's some kvm stuff in there that's not being used
<wiredfool1> but it's been that way for a while
<wiredfool1> but it happened with the virbridge disabled as well
<hallyn> robbiew, jinkeys, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-libvirt  is still not showing up in status.ubuntu.com?
<hikenboot> I like that even though ubuntu-server can be run as a hypervisor with no need for a desktop, but i also like that I can install a light weight desktop environment such as xfce4
<hikenboot> so i can manage my server in a gui as well as a command line...its the only type 1 hypervisor I know of besides kvm that can be managed that way
<hikenboot> is there any management gui for the hypervisor in ubnuntu that works on windows? I have my admin station running windows do to some requirements that my outfit has
<Daviey> hallyn / ahs3: i spy netcf in Debian NEW queue
<Daviey> \o/
#ubuntu-server 2011-11-30
<Daviey> hallyn: I think it should show now, the blueprint
<hallyn> Daviey, not yet, assume a script needs to re-run?
<Daviey> hallyn: cron
<hallyn> Daviey, yeah, netcf got into NEW - thanks ahs3!
<Daviey> hallyn: if it's not there in my morning, i'll dig deeper
<hallyn> next we need to sync it and then get it into main :)
<hallyn> Daviey, ok
<Daviey> hallyn: I think the issue with the blueprint is that, no series was set.
<Daviey> hallyn: If it happens to be in Debian tomorrow morning, i'll sync it over.
<Daviey> (unlikely, based on the size of the queue IMO)
<Daviey> right!
<Daviey> bed
<hallyn> night :)
<ahs3> hallyn: np :)
<osmosis> any way to shrink unused space in a qcow2 file?
<zul> truncate maybe?
<twb`> osmosis: unused as in the guest's fs driver considers it unused?
<twb`> Because obviously in that case it will still contain non-zero data
<osmosis> qcow2 file grew large, but the files have since been deleted from the ext3 partition. The qcow2 file already grew large though. I want to shrink it.
<l0n> one way to do is to create a new qcow2 file and then copy everything across
<twb`> osmosis: zerofree is the least worst thing
<twb`> l0n: he'd need to provision a new fs on the new qcow2 from within the guest
<osmosis> thats a local utility to run on the ext3 partition?
<twb`> osmosis: as far as the qcow2 layer is concerned that contains valid data that it can't delete
<l0n> na create a new qcow2 file, attach to guest and then dd everything
<twb`> l0n: dd will copy the unallocated but non-zero blocks, forcing qcow2 to allocate them
<osmosis> maybe i can use this: http://libguestfs.org/virt-resize.1.html
<l0n> yeah ok true, in that case, use a new file but format it then copy manually
<l0n> would have to dd bootsector
<twb`> The *right* solution would be for qemu to allow the guest to signal that the blocks are no longer needed, i.e. an -o discard (ATA TRIM) behaviour
<twb`> l0n: right re MBR/PBR area
<osmosis> http://mindref.blogspot.com/2011/07/shrink-qcow2.html   says   qemu-img convert -O qcow2 w2k3.qcow2  w2k3-shrinked.qcow2
<osmosis> twb`, THAT would be cool
<twb`> osmosis: I think that (the qemu-img convert line)  will not be particularly helpful in your case
<l0n> alternatively, apparently you fill the unused space with zeros then run 'qemu-img convert -c' which compresses it
<osmosis> twb`, even if I have the free space zero'd ?
<twb`> Right, if you can zero the unused blocks, *then* make a new qcow2 using qemu-img, that should reduce its size
<osmosis> if im just going to make a new qcow2 and rsync the data over, i wouldnt even bother zeroing the old image.
<twb`> However this will increase the host's file size to 100% of the provisioned size during that transition, not to mention the space for  the new copy of the filesystem
<twb`> osmosis: right if you're rsyncing the data over you don't need that, but you DO need to be careful not to lose data re e.g. the selinux context, the bootloader, hard links, sparse files, etc. etc.
<osmosis> rsync -PSHAVz works.  Just need to make sure I get  /boot parition, /dev /sys /proc setup correctly.
<osmosis> ugh, too bad I cant just run a 'shrink' cmd
<osmosis> maybe zero's the blocks is easier
<twb`> osmosis: I don't have an easy answer, sorry
<twb`> osmosis: good luck!
<osmosis> Thank you
<Datz> Hi, I'd like to have the server stats that are displayed in my ubuntu server box on log in, also displayed in my desktop box.  I'm guessing I could just copy some stuff in /etc/motd/ ?
<twb`> Datz: /etc/motd.d or /etc/update-motd.d contains scripts that generate the motd in some whizzo magical fashion
 * Datz likes magic
<Datz> often times I can't reproduce magic though
<twb`> Datz: IIRC byobu pulls in some good examples from some obscure non-obvious package like unattended-upgrades-common or something
<Datz> humm
<twb`> I have a grudge against update-motd because it was introduced very late in a Debian release cycle and broke things for me
<Datz> double humm
<Datz> well thanks twb`, I'll look into these things
<twb`> Or you could just put it in ~/.profile or so
<dustin_> hey guys I am new to using 11.10 server had an old box with 8.04 for a while but decided to update the software with moving to a VM, for some reason I cant seem to get drupal happy with apache2 and I cant seem to find the location of the apache config files
<Datz> maybe I'll just copy the output from my ubuntu-server and put it in motd.tail and pretend it's updating
<twb`> dustin_: /etc/apache2/
<twb`> Datz: hehe
<dustin_> ty twb
<Datz> twb`: any reason I wouldn't have such a dir /etc/motd.d/ on my ubuntu server?
<twb`> Datz: because you haven't installed it
<twb`> Look, you've forced me to do this
<twb`> # dpkg -S /etc/update-motd.d/ ==> base-files, update-manager-core, update-notifier-common: /etc/update-motd.d
<Datz> o_o
<Datz> well thanks most helpful sir
<twb`> # aptitude why update-notifier-common ==> i byobu Recommends update-notifier-common
<twb`> 12:34 <twb`> Datz: IIRC byobu pulls in some good examples from some obscure non-obvious package like unattended-upgrades-common or something
<twb`> If you're talking about a different file that's on your desktop, use dpkg -S to find out what package provides it, then install that on your server
<Datz> I now understand what you said!
<twb`> OK :-)
<Datz> thanks!
<arrrghhh> hey all.  i thought there was some apt-get search tool but i can't find it
<arrrghhh> aptitude search leaves a lot to be desired
<arrrghhh> how can i get information about a package?
<twb`> aptitude search will only look at package names by default; apt-cache search looks at name and description.
<arrrghhh> apt-cache, that's it
<twb`> Personally I would suggest aptitude search ~G to look at debtags
<arrrghhh> i was looking for apt-get cache
<arrrghhh> ok
<arrrghhh> sudo aptitude search ~G pms-linux
<arrrghhh> like that?
<twb`> No, like aptitude search ~Gncurses~Guse::browsing
<twb`> Of course this assumes debtags are set up and installed and so on
<arrrghhh> hrm
<arrrghhh> all i really want to know is the version that's on the repo
<arrrghhh> none of these seem to show that
<arrrghhh> i thought apt-cache search did
<arrrghhh> but it isn't...
<twb`> What are you actually trying to do?
<arrrghhh> trying to find the version of an app on the repo
<twb`> apt-cache policy <package name>
<arrrghhh> policy... ok
<arrrghhh> ah, that did it
<arrrghhh> never would've guessed that was it...
<arrrghhh> thanks twb`
<auston> I'm having problem with internet access from client connected to eth1 and eth0 direct to router
<arrrghhh> auston, yes...?
<twb`> auston: either you forgot to NAT or you forgot to ip_forward
<auston> how to do that?
<twb`> magic
<twb`> Sorry I can't be bothered holding your hand just now
<arrrghhh> lol
<arrrghhh> auston, this might help or hurt.  not sure which
<arrrghhh> https://help.ubuntu.com/community/Internet/ConnectionSharing
<auston> Thanks. I'll try it out first.
<uvirtbot> New bug: #896481 in euca2ools "Euca-unbundle is broken in 11.10" [Medium,Confirmed] https://launchpad.net/bugs/896481
<uvirtbot> New bug: #898004 in bind9 (main) "post installation script fails with exit status 1" [Undecided,New] https://launchpad.net/bugs/898004
<auston> Can I use the server for DNS and firewall together?
<arrrghhh> sure
<qman__> yes
<qman__> you need only add a firewall rule to permit DNS queries
<auston> thanks.
<auston> I got message asking me whether to install kernel while installing ubuntu server 11.10
<smoser> jamespage, when you wake up, we would like to have 20111130 cloud-images tested
<auston> how to change primary NIC?
<auston> I have 2 NICs installed.
<twb> auston: define "primary"
<ipl31> question regarding orchestra/cobbler, do the settings in the cobbler ui for vlan and bonding work with Ubuntu?
<auston> how to do that? What command should I type in?
<twb> auston: I'm asking you to define *to me*, in Enlish, what you think "primary" means
<twb> *English
<twb> auston: because the answer depends on what you're actually trying to do, and I can't guess
<SpamapS> ipl31: look through the pre-seeds / kickstarts ... if the variables aren't used there or in the snippets, then no.
<auston> I have no idea how to define the "primary"
<twb> auston: OK, how about you describe what the problem is that you're trying to fix
<auston> I have installed 2 NICs on the server, only eth0 configured with ip and able to access internet. If i plug-in the LAN cable to eth1, there's no internet access.
<twb> And you want it to work regardless of which is plugged in?
<twb> Or do you just want it to work for eth1 and not care about eth0?
<Daviey> Goooooooooooooooooooood morning.
<auston> The usage is eth0 will able to access internet and eth1 for DHCP to client
<twb> auston: so "connection sharing"?
<auston> yes.
<twb> OK.
<twb> Have you read https://help.ubuntu.com/community/Internet/ConnectionSharing ?
<twb> The short versions is: statically configure eth1; set up MASQUERADE (and perhaps a firewall); enable ip_forward; set up a DHCP server listening on eth1.
<auston> Yes. I have read it. Is working. Now, I'm setting another server exactly the same function but will add-in DHCP, DNS and firewall.
<twb> Ah, OK
<twb> If you are prepared to learn how to do firewalling by hand, #netfilter is the best place to talk about that.  As to DHCP and DNS, dnsmasq is a quick and lightweight way to have both -- or you could set up ISC dhcpd and unbound/bind for DNS
<twb> The Ubuntu Server Guide is also a good reference for all of the above
<auston> Ok, I'll try out the dnsmasq.
<auston> how to install dnsmasq?
<ipl31> SpamapS: thanks
<RoyK> !dnsmasq
<RoyK> auston: google for it...
<twb> auston: apt-get install dnsmasq
<auston> i got msg "E: unable to locate package dnsmasq
<ipl31> ok so it looks like for advanced networking with orchestra I will need to write some shell script snippets for the post command
<auston> I managed to install dnsmasq finally :)
<koolhead11> hi all
<jamespage> morning all
<jamespage> hi koolhead11!
<koolhead11> hello jamespage
<auston> hello
<auston> Wat should I do to configure DHCP and DNS after installed dnsmasq?
<lynxman> morning o/
<lynxman> jamespage: morning good sir
<lynxman> koolhead11: ello! :)
<koolhead11> hello lynxman :)
<jamespage> morning lynxman
<koolhead11> lynxman: ^^^^Nagios configuration for Orchestra ^^^^
<lynxman> koolhead11: are you watching my commits? lol
<koolhead11> lynxman: subscribed to orchestra :D
<lynxman> koolhead11: aaah ;)
<SteeveFMX> Bonjours
<koolhead11> ttx: that mail was encouraging!! :)
<ttx> koolhead11: I happen to know both sides of the fence quite well.
<ttx> and I learned to understand the value of the fence.
<koolhead11> ttx: :)
<koolhead11> ttx: https://bugs.launchpad.net/horizon/+bug/888385  Does that mean the bug will be fixed-released with essex?
<uvirtbot> Launchpad bug 888385 in horizon "Failure when installing Dashboard - python tools/install_venv.py" [High,Confirmed]
<ttx> dunno, they targeted the fix for E2, so they indicarted that they will fix it soon
<koolhead11> ttx: https://bugs.launchpad.net/horizon/+bug/897882  solves #888385
<uvirtbot> Launchpad bug 897882 in quantum "Command 'egg' not found for quantum when running install_venv.py" [Undecided,New]
<koolhead11> as am not getting same error after modifying my pip-requires with quantum path change :D
 * koolhead11 adding comment to the bug
<koolhead11> with 1 line patch :P
<Ursinha> good morning :)
<lynxman> Ursinha: bom dia!
<koolhead11> ttx: done :D
<koolhead11> hola Ursinha
<Ursinha> lynxman: :D
<Ursinha> koolhead11: hola :)
<koolhead11> Ursinha: am awesome, how have you been?
<Ursinha> koolhead11: great :D
<koolhead11> awesome!! :D
<uvirtbot> New bug: #898124 in libapache2-mod-perl2 (main) "Missing Files for Apache2::SizeLimit in libapache2-mod-perl2 (2.0.5-2 oneiric)" [Undecided,New] https://launchpad.net/bugs/898124
<honey_> is there any body who can tell me on how to configure the apache on greenstone software on ubuntu?
<honey_> is there any body who can tell me on how to configure the apache on greenstone software on ubuntu?
<RoyK> greenstone?
<honey_> specialy on assigning the server name
<jetole> Does anyone know how I can configure the dhcp client to provide a static "search" for domains in resolv.conf regardless of what the dhcp server tells it?
<ikonia> jetole: there are ignore options for dhclient
<honey_> Royk:it is a software tha can be use for digital libarary
<jetole> ikonia: well thats useful but is there a way for me to configure certain things for resolv.conf so if it ever gets changed then the client would restore it?
<RoyK> honey_: dunno about greenstone, really, but do you just need to configure an apache virtualhost?
<honey_> Royk:yeah i know it it is open source and what i need is i would like to tell the adress and assighn the name of server
<honey_> that means  configure an apache virtualhost
<ikonia> jetole: yes, there are options to ignore certain options that are given from the dhcp server
<RoyK> honey_: lemme check
<honey_> Royk:ok
<nocturn> Hi
<nocturn> I installed Ubuntu server on a datacenter host and want to set up KVM networking
<nocturn> internal network is ok, but one of the hosts needs an external IP.  What settings would I need for that?  I tried over virbr0 but that doesn't work
<nocturn> Server is running 11.10
<derdoktor> hi nocturn, "virbr0"? seems you are using libvirt. perhaps virt-manager
<nocturn> derdoktor: yes, I used virtmanager
<nocturn> the NAT networking is already working well
<nocturn> just want to give one VM two interfaces, one natted, another a public IP
<derdoktor> have you tried bridge-utils?
<derdoktor> take a look at https://help.ubuntu.com/community/KVM/Networking
<derdoktor> the bridge-utils supply with a virtual network switch
<smoser> jamespage, ping
<jamespage> smoser: pong
<smoser> did you start some tests ?
<jamespage> smoser: not yet
<jamespage> smoser: waiting for some firewall access outbound to be fixed up
<smoser> jamespage, thats fine. just curious, i would lok for them at https://jenkins.qa.ubuntu.com/job/precise-server-ec2 ?
<nocturn> derdoktor: do I need to create a second bridge?
<jamespage> smoser: yes but we have not run it yet so its not been publised
<smoser> right.
<nocturn> have read that page, but didn't find my answer
<derdoktor> i dont think so
<smoser> jamespage, so... i guesssed the 'precise' based on browser history with https://jenkins.qa.ubuntu.com/job/oneiric-server-ec2/
<smoser> but that url is also empty, as are all my other history urls... many of which i had supposed were semi-permenant and placed links to them in bugs and such.
<zul> good morning
<smoser> s/supposed/assumed/
<jamespage> smoser: hmm - looks like someone tidied up
 * smoser remembers to never AssUMe
<smoser> jamespage, utlemming 20111130 and 20111129.2 have the same manifest contents. utlemming had requested 1129.2, i requested 1130. it doesn't really matter but for some reason i like builds without the .X on them. it hides the fact that we scrambled :)
<jamespage> RoAkSoAx, ping
<koolhead11> hola smoser
<smoser> hey.
<smoser> how goes life ?
<koolhead11> smoser: i have yet not tried solution u asked me to look at, was still doing R&D with my own server image. seems like finally i will look at the wiki :D
<smoser> i'm not following. i dont think.
<koolhead11> smoser: i meant https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward :D
<ttx> mdeslaur, jdstrand: would love to see your opinion on http://fnords.wordpress.com/2011/11/30/improving-nova-privilege-escalation-model-part-3/
<ttx> (as well as anyone else with a white hat or a python in their closet)
<mdeslaur> ttx: sure, I'll take a look a little later when I have a few minutes
<smoser> ah. ok.
<ttx> mdeslaur: thanks !
<koolhead11> ttx: seems like finally openstack project too got attacked by trolls :D
<RoAkSoAx> jamespage pong
<jamespage> RoAkSoAx, hey
<RoAkSoAx> jamespage howdy
<ttx> koolhead11: trolls ? where ?
<jamespage> I think that powernap is causing a few issues with the dell hardwre we have in the lab
<jamespage> See https://launchpad.net/bugs/898127
<uvirtbot> Launchpad bug 898127 in linux "system hangs and errors at /build/buildd/linux-3.2.0/arch/x86/kernel/apic/ipi.c:113 default_send_IPI_mask_logical+0xdc/0xf0()" [Undecided,Confirmed]
<jamespage> I updated the preseed jibel was using to disable the CPU scaling stuff and the problem went away
<jamespage> RoAkSoAx: how would you feel about disabling the CPU management by default?
<jamespage> at least until we can ID what the problem is with this specific hardware....
<RoAkSoAx> jamespage i thought i did that already
<jamespage> RoAkSoAx, interesting - this was on precise
<RoAkSoAx> jamespage: I guess I didn't :)
<RoAkSoAx> jamespage: yeah the cpu_online script will be turned off by default for now
<RoAkSoAx> jamespage: thought, can you manually try to turn on half of the cores and see what's the result of doing so?
<jamespage> RoAkSoAx, TBH we don't really get the change - the server freezes straight away
<jamespage> I saw similar on oneiric
<RoAkSoAx> jamespage: yeah it seems to be an issue that started with 3.0
<RoAkSoAx> jamespage: but can you manually remove half of the cores? or juts 1 to see if the problem persists
<RoAkSoAx> jamespage: it is just for general testing though
<jamespage> RoAkSoAx: I'll see what we can do
<RoAkSoAx> jamespage: in reality, i wanna see if this is being caused by turning off *all* but 1 core, or by turning off even 1 single core
<Daviey> RoAkSoAx: I have ipxe doing our bidding, with a hard coded next-server..
<RoAkSoAx> Daviey: yeah but that's not what we want, right?
<Daviey> RoAkSoAx: that is /exactly/ what we want
<Daviey> (as an option)
<Daviey> RoAkSoAx: fancy a hangout in 30 mins or so?
<RoAkSoAx> Daviey: give me a sec
<RoAkSoAx> Daviey: but pastebin what you did :)
<Daviey> RoAkSoAx: is going to be easier screensharing i think
<zul> yes the peanut gallery wants to see what you did (talking about myself)
<ikonia> Daviey: I've re-done the dovecot package that failed in 11.10 with the current 12.04 build, I'm rusty on process, who do I submit this to for review
<Ursinha> Daviey: I reproduced the glance bug
<Ursinha> upgrading natty to oneiric is enough
<Daviey> ikonia: Great, have you done it via bzr or flat packaging?
<ikonia> Daviey: local only here on a test box, I can upload into bzr, just wasn't sure of the process, hence asking
<ikonia> it's been a while since I submitted stuff
<Daviey> ikonia: Okay, is this to fix the precise package, or oneiric?
<ikonia> precise, once that's ok, I'm going to try (but it looks like it's not worth it) to bring the versions up as a back port for oneiric
<ikonia> one thing at a time though
<Daviey> ikonia: okay, as it's not currently in bzr; it's probably going to be better to use debdiff.
<Daviey> So grab the current precise package, pull-lp-source $package precise ; debdiff current-precise.dsc your-package.dsc
<Daviey> > your-package.debdiff
<RoAkSoAx> Daviey: im ready
<ikonia> so I just submit the patch, I don't need to worry about the package
<ikonia> great
<Daviey> If you then want to pastebin what you have, we'll take a quick look.. ?
<ikonia> thank you
<Daviey> RoAkSoAx: I have another call starting right now
<ikonia> I shall once I've done the process, on the wrong box here
<Daviey> ikonia: yep, the patch is what matters more
<RoAkSoAx> Daviey: plop :)
<iclebyte> is there an isc-dhcpd channel on freenode?
<koolhead11> iclebyte: what is your issue?
<koolhead11> dhcp related?
<iclebyte> we are trialing a new fibre deployment. we need to give out IP's from a pool based on the agent.remote-id and agent.circuit-id values - we have class matching working using 'options host-name' but we can't seem to find the correct agent.remote-id values. is there a way to tell bind to log them to syslog?
<capeta> how can i do to prevent a package from being installed/updated ?
<Daviey> adam_g: around?
<Ursinha> Daviey: so, glance package has a bug, I could reproduce it
<Ursinha> Daviey: with whom should I talk to about it? I know where it's failing but not sure what should be the correct behaviour there
<Ursinha> bug 883988
<uvirtbot> Launchpad bug 883988 in glance "package glance 2011.3-0ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [High,Confirmed] https://launchpad.net/bugs/883988
<Ursinha> Daviey: hello :)
<Daviey> hello
<Daviey> Ursinha: you are seeing that same issue?
<Daviey> zul: ^^ did you see that?
<Ursinha> Daviey: yes
<Ursinha> Daviey: problem is when glance is running postinstall script, and it tries to migrate the glance db
<Ursinha> the migration script tries to create tables that the sqlite db already have
<Ursinha> so it breaks
<Daviey> :(
<Daviey> Ursinha: this is probably one for zul..
<Daviey> Ursinha: is this clean install or upgrade from oneiric to precise?
<Ursinha> Daviey: steps: installed natty, apt-get update/upgrade, installed glance, dist-upgraded to oneiric
<Daviey> ah
<Daviey> Ursinha: lets see zul's comments when he returns
<Ursinha> Daviey: that's the same scenario of the dupes I've spotted
<Ursinha> I marked them all as dupes then
<Ursinha> Daviey: so, is it reasonable to create an oneiric task for that bug?
<Ursinha> I think so
<Daviey> Ursinha: yes please!
<Ursinha> :)
<zul> Daviey: gah...k
<zul> Daviey Urisinha: havent seen it recently but ill try to put some logic in the packaging
<Daviey> zul: i understood that the upgrade process wasn't safe for glance
<Daviey> it was different to nova
<zul> Daviey: maybe it got fixed
<Daviey> oh
<Ursinha> Urisinha is new... have to add to hilight list :P
<zul> Ursinha: heh cloud is not so fluffy sometimes
<Ursinha> anyway we'll need to SRU that, right?
<Ursinha> if it's fixed, I wonder why the bug isn't indicating that... do you know zul?
<zul> Ursinha: im double checking
<zul> Ursinha: it should be
<Ursinha> zul: by fixed you mean what?
<Ursinha> upstream fixed? packaged and uploaded somewhere?
<zul> Ursinha: sorry upstream fixed
<Ursinha> how do we indicate that in the bug?
<zul> Ursinha: good question :)
<zul> Ursinha: i usually say "This should be fixed in the new release of Essex please test and re-open if this is not the case"
<Ursinha> zul: so, what we need to do to fix it in ubuntu? bring the fix/package? I have no idea how this works, so, sorry the silly question :)
<zul> Ursinha: now worries we will have to nail down the bug but going through the upstream fix and backport it, its might be fixed in the release ill be doing for oneiric as soon as we get through the paperwork for doing a stable release for glance
<zul> Ursinha: ill take care of it
<Ursinha> zul: okay :) I'll find something else to try fixing then :)
<zul> Ursinha: i would start with something small
<adam_g> Daviey: here
<Ursinha> Daviey: point me something small
<Daviey> adam_g: hey, can't really do it right now - hoped to have a catch up
<Daviey> Ursinha: something small... my will to live? :)
<Ursinha> Daviey: man... shut up
<Ursinha> haha
<Daviey> Ursinha: so, bug 894754 isn't too bad
<uvirtbot> Launchpad bug 894754 in openvswitch "openvswitch_mod module not found" [Medium,Triaged] https://launchpad.net/bugs/894754
<Daviey> The Depends are not right, which isn't pulling in the -dkms package when needed
<hallyn> drat, there was jsut a very tiny bug (in terms of fix) in qemu-kvm, i almost asked here if anyone wanted to do it
<hallyn> (but didn't)
<Ursinha> :)
<Ursinha> Daviey: so... just adding the dependency should fix it?
<Ursinha> hallyn: is the bug there yet? :P
<hallyn> sorry, what do you mean?
<hallyn> the fix?
<hallyn> if so, yeah, i posted the debdiff on the bug (bc we're in freeze so i didn't want to push it :)
<hallyn> but i bet there are other bitsize ones in the virt stack we can find if you're bored after the vswitch one :)
 * hallyn goes to try a change to compiz, we'll see if i get dropped :)
<Daviey> hallyn: Are you free to help Ursinha with the openvswitch one if she needs it?
<Ursinha> hallyn: the small bug you mentioned
<Ursinha> if it's available to be fixed
<Ursinha> okay :)
<hallyn> Daviey, Ursinha: yeah, it's lunchtime now, but i can help with the openvswitch one in a bit if you like
<Ursinha> hallyn: I'd love to :)
<Ursinha> thanks!
<Daviey> hallyn: thanks
<Ursinha> Daviey: I think I can't add a distrotask
<Ursinha> ?
<Ursinha> release task?
<Ursinha> I forgot how to call that
<Daviey> Ursinha: go for it :)
<koolhead17> Daviey: you have sometime today for sqlite bug fix. :)
<philipsmatto> hi guys, can you help me to configure iptables well, please?
<Resistance> philipsmatto, define "configure well"
<Resistance> because what I'd call a decent configuration and set of rules another would call it crap
<Resistance> as well, the confiugration is dependent on what exactly you want it to do
<Resistance> i.e. what you want allowed, what you want to block, etc.
<philipsmatto> okok excuse me, i have small LAMP server that i must use for webserver
<philipsmatto> i
<philipsmatto> would like
<philipsmatto> that my server will + secure
<Daviey> koolhead17: I do not today, but maybe someone else can helo?
<Daviey> smoser: ^^?
<philipsmatto> now iptables is defoul
<Resistance> !enter | philipsmatto
<ubottu> philipsmatto: Please try to keep your questions/responses on one line. Don't use the "Enter" key as punctuation!
<Resistance> hmm
<philipsmatto> ok excuse me
<Resistance> philipsmatto, whats your primary language?  english?
<Resistance> or something else
<smoser> Daviey, sure. whats up koolhead17 ?
 * Resistance doesnt think its english but isnt sure
<philipsmatto> true
<philipsmatto> i'm italian
<Resistance> ah
<Resistance> explains the english then
<koolhead17> smoser: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/875262
<uvirtbot> Launchpad bug 875262 in php5 "PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626+lfs/sqlite.so'" [High,Confirmed]
<Resistance> philipsmatto, what i do with *just web servers* is i block all external traffic that is not coming in on the ports necessary for the web server
<Resistance> philipsmatto, for instance, ports 80 and 443 are opened, but not much else.
<koolhead17> i worked on this and tried few things. last time Daviey suggested we can work on it with screen as even am new to it. :)
<Resistance> as well, ssh is open on a nonstandard port because my servers are offsite
<Resistance> but not much else is opened to the world
<smoser> oh.. shoot. i dont really have time for that right now, as i'd have to even come up to speed on that bug.
<uvirtbot> New bug: #898289 in open-vm-tools (multiverse) "open-vm-dkms 2011.07.19-450511-0ubuntu2: open-vm-tools kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/898289
<Resistance> philipsmatto, there's about ten thousand different "good configurations" but for basic yet somewhat secure, you can block all traffic except for that you identify
<Resistance> as okay
<Resistance> aw crud, stupid enter key... >.>
<koolhead17> smoser: ok.
<Resistance> philipsmatto, is this a VPS or an actual Ubuntu box you own?
<Daviey> smoser: thanks anyway
<philipsmatto> i have one server at home, it's a old pc
<Resistance> ok
<Resistance> philipsmatto, give me about a minute
<Resistance> so i can write up the list of stuff you'd need to execute for iptables
<Resistance> philipsmatto, oh, and one last question... do you plan on rebooting this computer often, or shutting it down often?
<philipsmatto> yes yes
<Resistance> yes to which?  shutting it down often?
<Resistance> (aka rebooting)
<philipsmatto> yep
<Resistance> ok
<Resistance> gimme a few seconds
<philipsmatto> okok tnk u!
<Resistance> Daviey, i've got Ubuntu Desktop running on my server instance, so i have if-up/if-down scripts which autoload and autosave iptables...  do you know of any easier method of making iptables.rules persistently loaded?
<koolhead17> jamespage: whats up with java in your twitter handle :D
<Resistance> (i.e. on boot)
<koolhead17> !iptable
<koolhead17> Resistance: https://help.ubuntu.com/10.04/serverguide/C/firewall.html  see if this helps.
<Resistance> koolhead17, ok thanks
<philipsmatto> Resistance but if i don't shutdown, remain the config?
<Resistance> philipsmatto, yes that's true.  but i have a method that will allow it to autoload the rules on boot.
<philipsmatto> true
<Resistance> philipsmatto, first, install the iptables-persistent package (in terminal: sudo apt-get install iptables-persistent)
<Resistance> philipsmatto, now gimme a sec to upload this thing somewhere...
<koolhead17> Resistance: check for shorewall, things will be much easier 4 you :D
<Resistance> koolhead17, i already have iptables configured
<philipsmatto> trnk a lot!!
<Resistance> this is for philipsmatto who asked how to set up iptables as their firewall with  a "good" config
<philipsmatto> Resistance but olther Iptables, i must install olther firewall or no?
<Resistance> philipsmatto, if you're asking whether you need a different firewall if you dont want to use iptables, then yes.  there are easier firewalls to use, though.
<Resistance> (fwiw, I prefer iptables, but i'm old school)
<Resistance> (and i remembered half of the iptables man page)
<philipsmatto> :) okok
<Resistance> philipsmatto, i assume you have superuser on the box which is the server?  (i.e. sudo or root access)
<philipsmatto> true
<philipsmatto> attend
<Resistance> okay, then as superuser create the file /etc/iptables.rules
<Resistance> and put inside that file the content of this: http://pastebin.com/raw.php?i=r2sYd2bK
<Resistance> or...
<Resistance> you can *try* to wget that
<Resistance> but it might not work that way
<Resistance> huh actually that did work *shrugs*
<philipsmatto> now i can't doing,  wrriting notes
<philipsmatto> *writing
<philipsmatto> and stop?
<philipsmatto> later this operation i don't must doing nothing?
<Resistance> after you've done that, you'll need to do (as superuser) iptables-restore < /etc/iptables.rules
<Resistance> assuming you saved the file in /etc/
<Resistance> WHOAH lag spike
 * Resistance just lagged
<Resistance> then i *believe* that iptables-persistent will keep the rules in future
 * Resistance hasnt tested this in depth
<philipsmatto> okok trnks u a lot!!!!!
<philipsmatto> but with this configuration , Iptables  block DDoS attack?
<Resistance> not much defends against DDoS
<Resistance> but its far less likely they'll be able to hit your critical items
<Resistance> maybe your web server
<Resistance> but not much else
<l0n> http://www.riorey.com/
<l0n> use them for ddos, might cost a bit though ;)
<jMCg> For, or against?
<l0n> to defend against it
 * RoyK is somewhat sceptical
<RoyK> l0n: if a 100k node botnet attacks your site, how will they defend it?
<l0n> RoyK Not sure if they do DDoS protection as a service or not, if they do, I suspect you could get your IPs routed via them and they'll take care of it
<l0n> If not then 100k would probably fill up your pipe so yeah, no device would protect you
<l0n> unless you had a really really really really fat pipe
<RoyK> and if you can live through a 100k node attack, what about that 10M node attack?
<RoyK> some botnets are BIG
<l0n> idd, well you need DDoS as a service but like I say, it'll cost ya an arm & a leg
<sarthor> how to reload squid in 11.10 ? /etc/init.d/squid/ reload is not working
<l0n> RoyK not every DDoS is that big though, I used to work for a hosting provider that got DDoSed a lot and the protection they had did the job
<philipsmatto> excuse me , but for defender my website, what i doing?
<sarthor> i did service squid reload  but i did  not saw any change in tail -f /var/log/syslog
<philipsmatto> ?
<l0n> philipsmatto make sure you block all ports apart from those required e.g. http and ensure you keep your externally accessible services up to date and locked down
<l0n> you may also want to consider running the site in a chrooted env, using selinux or easier way is to run it in a virtual machine. This is to minimise damage in the event that you get hacked.
<l0n> you might also want to use an application layer firewall like mod security
<philipsmatto> eh, this
<philipsmatto> which use?
<l0n> philipsmatto: sorry, I don't understand what you mean
<Resistance> l0n, i helped him with iptables
<Resistance> l0n, there's a -j REJECT rule at the end
<Resistance> of the INPUT table
<Resistance> it acts as a catch-all-other-crapo
<Resistance> if it doesnt match the first rules, the system sends the REJECT packet
<Resistance> and in the config
<Resistance> only port 80 is open to the universe
<philipsmatto> excuse me, you are right, i would like say: which do i use?
<Resistance> which what?
<Resistance> firewall?
<philipsmatto>  mod
<Resistance> "mod"?
<RoyK> philipsmatto: for most use, just use ufw
<philipsmatto> ' you might also want to use an application layer firewall like mod security'
<philipsmatto> mod security
<Resistance> ah apache mod security
<Resistance> :P
<Resistance> i'd listen to RoyK then, and work wtih ufw
<Resistance> in which case they can help ya undo the iptables stuff and set you up with ufw
<Resistance> me, i've got classes
 * Resistance runs because he's 12 minutes late
<RoyK> Resistance: if the shit hits the fan and someone DoS you or get nasty somehow, well, add more layers of security
<Resistance> RoyK, hehe, "Secuirty in Depth" doesnt always work
<philipsmatto> i knew
<RoyK> Resistance: place an unpatched windows machine somewhere on the server farm and wait...
<Resistance> RoyK hehe
<Resistance> would it surprise you the Feds do that?
 * Resistance points at this server he was fixing prior to realizing he was late to class
 * RoyK just setup five 2x12core machines in an MPI cluster and finds it works :D
<philipsmatto> Resistance, i  must just  install apache mod security and your configuration?  So my server is safe?
<Resistance> philipsmatto, one thing to realize... servers are never 100% safe
<Resistance> the only safe server is not connected to the network, and is not connected to the internet
<Resistance> therefore a standalone machine that is safe from external threats
<Resistance> but the iptables rules that i gave you are pretty solid
<Resistance> and since i dont use apache i cant help you with mod security ;P
 * Resistance uses nginx web server
<l0n> Resistance, just out of interest, does nginx have something like mod security?
 * RoyK doubts it
<Resistance> l0n, not sure, i could check.  but fwiw, my sites i run on it are behind a hardware firewall and therefore arent exposed to the internet
<Resistance> but i do use nginx for everything ;P
<Resistance> except ASP crap... that, i'm forced to use a windows server for
<l0n> but you've got port 80 open on your hw firewall haven't you or you mean it's an internal web server?
<RoyK> l0n: nginx is very light-weight, quite the opposite of apache, which is more like an operating system in comparison
<philipsmatto> port 80
<philipsmatto> port 80 is request for redirect (with DNS)
<l0n> hehe idd Royk
<Resistance> l0n, [INTERNET] -> HardwareFireWall -> network
<Resistance> but the hw firewall doesnt have a port 80 rule
<Resistance> at least not for the nginx webserver itself
<l0n> so your web server is for internal use only?
<Resistance> mhm
<RoyK> - Emacs is a decent operating system, but it lacks a good editor...
<Resistance> well... the one which i truly give a crap about, yes
<Resistance> <l0n> Resistance, just out of interest, does nginx have something like mod security?  <--- answer: no
<barcef> How do I turn my hosted ubuntu server(w/ public IP) into an HTTP PROXY server?
<RoyK> barcef: apt-get install squid
<philipsmatto> Resistance, how u connect your WEBSERVER with doman without port 80?
<Resistance> philipballew, the thing runs its own DNS server off of a 10.x.x.x internal network IP
<RoyK> barcef: but then, there are different types of proxy servers and ...
<Resistance> philipballew, so if i type "webserver.foobar.baz" it'll route the requests to 10.x.x.x
<l0n> Ah ok, that explains why ppl run Apache and Nginx I suppose
<Resistance> since all systems on the internal net of mine have that servers's DNS IP stored
<barcef> RoyK,  How would I tell what type I need? I need to route my nintendo wii though my server in the US to get my netflix in english.
<Resistance> more like hardwired... but meh
<Resistance> philipballew, for the internal networked server, there's an iptables firewall rule that has port 80 open
<RoyK> barcef: that'll be a normal front proxy - squid is good for that
<Resistance> philipballew, but that server isnt shown to the universe outside the internal net
<RoyK> barcef: just install it and edit /etc/squid/squid.conf (read the comments)
<Resistance> philipballew, the trekweb server, though, for trekweb.org, ituses nginx but is offsite and internet-facing
<barcef> RoyK, ahh.. thanks man... thats awesome.
<philipsmatto> thanks a lot
<philipsmatto> Resistence :)
<philipsmatto> I owe you a favor
<philipsmatto> Guys i must goind
<hallyn> Ursinha, sorry, got carried away w a patch review.  how is bug 894754 treating you?
<uvirtbot> Launchpad bug 894754 in openvswitch "openvswitch missing -datapath-dkms dependency, fails to install" [Undecided,New] https://launchpad.net/bugs/894754
<philipsmatto> trnks a lot!!!!
<Ursinha> hallyn: I'm trying to reproduce in precise to see where to start
<Ursinha> reproducing in precise implies downloading iso and so on, so taking a while now :)
<hallyn> bleh, i see :)
<hallyn> i'll start the same
<hallyn> (waiting for victim stack instance to spin up)
<Ursinha> :)
<hallyn> Ursinha, if you look at the commit msg for 1.2.1-3, that sounds like actually a good alternative
<hallyn> oh!  the bug was reported on oneiric?  so that actually is the fix we want
<hallyn> (oneiric is on 1.2.0-1ubuntu1)
<hallyn> Ursinha, so, do a : "pull-lp-source openvswitch; pull-lp-source openvswitch oneiric", and then look at the diff in debian/openvswitch-switch.init between both versions
<hallyn> Ursinha, this should also mean that it can be marked fixed released, and affecting oneiric
<Ursinha> hallyn: yeah, but do you think it should just not fail instead of adding another dependency that would actually build it? (if I understood the problem well)
<Ursinha> does that mean the package doesn't need the module to work?
<hallyn> gah, would my wm pls stop resetting when i get popups?
<hallyn> Ursinha, yeah, was the original idea.  It seems perhaps less safe depending on how robust the dkms building is
<Ursinha> hm, right
<Ursinha> what do you mean by safe?
<Ursinha> won't hilight you so your wm won't reset :)
<hallyn> well if it fails 20% of the time to build,
<hallyn> thanks :)
<hallyn> eh, you're probably right, should probably be recommended:
<hallyn> but see, i just tried to install the dkms and got
<hallyn> Error! Your kernel headers for kernel 3.2.0-2-virtual cannot be found.
<hallyn>  
<hallyn> :)
<Ursinha> isn't that a problem in dkms package? :)
<hallyn> so, the package install would then still fail.  I think I see the real bug in openvswitch-switch as being that package update fails (making future updates noisier).
<hallyn> it's a problem inherent indkms i think - it's complaining bc the running kernel is older than the one that came in the current-headers pkg
<Ursinha> I don't like that much
<Ursinha> *that that
<hallyn> heh, if we could just get vswitch into upstream kernel we wouldn't need to do dkms :)
<Ursinha> :)
<Ursinha> do we need the module for that package?
<hallyn> what do you mean?
<hallyn> yeah, it's needed, so yes it should be Recommended
<Ursinha> if openvswitch_mod is needed for that openvswitch-switch package is meant to, so it's required, no?
<hallyn> yup
<Ursinha> do it's a dependency and not just a recommendation?
<Ursinha> s/do/so/
<Ursinha> I guess I see the problem you are pointing
<Ursinha> it's required, but module building is likely to fail, so better recommend and try and not break instead of creating problems for the average of users..
<hallyn> that *was* my point, but it's only half valid.
<jamespage> Daviey: iscsi testing completed
<hallyn> i think you should both make it Depend, and backport the fix to the init script
<Daviey> jamespage: you rock star!
<Ursinha> hallyn: right!
<Ursinha> oops, sorry
<Ursinha> :S
<hallyn> heh, np, it's not being uppity right now
<hallyn> Ursinha, so let me know if you have any questions on proceeding.  if you want me too look at the debdiff poke me.
<Ursinha> sure, thanks!
<hallyn> man qemu-linaro build takes HOURS
<jamespage> Daviey: this might be a stoopid question but is there a reason why I get the -generic kernel on amd64 server installs?
<Daviey> jamespage: hmm, good question.. Probably a better one to throw to apw or smb tomorrow.
<apw> jamespage, that is because the -server and -generic configurations have been merged
<apw> jamespage, they were almost identicle anyhow, so for now the linux-server meta points to linux-image-generic
<Daviey> apw: So that is what i thought, but there still seems to be a -server kernel?
<Resistance> is it a pseudopackage?
<Resistance> or does it actually provide something?
<Resistance> Daviey, ^
<Resistance> (the -server kernel package)
<apw> linux-image-*-server ? Daviey i can't see it
<Daviey> grr, might help if i wasn't looking at oneiric
<Daviey> RoAkSoAx: hmm, seems we can also pass an initrd to ipxe, which is a flat script - rather than tagging onto the cmd line.
<zul> jamespage: hey do you have instructions to setup iscsi for the iso testing?
<patdk-wk> zul, sorry, I had been running those tests, but internet been bouncing around all day :(
<zul> patdk-wk: do you have instructions to setup iscsi?
<patdk-wk> instructions? not really, I have my enviroment setup for iscsi though
<zul> with iscsitarget right?
<patdk-wk> heh?
<patdk-wk> I meant iscsi root
<jamespage> zul: http://paste.ubuntu.com/755364/
<zul> jamespage: heh...i love you
<patdk-wk> so it is iscsi root info you wanted, but I don't use iscsitarget for my iscsi server
<jamespage> and http://paste.ubuntu.com/755366/ into virsh
<jamespage> zul: http://paste.ubuntu.com/755368/ to grab the kernel and initrd for the authenticated test for reboot
<patdk-wk> that is extreemly annoying
<patdk-wk> gpxe chainload iscsi boot
<b0gatyr> join #windows-server
<lynxman> b0gatyr: right now!
<RoAkSoAx> Daviey: really? cuase for what I read it wasn't possible in the old one. But it would be cool if we could
<koolhead17> lol lynxman
<uvirtbot> New bug: #898365 in cloud-init (main) "cloud-config mount of '[swap, null ]' not handled correctly" [Undecided,New] https://launchpad.net/bugs/898365
<smoser> RoAkSoAx, jamespage adam_g zul SpamapS anyone...
<smoser> anything you all tihnk should be release noted
<smoser> for alpha-1
<smoser> utlemming, ^
<smoser> either known issues or new function/notable things.
<zul> nada
<Daviey> RoAkSoAx: yeah, i just went through the mailing list archives, it landed this month
<backburner> so after I use orchestra to install my server , what is the default username and password??
<adam_g> smoser: hmm. squid to squid3 migratin?
<Daviey> smoser: New Upstream cobbler snapshot, based on 2.2.2 .. openstack components based on Essex 2.
<smoser> at this point we're not filtering anything out
<smoser> as the list is... um... 3 items at the moment
<backburner> I don't see where I can set a username and password in cobbler/orchestra
<backburner> so I have this shinny new server loaded but I can't login without purgeing the password
<Daviey> smoser: Are you adding to the release notes for the cloud images, the nic issue?
<smoser> i suppose we can add it as a known issue.
<smoser> the only real issue is that the images are then 120M populated larger than they would be.
<smoser> but we should probably note it.
<adam_g> backburner: login to what? a newly provisioned system or cobbler itself?
<Daviey> hallyn: So i plan to do a new upstream snapshot of ipxe
<hallyn> :(
<Daviey> does this impact you?
<backburner> anyone using orchestra?
<hallyn> Daviey:  it shouldn't  :)
<hallyn> Daviey, you could add my debdiff into your merge...
<Daviey> backburner: yes
<Daviey> backburner: Ah, if you are using the default preseed; the username and password is both ubuntu.
<Daviey> (secure eh?)
<backburner> ahh thanks , will try that!
<Daviey> rocking
<Daviey> backburner: Things are changing for precise btw :)
<hallyn> Daviey,what i was waiting on was lp:~serge-hallyn/ubuntu/precise/ipxe/kvm-pxe-in-ipxe/ merge
<Daviey> hallyn: Mine can stack on yours, don't need to block on me
<RoAkSoAx> Daviey: btw.. is redhat-cluster seeded?
<Daviey> (once freeze lifts)
<hallyn> Daviey, it's a pretty superficial patch, go ahead and do it and i'll rebase
<hallyn> Daviey, after this cycle, i think i want to spend some time pushing on getting it so UDD can be used reliably for qemu-kvm and libvirt
<hallyn> cause if i could just stage fixes there i wouldn't have this problem
<Daviey> hallyn: right, is UDD still broken for them?
<hallyn> (pushing as in, trying ot understand th eproblem)
<hallyn> yeah.  i thought it was supposed to be fixed, but doesn't appear to be
<Daviey> RoAkSoAx: redhat-cluster-suite is on server-ship
<backburner> daviey where can you set the inital user/password?
<RoAkSoAx> Daviey: so I won't be able to mess with post the freeze?
<hallyn> Most recent Ubuntu Precise version: 0.15.0+noroms-0ubuntu6
<hallyn> Packaging branch version: 0.14.0+noroms-0ubuntu8
<hallyn> Daviey, ^ :(
<Daviey> backburner: try, /var/lib/cobbler/kickstarts/orchestra.preseed
<Daviey> hallyn: :(
<RoAkSoAx> Daviey: zul I think we'll also need to add user/password fields for each system so that users can change them
<ninjix> Daviey: that would be a nice new feature for the passwords
<Daviey> hallyn: urgh, http://package-import.ubuntu.com/status/qemu-kvm.html
<Daviey> yep
<uvirtbot> New bug: #898373 in cloud-init (main) "fsck.ext3: Device or resource busy while trying to open /dev/xvda2" [Undecided,New] https://launchpad.net/bugs/898373
<ninjix> installing server via alternate using a giant monitor. Have to look away from the purple and orange every few minutes to color adjust my eyes? :)
<ninjix> anyone experienced this before? it's quite a trip.
<ninjix> whole room is purple :)
<Daviey> heh
<ninjix> coworkers keep coming over to see what's making all the light.
<hallyn> wtf?  /usr is group writeable...
<skaet> smoser, utlemming - what's the status with the cloud images for the release?
<utlemming> skaet: I think they are good, but let me double check
<utlemming> the testing only started a few hours ago
<utlemming> (due to problems with IP addresses)
<skaet> utlemming, thanks,  silence was starting to worry me.  :)
<utlemming> skaet: looking good so far (https://jenkins.qa.ubuntu.com/view/Precise/job/precise-server-ec2/) there are still some tests to complete, but I'm not seeing anything that would preclude launching it
<skaet> utlemming,  thanks.  :)
<adam_g> zul: ping
<zul> adam_g: whats up
<adam_g> zul: hey
<zul> adam_g: hilo
<adam_g> zul:  i was lookin at glance wrt to bug 883988
<uvirtbot> Launchpad bug 883988 in glance "db migration failing when upgrading glance - trying to create existing tables" [High,Confirmed] https://launchpad.net/bugs/883988
<zul> adam_g: ok
<adam_g> zul: that predates me. :) where'd the logic around 'db_sync' come from?  the upstream packaging or us? i see the same thing in the nova packaging as well, and wonder what the reasoning is
<zul> adam_g: upstream packaging im pretty sure
<zul> it creates the database
<adam_g> well
<adam_g> it migrates the database, it doesn't create
<adam_g> im curious to know the reason why it only attempts to do so for connections that are not sqlite
<zul> adam_g: i think predates me as well :)
<adam_g> ah
<zul> since im not the one who wrote it
<adam_g> zul: lp:~openstack-ubuntu-packagers is where all of that work has lived, right?
<zul> right all the upstream stuff is there
<zul> all the ubuntu stuff is at ubuntu-server-dev
<adam_g> http://bazaar.launchpad.net/~openstack-ubuntu-packagers/glance/ubuntu/revision/29
#ubuntu-server 2011-12-01
<smoser> jamespage, i just pushed a change to https://code.launchpad.net/~ubuntu-server-ec2-testing-dev/+junk/ec2-automated-tests.smello for the ec2-automated-tests . it seems that maybe because its +junk that i can't propse it for merging
<smoser> anyway, i propose that for merging.
<smoser> and my plan is to just copy 'smello' binary to each release.
<SpamapS> smoser: right, +junks can't use merge proposals
<chrislabeard> anyone have any ideas on why I can ssh into my server without a password but when trying to run rsync from same machine it gives me an error http://pastebin.com/11PypSGi
<smoser> Daviey, updated https://wiki.ubuntu.com/PrecisePangolin/TechnicalOverview
<triode3> hello all... any mdadm users here?
<smoser> chrislabeard, no real help, only ftp://ftp.samba.org/pub/unpacked/rsyncweb/issues.html
<smoser> and it suggests some things to check.
<chrislabeard> a little confusing as to why rsync runs fine when I don't use ssh
<chrislabeard> I guess I will look at these files
<chrislabeard> thanks
<twb> In sid I have a Unattended-Upgrade::Origins-Pattern -- but on my lucid box I only see Unattended-Upgrade::Allowed-Origins
<twb> Can I use the former?
<twb> I have an in-house apt repo that includes e.g. lucid openldap packages automatically rebuilt against openssl, and currently unattended-upgrades is upgrading from one of those to the newer one in lucid-security, thereby breaking sudo-ldap
<twb> So the simple solution is to add my PPA's origin pattern, except that I don't understand the matching style of the Allowed-Origins variable.
<twb> Hmm, I think it's just Origin and Suite, so I will try adding "Cyber IT Solutions lucid-cyber" to the list and see what happens.
<twb> Why does unattended-upgrades recommend mailx?  AFAICT it just uses cron to send notification emails, and cron uses /usr/sbin/sendmail, not mailx
<SpamapS> twb: perhaps because   * add "mailx" to suggests (LP: #137994)
<twb> Oh WTF, there's an /usr/bin/unattended-upgrades *as well as* the /etc/cron.daily/apt that apt ships
<twb> OK, I see, /etc/cron.daily/apt does everything except the actual package upgrade, and calls u-a to do that.
<twb> I still don't see why u-a doesn't just emit to stdout and let cron take care of it :-/
<SpamapS> Or use sendmail directly
<twb> IMO that is wrong
<twb> If you're invoked via cron, bypassing cron's mail configuration is naughty
<twb> Otherwise e.g. if I change MAILTO=fred@telstra.com to /etc/crontab and you are still sending to root@localhost, I will lose your mail
<SpamapS> wouldn't it be advisable to alias root's mail to an account that is watched?
<SpamapS> I started at a company that hadn't done that for 4 years..
<twb> SpamapS: yes, but that's orthogonal to my complain
<SpamapS> I found SO much broken stuff going through and just running 'mail' as root
<SpamapS> backups failing.. disks filling up... crazy
<twb> SpamapS: the one that was fucking me was... lemme find the ticket...
<ipl31> So can someone tell me if I have a snippet in my orchestra/cobbler preseed that is showing up in the d-i as $SNIPPET('snippet_name') does that mean it failed to compile?
<twb> http://bugs.debian.org/645286
<erichammond> twb: But cron doesn't allow me to specify custom subjects which makes all cron emails look equally uninteresting.
<twb> erichammond: tough
<twb> erichammond: if you care enough fix that in cron, not by patching individual jobs
<SpamapS> ipl31: yes most likely. Do you have other snippets working that way?
<twb> (FWIW the subject comes from the job, so the direct issue there is using cron.daily instead of cron.d)
<SpamapS> twb: nice bug btw.. hah!
<twb> The fix is grotesque
<twb> s/fix/kludge/
<SpamapS> twb: looks like they fixed it upstream for you
<SpamapS> twb: but then dropped it
<ipl31> SpamapS: This particular snippet is in last command and it is surrounded by two others that are working
<twb> SpamapS: yeah, I seem to have missed that email
<ipl31> Are there any code examples that show manipulating the interfaces file with snippets? That is essentially what I am trying to do
<SpamapS> twb: best be subscribing to those next time. ;)
 * SpamapS always forgets to subscribe to the bugs he files in Debian
<SpamapS> ipl31: no but .. netcfg is pretty powerful
<SpamapS> anyway, I'm late...
<twb> It ought to have subscribed me automagically to the one I filed, surely?
 * SpamapS disappears
<SpamapS> twb: no, Debian's BTS does not subscribe you to bugs you file
<twb> OH
<SpamapS> yeah
<twb> So it's just normally people hit group reply
<SpamapS> exactly
<ipl31> SpampS: does netcfg support bonding, vlans etc??
<ipl31> SpamapS: does netcfg support bonding and vlans?
<ipl31> sorry about the double post
<SpamapS> ipl31: not sure..
<SpamapS> anyway, I must be going
<ipl31> SpamapS: thanks
<twb> Sigh.
<twb> Unattended-Upgrade::Allowed-Origins "Cyber IT Solutions lucid-cyber"; fails, because unattended-upgrades(1) assumes that the Origin is a single word.
<zul> RoAkSoAx: eh?
<RoAkSoAx> zul: eh what?
<zul> <RoAkSoAx> Daviey: zul I think we'll also need to add user/password fields for each system so that users can change them
<RoAkSoAx> zul: cobbler system, add user/password fields for each of the systems so administrators can change admin user/password of the system they are deploying
<zul> im thinking im missing context here what was the problem
<RoAkSoAx> zul: someone was asking how they can change the user/password for the machine they are deploying
<RoAkSoAx> zul: and it makes no sense to manually edit a preseed file to do it
<zul> ah ok
<zul> yeah
<RoAkSoAx> zul: so we should add user/pass to cobbler systems and then add a snippet that will automatically do that
<zul> RoAkSoAx: probably worry about it tomorrow though :)
<twb> Bah, symmetric crypto blows
<twb> You need to add a public key infrastructure to it :-)
<twb> Say kerberos, that was you can put a big sticker on the front "compatible with AD"
<RoAkSoAx> zul: lol yeah it's  should be fairly easy though
<twb> What could POSSIBLY go wrong
<twb> There should be a better way to handle dkms/m-a updates to a bastion where you don't want to install gcc
<twb> Specifically, I scripted an automated rebuild of xtables m-a whenever a new linux-generic update comes down the pipe, BUT, it won't be installed because there is no metapackage that depends on the latest xtables-addons-modules-NNN-generic.
<twb> And I am surely not the only one who wants to avoid putting gcc on an xtables-using firewall...
<jjjrmy> Hey, guys. I need help!
<Acidburn_1> anyone around?
<twb> !anyone
<twb> Stupid bot.
<twb> jjjrmy: what is your question?
<T3CHKOMMIE> hey guys, i was wondering if anyone knows what brand of cpu is typlically better for ubuntu? AMD vs intel it seems like ubuntu isnt optomized for an intel like windows is, but it also seems like AMD is lacking in some features. thoughts?
<T3CHKOMMIE> I am talking from an OS / schedualing view point.
<twb> T3CHKOMMIE: x86-64 CPUs it doesn't matter a damn to Ubuntu
<twb> T3CHKOMMIE: obviously both intel and amd make a few CPUs of different architectures (e.g. tegra) which is a whole other ballgame
<T3CHKOMMIE> twb, really? i was looking at i7 vs bulldozer... seems like the way windows and ubuntu sheudal the threads on the hardware can either help or hinder performance based on number and load of threads...
<T3CHKOMMIE> twb, do you know of any cpu features that dont work yet on the linux kernel?
<twb> What I mean is that Ubuntu binaries are compiled to a baseline x86-64 ABI.  So anything "cool" about a particular CPU is not going to be Ubuntu-specific.
<T3CHKOMMIE> for example, turbo clocking with intel etc.
<twb> Regarding specific features: I have no idea.
<twb> Generally I buy intel because an AMD-based box is more likely to contain nvidia components, and nvidia is actively hostile to the FOSS movement
<T3CHKOMMIE> foss?
<twb> And generally I'm building things like file/print servers, so anything newer than a Pentium 4 will be perfectly fine
<twb> T3CHKOMMIE: Free and Open Source Software
<T3CHKOMMIE> gotchya.
<twb> T3CHKOMMIE: i.e. the ideology behind the software
<T3CHKOMMIE> its been my experience that nvida drivers work better on ubuntu than AMD or ATI. is that yours aswell?
<twb> If you're talking about GPU drivers, I do not run non-Free GPU drivers, so I have no idea.
<T3CHKOMMIE> ya, gpu. thats interesting. why dont you use non free gpu drivers? and how do you get "free" gpu drivers?
<twb> Free GPU drivers ship with your system
<twb> The reasons to use them are the same as reasons to use FOSS in general.  Try http://fsf.org/philosophy
<twb> Sorry, I meant http://www.gnu.org/philosophy/.  The FSF one seems to be some horrible blog thing.
<twb> (Stupid johnsu01...)
<auston> hi
<auston> my ufw not activated on boot. How to do that?
<friedrich> Good day
<friedrich> I'm using Ubuntu-server 10.04 and trying to configure mail server with Dovecot as SASL server for postfix
<friedrich> I'm using standard manual, but postfix on port 25 doesn't show AUTH string
<Randolph> hi all
<friedrich> hi
<RoyK>  
<Daviey> morning'
 * uksysadmin tips hat to Daviey
<jamespage> morning all
<Ursinha> good morning :)
<koolhead11> hi all
<uvirtbot> New bug: #898583 in nova (main) "nova_sudoers allow unused commands" [Undecided,New] https://launchpad.net/bugs/898583
<lynxman> jamespage: morning!
<lynxman> Ursinha: bom dia!
<jamespage> morning lynxman
<Ursinha> lynxman: dia!
<koolhead11> hellos lynxman :D
<lynxman> koolhead11: ello o/
<koolhead11> so how much your going to pay!! lynxman :D
<lynxman> koolhead11: oh hell, don't even remind me about it :/
<koolhead11> lynxman: :D
<koolhead11> hola Ursinha Daviey
<Ursinha> man, there not a single dlna client in ubuntu
<lynxman> Ursinha: there's a couple java based ones I reckon
<lynxman> Ursinha: not Ubuntu specific though
<Ursinha> lynxman: if it runs in ubuntu that's fine
<Ursinha> problem is I just can't find them
<lynxman> Ursinha: it does :)
<Ursinha> I'm using my android phone for that
<lynxman> Ursinha: http://en.wikipedia.org/wiki/List_of_UPnP_AV_media_servers_and_clients
<Ursinha> AH wikipedia
<lynxman> Ursinha: the source and failure of all information :D
<binyam> helo evrybody i was installing ubuntu server 10.04 in my machin but the there is no graphical interface  is that psible to make having graphical interface please help me?
<Ursinha> binyam: yes sir, it's possible, it's just not installed as default :)
<koolhead11> binyam: it is. :)
<Ursinha> binyam: installing ubuntu-desktop package is one way of getting it..
 * koolhead11 wants to modify the bot to answer these questions!!
<Ursinha> !ping
<ubottu> another contentless ping... sigh...
<Ursinha> :O
<koolhead11> Ursinha: xfce is better way
<lynxman> !ping ubottu
<Ursinha> ubottu: that's rude! you should read Ubuntu CoC
<ubottu> Ursinha: I am only a bot, please don't think I'm intelligent :)
<binyam> ursinha: iam trying in instlalling  ubuntu-desktop but is ther any disadvantage installing ubuntu-desktop?
<Ursinha> binyam: ubuntu-desktop is basically unity and all related stuff.. but you might want something lighter for a server, like koolhead11 suggested, as xfce
<Ursinha> koolhead11: so he might want to install xubuntu-desktop?
<koolhead11> Ursinha: not sure but binyam google is your friend don`t forget :D
<Ursinha> I know, I just don't like to point people directly to google if I can remember stuff from the top of my head :)
<Ursinha> sure, google knows it all :)
<binyam> Ursinha:thanks anyway
<koolhead11> can someone add !google kind feature to give result url here :D
<koolhead11> !google
<ubottu> While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question.
<koolhead11> lawwal
<Ursinha> yeahhhhhhhhhhhh
 * Ursinha hugs ubottu 
<lynxman> ubottu needs a friend
<ubottu> lynxman: I am only a bot, please don't think I'm intelligent :)
<Ursinha> that's the spirit :D
<Ursinha> I'm ubottu's friend :P
 * Ursinha loves bots
<Ursinha> #foreveralone
<lynxman> Ursinha: lol!
<Ursinha> haha
<lynxman> Ursinha: defender of lost causes and advanced scripts ;)
<koolhead11> hehe
<Ursinha> binyam: let us know if you need any more advice :)
<Ursinha> lynxman: yes I am
<Ursinha> defender of the lost causes
<lynxman> Ursinha: ;)
<binyam> Koolhead11:u seems bone head not kool am i right/
<otaku_coder> hi, im currently using the ec2 natty ami, and im curious how its been setup. theres a 300GB partition mounted at /mnt, but its not showing up as an ebs volume. any ideas what this is?
<patdk-lap> did you install the ebs ami?
<koolhead11> binyam: indeed i am at times http://www.ubuntugeek.com/how-to-install-gui-on-ubuntu-11-04-natty-server.html
<otaku_coder> patdk-lap: yep
<koolhead11> i just did "gui ubuntu server"
<patdk-lap> that is the normal local disk then, that would have been your primary drive, if you didn't do ebs root
<binyam> Ursinha:and is that possible to acesss out side of any country to my server is there any kind of confiugration that can i make alrady i have installed ssh
<otaku_coder> patdk-lap: the main os is on an ebs volume mounted at /dev/sda and when i snapshot it the core filesystem is there, just not anything in /mnt
<otaku_coder> wierdly i can write to it fine
<patdk-lap> otaku_coder, yes, it works fine, but it's kindof like a ram disk
<Ursinha> binyam: so, it depends :)
<patdk-lap> when you destroy the instance, it's gone
<patdk-lap> but when you restart the instance, it will be there again, but blank
<Ursinha> binyam: if you want to access your server from anywhere inside the same network, so you just need to make sure sshd is running
<patdk-lap> but as long as the instance is running, it's just a normal local disk
<otaku_coder> patdk-lap: right, bit confusing as its a farily large storage space
<patdk-lap> basically just think of it as a higher speed temp drive
<Ursinha> binyam: if you want to access your server from anywhere else in the world, you need to have a valid ip to connect to
<patdk-lap> well, local storage that isn't highly redundant is cheaper to make larger :)
<otaku_coder> patdk-lap: ok, ive got mongoDB writing its data there, looks like i need to move it to an ebs volume fast!
<Ursinha> binyam: so you need to make sure the router or whatever your server is connected to is configured to let you reach the server from outside
<patdk-lap> otaku_coder, depends
<patdk-lap> maybe leave it there and do hourly backups out of it
<otaku_coder> patdk-lap: well I intended to use ebs snapshots as a way to back it up
<patdk-lap> or whatever your application requires
<Ursinha> binyam: here at home I have an irc proxy machine (among other stuff), so I configured my router to redirect ports
<patdk-lap> all depends on what you require
<patdk-lap> I store lots of stuff on ramdisks, and only back it up hourly or daily
<binyam> Ursinha:so how can i makesure wether it is connected or not ?
<Ursinha> binyam: not sure what you mean :) you need to understand what's the path to get from your computer to outside world
<Ursinha> binyam: here at home my computer is connected to a router, which is connected to the world
<Ursinha> so to reach my computer I need to do the inverse path
<Ursinha> binyam: got it?
<binyam> Ursinha:yeah i gote it  let me ask some qoistion later
<binyam> Ursinha:the installation of the ubuntu-desktop is alrady finish but nothing display/
<otaku_coder> patdk-lap: how do you normally back it all up? especially with databases where its difficult to keep a consistent state
<Ursinha> binyam: so, it's no magic :) you need to ask it to
<Patrickdk> why is it difficult?
<Patrickdk> how is a database that isn't consistent useful to use at all, if you can't back it up?
<binyam> Ursinha:How coud i ask it?
<binyam> lsb_release -a
<Ursinha> binyam: so, you're installing a server, you need to understand at least a bit of what you're doing, otherwise you can get yourself in trouble
<binyam> Ursinha:yeah  but iam not familar with ubuntu thats why iam asking you?
<Ursinha> binyam: to be really honest with you, ubuntu isn't much different of other distros when it comes to which tools to use to do specific things
<Ursinha> and the concepts are the same
<Ursinha> concepts are the important things
<binyam> Ursinha:so what supoose to do now?
<Ursinha> binyam: understand what you are doing :)
<Ursinha> binyam: you need to run X, I'd start lightdm
<Ursinha> binyam: sudo service lightdm start
<Ursinha> X should start and then you can just login
<binyam> Ursinha:ok
<binyam> Ursinha:itsays t o me lightdm :unrecognized service
<otaku_coder> Patrickdk: false alarm, im using a replicaset so can pause one of the slaves to take a backup. :)
<Ursinha> binyam: try to run startx and see what happens
<binyam> Ursinha: thanks igot it what i need thanks  very much
<Ursinha> binyam: no problem :) next time, if you need more help regarding server, you can check here: https://help.ubuntu.com/11.10/serverguide/C/index.html
<binyam> Ursinha: thanks
<koolhead11> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<koolhead11> thanks ubottu :D
<Ursinha> koolhead11: that is the natty serverguide, we might want to update that :P
<Ursinha> natty? no, maverick?
<koolhead11> Ursinha: will do that when precise comes
<Ursinha> koolhead11: why is that?
<koolhead11> Ursinha: i think there is some rule/way/practise to keep LTS guide as url
<Ursinha> koolhead11: ahh, I see
<koolhead11> !servergui
<ubottu> Ubuntu server does not install a desktop environment or X11 by default in order to enhance security, efficiency and performance.  !eBox provides a GUI system management option via a web interface.  See https://help.ubuntu.com/community/ServerGUI for more background and options.
<koolhead11> Ursinha: ^^
<Pici> Ursinha: We've purposely left ubottu and the /topic pointing to the latest supported LTS for server related thigns.
<koolhead11> Pici: cool :D
<Ursinha> thanks koolhead11 and Pici :)
<zul> good morning
<lynxman> zul: good moaning
<zul> hey lynxman
<hallyn> Daviey: yay, netcf is in unstable!
 * ahs3 ^5s hallyn
<hallyn> ahs3: :)
<smb> zul, Did we not have some bug report request to add modprobing xen_gntdev to the init scripts (at least for precise). Finally understood what that is good for and it might be nice to have for Oneiric, too...
<zul> smb: i think we did wouldnt it be easier just to build it into the kernel as well?
<zul> less delta with debian if we did that as well
<smb> zul, On one side yes, on the other I am not yet sure a) whether it may have effects on normal installs b) increases the kernel size without it being boot essential (sort of)
<zul> k neither am i but yeah we can do that for precise i think
<zul> im also concenered if there is a modprobe order
<smb> What I found nice about it being in the init script was that I can dual boot into the no-xen side and all the xen modules are not loaded
<smb> zul, Seems the gntdev is only used by userspace driver to foreign domain communication. So I would say no there
<smb> zul, Right now I was experimenting and loaded it after anything else but before starting a new domU and it was ok
<zul> smb: ok ill take a look at it
<smb> zul, ok. well I may try to get it prepared and ask you to sponsor. I just for heck cannot find that bug report again
<smb> I am sure I saw it fly by
<zul> cool
 * smb is waiting for a number from zul... ;)
<zul> smb: damn hold on
<zul> smb: i could have swore there was one as well
 * RoyK gives smb a 42
<smb> zul, heh, ok. I am pretty sure there was, as well but lp search...
<smb> bug 42
<uvirtbot> Launchpad bug 42 in launchpad "Bug description listed in task is not the correct description" [Medium,Fix released] https://launchpad.net/bugs/42
<RoyK> bug 1
<uvirtbot> Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1
 * smb watches lp explode
<lynxman> bug -1
<RoyK> bug sqrt(-1)
<RoyK> bug `ls /`
<lynxman> RoyK: trying to exploit the system? ;)
<RoyK> lynxman: http://xkcd.com/327/
<koolhead11> hello zul :)
<zul> hi koolhead11
<koolhead11> RoyK: supp
<koolhead11> zul: anything for me today?
<zul> koolhead11: no
<koolhead11> ok sir. :
<lynxman> RoyK: ah little Johnny tables
<RoyK> http://xkcd.com/984/ yesterday's xkcd was rather cool too :)
<zul> soren: ping what happened to https://github.com/openstack/openstack-integration-tests
<RoAkSoAx> smoser: ping
<RoAkSoAx> smoser: bug #898697
<uvirtbot> Launchpad bug 898697 in orchestra "automatic importing of isos should be configurable" [Undecided,New] https://launchpad.net/bugs/898697
<RoAkSoAx> smoser: there's now a debconf question that asks whether to run it or not during install
<RoAkSoAx> smoser: and if you decide not to, you can configure what you want to import or not in the config file
<RoAkSoAx> smoser: so I'm closing this bug report, is that ok with you?
<uksysadmin> RoAkSoAx, how do I get to try this? This affected me.
<kirkland> is there any IRC server in main?
<RoAkSoAx> uksysadmin: this is released in Precise unfortunately. I cannot backport to oneiric as there's been changes on squid that would make orchestra fail in oneiric
<zul> kirkland: no
<RoAkSoAx> uksysadmin: i'll probably add backwards compatibility to be able to backport
<uksysadmin> RoAkSoAx, that's ok - I'm up for the challenge - I'll grab a build of Precise... I'm still at getting the thing working and April will probably be a time when we'll be looking at using this anyway...
<RoAkSoAx> uksysadmin: cool, if you are gonna rebuild, what you probably need is just change the dependency from squid to squid3 in debian/control
<dkn> if i update the RAM allocation in KVM, and restart the VM, why wouldn't it show up in top?
<uksysadmin> ok
<dkn> guest top that is
<smoser> RoAkSoAx, how does that work ?
<smoser> the postinst runs 'runone' immediately
<smoser> what debconf question were you talking about ?
<RoAkSoAx> smoser: Precise
<RoAkSoAx> smoser: http://pastebin.ubuntu.com/756138/
<smoser> carp.
<smoser> i was reading out of date trunk/ source
<RoAkSoAx> smoser: its not in PPA though because the transition to squid3 was made and it will break oneiric
<RoAkSoAx> not in PPA for oneiric*
<smoser> i was just reading out of date source
<smoser> suck
<smoser> sorry for bothering you.
<philipsmatto> hi guys
<RoAkSoAx> smoser: no worries :) it happens
<smoser> i just marked that as a dupe of bug 892328
<uvirtbot> Launchpad bug 892328 in orchestra "debconf question to run orchestra-import-isos or not during installation" [Medium,Fix released] https://launchpad.net/bugs/892328
<RoAkSoAx> ok ;)
<zul> smoser:  have you seen  the cartoon animaics?
<smoser> yeah.
<zul> smoser: they had a bit called good idea or bad idea, along the same lines would you say this is a good idea or a bad idea: people.canonical.com/~chucks/add-nova-connect.patch
<utlemming> hello nurse
<smoser> good idea: pasting links with the protocol included
<smoser> bad idea: pasting links you can't copy
<smoser> http://people.canonical.com/~chucks/add-nova-connect.patch
<zul> http://paste.ubuntu.com/756170/
<smoser> boto's ec2 connection is harder to use than it should be
<zul> yeah
<zul> thats why i wrote a shortcut
<smoser> or at least it should have a generic one that takes an endpoint rather than a region item.
<smoser> next to "connect_walrus", it seems to make sense.
<smoser> but i'd suggest a generic 'connect_ec2_endpoint' or something
<zul> so you are syaing you are ok with that but it would also be nice to have a generic one?
<smoser> well i think its worth sending upstream
<smoser> but a generic one makes sense to me.
<zul> k
<zul> thanks
<zul> i dont think i have the engergy to write a generic one
<utlemming> smoser: are you using boto for the ec2-image build process? or is this something else?
<smoser> zul brought this up. and its for nova (openstack)
<utlemming> smoser: k, thanks -- just want to make sure we're not overlapping
<zul> utlemming: no im using it write some perfomance metrics stuff for nova
 * zul lunches
<smoser> zul, http://smoser.brickies.net/git/?p=xc2.git;a=blob;f=xc2_util.py;h=fc4878beb8922cf8ea4b8d2971c2adfc6e78377a;hb=HEAD
<smoser> does something like the generic one i was talking about
<smoser> if region == none, then it parses the url given (in ec2_url)
<zul> smoser: cool thanks
<smoser> zul, http://paste.ubuntu.com/756203/
<smoser> something like that.
<zul> nifty
 * RoAkSoAx redhat cluster breakge coming today :)
<Daviey> RoAkSoAx: w00t
<RoAkSoAx> Daviey: ehehehe its been tested by ivoks , everything works as expecgted, by given the upstream changes things will definitely break on upgrades from lucid -> precise
<RoAkSoAx> Daviey: as configuration methods have changed, binaries have changed, etc
<Daviey> rocking :)
<mgw> any kerberos experts here?
<koolhead17> hi all :)
<Daviey> adam_g: Have you been able to look at the keystone charm yet?
<adam_g> Daviey: not yet, no. i wanted to poke at openstack for the first time yesterday but sidetracked on bug 883988
<uvirtbot> Launchpad bug 883988 in glance "db migration failing when upgrading glance - trying to create existing tables" [High,Confirmed] https://launchpad.net/bugs/883988
<Daviey> adam_g: Great :)
<RoAkSoAx> adam_g: did you test squid3/orchestra in oneiric?
<adam_g> RoAkSoAx: it appeared to be working fine out of the box when i submitted the change. is it not?
<RoAkSoAx> adam_g: just wondering cause I wanna change the Dependency from squid to squid3 for oneiric backports
<RoAkSoAx> adam_g: that's why I was wondeirn if you tested this in oneiric too
<Daviey> Hmm
<pukeko> hi there.. i have a karmic-server which i would like to update and potentially upgrade, where can i find the repos ?
<Daviey> Something isn't quite working right for me with that.
<Daviey> But it might be unrelated.
<RoAkSoAx> Daviey: maybe the wrong network for squid?
<RoAkSoAx> though, it shouldn't
<Pici> pukeko: Take a look at https://help.ubuntu.com/community/EOLUpgrades
<pukeko> thanks
<adam_g> RoAkSoAx: no, i haven't on oneiric
<jamespage> SpamapS: I just got zookeeper 3.3.4 uploaded into Debian unstable; includes upstart configuration for Ubuntu; tests to support MIR are currently disabled; they do run but not reliably...
<RoAkSoAx> adam_g: ok
<SpamapS> jamespage: NICE .. I think the juju team is excited about 3.4 ...
<SpamapS> jamespage: maybe we can patch up the tests and try to get fixes upstream
<jamespage> SpamapS: well to be honest I think its the build environments borking more than anything else
<jamespage> I can run them fine on my laptop in a clean chroot for either precise or sid
<jamespage> my sponsor had issue tho
<jamespage> SpamapS: 3.4.0 is appealing but still considered beta; I have a branch I'm working on for it; might get it uploaded to experimental/PPA
<hallyn> Daviey: so freeze is over.  Did you want to push the etherboot/ipxe bits from me?  :)
<hallyn> jjohansen: stgraber: can we pick a time tomorrow to talk about lxc and apparmor and security (to make Daviey happy)?
<jjohansen> hallyn: sure, I good with any time you want
<hallyn> 17:00 utc?
<hallyn> (11am central, 9am pacific, i think)
<hallyn> cool, thanks, i'll ping tomorrow at that time and hope for the best :)
<stgraber> I have an ARB review/packaging shift tomorrow until 19:00 UTC tomorrow, will be around after that
<hallyn> so do you prefer 20:00 utc for a break?
<uvirtbot> New bug: #898363 in samba (main) "Command: echo <package_name> hold is not working" [Undecided,New] https://launchpad.net/bugs/898363
<stgraber> yep 20:00 should work fine
<hallyn> stgraber: cool, thanks.  talk to you then.
<hallyn> jjohansen: ^
<hallyn> (now i'm going for a walk toclear my head before some scary uploads)
<jjohansen> hallyn: works for me too
<uvirtbot> New bug: #790863 in linux (main) "Unable to start lxc container after update to 2.6.32-32" [High,Confirmed] https://launchpad.net/bugs/790863
<tgardner> so I just installed ubuntu-orchestra-server on a fresh oneiric server. why didn't that also install isc-dhcp-server ?
<tgardner> it asked me about address ranges.
<smoser> utlemming, http://paste.ubuntu.com/756362/
<smoser> do you know anything about that?
<smoser> tgardner, it does not assume that it is the owner of your dhcp infrastructure. it can live without it.
<tgardner> smoser, yeah, I just figured out that it install dnsmasq by default
<smoser> ah. yeah, cobbler works with dnsmasq.
<jamespage> smoser, tgardner: cobbler will also work with isc-dhcp-server - but by default orchestra recommends dnsmasq and provides suitable config for it
<jamespage> hmm: maybe that should be dnsmasq | isc-dhcp-server....
<tgardner> jamespage, I'm trying to figure out if dnsmasq is smart enough to assign specific MAC addresses to DNS names (and IP addresses)
<jamespage> tgardner: probably - /usr/share/doc/dnsmasq/examples/dnsmasq.conf.example has lots of options with descriptions
<jamespage> it can assign based on the hostname presented from the client via DHCP - that can be managed through cobbler
<tgardner> jamespage, I'll check it out. thanks.
<jamespage> tgardner, np
<tgardner> jamesone other question, what is the cobbler web URL ?
<smoser> tgardner, cobbler_web
<smoser> hostname/cobbler_web
<tgardner> smthats the one. thanks
<mjau^> evening people
<mjau^> I _think_ I might be having apparmor troubles with bind - I'm setting up my slave server, and I'm getting this when I do a rndc reload: http://pastebin.com/60QX0WAM
<mjau^> could anyone help me find out for sure?
<SpamapS> mjau^: apparmor would be logging denials in /var/log/syslog
<mjau^> SpamapS: ah, so it's not apparmor giving me a hard time then?
<mjau^> oh. found what was wrong.
<mjau^> hadn't created the foo.se. dir.
<smoser> utlemming, would you be willing to review https://code.launchpad.net/~smoser/ubuntu/precise/python-boto/2.1.1/+merge/84002 ?
<smoser> the merge is fairly straight forward if you ignore the file-id stuff (ie, you can see smaller changes by 'bzr export' of the tree for the from and to versions and diff  -Naur.
<hallyn> Daviey: I'm going ahead and pushing ipxe (with a small change)
<hallyn> Daviey: i'm going to wait on etherboot until tomorrow
<hallyn> gah - ipxe upload rejected
<hallyn> Guess i'll be waiting for daviey after all
<hallyn> daviey: http://people.canonical.com/~serge/ipxe-2.debdiff  fwiw
<Daviey> hallyn: Great!
<Daviey> Will grok it first thing in the morning
<hallyn> daviey: thx, i just moved the rules steps to override_dh_install as that's more appropriate for that than override_dh_auto_install
<Daviey> groovy
<hallyn> zul:  do you have an oneiric pandaboard powered on and handy?
<hallyn> if so any chance you could veify sru fix for 884407?  (it should be quick)
<hsmod> anyone know much about vnc?  if i run a kvm instance launched with vnc running on port "0.0.0.0:1"  , that port "1" - what is that?   That can't be tcp or udp is it?
<RoAkSoAx> Daviey: still around?
<Daviey> RoAkSoAx: no. :P
<Doppler_> help please dovecot postix Error: ssl_key_file: Can't use /etc/ssl/private/ssl-cert-snakeoil.key: Permission denied have googled made new certs and checked permissions any advice ??
<RoAkSoAx> Daviey: lol, so I'm still not sure whether we want a default *preseed* or default *profile* to do the enlist
<RoAkSoAx> Daviey: lol, so I'm still not sure whether we want a default *preseed* or default *profile* pointing to the enlist preseed ... to do the enlist
<Daviey> RoAkSoAx: right
<Daviey> RoAkSoAx: benefits of profile?
<RoAkSoAx> Daviey: having a separate profile that is defaul in the PXE Menu
<RoAkSoAx> Daviey: once the machine is enlisted, then it will just PXE boot from the pxefile generated for that particular system
<RoAkSoAx> Daviey: in comparison if we use a default preseed for *all* profiles, that means that we need to find a way to 1. use the enlist stuff. 2. once it has been used, then remove that from the preseed, or replace the preseed
<RoAkSoAx> Daviey: which seams a bit more complicated
<Daviey> RoAkSoAx: right, but do we want to encourage people doing 'default preseed' installs to systems which are not enlisted?
<Daviey> erm
<Daviey> RoAkSoAx: we do that already
<RoAkSoAx> Daviey: if we don't have  system, there won't be a default preseed because it will do the enlist stuff
<RoAkSoAx> Daviey: if we don't have  system, there won't be a default preseed install because it will do the enlist stuff
<Daviey> RoAkSoAx: we want all machines to enlist, right?
<RoAkSoAx> Daviey: yes,
<Daviey> one they enlist, with what i showed you, they will not re-enlist uless the 'system' is deleted in cobbler
<RoAkSoAx> Daviey: if the machine is already enlisted, then it could use *another* preseed to deploy
<Daviey> it /must/ use a different preseed
<Daviey> the default one will not be used on an already enlisted system
<RoAkSoAx> Daviey: right, how do you change that?
<Daviey> RoAkSoAx: do you have ipv6?
<RoAkSoAx> Daviey: no I don't
<Daviey> ok, nevermind
<Daviey> RoAkSoAx: steps:
<Daviey> 1 - default = enlist
<Daviey> .. a mac address preseed is auto generated
<Daviey> .. machine will boot from that rather than defaut
<Daviey> when we want to install, it puts a proper preseed and boot in there.
<Daviey> When we just want to localboot, the mac address preseed provides a localboot directive
<Daviey> the machine should only ever use the 'default' one once.
<Daviey> If i go to the ui and delete the system, the machine should boot into enlist again to re-enlist.
<RoAkSoAx> Daviey: right, but 1.default = enlist means => precise-i386 pointing to default.preseed, right?
<Daviey> Well... this blocks arm.
<RoAkSoAx> Daviey: now, when you add the system, it will point to profile precise-i386, which will point to default.preseed, see my point?
<Daviey> erm, no - not directly using precise-i386, using the same base system, but with an extra cobbler-enlist preseed values.
<mgw> anybody know if there's a way to invoke "kdb5_util create" non interactively?
<RoAkSoAx> Daviey: what's the "base system"
<Daviey> RoAkSoAx: so i am actually currently using an enlist profile with that as the default timeout :)
<RoAkSoAx> Daviey: in order for it to pxe boot, you need to add a "profile" that wil tell where the preseed is
<RoAkSoAx> Daviey: right, you are modifying the *default* file under pxelinux.cfg/
<RoAkSoAx> Daviey: but instead of manually modifying files, isn't it better to do it on top of cobbler
<RoAkSoAx> Daviey: cause this changes mean changes to *stock* cobbler
<Daviey> RoAkSoAx: well, i added a 'profile' in the webui
<Daviey> which created, http://pb.daviey.com/0RxC/
<Daviey> then manually changed, ONTIMEOUT enlist
<soren> zul: It got renamed.
<soren> zul: To... er....
<soren> zul: t-something.
<soren> zul: Tempest!
<RoAkSoAx> Daviey: right, which is basically what I was saying, add a *default* *profile* not a preseed :)
<Daviey> RoAkSoAx: Heh, works for me :)
<RoAkSoAx> Daviey: well that's what I was saying, we need a default *profile*, which means, if it cannot find the pxe file under pxelinux.cfg/01-<MAC>, then use pxelinux.cfg/default that will run the enlist *profile*
<Daviey> RoAkSoAx: That sounds clean enough, it's how i'm doing it locally.
<Daviey> RoAkSoAx: I don't know how best to auto create a new profile?
<RoAkSoAx> Daviey: thought, I'm also saying that we can avoid the wait of seconds until it TIMEOUT's and defaults to *enlist-profile* by creating a system called *default* that will replace pxelinux.cfg/default and could tell it to enlist
<Daviey> RoAkSoAx: Also, how can we care for arm with this aswell?
<Daviey> That is a hard problem. :(
<RoAkSoAx> Daviey: what's broken from the ARM stuff?
<RoAkSoAx> Daviey: i'll do the autoconfiguration stuff in orchestra
<RoAkSoAx> Daviey: ipxe?
<Daviey> RoAkSoAx: ipxe can't work on arm
<Daviey> RoAkSoAx: the problem is, currently we are talking about making enlist use precise-i386
<Daviey> this breaks arm enlistment
<Daviey> RoAkSoAx: uboot could be set to tftp fetch 'default-arm' ?
<SpamapS> Daviey: you were TIL for mysql-cluster-7.0 ... I'm going to import 7.1.17 and fix bug #660379 .. mmmkay?
<uvirtbot> Launchpad bug 660379 in mysql-cluster-7.0 "Make mysql-cluster depend on libmysqlclient16 from mysql-5.1 (rather than conflict)" [Wishlist,Confirmed] https://launchpad.net/bugs/660379
<RoAkSoAx> Daviey: Idk actually
<Daviey> SpamapS: i never object to people hijacking my TIL's :)
<SpamapS> Daviey: I promise I'll treat your TIL nicely
 * SpamapS shoves Daviey's TIL in the back of the van and speeds away
<Daviey> SpamapS: thanks :P
<RoAkSoAx> Daviey: well so I guess we can either make the administrator select enlistment for either i386/x86_64 or arm
<Daviey> RoAkSoAx: i think you can config what file gets pulled in uboot.. i'd need to experiment
<jetole> Hey guys. What do you think the role should be if you're highering someone to specialize in deploying high availability in web servers and maintain them
<Daviey> RoAkSoAx: At the moment, all arm reference hardware we have doesn't have native PXE booting.  This means that /some/ config via uboot can be expected.
<jetole> system administrator or systems engineer seems to generic or ambiguous
<RoAkSoAx> Daviey: cause either way, arm is not imported automatically
<Daviey> RoAkSoAx: right, we should probably address that aswell.
<Daviey> jetole: I'd say it depends how deep you are expecting the person to be involved.
<RoAkSoAx> Daviey: right, but the way how arm is handle is quite different from the way a normal ISO is handled
<Daviey> jetole: if it requires extensive knowledge, i'd say engineer.. if it's keeping it ticking over, it's an admin :)
<RoAkSoAx> jetole: I've seen similar jobs by "High Availability X,Y,Z"
<jetole> Daviey: I meant a more descriptive, less broad title then systems administrator or systems engineer
<Daviey> ah
<jetole> RoAkSoAx: High Availability Manager?
<RoAkSoAx> jetole: High Availability Engineer?
<jetole> ha deployment engineer?
<Daviey> RoAkSoAx: Perhaps we should get importing working, then work out how to enlist enable it?
<jetole> RoAkSoAx: ok
<RoAkSoAx> Daviey: importing is the least of the issues really
<jetole> I'm preparing to write the help wanted ad and want a title that will scare off the people I would waste time interviewing
<jetole> Linux Cluster Specialist?
<RoAkSoAx> jetole: that too
<jetole> ok. Thanks. I was hoping you guys all knew some real professional sounding title already
<jetole> lol
<RoAkSoAx> Daviey: i personally think we need to get this working first with i386/x86_64 and then hanlde arm
<Daviey> RoAkSoAx: ok
<RoAkSoAx> jetole: either linux cluster engineer or HA engineer
 * Daviey goes afk
#ubuntu-server 2011-12-02
<jetole> can someone think of a good name to give to someone who specializes in both high availability and disaster recovery?
<jmedina> master?
<ersi> "Jedi"
<jetole> I like Jedi but I am thinking for a help wanted ad
<jetole> presence availability architect?
<jetole> lol
<jmedina> just use his nick XD
<JanC> HA & DR sound like opposite goals  ;)
<JanC> well, opposite sources maybe  ;)
<JanC> jetole: maybe "wanted: Jedi" (to attract attention) is a good title (with the qualities of HA & disaster recovery listed in smaller print)
<JanC> although I think you might be looking for a white knight, and maybe two people who can do one of those well will be cheaper combined  ;)
<jetole> JanC: I already broke the one person the boss asked for into three
<jetole> lol
<jetole> but thanks for the idea
<mgw> anybody here know kerberos? #kerberos channel seems to be pretty inactive
<uvirtbot> New bug: #401107 in xorg-server (main) "Software runs as root" [Wishlist,Won't fix] https://launchpad.net/bugs/401107
<SpamapS> mgw: maybe its because kerberos is so awesome, it just configures itself. ;)
<mgw> SpamapS : definitely
<mgw> it's the most intuitive, user friendly system.. since ldap
<mgw> Which is why they work so nicely together
<mgw> Do you have much experience with it?
<mgw> in particular kerberos+ldap
<SpamapS> mgw: no I've never fully experienced the shimmering beauty of kerberos+ldap without the glorious addition of Microsoft's AD on top of it. ;)
<mgw> ah, i'm sure that makes it so much easier ;-)
<twb> #kerberos has a hard-on for AD anyway
<twb> They aren't interested in helping MS haters
<mgw> Is there a better alternative?
<twb> mgw: AFAIK kerberos is the only secure way to run a network filesystem, for example
<twb> mgw: but hey, if you trust your LAN, it doesn't matter so much
<mgw> we're using it for user auth
<mgw> supposedly ldap alone isn't so great
<twb> mgw: FWIW I use a homogeneous openldap network with ldaps and slapo-ppolicy(5), which is OK
<twb> I wouldn't run ldap-only in the conventional layout, where root on the client machines has read access to the password hashes
<twb> Not in a security-sensitive network, anyway.
<mgw> ok
<twb> Broadly speaking if you aren't using TGTs (i.e. kerberos), you can either have everyone send cleartext passwords (over TLS) all the way back to the LDAP server, OR you can have the individual authenticators get the hash from the LDAP server and then compare it to the password themselves
<twb> The latter approach means the password is never transmitted cleartext (over TLS) over the wire, but IMO it's better to trust TLS than to trust whatever lowest-common-denominator hashing algo you can get all the authenicators to sign off on, since that's probably MD5 or worse
<SpamapS> oi.. mysql cluster server and mysql 5.5 just don't want to play together
<mgw> twb: I'll stick with kerberos, but I need to figure out where this syntax error is coming from while initializing the realm
<twb> mgw: oh sorry, didn't realize you already had krb
<twb> mgw: what's the error?
<mgw> kdb5_ldap_util: Invalid syntax while creating realm 'FOO'
<mgw> kdb5_ldap_util create -s -D cn=admin,dc=foo -H ldap://127.0.0.1
<twb> Hum
<twb> -H ldapi:/// ?
<mgw> tried that too
<mgw> i'm successfully authenticating either way
<twb> That's probably not the actual problem tho, it's just better to use a socket if you've got it
<twb> k
<twb> Incidentally I use o=Company instead of dc=foo,dc=bar,dc=baz because the former is shorter :-)
<mgw> You will be prompted for the database Master Password.
<mgw> It is important that you NOT FORGET this password.
<mgw> Enter KDC database master key:
<mgw> Re-enter KDC database master key to verify:
<twb> mgw: if you have a multi-line transcript, pastebin it
<mgw> https://gist.github.com/ce3013240c5abb9d240b
<mgw> shall I paste my krb5.conf too?
<mgw> https://gist.github.com/9662de14724a0526bd77
<mgw> twb: ^
<twb> I can't see what's wrong there
<twb> Except maybe [domain_realm]is supposed to be [FOO] or something?
<twb> No I'm thinking of line 8, FOO=
<mgw> twb: i've got it working fine on another sandbox, and I can't see anything significant different
<twb> krb likes to be magic wrt DNS -> krb domain
<twb> Maybe the DNS settings are slightly different, or e.g. "hostname --fqdn" doesn't give the same thing -- something like that
<mgw> my fqdn is admin02.xxx.internal
<RoAkSoAx> .win 11
<twb> RoAkSoAx: bzzt, I'm not irssi
<RoAkSoAx> lol
<uvirtbot> New bug: #898927 in apache2 (main) "apache2-mpm-prefork+mod_perl crashes on start" [Undecided,New] https://launchpad.net/bugs/898927
<philipballew> Question: Where is a good guide on setting up my own vpn server?
<jeeves_moss> can someone reccomend me a good "howto" for setting up master/slave Bind9 servers?
<qman__> philipballew, the server guide
<philipballew> !vpn
<ubottu> For more information on vpn please refer to https://wiki.ubuntu.com/VPN
<qman__> https://help.ubuntu.com/10.04/serverguide/C/openvpn.html
<philipballew> qman__, thanks. This looks easy enough
<qman__> as long as you're vaguely familiar with generating certificates, it is
<qman__> there's a few choices to make like tap/tun, routed/bridged
<qman__> and some networks require pushing extra routes or whatever, but it's pretty simple
<philipballew> i have never set up a vpn before
<philipballew> But I have done RSA ssh keys before
<patdk-lap> you can use openvpn to make just about anything
<patdk-lap> the biggest advantage of it is, no mtu limits, vs other vpn methods
<patdk-lap> it can also be a disadvantage, but easy to compensate for if you want
<philipballew> patdk-lap, what does that mean?
<qman__> IMO the biggest advantage is ease of use
<qman__> runs on single port, clients with GUI for windows and linux
<patdk-lap> qman__, ya, and it's easier to use cause of the lack of mtu limit
<patdk-lap> hmm, I have never seen gui clients for it
<patdk-lap> I know they made that shell wrapper for it on windows
<qman__> has a module for network-manager-gnome, and there's the openVPN GUI for windows
<patdk-lap> those all just wrap the commandline thing though
<qman__> installed by default on ubuntu now, makes it real easy
<patdk-lap> windows is still a pain though, have to set, run as admin
<qman__> yeah, UAC puts a hitch in
<qman__> but there's also the option of enabling the service for an automatic connection in the background
<qman__> just with the GUI could communicate with it
<qman__> wish*
<philipballew> So I cant change the port it uses>
<philipballew> ?
<qman__> you can
<qman__> 1194 is just the default
<patdk-lap> lots of people use 443
<philipballew> alright. ill need to see if i can open that remotely
<patdk-lap> I have mine setup to try a udp port first, then fallback to 443 tcp
<qman__> it can run over tcp, but udp is the default, and bridge mode only works over udp
<patdk-lap> qman, not true
<patdk-lap> everything about openvpn works no matter what it's over
<patdk-lap> be it udp or tcp
<qman__> recent change? all the documentation I read said as such
<patdk-lap> the issue with tcp comes with tcp inside of tcp
<patdk-lap> well, it will work, defently won't be optimal
<patdk-lap> cause packets that are made to have loss, and stuff, will retry over tcp forever basically
<qman__> mine at home is set as a bridge over a tap device
<patdk-lap> I rarely use bridge mode, I don't see the point
<patdk-lap> why do I want broadcast/multicast traffi hogging the vpn
<qman__> I use it to connect wireless clients to the LAN, as my wireless APs are on a different network
<qman__> operating a public wifi here
<qman__> while not absolutely needed, it's convenient for games and printers and other weird and/or old software
<patdk-lap> well, if it's local, that is one thing
<patdk-lap> I was thinking normal vpn usage, at crappy hotel/hotspot
<qman__> I use it from the internet too, but that's where the majority of the use is
<philipballew> So after I make all the keys I'll need to move the privite one to my desktop huh?
<qman__> no
<patdk-lap> na
<patdk-lap> you need the private/public + ca
<qman__> you need to copy the CA certificate and the client key and certificate
<qman__> the server key stays on the server only
<patdk-lap> the private one is the only one that must be secured though
<patdk-lap> both for the server and clients
<philipballew> well I will do all this on my server and then ill have a key i need to use to connect to the vpn with correct?
<qman__> correct
<qman__> you will need four files for the client
<qman__> CA cert, client cert, client key, openvpn config
<qman__> the client key is confidential to the client and should be transmitted securely and kept private
<patdk-lap> and maybe a tls key
<patdk-lap> or what do they call it, for the dh
<philipballew> ill use sftp or ssh
<qman__> both certs are safe to post publicly, the config technically could be but you probably don't want to
<philipballew> https://help.ubuntu.com/10.04/serverguide/C/openvpn.html under client certificates is what I enter into my desktop then?
<qman__> yes
<qman__> my setup doesn't have a ta.key
<patdk-lap> ah, the tls-auth dh stuff
<qman__> I didn't have pkitool either
<patdk-lap> it's really only useful if someone dos/ddos you
<qman__> looks like it makes it easier to add clients
<patdk-lap> I'm using easypki I think, that is pretty painless
<philipballew> so
<philipballew> cd /etc/openvpn/easy-rsa/
<philipballew> source vars
<philipballew> ./pkitool hostname
<qman__> mine I just look up my history and grab the openssl commands
<patdk-lap> . ./vars
<philipballew> should be entered into my desktop and not the server?
<qman__> no
<qman__> all of that is done on the server
<philipballew> okay
<qman__> you simply copy the resulting files to the desktop
<philipballew> ah, alright
<qman__> my VPN server was set up with and still runs 8.04
<qman__> so it was a little different
<philipballew> qman__, Mines 10.04
<patdk-lap> I just upgraded my main firewall/vpn hub server 2 weeks ago from 8.04 xen domu to 10.04
<patdk-lap> just did an rsync, and it was running :)
<patdk-lap> freaking iptables on that machine has over 3k lines
<qman__> ha
<patdk-lap> it has 14 interfaces
<qman__> I've got a little script on mine to handle port forwarding, 4 interfaces
<patdk-lap> oh, this is no nat at all, or port forwardings
<patdk-lap> just access restrictions between interfaces
<qman__> heh
<philipballew> so with what im setting up i need to have Bridging enabled as well?
<qman__> I just have the house LAN, cordoned off wifi with internet-only access, and restricted LAN for the business point of sale machines
<qman__> put the script together because I used to be on DHCP, so I had to make it easier when the IP would change
<jamespage> morning all
<Randolph> hi all
<lynxman> jamespage: morning o/
<uvirtbot> New bug: #819251 in dbconfig-common (main) "package phpmyadmin 4:3.3.10-1 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 10" [Undecided,Confirmed] https://launchpad.net/bugs/819251
<koolhead11> hi all
 * uksysadmin feels sorry for koolhead11 as nobody is saying hi
<uksysadmin> hi koolhead11
<koolhead11> hey uksysadmin :D
<uksysadmin> when pxe booting precise from orchstra - I presume that glaringly big bug of having no feedback during install apart from tailing the logs on the orchestra server is a known one?
<koolhead11> uksysadmin: best answer will be check at launchpad and see if its there
<koolhead11> if not file one :P
<uksysadmin> I'm not entirely sure what bug I'm filing - whether its a bug in Orchestra, a bug in Precise installation, or whatever the pxe boot image I'm using
<uksysadmin> certainly can't find a bug related to it
<koolhead11> uksysadmin: so orchestra works without error when u using onekenthomas
<koolhead11> oops
<koolhead11> oneiric
<uksysadmin> yes - I can pxe boot stuff in Orchestra in Oneiric  and do some stuff
<uksysadmin> I've just done a fresh install of Precise, updated and install Orchestra
<uksysadmin> Booting a machine using it and during the package installation the screen is just black
<koolhead11> uksysadmin: i am not sure if precise is currently even in alpha or not
<uksysadmin> tailing the logs on orchestra I see it doing deboostrap stuff etc
<uksysadmin> its alpha-1
<uksysadmin> I'm aware of it being buggy - but do Ubuntu devs want to know about this stuff?
<uksysadmin> its the difference between known issues and unknown ones
<koolhead11> uksysadmin: file a bug then. what are you waiting for?
<koolhead11> linking it to precious alpha :D
<uksysadmin> lol ok ok ;-)
<uksysadmin> There - someone will reply "You're expecting an alpha-1 release of some software booting more pre-alpha code and you expect what?" ;-)
 * koolhead11 kicks uksysadmin 
 * koolhead11 wonders if eveyone is having beer early weekend today
<uksysadmin> in 30 mins, yes...
<uksysadmin> It's Friday - thought it was the law to go the pub at lunch?
<koolhead11> well i have 3 more hours at work
<uksysadmin> pub 30 mins, 1 hour lunch, 3 hours left, then I'm off for a week :)
<jamespage> Daviey: can I get a second opinion on SRU'worthness of bug 659439
<uvirtbot> Launchpad bug 659439 in rsyslog "Installing rsyslog-mysql on 10.04 installs mysql-server by default" [Medium,Confirmed] https://launchpad.net/bugs/659439
<Daviey> jamespage: right, so some people will be using it together.
<Daviey> If they didn't install mysql-server, they'd have a working setup now..
<Daviey> If it gets dropped from a Recommends to Suggests, for example, it would be freed up for removal as an update
<jamespage> Daviey: well they would have that problem on release upgrade anyway
<Daviey> jamespage: Hmm, i'd say the fact that people can work around it by doing, apt-get --no-install-recommends install rsyslog-mysql , says to me that it isn't High Impact enough.
<jamespage> Daviey: I tend to agree
<Daviey> (i'd say also, not obviously safe.)
<Daviey> I mean, you might expect something to go wrong between distro upgrades, but not sru updates.
<jamespage> yeah - agreed; I'll mark that as won't fix and comment appropriately
<Daviey> jamespage: I'm not blocking it, you understand.. Just the verification process work involved, and potential excitement of breaking systems concerns me.
<jamespage> Daviey: gotcha
<`-`> #ubuntu ops are nazi fags. please remember to use your brain not that other bit of the anatomy the #ubuntu team appears to think is best.
<jamiemill> I need some aws help but ##aws is a bit sleepy. I'm going mad trying to work out why an ELB healthcheck is failing. When I curl the page via {public DNS}:80{healthcheck URL} I get a perfectly fine response. Why could it be?
<onre> is it TCP or HTTP healthcheck?
<onre> and if it's HTTP, what status code do you get for your response?
<jamiemill> onre It's HTTP. I get 200 when I use curl
<onre> if you just want to make it work right now, change it to TCP :p
<jamiemill> ok will try
<jamiemill> onre yeah, now it says in service!
<onre> yes :) TCP check only tries to connect to that port without any request, so if that works, it marks the instance as healthy :)
<zul> jdstrand:  can you review the openstack in binary new today im getting some flack because of it
<onre> i recommend, though, that you take a look at your http server logs to see whether these check requests get logged and possibly filter them away somehow
<onre> so that you avoid having the healthcheck flooding your logs :p
<jamiemill> onre Actually - i just checked the logs and I see "[02/Dec/2011:12:50:40 +0000] "GET / HTTP/1.1" 301 538 "-" "ELB-HealthChecker/1.0""
<jamiemill> so there's a 301 going on
<onre> allright!
<onre> that explains
<onre> http statuscheck will fail if the response code is not 200
<onre> you might consider putting an empty test file in place and requesting that with the check
<onre> or something similar
<onre> possibly a piece of code that checks for db connectivity etc
<onre> so that you get a good idea of whether your frontend instance actually is really in service, or if it only responds to port 80 :p
<jamiemill> onre It's a shame I can't actually see the headers from the last healthcheck. then i'd know where it's redirecting to!
<onre> well if you request / using curl and some verbose flag or something, you should see them?
<jamiemill> onre Yeah but using curl, I was getting 200, not 301.
<onre> yes but curl probably didn't show you the redirect phase
<jamiemill> onre This is a wordpress site so maybe it's PHP redirecting, not apache. I'm trying a plain HTML file in the docroot now as the target
<jamiemill> ah
<onre> but instead only gave you the "end result" of the redirect
<jamiemill> onre No actually I think I am seeing the truth, I was using curl -I to just get the headers
<jamiemill> OK looks like using a plain html file is working. before I was requesting a wordpress page, so god knows what was going on. so many plugins etc
<onre> oh yeah :)
<jamiemill> onre Thanks a million. Looking in the logs was the clue i needed :-)
<onre> no prob :p
<onre> success by accident
<afeijo> how to delete files older than 30 days? I try find -atime +30 | ls -laht, but it returns all files
<afeijo> I mean -ctime param
<patdk-wk> why ctime?
<patdk-wk> ctime = creation time
<afeijo> yes, I want to delete old files ...
<patdk-wk> atime = access time
<patdk-wk> mtime = modification time
<afeijo> those files are logs
<patdk-wk> normally a file isn't OLD if it was created awhile ago, but updated today
<afeijo> no access nor moditifation
<patdk-wk> all files have all 3 times
<patdk-wk> dunno, I always use mtime :)
<patdk-wk> oh ya, doesn't time = minutes? not days
<afeijo> ok, I try with mtime +30, it still returns today files?
<patdk-wk> na, time = days, mmin = minutes :)
<patdk-wk> works for me
<patdk-wk> find . -mtime +1 -delete
<memoryleak> Hi. I have following errors when using apt-get: http://pastie.org/2954797
<afeijo> patdk-wk, thanks, it worked
<memoryleak> I tried many tips from the internet, dpkg-reconfigure locale, export LC_* in .bashrc none of it helped permanently
<patdk-wk> afeijo, I bet your logs contain several days of stuff, and that is why ctime isn't working, cause the log was made several days ago
<patdk-wk> default is 1week per log file
<afeijo> find | ls -lah output weird results tho
<patdk-wk> why wouldn't it be?
<afeijo> no idea
<andol> patdk-wk: Well, isn't ctime really short for change time, and not create time?
<patdk-wk> try, find . -mtime +5 -ls
<patdk-wk> no, ctime = creation, mtime = modification/change
<patdk-wk> don't you know how to use man find?
<afeijo> :$ I will
<andol> patdk-wk: Well, in my book ctime counts when the underlaying inode was most recently changed, which of course in my cases happended during the file's creation.
<patdk-wk> heh? what manual did you read that defined it like that? it's always been creation time, according to stat
<patdk-wk> hmm, maybe by change they mean inode change
<patdk-wk> noticing it says change also, my history it was always creation
<andol> patdk-wk: Trying doing something like chmod on a file, and see what it does to your ctime.
<patdk-wk> that would update the inode
<andol> patdk-wk: Exactly
<patdk-wk> and I'm guessing that is what it means, time since last inode change
<patdk-wk> but then, my history of this comes from the 80's
<andol> During the 80's I hadn't even heard about ctime, or mtime either for that matter :)
<patdk-wk> used to it being called creation, but ya, that is since inode changed
<zul> good morning
<mgw> zul: good morning
<uvirtbot> New bug: #899173 in sysstat (main) "iostat/kernel  output for dm devices broken" [Undecided,New] https://launchpad.net/bugs/899173
 * koolhead11 needs some cyber-cake 
 * koolhead11 heard people are having party tonight
<hallyn> zul: bug 372001, do you have any objection to my pushing a patch to have libvirt upgrades not install /etc/libvirt/qemu/networks/autostart/default.xml ?
<uvirtbot> Launchpad bug 372001 in libvirt "default network autostart symlink recreated" [Low,Triaged] https://launchpad.net/bugs/372001
<mgw> anybody know of utility scripts to both add a principle vi kadmin and add the user to ldap?
<mgw> as well as delete
<zul> hallyn: im good with it
<hallyn> thx - did you have any other changes to queue up?
<SpamapS> oh mysql.. why must you hard code /etc/mysql in your code base?
 * SpamapS shakes mysql-cluster-7.0 like a polaroid picture
<zul> SpamapS: welcome to hell population you
<zul> hallyn: nope
<SpamapS> zul: your support is appreciated Mr. Demon ;)
<zul> heh i liked it when homer goes to hell and his punishment was to eat all the donoughts in the world
<lynxman> SpamapS: hardcoding paths, the way of the future... not
<SpamapS> lynxman: hardcoding paths is webscale
<lynxman> SpamapS: it's totally webscale, it has scaling juice written all over it
<zul> SpamapS: i think the libmyslclient is bit different in mysql-cluser as well fyi
<SpamapS> zul: its not
<SpamapS> zul: all special sauce is confined to libndbclient
<zul> SpamapS: cool
<SpamapS> zul: I'm slicing mysql-cluster-7.0 down to just the server
<zul> i would just rather drop mysql-cluser all together myself but thats another matter
<zul> SpamapS: gotcha
<SpamapS> zul: but unfortunately, it doesn't understand 5.5's my.cnf .. so have to *not* read /etc/mysql/my.cnf
<SpamapS> easy enough, I'm patching that to be /etc/mysql-cluster
<zul> SpamapS: hah hah...
<fly_80> hi to all
<fly_80> i installed imagemagick on a new ubuntu server... when trying to use convert, i got an error
<fly_80> convert: no decode delegate for this image format `/tmp/magick-daFyRHfn' @ error/constitute.c/ReadImage/566.
<fly_80> what does it mean? i missed some lib?
<SpamapS> interesting... mysql cluster 7.2 will be mysql 5.5 based..
<SpamapS> I wonder if it will be GA by April.. might be worth moving to it
<SpamapS> really screws everything up that libmysqlclient and mysqld have to share the same stupid config file
<ikonia> SpamapS: are you sure on that
<hallyn> jdstrand:  have you had any time to look at the (tiny) patch on bug 869553 ?
<uvirtbot> Launchpad bug 869553 in libvirt "Apparmor prevents KVM tunnelled migration" [High,Confirmed] https://launchpad.net/bugs/869553
<hallyn> I'd like to push it along with the fix for bug 372001
<uvirtbot> Launchpad bug 372001 in libvirt "default network autostart symlink recreated" [Low,Triaged] https://launchpad.net/bugs/372001
<SpamapS> ikonia: sure on what? that libmysqlclient and mysqld have the same config file? yes I'm certain they both read /etc/mysql/my.cnf
<SpamapS> ikonia: that they read different sections is only a consolation prize
<ikonia> SpamapS: I thought you could seperate out client/server options in my.cnf though
<hallyn> eh, nm, i'll push the one for now
<SpamapS> ikonia: yes you can, but that doesn't matter because the [mysqld] for mysql-server 5.5 break mysql-cluster-server-5.1, and both have to use /etc/mysql/my.cnf
<ikonia> in what way does it break it ?
 * Daviey spies Horizon in NEW queue
<Daviey> (nice one zul)
<zul> Daviey: hopefully it will get out of there today
 * zul reminds himself to help jdstrand drunk in budapest
<Daviey> heh
<Daviey> zul: I haven't looked, but are you handling the rename from dashboard?
<zul> i will when it gets through
<Daviey> rocking
<hallyn> Daviey: pushing netcf today?
<Daviey> hallyn: on it
<hallyn> \o/
<Daviey> hallyn: done, wedged in NEW queue
<Daviey> (just wait now)
<smoser> zul, were you going to send something to boto on connect_nova ?
<smoser> or connect_ec2_endpoint
<tgardner> jamespage, how do I twiddle cobbler so that I can get a Precise ISO as one of the PXE install choices? is it by editing the profiles from the cobbler_web/profile/list menu ?
<jamespage> tgardner: its a bit more involved than that
 * jamespage digs for docs...
<smoser> tgardner, try cobbler-ubuntu-import
<smoser> see its usage
<tgardner> smoser, cool, thanks.
<tgardner> jamespage, ^^ I can likely figure it out from here.
<jamespage> smoser,tgardner:: might need a tweak to work on oneiric for precise; I had to hack the cobbler import process on aldebaran todo that (not elegnant but works)
<smoser> oh? jamespage ?
<jamespage> smoser: yeah - I found that yesterday
 * jamespage looks at his notes
<jamespage> smoser: --os-version=precise is not recognised as a supported release in cobbler on oneiric.
<jamespage> for cobbler import xxxx that is
<RoAkSoAx> jamespage: SRU :)
<jamespage> RoAkSoAx, agreed
<smoser> who had/has the hard coced list ?
<smoser> coded even.
<jamespage> hrm - cobbler does - codes.py and manage_import_debian_ubuntu.py have lists of recognised releases for ubuntu
<smoser> and when we fix, please fix with: ubuntu-distro-info --supported
<smoser> as that (i think) will get SRU'd
<jamespage> lemme report the bug at least
<tgardner> jamespage, please lemme know what the bug number is so that I can follow it.
<RoAkSoAx> jamespage: gonna prepare the SRU then
<jamespage> RoAkSoAx: I'll stick it on my list :-)
<jamespage> smoser: the orchestra script that imports the mini iso does that
<smoser> jamespage, does what ?
<jamespage> uses ubuntu-distro-info --supported
<smoser> oh. uses that tool.
<smoser> right.
<smoser> so we need to make coces.py and/or manage_import_debian_ubuntu.py do it aslo
<RoAkSoAx> jjajaq!
<RoAkSoAx> baaah
<koolhead17> hi all
<jamespage> smoser: well maybe
<RoAkSoAx> smoser: I don't agree with you because other distros do no have ubuntu-distro-info --supported
<jamespage> what is someone wants to deploy an unsupported distro version?
<smoser> well, that would be a ubuntu patch then :)
<RoAkSoAx> smoser: but we could make use of it, and if doesn't exists, fallback to the real list
<smoser> but either way, can "if available use it, otherwise hard coded list"
<smoser> the list of ubuntu releases is stupidly hard coded *way* too many places. we need to not have that.
<RoAkSoAx> smoser: yeah
<hallyn> zul: another tiny q (you are my libvirt sanity check :)  - do you see any reason not to add a Suggests: cgroup-lite | cgroup-bin to libvirt-bin?
<RoAkSoAx> smoser: well that's precise, for oneiric I'll just hardcode the release
<jamespage> tgardner, RoAkSoAx, smoser: bug 899276
<uvirtbot> Launchpad bug 899276 in cobbler "Release versions of cobbler don't automatically support the next development release" [Undecided,New] https://launchpad.net/bugs/899276
<RoAkSoAx> jamespage: what/'s the bug number?
<tgardner> jamespage, thanks
<smoser> ugh. roaksoax, if you hard code the release for oneiric, then you'll have to touch it again in 6 months.
<jamespage> smoser: ubuntu-distro-info --all would be better
<smoser> right.
<smoser> its argubable if you should complain about "not supported, sorry" or not
<smoser> but i dont really care either way
<RoAkSoAx> I think it should only be the supported ones
<zul> hallyn: no reason
<RoAkSoAx> jamespage: fix uploaded
<smoser> RoAkSoAx, the reason you would want more than just --supported, is in this case the person has provided you with a CD
<smoser> so, its fairly clear they're interested in using the release they tell you they want to use.
<smoser> its not like they were just asking cobbler "which release do you think i should install?"
<RoAkSoAx> smoser: right, but for unsupported releases, the archives wont work (they would have to change to old-releases.etc.etc)
<jdstrand> hallyn: sorry for the delay, I will take a look at it now. got tied up with a bunch of other stuff
<RoAkSoAx> smoser: so that means they would have to do lots of tweaking
<smoser> still not cobbler's decision to make, really.
<RoAkSoAx> smoser: but either way, we should only support those supported releases
<smoser> RoAkSoAx, if you provide cobbler with a full ISO of an old release, an insall should actually work
<smoser> right?
<smoser> it should install and boot just fine. thats really all cobbler is going to do anyway.
<RoAkSoAx> smoser: yeah but you need to modify the preseed to use the imported ISO as mirror
<smoser> assuming you're using a preseed.
<smoser> :)
<smoser> basically i dont' see any good reason to be annoying at "cobbler-import" time.
<RoAkSoAx> smoser: yeah I agree
<RoAkSoAx> smoser: but my point being is that makes no sense for someone to import a CD into cobbler of a non-supported release
<smoser> that is their choice.
<RoAkSoAx> cause in order to be able to install they will either need to point to old-releases or the local mirror of the imported CD in cobbler
<smoser> maybe they're trying to reproduce a bug on karmic
<RoAkSoAx> and that means modify the defaults from the preseed
<smoser> there are lots of reasons to do such things.
<smoser> there is no reason at cobbler-import time to make someone's life harder than it is.
<smoser> they're probably aware (or will find out soon) that this release is not supported.
<RoAkSoAx> smoser: right, but cobbler-import iwll not download and import an un-supported release, will it?
<RoAkSoAx> smoser: I think it shouldn't
<smoser> cobbler-import probably would not. as the urls would probably break.
<RoAkSoAx> smoser: exactly
<smoser> wait... cobbler-import is fed an ISO.
<smoser> cobbler-ubuntu-import downloads cds.
<smoser> cobbler-ubuntu-import will fail if they're using that.
<RoAkSoAx> smoser: yesmodownloads all the supported ones
<smoser> but if they get past that, and download a cd of an unsupported distro, theres erally no point to tell them "YOU CANT DO THAT"
<smoser> so cobbler-import (as opposed to cobbler-ubuntu-import) should not complain about unsupported release.
<smoser> so the "known releases" values in cobbler itself should not be limited to the current definition of supported.
<RoAkSoAx> smoser: smos/me/me rebooting the router.. this is just way to slow
<jdstrand> hallyn: commented
<RoAkSoAx> smoser: right, cobbler-ubuntu-import should only import supported
<RoAkSoAx> smoser: and if anyone wants to imported something not supported to cobbler is up to them
<hallyn> jdstrand: thanks
<jdstrand> I closed out the sdl one too
<hallyn> great
<hallyn> and away it goes
<adam_g> zul: any idea why, when doing a 'bzr bd -S' on the nova package tree, dh_auto_clean fails because i dont have python-eventlet installed?
<zul> adam_g: thats new to me
<adam_g> hmm
<jdstrand> zul: quantum accepted with this bug #899352
<uvirtbot> Launchpad bug 899352 in quantum "packaging issues" [Undecided,New] https://launchpad.net/bugs/899352
<zul> jdstrand: cool thanks
<zul> next.. :)
<jdstrand> yes
<stgraber> hallyn: ping, where's the meeting?
<hallyn> stgraber: doh!  right here I guess :)  (i'd forgotten, thanks for the ping)
<hallyn> jjohansen: around?
<jjohansen> hallyn: yep
<jjohansen> hallyn: aren't you off today?
<hallyn> i don't think so.
<hallyn> ACTION checks
<jjohansen> hallyn: oh, okay Daviey was asking that question last night
<hallyn> there was a snafu with my holiday scheduling (caused by me)
<jjohansen> ah
<hallyn> yeah it was removed from admin but not the calendar apparently.  oops.
<hallyn> (not that i'd mind)
<hallyn> ok, so frankly i'm not quite sure where to start.
<hallyn> jjohansen: do you have any updates on the apparmor work this cycle?
<hallyn> (as pertains to lxc)
<jjohansen> hallyn: sure
<jjohansen> so we split the work out into what is essential, and high priority etc
<jjohansen> the essential bits are the fake stacking and the base permission rework, and I think mount rules
 * jjohansen needs to find the blue prints
<jjohansen> anyway I have been working on the fake stack, I wanted it to be done this week, but I am still fixing bugs
<jjohansen> so hopefully next week you will be able to try it with lxc, and give me feedback
<hallyn> (just for historical reference: http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html was last time i considered this)
<hallyn> cool
<hallyn> so that addresses a container being able to load a policy of its own, but not being subject to host policy any more, right?
<jjohansen> this won't have the extra mediation bits, but will allow the child to have its own profile namespace separate from the confining task
<hallyn> right
<jjohansen> right
<hallyn> so, what about the "mount --move /proc /proc2; echo b > /proc2/sysrq-trigger" concern?
<jjohansen> then I need to finish up the extend permission base work, so we can add the extra mediation you need
<hallyn> is that for 12.04 then?
<jjohansen> hallyn: at what level are you concerned, from within the container, right?
<hallyn> unless i'm misunderstanding i thought you were punting on that for 12.04 :)
<hallyn> yes
<stgraber> jjohansen: so about "own profile namespace", what do we need to do from an upstream lxc point of view? I guess we need to change our container init code to do some magic?
<jjohansen> hallyn: at a minimum we will have mount rules to control where the mount can go
<hallyn> ah, cool
<hallyn> I need to track all this on wiki
<jjohansen> hallyn: I would love to be able to make path rules conditional on the fs but I don't think that can make 12.04, the kernel should actually be able to do that when I am done
<jjohansen> it will be the policy compilation bits that I am worried about completing
<jjohansen> stgraber: yes
<jjohansen> stgraber: basically you create the namespace you want, and tell apparmor to stack it
<jjohansen> stgraber: I have added to simple utility programs to wrap that, or you can look at what they do and make the calls yourself
<jjohansen> stgraber: though at least for aa-namespace I would rather you use that, as I am trying to abstract out the use of the old interface, and you will pick up the new interface once it gets added
 * jdstrand reads backscroll
<jjohansen> stgraber: under the old interface you don't have control of autoremoval, or #of profiles, amount of memory it can use etc.  Under the new interface you will, very similar to setting up a C group
<jjohansen> s/C group/cgroup/
<stgraber> hallyn: so that'd need to be added to lxc-init I'd guess and potentially add a new config option (to turn on/off) + add a build option?
<hallyn> btw, so as far as Daviey's concern (a document on lxc security), i will create a wiki page, outline issues at top level, and mitigations at second level
<hallyn> stgraber: not lxc-init...  lxc-start ?
<hallyn> lxc-init is the fake-init for application containers (lxc-execute)
<stgraber> hallyn: argh, right, lxc-start :)
<hallyn> stgraber: we shoul dmake sure to doc this in a blueprint...
<hallyn> jjohansen: thx for that update
<hallyn> stgraber: jjohansen: so actually i think i'll go ahead and go create the wiki, email you for comment, and we can talk thereafter?
<hallyn> (I'm not sure I have any more questions until I think it through in a structured way)
<jjohansen> hallyn: sounds good
<stgraber> hallyn: sounds good. I'll attach my current apparmor profile to it too, ideally we should try to have something a bit more complete for 12.04
<jjohansen> hallyn: I did want to run past you how we are looking at structuring policy for this
<hallyn> jjohansen: ah, ok (listening :)
<jdstrand> hallyn, stgraber: fyi, we are tracking these bits in https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers and https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-permissions-rework, which is part of the http://status.ubuntu.com/ubuntu-precise/group/topic-precise-arm-server.html topic
<jjohansen> hallyn, stgraber: it is going to require doing somethings a little different, but it comes out of talking to viro
<jjohansen> basically the idea is that you split the profile into two functional bits, the setup phase and the mediation of the container.  Paths in the setup profile are relative to the original root, and paths in the mediation profile are based on the container namespace
<jjohansen> for disconnected files, the mediation is based off of the implicit labeling
<jjohansen> or maybe delegation, but I can't see the delegation bits being ready for 12.04
<hallyn> implicit labeling?
<jjohansen> hallyn: when a task opens an fd it labels it with its current label
<hallyn> oh, ok.
<hallyn> and that bit is new right?
<hallyn> oh, no.  nm.  i was working around userspace.
<jjohansen> yes and no, we have always done that but we have been planning on extending it, and will do the bits we need for containers
<hallyn> ok, so we'll have mount controls to lock cgroups and proc/sys into place;  maybe cgroup virtual roots (doubtful);  and maybe seccomp2 to lock out some syscalls.
<hallyn> this isn't looking too bad
<hallyn> jjohansen: thanks, anything else?
<jdstrand> s
<jjohansen> hallyn: I think that is it for now
<hallyn> jjohansen: great, thanks.  i'll work on that wiki over the next few days and email you and stgraber
<stgraber> jjohansen: thanks
<adam_g> zul: i tagged you as a reviewer for a quick merge into lp:ubuntu/nova
<zul> adam_g: yay! thanks
<dkn> why can i ssh into my server from one VM using - u username ssh hostname but i can't do it from another? both have their rsa public keys in the username authorized_keys folder but one asks me for a password when i log in?
<jdstrand> zul: openstack-common accepted
<zul> hurray for small miracles
<jdstrand> heh
<hallyn> smoser: do you know/recall why windows on euca needs a separate boot disk?  (as reported by various blogs)
<smoser> umm... windows is silly ? and euca wasn't designed for that ?
<smoser> but seriously, it probably has to do with how an ami (amazon machine image, the format of disk that you uplod to amazon) are used.
<hallyn> is it still necessary on openstack? is what i think the q is :)
<smoser> for instance-store images, you upload a partition image
<smoser> then, the cloud provider (euca or ec2) take that and some magic to turn it into a disk image (with a partition ttable)
<smoser> they never try to boot it by booting the MBR
<smoser> so you just can't let windows boot itself
<hallyn> smoser: ok, thanks
<smoser> on openstack, though, if you boot an instance without a kernel and ramdisk (ari/aki), then openstack just tries to let the disk boot itself
<smoser> so we publish "full disk images" that have grub installed in them and those are the best way to boot on penstack.
<smoser> similar full disk images of windows shoudl/could work there
<smoser> and euca could use a similar trick... i dont know.
<achiang> smoser: yeah, the euca thing is a red herring. my real goal is to boot windows on openstack somehow
<Daviey> achiang: Have you created a windows ami?
<zul> achiang: it should be the same as the way you do it on eucalyptus, although you will run into issues since it assumes you are running linux (injecting keys etc)
<achiang> Daviey: no, that's what i'm trying to figure out how to do
<Daviey> achiang: it's not something any of the ubuntu folk have tested fwiw.
<smoser> achiang, have you tried it ?
<smoser> it really should "just work" as much as windows can just work
<smoser> do an install in kvm.
<achiang> smoser: i'm muddling along trying to follow instructions here: http://cssoss.wordpress.com/2010/05/05/uec-windows-instance-on-lucid-lynx-hack/
<smoser> take the disk and upload it to openstack
<achiang> smoser: but i guess i didn't realize that euca and openstack aren't the same thing
<achiang> yeah, i've done the kvm installation part
<achiang> the "upload it to openstack" part is what i'm getting hung up on
<smoser> why?
<achiang> well...
<Daviey> I wonder if the qemu backing store breaks windows?
<smoser> windows knows nothing about it
<smoser> its a block device
<achiang> am i supposed to use euca-bundle-vol somehow?
<smoser> achiang, cloud-publish-image x86_64 my-windows-i-love-bill.img my-redmond-bucket
<smoser> you can probably use glance commands to do the same thing. i'm not familiar with them off the top of my head. they are more direct, but i know this path well.
<zul> smoser: it would be a good weekend project though :)
<achiang> smoser: ok, and where does my-redmond-bucket come from? do i need to make it somehow?
<smoser> no.
<smoser> its a name. a s3 bucket that it willg et put into
<achiang> here's a dumb question. can an openstack instance mount/boot/access a local cdrom/iso?
<smoser> theres a thread on the mailing list
<smoser> on that
<smoser> i didnt follow it
<smoser> achiang, serioulsly, just try it.
<zul> achiang: yes it can assuming you are running Xenserver
<smoser> i'm interested in knowing what happens.
<achiang> smoser: yeah, i'm just trying to frontload questions here because i have a 7GB qemu disk image and a horribly slow uplink. :-/
<smoser> achiang, run an instance and move the image there.
<smoser> https://gist.github.com/1231973
<smoser> start an instance with that, i do it with lucid
<smoser> and then get your creds to the instance
<smoser> and move the 7G disk there.
<smoser> then you have fast network.
<achiang> smoser: ok, thanks for all the help. i appreciate it
<achiang> (and thanks others, too)
<jdstrand> zul: swauth accepted with these bugs filed: bug #899411, bug #899410
<uvirtbot> Launchpad bug 899411 in swauth "get-orig-source non-functional" [Undecided,New] https://launchpad.net/bugs/899411
<smoser> does that gist make sense to you?
<uvirtbot> Launchpad bug 899410 in swauth "binaries not lintian clean" [Undecided,New] https://launchpad.net/bugs/899410
<zul> jdstrand: thanks..
<zul> jdstrand: i think ill be fueling your alcohol consumption next month
<jdstrand> I will take you up on that
<achiang> smoser: no, the gist doesn't really make sense yet, but i'm assuming after more homework on my part it will become apparent
<smoser> achiang, launch an instance of lucid with that gist as userdata
<smoser> (--user-data-file=that-file)
<smoser> then copy your credentials there to a subdirectory named 'creds' of your hope directory
<smoser> (ubuntu's home directory)
<chz|bacon> hey guys i'm having a heck of a time getting grub2 to install on a software raid setup
<chz|bacon> could one of you maybe point me in the right direction. i've been reading howtos, and i still can't seem to get grub2 to install.
<chz|bacon> i have swap / and /boot partitions setup yet trying to install on /dev/sda1 (/boot) i get the same error
<chz|bacon> i also have the same error if i attempt to install on /dev/md0
<chz|bacon> anyone?
<hallyn> Daviey: so you think we need to wait a bit to MIR netcf?
<Daviey> hallyn: I heard the Debian Maintainer was a big unreliable, what do you think?
<Daviey> s/big/bit
<hallyn> i wouldn't trust him further than i can throw him
<Daviey> heh
<Daviey> hallyn: What needs to depend/recommend on it?
<Daviey> I've not look at netcf, so bit of a n00b
<uvirtbot> New bug: #899416 in squid (universe) "package squid 2.7.STABLE7-1ubuntu12.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/899416
<hallyn> Daviey: libvirt
<Daviey> hallyn: what do upstream libvirt think about netcf?
<hallyn> they wrote it :)
<Daviey> well.. seems to be a no-brainer then :P
<hallyn> ok - i'll file it on monday and see what they say :)
<hallyn> gnight
<Daviey> nn hallyn
<jdstrand> zul: horizon finally accepted with bug #899427
<uvirtbot> Launchpad bug 899427 in horizon "not lintian clean" [Undecided,New] https://launchpad.net/bugs/899427
<Daviey> thanks jdstrand
<barcef> What else do I need to do? Installed squid on my machine in the US, setup my src ip range and disabled X-forward-for , but hulu still says that I'm out side of the US.
<barcef> Any ideas?
#ubuntu-server 2011-12-03
<Gaming4JC> Hey guys, I recently upgraded from 11.04 to 11.10 and MYSQL broke.  ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<Gaming4JC> I read around on the forums, adjusted app-armour and did a complete purge and remove and reinstall
<Gaming4JC> no luck
<Gaming4JC> :(
<SpamapS> Gaming4JC: is mysqld running?
<Gaming4JC> ps -ef |grep mysql mysql     4004     1  2 04:52 ?        00:00:00 /usr/sbin/mysqld username   4022  1926  0 04:52 pts/0    00:00:00 grep --color=auto mysql
<Gaming4JC> SpamapS: believe so
<Gaming4JC> SpamapS: yep all seems running, and I can restart the daemon. I kind of need this to work ASAP since it hosts a game server and broke yesterday evening :P
<Gaming4JC> when I try to run mysqladmin...
<Gaming4JC> mysqladmin: connect to server at 'localhost' failed error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)'
<SpamapS> Gaming4JC: anything in /var/log/mysql/* ?
<SpamapS> Gaming4JC: also is it possible /var/run is not a proper symlink to /run on your system?
<SpamapS> lrwxrwxrwx 1 root root 4 2011-11-25 06:58 /var/run -> /run
<SpamapS> Gaming4JC: thats what it should look like if you run 'ls -ld /var/run'
<Gaming4JC> ran the command lrwxrwxrwx 1 root root 4 Dec  3 04:45 /var/run -> /run
<Gaming4JC> also there is an error.log file but it is empty
<Gaming4JC> in the /var/log/
<SpamapS> Gaming4JC: but no socket file at /var/run/mysql ?
<Gaming4JC> SpamapS:  ls: cannot access /var/run/mysql: No such file or directory
<Gaming4JC> I assume not
<Gaming4JC> :O
<SpamapS> Gaming4JC: interesting!
<Gaming4JC> indeed...
<Gaming4JC> reinstall for the 50th time?
<SpamapS> Gaming4JC: no
<SpamapS> Gaming4JC: that directory is created in the upstart script
<SpamapS> Gaming4JC:     [ -d /var/run/mysqld ] || install -m 755 -o mysql -g root -d /var/run/mysqld
<SpamapS> Gaming4JC: that should be line 22 of /etc/init/mysql.conf
<Gaming4JC> SpamapS: looks right - http://paste.ubuntu.com/757707/
<SpamapS> Gaming4JC: ok, so its kind of weird that the directory would disappear!
<SpamapS> Gaming4JC: try 'service mysql stop ; service mysql start'
<SpamapS> Gaming4JC: if that fixes it, maybe file a bug about this...
<SpamapS> Gaming4JC: I'd investigate further but I have to go
<Gaming4JC> SpamapS: stop: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused :O
<SpamapS> Gaming4JC: sudo
<Gaming4JC> been nothing but trouble updating from natty
 * utlemming is away: Gone away for now
<SpamapS> whoa wait
<SpamapS> Gaming4JC: is this by any chance in a vmware VM?
<SpamapS> Gaming4JC: there's a bug in the vmware tools that eats your init scripts on upgrade to 11.10
<Gaming4JC> it's an OpenVZ hosted VPS
<Gaming4JC> ok sudo worked
<SpamapS> Gaming4JC: dbus not running tho.. thats troubling
<Gaming4JC> SpamapS: sudo fixed dbus :)
<SpamapS> Gaming4JC: no it didn't.. sudo allowed you to use the private socket that root uses to talk to upstart. ;)
<Gaming4JC> SpamapS: mysql stop/waiting
<Gaming4JC> eek
<SpamapS> Gaming4JC: sudo service mysql start should get it running
<Gaming4JC> :P
<SpamapS> Gaming4JC: if that doesn't work.. I'd try running sudo /usr/sbin/mysqld directly.. which should print errors if there are problems
<SpamapS> Gaming4JC: also make sure you have  'socket = /var/run/mysqld/mysqld.sock' in /etc/mysql/my.cnf
<SpamapS> anyway, REALLY have to go
<SpamapS> Gaming4JC: GOOD LUCK!!
<Gaming4JC> SpamapS: system seems halted while running service mysql :O
<Gaming4JC> ok
<Gaming4JC> thanks!
<Gaming4JC> SpamapS: ciao :)
<barcef> What else do I need to do? Installed squid on my machine in the US, setup my src ip range and disabled X-forward-for , but hulu still says that I'm out side of the US. Any ideas?
<wmp> hello, how to kill python /root/bin/script without pid?
<wmp> i try: killall python /root/bin/script
<wmp> and pkill python /root/bin/script
<wmp> but nothing
<EvilResistance> wmp, what user is it running as?
<EvilResistance> root?
<wmp> yes
<EvilResistance> wmp, pidof python /root/bin/script
<EvilResistance> try that
<EvilResistance> it should get you the pid
<wmp> nice
<wmp> thx
<EvilResistance> as for *killing* the process
<EvilResistance> that might be easier said than done
<wmp> EvilResistance: hmmm, how to run process in background? i have python $DAEMON &  2>/dev/null
 * utlemming is back.
<Gaming4JC> wb
<smoser> wmp, thats close enough.
<virusuy> howdy all
<wmp> smoser: ?
<smoser> python $DAIEMON &
<smoser> will background for sure.
<wmp> and how to send echo from python to null?
<smoser> stdout ?
<smoser> python $DAEMON &  2>/dev/null >/dev/null
<smoser> python $DAEMON &  2>/dev/null >/dev/null </dev/null
<smoser> you probably want the last one.
<smoser> otherwise stdin will still be open.
<wmp> ok
<smoser> which will leave you with a bug like: https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/878600
<uvirtbot> Launchpad bug 878600 in rabbitmq-server "service start rabbitmq-server' does not fully detach from parent" [Medium,Fix released]
<wmp> smoser: dont work
<smoser> error ?
<wmp> http://wklej.org/id/639612/
<smoser> its writing to the console directly ?
<wmp> yes
<smoser> if you did >/dev/null, then stdout is going to /dev/null
<wmp> smoser: i need to redirect all pipe
<smoser> can you paste more context ?
<wmp> from init?
<smoser> sure.
<smoser> and maybe your init script
<smoser> because very generally:
<smoser> sh -c "python -c 'import time; print \"howdy\"; time.sleep(3); print \"bye\";' 2>&1 </dev/null &"
<smoser> there, you will see output
<smoser> but
<smoser> sh -c "python -c 'import time; print \"howdy\"; time.sleep(3); print \"bye\";' >/dev/null 2>&1 </dev/null &"
<smoser> you will not
<wmp> python $DAEMON &  2>/dev/null >/dev/null
<smoser> theres some other bit of info missing.
<smoser> what you've done there closed stdin and stdout to that pid.
<smoser> now, its possible that you duped file handle 2 (stderr) to file handle 4 and it is writing to 4, but otherwise i dont kwno what you're seeing. there isn't enough context.
<wmp> http://wklej.org/id/639613/
 * utlemming is away: Gone away for now
<smoser> i'm really sorry, but that doesn't help.
<smoser> i have no idea what 'do_start' does
<wmp> smoser: all script: http://wklej.org/id/639614/
<smoser> oh.
<smoser> move & to the end of the line.
<smoser> python $DAEMON & >/dev/null 2>&1 </dev/null
<smoser> does "make process daemon and background it", then redirect some stuff (i would have thought that'd show you an error)
<smoser> and you really do want:
<wmp> root@lust:~/soredserver# [2011-12-03 04:04:03] Server started
<smoser> pastebin again ?
<wmp> all?
<smoser> the init script.
<wmp> i paste your line
<smoser> are you trying to be nice to the owner of the pastebin ?
<wmp> http://wklej.org/id/639615/ ?
<wmp> i dont understand
<smoser> -         python $DAEMON & >/dev/null 2>&1 </dev/null
<smoser> +         python $DAEMON >/dev/null 2>&1 </dev/null &
<wmp> ok, wrk
<wmp> work
<wmp> bye
<wmp> and thank
<Hethrir> I have a script which I want to start, then be able to log out and occasionally check the output(stdout), how is this normally done?
<EvilResistance> screen + process?
<Hethrir> I only have ssh access?
<EvilResistance> screen is a program
<EvilResistance> !info screen
<ubottu> screen (source: screen): terminal multiplexor with VT100/ANSI terminal emulation. In component main, is optional. Version 4.0.3-14ubuntu8 (oneiric), package size 582 kB, installed size 1044 kB
<EvilResistance> ugh
<EvilResistance> oh there
<EvilResistance> Hethrir, fwiw, here's how i run a process that needs to continue running after i "logout"
<EvilResistance> Hethrir, i installed 'screen' and then ran 'screen'
<EvilResistance> within the new "terminal" that opened up (i.e. the 'screen session'), i run the process
<EvilResistance> case in point, my IRC bot
<Hethrir> Thank you :)
<EvilResistance> when i close the ssh session, the process remains
<virusuy> You can also deown that process if you dont want to install screen
<EvilResistance> true.
<virusuy> sorry
<virusuy> disown
<virusuy> basically disown deletes that job from job's table, in consecuence can't receive a SIGKILL signal
<virusuy> which happens when you logout or close ssh
<virusuy> system sends SIGKILLs signals to all your process, but if you disown it, it can send that signal, basically because isn't your
<virusuy> yours*
<Hethrir> can I check back in on it?
<virusuy> yes
<Hethrir> Thank you as well :)
<virusuy> Hethrir: oh sorry
<virusuy> i mean, you cannot own a disowned proccess
<virusuy> or at least i don't know how to do that
<Hethrir> ah, well, thank you anyway :)
<virusuy> but you can , for example, redirect the ouput to a file and check that file to see how it goes
<Hethrir> wow, screen is very useful
<Gaming4JC> I know, I'm just learning to use it
<Gaming4JC> it's a Godsend :D
<Hethrir> Yes :)
<Gaming4JC> Would any of you guys know a quick and easy way to manage startup services? Basically I want to disable apache and sendmail from startup for time being
<Gaming4JC> Some one told me to read a book on upstart
<Gaming4JC> I thought it was in init.d something
<Gaming4JC> nvm, google is my bested friend
<Gaming4JC> bestest*
<Gaming4JC> http://askubuntu.com/questions/19320/whats-the-recommend-way-to-enable-disable-services :D
<chrislabeard> Hi, i'm getting a connection refused when trying to ssh into my server any ideas?
<chrislabeard> I even tried it locally on the sever to see if it could connect to itself and it gets the same error
<Hethrir> error + google?
<chrislabeard> I've goggled but can't find anything on the error I'm now getting when trying to restart the ssh server. "tilde_expand_filename: no such user ."
<Hethrir> you're sure you're entering the proper user name?
<virusuy> chrislabeard: are you using root to login ?
<chrislabeard> virusuy: no
<virusuy> chrislabeard: uhm
<chrislabeard> virusuy: i'm using sudo /etc/init.d/ssh restart
<virusuy> sshd
<virusuy> should you use
<virusuy> or at least the service is called sshd
<chrislabeard> I get command not found when using sshd
<virusuy> what about ssh localhost =
<virusuy> in your box
<chrislabeard> I get the same thing
<chrislabeard> connection refused
<virusuy> what about service ssh status ?
<virusuy> chrislabeard:
<chrislabeard> when I use $ ps aux | grep sshd It gives me "beard 26019 0.0 0.0 3588 920 pts/0 S+ 22:19 0:00 grep --color=auto sshd
<virusuy> test this
<virusuy> ps -ef | grep ssh
<chrislabeard> that just gave me a ton of info
<virusuy> same but with ps aux instead of ps -ef
<virusuy> i mean ps aux | grep ssh
<chrislabeard> let me pastebin it
<virusuy> chrislabeard: ok
<chrislabeard> http://pastebin.com/X8ryiV8u
<virusuy> thats the output of ps aux | grep ssh , right ?
<chrislabeard> yes
<virusuy> can you execute
<virusuy> service ssh status
<virusuy> please ?
<chrislabeard> ssh stop waiting
<virusuy> uhmm
<virusuy> now, execute service ssh start
<chrislabeard> virusuy: http://pastebin.com/6K0sVN5W
<virusuy> in your first pastebin link
<virusuy> seems like dpkg is trying to configure those packages
<virusuy> including openssh-server
<chrislabeard> oh let me run it again
<virusuy> and maybe that's why the server isn't runing
<chrislabeard> http://pastebin.com/MpdeEA8C
<chrislabeard> new pastebin
<virusuy> and what about service ssh start
<chrislabeard> same error as the previous pastebin
<virusuy> weird
<virusuy> are you running those command with sudo right ?
<chrislabeard> haha
<chrislabeard> wow
<virusuy> :-P
<chrislabeard> okay its running but I still can't connect it to
<chrislabeard> to it
<virusuy> even trying it locally ?
<chrislabeard> yeah
<virusuy> i mean, doing ssh localhost
<chrislabeard> yep port 22: connection refused
<virusuy> uhmm
<chrislabeard> so confused, I usually never have any problems with ssh
<virusuy> that's really weird
<virusuy> you didn't modify your sshd_config file, right ?
<virusuy> it's standard configuration ?
<chrislabeard> virusuy: yeah didn't change anything
<chrislabeard> virusuy: it was working fine yesterday and I shut down the server and start it up today and couldn't connect to it
<chrislabeard> virusuy: If I run "sudo netstat -nap | grep :22" It doesn't display anything
<virusuy> it's weird , really.. i mean, try to shut down ssh
<virusuy> see if there's any ssh proccess runing, and start it again
<chrislabeard> what is the command with the services thing now
<chrislabeard> stop doesn't seem to work
<chrislabeard> since I guess /etc/init.d/ssh stop is depreciated
<virusuy> service ssh stop
<chrislabeard> I'm getting a "stop: unknown instance:"
<chrislabeard> when I try to run that
<virusuy> uhmm
<virusuy> im running sudo service ssh stop in my box and works perfectly
<chrislabeard> argg
<chrislabeard> Well I'm killing all processes that are ssh
<qman__> unknown instance means it isn't running, or at least is not running as a service
<qman__> and it's sshd
<qman__> ssh is the client
<qman__> but the service name is ssh
<chrislabeard> sshd is an unkown service for me
<qman__> right
<qman__> sshd is the process name
<qman__> ssh is the service name
<qman__> ps aux | grep sshd
<chrislabeard> ahh gotcha
<chrislabeard> it shows a process and I try to kill it but it says no such process
<chrislabeard> so could I like uninstall it and reinstall it
 * utlemming is back.
 * utlemming is away: Gone away for now
<j4jack> hi everyone
<j4jack> any idea how I can route 192.168.1.0/24 network to 172.21.1.0/24?
<j4jack> there's a default gateway (192.168.1.1) which provides internet
<smw> j4jack, how do you route one network to another network?
<smw> You could route it to a different gateway, but that would be an ip address.
<j4jack> smw: I have 2 interface
<j4jack> let me put my senario in a file...
<j4jack> smw: http://pastebin.com/FPLCruaB
<SpamapS> j4jack: can you be more specific about what you want to have happen?
<j4jack> SpamapS: forget about it, i need to bridge my nics to let everbody has internet
<j4jack> that's not English! I know
<j4jack> I need to select best repository (fastest) in ubuntu server (no gui) any idea?
<SpamapS> j4jack: apt-mirror
<SpamapS> j4jack: actually no wait
<SpamapS> netselect-apt
 * j4jack did not find apt-mirror in his repsitory...
<SpamapS> j4jack: http://askubuntu.com/questions/39922/how-do-you-select-the-fastest-mirror-from-the-command-line
<SpamapS> netselect-apt or apt-spy seem to be popular
<j4jack> isn't there anything installed by default
<SpamapS> j4jack: I usually just use $COUNTRY.archive.ubuntu.com :)
<j4jack> SpamapS: :)
<j4jack> i'll try that
<CantWinn> Hey peeps. I have been google-ing my *** off looking for a solution to host my on "cloud" with file sync. I only have really come up with iFile and ownCloud - which the later doesn't give a lot of info on what it really does. Anyone know of, or make anything like this? Stipulations are that it has to have administration for folder sharing because this is for my medium sized business.
<Azrael> CantWinn: have you seen One.com's CloudDrive?
<CantWinn> Hmm.. no I don't think so, I will take a look
<Azrael> oh wait you want to host your own
<Azrael> you should look at OpenStack
<CantWinn> yeah
<CantWinn> OpenStack you say?
<Azrael> its a whole cloud orchestration infrastructure
<Azrael> one of its components (Swift i think) does amazon-like cloud file storage
<Azrael> it might be overkill for what you need, as its targeted for large ever-growing super-scaling cloud deployments
<CantWinn> Yeah, I am looking for somewhere around 100 users..
<CantWinn> if that
<CantWinn> probably only about 40-60 will ever use it.
<andygraybeal> so i'm reading about drbd and that it we should be configuring kvm's cache=none  :)
<andygraybeal> it's not new news, but new to me
<andygraybeal> i want to start learning about drbd
<ogra_> then say goodbye to a sane ubuntu setup :P
<ogra_> oh, sorry, i mixed it up with drbl, ignore me
<koolhead17> hi all
 * utlemming is back.
<jetole> Not sure what room I should post this in but I am wondering if anyone can tell me any ideas they may have to help stop employees from stealing contacts to clients when they leave. I know it's ubuntu-server but just hoping from one admin to another someone has some advice
<failover> jetole, get better employees
<virusuy> failover: +1
<Myrtti> that, or make the place so nice to work in that they don't leave
<patdk-lap> myrtti, that is impossible
<patdk-lap> some employees like to work alone, some in groups
<patdk-lap> some just want more pay, some just a pleasent enviroment
<patdk-lap> and to really screw it all up, some employees are just jackasses, but they do good work
<ikonia> patdk-lap: if you give them access to the data - you can't stop them taking it by writing it down manually
<patdk-lap> nope
<patdk-lap> I had one employee do the oppisite though
<patdk-lap> they brought in their own data and put it on their computer
<patdk-lap> then when their computer was upgraded, refused to let the old one go, till it had been securely wiped by them
<patdk-lap> at that time I informed them, yes, but everything on that computer has been backed up many times to atleast 3 different physical locations
<SpamapS> patdk-lap: heh... the "data virus" problem :)
<SpamapS> patdk-lap: I love it when people delete all the emails they had with recruiters from their work email account right before they get called in to talk about why their resume was found on the copier ;)
<wolflkoder> hallo, gibst ne mÃ¶glichkeit mit hdparm die Systemplatte (Raid1) schlafen zu legen ?
#ubuntu-server 2011-12-04
<x404x> I can connect to ftp locally but it dont work remotely , do i need to add a remote host to hosts file ?
<SpamapS> x404x: you might have a firewall between you making life difficult
<SpamapS> x404x: honestly, why other with FTP? just use HTTP or SSH
<qman__> yeah, FTP is, always was, and always will be utter crap
<x404x> i love qualoty adsl modems
<x404x> quality
<x404x> always exilarating to have them random reboot or crash every 5 mins
<x404x> is ubuntu setup to only allow lan connections by default ?
<SpamapS> x404x: um, what do you mean?
<x404x> well it seems to block anything coming from outside the lan
<x404x> all services work fine on local ips but are dead outside
<x404x> just get connection refused
<x404x> im using same settings as before on the router and it worked before
<x404x> but im using a new built  server, its been so long since i setup the old that i cant remember the settings now
<x404x> is there a hosts or firewall setting that block remote access ?
<SpamapS> ufw might be doing it.. not sure
<x404x> if i run nmap on the local ip it shows the correct ports open, but running on the remote ip it says all are closed
<x404x> ufw is inactive
<SpamapS> maybe stuff just isn't listening on those ips
<SpamapS> some stuff is by default 127.0.0.1 only
<x404x> it works from other ips on same local net
<uvirtbot> New bug: #487270 in eucalyptus "improve wsdl stubs generation" [High,Fix released] https://launchpad.net/bugs/487270
<leandrounb> Test
<Zanzacar> Hi I setup my IP address on the computer side instead of the router side and I think it is causing some problems with IP address now. I dont remember how I did this and was hoping someone might be able to help me out.
<Zanzacar> I actually cant connect to it since there are problems so I guess I will have to pull out a monitor and keyboard or something
<trimeta> Hmm. My RAID5 array is suddenly telling me it's in a "clean, recovering" state. But I never knew that one of my drives died; apparently it did, and now it's being restored. How worried should I be, and should I be purchasing a new drive right now?
<trimeta> Also, how do I know which drive failed?
<uvirtbot> New bug: #899823 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/899823
<spat> can someone explain why a grep with a \s in the patern is not matching when launched from the cron (took me an hour to find that out)
<spat> think i found it... locale in cron is screwed up...
<spat> /etc/default/locale is set why is cron not using that?
<jasonmchrist0s> Hi folks would just like to give thanks to those that prepared this https://help.ubuntu.com/10.04/serverguide/C/serverguide.pdf
<jasonmchrist0s> I feel that good printable documentation is important.
<jasonmchrist0s> I know thanksgiving is over but better late than never, right?
<philipsmatto> hello
<philipsmatto> can you help me?
<philipsmatto> can you help me?
<greppy> philipsmatto: just ask your question, if someone can help, they will.
<philipsmatto> okok
<philipsmatto> today i have installed Ubuntu Server 11.10
<philipsmatto> i have ip static
<philipsmatto> *dinamic
<philipsmatto> So change always
<philipsmatto> i install lamp, apache ecc... Now I insert on the browser 127.0.0.1 but browser say : Firefox can't establish a connection with the server
<philipsmatto> why? What i must doing for put my server on the internet?
<philipsmatto> *do
<philipsmatto> ??
<airtonix> philipsmatto: ubuntu server doesn't come with a desktop environment or firefox. so your statements make no sense.
<philipsmatto> ?
<philipsmatto> why, i have a pc with ubuntu server
<airtonix> and l.a.m.p. is an acronym for Linux Apache Mysql PHP
<airtonix> philipsmatto: ok i'm going to assume you can't be bothered to type out your full situation properly. so we'll assume you're using firefox on another machine. 127.0.0.1 is a network address to the current machine you're accessing it from.
<airtonix> philipsmatto: ie: 127.0.0.1 will only ever give you access to the apache server if you access 127.0.0.1 from the same machine that apache is installed on
<philipsmatto> ops i don't have open port 80, okok all ok
<philipsmatto> trnk u
<airtonix> i doubt that is your problem
<uvirtbot> New bug: #899918 in samba (main) "Samba upstream bug 7509 prevents being a target for Windows Vista backup client" [Undecided,New] https://launchpad.net/bugs/899918
<virusuy> howdy
<Duvrazh> Hello, has anyone successfully configured Netatalk and Avahi-Daemon to function as a TimeMachine for Apple products?
<Duvrazh> If anyone got avahi and netatalk to work on 10.04 lts as TimeMachine I would appreciate a pm or reply of some form, thank you.
<JanC> Duvrazh: hm, I never tried that on Ubuntu, but I think my ReadyNAS uses those for that purpose  ;)
<JanC> (I have no Apple hardware, so no way to try)
<Duvrazh> Is it running on them?
<Duvrazh> I'd love to see your config files
<JanC> let me check
<Duvrazh> I would be interested in /etc/default/netatalk, /etc/netatalk/afpd.conf, and /etc/netatalk/AppleVolumes.default
<JanC> http://paste.ubuntu.com/759498/ = /etc/netatalk/afpd.conf
<JanC> http://paste.ubuntu.com/759499/ = /etc/default/netatalk (you're lucky this NAS is based on Debian ;) )
<JanC> http://paste.ubuntu.com/759503/ = /etc/netatalk/AppleVolumes.default
<JanC> Duvrazh: ^^^
<JanC> I'm not using netatalk BTW
<JanC> so this is probably just some default values
<Duvrazh> :) well something is better than nothingâ¦ lets have a look
<Duvrazh> Not default, but doesn't look like a time machineâ¦ more like iTunes server (also good to know, copy paste)
<uvirtbot> New bug: #899976 in nova (main) "Error in nova.conf" [Undecided,New] https://launchpad.net/bugs/899976
<Duvrazh> Recent room joiners, if you've succeeded at getting avahi-daemon and netatalk to function as a Bonjour-based TimeMachine, please let me know; I'm having configuration problems with error message.
<JanC> Duvrazh: I know there are some ways to make this ReadyNAS work as a Time Machine, but as said before, I don't need it, so I never investigated in-depth  âº
<Duvrazh> do you have links to any documentation?
<Duvrazh> gooogle-ing the ubuntu server time machine 10.04 lts pattern of thought doesn't usually generate something that actually works.
<Duvrazh> in fact it never hasâ¦ :*(
<JanC> I remember reading stuff about it on their site/forum  ;)
<Duvrazh> on ReadyNAS'?
<JanC> yes
<JanC> and ReadyNAS is based on Debian, with some changes
<JanC> so should apply to Ubuntu to some degree too
<Duvrazh> I could always take the easy way and virtualize readynas in ubuntu lol
<JanC> eh
<JanC> I doubt their firmware works virtualised  ;)
<JanC> especially mine (it has a SPARC CPU...)
<Duvrazh> hmmmm
<JanC> newer ones have an Atom, so that might work virtualised, maybe  ;)
<JanC> I never tried
<Duvrazh> On your ReadyNAS, is TimeMachine enabled in your guy frontend? (per their instructions)
<Duvrazh> gui*. DAMN YOU AUTOCORRECT
<JanC> probably not
<JanC> actually, I hope not  ;)
<JanC> I'm not even sure there is a UI option like that specifically
<JanC> but IIRC if you enable certain sharing options, a Mac OS X desktop can do the rest
<Duvrazh> http://www.readynas.com/?p=1097
<Duvrazh> Mine see it, I've got it broadcasting via Bonjour protocols
<Duvrazh> I can't mount it though
<JanC> maybe a permission issue?
<jamilbk> hi peeps -- is anyone else getting a 403: Forbidden error when running 'apt-get update' on their Ubuntu EC2 instance?
<jamilbk> us-west1 region
<Duvrazh> JanC: I swear it's a configuration issue.
<Duvrazh> Error message is:
<Duvrazh> The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.
<jamilbk> AHHH! fixed it with `service dns-clean restart`
<Duvrazh> jamilbk: you ever made avahi-daemon and netatalk into a functional TimeMachine for a Mac?
<jamilbk> Duvrazh: nope, sounds like a sweet idea actually. i do have a spare netbook just lying around
<rafael> i need to connect in the server the same way i do with vnc because a need to set the server to process someting sometimes how can i get this ?
<jamilbk> Duvrazh: is that what you're wrestling with?
<Duvrazh> yup
<jamilbk> good luck
<Duvrazh> lol thank you
<Duvrazh> I think the only problem is version checking. My iMac says "The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem."
<Duvrazh> otherwise it appears to be okay.
<JanC> Duvrazh: recent OS on that iMac?
<Duvrazh> newest
<Duvrazh> Lion
<Duvrazh> apparently all the documented methods worked on older versionsâ¦ Something changed
<JanC> hm, I wonder if that iMac has a setting for supporting older Apple "Time Machines"?  ;)
<Duvrazh> if its made by Apple, probably does without issue
<Duvrazh> getting it to go to this spare computer though is a beast of a problem. Right now all the computer does is Folding@home via the Origami package (nice for clustered webmin status calls)
<JanC> eh
<JanC> webmin...
<ersi> ew
<Duvrazh> ew all you want, it's a hell of a convenience
<JanC> a long as you don't use webmin on debian/ubuntu machines  ;)
<Duvrazh> webmin from sarge repository runs fine on 10.04 to 11.10 ubuntu server
<Duvrazh> postfix and samba has to be modified but otherwise recognizes and properly manages config files
<JanC> webmin has a long history of trampling over the configuration policies in Debian/Ubuntu, and thus causing resulting in difficult to debug issues
<Duvrazh> *fingers crossed* so far so good ;)
<Duvrazh> bbl need rental car
<JanC> it also means you're less like to get support  ;)
<youlysses> Hey guys, how are ya?! I just set up my first home server on ubuntu 11.10, and haver alot of files to copy over from a external drive... So I want to mount it on my server and copy iy over to my home directory, is there an easy way to do this? Like is there some program that will automatcally mount my drives for me when I plug them in, like in a desktop os, becasue i'm having issuses doing it manually ...
<patdk-lap> nope, manual is the way to go :)
<youlysses> ...So, I want to "mount /dev/sdf1 /media/external" but the flags are killing me... it keeps tellling me they're invalid. :(
<patdk-lap> whay are you using flags?
<youlysses> I'm using the defualt ones in the tutorial "sudo mount -t vfat /dev/sdb1 /media/external -o uid=1000,gid=1000,utf8,dmask=027,fmask=137"
<youlysses> Oh wait a sec, maybe i got it?!
<youlysses> Sweet! Ok so I was using the fat16/32 intrustions, when I needed the ntfs.
<youlysses> But, got it.
<N3> I need some serious help
<pmatulis> N3: ok
<qman__> youlysses, no options are really needed by default, the only catch is that the kernel NTFS support is read-only, and you need ntfs-3g for rw
<N3> My server got messed up when I tried to uninstall ubuntu-xen-server
<N3> anyways
<N3> I got knoppix running on it, re-assembled the raid, unencrypted it, and set up the lvm
<N3> But whenever I make changes to it, it does not seem to save it
<N3> Like in /etc/crypttab
<N3> or /etc/lilo.conf
<N3> nothing seems to "save"
<N3> its not mounted read only
<qman__> you're likely working on the knoppix live environment
<qman__> did you chroot into your mounted system?
<N3> I did not "chroot", I just basically mounted it
<N3> how do I chroot it?
<qman__> well, if you're not chrooted, /etc/crypttab is knoppix's /etc/crypttab
<N3> nah, its /mnt/wat/etc/crypttab
<N3> Ok, actually it looks like it saved it
<N3> but lilo does not honor the changes AFAIK
<qman__> I don't know enough about how lilo works in ubuntu, but chances are you need to run the equivalent of update-grub
<N3> yeah I looked into that
<N3> kinda
<pmatulis> N3: why do you think you're using LILO?  and what ubuntu release are you working on?
<qman__> grub has been the ubuntu default since before I started using it, with 5.10
<qman__> so if you have lilo, you must have done it yourself
<pmatulis> N3: it would also be good to know what happened when you removed ubuntu-xen-server
<N3> I did it myself
<N3> pmatulis, I tried to remove it, but a "df" said that /boot was @ 100%
<N3> (it was trying to install linux-server, or either I tried to re-install linux-server)
<Duvrazh> has anyone succeeded at getting avahi-daemon and netatalk to function as a Bonjour-based TimeMachine, 10.04 lts
<N3> anyways, it did not have enough room
<N3> so I deleted some of the old images
<N3> and it shat a brick
<qman__> yeah, that's the wrong thing
<qman__> you need to apt-get remove old kernel versions
<N3> Yeah I know that now
<qman__> touch the old file names, then chroot in, and apt-get remove should work
<qman__> and that will probably also fix your bootloader for you automatically
<qman__> at least with grub, the post-install and post-remove scripts regenerate the config
<qman__> here's a pretty thorough process on arch, but it applies generally to linux: http://superuser.com/questions/111152/whats-the-proper-way-to-prepare-chroot-to-recover-a-broken-linux-installation
<N3> f this returns an error chroot: cannot run command '/bin/bash': Exec format error, this usually indicates that you booted with one architecture (e.g. 32bit) and are trying to chroot into another (e.g. x86_64).
<N3> great
<N3> :(
<N3> can grub RAID?
<ikonia> grub isn't anything to do with raid
<patdk-lap> unless your boot drive is raid5
<N3> k
<ikonia> you can't boot from raid 0 or raid 5
<jamilbk> anyone else running on EC2? getting a 403: Forbidden with `apt-get update`
<qman__> jamilbk, I'm not, but that means one of your sources is broken
<ikonia> jamilbk: what repo is it hitting ?
<ikonia> jamilbk: manually check that repo see if it's online
<jamilbk> us-west-1.ec2.archive.ubuntu.com has address 10.161.51.124 us-west-1.ec2.archive.ubuntu.com has address 10.162.150.127
<jamilbk> yeah it's online:
<jamilbk> the .127 address was giving problems. manually setting it to the .124 address in /etc/hosts fixed the problem
<jamilbk> must be an ubuntu mirror issue
<jamilbk> sysadmin fail
<ikonia> jamilbk: those sites are showing down to me
<jamilbk> yeah it's a private address
<ikonia> oops, so it is
<jamilbk> only accessible from within the cloud ;-)
<ikonia> just saw it was a 10 address
<ikonia> idiot
<N3> Ok so I got somewhere
<N3> I've almost got lilo to install
<N3> But now I'm getting "Fatal: open /vmlinuz: No Such file or directory"
<ikonia> N3: why are you using lilo ?
<N3> RAID
<N3> and crypto
<N3> and lvm
<patdk-lap> hmm, I remember doing all thos eon grub
<patdk-lap> hell, I still do :)
<ikonia> again.....why are you using lilo
<ersi> It's classic! Traditional!
<N3> Ok so I can, for sure, use grub?
<ikonia> it's dead
<patdk-lap> using lilo, is like using grub in dumbed down mode
<ikonia> it's nothing like using grub
<ikonia> the whole way it works is different, it's not any "dumber" it's just a different way of doing things
<patdk-lap> lilo has no understanding of anyhting, it just a point and execute
<patdk-lap> grub can do that also, but makes much more sense to understand the filesystem and stuff, like it does
<ikonia> yes, it's totally different approach
<N3> So grub?
<ikonia> I'd use grub, it's the current main option within ubuntu
 * pmatulis wonders what happens to a system that is running lilo when a kernel is upgraded
<Dulcin> Can anyone take a look at this screenshot taken from my remote console: http://dulcin.nl/temp/s.jpg
<Dulcin> my server won't boot up anymore after a reboot
<ikonia> looks like a kernel dump
<Dulcin> what could be the cause?
<ikonia> normally hardware
<ikonia> but it's very very hard to say
<Dulcin> I was trying to install bugzilla with at on of perl modules, and then did a reboot
<Dulcin> and then this happened :(
<ikonia> got an older kernel on the machine ?
<ikonia> (see the grub list/menu)
<Dulcin> it's completely up to date
<Dulcin> ubuntu 11.10
<ikonia> that's not what I asked
<ikonia> do you have an older kernel still installed ?
<Dulcin> I'm not sure then? I thought when you install ubuntu 11.10 it has the latest kernel
<Dulcin> I did not specifically change anything
<ikonia> look in the grub boot menu, see if there is an older one there, try booting it, see if you get a kernel panic with that too
<Dulcin> the thing is, it's completely unresponsive so I guess I have to ask the provider to do it
<Dulcin> it does not respond to 'send ctrl-alt-del' either
<ikonia> what ?
<ikonia> it's a kernel panic, it will not do anything
<ikonia> try booting an older kernel from the grub menu, see if that panics also
<Dulcin> yes, but how do I do that? The machine is not here physically
<Dulcin> and it's not responding to any key input from the remote console
<ikonia> well, if you're using a remote console to boot it and see this before it's on the network, you must be able to use the remote console to select options from the grub menu
<ikonia> then ask someone on site
<Duvrazh> Opinion: latest kernel sucks
<ikonia> then your opinion is wrong
<ikonia> and totally based on nothing
<Dulcin> yeah I will ask someone, but I guess I'll have to wait till tomorrow
<Duvrazh> Twonky doesn't run on it well, and that's very important to me
<Duvrazh> I had to drop back to 10.04 lts to keep functionality for my media box
<Duvrazh> newer is not always equivalent to better. usually, but not always
<ikonia> Duvrazh: why is the newer kernel "bad"
<ikonia> Duvrazh: please explain your reasoning ?
<Duvrazh> ^^^ right there
<uvirtbot> Duvrazh: Error: "^^" is not a valid command.
<ikonia> Duvrazh: how do you know that's a kernel problem
<ikonia> Duvrazh: it could be a hardware issue
<ikonia> Duvrazh: it could be a user error
<Duvrazh> nope, same box no hardware change, older kernel it runs perfectly. newer one, doesn't run at all
<Duvrazh> nope, I thought about that too, had a friend try it, same luck
<ikonia> Duvrazh: which kernel versions are you comparing
<Duvrazh> current for 10.04 lts and current for 11.10
<ikonia> Duvrazh: ok, so between those two versions there are massive differences in more than just the kernel
<Duvrazh> oh yes i know
<ikonia> ....ok, so again, why are you sure the new kernel "sucks"
<Duvrazh> why are you sure it doesn't? are you a spokesperson? do you get pleasure in proving people wrong? it's my opinion.
<ikonia> I'm not sure it doesn't, but I'm not in a channel making statements like "new kernel sucks"
<Duvrazh> I don't like the newer Ubuntu, and the kernel included with it.
<Duvrazh> even though ubuntu is by far my favorite
<Duvrazh> of all the lovely little distros
<Duvrazh> s
<ikonia> if I was going to state that the new kernel was a problem, I'd certainly try to have something to validate that
<Duvrazh> okay how about the main software I use for specific purposes does, in practice, not work in the new environment.
<ikonia> "enviornment" not "kernel"
<Duvrazh> as mentioned before
<Duvrazh> omg, you're one annoying child
<Duvrazh> environment encompasses kernel
<nebajoth> CHANGE IS BAD MKAY
<ikonia> Duvrazh: yes, it does include the kernel, but you're stating the new kernel is a problem
<Duvrazh> I've tried upgrading to newer kernel on older systems, environments in your terms, and it still doesn't function
<Duvrazh> therefore, kernel = at least some part of the problem
<ikonia> Duvrazh: the new kernel was not designed to work with the older ubuntu versions
<ikonia> Duvrazh: (within the ubuntu packages)
<ikonia> that's why mixing component versions between distros isn't advised
<Duvrazh> it WILL work, but it's not stable, the procedure calls are different in a few areas
<ikonia> Duvrazh: ok, so then it's not a fair test if you know it's not stable
<Duvrazh> you're missing the point, and i will no longer continue this in public chat. if you're really that passionate about not listening at all, you'll want to send me a private message instead of flooding this channel with useless back and forth banter
<N3> Ok
<EvilResistance> anyone able to recommend any php-based bug trackers?  bugzilla is a pain to configure for nginx, because i dont have perl set up
<ikonia> I'm not missing the point, you're just making ill thought through statments that "new kernels suck" without anything to back it up beyond bad designed tests
<N3> I'm getting lvm device name (***) does not begin with /dev/mapper
<ikonia> EvilResistance: is trac php or perl ?
<ikonia> N3: where are you getting that ?
<N3> boot
<Duvrazh> EvilResistance: don't know if it has the features you need but try phpBugTracker @ phpbt.sourceforge.net
<ikonia> N3: what part ?
<nebajoth> trac is python
<N3> after lilo loads linux
<ikonia> sorry, I'm not helping you with lilo
<ikonia> again, I don't know why you are not using grub
<N3> lol ok
<EvilResistance> ikonia:  i dont think its PHP, but i'm not certain its perl either
<EvilResistance> cant tell
<ikonia> EvilResistance: python
<EvilResistance> yeah...
<EvilResistance> i dont have python configged with nginx either
 * EvilResistance never had a need to configure it
<nebajoth> EvilResistance: look at mantis
<nebajoth> or flyspray
<Dulcin> well I've sent them a mail, hopefully it will be solved tomorrow
<Dulcin> thanks for your input ikonia
<EvilResistance> ah cool
<EvilResistance> nebajoth:  i think mantis will work
<EvilResistance> flyspray might work too
<EvilResistance> i'll fiddle with both later before i decide ;P
<Duvrazh> has anyone been successful with avahi-daemon and netatalk to use ubuntu server as TimeMachine backup device?
<Duvrazh> has anyone been successful with avahi-daemon and netatalk to use ubuntu server as TimeMachine backup device?
<hsmod> hey all.  i'm sshing TO a oneiric box and from it i'm ssh X forwarding back to my workstation (oneiric workstation).
<_johnny> hi, i'm running my own CA (for internal use in my company), and for fun i've been meaning to get EV on certain domains to get green bars with names (like https://github.com/ has). i've added businessCategory and a few others, and they're in the signed certificate - however it doesn't display. so: can anyone verify that this is the right way to go about this?
<hsmod> when i do that, my workstation is pretty unresponsive
<hsmod> becomes VERY slow
<hsmod> not internet slow but entire cpu anything i do locally is very slow
<hsmod> top shows compiz is taking about 25-50% cpu
<Duvrazh> _johnny: have you added your CA as a recognized CA in the browser your business is using? github's certificate comes from a rather large organization that's already included in those browsers, that's a lot of back&forth checking to make sure those certificates are valid, just to display that green bar. (have you seen the cost of those? outrageous prices.)
<_johnny> Duvrazh: yes, the ca is added on all laptops including the one i'm testing on
<_johnny> certificates are valid (and green)
<Duvrazh> but the bar still doesn't show?
<_johnny> it's a luxury problem going for the EV
<_johnny> sorry, i wasn't clear
<Duvrazh> oh
<_johnny> i mean like: https://github.com/
<_johnny> in chrome it'll display company info
<_johnny> like http://i.imgur.com/hByjz.png
<_johnny> which, from what i can tell, is from being an EV cert - which in turn seems to require a businessCategory property
<Duvrazh> Those EV certificates are by recognized authoritiesâ¦ They've made it difficult to replicate on purpose. The names are from go daddy, to global sign, to wells fargo....
<Duvrazh> some light reading to help you, because they're special certs
<Duvrazh> http://cabforum.org/Guidelines_v1_2.pdf
<Duvrazh> to get green bar, you have to be audited against the WebTrust EV Program
<_johnny> i'm not trying to replicate (immitate) github, i'm trying to add it to my own certs :p
<_johnny> but i see. so chrome does it only from the CA's it deems in WebTrust i guess
<Duvrazh> I think the same is true of chrome and most other name-brand browsers
<Duvrazh> remember this was commercialized by fortune 500's.
<N3> ikonia, ok plz help me install grub
<_johnny> Duvrazh: your suspecions were correct according to http://blog.sidstamm.com/2009/04/roll-your-own-ev.html
<_johnny> "regular SSL root certificates can be added easily to any browser, but the EV root certs can't."
<Duvrazh> I had looked into it once for a Windows Remote Troubleshooting website I used to runâ¦ pain in the ass, and VERY expensive
<Duvrazh> I gave up pretty quickly, too lazy for that mess
<Duvrazh> sorry to bust your bubble sir
<_johnny> not at all. it's not a necessity. and the more you know.. ;)
<Duvrazh> you're right :)
<SockPants> hi all
<SockPants> all of a sudden my webserver is broken. sounds unspecific but ive never seen anthing like it
<SockPants> i was developing in wordpress and it went down (its a virtual machine) so i reboot it, now it keeps getting stuck at * Starting the web server apache2
<SockPants> it won't boot.
<Duvrazh> it's virtual?
<SockPants> yep
<SockPants> ok shit virtualbox is falling apart as soon as i touch the data on that drive, off to #virtualbox
<EvilResistance> first, !language
<EvilResistance> ;P
<EvilResistance> SockPants:  and two, what're you trying to do in virtualbox?
 * EvilResistance runs 6 windows server instances virtually, and 5 *nix servers virtually
<SockPants> EvilResistance: sorry :) well, i have a server vm and a desktop vm, both ubuntu, and after the ubuntu one crashed randomly i decided to copy my websites off of the drive using the desktop vm. only the vm unexpectedly killed itself mid-copy, so now i'm suspecting something's wrong either with the virtual drive or with the filesystem
<SockPants> oh rats, it might have to do with having 0 bytes free on the host fs *facepalm*
<EvilResistance> that might be the issue ;P
<Duvrazh> simplest explanation :)
<SockPants> heheh yeah it often takes me a trip to irc to formulate the exact problem before i realize the simplest things
<SockPants> and everything is up and running again
<xlinkerz> #metasploit
<blkperl> adam_g: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/802367
<uvirtbot> Launchpad bug 802367 in net-snmp "snmpd reports "truncating integer value > 32 bits" at ERROR loglevel, should be DEBUG" [Low,Triaged]
#ubuntu-server 2012-11-26
<Danawar> This is not the first time this has happened when i had alot of peers connected to my minecraft server the eth0 stop worksing
<Danawar> working*
<Danawar> it all ways start working if is sudo ifconfig eth0 down -- and then up
<Danawar> stats*
<Danawar> Its been happening for a few days now and i cant get to the bottom of it :/
<SpamapS> Danawar: is it possible the connections are using up all available RAM? ifdown would cause people to start disconnecting rapidly
<Danawar> ram is allmost maxed out on the server using a small ammount of swap
<Danawar> but today there is hardly any one on the servers and all i did was try to upload a 1mb pic =[
<Danawar> Ram was at 80% when it died
<Danawar> swap was at 10%
<SpamapS> Danawar: ah, interesting. nothing in dmesg?
<Danawar> Sadly i have never used dmesg ill look it up now
<Danawar> Alot of UFW blocks
<SpamapS> Danawar: literally, just run 'dmesg'
<Danawar> Just alot of UFW blocks from  SRC=0.0.0.0 DST=224.0.0.1
<Danawar> And one that is different
<Danawar> IN=eth0 OUT= MAC=50:e5:49:1c:a0:be:28:3c:e4:eb:b5:df:08:00 SRC=203.113.137.187 DST=192.168.1.3 LEN=48 TOS=0x18 PREC=0x60 TTL=113 ID=63072 PROTO=TCP SPT=53255 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0
<Danawar> with the last crashes
<Danawar> i always see that packet with URGP=0
<Danawar> But i am unsure what that is yet
<Danawar> All the times it has DCed
<Danawar> I see alot of UFW blocks in my logs
<Danawar> Something could be going on that is not being logged or i just dont know where it is loged
<SpamapS> Danawar: ?? hard to say. Might be time to call in a professional :)
<Danawar> Unfortunately its just a home server xD but it doing my head in xD
<Danawar1> Just tryed uploading another picture same problem damn server =[
<Danawar> I have a feeling it might be somthing to do with the PHP upload feature
<lvmer> This isn't Ubuntu related... but I'm trying to convert a bunch of 8mm video cassettes to digital files. & Google is being stubborn. I'm having trouble deciding the best video format to preserve quality but still keep the file size reasonable. Anyone happen to have tips? or know where I could ask?
<lvmer> I've got all the camera connections btw... the 30min test file just comes out as 8gb... which really makes me wonder how much wasted resolution I'm recording.
<FauxFaux> I would suggest starting with a generic encoder for dvd stuff, pick a low motion profile on a modern codec, and pick a few file sizes, see which gives a sufficient quality for the size?
<lvmer> Yah I usually use power director, but it was throwing errors. So I switched to Adobe Premeire elements & the publishing options seem so weird to me. Like if I check mpeg2... the file size goes to 11gb. Wtf? lol. I feel like adobe doesn't even understand it's own publishing options.
<FauxFaux> mpeg2 isn't what I'd call a modern codec.
<lvmer> xD Neither is 8mm video. xD  but perhaps a more modern codec would be better. xD
<Patrickdk> the codec isn't the issue there
<Patrickdk> removing noise is the issue
<Patrickdk> and 8mm is going have a lot of noise
<Patrickdk> the more noise, the worse the compression
<Patrickdk> so if you want the rips to be small, your going have to get good with using video filters to clean it up first
<COrdel^> guys, WHat is the INITRAMFS prompt and how to i get my system to boot?
<COrdel^> its stuck at this propmt
<stegel> hello, i have multiple domains on a ec2 server (ubuntu 11.04)  and i want to be able to send from multiple email adddress based on the domain i am sending from, is that possible?
<lickalott> hello all.  I have some entries in fstab (UUID) that I have also shared out via NFS.  The permissions are 777 (to troubleshoot) but it gives me a permission error when I try to copy over the network.  Looking to correct this so i can copy over stuff.
<lickalott> *note it's worked in the past.  Seems to be an issue after the latest updates
<escott> lickalott, do the uid's match up
<lickalott> yes sir
<lickalott> well....i'm not sharing out via NFS with the uuid.  just the absolute path
<escott> lickalott, the UUID shouldnt matter at all. i mean the uid like 1000
<lickalott> oh.... no.  going from winblows to ubuntu
<escott> lickalott, you are running an NFS server on windows?!?!
<lickalott> no.  NFS from ubuntu.  trying  to copy over backups from windows
<escott> lickalott, back up a bit. NFS+windows=confusion. where does windows fit into this?
<lickalott> *side note - I am running nfs from another windows server (hanewin).  it actually works really nice.
<lickalott> k
<lickalott> computer 1 = windows (my laptop) computer 2 = Ubuntu server (NFS shared dirs).  i want to copy files from computer 1 to computer 2 across the network
<qman__> that's what samba is for
<lickalott> you know what...now that you say it.  those may be shared out via smb...  lemme check
<lickalott> regardless there are permissions issue that weren't there a week ago.  but lemme get specifics so I stop wasting your time.  wait 1
<lickalott> samba
<lickalott> browseable, writable = yes  read only, guest ok = no for all 3 shares
<qman__> are you able to browse the shares
<lickalott> yes
<qman__> and just not write files, or are you not able to do anything
<qman__> ok
<lickalott> i can move stuff from elsewhere on the server to those dirs
<lickalott> just not from my lappy
<qman__> what exactly do you mean by that
<qman__> do you mean you can, from windows, move stuff around but not copy new files?
<lickalott> i can telnet or logon to the server and move stuff into those dirs via command line.  But across the network is giving me issues.
<qman__> well, that's irrelevant
<qman__> what's going on then is, the user you are authenticating to samba as, is not able to write files
<lickalott> <qman__> and just not write files, or are you not able to do anything <--- just trying to fill in ALL the blanks
<lickalott> k
<qman__> when you connect to the server, are you entering a username and password?
<lickalott> windows user = weed. ubuntu user = weed.  I can't make the uid's the same right?  whats the next step
<qman__> or does it just open up automatically
<lickalott> opens auto
<qman__> do the passwords match?
<lickalott> no
<qman__> well, there you go
<qman__> what's happening is
<qman__> windows attempts to authenticate with your local credentials
<qman__> that fails, so then it attempts to authenticate as guest
<qman__> which is succeeding for some reason
<qman__> but then you can't write files, because guest ok - no
<lickalott> i have a .bat that mounts the paths, and when I set them up initially i used the "weed" user's info from the server.  i think it's cached
<lickalott> ok.. lemme try that
<qman__> so, to solve it, change the passwords to match and try again
<qman__> or change the user names to not match
<lickalott> still working it.  I'll shoot a status update in a min.
<lickalott> they won't go away.  net use /delete isn't working.  need to reboot
<lickalott> qman__ same
<lickalott> "Destination Folder access denied"
<lickalott> qman__ you still hanging around?
<samba35> how do i configure fqdn on 12.04.1 ,i have static ip and domain with isp
<RoyK>  
<rbasak> Daviey, jamespage, smoser: any objection to seeding software-properties-common, and if not, please could you sponsor? Bug 439566. I'm guessing that this is something not quite suitable for the normal sponsorship queue?
<uvirtbot> Launchpad bug 439566 in ubuntu-meta "add-apt-repository is not available by default on server" [Wishlist,Triaged] https://launchpad.net/bugs/439566
<Daviey> rbasak: erm, i thought that was added to the seed last cycle?
<Daviey> But yes, i entirely support it, if not.
<Daviey> Oh, was it python-software-properties and renamed to software-properties-common, and the seed hasn't been updated?
 * rbasak checks
<rbasak> Daviey: I can't find it in the germinate output anywhere. Only for desktop, and cloud-image which gets it via cloud-init
<rbasak> I know we mentioned it last cycle, but I don't think anything got done
<Daviey> rbasak: Oh
<Daviey> rbasak: if you want bzr credit, fancy providing a merge proposal ?
 * rbasak does so
<rbasak> Daviey: https://code.launchpad.net/~racb/ubuntu-seeds/add-apt-repository/+merge/136146
<saskuas> Hello!
<saskuas> someone here?
<saskuas> i need some help configuring apache2 in ubuntu server 12.04
<saskuas> specially ssl authentication
<jamespage> zul, pls give me a ping when you start; trying to decide whether I've found a bug in webob or not....
<Daviey> jamespage: zul mentioned over the weekend that he thought we might need a newer nose.. related?
<jamespage> Daviey, not really (although I did hit a new nose issue but was able to workaround it)
<jamespage> glance
<jamespage> Daviey, the Checksum-MD5 header behaviour has changed in webob >= 1.1
<jamespage> so basically you never get them with chunked transfer encoding...
<Daviey> ah
<Kartagis> is there a nautilus plugin to display CR2 thumbnail?
<koolhead17> zul: i will look into that thing later today
<zul> jamespage: sure...when i get in and after I give myself a heart attack by shoveling the snow off my laneway
<jamespage> zul, lol
<rbasak> http://status.ubuntu.com/ubuntu-quantal/group/topic-raring-servercloud-overview.html 404s. Should this be fixed or is there an alternative view?
<zul> right good morning
<jamespage> zul, have a better fix for glance now
<zul> jamespage: sweet pastebinit?
<jamespage> I still think bug 1083155 applies
<uvirtbot> Launchpad bug 1083155 in python-webob "Unable to set Content-MD5 header when using chunked transfer encoding" [Undecided,New] https://launchpad.net/bugs/1083155
<jamespage> but we can work around it for the time being
<zul> yeah
<zul> we should probably push that to the upstream webob tracker
<jamespage> zul, oh - and I hit a odd nose issue as well with glance - it kept trying to execute glance/openstack/common/__init__.py as a test
<zul> jamespage: yeah i seen that multiple times
<jamespage> I worked around that for the time being by scoping run_tests to glance/tests
<zul> ack...thats a nose bug btw i think
<jamespage> zul, yes it is
<jamespage> I think its fixed in 1.2
<zul> yeah i started packaging 1.2 this weekend
<jamespage> (well the upstream venv uses that version and appears not to have the same issue)
<jamespage> zul, oh - btw - did you mean to drop glance-client with the last upload to raring?
<zul> jamespage: the glance-client binary in glance?
<jamespage> zul, yes
<zul> yeah its in python-glanceclient now
<jamespage> zul, OK - so its still generated by the packaging - I've dropped it in the branch I'm preparing now
<zul> k
<caribou> jamespage: I see that you have a fix for walinuxagent for bug #1079897
<uvirtbot> Launchpad bug 1079897 in Ubuntu Raring "walinuxagent mangles server identity and access on upgrade" [Critical,Fix committed] https://launchpad.net/bugs/1079897
<caribou> jamespage: I can take care of the SRU if you wan
<caribou> want
<jamespage> caribou, yes please
<caribou> jamespage: ok, will do
<zul> jamespage: can you try to push the webob patch upstream
<zul> ill add that to the merge proposal
<jamespage> zul, I added the webob fix to the glance branch I proposed
<jamespage> I'll push the bug report upstream and the login in response looks a little fuddled to me
<zul> k
<psivaa> it appears that the precise server images now include quantal kernels (3.5.0-19) from Friday. Is this intended by any chance?
<jamespage> psivaa, I don't think so no
<jamespage> Daviey, ^^
<Daviey> psivaa: No, not intended at all
<Daviey> psivaa: thanks for raising it.
<Daviey> psivaa: do you have any logs i can copy and paste?
<psivaa> Daviey: yes 1 second for logs but cjwatson on the #release thinks otherwise
<Daviey> erm
<psivaa> Daviey: https://jenkins.qa.ubuntu.com/view/Precise/view/ISO%20Testing%20Dashboard/job/precise-server-amd64_default/371/console is the link
<zul> jamespage: http://pastebin.ubuntu.com/1389121/
<jamespage> zul, and what does line 15 look like in your copy?
<zul> ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS))
<zul> you are missing a ")"
<jamespage> zul, no - you are - mine is fine - ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS)))
<zul> uh
<jamespage> looks OK on the MP as well
<zul> jamespage: yeah it might have been a bad merge that i did...its in the trunk now as well hold on
<zul> jamespage: https://code.launchpad.net/~zulcss/glance/grizzly/+merge/136193
<jamespage> zul, approved
<zul> jamespage: you merged it right/
<jamespage> zul, doing it now
<zul> jamespage: ack
<jamespage> zul, done
<zul> jamespage: cool just testing the new nose
<v0lksman> hello all!  Last week I posted this problem:  https://answers.launchpad.net/ubuntu/+source/gnome-nettool/+question/214977
<v0lksman> to which someone replied this: "Having looked further into the igb, I'm wondering if the motherboard is using UEFI and if so, if the UEFI driver settings for the i350 are responsible for this"
<zul> jamespage: still get the same error with glance with a newer nose
<v0lksman> how would I go about investigating that further?  I'm not very well versed in UEFI and it does't look like I can disable it
<jamespage> zul, weird - worth checking which version gets into venv then
<zul> yep
<hallyn> stgraber: so the git tag isn't there (so i missed it) but a tarball is - so 0.8.0 is released.  were you working on a merge?  Is there something else I should work from rather than starting with the release tarball?
<caribou> jamespage: FYI, I was able to reproduce the walinuxagent bug on Azure.
<stgraber> hallyn: nope, no point in merging really. I don't intend to rebase on upstream until 0.9~alpha1
<hallyn> well, one point would be to catch any mistakes in the upstream tarball early...  but ok, yeah, it *would* be a lot more work to merge now...
<hallyn> all right back to my original plan then :)
<stgraber> I'm hoping to get Daniel to pull and release 0.9~alpha1
<hallyn> have you heard from him since release?
<stgraber> nope
<hallyn> stgraber: autodev pushed to staging
<stgraber> hallyn: ok, I'll review and ack it once I'm done with my current meeting :)
<darthanubis> join #ubuntu+1
<samba35> what is best way to setup a fqdn on 12.04.1 ,i have static ip and domain from isp
<samba35> i want to setup web and mail server
<v0lksman> samba35: your question doesn't really make sense...are you asking how to set the host name to a FQDN on the server?
<samba35> ok ,let me try to explain again
<samba35> ok lets keep it simple
<samba35> how do i configure fqdn on server
<ScottK> samba35: Have you looked at the Ubuntu server guide?
<ScottK> (see the channel topic)
<ScottK> This kind of thing is discussed there.
<samba35> i have configure /etc/hosts with 127.0.0.1 localhost and 127.0.0.1       ubuntu mail.xxx.com
<samba35> my hostname is ubuntu
<v0lksman> TJ-: hello!  Last week I posed a question about igb drivers acting weird.  You suggested it could be related to UEFI drivers.  How would I go about investigating that further?  Any suggestions/docs you can point me to?
<TJ-> v0lksman: Wow! long time ago in IRC spacetime :D  ... I think that suggestion was a result of some research I did on that driver and issues others have met, via Google. Try throwing those terms into a Google search
<v0lksman> TJ-: yeah it was ancient... :)  Will see what Google has to say today...I had been researching things last week but came up dry
<TJ-> I'll grep our conversation from last time to refresh my memory
<v0lksman> TJ-: https://answers.launchpad.net/ubuntu/+source/gnome-nettool/+question/214977
<v0lksman> TJ-: also http://irclogs.ubuntu.com/2012/11/22/%23ubuntu-server.txt @1952
<TJ-> Got it here ... shows just our conversation without the cruft
<TJ-> v0lksman: I think my most useful observation was "Having looked further into the igb, I'm wondering if the motherboard is using UEFI and if so, if the UEFI driver settings for the i350 are responsible for this"
<Freddie_> Hello! Can anyone help me make my ubuntu server have a static IP so that it can be connected to?
<v0lksman> TJ-: agreed. But I have no clue really how to chase that down.  First time touching a box with UEFI
<tgm4883> Freddie_, did  you look at the server guide in the topic?
<TJ-> v0lksman: It's almost like having a busybox cmdline ... read up on EFI interpreter commands
<GhostFreeman> What's the best way to upgrade a non-LTS install to the latest LTS
<Freddie_> not..really... :L
<v0lksman> TJ-: yeah I've hit a few articles today on the EFI shell.  I'll dig deeper on that...Thanks!
<tgm4883> Freddie_, I don't really help in this channel, so I'm unsure of the protocol, but look at https://help.ubuntu.com/12.04/serverguide/network-configuration.html#ip-addressing
<tgm4883> specifically the part on "Static IP Address Assignment"
<GhostFreeman> What is the proper way to upgrade a server on a antiquated release (10.10) to the latest LTS
<ScottK> GhostFreeman: You need to do it release by release.  10.10 -> 11.04 -> 11.10 -> 12.04.
<ScottK> Skipping releases is onl supported LTS to LTS.
<GhostFreeman> And the command in 10.10 is do-release-upgrade?
<binaryhat> i have write list = binaryhat, rick but only binaryhat can write to the share...help
<stgraber> hallyn: I just pushed a bunch of fixes to lxc-devel@lists.sf.net, would be great if you could review/ack before I push to staging.
<hallyn> stgraber: ok
<hallyn> stgraber: I only saw the 3 patches
<stgraber> hallyn: yep, that was all I had at the moment
<stgraber> hallyn: you may also want to look at that new batnch from Dwight
<Daviey> roaksoax: erm, where is it?
<Daviey> tftp?
<roaksoax> Daviey: python-tx-tftp
<roaksoax> Daviey: python-txtftp
<roaksoax> Daviey: quantal-proposed
<Daviey> oh
<Daviey> i was looking in precise
<Daviey> roaksoax: done
<roaksoax> Daviey: thank you sir
<adam_g> http://reqorts.qa.ubuntu.com/reports/rls-mgr/rls-q-tracking-bug-tasks.html ?
<adam_g> der
<adam_g> jamespage: is the rls-$x-incoming tag still the proper way to get things tracked on http://reqorts.qa.ubuntu.com/reports/rls-mgr/rls-q-tracking-bug-tasks.html ?
<jamespage> adam_g, yep
<genii-around> For web interface to IRC, any recommendation? I see cgiirc was dropped/abandoned, qwebirc has issues with python3
 * hallyn off to lunch
<mgw> Hi, is there a recommended way for maintaining local (custom) patches for packages in apt?
<maswan> Use some kind of software for repo maintenance. We use reprepro at work.
<mgw> maswan: We have a working repo
<mgw> It's just a question on the standard way to apply the patch.
<mgw> Or maybe I misunderstand your answer
<mgw> I can of course use a custom script to pull the source from apt and prepend/append to changelog and debian/patches/series, etc
<mgw> But I thought maybe there was a 'standard' as to how to do that.
<maswan> hm. well, apart from uploading the source package with your diff, we are far from using any recommended way for maintaining our local patchsets
<mgw> maswan: ok, thanks
<mgw> Just to verify, to make a patched binary, I need to 1) apt-get source the package; 2) put the patch (with the debian info prepended) in debian/patches/; 3) modify debian/changelog & debian/patches/series;
<mgw> 4) dpkg-buildpackage
<sarnold> mgw: the 'devscripts' package provides a very useful 'what-patch' program that will tell you the type of the patch system in use on a specific package
<sarnold> it's mostly right :) so it's worth using it when you go to modify a package for the first time
<maswan> yeah, debian/patches/ isn't universal I thought. been a while since I've been doing this stuff though, been doing other things than OS/software maintenance for the last 5:ish years at $work. :)
<sarnold> in some cases, the debian/patches/ is just there to make it easier to see which patches _have_ been applied...
<mgw> sarnold: thanks
<mgw> i'll look at it
<mgw> I'm specifically interested in openssh (AuthorizedKeysCommand patch)
<mgw> The patch gets applied using the above
<hilarie> I think I found a bug in /proc/net/dev where would I report it?
<sarnold> hilarie: launchpad, the kernel team has an automated bot that will ask you to chcek if the problem also exists on upstream kernel and maybe other questions...
<hilarie> Was just finding that
<hilarie> Why does everyone want you to make an account for everything...
<ScottK> GhostFreeman: Yes.
<GhostFreeman> thanks ScottK
<billy_ran_away_> I'm using a Ubuntu 12.10 box for a router/gateway/firewall plus LDAP server it works great except I'm trying to setup a IPSEC/L2TP server...
<billy_ran_away_> I think it has to do with ipsec verify saying this: Two or more interfaces found, checking IP forwarding            [FAILED]
<billy_ran_away_> But cat /proc/sys/net/ipv4/ip_forward returns 1
<billy_ran_away_> I can connect with my Mac OS X client but not only can I not ping local boxes on my network I can't ping the internet either.
<billy_ran_away_> I can show you my iptables --save output if it'd help.
<hallyn> stgraber: if you get a chance to review my update of https://wiki.ubuntu.com/LxcSecurity i'd appreciate it
<hallyn> jjohansen: ^ you too
<sarnold> billy_ran_away_: I wonder, cat /proc/sys/net/ipv4/conf/*/forwarding  -- do the interfaces in question also have forwarding turned on?
<billy_ran_away_> sarnold: I'll check
<billy_ran_away_> Yep. http://cl.ly/L9CT
<jjohansen> hallyn: I'll try to poke at it this afternoon
<billy_ran_away_> sarnold: Here's my iptables.rules: http://cl.ly/L9Oj
<billy_ran_away_> sarnold: I really appreciate any help you can provide.
<hallyn> jjohansen: thanks
<billy_ran_away_> sarnold: Most of the HOWTO's presume your server is behind a firewall and not the router and gateway itself.
<billy_ran_away_> sarnold: I'd really like to use this for both inside (internal Wifi) and outside my network
<billy_ran_away_> After I get it working I want to switch from PSK to certs and LDAP for authentication. But first I need to get the damn thing working.
<sarnold> billy_ran_away_: sounds like a fun project :)
<billy_ran_away_> Should have been until this snag...
<sarnold> hehe
<stgraber> hallyn: changes look good
<hallyn> stgraber: thanks
<hallyn> stgraber: are you done pushing to staging?  I want to push the tiny pair of ubuntu-cloud opt parsing fixes
<stgraber> hallyn: yep, I'm just pushing to staging any thing that goes through lxc-devel with two reviews (signed off + one ack) but I always pull before pushing, so we should be fine.
<hallyn> cool, will push then
<hallyn> stgraber: i just sent it to the list (it's also in github.com/hallyn/lxc.git #staging.nov26.2, if that's easier)
<stgraber> hallyn: either way is fine, taking a look now
<hallyn> thanks.  now on to a bit of qemu
<Krazypoloc> Hey guys
<Krazypoloc> Just upgraded from 11.10 to 12.04 and having some issues with Backuppc backing up my SMB guests
<Krazypoloc> I've done a lot of googling and this appears to be an issue with NTLM with Samba v 3.6
<Krazypoloc> I've tried adding my domain to the smb.conf file under workgroup and that hasn't fixed the issue
<Krazypoloc> Any ideas?
<Krazypoloc> I get "Error NT_STATUS_UNSUCCESSFUL"
<sarnold> Krazypoloc: some things to look for (a) smb / nmb logs (b) can users authenticate? (c) don't just fiddle with domain vs workgroup; if you've got a domain, use it, if you've got a workgroup, use it (d) does backuppc run with system or similar account? do you need to take any steps to get those to work? (I know that's why yoou're here, but changing it from backuppc to system may make googling easier)
<Krazypoloc> b - Its a domain, the machines I am trying to connect to via smbclient are domain machines and I am trying to pull the c$ share
<Krazypoloc> Backuppc runs as a seperate backuppc account on the Ubuntu box
<Krazypoloc> My other backups are working fine so I know its not a backuppc issue
<Krazypoloc> Mac clients are working fine (rsync)
<sarnold> Krazypoloc: oh, so backuppc is a program that runs on ubuntu clients? hrm.
<Krazypoloc> Yes, Backuppc is an open source backup solution written in pearl
<Krazypoloc> I've been running an Ubuntu server for the last year and didn't have any issues until I upgraded to 12.04
<Krazypoloc> 12.04 upgraded to a new version of samba...which I understand added enhanced security...
<Krazypoloc> Which I think is the issue here
<Krazypoloc> Not sure if anyone has any experience connecting to Windows domain shares with 12.04
<sarnold> purely out of curiosity, why did you pick rsync for the OS X clients but pick a samba-based program for the ubuntu clients? Seems like sticking with rsync for all the clients would have been easier,...
<TheLordOfTime> what sarnold said :P
<Krazypoloc> So I don't have to configure rsync/cygwin on every single PC
<Krazypoloc> I can just configure shares/perms through group policy
<sarnold> heh, I can understand sticking with a windows-oriented program for the windows machines
<sarnold> it just seems odd to use a windows-smelling client on the ubuntu machines.
<Krazypoloc> Yeah I'm trying to keep the clients as native as possible
<sarnold> so
<sarnold> wait
<sarnold> now I'm confused
<Krazypoloc> Yeah thats what backuppc uses....works very well....well as long as your DHCP pruning is strict
<sarnold> you said earlier that the backuppc was to back up your ubuntu machines
<sarnold> but rsync is far more 'native' :) on unix machines than anything smb based...
<Krazypoloc> Backuppc runs on an ubuntu server
<Krazypoloc> rsync is used for the Macs, smb is used for the PC
<Krazypoloc> *PC's
<Krazypoloc> Ubuntu Server->Backuppc scripts->LAN->PC/MAC
<sarnold> oh!
<sarnold> so
<sarnold> uh
<sarnold> does backuppc run as SYSTEM on your windows clients?
<Krazypoloc> No
<Krazypoloc> There is no client
<Krazypoloc> It just grabs the files from the admin share
<Krazypoloc> In most cases c$
<Krazypoloc> Thats the beauty of it....no need to install/config a client for each PC...its all done via the web GUI or config files of backuppc
<sarnold> oh...
<Krazypoloc> There is literally no config on the client side for Windows clients
<sarnold> I think with this fourth iteration I'm finally getting it. :)
<Krazypoloc> And just a key exchange for *nix clients
<Krazypoloc> :)
<FauxFaux> Just hardcoding some admin password on the backup machine?
<Krazypoloc> I use a domain account to pull the files from client machines to the backuppc server
<Krazypoloc> It then tar's the backup job into the catalog
<stgraber> hallyn: hmm, could it be that the autodev change somehow messed up the tty device creation?
<stgraber> hallyn: my containers don't seem to boot anymore here and I'm getting weird permissions errors on tty devices
<stgraber> hallyn: crw--w---- 1 root tty 136, 16 Nov 26 17:13 console
 * stgraber downgrades to the previous daily for now
<qhartman> I've a script that gets rendered by a template when chef-client runs. I've made a ton of changes to the source erb, but it's not getting re-rendered when I run chef-client. It's doing the :create action. How can I ensure this script gets updated, aside from deleting the existing file? Other templates seem to get correctly re-rendered, so I'm somewhat at a loss....
<hallyn> stgraber: you have autodev turned off right?
<hallyn> stgraber: with autodev = 1 it'll be broken until the mountall fix gets pushed,
<stgraber> hallyn: right
<hallyn> autodev = 0 shouldn't do anything!  checking
<stgraber> unless it's automatically on when not listed in the config?
<qhartman> whee, user error. figured it out. Thanks.
<stgraber> stgraber@castiana:~/data/vm/lxc/lib$ grep -r autodev */config
<stgraber> stgraber@castiana:~/data/vm/lxc/lib$
<hallyn> stgraber: where is the exact source tree you're using?
<stgraber> hallyn: git import of staging
<stgraber> hallyn: FWIW, the downgrade didn't seem to help...
<hallyn> stgraber: these are raring containers under raring host, or what?
<stgraber> hallyn: quantal on raring actually, but should be similar
<stgraber> I just tried an older precise container and it boots fine, will check if changing the permissions of the lxc/* entries is enough to fix it
 * hallyn boots up the raring laptop he'd just shut down
<stgraber> hallyn: hmm, so oneiric boots fine and the permissions have apparently been wrong for a while
<stgraber> so probably not related to the recent commits, let me dig some more, may have been an SRU breaking the world
<stgraber> hallyn: precise boots fine too
<stgraber> hallyn: right, so that's quantal and raring no longer booting, even with autodev set to 0
<stgraber> hallyn: my guess is on a recent SRU breaking the world
<billy_ran_away_> I'm using a Ubuntu 12.10 box for a router/gateway/firewall plus LDAP server it works great except I'm trying to setup a IPSEC/L2TP server...
<billy_ran_away_> I think it has to do with ipsec verify saying this: Two or more interfaces found, checking IP forwarding            [FAILED]
<billy_ran_away_> But cat /proc/sys/net/ipv4/ip_forward returns 1
<stgraber> hallyn: oh, and a new mountall was released to -updates 3 hours ago, what a conincidence
<billy_ran_away_> I can connect and authenticate to the server from the Internet (Mac OS X) but no packets are forwarded to the local network nor the Internet.
<stgraber> hallyn: hmm, that's not mountall, downgraded it and still failing to boot
<stgraber> hallyn: oh, I have an idea but if that's the problem, we'll have to be creative on how to fix it :)
<stgraber> hallyn: gah, yeah, that's it... found the problem
<stgraber> hallyn: alright, so short story, with the new kernels (from -updates in quantal) a new filesystem called efivars was introduced. This filesystem is mounted on systems running uefi and that's detected by mountall.
<stgraber> hallyn: by default, our apparmor profile blocks it, which the fails the boot and gets the container stuck with nothing started.
<stgraber> hallyn: the problem is that adding it to fstab won't work on systems that aren't UEFI so we can't do our usual trick. We really need to let mountall mount it but block it with apparmor.
<stgraber> hallyn: I'm pushing the fix to ubuntu:lxc, will need to be considered for SRU
<stgraber> hallyn: pushed, not uploaded though as I remember you mentioning another lxc upload later this week.
<hallyn> stgraber: i'll be waiting a few weeks - that's for the upstartification of /etc/lxc/auto
<hallyn> so pusha way
<hallyn> (on phone, biab)
<hallyn> stgraber: my raring box doesn't have /sys/fs/efi.  what is on that fs?  is it ok to mount in the container, or does it have sensitive info?
<stgraber> hallyn: mounting is fine, writing is out of the question, reading might be fine but I'll have to check
<stgraber> it basically lets you read and write to firmware variables, storing anything from boot order to secureboot PKI keys
<hallyn> right, it seems like something we'd prefer for mountall to let us NOT mount
<hallyn> stgraber: i pushed the autodev doc fix you pointed out to ubuntu:lxc
<hallyn> hm,s uppose i can add the /dev/kmsg fix
<stgraber> yeah, for now the apparmor change was the easiest way to get a working system again, but I'll take a look at the mountall code and see how easy it'd be to fix
<stgraber> (sruing the mountall change will be a bit trickier than an apparmor rule change)
<hallyn> stgraber: so should i build+push the pkg for now?
<hallyn> actually, since the powerpc build is hanging anyway, maybe there's no hurry
<hallyn> stgraber: pushed to ubuntu:lxc, pls feel free to push
<hallyn> (or not, as you prefer)
 * hallyn out (will be checking in later)
#ubuntu-server 2012-11-27
<MoleMan> is there a way to change a symlink from a command line? I have a samba share, that consists of lots of symlinks to consolitdate files, with tidier names etc, and I've moved the root folder they are in, and would like to be able to bulk update the symlinks without having to manually recreate... any ideas?
<sarnold> MoleMan: There's nothing terribly easy available; the readlink(1) program makes reading a symlink's pointed-to path easy enough, you can pipe those through sed or awk as you need, and use the result in a new ln -sf blah blah command...
<MoleMan> hmmm, second attempt at google returned this http://superuser.com/a/157832
<MoleMan> hopefull will do the job
<sarnold> MoleMan: it'll be a bit ugly, but starting with something like: for f in * ; do ln -sf $(readlink $f | sed -e ...) $f ; done
<lvmer> I'd like to stick with Ubuntu-Server or a linux variation. But what is a good way to RAID 6 - 8x 3TB HDD's for LAN storage. I was planning on software raid & samba & shorewall, etc. But now that I think about it, idk if I've ever seen a RAID 6 option for ubuntu-server.
 * patdk-lap would like to know, when raid6 wasn't an option
<RiXtEr> Hey guys, just installed 12.04.1 Server and my syslog and dmesg are getting flooded with nouveau messages... I don't have any X installed, can anyone tell me why or where to start looking for the answer?
<patdk-lap> rixter, kernel
<patdk-lap> nouveau driver :)
<RiXtEr> patdk-lap, I didn't install anything that should be using nouveau and I am using nomodeset
<RiXtEr> patdk-lap, shouldn't that turn it off?
<RiXtEr> (cause it to not load that module)
<patdk-lap> heh? nomodeset means, don't set a mode, use whatever it was using
<patdk-lap> did you blacklist nv?
<RiXtEr> patdk-lap, so is there a grub switch I can use to 'turn it off' ?
<patdk-lap> dunno
<RiXtEr> patdk-lap, no...
<RiXtEr> patdk-lap, blacklist where?
<lvmer> patdk-lap: raid 6 was always an option... I'm an idiot and I missed it. Do you know about Raid 10? I'm pretty sure I saw it. Also I could RAID 1 2x 30gb OS drives & then partition & raid 6 the other hdds right? 2 independent?
<goddard> anyone know how I can get a live view of connections on my server and maybe even apache error logs?
<sarnold> goddard: netstat -anp
<sarnold> goddard: tail -F /var/log/apache*/error.log
<goddard> sarnold: nice foo must use that alot
<sarnold> goddard: I've got a tail -F running right now, funny enough. :)
<adauthenticate> hi team
<Tm_T> howdy
<adauthenticate> i like to ad authenticate with ubuntu server .. kindly help any one !!!
<adauthenticate> no one is in the chat ???
<RoyK> morning
 * RoyK somewhat doesn't like people joining irc, asking a question, waiting two minutes, complaining, and parting...
<SinZ> inorite
<balboah> it's better like me who idles for an hour before replying :)
<RoyK> :)
<SysTom> Having some issues booting to grub under hyper-v, I simply get grub loading, and sometimes it'll show the menu for a split second
<SysTom> Any ideas?
<Daviey> jamespage: seen https://docs.google.com/document/d/14502bjf6Y8htQSOi3Eo9WdnNfjEWhtMtw37JYIWCwkU/edit?hl=en-GB&forcehl=1 ?
<jamespage> Daviey, I had not but its good
<sarthor> HI, here is my wlan0  Unknown  iwlwifi - [phy0].. when i started #airmon start wlan0,  my machine says " mon0 is on channel -1, but the AP uses channel 11 " when i apply this command, " sudo aireplay-ng -1 6000 -a C8:D5:FE:0C:6a:74 -h b8:03:05:ca:7c:f0 mon0 " What exactly I need to do, Guide me to the direction, then I will search on the Internet please. Thanks in Advance.
<radiske> here's the situation, i have a ubuntu server, running firewall and it does all the router to my network... there's one address my network can't resolv... but if i ping this address directly from the server, it resolvs...
<radiske> someone can help?
<asac> heyho!
<asac> sorry if a bit out of touch:). wonder, what gets installed when selecting "basic server install" during install of ubuntu server (http://www.ubuntu.com/download/help/install-ubuntu-server) ... which seed/task/meta-package is it?
<FauxFaux> I'm guessing it's from tasksel, which is, as I understand it, maintained outside of apt (but I have never looked).
<sarthor> HI, here is my wlan0  Unknown  iwlwifi - [phy0].. when i started #airmon start wlan0,  my machine says " mon0 is on channel -1, but the AP uses channel 11 " when i apply this command, " sudo aireplay-ng -1 6000 -a C8:D5:FE:0C:6a:74 -h b8:03:05:ca:7c:f0 mon0 " What exactly I need to do, Guide me to the direction, then I will search on the Internet please. Thanks in Advance.
<asac> ogra_: hi! do you know ? see a bit further above :)
<radiske> why my ubuntuserver can resolv an address but my network can't? someone can help?
<ogra_> asac, whatever is in the server seed i would guess :)
<ogra_> asac, http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.raring/view/head:/server i think
<asac> ogra_: thats not much :)
<ogra_> yeah
<ibiris> folks what subset of packages defines the "basic server install" mentioned in http://www.ubuntu.com/download/help/install-ubuntu-server?
<ogra_> ibiris, see above
<ibiris> ogra_: checking from irclogs - thanks
<stgraber> hallyn: can I let you review Dwight's [lxc-devel] [PATCH] Make config api items const ?
<halvors> Hi! I have no experience setting up a mail server, i want to use postfix and dovecot and as simple authentication as possible, is this guide somthing to choose then? https://help.ubuntu.com/12.04/serverguide/postfix.html and use Mail Stack Delivery
<halvors> Anyone willing to help me out?
<halvors> Should i skip the sections "SMTP Authentication" and "Configuring SASL" when using the Mail-Stack Delivery package?
<ivoks> halvors: yes
<ivoks> halvors: mail-stack-delivery package configures everything for you; you might want to put your own certificate in place
<ivoks> sigh
<ivoks> halvors: yes
<ivoks> halvors: mail-stack-delivery package configures everything for you; you might want to put your own certificate in place
<hggdh> rbasak: there? A few Qs...
<rbasak> hggdh: pong
<halvors> ivoks: But what about postfix?
<ivoks> halvors: what about it?
<ivoks> halvors: mail-stack-delivery package will pull in postfix and dovecot, configure the link between them and that's it
<ivoks> halvors: all you have to do is answer couple of questions
<halvors> ivoks: How is mail delivered to dovecot? On what port?
<ivoks> halvors: mail from postfix to dovecot is delivered by dovecot's LDA
<ivoks> (local delivery agent)
<jamespage> Daviey, did you manage to ascertain what exactly is the plan for the kernel on the 12.04.2 iso for server?
<jamespage> Daviey, ignore me
<Daviey>  /ignore jamespage
<halvors> ivoke: I mean remote...
<ivoks> halvors: smtp, imap, pop3
<ivoks> and one can enable submission and smtps very easy
<ivoks> iirc, imaps and pop3s are enabled by default
<ivoks> including TLS on imap and pop3 ports
<iohnizer> Hello, is there anyone willing to help me regarding an issue with the 12.04 installer? I keep getting stuck.
<radiske> why my ubuntuserver can resolv an address but my network can't? someone can help?
<zooko> Dear people of #ubuntu-server. We're investigating a failure on a production server...
<zooko> (We = https://LeastAuthority.com )
<zooko> and it *looks* like a "sudo apt-get upgrade" led to the removal of postfix and installation of sendmail, which led to the resulting failure.
<zooko> Now, I thought that "apt-get upgrade" would never add or remove packages, only upgrade to new versions of currently installed packages.
<zooko> Am I wrong?
<sarnold> zooko: your understanding matches mine, upgrade shouldn't make decisions that drastic; only dist-upgrade should, but even that should be relatively rare
<zooko> sarnold: yeah, weird. This is a 10.04 server.
<zooko> The auth log and the apt log and everything put together make it look like I ran "sudo apt-get update && sudo apt-get upgrade && shutdown -r now".
<zooko> Which is a thing I normally do on an Ubuntu LTS server without much hesitation.
<sarnold> indeed, I'd think nothing of that
<zooko> But then the apt log says "Okay, so you want to uninstall postfix and install sendmail? Fine!", and goes and does that.
<zooko> Weird.
<zooko> I have one non-Ubuntu package installed -- nginx as packaged by the nginx maintainers -- but I looked at its deps and it didn't look like it would interact wil mail to me.
 * zooko looks again.
<sarnold> (tohugh in my case it's usually apt-get update && apt-get -u dist-upgrade && pm-suspend  or similar :)
<zooko> Yeah, even dist-upgrade I generally consider "safe" on Ubuntu LTSes. :-{
<sarnold> zooko: walking way out on a limb here, what are the chances someone used dpkg's --set-selections or dselect or similar to change the intended package disposition?
<sarnold> zooko: .. or aptitude or software center?
<zooko> aptitude, yes. Someone had been running aptitude in the past.
 * zooko looks at aptitude log
<zooko> But I don't see any mention of sendmail, postfix, sensible-mda, or "mail" anything in the aptitude logs.
<zooko> Okay, I give up on explaining it for now.
<zooko> Thanks for the chat, sarnold!
<sarnold> zooko: good luck!
<smoser> jamespage, so the errors we're seeing on raring are bug Merge-Method: { "dicts": "overwrite", "lists": "append" }
<smoser> oops
<smoser> https://bugs.launchpad.net/ubuntu/+bug/1078926
<uvirtbot> Launchpad bug 1078926 in ubuntu "raring instance failed to find EC2 datasource" [High,Confirmed]
<ikonia> window 14
<ikonia> oops
<smoser> stgraber, around ?
<stgraber> smoser: yep
<smoser> stgraber, https://bugs.launchpad.net/ubuntu/+bug/1078926
<uvirtbot> Launchpad bug 1078926 in ubuntu "raring instance failed to find EC2 datasource" [High,Confirmed]
<smoser> see the final comment, i'm wondering if you have help with my 'c' there.
<smoser> and if you might have hints on 'b' although i think that might be more of a slangasek thing.
<iohnizer> During the install from USB I get the message: main-menu[334]: DEBUG: resolver (libc6-udeb): package doesn't exist (ignored). The same thing goes for libnewt0.52. I have been trying to google my way around this issue, but can't seem to find any helpful answer. Any ideas?
<stgraber> smoser: yeah, b) would be for slangasek. For c), it's a bit weird. Usually what should happen is that the kernel or 'udevadm trigger' will emit a net-device-added event on the netlink bus, which will then be forwarded to upstart triggering the network-interface job and ultimately calling ifup
<stgraber> smoser: as eth0 is brought up by the fallback job, this most likely means that upstart never received the net-device-added event from udev
<stgraber> smoser: which can be explained by either a kernel bug causing the uevent to simply never be emitted or because somehow your instance doesn't call udevadm trigger so never "fakes" the event if it was emitted before the udev bridge started
<stgraber> that's what I'm seeing after a quick read, there may be some weirder things happening
<smoser> stgraber, right. it could cause that.
<smoser> but the kerel driver on kvm should be solid
<smoser> why would the image never call udevadm trigger ?
<smoser> (where woudl / should that occur)
<smoser> but it doesn't fail all the time
<smoser> so that would seem to not be valid.
<stgraber> no idea why it wouldn't trigger but I'm never too sure of what weird changes you have in your environment with your cloud init jobs :)
<stgraber> it should be triggered from udevtrigger.conf
<stgraber> so requires udev to have been started by upstart which itself depends on virtual-filesystems
<smoser> which should occur now in parallel with mounted /
<smoser> so we shouldn't hit a race there on that.
<stgraber> you may want to add a generic job to confirm that net-device-added is emitted
<stgraber> something along the line of:
<stgraber> start on net-device-added
<stgraber> task
<stgraber> script
<stgraber> echo $INTERFACE >> /run/debug-network
<stgraber> end script
<stgraber> this will then be called by upstart whenever a network interface appears and it gets the event from udev. If you don't see eth0 in /run/debug-network, then you have a kernel/udev problem
<smoser> stgraber, well static-networking-up does run
<smoser> hm.. i have to look mroe.
<smoser> well, i'll poke more later.
<stgraber> smoser: sure, because the networking.conf job will eventually trigger and call ifup -a which will bring eth0 up and emit the required events, eventually triggering static-network-up, but I'm assuming that by the time it does that, it's way too late for you
<stgraber> and networking.conf is really meant as a last fallback for when the event based bring up doesn't work, so depending on it would be wrong. (Except for virtual devices without any physical children where it's the only way they'll ever be brought up)
<yolanda> hi zul, is there any issue where i can help
<yolanda> ?
<zul> yolanda: umm...not right now...
<zul> yolanda: you might want to go through http://bugs.launchpad.net/ubuntu/+source/nova and see if there is anything you can fix or getting stale
<yolanda> ok, i'll take a look
<zul> yolanda: also you can check jenkins and look for broken builds and fix them up if you want
<yolanda> zul, although this change is assigned to other person?
<zul> which one?
<yolanda> i was talking generally, looking at changes that were marked as failed
<hallyn> stgraber: yup.  boy there's a huge set of patches.  what happened no lxc-devel? :)
<stgraber> hallyn: well, looks like having a reactive upstream attracts developers, who'd have guessed ;)
<hallyn> except this is sort of like a financial bubble
<hallyn> we're gonna build up more and more patches ingithub, 0.9 won't get released, and people will be furious
<halvors> I have a mail server, i realize that everybody can send email thru it, but how test it?
<hallyn> stgraber: have you by chance done a build with that patch applied?
<stgraber> hallyn: nope
<halvors> I've used Mail-Stack Delivery, it's ok for me that other domain's use it, as long as they login using valid username and password :)
<halvors> What is the most compatible webmail for the Mail-Stack Delivery service?
<halvors> I would prefer a package that does all the needed apache2 configuration :)
<sarnold> halvors: google around a bit, someone used to offer a service to check your mail server; you'd telnet to their machine from your mail server and they'd run 20-odd tests and show you the results in the telnet session....
<halvors> Does this look ok?
<halvors> http://mxtoolbox.com/SuperTool.aspx?action=smtp%3amail.test.halvors.org
<yolanda> jdstrand, you there? i wanted to do some work on https://bugs.launchpad.net/ubuntu/+source/nova/+bug/945177
<uvirtbot> Launchpad bug 945177 in nova "not lintian clean" [Medium,Confirmed]
<halvors> sarnold: Looks ok?
<sarnold> halvors: it's a pity their tests are as short as they are, but it's definitely a good start
<halvors> I also have this problem that i think my ISP is blocking port 25, at least i cannot connect to my mail server from outside, is there a simple way to confirm that?
<sarnold> halvors: 220 halvors.org ESMTP Postfix (Ubuntu)
<sarnold> halvors: my isp lets me through just fine
<halvors> hmm...
<halvors> Sure that's not on port 587?
<halvors> Cause thru VPN i cannot connect using a SMTP client.
<sarnold> halvors: "telnet mail.test.halvors.org smtp" -- yeah :)
<halvors> Does not work on windows right?
<sarnold> halvors: no windows here to test with, but I'd hope it would work fine there, too
<halvors> I doesn't it only take 1 parameter (The hostname)
<halvors> I get this in log when trying to use SMTPS (Port 465) via VPN. What does it mean?
<halvors> Nov 27 20:28:57 halvors-server postfix/smtpd[5540]: warning: hostname ip-130.privitize.com does not resolve to address 46.246.31.130 Nov 27
<halvors> 20:28:57 halvors-server postfix/smtpd[5540]: connect from unknown[46.246.31.130]
<halvors> sarnold: :)
<sarnold> halvors: dns provides both forward and reverse lookups
<sarnold> halvors: to get an ip from www.google.com, and to turn that ip address back into www.google.com
<sarnold> halvors: getting forward dns is extremely easy; every dynamic dns provider does that
<halvors> Yeah. But what do you mean?
<sarnold> halvors: getting reverse is different; that's tied to the ip address closely. whoever actually _owns_ that IP address provides the reverse dns.
<halvors> I know.
<halvors> But what does that have with the postfix server to do?
<sarnold> halvors: dropping email from servers that do not have matching forward <-> reverse data is a very common anti-spam step
<halvors> sarnold: May you try telneting my server again, just to be sure that it's not my isp that is responding. Now you should not get answer on port 25...
<halvors> Ah ok.
<halvors> So that means SMTPS (Port 465) actually works
<halvors> But i can send mail from that ip using STARTTLS (587)
<sarnold> halvors: 25 is dead (network unreachable! rather than "connection refused"), 465 works fine
<halvors> Iknow.
<halvors> What about 587?
<sarnold> 587 works too
<halvors> hmm, so wounder why i can't use port 25...
<halvors> BTW: it should be back up now :)
<halvors> sarnold: You've got comcast as ISP?
<halvors> sarnold: If so i see your connection in /var/log/mail.log :)
<sarnold> halvors: yes :) woot.
<halvors> And you get thru on port 25, 465, and 587?
<sarnold> halvors: yes
<gucki> hi guys
<gucki> anybody knows what's the maximum length of a network interface name?
<jdstrand> yolanda: I am here
<yolanda> hi jdstrand, i wanted to do some clean on that package, but i wonder if that bug is too old? changelog numbers don't match
<halvors> sarnold: Shouldn't i be able to send mail not using STARTTLS or SSL/TLS, on port 587?
<halvors> Or do postfix only allow Plain on Port 25, STARTTLS on Port 587 and SSL/TLS on Port 465?
<sarnold> halvors: no idea :)
<escott> halvors, i wouldn't be surprised if it refused. many don't run anything on 25 so they would be unhappy is something unsecured just got shoveled through 587/465
<halvors> Ah ok, but is there a way to accept STARTTLS and SSL/TLS on port 25?
<raub> halvors: I believe you can control that in master.cf
<escott> halvors, whether or not it is possible depends on the SSL/TLS handshake. if it can begin with a simple HELO maybe
<jdstrand> yolanda: just download the current binaries and run lintian on them. if it is clean, close the bug, if not, then add a comment to the bug on what is still not clean
<yolanda> jdstrand, essex stable ones?
<jdstrand> yolanda: well, it would need to be against raring (ie, grizzly) at this point
<yolanda> oh, ok
<yolanda> understood!
<jdstrand> yolanda: the bug is targeted at 'nova' not a particular release of ubuntu
<jdstrand> and we don't usually fix linitan errors in stable releases
<yolanda> ok, so when it's that "nova" target it intends to be to the latest version?
<halvors> escott: Mostly thinking about my customers, since they think everything that is outgoing email is port 25.
<halvors1> sarnold: Seems like SSL/TLS works, just that client need to have a reverse dns record. But that's not common when using IPv6...
<halvors1> '
<halvors1> So i got this problem...
<sarnold> halvors1: there may be a way to disable that check
<halvors1> sarnold: Everyone got reverse for IPv4, but that's not common on IPv6...
<hallyn> zul: did you have any changes heading to raring libvirt soon, or sh ould i just push my debdiff for not setting up default autostart when 192.168.122.1 exists right now?
<halvors1> sarnold: May this be it? smtpd_senicder_restrtions = reject_unknown_sender_domain
<sarnold> halvors1: seems like it should be better named, if that's the one. I'd say keep looking...
<halvors1> sarnold: You mean like this: smtpd_sender_restrictions = reject_unknown_sender_domain
<sarnold> halvors1: oh, hah, thta does look like the point of that setting: http://serverfault.com/questions/319842/postfix-client-ip-reverse-dns
<uvirtbot> New bug: #1063177 in mysql-5.5 (main) "update MySQL 5.5.28" [Wishlist,Fix released] https://launchpad.net/bugs/1063177
<uvirtbot> New bug: #1079897 in walinuxagent (main) "walinuxagent mangles server identity and access on upgrade" [Critical,Confirmed] https://launchpad.net/bugs/1079897
<uvirtbot> New bug: #1083598 in vsftpd (main) "package vsftpd 2.3.2-3ubuntu4.1 failed to install/upgrade: ErrorMessage: Package is in a very bad inconsistent state - you should  reinstall it before attempting configuration." [Undecided,New] https://launchpad.net/bugs/1083598
<uvirtbot> New bug: #1083719 in open-vm-tools (multiverse) "open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/1083719
<uvirtbot> New bug: #1083407 in samba (main) "subtle upstart race condition with rc-sysinit scripts " [Undecided,New] https://launchpad.net/bugs/1083407
<uvirtbot> New bug: #1083513 in php5 (main) "installation IDN on PECL at PHP > 5.3 fails" [Undecided,New] https://launchpad.net/bugs/1083513
<uvirtbot> New bug: #1083542 in maas (main) "sudo dpkg-reconfigure maas-cluster-controller breaks" [Undecided,New] https://launchpad.net/bugs/1083542
<zul> hallyn: i have nothing
<uvirtbot> New bug: #1083155 in python-webob "Unable to set Content-MD5 header when using chunked transfer encoding" [Undecided,New] https://launchpad.net/bugs/1083155
<uvirtbot> New bug: #1083158 in zookeeper (universe) "package does not put startup script in /etc/init.d/ and also lacks an rc script" [Undecided,Invalid] https://launchpad.net/bugs/1083158
<hallyn> zul: ok, pushing.  hopefully i haven't missed some upgrade corner case...
<timrc> Hello, I've created a lucid container on a precise host, and I notice when I ssh into the container I get some locale problems that I don't get when I use the "console".  As an example, when I run bzr I get this: http://pastebin.ubuntu.com/1392843/
<timrc> Here is what I get when I ask Python what it thinks, http://pastebin.ubuntu.com/1392853/
<timrc> sudo locale-gen en_US.UTF-8 seems to "fix" the problem
<hallyn> what *is* that thing?
<hallyn> ANSI_X3.4-1968  that is
<timrc> no clue, to be honest
<hallyn> i'm building a lucid container right now...
<hallyn> stgraber: ^ look familiar at all?
<stgraber> timrc: apt-get install language-pack-en
<stgraber> hallyn: we don't have any langpack installed by default, that's the cause of this
<stgraber> hallyn: ssh passes your locale along, if the target server doesn't have it, then you get that kind of problem
<timrc> ah
<stgraber> hallyn: when logging in on the console, you just get the good old C locale, so nothing should attempt to do UTF-8 and you're "fine" (until you try to print anything that actually requires unicode)
<hallyn> aha :)  yeah i just got as far as reproducing it.  interesting
<stgraber> anyway, the fix is to have the template creation script to always install language-pack-en and any other locale you have outside the container
<hallyn> stgraber: thanks
<stgraber> I have a workitem to fix that for this cycle
<timrc> stgraber, I can confirm that does indeed work :)
<hallyn> really?  i don't remember that int he blueprint - excellent :)
<timrc> stgraber, thanks for the assistance
<stgraber> timrc: np
<stgraber> hallyn: I dumped a bump of LXC related workitems I had around after the session, that's one of them :)
<timrc> While I'm here, I'm trying to run livebuild inside of my lucid container and I keep failing at: W: Failure trying to run: chroot /path/to/chroot mount -t proc proc /proc -- When I try running the command manually I get a little more information, specifically that the the block device is write-protected, mounting read-only and that I can't mount block device proc read-only
<timrc> hallyn, stgraber: have either of you run into this?
<stgraber> timrc: that'd be apparmor preventing you from mounting proc or sys in the container for security reason
<stgraber> timrc: the easiest way to bypass this is to edit your container's configuration and uncomment the lxc.aa_profile line, setting it to unconfined
<stgraber> timrc: then restart the container and you won't have the problem again
<timrc> stgraber, is this a recent change? I don't recall having this issue a few weeks ago
<hallyn> not that recent
<timrc> hrm ok
<stgraber> timrc: however, after doing that, your container will be allowed to mount unprotected copies of proc and sys which can damage your host, so don't give access to that container to someone you don't trust with the host
<hallyn> actually, i was getting failures in debootstrappin ga debian unstable - on my HOST - at the mount proc part
<hallyn> but i didn't have time to delve deeper
<stgraber> timrc: that security has been introduced as of Ubuntu 12.04
<timrc> stgraber, That'd be my wife, thanks :)
<hallyn> "she's crafty"  ?
 * hallyn looks for the beastie boys cd...
<timrc> hallyn, she has a talent for breaking things.. she should be a product QA consultant
<hallyn> :)
<timrc> So this is a first... "disable app armour"... it's usually "disable selinux"
<stgraber> timrc: if this was some kind of public service, I'd have recommended creating a profile specific for this container under /etc/apparmor.d/lxc/ then set that profile as lxc.aa_profile. But if it's just for local hacking, it's probably not worth the time :)
<timrc> local hacking only, so yeah
<timrc> I honestly didn't give app armour any consideration, sadly, until you mentioned it though
<timrc> I need to be more cognizant of it in the future
<sarthor> HI, Before 12.04, where ever I used to configure the dns farwarders for my network in the ubuntu-server, I used to edit /etc/bind/named.conf.options and used to write there my dns, and in the resolve.conf was somthing like, "nameserver 127.0.0.1" Now the /etc/resolv.conf says, Do not edit by hand, Where to put that forwarders now?? please help.
<sarnold> sarthor: you could either have your dhcp server advertise the dns you want clients to use or you could stuff the directives in /etc/resolvconf/<something>
<uvirtbot> New bug: #1083824 in php5 "php5 UTF-8 bug" [Undecided,New] https://launchpad.net/bugs/1083824
#ubuntu-server 2012-11-28
<hallyn> zul: jamespage: any recommendations for getting wider testing of the qemu-kvm proposed packages in ppa?  I may just put up a blog post, wait 1 week, then push to raring...
<halvors1> Anyone got experience with roundcube on ubuntu 12.04
<halvors1> Ran into some problems configuring roundcube with apache...
<paco11> hello masters!
<paco11> i search to know if it exist a version of openldap for 12.04, more recent than the version openldap (2.4.28) package
<paco11> thanks very much!
<Danawar> What is a good way to trouble shoot why certain people cannot connect to my server some can connect others cannot
<sarnold> paco11: 2.4.28-1.1ubuntu4.2 looks like the most recent for 12.04 LTS; a newer version is in 12.10
<sarnold> Danawar: define "connect"
<Danawar> Teamspeak clients and minecraft clients some cannot resolve lagcraft.co.uk
<Danawar> Im gussing
<Danawar> Im not sure if it is a propergation problem or a setup problem
<sarnold> do your clients tell you the error message is "cannot resolve"? Or is their error message vague enough that you don't know what the real problem is?
<paco11> sarnold: can i install the 12.10 version (2.4.31-1ubuntu2: amd64 i386) on my 12.04 server?
<sarnold> paco11: check to see if -backports has a newer version compiled for the LTS release available, first
<Danawar> sarnold: minecraft doesnt give good error messages sadly =[
<sarnold> paco11: maybe it'd work no trouble, maybe it would be no end of trouble. :(
<sarnold> Danawar: ouch :(
<Danawar> Im wondering if .cloudflare. which i signed up to and added to my name servers today
<Danawar> Might be intercepting and droping the legit traffic
<sarnold> Danawar: how long was your dns cache time on your old dns hosting?
<Danawar> As it has had a good part of the day to propergate and people were using the teamspeak 2 hours ago
<Danawar> How would i find that out sarnold i use .cloudflare. freedns and brought the domain on 123-reg#
<paco11> sarnold: precise-updates: 2.4.28-1.1ubuntu4.2: amd64 i386 | precise-backports: Sorry, your search gave no results  :(
<sarnold> Danawar: do you have your old zonefiles?
<Danawar> sarnold: Sorry i wouldnt even know how to get these i am new to hosting websites and all these name servers =p
<sarnold> paco11: if you've got a problem with the 12.04 LTS version, you may wish to file a bugreport with your reason for wanting the newer one...
<sarnold> Danawar: ah. :) well, allowed cache times are quite often less than a day...
<paco11> sarnold: no, i don't have any problem, also, i want to use 'mdb' instead of 'hdb' backend
<Danawar> sarnold: i will wait a day so it has more time to propigate with cloadflare luckly the site is not mission critical just play about =D but i hope it doesnt take this long in the future because we have a dynamic ip :*(
<sarnold> paco11: that sounds like a reasonable enough problem :) the amount of effort to do an SRU may be more than you're willing to do, but still, filing a wishlist bug report won't take too long
<sarnold> Danawar: oh -- then make sure your current dns cache timeout is something short, like ten minutes or less.. it'll increase the load on your dns servers, but may save your users some real hassle in the future
<paco11> sarnold: a bug report to ask for the creation of the package 2.4.33 of openldap for 12.04 to use mdb?
<Danawar> sarnold: when you say my dns cache where is this located local machine or on my hosting company?
<sarnold> paco11: sure. it might be rejected, but if you provide a reasonable reason, it might yet start the SRU process rolling..
<sarnold> Danawar: they're located all over the world, at ISPs and in every end user's phone, laptop, desktop, etc. :)
 * Patrickdk wonders why people think dns *propigates*
<Patrickdk> I think dns is the only thing google hasn't started indexing
<sarnold> Patrickdk: I've been content to let that slight misconception sit, since it seems to do no real harm, and it's not too far from the truth anyhow
<Patrickdk> truth/how it's observed
<Patrickdk> but propigates also implies when the *master* is down, changes won't go away, but if ns servers go down, it will go away :)
<uvirtbot> New bug: #1014872 in mysql-5.5 (main) "no debug symbols for mysql-server" [High,Fix released] https://launchpad.net/bugs/1014872
<uvirtbot> New bug: #1062716 in mysql-5.5 (main) "Regression in privileges of mysql debian-sys-maint user" [High,Fix released] https://launchpad.net/bugs/1062716
<paco11> sarnold: i'm testing install openldap-2.4.31 from quantal, because i anylized that the depends packages are the same.....
<paco11> sarnold: libldap-2.4-2 is installed.....but to complete openldap-2.4.31 package, it's saying me libldap-2.4-2 is required.....it's crazy.....
<patdk-lap> did you insteall the -dev package?
<sarnold> patdk-lap: a package would depend upon the -dev?
<paco11> of libldap?
<patdk-lap> hmm
<Zal> Hi all. How can I get apt-get to non-interactively deal with this? http://bpaste.net/show/xQUhXWNFR019nMn4qYoO/
<Zal> (this is output from "apt-get upgrade -y"
<paco11> Zal: DEBIAN_FRONTEND=noninteractive aptitude safe-upgrade?
<Zal> ok, I've tried that environment variable, but not with aptitude, just with apt-get.
<Zal> Funny thing is, the script worked fine until today (I guess there was not an upgrade available until today?)
<sarnold> .. an upgrade that changed a configuration file that you had also changed
<sarnold> there's a simple dpkg --force-confnew or --force-confold but I don't know how to send thoes command line options through from apt-get ..
<Zal> aha, thank you sarnold. I tried force-confold too, no dice. I'll have to revisit those, maybe I did something wrong.
<TheGuy> Hey everyone
<Zal> Well, now that I understand the exact nature of the change in behavior, I can at least work around it if I don't find a direct solution.
<Zal> (basically by modifying that file *after* upgrade)
<Zal> thanks again sarnold, big relief. And thanks paco11.
<TheGuy> Got soem trouble with apache2 here, trying to set up 2 virtual hosts to host two sites on one machine and one IP, however the guides that all seem to say basicallyt the same thing for setup, do not result in working sites or configs for some reason
<tarvid> Do you have a stanza for each in sites-eneabled?
<TheGuy> Im wondering if there is something really basic im missing that i should do before these configurations are supposed to work
<TheGuy> I have a file in sites available, and used the a2ensite function to add them both, i imagine they should be there
<tarvid> could be but you did not answer my question
<TheGuy> because i hadnt read it yet lol
<tarvid> you should have two files one for each site
<TheGuy> corrrect
<TheGuy> whats the quick way to check files in the present directory
<tarvid> and they include a <VirtualHost 173.14.xxx.xxx>
<tarvid> ls
<tarvid> check sites enabled for sym links back to sites-available
<TheGuy> ok in sites eneabled i have 3 pages one is 000-default
<TheGuy> the other 2 are the ones i set up
<TheGuy> i better check on the virtual host thing, last time i tried supllying it with the WAN ip it errored out
<tarvid> And you have a NameVirtualHost 173.14.101.201:80 line in default
<TheGuy> now is that IP supposed to the servers specific lan IP or the WAN ip]
<tarvid> ooooooooooo now you are saying this machine is a router too
<tarvid> on my machine that is a public address
<tarvid> not really a WAN address
<TheGuy> now, its a regular server with a network card, the sites are to the WAN Ip and forwarded to the server
<TheGuy> via a router
<tarvid> Ah. And you want these visible on the outside (public)
<TheGuy> of course
<tarvid> then you have a router problem first
<TheGuy> im just wondering if server sidei t should be the network card's IP or the WAN ip
<TheGuy> idk about that, but you could be right, i navigate to the default site fine
<tarvid> netstat -an and see what the deault server is listening on
<TheGuy> lets just try this part out to see if it works, ive changed the virtualhost files to include the IP instead of a *:80
<tarvid> *:80 should have worked
<sarnold> I'd expect *:80 to work better...
<tarvid> simpler at least
<tarvid> you do jhave to use the fqdn of the sites to get apache to go to them
<tarvid> that is what name virtual host means
<tarvid> you may to rig some entries in hosts
<TheGuy> i have registered domain names, where would i add that to?
<Danawar> sarnold: with regards to my issue earlier i asked a guy to connect to he server and he was unable to also he tryed the website and that worked! O.o
<tarvid> where does dns point too?
<tarvid> to
<TheGuy> the WAN ip, my router basically, and that forwards traffic to the server
<tarvid> for the two added domain names?
<TheGuy> yes
<sarnold> Danawar: it's a real shame that minecraft mangles the error messages. it'd almost be worth writing a little tool that tries to connect to the same port that minecraft uses to try to get a real error message back.
<tarvid> and you can ping those fqdns
<TheGuy> i can double check but i set those up hours ago, i had to change the addreess as i moved physical locations, but both addreess or domain names should point o he current IP
<TheGuy> WAN ip that is
<Danawar> Indeed, port scanning the server returns the open port and other people are conncting some not which is relly strange
<tarvid> dig the domain names
<TheGuy> when i enter the doman name for eiher, it brings me to a default apache page, but not the respectful index.html files i set up for the specific virtual host directories
<tarvid> you could have the old IPs in cache, they could be stale on your dns server
<TheGuy> otherwise it would give me an error, as there is no server running apache at the old wan IP
<tarvid> http://superuser.com/questions/330586/apache-virtualhost-isnt-serving-a-page
<tarvid> I think you know what your are doing
<tarvid> just one detail off
<TheGuy> yeah, I mean its very strange that this is not working, im very confused abotu why it is not
<TheGuy> whats that?
<tarvid> wish I knew
<tarvid> I have 50 or so virtual sites running on Ubuntu 12.04
<tarvid> I don't mind sharing my config files
<TheGuy> that would be awesome
<TheGuy> ive been frustrated with what to do about this lol
<tarvid> send me an email - tarvid@ls.net, I'll reply with my config
<sarnold> TheGuy: .. have you reloaded the apache config?
<tarvid> good point service apache2 restart
<TheGuy> reloadied it twice, once after each change, i can try reloading it again though, wont hurt if it doesnt work
<sarnold> hehe, okay..
<tarvid> might loook in the log files to see if there were errors on the restart
<TheGuy> ahh, forgot to include the namevirtualhost directive, im not sure where that goes though
<TheGuy> said the two virtual hosts overlap and one takes precedence
<TheGuy> i set that in the 000-default conf right?
<tarvid> we are getting somewhere
<tarvid> 000-default is in sites-enabled, you should put it in sites-available
<tarvid> sites-available/default
<TheGuy> and what should i set for it, is there some special conf for have the two sites?
<tarvid> only one per IP in default
<tarvid> then there is an entry in each stanza
<tarvid> <VirtualHost 173.14.xxx.yyy:80>
<TheGuy> ok, so under the virtuahost *:80 i  set it, or do i replace that with namevirtualserver ?
<TheGuy> or do i set up two copies of this for each site in the default ? like have two complete virtual host  entires in the file
<tarvid> and then of course which file are we in - NameVirtualHost goes in default <VirtualHost goes in each stanza
<TheGuy> i am currently in the default of sites available
<TheGuy> and i see the default page i had copied and edited for the new siet configurations
<tarvid> I am downloading and sending you some files
<TheGuy> alrighty
<TheGuy> been quite a while trying to get this to work, i have a 3rd site for a non-profit to put up but i dont want to mess with it untill i can reliably run it lol
<TheGuy> and pardon me for a minute, smoke, you guys want some coffee?
<tarvid> check your mail
<TheGuy> go it
<tarvid> can I just delete the old kernels in /boot
<TheGuy> ok, isee how hats set up, list he ' NameVirutalHos direcives at he op first
<tarvid> In default, I use a few for obscure and not entirely rational reasons
<tarvid> Then there are two key lines in the domain stanza <virtual... and servername
<TheGuy> are these if mods going o be something necessary?
<GH0> How would I be able to add a mainline kernel to my build? https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1077547/comments/43
<uvirtbot> Launchpad bug 1077547 in linux "Kubuntu 12.10 Kernel issues" [Medium,Incomplete]
<GH0> Is there a specific repo or ppa that needs to be added? Or do I have to download the files manually and do everything that way?
<tarvid> Just one line in default and two in the domain stanza (three if you want to alias www
<TheGuy> i should specifiy the document roo though as well correct?
<tarvid> Yes
<tarvid> and the Directory
<GH0> Asking this in here due to: Linux server 3.5.0-18-generic Otherwise, I would as in the main ubuntu channel
<TheGuy> as well as the directory, changed to the directory that the files for each site are contained in respectfully to the files they are configured by
<tarvid> Apache will look for index.* in the document root
<tarvid> the options are overrides to those in default
<TheGuy> hmmm, it seems to be doing the same thing as before... strange, although you use a different directory for the files, mine are in var both e virtual site directories
<tarvid> I have no idea what that means but they need to be in user space
<tarvid> readable from apache and where you say they are
<tarvid> all rather real
<tarvid> like in /var/www?
<TheGuy> alright, i changed the default again, to have the namevirtualhost ip:80   and then i changed in the virutahost part just under it to the IP:80 and it gave me an error when reloading
<TheGuy> yes. they are in /var/www/example.com sort of format
<TheGuy> as the directories
<tarvid> I think the virtual part is right
<tarvid> /var/www/example.com is part of the directory for default
<tarvid> I'd put them in your home directory
<TheGuy> its warning that the name or service is not known, failed to resolve the servername for ..IP..  (check dns)  also, namevirutalhost *:80 has no virtual hosts (though i should have this part changed already
<TheGuy> hmmm, i have my raid set up to be accessed on the var direcory lol
<tarvid> /var/www is the document root for default
<tarvid> * is fine for virtuals
<tarvid> I think /var/www is good only for an info page for the server
<TheGuy> you know what, ill give that a go, i may have to reload the OS and mount the raid on the home directory, but im not sure why that would cause an issue in /var/ww/
<tarvid> /var/www is the default document root
<TheGuy> i had a single site fully functional on the direcory last week, but since ive been trying to figure this out it wont work wih a second virtual host for some reason
<TheGuy> i hate clearing the disks on my raid, takes hours lol
<tarvid> I keep copying a sites-available stanza that works
<tarvid> I hate RAID
<tarvid> Had a mirror array, one drive died and RAID would not switch automatically
<tarvid> then the other drive died
<TheGuy> yeah, i dont really need it for back up, since i can on my personal computer, but its an older server so i am testing a striped raid for faster reads/writes
<tarvid> bad idea
<tarvid> new hardware is cheap
<TheGuy> oh wow, i did have one disk go bad on me once, but i rebooted the server, got into the raid config and copied it over no problems
<TheGuy> bought this server for $100
<tarvid> $500 with an SSD
<tarvid> $105 too much
<TheGuy> where did you get yours?
<tarvid> I was given the RAID server
<tarvid> It over heated.
<TheGuy> all the ones im looking at would cost me over a $1000
<tarvid> Bought an expensive fan
<tarvid> Thanked the donor profusely. She smiled and said "free as in free cats".
<tarvid> In the bargain basement I pick up an old desktop from scottsbargains.com
<TheGuy> Ahh i see
<tarvid> for new kit newegg, cheap barebones, lots of RAM but I am about to switch to SSD
<TheGuy> yeah, webhosting isnt very demanding on hardware from what i can tell, most likely a bandwidth issue rather then hardware speeds
<tarvid> A new hudson in a book  sized case with RAM is well under $200
<tarvid> You are correct
<TheGuy> yeah thats where i was shopping, a server set up was looking to be about $1200, more with a barebone, and $600 more to fully fit out to my desire lol
<tarvid> give up your desires, all you need to do is shovel bytes from hard disk to Ethernet port
<TheGuy> but im looking into game hosting down the road, or similar functions, planning on running VMs, but one step at a time
<tarvid> You can stuff 8GB on a hudson for about $40
<tarvid> SSD will cure your disk transfer desires
<TheGuy> yes but will not cure my wallets butt hurt
<TheGuy> those are getting cheaper, but its something i have to consider heavily, as i do need disk space, im storing videos for one of mysite
<tarvid> stick the videos on Amazon, let the customer pay
<tarvid> http://washingtondc.craigslist.org/nva/syd/3376788154.html
<tarvid> But it is a mistake
<TheGuy> deffinately an option, got a flash player and videos all ready to go though, not hard to set that up on my site, but a youtube or amazon type of deal might be a good option
<tarvid> And YouTube is free
<sarnold> tarvid: heh, that's probably less than 1/10th the original price...
<tarvid> load average on my hudson is about 0.2
<tarvid> sarnold,
<TheGuy> huh, that is exceptionally priced
<tarvid> sarnold, and he has tons of big iron, all a mistake
<sarnold> tarvid: bought amd instead of intel?
<sarnold> tarvid: or .. how is it a mistake? :)
<zul> hallyn: emailing ubuntu-server/ubuntu-devel?
<tarvid> I bought AMD for the memory capacity
<tarvid> It is not a religion for me
<tarvid> I'd actually like to try some ARM arrays
<tarvid> massive arrays of CPUs excite me more than massive CPUs
<tarvid> and redundance beats RAID
<TheGuy> I had thought about buying a mostly consumer grade computer that supported ECC memory, Im not sure if thats really a viable option though
<tarvid> Consumer grade has generally fewer SPOFs and better reliability
<tarvid> Besides two are cheap
<tarvid> ECC never got me anything
<TheGuy> yeah, i've heard its mostly applicable to large databases and such
<TheGuy> but not worth it for smaller scale
<TheGuy> do the server cpus offer anythign extra in the areas of virtualization? (VMs? )
<hallyn> zul: ?
<tarvid> It takes a lot of bullshit and gullible customers to make money in the business
<tarvid> IBM is the historic example
<hallyn> i emailed ubuntu-server last week
<tarvid> but HP whores too
<tarvid> VMs are a processor feature
<TheGuy> hyper threading and hyper-V sort of thing, i think consumer grade procs can do this
<TheGuy> I ran VMware, VirtualBox etc. on a consumer comp
<tarvid> run LXC
<TheGuy> though i can't say my comp liked it much
<tarvid> still rough but more rational
<TheGuy> Im thinking using the VM method i may be better able to set up the sites lol, though it still baffles me why it isnt curently working
<tarvid> And you will have too, most of your VMs will consume resources and sit idle
<TheGuy> i suppose ic ould plug in the second ethernet cord for it, but im not sure that would be any easier
<tarvid> Centerton looks promising
<tarvid> it's been fun guys but time for me to get my feet up
<hallyn> zul: did you get the email i sent last week about qemu-kvm test pkgs?
<Danawar> sarnold: can dig lagcraft.co.uk +trace and let me know if there is any thing wrong with the name resolution?
<Danawar> or any one if sarnold is not arround i think i am having problems with my dns but dont know where :/
<hallyn> stgraber: so if we have an lxc-instance upstart job for each container, i wonder if it should respawn.
<hallyn> the problem with not doing so is that if it gets shut down and the admin does 'lxc-start' to restart it, then upstart won't now shut it down at reboot
<stgraber> hallyn: well, respawn would be a problem if you do a halt/poweroff from within the container
<hallyn> stgraber: lol
<hallyn> good point
<hallyn> then i think i'm ready to push this
<hallyn> no wait
<SpamapS> hallyn: lxc-start will still be sent a TERM then KILL at shutdown
<hallyn> sigh if we go this route i could see a bug coming in a few months saying lxc-start should check if the container is autostart, and use upstart if so
<hallyn> SpamapS: seems to be getting the sigPWR i asked for it to be sent
<stgraber> well, I really see it as a distro thing, we'll now manage our auto started containers with upstart
<hallyn> stgraber: it's jsut that hand-starting the lxc-instance job is a lot more annoying typing
<stgraber> if someone wants to have an upstart managed container post-boot, they'll need to do: initctl start lxc-container NAME=container-name
<hallyn> SpamapS: but you're saying at the last moment.  right
<hallyn> stgraber: right (or just 'start lxc-container NAME=name' :)
<SpamapS> stgraber: perhaps have a 'lxc-start-auto' job that starts all the instances marked for auto
<hallyn> yeah i think we'll need something like that
<stgraber> well, don't we have that anyway (our main lxc job)?
 * SpamapS prefers assertions to instructions
<hallyn> stgraber: but we dont' want to shut down the still-runnign ones
<stgraber> hmm, right
<SpamapS> right, you want to say "make sure all the ones that should be started, are.
<hallyn> but, this sounds solvable later?  may as well push the lxc-instance job now?
<stgraber> yeah, that sounds like minor implementation details for a limited set of our users, so we can deal with it later
<hallyn> thanks guys.  good night.
<stgraber> ideally we'd have some way to allow for someone to "start" the lxc job again without having to stop it first, in which case it'd just start whatever containers aren't started yet. But I can't think of a way to do that with upstart.
<stgraber> and last I checked we don't have a reload/restart stanza we could use for that (restart does stop+start and reload does SIGHUP on the tracked pid)
<SpamapS> status lxc-instance NAME=container-name | grep -q '^start' || start lxc-instance NAME=container-name
<hallyn> SpamapS: that's not the question.  the question is where do we put such a command
<hallyn> such that "<someaction> lxc" would have upstart trigger them
<hallyn> where someaction==restart and someaction==reload wont' work
<SpamapS> hallyn: that seems like the main script portion of a task that is specifically meant to start auto containers
<hallyn> SpamapS: and how do we then trigger it?
<hallyn> oh
<hallyn> right, another separate task to do that.  that's what i was saying above...  not ideal, but...
<SpamapS> I don't see why its not ideal
<SpamapS> such is the way of upstart.. to every task, its own conf
<SpamapS> very zen
<hallyn> oh hey!  while hyou're here,
<hallyn> IIUC we should avoid using /etc/default/foo,
<hallyn> and instead put envs in /etc/init/foo.conf right?
<hallyn> how does dpkg handle conflicts then on pkg upgrades?
<SpamapS> its a conffile
<SpamapS> if you want it to be generated (and thus not subject to conffile handling) you can do that by generating it in postinst
<hallyn> no, ideally what i probably want is customizatoins to be done in .overrides, but ok, i just wanted to make sure i wasn't goin gto make a faux-pas in qemu
<hallyn> thanks, good night again :)
<lvmer> Anyone got a recommendation for a JOBODs card? (just a bunch of disks). So I can sw raid 10 sata hdds on a 6port motherboard. I'm lost in the choices. & I want to make sure it's ubuntu compatible.
<SpamapS> lvmer: LONG ago, I had great luck with 3ware for the cheap side
<SpamapS> lvmer: its a "real" RAID and you can get them in the highest and lowest bus speeds.
<lvmer> ok I'll check them out. I'm going to be doing sw = software raid, so I'd like to avoid hardware pci-e raid costs if possible. or limit them.
<lvmer> I know I can 90% of the time - turn them off and run in JBOD mode but why get it in the first place xD. But idk if I can do jbod on a port multiplier card. It's all just so complicated & this tiny part is the only thing holding me back from putting up my 3rd (much larger) file server
<lvmer> spamaps: does something like this make sense?: http://www.amazon.com/SAS9211-8I-8PORT-Int-Sata-Pcie/dp/B002RL8I7M/ref=pd_cp_pc_0
<lvmer> well I'm sorry I'm so lost. But google / forums aren't getting me anywhere. So I've got to ask - what would be a problem with something like this: http://www.newegg.com/Product/Product.aspx?Item=N82E16816124028       it's like $200 cheaper? Would sw raid still be ok?
<lvmer> I have no plans to boot off of it. I keep the OS separate from the RAID file server. If that helps.
<noliverh> how to change an ip address using terminal?
<wutamidoin> need halp
<chilicuil> noliverh: you can use $ sudo ifconfig ethX IP
<wutamidoin> trying to setup apache2 with ssl on amazon EC2
<noliverh> chilicuil: how about their dns and gateways?
<noliverh> how can i put them in?
<chilicuil> noliverh: for the gw, you can use: $ sudo route add default gw IP # and for the dns, you can edit $ sudo vim /etc/resolv.conf
<wutamidoin> (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
<chilicuil> noliverh: that's just for testing purposes, you may want to edit $ sudo vim /etc/network/interfaces # to set permanent values
<noliverh> chilicuil: how can see my gateway using ifconfig?
<noliverh> i mean... i cant see my gateway
<noliverh> im installing a ubuntu server now
<noliverh> i want it to be my PDC
<chilicuil> noliverh: you can see it by running $ route
<wutamidoin> anyone?
<noliverh> wow! thanks
<noliverh> do i have to put a dns in my server since this already its ip address?
<chilicuil> noliverh: I'd suggest to do it
<noliverh> what is vim?
<noliverh> is this an editor?
<chilicuil> noliverh: yep, it's an editor, use $ nano instead if you had never heard about vim
<noliverh> chilicuil: im already in vim... how to get out of it?
<noliverh> :D
<noliverh> ok... how can i save it?
<chilicuil> noliverh: type ":wq"
<chilicuil> noliverh: if you're already editing u'll need to press <Esc> before trying to enter ":wq"
<noliverh> chilicuil: how to save in nano?
<noliverh> :D
<chilicuil> Ctrl-s , but I'm not sure, you should be able to see the shortcuts at the bottom of your screen
<noliverh> there's no save here...
<noliverh> ill try
<noliverh> why is it error writing: permission denied
<TheLordOfTime> noliverh, are you trying to write to a super-user-protected area?
<TheLordOfTime> say, /etc/ ?
<noliverh> yup
<noliverh> aws... i forgot the sudo
<TheLordOfTime> did you open it with sudo?
<TheLordOfTime> :P
<noliverh> okies
<noliverh> :D
<noliverh> then, how to show my dns?
<noliverh> chilicuil: what you mean by permanent values?
<noliverh> i want this to be my pdc
<noliverh> so i set up a dns here?
<noliverh> what should be done next?
<chilicuil> noliverh: the values u set up with $ ifconfig, route and editing /etc/resolv wont survive a reboot, if you want permanent values, so your server get the same ip/gw/dns on every restart, you can edit /etc/network/interfaces https://help.ubuntu.com/12.10/serverguide/network-configuration.html
<chilicuil> noliverh: once you confirm the values u've just tested works for you, I'd suggest write them in /etc/network/interfaces
<noliverh> chilicuil: okies... matsalams... :D
<chilicuil> noliverh: (=, gl, I'm leaving
<sarnold> Danawar: http://paste.ubuntu.com/1393796/
<caribou> jamespage: morning
<jamespage> morning caribou
<caribou> jamespage: I got a noob question for you regarding walinuxagent SRU
<caribou> jamespage: how should I go about backporting the fix ? Here is my theory :
<caribou> jamespage: get the diff from raring-proposed, try to apply the diff to both P & Q
<caribou> jamespage: or manually modify if needed
<caribou> jamespage: does that make sense ?
<jamespage> caribou, personally I would branch the version in raring; and then backport it in full to precise and quantal
<jamespage> using ~ubuntu12.04.1 and ~ubuntu12.10.1 respectively to deal with upgrades
<jamespage> caribou, we need the new version of walinuxagent in those two releases anyway for HE
<jamespage> (Hardware Enablement)
<caribou> jamespage: interesting, I was instructed otherwise on another SRU I did with smoser & utlemming
<caribou> jamespage: but this was for grub2 which can't simply be retrofitted to earlier versions
<jamespage> caribou, let me check what I did for the last SRU for this package
<caribou> jamespage: I'm still familiarizing myself to doing the actual SRU backport effort
<caribou> jamespage: Precise already has a -proposed branch with one of your merge :
<caribou> jamespage: Backport for enablement of Windows Azure IaaS platform in
<caribou> Ubuntu 12.04 (LP: #1014864)
<jamespage> caribou: yeah - I was just looking for that
<jamespage> we did a straight backport to 12.04 of the version from 12.10
<jamespage> using the ~12.04.1 suffix in the changelog
<jamespage> zul: cinder branch fixed up in distro now
<caribou> jamespage: so doing a straight backport from raring to 12.04 & 12.10 would sync up all releases
<jamespage> caribou, yep
<caribou> jamespage: ok, precise-updates & precise-proposed branches are identical
<jamespage> caribou, good
<caribou> jamespage: bear with me as I'm not sure if I get the bzr cuisine right :
<caribou> jamespage: Am I right to consider that it is only a matter of doing  a "bzr branch" of the raring-proposed tree, fix the changelog, test and if ok, do a merge proposal ?
 * jamespage thinks
<jamespage> caribou, I'd branch the precise branch and then merge in the raring branch so that you keep the changelog history for precise
<jamespage> and then add a new backport entry for the SRU
<caribou> jamespage: ok, I'll try that
<jamespage> adam_g, roaksoax: so I spent some time this morning reviewing the haproxy/openstack API server approach
<jamespage> it feels really clunky with an external haproxy instance and very complex/fragile
<jamespage> I think I prefer adam's original suggestion that we should embed haproxy into each of the charms
<jamespage> using keepalived + haproxy in that configuration will provide a nice lightweight solution to this problem with closer configuration to the parent service
<jamespage> without requiring additional units....
<lexo_> hi all
<lexo_> i've a problem on software raid
<FauxFaux> Cool!
<lexo_> Unable to boot degraded RAID-1 array from second disk (sdb) if fisrt disk is unplugged (sda)
<FauxFaux> Do you have boot_degraded enabled?
<lexo_> sda must be change of course
<lexo_> yes
<lexo_> i've grub menu
<FauxFaux> So what error do you get?
<lexo_> no error, server reboot
<FauxFaux> Immediately after the grub menu?
<lexo_> grub menu -> wait 1s -> server reboot
<lexo_> yes
<lexo_> if i re-plug sda, boot work fine
<lexo_> on ubuntu 12.04 LTS
<FauxFaux> That sounds odd, /me has no idea.
<lexo_> :(
<lexo_> partitions are GPT
<Danawar> Can any one give me the locations of 2 easy to follow guides for updating both php and mysql?
<FauxFaux> What upgrades are you thinking of that aren't caught by your normal upgrades?
<Danawar> I ran a nexpose and it said my php and mysql were both not the newest versions with a lot of critical vulnerabilities on both!
<FauxFaux> Sounds like you're not doing normal upgrades.
<lexo_> for PHP 5.4 ppa:ondrej/php5
<FauxFaux> Danawar: Have you ever run "sudo apt-get update && sudo apt-get upgrade"?
<Danawar> I run both those
<Danawar> and i have just added ppa:ondrej!
<Danawar> Before i asked about it
<Danawar> Mysql seems more complicated
<Danawar> acording to guides i have found :/
<FauxFaux> apt-cache policy mysql-server #?
<Danawar>   Installed: 5.5.28-0ubuntu0.12.04.2
<Danawar> Im novice with server administration which is why i am trying to learn =D
<FauxFaux> That's the latest released version of mysql.
<FauxFaux> http://dev.mysql.com/downloads/mysql/ "MySQL Community Server 5.5.28".
<caribou> jamespage: Regarding walinuxagent, should I use version 1.1-0ubuntu2~12.04.1 (current is 1.1-0ubuntu2) or 1.1-0ubuntu3~12.04.1 ?
<FauxFaux> So whatever is warning you is looking in the wrong place.
<Danawar> FauxFaux: Thanks i will recheck with tester see if some of those warnings disapear
<Danawar> I added a few ppas so that might have solved it without me knowing!
<jamespage> caribou, 1.1-0ubuntu2~12.04.1
<jamespage> that ensures that people upgrading get the new package when they move to quantal or folsom
<Danawar> I had added for PHP 5.4 ppa:ondrej/php5 and did my update and upgrade but still it is using old php not the new one! any reason why this could be ? :D
<Danawar> When trying to update it says this - http://pastebin.com/J9wnFcfz
<caribou> jamespage: ok, thanks
<caribou> jamespage: does this looks ok to you ? http://paste.ubuntu.com/1394506/
<caribou> jamespage: the only thing that bugs me a bit are the references to rarring/quantal in the changelog.
<caribou> jamespage: should I worry about that ?
<caribou> jamespage: oh, but you won't see that in the pastebin
<Daviey> jamespage: around?
<caribou> Daviey: he was earlier today. I'm also looking for him
<Daviey> yeah
<smoser> caribou, what did i do wrong?
<smoser> or what did i advise wrong?
<tga> greetings, anyone here running Cherokee?
<tga> for some reason I can't get it to serve php out of vdirs
<caribou> smoser: ? oh, must must refer to my question to jamespage earlier
<jamespage> Daviey, am now
<smoser> oh. i see.
<caribou> smoser: it wasn't wrong, but I was asking about how to backport the latest walinuxagent modifications to precise/quantal
<caribou> smoser: you had suggested to only backport the one fix that utlemming had made but this was for grub2
<caribou> smoser: jamespage proposed to merge the whole walinuxagent from raring, since there was a version upgrade + a fix
<jamespage> I did indeed
<smoser> ah. yeah. that is possibly acceptable for walinuxagent
<smoser> but would not have been appropriate for grub
<caribou> smoser: in the previous case, I suppose that avoiding a complete backport of the whole grub2 was in our best interest
<caribou> jamespage: please ping me when you're done with Daviey
<Daviey> jamespage: too late :)
<caribou> jamespage: I have a question regarding the Pre-depend for walinuxagent-data-saver when you have a minute
<Daviey> jamespage: did that SRU get processed btw?
<Daviey> caribou: just ask, you'l get a quicker response
<caribou> Daviey: you mean the walinuxagent SRU ?
<Daviey> caribou: yeah
<caribou> Daviey: I'm working on it
<caribou> jamespage: here is what I get when I test on Azure : http://paste.ubuntu.com/1394634/
<Daviey> ugh
<Daviey> doesn't look good
<caribou> dpkg complains about the Pre-depend, but apparently the walinuxagent gets installed correctly
<invariant> Is there a HOWTO for setting up a postfix server which explains every step about the dpkg-reconfigure postfix process?
<caribou> Daviey: yeah, I know,but I don't get that when testing on Raring
<invariant> I find the Ubuntu server documentation to be very lacking.
<Daviey> At least you found it invariant :)
<invariant> I am considering to just build postfix from source and not use any of the management tools.
<Daviey> invariant: did you see https://help.ubuntu.com/community/PostfixBasicSetupHowto
<invariant> I don't like magic.
<Daviey> erm, building from source will not make your life any easier
<Daviey> It will be harder, and less secure
<invariant> Daviey, then I can use the official documentation.
<Daviey> invariant: if you think that is the best way, ok.. But i strongly discourage it.  Have you worked out how you will keep security updates done?
<invariant> Daviey, one person told me that I needed both Postfix as a MTA and also a separate MDA.
<invariant> Daviey, it now appears that Postfix can be both.
<invariant> Daviey, in short, there are a lot of people who say conflicting things.
<invariant> It would be nice if there would be some source that actually contained the truth.
<greppy> invariant: if you want to use more than just a local mailbox, you will need an MDA, like dovecot or uw-imap
<hallyn> zul: hey
<zul> hallyn: whats up
<hallyn> zul: wondering what you meant last night by emailing ubuntu-server and ubuntu-devel
<zul> hallyn: about your qemu-kvm testing wasnt it
<hallyn> zul: ok (wasn't sure)  i did email ubuntu-server last week though
<hallyn> maybe i should send anohter to ubuntu-devel
<zul> hallyn: ah i dont remember seeing it
<hallyn> well crud
 * hallyn checks archives to make sure
<hallyn> d'oh!  it's not there!
<hallyn> ok, resending.  crap.  thanks
<Daviey> hallyn: what are you looking for?
<jamespage> caribou, you have to install then in order when using dpkg - the pre-depends only works when installing using apt from the archive
<hallyn> Daviey: an email which apparently was eaten by a grue
<hallyn> zul: do you think is hould email ubuntu-devel as well then?
<caribou> jamespage: yeah, I sort of suspected that. I tested on raring and didn't get the error
<zul> hallyn: yeah since users other than server users use qemu-kvm :)
<Daviey> hallyn: eek
<hallyn> zul: ok, thx
<caribou> jamespage: one last question; does that changelog looks ok to you : http://paste.ubuntu.com/1394506/
<caribou> jamespage: wait, sorry wrong pastebin
<hallyn> all right, (re-?)sent
<caribou> jamespage: here is the proper one : http://paste.ubuntu.com/1394679/
<caribou> 1st of all, is the new section correct ? 2nd whould we keep references to raring in to the precise changelog ?
<caribou> jamespage: if all that is ok, I'll push the merge proposal for P & Q
<hallyn> mdeslaur: is there a way that i haven't found to specify in virt-manager that a VM should be backed by hugepages?
<hallyn> i assume not, just making sure...
<mdeslaur> hallyn: I don't think so
<hallyn> thanks
<jamespage> caribou, not quite; I'd leave the latest raring changelog entry intact and add a new one for the backport as I did for 1.0~git20120606.c16f5e9-0ubuntu2~12.04.1
<caribou> jamespage: ok, will look at that
<jamespage> we can include the raring changes in the .changes source file when its uploaded so the SRU team can see the full history
<hallyn> stgraber: hm, i do see a regression inadvertently reintroduced in lxc github by my seccomp commit.  bad manual cherrypick it looks like
<stgraber> hallyn: that or I screwed up the rebase, either way, would be nice if you could push the fix again :)
<hallyn> stgraber: coming :)
<ruben231> guys any idea on this error when i try to install with php5-dev  on ubuntu-server 12.04 LTS ---------> http://pastebin.com/u7xKTB0x
<caribou> jamespage: For precise, which branch should I propose the merge to ? precise-proposed or precise-updates ?
<jamespage> caribou, either
<hallyn> pushed to staging
<ruben231> any idea guys
<ruben231> ..???
<uvirtbot> New bug: #959308 in testdrive (main) "kvm does not generate a system uuid by default" [Low,Fix released] https://launchpad.net/bugs/959308
<uvirtbot> New bug: #1074418 in libvirt (main) "qemu:///sessions fail, when libvirtd hasn't been started properly before" [High,In progress] https://launchpad.net/bugs/1074418
<uvirtbot> New bug: #1084028 in openvswitch (main) "openvswitch based interfaces not started in time during boot" [Undecided,New] https://launchpad.net/bugs/1084028
<uvirtbot> New bug: #1084089 in lxc (universe) "lxc-clone shouldn't add fstab line if it wasn't there originally" [Medium,Triaged] https://launchpad.net/bugs/1084089
<caribou> jamespage: ok, both Merge Proposal are now done. What do I need to do next?
<hallyn> stgraber: hm, the fix in our package (different from the upstream one) is wrong though - it assumes lxc.mount always is the fstab, but will delete the lxc.mount.entries
<hallyn> ruben231: sudo apt-get update; sudo apt-get install -f should work hopefully
<hallyn> oh i see, and that explains fstab showing up in the guy's clone.  now it makes sense
<jamespage> caribou: point me at them
<caribou> jamespage: precise : https://code.launchpad.net/~louis-bouchard/ubuntu/precise/walinuxagent/walinuxagent-lp1079897/+merge/136698
<caribou> jamespage: Quantal : https://code.launchpad.net/~louis-bouchard/ubuntu/quantal/walinuxagent/walinuxagent-lp1079897/+merge/136699
<rober> Hi, can l install ubuntu server on a HP- L-360   via SmartStart??
<ruben231> hallyn: still the same
<TheGuy> hmmm, well i got my multiple site configuration set up, its a workaround for the virtualhosts config as that wasnt working
<hallyn> ruben231: just worked for me in a fresh uptodate precise container.  maybe try 'sudo apt-get dist-upgrade' in there too?
<hallyn> otherwise, start digging itno why libssl-dev doesn't want to install.
<hallyn> maybe 'apt-cache policy libssl-dev'
<ruben231> http://pastebin.com/yEMZuc6F
<ruben231>  hallyn: i can install php5-dev and this one ---> apt-get install libmysqlclient15-dev --->apt-get install libncurses5-dev
<hallyn> you *can*?
<ruben231> i mean i cant
<hallyn> what happens when you apt-get install libssl-dev ?
<ruben231> http://pastebin.com/TSA2EEcM
<ruben231> thats the output
<roaksoax> Daviey: howdy!
<roaksoax> Daviey: so I'm preparing the SRU of yui3 to precise (which would make it a new package)
<hallyn> stgraber: zul: libvirt is introducing libvirt-lxc code for shutdown initiated over /dev/initctl
<Daviey> roaksoax: Hey
<Daviey> roaksoax: ok
<hallyn> in case you wanted to take a look
<zul> hallyn: yeah i saw yesterday right?
<roaksoax> Daviey: should I just file a nomral SRU bug, adapt version to 3.5.1-1ubuntu3~12.04.2?
<ruben231>  hallyn: any idea.?
<roaksoax> Daviey: and upload?
<Daviey> roaksoax: err, .1
<hallyn> zul: showed up in my mbox only today
<roaksoax> Daviey: alright, then thanks :)
<Daviey> roaksoax: sounds good.  Make sure the version is lower than release+1.. and no conflicts required
<hallyn> ruben231: no.  do you ahve some ppa's installed?  that pkg installs fine for me...  i mean yes, the idea is keep trying to manually install the package it says it won't install until you get more info
<hallyn> (i.e. next try apt-get install zlib1g-dev)
<roaksoax> Daviey: will do. just wanted to make sure there were no other procedures needed to be followed since this is introducing a 'new' source to precise
<Daviey> roaksoax: TBH, it's such a rare thing.. the process isn't exactly documented
<stgraber> hallyn: because using our change in the kernel would have been way too easy?
<Daviey> roaksoax: I'd need to check myself, about publishing directly to main.
<hallyn> stgraber: no they support that too.  maybe not correctly, not sure.
<hallyn> oh, well rhel is on older kernels, maybe they want to support those
<roaksoax> Daviey: indeed! The SRU policy does cover hardware enablement for new packages, so i guess it would indeed a similar process
<ruben231> hallyn: still the same ------->http://pastebin.com/tPqCZhkb
<hallyn> ruben231: keep going until you get something different.  though i suspect you'll learn more in the next step, when you try to apt-get instll libc6-dev
<hallyn> stgraber: any other changes to queue up right now to lxc?
<ruben231> still error---------------->http://pastebin.com/ydXbJJgd
<stgraber> hallyn: can you add an explicit apparmor deny for /sys/firmware/efi/efivars/**?
<stgraber> hallyn: read access isn't a good idea, so I'd prefer we block everything for now
<hallyn> stgraber: ok
<uvirtbot> New bug: #1084141 in yui3 (main) "[SRU] yui3 to precise" [High,New] https://launchpad.net/bugs/1084141
<uvirtbot> New bug: #1084146 in raphael (main) "[SRU] raphael new upstream release (2.1.0)" [Undecided,Fix released] https://launchpad.net/bugs/1084146
<hallyn> stgraber: (following a comment in #juju) do you think it would be worthwhile to add a LXC_DEFAULT_POLICY to /etc/default/lxc so admins could select undefined as the default?
<hallyn> i dont' want to add needless complexity just to make things fragile though...
<roaksoax> Daviey: ok, just uploaded yui3 and raphael to precise-proposed
<stgraber> hallyn: I'd rather not encourage people to turn off apparmor
<roaksoax> Daviey: when you have the time, could you also process isc-dhcp (precise-proposed), python-tx-tftp (quantal-proposed), and django (precise-proposed) which have all been verified
<Daviey> roaksoax: remind me in 1hr? :)
<roaksoax> Daviey: sure thing
<roaksoax> :)
<adam_g> jacalvo: wondering what you found fragile about doing load balancing externally vs 'locally'. i agree teh current haproxy charm is clunky in the way it gets configured
<adam_g> er
<adam_g> jamespage: ^
<jamespage> adam_g, maybe fragile was not the right word - complex might be more appropriate
<jamespage> clunky is good as well
<jamespage> adam_g, I nearly have a working keystone charm using haproxy and keepalived internally to provide ha
<adam_g> jamespage: okay, cool. if thats the approach we take ill adapt the others to fit that model
<jamespage> adam_g, ack
<hallyn> smb: stgraber: JINKEYS!  ran into the netdev freeeing problem on uptodate raring!
<roaksoax> jamespage: hold on... i was writting a keepalived charm
<roaksoax> :)
<roaksoax> jamespage: and the hacluster charm also supports haproxy
<jamespage> roaksoax, w00t!
<jamespage> roaksoax, otp - give me 5
<roaksoax> jamespage: the reason why I decided to go for hacluster instead of keepalived is because keepalived won't scale, so if you'd like to have 2 standby nodes, it won't work
<roaksoax> jamespage: and the ha stuff i thought that the stuff I was working on included haproxy apart from quantum
<jamespage> jamespage, yeah - its does; I just wanted to get closer to the issues this week so I understood in more detail
<jamespage> roaksoax, rather ^^
<hallyn> i'll try the mainline kernel build
<roaksoax> jamespage: i think we should catch up and decide who's gonna work in what so we don't duplicate work
<jamespage> roaksoax, lets do that now then
<roaksoax> jamespage: alrgith
<roaksoax> jamespage: g+ or something?
<jamespage> roaksoax, yep
<roaksoax> jamespage: can you send me the link?
<roaksoax> it rings on my phone :)
<hallyn> oh maybe it wasn't the latest kernel - grub was fooling me.  well we'll see if upstream does it anyway
<Danawar> Hey if apache shows a directory listing instead of my zpanel page there is the problem most likly to be?
<uvirtbot> New bug: #1084178 in autofs (main) "auto.net does not handle mutliple mount points from a remote" [Undecided,New] https://launchpad.net/bugs/1084178
<RoyK> Danawar: php not installed?
<Danawar> RoyK: good point let me check: no, but i think you are close because i updated to php 5.4.9-1
<RoyK> check if the apache php module is activated (if you're running apache, that is)
<RoyK> oh, you are...
<Danawar> Are you looking at the site RoyK?
<RoyK> erm - no - what site?
<RoyK> I just saw you wrote 'apache shows...'
<Danawar> "RoyK: oh, you are..." :P
<Danawar> confused me a bit
<RoyK> AFAICT you haven't posted a URL ;)
<Danawar> Just thought you looked at my ip or somthing :P
<RoyK> no, I just missed what you said in the first place
<Danawar> Just trying to google the command to enable php on apache
<RoyK> check /etc/apache2/mods-enabled/
<RoyK> a2enmod btw
<RoyK> that simply makes a symlink from /etc/apache2/mods-available/ to /etc/apache2/mods-enabled/
<Danawar> Does not exist
<RoyK> and probably does a apache2ctl graceful
<Danawar> php5 conf and lib exists
<Danawar> ohh yse
<Danawar> a2enmod forgot all about that :D
<Danawar> but i think it is already loaded any way
<RoyK> make a test.php with '<?php phpinfo(); ?>' and try to view it
<Danawar> as there are the 2 files in there
<RoyK> i mean - try to access that test.php from a browser
<RoyK> should show you information about the php version installed
<Danawar> ohh wait
<Danawar> i just removed www folder
<Danawar> because that was my old web stuff
<Danawar> and now i get page not found
<Danawar> instead of my zpanel domain
<Danawar> so apache is no using zpanel !
<Danawar> i dont think it is php related but i will do info now!
<RoyK> probably some references to that dir in the apache config, then
<Danawar> i added the included they asked me to at the bottom
<Danawar> The php info works
<RoyK> create a test dir with an index.php file - check if that index file is used
<RoyK> the test.php file will work
<RoyK> just rename it
<Danawar> It gives directory listing
<Danawar> I lie
<Danawar> i put a capital I my bad
<Danawar> It works with index.php
<RoyK> ok
<Danawar> Must be the damn apache config got broke when apache updated
<Danawar> So it doesnt see zpanel
<Danawar> Luckly
<Danawar> i think it made a back up, which doesnt work
<RoyK> is this a separate virtualhost?
<RoyK> if so, just change its DocumentRoot
<Danawar> Sorry im not to savy :D
<Danawar> but yes i think it is somthing to do with document root
<Danawar> as thats rings bells
<Danawar> where is the setting for document root? in apache.conf?
<RoyK> very little is in apache.conf on ubuntu
<RoyK> most of it is in /etc/apache2/sites-enabled/000-default or in other virtualhosts
<RoyK> that is, very much is in apache.conf, but little you will need to change
<Danawar> I can only find #ServerRoot "/etc/apache2"
<Danawar> In the apache config whil looking for root
<RoyK> well, there's no point in removing /var/www - it doesn't take up much space anyway
<Danawar> I just removed it for testing
<Danawar> The new config
<Danawar> Has Include sites-enabled/ which the old one did not should i remove it?
<Danawar> The other one that is in both is Include /etc/zpanel/configs/apache/httpd.conf
<RoyK> sorry - I don't know zpanel
<Danawar> Also if i try to use the old config it fails trying to find Include httpd.conf
<RoyK> !zpanel
<Danawar> as i think it was removed in the new apache
<roaksoax> Daviey: Don't forget to process isc-dhcp (precise-proposed), python-tx-tftp (quantal-proposed), and django (precise-proposed) which have all been verified
<Danawar> RoyK: All i can see its doing is instead of going to /var/zpanel/####/website/index.html it is going to /var/www
<RoyK> then you probably need an Alias directive in the apache config
<Danawar> How do i go about doing that? :P
<RoyK> probably in /etc/apache2/sites-enabled/000-default
<RoyK> look in there :)
<COrdel^> i am gay and need spiritual advice
<RoyK> COrdel^: is it related to an ubuntu server? ;)
<COrdel^> nah
<patdk-wk> reverse trap?
<COrdel^> i am going to win powerball tonight and wont need ubuntu server
<roaksoax> jamespage: https://code.launchpad.net/~andreserl/charms/quantal/haproxy/hacluster-support
<roaksoax> jamespage: https://code.launchpad.net/~andreserl/charms/quantal/haproxy/hacluster-support
<roaksoax> err
<roaksoax> jamespage: https://code.launchpad.net/~andreserl/charms/quantal/quantum/hacluster-support
<roaksoax> jamespage: https://code.launchpad.net/~andreserl/charms/quantal/hacluster/trunk
<roaksoax> this is before refactoring
<Danawar> I get this when i restart apache now xD http://pastebin.com/TVQcdih3
<Danawar> Im terrified that im going to have to start from scratch again :P
<Danawar> I wish i knew a better free panel other than zpanel
<RoyK> Danawar: I beleive you should look into how Apache is configured on ubuntu - it looks like you added a new alias for one already in /etc/zpanel/configs/apache/httpd.conf, and you may have done something funny in /etc/apache2/sites-enabled/000-default
<jamespage> roaksoax, adam_g: lp:~james-page/charms/quantal/keystone/haproxy-support
<roaksoax> jamespage: cool thanks
<Danawar> RoyK: i followed my old install guide
<Danawar> and it says 	edit /etc/httpd/conf/httpd.conf change Docroot to: 	DocumentRoot "/etc/zpanel/panel"
<Danawar> But i never found where this was
<RoyK> sounds like it was written for redhat
<RoyK> ubuntu/debian and redhat/centos/fedora are quite different in the terms of placing config files
<RoyK> or naming them...
<roaksoax> jamespage: ok, I get it now. SO I can simply integrate hacluster as a subordinate and pass all the info over the ha relation
<roaksoax> jamespage: i'll work on it tomorrow and see what happens
<adam_g> jamespage: deploying the ceph charm to precise requires a cloud archive version to integrate with openstack?
<halvors> What excactly is postfix chroot?
<RoyK> halvors: chrooting the whole postfix installation so to make it harder to mess up a system in case of a buffer overflow etc
<adam_g> zul: http://people.canonical.com/~agandelman/keystone_2012.2-0ubuntu1.2~cloud0/
<adam_g> jamespage: ^
<RoyK> Danawar: if this machine (or vm) is only for zpanel, I'd suggest you start over, either with docs on installing zpanel on ubuntu, or by using centos or something
<adam_g> for upload to staging
<Danawar> Hey RoyK thanks for all your help
<Danawar> I followed the setup guide and there is a small php script
<Danawar> That does some stuff i didnt actulary look into
<Danawar> And it fixed it :)
<Danawar> GG =]
<zul> adam_g: looks good to me
<RoyK> Danawar: goodie ;)
<Danawar> Now just to fix everything else i broke O:-)
<RoyK> you'll probably learn a bit of that ;)
<jamespage> adam_g, it does yes
<adam_g> ty
<Daviey> roaksoax: Are these things you want released to -updates ?
<roaksoax> Daviey: yes
<Daviey> roaksoax: I would be more comfortable if someone else published to updates at this stage..
<roaksoax> Daviey: sure, though django and python-tx-tftp are pretty straight forward
<Danawar> Hey guys i have 4 minecraft servers running on my server and i want to connect to them using sub domains how would i go about doing this as i cant figure out how to point subdomains to a port?
<sarnold> Danawar: 'subdomains' cannot have ports.
<sarnold> ports are a property of an IP address.
<FauxFaux> Unless your client supports SRV records.  (hint: it doesn't)
<Danawar> So there is no way of doing this without SRV records or hosting the servers at different ip addresses
<TheLordOfTime> Danawar, ports are the property of the IP address, you would still need to do the port directive for Minecraft, such that ipORdomain:PORT
<FauxFaux> If the servers have started, then they already have different ports.
<TheLordOfTime> mhm
<sarnold> Danawar: you could ask your users to connect to example.com:4444, example.com:4445, example.com:4446, example.com:4447, or something like that.
 * FauxFaux wonders if any resolvers will cope with numeric srv records; probably not for optimisation reasons.
<sarnold> it's way cheaper than renting another three IPs for your machine each month. :)
<Danawar> sarnold: that is currently what i do :5000 - 5008 just would have prefered to use ###.example.com but i may launch them to different dedicated servers on the internet then i can easly use subdomains :)
<FauxFaux> Danawar: It's worth giving the users the subdomains, anyway, because then you are free to move them.
<TheLordOfTime> mhm
<sarnold> FauxFaux: oh, one.example.com:4444, two.example.com:4445, three.example.com:4446, four.example.com:4447?
<FauxFaux> Yes.
<sarnold> it's potentially confusing, because so long as they all reserve to the same IP, someone could interchange names and ports at will and they'd all work..
<sarnold> but I see your point, it'd be easier to run 2+2 or 1+1+1+1 or whatever you want in the future..
<FauxFaux> Yeah, people optimising is acceptable, but if they violate your public interface then it's their problem when you fix stuff without violating your interface.
<sarnold> :)
<roaksoax> Daviey: who do you think i should contact though?
<yolanda> hi, i need some help. I upgraded boto package, and now i cannot connect to canonistack, i'm receiving that error: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
<yolanda> do you know what can be causing that?
<yolanda> that is a pastebin of the problems i'm having: http://paste.ubuntu.com/1395326/
<Daviey> roaksoax: is this seriously urgent?
<roaksoax> Daviey: python-tx-tftp yes
<roaksoax> Daviey: the rest is for maas SRU really
<sarnold> yolanda: is that AWSAccessKeyId supposed to remain private?
<hallyn> stgraber: is our ifup just smart enough to know not to run dhcp if the NIC already has an address?
<hallyn> (thinking bug 1080681)
<uvirtbot> Launchpad bug 1080681 in lxc "debian guests get different IPv4 at every reboot" [Medium,Confirmed] https://launchpad.net/bugs/1080681
<yolanda> sarnold, sorry, i didn't notice the key there, i should have pasted only the last lines with the CERT probelm
<Daviey> roaksoax: wait out.
<yolanda> i can't figure why the certs have stopped working, i've been looking at that problem and googling that, and haven't found anything
<stgraber> hallyn: nope, dhclient will just overwrite whatever's there
<capitaninsaneoh> Hello
<stgraber> hallyn: if you don't want ifupdown to reconfigure your interface, you need to mark it as manual in /etc/network/interfaces
<capitaninsaneoh> If I create Iptables input rules do I have to create corresponding output rules?  Like iptables -A OUTPUT -j ACCEPT -p tcp -i eth0 and then one for UDP?
<stgraber> hallyn: and my guess is that the Debian template doesn't have a fixed mac address, causing that bug to begin with...
<RoyK> in debuntu, the mac address is set in /etc/udev/rules.d/70-persistent-net.rules
<hallyn> stgraber: if i add a lxc.network.ipv4 = x.y.z.a for an ubuntu container, the nic keeps that address
<hallyn> even with /etc/network/interfaces specifying dhcp
<stgraber> hallyn: oh, that's interesting, maybe ifupdown is being more clever than I thought it would :)
<stgraber> hallyn: any error message in /var/log/upstart/network* in a container with lxc.network.ipv4 set?
<stgraber> maybe it's just some ifupdown hook failing that's preventing dhclient from reconfiguring the interface :)
<hallyn> stgraber: just 'start/running' and 'stop/waitin'g, no other msgs
<stgraber> hallyn: hmm, ok, so maybe ifupdown is way more clever than I thought it was :)
<yolanda> jdstrand, i added some comments to that bug: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/945177 - i was able to build the package for grizzly and test it
<uvirtbot> Launchpad bug 945177 in nova "not lintian clean" [Medium,Confirmed]
<yolanda> do you want me to do some cleanup?
<jdstrand> yolanda: well, it would be nice, yes, but perhaps coordinate with zul or adam_g-- they might have more info
<yolanda> ok
<uvirtbot> New bug: #1075717 in mountall (universe) "mounted-dev must not re-create consoles in a container" [High,Triaged] https://launchpad.net/bugs/1075717
<halvors> RoyK: Do you know why i can't connect using port 25 when using the mail-stack-delivery package?
<RoyK> no idea what that package contains...
<yolanda> bye all
<nikolaj_basher> Hi, How would you take a completa backup of a lamp, and courier server?
<RoyK> some backup software
<RoyK> or rsync
<RoyK> backing up mysql usually requires either a database dump or stopping mysql
 * RoyK uses bacula
<nikolaj_basher> RoyK, but how du I find the lib, which contains all the users inbox
<nikolaj_basher> or how do I find where to get the right lib to backup?
<sarnold> 'lib'?
<RoyK> the user's mailbox in courier is a directory
<RoyK> courier uses maildir, so it's all in one dir, one dir for the user's mailbox, one dir per message (iirc)
<sarnold> maildir++
<RoyK> or was that one file per message - think so
<sarnold> one file per message, yeah :)
<nikolaj_basher> RoyK, is there a way to find the right lib. to backup
<RoyK> you don't need a library
<RoyK> it's just files
<sarnold> nikolaj_basher: lsof can show you the files a program has open
<RoyK> you need helpers to backup complex stuff like databases, unless you dump them
<nikolaj_basher> I ment library
<RoyK> if you dump a database, you can backup the dump
<sarnold> nikolaj_basher: of course, catching courier with an open mail file might be a bit difficult... but the alternative is reading it's configuration file. So.
<nikolaj_basher> sarnold, thanks
<RoyK> in 99% of the cases, a file backup of everything (excluding mysql) will do
<sarnold> s/it's/its/
<RoyK> mysql will need a dump
<sarnold> yeah, I'd just use rsync on maildir; maildir works with nfs, it ought to work with rsync too :)
<nikolaj_basher> RoyK, I'm allready make a dump of my db
<RoyK> well, then all you need is an rsync backup or something more fancy like bacula
<RoyK> nikolaj_basher: rsync will do well, bacula will work better if you want to go back a week or two in case the shit hits the fan
<uvirtbot> New bug: #1084261 in nova (main) "'nova-manage project quota' command fails with 'nova-manage: error: no such option: --project'" [Undecided,New] https://launchpad.net/bugs/1084261
<nikolaj_basher> RoyK, but i can't find the library where corrior save the users inbox
<nikolaj_basher> not even i the etc/courier/ files
<RoyK> nikolaj_basher: it's just maildir - there's no need for a library
<nikolaj_basher> a file
<RoyK> nikolaj_basher: iirc courier saves the users' mailboxes under /var/lib/courier
<nikolaj_basher> thanks sorry if am I little to slow to catch it
<RoyK> a mailbox isn't stored under /etc
<RoyK> try to find /var -type d -name courier
<RoyK> you'll find it
<nikolaj_basher> found it
<RoyK> well, time's up - need sleep - nite guys (or girls)
<sarnold> RoyK: night :)
<nikolaj_basher> RoyK, sleep well and thanks
<stgraber> hallyn: got a few simple template changes sent to lxc-devel for your review
<hallyn> stgraber: ok, running out any minute, may not get to them until later  tonight.
<stgraber> that's fine, I'm also done for the day
<hallyn> good night
#ubuntu-server 2012-11-29
<Alienhead> Can anyone tell me how to stop ubuntu from emailing me every time a cron job finishes?
<Alienhead> I like getting some of the emails, but I recently added several cron tasks that run hourly and it is generating a considerable amount of unwanted email.
<FauxFaux> Alienhead: It only e-mails you if the output anything.  Typically you resolve this by making them not output anything unless there's an error.
<Alienhead> FauxFaux: Ahhh....
<Alienhead> So I need to put a > null in my script?
<FauxFaux> So long as it writes to stderr on errors, sure.
<Alienhead> Hmm. Not sure about that. Will have to check the program to see how it handles output.
<Alienhead> It is wget. If it put -0 logfile would that stop the emails?
<Alienhead> Or wget -o /dev/null
<sarthor> Hi, I have ubuntu-server 12.04 installed, on some remote computer, I did alot of packages installations in that remote machine, somthing like, grase-hostspot, mysql removed and reinstalled, squid3 removed and reinstalled. Now I want to remove all the packages, and make the machine like it was on the 1st day of installation, Is it possible in the remote machine, I am connected to some remote network main machine, and this ubuntu-server machin
<sarthor> e is the client of that network. HELP please.
<sarthor> or How to remove mysql, Freeradius squid bind9 or may be the entire lame ?
<sarnold> sarthor: once you've run apt-get upgrade, those packages are best considered _upgraded_. If you just want to uninstall a few packages and remove their configuration at the same time, that's a different matter....
<sarnold> sarthor: apt-get purge mysql freeradius squid bind9   --- it'll remove those packages and any packages that Require: those packages. It might leave behind some other packages that were depended upon but not in the default install...
<sarthor> sarnold: I messed a lot with that machine, Now I myself do not know, how to find which package I do not need. I am also not an expert. that is way I want machine in the fresh form.. trying your suggestions.
<sarthor> sarnold: Can i install that package of lame with a single command?
<sarnold> sarthor: I don't know what you mean by "that package of lame"
<sarnold> sarthor: do you mean the mp3 encoder 'lame'?
<sarthor> sarnold: no, sorry lamp
<sarthor> sarnold: Linux-Apache-MySQL-PHP = LAMP
<sarnold> sarthor: ah, the whole mysql, apache, and php or whatever? it'd be something like: apt-get purge mysql-server apache2 php5
<sarnold> sarthor: I hope the other packages would be removed with those..
<sarthor> sarnold: this command is install all that packages. Thanks sudo tasksel install lamp-server
<sarthor> sarnold: mysql installed, i did this create database salaar;
<sarthor> Ignoring query to other database
<sarnold> oh hey, does tasksel offer a way to remove too? :)
<sarthor> sarnold: I read here, and the removal way is not mentioned, https://help.ubuntu.com/community/ApacheMySQLPHP
<sarthor> yea they say there on that link.
<sarthor> they say to remove this packages "  apache2 apache2-mpm-prefork apache2-utils apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libdbd-mysql-perl libdbi-perl libnet-daemon-perl libplrpc-perl libpq5 mysql-client-5.5 mysql-common mysql-server mysql-server-5.5 php5-common php5-mysql  "
<sarnold> sarthor: that looks about correct
<sarnold> sarthor: tasksel --task-packages lamp-server will show you the packages that it required
<sarthor> again removed as they say.. and now installing again. Coz the MYSQL was not creating a database.
<sarnold> .. that also shows e.g. perl. but you probably do not want to uninstall perl, it's used for a lot of things -- and that command line doesn't try to remove perl.
<sarthor> Thanks God, Computer can not complaint to my father.
<sarthor> :(
<sarthor> sarnold: can not create a database in mysql, mysql> create database salaar;
<sarthor> Ignoring query to other database
<sarthor> mysql>
<sarthor> do you know how to create a database in mysql.
<sarthor> may be my command is wrong.
<sarthor> Damn.. Clever mysql. it obeyed. mysql> CREATE DATABASE salaar;
<sarthor> Query OK, 1 row affected (0.00 sec)
<sarthor> mysql>
<sarnold> sarthor: sorry, I'd be stuck reading the documentation to figure that out...
<sarnold> haha
<sarthor> sarnold: I am a learner, Sorry for bugging.. Even my English may be unbearable for some. Sorry to All fellows.
<sarnold> sarthor: we're all learning :)
<frodus> Hi, I'm looking into using preseed to install some ubuntu servers automaticly. Is this the correct channel for that, or could someone please help me find that channel?
<patdk-lap> this is the channel
<patdk-lap> and your probably not have much luck for another 10-12hours though
<patdk-lap> I would think that is pretty well documented on the website though
<frodus> patdk-lap: Thanks. I have read a lot of documentation, and I managed to use preseed on a debian cd, but not on ubuntu. The installer does not find my pressed file... I also see that the ubuntu-server iso includes some pressed files by default. But I can't even run them. So I guess that I just missed out on some minor details that are very important ;)
<cozzie> Hello, I have a server running Ubuntu with mutiple clients
<cozzie> how do i disable last & who
<patdk-lap> you could, but the infomation will still be available
<patdk-lap> figure out how you correctly remove wtmp/btmp?
<cozzie> Im looking into this, thanks
<tarvid> i have a 12.04 ubuntu-server that drops into initramfs
<tarvid> the error is /dev/mapper/helen does not exist
<tarvid> i got into this mess when grub failed
<tarvid> it does  use LVM
<ChmEarl> tarvid, try dpkg-reconfigure lvm2
<ChmEarl> the initramfs will be setup for /root on lvm
<tarvid> ChmEarl, I am running on a llive CD
<tarvid> but booting the image that drops me iinto initramfs
<tarvid> dpkg-reconfigure is not found in initramfs
<ChmEarl> tarvid, find in the wiki how to chroot into an install from a live CD
<tarvid> I can do that
<ChmEarl> its way simpler than triage of an initramfs image
<tarvid> I have to set up lvm2 on the live booy
<tarvid> then activate the LG and mount the file system
<tarvid> takes a few minutes
<tarvid> ChmEarl, I am chrooted into /mnt
<tarvid> my grandfather was from Lithuania
<ChmEarl> tarvid, why learn lvm on raid on a bare metal server.. do it in a virtual env
<tarvid> I had uncommented GRUB_DISABLE_LINUX_UUID
<tarvid> I really need to boot this image or pull the hard disk, install and copy etc var and honme
<tarvid> it is not raid
<tarvid> but I can look at /boot etc...
<tarvid> the boots fail on finding /dev/mapper/helen-root
<tarvid> grub-cfg does have insmod lvm
<tarvid> and root='(helen-root)'
<tarvid> and the correct UUID in the search command
<tarvid> Still not booting on 12.04 server machine using LVM getting /dev/mapper/helen-root does not exist
<tarvid> I can get to it arduously with a live cd lvm2 activating the vg , mounting the vg and chrooting into /mnt
<ak5> Nov 29 10:53:30 server1 ovpn-server[1385]: WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
<ak5> Nov 29 10:53:30 server1 ovpn-server[1385]: WARNING: Failed running command (--up/--down): external program fork failed
<ak5> does anyone know what to do with this?
<nerd> is cpanel supported ?
<sarnold> apt-cache search cpanel doesn't show it is even packaged
<nerd> so it's not supported :(
<nerd> is their any other alternative to it ?
<xnox> nerd: sarnold: zentyal
<xnox> is the over the web management for small scale.
<xnox> For large scalable deployments use juju and/or landscape
<nerd> let me check out zentyal :)
<sarnold> xnox: it even looks less insane than cpanel :D
<xnox> sarnold: nerd: cpanel shall never be mentioned again.
<nerd> ok :D
<sarnold> xnox: I was very highly impressed that the _one_ package returned was more or less completely unrelated. That's a dedication to wiping out even the memory of the .. thing that we're not mentioning again.
<sarnold> pity zentyal is a name I'll never remember. :(
<nerd> is zentyal officially supported by ubuntu ?
<xnox> it used to be called ebox.
<xnox> zentyal upstream maintain packages in ubuntu....
<nerd> cool
<sarnold> nerd: packages in universe are supported by the community; it's nice to know that zentyal's upstream is active, that's a good sign.
<nerd> hmm..
<nerd> zentyal is quite costly.
<frodus> Hi. Is there anyone online that has successfully remastered a ubuntu server 12.04 ISO using a custom preseed?
<caribou> jamespage: around yet ?
<jamespage> caribou, yes I am
<caribou> jamespage: what's next with the walinuxagent SRU ?
<caribou> jamespage: is there anything that I need to do, now that the Merge Requests are in ?
<jamespage> caribou, no - leave it with me - I'm doing it right now
<caribou> jamespage: ah, ok fine then. Thanks
<uvirtbot> New bug: #1078074 in walinuxagent (main) "Package walinux agent 1.1" [High,In progress] https://launchpad.net/bugs/1078074
<jamespage> caribou, I uploaded to quantal and precise proposed - made tweak to the changelog entry and the versioning but aside from that all good
<jamespage> I've subbed ubuntu-sru to both bug reports (upgrade to 1.1 and fix for upgrade problems)
<jamespage> slight uncomfortable about the 1.1 upgrade but it looks like misc bug fixes only
<jamespage> let see what they think...
<caribou> jamespage: perfect, thanks !
<caribou> jamespage: what was wrong with the changelog
<caribou> ?
<jamespage> caribou, ~12.04.01 -> ~12.04.1 (just inline with the previous backport versioning) and explicitly referenced the version upgrade bug reference in the latest version
<caribou> jamespage: ah, ok. Missed that one
<uvirtbot> New bug: #1084489 in puppet (main) "System freezes after executing facter command" [Undecided,New] https://launchpad.net/bugs/1084489
<caribou> jamespage: I find one thing peculiar, my Merge Proposal for Quantal does not appear in the bug...
<uvirtbot> New bug: #1084514 in juju (universe) "Unconnect to EC2 instance after bootstrap" [Undecided,New] https://launchpad.net/bugs/1084514
<b0ot> Anyone know of any fully decentralized distributed instant messenging tools?
<frodus_> Hi. Is there anyone online that has successfully remastered a ubuntu server 12.04 ISO using a custom preseed?
<drag0nius> how would i disable hostapd/wifi?
<drag0nius> removed eth1/wlan0 bridge and set it just on eth1
<drag0nius> then how would i disable hostapd?
<simen> Hi guys. I posted a rather complicated question on server load (Ubuntu / Nginx / PHP5-FPM) on Serverfault. -any comments would be appreciated. Link: http://serverfault.com/questions/453433/locate-cause-of-high-load-checked-cpu-memory-swap-and-io-all-low-running-ng
<vezq> simen: is it a virtual server?
<TheLordOfTime> ...
<simen> vezq: Indeed it is
<TheLordOfTime> pm.max_children = 20
<TheLordOfTime> pm.max_requests = 50
<TheLordOfTime> i thought that was aptched to be a lot lower...
<TheLordOfTime> patched *
 * TheLordOfTime sifts through the php5 source code
<TheLordOfTime> simen, which Ubuntu're you on, 12.04?
<simen> TheLordOfTime: yes it is
<vezq> is it AWS virtual server or your own?
<simen> vezq: It is hosted by a local provider here in Norway. I am largely unfamiliar with the infrastructure
<TheLordOfTime> simen, are you using php5-fpm?
<simen> TheLordOfTime: Yes, php5-fpm
<TheLordOfTime> did you... i don't know... modify your php5-fpm configuration file from default?
<TheLordOfTime> the 20/50 for max_children/max_requests is semi-high
<RoyK> what's better with fpm than using php as an apache module?
<TheLordOfTime> RoyK, he's on nginx
<TheLordOfTime> so...
<TheLordOfTime> irrelevant
<patdk-wk> using the apache module is evil
<RoyK> ah
<vezq> does load get to normal when nginx etc. is not running?
<RoyK> patdk-wk: nah - it works ;)
<patdk-wk> the issue is, he keeps running 5 busy php threads
<patdk-wk> look at the vmstat output
<patdk-wk> 5 busy, then idle, 5 busy
<patdk-wk> so average is 1.4busy per second
<patdk-wk> royk, it works yes, but not memory friendly
<patdk-wk> every apache thread has php memory overhead
<patdk-wk> on apache I normally will run apache in worker mode, and php fastcgi
<RoyK> does that save much memory?
<simen> TheLordOfTime: values for max_children / max_request might be too high if server gets a lot of traffic. But currently my average php process size is ~60MB and PHP is using a total of 1.1 GB of RAM. Could it still queue up the CPU?
<patdk-wk> royk, it depends on your workload
<RoyK> patdk-wk: well, everything does...
<patdk-wk> but now you don't waste php memory for all the static file requests
<patdk-wk> so if you serve pics js xml html ..., you will be saving
<patdk-wk> if it's all wordpress, not really
<TheLordOfTime> patdk-wk, which you can accomplish with correct config files in nginx.
<patdk-wk> TheLordOfTime, I thought we already know that nginx doesn't do mod_php so it's not an issue
<TheLordOfTime> :)
<TheLordOfTime> i'm trying to say "nginx is better than apache"
<TheLordOfTime> but i'm highly biased :P
<RoyK> heh
<patdk-wk> that is for debate
<patdk-wk> lots of people still love to use .htaccess
<TheLordOfTime> TheLordOfTime> but i'm highly biased :P  <-- so blah
<patdk-wk> I perfer to use lighttpd myself
<patdk-wk> and only use apache when I need to, mainly cause htaccess is required
<patdk-wk> though I am thinking about nginx, want spdy support
<TheLordOfTime> i think nginx had a module that yo ucan include compile-time that parses htaccess
<TheLordOfTime> not sure if its update :P
<TheLordOfTime> up-to-date *
 * TheLordOfTime greps the configs
<RoyK> patdk-wk: patdk-wk thing is, even if those apache processes with prefork seem to be spending lots of memory, it's just copy-on-write after all, so if php isn't used there, it's not copied
<patdk-wk> well, it's been years since I last played with that
<patdk-wk> but my friends ec2's keep running out of ram
<patdk-wk> till I switch them to fcgi apache
<patdk-wk> last time I heavily tested this was 5years ago?
<patdk-wk> and apache hasn't changed, except 2.4 just came out
<uvirtbot> New bug: #1084540 in rabbitmq-server (main) "package rabbitmq-server 2.8.4-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1084540
<fishcooker> how many ram supported on server 32bit
<fishcooker> ?
<TheLordOfTime> isnt it 3GB, like any 32bit system?
<TheLordOfTime> or was it 4GB hard limit?
<thesheff17> ~4GB
<thesheff17> but I believe the kernel can use beyond 4GB....just not as efficient as a 64bit system.
<TheLordOfTime> with PAE
<TheLordOfTime> but only with PAE.
<TheLordOfTime> unless you're on 64bit
<TheLordOfTime> in which case there's no real limits...
<TheLordOfTime> (per se)
<patdk-wk> heh, heavily depends :)
<patdk-wk> it could be anywhere from 2.5 to 3.8gigs, depending on pci/pcie/agp memory mapping
<patdk-wk> if your cpu/... supports pae, then you can access the other part of your ram that was stolen
<fishcooker> i think i3 support pae AFAIK
<TheLordOfTime> if your CPU supports 64bit, just use that.
<RoyK> with PAE, Linux can address 64GB
<TheLordOfTime> if you have 4GB of RAM.  :P
<RoyK> in 32bit mode
<fishcooker> i've installed 32bit version :-(
<patdk-wk> I had a cpu that supported pae, but the motherboard northbridge didn't support it, so I lost out :(
<patdk-wk> the northbridge chip would only access 3gig of ram, max
<RoyK> bummer
<fishcooker> patdk-wk: so... the next process.. installed pae-kernel?
<patdk-wk> I don't think ubuntu has a non-pae kernel anymore, since 12.04
<RoyK> or 10.04?
<TheLordOfTime> 11.04 had a PAE
<fishcooker> im still on 10.04
<TheLordOfTime> so if it was removed, it was removed after Natty
<patdk-wk> I said since 12.04 :)
<TheLordOfTime> at some point :P
<patdk-wk> removed in 12.04 :)
<RoyK> fishcooker: either you have a pae kernel intalled, or there's one in apt
<TheLordOfTime> so there should be a PAE in 10.04 :P
<RoyK> yes...
<patdk-wk> 10.04 is old :)
<RoyK> well, it's supported, and it works ;)
 * RoyK still have a box with 8.04
<patdk-wk> I do too
<patdk-wk> been attempting to kill it for years
<fishcooker> congratz RoyK
<patdk-wk> I'm 50/50 with 10.04 and 12.04 currently
<fishcooker> 100% on 10.04 here
<RoyK> hehe
<RoyK> no point in upgrading just to upgrade
<RoyK> as in upgrading for the sake of upgrading
<patdk-wk> there are features in the new kernel I can use
<patdk-wk> and I already fixed all my compatability issues in my personal ppa
<patdk-wk> so it's a simple update, when I have time to check that it all goes ok
<RoyK> well, new features wanted/needed != upgrading for the sake of upgrading
<patdk-wk> well, the 8.04 system, is just hell, just to painful to mess with, so
<patdk-wk> almost everything on it is retired now, so hopefully by newyears it can come down
 * RoyK hands patdk-wk a redhat 7 CD
<patdk-wk> hey, I managed to get off the fedora core 2, a few years ago
<patdk-wk> hmm, came out in 2004, retied in 2005, and was still on 120 servers when I was hired in 2008
<fishcooker> cool patdk-wk 3 server of mine
<fishcooker> 100% 10.04 32bit
<fishcooker> are you on 32bit also RoyK
<patdk-wk> all mine are 64bit
<fishcooker> is there any 64bit issue in power consumption, patdk-wk
<patdk-wk> heh?
<fishcooker> that's my main reason :-)
<patdk-wk> why would there be?
<patdk-wk> I've been running 64bit on my laptop for the past 4 years
<fishcooker> i have been using 32bit on my laptop for the last 1 year
<patdk-wk> my laptop, during normal usage, uses 6watts
<fishcooker> that's not possible
<patdk-wk> that is a lenovo t530, quadcore cpu, 16gig ram
<fishcooker> 70 watt here
<fishcooker> what your laptop
<fishcooker> that's cool
<patdk-wk> screen full bright is 10watts
<fishcooker> asus a43sj 4gig
<patdk-wk> turning on the nvidia chip brings it up to 20watts
<fishcooker> how to know about the watt usage?
<patdk-wk> powertop
<patdk-wk> and run on battery power
<fishcooker> AFAIK my laptop 70 watt
<patdk-wk> if a laptop used 70watts, it would only last an hour
<fishcooker>  wait
<fishcooker> collecting data from powerop
<fishcooker> http://paste.ubuntu.com/1397064/
<fishcooker> that's mine would you like to read, patdk-wk
<patdk-wk> seems you don't have acpi installed, or your laptop bios lacks it
<fishcooker> that's something
<fishcooker> how to enable it
<fishcooker> power is my main issue
<patdk-wk> dunno, check your laptop bios manual
<fishcooker> i don't realized that asus is fully support win7
<fishcooker> when i bought i just looking the great spec and nvidia graphic with great deal price
<fishcooker> TT
<petn-randall> Hi, regarding the support timeline of lucid:
<petn-randall> Which components get the extended server support?
<petn-randall> Desktop support seems to run out coming April, but I couldn't find clear-cut definition of what falls under server and what under desktop. Since both source the same apt repo, I'm kinda stuck finding out.
<mdeslaur> petn-randall: this is the list of source packages the security team will continue supporting in lucid after april: http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/lucid-supported.txt
<mdeslaur> petn-randall: whatever's not on the list will no longer get official security updates
<mdeslaur> (community security updates only)
<mdeslaur> petn-randall: you can also use the "ubuntu-support-status" command line tool IIRC
<lborda> petn-randall, 10.04 LTS EOL - April 2013 (Desktop), April 2015 (Server)
<petn-randall> mdeslaur: That's the info I needed, thanks.
<mdeslaur> petn-randall: yw
<sliddjur> How do I keep being root in my session
<drag0nius> where are isc-dhcp-server logs located?
<sliddjur> Im tired of typing sudo all the time
<drag0nius> sudo su -
<FauxFaux> sliddjur: sudo -s
<drag0nius> log ins as root
<sliddjur> FauxFaux, thanks
<drag0nius> i cannot start dhcp server
<roaksoax> Daviey: howdy! So I was wondering who do you think I should ping to get the SRU's in?
<drag0nius> since i changed bridge into single interface
<drag0nius> after start it says its started
<drag0nius> but looks like it quit asap because when i try to get status it says stop/waiting
<TheLordOfTime> roaksoax, how "new" is the SRU?
<roaksoax> TheLordOfTime: these are special case SRU's
<TheLordOfTime> roaksoax, ah, nevermind then :)
 * TheLordOfTime has no background :)
<roaksoax> :0
<roaksoax> :)
<drag0nius> where is some option about what interface to run dhcp on?
<Daviey> roaksoax: i was hoping that whoever was on the schedule would process them
<Daviey> roaksoax: https://wiki.ubuntu.com/StableReleaseUpdates#Publishing
<BrixSat> Morning guys
<BrixSat> any one here with cisco any connect vpn?
<BrixSat> (client)
<BrixSat> im having some troble to make it work under my server of ubuntu
<FauxFaux> Maybe if you gave actual details about the problem someone would be able to help.
<BrixSat> FauxFaux:  sorry :) you right
<BrixSat> the cisco anyconnect, has a gui and a command prompt
<BrixSat> but the command prompt has no parameters, it has to be typed like a cisco router, inside of it
<BrixSat> any one know any solution out, so i dont have to type all the commands inside the cisco any connect client?
<guampa> does update-rc.d still work in ubuntu with upstart?
<hallyn> stgraber: did you want to review my change to do MAKEDEV console in lxc, or shall I push it?  (lxc-tests passed, and both lxc.autodev = 0 and 1 work)
<stgraber> hallyn: can you send to lxc-devel? I'll do a quick review there.
<hallyn> ok
<stgraber> hallyn: I already had a look at the bzr branch yesterday. The only question I had was what happens if MAKEDEV doesn't exist in the container
<roaksoax> Daviey: yeah... well... we know that's not being one of our strengths lately
<roaksoax> :)
<hallyn> stgraber: it'll fail the run_buffer() and then just proceed
<zul> jamespage: around?
<jamespage> zul, yes
<zul> https://code.launchpad.net/~zulcss/cinder/grizzly-ftbfs/+merge/136988
<jamespage> zul, looking now
<stgraber> hallyn: good
<jamespage> zul, +1
<zul> jamespage: thanks
<jamespage> zul, are you sure we don't need a new version of keystoneclient? I keep seeing 0.2 everywhere
<jamespage> (in the ca for grizzly that is)
<zul> jamespage: apparently we do
<jamespage> I see a tag in github
<zul> jamespage:  yeah ill get to it this afternoon
<hallyn> stgraber: shall i switch the ERROR to a INFO you think?
<jamespage> zul: nice one!
<hallyn> i'll switch it out
<stgraber> hallyn: yeah, I think it's best. A bit unfortunate that we don't have anything between ERROR and INFO though :)
<ruben231> guys any help and idea on this error log-Ubuntu server 12.04 LTS -----> http://pastebin.com/ueR52ECE
<ruben231> any oe have idea on this
<ruben231> please help
<FauxFaux> Have you run "sudo apt-get update", recently, without errors, and pastebin /etc/apt/sources.list and /etc/apt/sources.list.d/* ?
<sarnold> heh, how do you -unhold- a package?
<FauxFaux> Run apt-get install -f # and pray?
<ruben231> FauxFaux: i have run apt-get update let me do the one you suggest
<ruben231>  apt-get install -f  <------------just this..?
<FauxFaux> ruben231: Your problem is probably, as apt says, that you have junk or outdated sources.  update fixes outdated, those files contain evidence of junk.
<ruben231> FauxFaux:but i already update but still getting those error
<FauxFaux> In that case, it must be the other thing I said initially.
<ruben231> pastebin /etc/apt/sources.list and /etc/apt/sources.list.d/* <-----------ill pastebin the content here
<zul> adam_g: ping
<adam_g> zul: pong
<zul> adam_g: up for some quick reviews?
<adam_g> zul: ok
<zul> adam_g: https://code.launchpad.net/~zulcss/python-glanceclient/fix-ftbfs/+merge/1370134 and https://code.launchpad.net/~zulcss/nova/grizzly-ftbfs/+merge/137007
<adam_g> zul: 404 on the first
<zul> adam_g: https://code.launchpad.net/~zulcss/python-glanceclient/fix-ftbfs/+merge/137013
<zul> adam_g: there is one more coming down the pipe as well
<adam_g> zul: for the glanceclient, are you adding the git hash to the version string or is setuptools-git doing that?
<zul> to the debian/cahngelog?
<adam_g> to the package. python-glanceclient (1:0.6.0.7.g09c8216-0ubuntu1)
<zul> yes thats me
<zul> 0.6.0.7.g09c8216 is the name of the tarball upstream
<adam_g> zul: oh, okay. didnt' realize they started tagging with the git hash
<zul> adam_g: yeah some of them they are
<zul> adam_g: one more https://code.launchpad.net/~zulcss/python-keystoneclient/new/+merge/137014
<adam_g> zul: is there some reason why you're going to release an older keystoneclient? python-keystoneclient-0.2.0.7.g2eb5e2c.tar.gz looks like the latest
<zul> adam_g: 0.2.0 is the offical release
<adam_g> zul: oh, ok
<acidflash> NGEN
<hallyn> stgraber: did you have any comment on Dwight's email/patch for 'lxc python binding' ?
<stgraber> hallyn: I still need to think about it :)
<hallyn> ok
<Daviey> adam_g: https://lists.ubuntu.com/archives/cloud-archive-changes/2012-November/000000.html
<Daviey> jamespage: ^^
<Daviey> adam_g: i am happy to express that through, once validates
<Daviey> (afk for now)
<Danawar> sudo /etc/init.d apache2 --restart
<Danawar> sudo: /etc/init.d: command not found
<Danawar> What am i doing wrong here? ; /
<Danawar> Also when doing it a different way
<Danawar> danawar@Grantleyserver:/$ sudo apache2 --restart
<Danawar> apache2: bad user name ${APACHE_RUN_USER}
<uvirtbot> New bug: #1071032 in python-keystoneclient (main) "python-keystoneclient package missing dependency on python-pkg-resources" [Medium,Fix released] https://launchpad.net/bugs/1071032
<ruben231> guys i have this kernel on my Ubuntu server 10.04 LTS  3.0.0-27-server  and its not matching kernel headers which are this only ---> http://pastebin.com/y2zXSq6S
<ruben231> any cnace to downgrade to 2.6 so i can match kernel headers
<ruben231> or upgrade the kernel headers ----> please help
<escott> ruben231, something else is wrong. you should always be able to install matching headers
<ruben231> escott: help me, i ca proceed to install if headers are not match with kernel soure
<ruben231> what can i do.?
<escott> ruben231, how did you install your kernel?
<ruben231> its already installed when i install the image
<escott> generally you would "apt-get install linux-headers-`uname -r`
<ruben231>  escott:thats the output----------------------->http://pastebin.com/ytgMYUSj
<escott> ruben231, what version of ubuntu are you running
<ruben231> its 10.04 LTS
<ruben231> escott:  what should i9 do..?
<escott> !info linux-headers-3.0.0-27-server lucid
<ubottu> Package linux-headers-3.0.0-27-server does not exist in lucid
<escott> !info linux-kernel-3.0.0-27-server lucid
<ubottu> Package linux-kernel-3.0.0-27-server does not exist in lucid
<ruben231>  escott: type that..? how do i downgrade the kernel
<escott> ruben231, im trying to figure out
<escott> !info linux-kernel-3.0.0-27-server lucid-updates
<ubottu> 'lucid-updates' is not a valid distribution: extras, hardy, hardy-backports, hardy-proposed, kubuntu-backports, kubuntu-experimental, kubuntu-updates, lucid, lucid-backports, lucid-proposed, medibuntu, oneiric, oneiric-backports, oneiric-proposed, partner, precise, precise-backports, precise-proposed, quantal, quantal-backports, quantal-proposed, raring, raring-backports, raring-proposed, stable, testing, unstable
<escott> !info linux-kernel-3.0.0-27-server lucid-backports
<ubottu> Package linux-kernel-3.0.0-27-server does not exist in lucid-backports
<escott> !info linux-kernel-3.0.0-27 lucid-backports
<ubottu> Package linux-kernel-3.0.0-27 does not exist in lucid-backports
<escott> clearly i dont know how to use the bot
<escott> ruben231, not sure why you can't see the matching header file. try an apt-get update
<ruben231> done already
<ruben231> can i donwgrade my existing kernel..?
<escott> ruben231, you can boot the old kernel
<ruben231> how..?
<adam_g> Daviey: FYI haven't seen that new keystone hit folsom-proposed (yet)
<escott> ruben231, at the boot menu select the old kenel
<ruben231> not possible
<ruben231> the serer is colocated
<sliddjur> Ive got a ubuntu server in my class. But I dont have nslookup application. What is it called?
<sarnold> sliddjur: try 'host' or 'dig', both those can do nameservice lookup tasks for you
<sarnold> sliddjur: but if you want nslookup, you can install the dnsutils package
<sliddjur> yeah i figured u can use apt/cache search nslookup :)
<sliddjur> apt-cache
<sliddjur> thanks anyways sarnold
<zul> adam_g: last one i promise https://code.launchpad.net/~zulcss/python-novaclient/new/+merge/137036
<hallyn> stgraber: when recording the tempalte name in container config, can you also print the sha1sum of the template?
<hallyn> it falls short of what i want, but woudl be helpful
<Daviey> adam_g: assume you have now?  Remember, mirrors sync at ~:50
<[conrad]> Hello everyone. Anyone familiar with the GRUB error 'error attempt to read or write outside of disk" hd0"' ? I'm getting it on a Dell PowerEdge 6950 ( 4 quad core opteron's, 10 TB, 64 GB RAM ) with a clean install of 12.x server 64-bit ( tried both 12.04 and 12.10 ). I can't find anything definitive online, and everything I found I tried ( resizing reserved boot partition, using grub2 instead of grub, variations of partition
<[conrad]>  sizes through guided and manual configurations ) doesn't seem to resolve it.
 * genii-around pops in to see why "coffee" was highlighted, then leaves again
<med_> what does priority in the upload queue signify and how would I get it changed for an SRU that needs to happen?
<uvirtbot> New bug: #1057322 in glance "Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len(" [Undecided,Confirmed] https://launchpad.net/bugs/1057322
<nikolaj_basher> is there someone who use IspCp for hosting tool on there server
<sixcafour> Hey guys. I hit a little snag setting up a webserver. My user account doesn't have permission to do anything but read the website root folder. I can't log in remotely as root, and my SCP program can't sudo. If I chown the website folder to my user account (it's currently owned by root), will the server user (www-data) still be able to access it? I already tried adding my user account to the www-data group, but that didn't wo
<sarnold> sixcafour: that's probably the better approach; you wouldn't want your web server to own the content anyway -- as I see it, the web server should only have the permissions to talk to the network, talk to fastcgi-style handlers, maybe a database socket if you need a database, and write to its logs
<sixcafour> Cool, thanks. I'm following a tutorial on ars technica, and it's something they left out :)
<adam_g> roaksoax: around?
<roaksoax> adam_g: in class already.... whats up
<adam_g> roaksoax: just wondering where the proper place to set kernel parameters to MAAS nodes would be? both during installation and after
<roaksoax> adam_g: indtall parameters with tags check maas.ubuntu.com shouldnbe there already
<roaksoax> post inst you have to tweak the prrseed
<adam_g> roaksoax: ty
#ubuntu-server 2012-11-30
<Gaming4JC> Hey all, trying to migrate from a worthless VPS server. Is it possible from a SolusVM Serial Console to start sshd on the VPS. It is running Ubuntu.
<Gaming4JC> their support team told me they would not be able to assist because of "my bad configuration" which appears to be a problem on their end, can't ssh into the VPS :(
<sarnold> Gaming4JC: do you have a login: prompt on the serial console? or is it stuck somewhere else?
<Gaming4JC> sarnold: I can get into root at serial console, however I'd like to turn ssh back on and login as my user and backup my stuff locally.
<sarnold> Gaming4JC: excellent. first things first, run apt-get update && apt-get install openssh-server openssh-blacklist openssh-blacklist-extra
<sarnold> Gaming4JC: if it wasn't installed yet, this will install it. if it is installed, it ought to be a no-op
<Gaming4JC> sarnold: It has sshd but it's only for the control panel, it's like a limbo account. I can't login as my user and the IP is different from the VPS (it would appear to be spawning an SSH shell on the control panels IP itself) :-/ ??
<Gaming4JC> at any rate I should be able to backup most of my stuff from this shell, even though user permissions are all wrong and I can't get dropbox to sync as my user
<sarnold> Gaming4JC: hrm; are you trying to use password or keys? when you try to ssh in, what error do you get?
<Gaming4JC> sarnold: trying to use passwords. I'm getting Connection refused
<sarnold> Gaming4JC: check netstat -anp output and see which IPs your sshd is bound to
<sarnold> Gaming4JC: check iptables -L output and make sure you can connect to your sshd from your client
<Gaming4JC> sarnold: inside of Serial console it is bound to 0.0.0.0 and ipv6 ::: :(
<Gaming4JC> ok I think I have something, it's letting me login from root and drop to user, at least then I can innitiate a backup
<Gaming4JC> :)
<sarnold> Gaming4JC: 'it' == serial console, right?
<Gaming4JC> sarnold: yes, ran a netstat -anp inside of serial console and you can see an sshd running and bound to 0.0.0.0
<Gaming4JC> wow.
<Gaming4JC> begin to see the problem. I'm inside the VPS and can't even ping google.com
<Gaming4JC> it can't reach the internet
<sarnold> Gaming4JC: hey, that's progress and a good reminder to check the basics. :)
<Gaming4JC> yes, was overthinking the obvious :)
<sarnold> Gaming4JC: ip addr show ; ip route show   ... make sure those look sane? :)
<Gaming4JC> looks pretty insane - http://pastebin.ubuntu.com/1398178/
<Gaming4JC> that's ip addr show
<FauxFaux> DOWN
<Gaming4JC> heh, I think I'll cancel my subscription ASAP. :|
<sarnold> wow. never seen 'lo:..down' before. :)
<Gaming4JC> Well, I guess I could have expected as much for 1TB bandwith 1GB of memory and 100GB of space for $100 a year.
<Gaming4JC> cheap :P
<sarnold> that sounds like a good deal, indeed :)
<Gaming4JC> It worked for 11 months with 80/75% up-time and 512MB of ram :)
<FauxFaux> 80% uptime, eh.
<sarnold> haha
<Gaming4JC> they told me it's my fault it runs so bad
<Gaming4JC> epic support.
<Gaming4JC> ran Minecraft on it ;)
<FauxFaux> None of our other customers noticed!
<FauxFaux> To be fair, http://www.hetzner.de/hosting/produkte_vserver/vq7 is about competitive with that, and they are a serious hosting company (i.e. 98+% uptime).
<FauxFaux> http://www.hetzner.de/en/hosting/produkte_vserver/vq7
<FauxFaux> That's unfair, it's probably 99.99%+
<sarnold> that's the third time in three weeks I've heard good things about hetzner :)
<Gaming4JC> not heard of them but will keep it in mind. I got one of the LowendBox ChicagoVPS packages ($300 for $30 Cybermonday deal) that I'm going to test out next
<Gaming4JC> gotta love 90% discounts
<Gaming4JC> I expect a lot
<Gaming4JC> ;P
<FauxFaux> I said cheap, not good.  Their server auction, https://robot.your-server.de/order/market , is pretty awesome, if you want, say, more than 100gb of storage for under â¬30/mo.
<FauxFaux> (Which is why I'm with them.)
<Gaming4JC> Chicago VPS was $30 for a year
<Gaming4JC> :)
<FauxFaux> Sounds awful. =p
<Gaming4JC> 2GB of ram, 1TB of bandwith and 50GB of space
<Gaming4JC> w00t
<kantlivelong> hey all.. im setting up a raid 5 using mdadm.. im a bit confused on what to do.. i made autodetect partitions on each drive.. the total size will end up over 4TB requiring GPT.. do i need to make a partition on the md0?
<patdk-lap> kantlivelong, heh? you need gpt if your making a partition and if the drive is >2tb
<patdk-lap> you don't need to partition md0 if you don't want to
<patdk-lap> depends on what your doing
<patdk-lap> you could must format it with your filesystem
<patdk-lap> partition it, then format
<patdk-lap> or install lvm on it, then format the lvm parts
<patdk-lap> if you don't boot from it, no need for partitions though
<sarnold> patdk-lap: why would you need to partition it if you boot from it?
<patdk-lap> sarnold, cause grub will get upset? and so will the bios
<sarnold> patdk-lap: hrm, grub can find its way through raid5? :)
<patdk-lap> hmm, yes
<patdk-lap> grub has had raid support for awhile
<sarnold> nice!
<patdk-lap> I don't know of the limitations, if any
<patdk-lap> cause I would never boot from my data disks
<Chalaman> hello all
<ruben231> hi guys
<ruben231> any help on this please, i got error---------------------> http://pastebin.com/yEMZuc6F -------------------------> http://pastebin.com/TSA2EEcM
<lvmer> What do you guys use to DLNA to a "smart tv" ?  minidlna?
<lvmer> or is there something like media tomb?
<ruben231> guys any help there
<uvirtbot> New bug: #1064320 in python-glanceclient "Error on deleting image membership" [Medium,Fix released] https://launchpad.net/bugs/1064320
<D3RGPS31> how can i skip the warning dialogue for no swap when installing server 12.10 through kickstart
<Sander^work> Can anyone recommend software for alert monitoring and graphing of server performance?
<pndemc> I installed Zpanel on my ubuntu server, and now I can't launch my game servers, it keeps telling me "No such fule or directory" when it gets to either ./steam or ./srcds_run
<vezq> Sander^work: Zabbix
<Sander^work> vezq, What is it based on?
<Sander^work> vezq, I would prefer something with an agent.
<Sander^work> vezq, Would prefer something which dosn't require snmp configuration.
<progre55> hi guys. How do you set a timezone on a remote server without interactvity? "dpkg-reconfigure tzdata" requires some extra actions from the user =)
<vezq> Sander^work: it has an agent, not snmp required
<FauxFaux> progre55: Set /etc/timezone then run dpkg-reconfigure -f nointeractive tzdata.
<FauxFaux> Well, on Debian, anyway.
<progre55> FauxFaux: thanks, will try that
 * pr3d4t0r eyes FauxFaux.
<BrixSat> any one here with cisco any connect  vpn client? (i cant seem to make it run automaticaly in ubuntu server)
<BrixSat> i have to make the connection manualy by typping the commands
<BrixSat> in to the vpn program of cisco
<mjau^> morning!
<mjau^> what apache version does the latest ubuntu-server run?
<rbasak> mjau^: https://launchpad.net/ubuntu/+source/apache2 will give you a summary
<mjau^> rbasak: ah, so 2.2.22 then? do you know if it's got OCSP support?
<BrixSat> nobody with cisco vpn?
<greppy> not on linux.
<satya> we are getting tcp reset on port 80, while other ports are getting accessed properly .. there is no firewall which is running on the system .. can anybody provide any clue or help
<FauxFaux> What happens if you stop the webserver?
<RoyK> satya: check the webserverlogs
<satya> there is no request which is getting logged on webserver
<satya> packet getting tcp reset as we see in tcpdump
<RoyK> satya: and netstat -ln --tcp shows you're listening to port 80?
<satya> yup
<RoyK> which webserver?
<satya> nginx
<RoyK> perhaps try to strace -f nginx
<satya> it works if we run on any other port other than 80
<RoyK> perhaps try to strace -f `pidof nginx`
<RoyK> eh - that doesn't make sense...
<RoyK> perhaps try #nginx
<satya> even we tried with nc -l 80 after stopping nginx
<satya> still no luck
<RoyK> do the packets arrive to port 80?
<RoyK> does it work from localhost?
<satya> yes
<RoyK> yes what?
<satya> both yes
<RoyK> no idea - must be an nginx issue...
<RoyK> that is - I really don't know
<FauxFaux> I love the way people just ignore me.
<RoyK> iptables -vnL shows an empty set?
<satya> we stopped nginx and made port 80 listening using netcat
<satya> yes iptables show empty
<FauxFaux> So, kill netcat and try to connect.  What does the client get/
<satya> http://paste.ubuntu.com/1399034/
<RoyK> kill nginx and netcat and check with netstat -ln --tcp if something's listening
<FauxFaux> Jesus fucking christ.
<satya> nothing is listning on port 80
<satya> and the response is
<satya> telnet: Unable to connect to remote host: Connection refused
<satya> we suspect some kernel firewall or some sort of thing in os which is sending resets to port 80
<Kartagis> sorry if not appropriate question here, but would using pvcreate on an already existing partition wreck it?
<RoyK> Kartagis: it'll overwrite whatever's there, yes
<RoyK> or at least the start of it
<jamespage> Daviey, just added the check for irqbalance to the default server test in raring
<Kartagis> thanks RoyK, looks like it's useful to make a backup first
<Daviey> jamespage: thanks
<RoyK> Kartagis: it's always useful to have a backup or two...
<Kartagis> RoyK: how do I move the backed up files back afterwards? a simple mv will do?
<jamespage> Daviey, running the tests now in the lab
<RoyK> I ususally just use rsync
<Daviey> jamespage: running the test for just raring, or precise daily aswell?
<jamespage> Daviey, thats just raring atm
<Daviey> jamespage: confirmed, precise includes it.
<Daviey> it must just be the cloud images..
<jamespage> Daviey, for precise - lemme check
<Daviey> jamespage: My iso install just confirmed it
<jamespage> Daviey, for precise?
<Daviey> Yes, iso precise has it.. I haven't confirmed cloud images
<jamespage> Daviey, cloud-image looks OK _ although it stops on a m1.small due to only having 1 cpu
 * jamespage tries a bigger image
<soren> What's the problem with irqbalance?
<jamespage> Daviey, actually its installed in my raring cloud-image as well - just not running
<jamespage> soren, question over whether its shipping by default or not
<jamespage> but I think it is
<soren> It is. It's been since... Gosh, a long time ago.
<jamespage> soren, yes
<Daviey> soren: Yep, been in standard since Lucid, and seeded directly before
<jamespage> Daviey, I'm not sure this is an issue tbh
<Daviey> soren: The issue is a large user had a 'bad time' until they installed it
<hallyn> stgraber: a guy (in private email, sigh) complains that lxc-clone doesn't preserver hardlinks.  do you have any experience with how much -H slows down rsync?
<Daviey> soren: So i'm trying to work out how they are not having it byu default
<soren> Daviey: Ah, I see.
<Daviey> jamespage / soren: Might not be a one off.. http://www.linux-archive.org/ubuntu-user/519707-irqbalance-off.html
<jamespage> Daviey, hmm
<soren> Daviey: I may have a guess.
<Daviey> soren: oh?
<Daviey> jamespage: Maybe the reason you are seeing it not run, is it exit's itself if it's a one (v)cpu box
<jamespage> Daviey, thats what I'm thinking
<jamespage> its def installed and is running when I spin up something with more than 1 CPU
<soren> Daviey: Hang on, readiing code.
 * jamespage probably just created a test failure in the lab by adding a check for this.
<soren> Daviey: Oh, wait... Did they say it wasn't installed or that it didn't run?
<Daviey> soren: Honestly, the info is too sketchy to be sure
<Daviey> I think it was not installed.
<soren> That package's use of debconf is... umm... interesting.
<soren> db_set irqbalance/enable ENABLED
<soren> where irqbalance/enable is a boolean
<soren> (from irqbalance.config)
<Daviey> hah
<Daviey> Still, i don't think that is the cause.
<soren> Daviey: You're probably right.
<jamespage> soren, I can't see that?
<jamespage> soren, package dbconf looks OK to me
<Daviey> jamespage: you are confident this isn't a bug our side?
<jamespage> Daviey, I don't think so
<jamespage> Daviey, needs a check of the aws cloud image as well
<Daviey> jamespage: surely that would be the same?
<Daviey> but yes, good thinking
<Daviey> jamespage: Do you have access to an AWS image running already?
<stgraber> hallyn: nope. I wouldn't expect it to take much longer as rsync needs to call stat on all the files anyway, all -H should do is that it'll do it before copying anything to figure out if some are the same inode
<zul> jamespage: https://code.launchpad.net/~zulcss/ubuntu/precise/python-novaclient/new/+merge/137201
<hallyn> stgraber: ok, then maybe i should just add it always.  I usually use lvm cloning anyway so *I* don't care :)
<jamespage> Daviey, installed on 10.04 and 11.10 instances I have running
<stgraber> hallyn: I usually use the rsync code path, but I'm on SSD pretty much everywhere ;)
<jamespage> Daviey: erm - I don't appear to have a handy 12.04/12.10 instance to check this on
<Daviey> jamespage: OK, lets leave it for now
<Daviey> thanks for your help
<jamespage> zul, see MP - 1 minor nit; please fix and upload
<jamespage> Daviey, ack
<zul> jamespage: ack
<zul> jamespage: last one https://code.launchpad.net/~zulcss/ubuntu/precise/python-keystoneclient/new/+merge/137202
<jamespage> zul: stop
<zul> stopped
<Daviey> zul: your bzr commit includes 3 x * New upstream release...
<zul> Daviey: for which one?
<Daviey> https://code.launchpad.net/~zulcss/ubuntu/precise/python-keystoneclient/new/+merge/137202
<zul> Daviey:  in the debian/changelog? i dont see
<Daviey> the bzr commit...
 * jamespage rewinds
<zul> Daviey: im looking at line 552 of the diff
<Daviey> ah, i guess that makes more sense... i was looking at the BZR COMMIT LOG
<jamespage> zul: sorry - python-novaclient is fine for precise-grizzly
<zul> jamespage: k
<Daviey> (remember debuild -v)
<zul> keystoneclient alright as well?
<jamespage> zul, keystoneclient looks OK as well
<zul> cool thanks
<jamespage> zul, Daviey, smoser: I added a new script to smoses cloud-archive-check
<jamespage> ~james-page/+junk/cloud-archive-check/
<jamespage> lp:~james-page/+junk/cloud-archive-check/
<jamespage> verify_ca_branch.py - see code for details of what it does
<Daviey> release notes?!  THE CODE IS THE RELEASE NOTES :)
<Kartagis> what package does it take to install KDE? kdebase-bin?
<Kartagis> sorry, wrong channel
<caribou> what is a good tool to browse python code ? ctags ? cscope doesn't seem to like python
<RoyK> caribou: spyder?
<RoyK> there's a bunch of different ones out there
<RoyK> oh, spyder is the scientific one - probably not what you'r looking for
<benji> caribou: I have used cscope semi-succesfully with Python but it was a hack (and a hack that I don't remember very clearly); ctags works well, for what it is.  I have been meaning to try http://pypi.python.org/pypi/pycscope/
<uvirtbot> New bug: #1085057 in lxc (universe) "lxc-clone of busybox lxc 440M instead 1.7M" [Undecided,New] https://launchpad.net/bugs/1085057
<caribou> benji: yeah, I saw mentions of pycscope, but didn't find it in the archives. Since I had ctags already installed, I tried it but not convinced
<caribou> benji: I'll give a second look at pycscope
<benji> caribou: if you think of it, let me know how it goes; I would like to be motivated/demotivated with regards to setting it up mysel
<caribou> benji: ok, will do
<caribou> benji: d/led it, installed & built the cscope file. seems to do what I want, even from within VIM with exhuberant CTAGS shortcuts
<benji> cool, sounds like a winner
<caribou> from the timestamp, took ~10 min to setup :)
<hallyn> zul: jdstrand: http://people.canonical.com/~serge/libvirt-hugepages.debdiff and http://people.canonical.com/~serge/qemu-hugepages.debdiff, plus a server guide entry on picking values for sysctl vm.nr_hugepages ...  any objections?
<zul> hallyn: looks good to me
<JoeVLcek> smoser: ping
<yolanda> hi, is there any way to build a package skipping the tests? i'm just trying to debug some lintian errors
<jdstrand> hallyn: well, this gets back to if guests end up with access to other guests
<jdstrand> hallyn: I'm not really familiar with hugepages. will the kernel isolate them based on pid or similar?
<jdstrand> (if so, then ack-- it is as good as the kernel enforcing other access controls)
<hallyn> jdstrand: no, the kernel won't isolate guests based on pids i don't think
<hallyn> however, you have to opt into /run/hugepages/kvm being mounted...
<hallyn> jdstrand: so to make this more secure, we'd have to edit qemu_driver.c and virt-aa-helper.c, i assume, to grant access to only $HUGEPAGES_MOUNT/libvirt/qemu/<vm-name> ?
<hallyn> jdstrand: but... there are no files under there, actually
<kirkland> does anyone know if it's possible to have multiple partitions on an EBS root device?
<kirkland> (and still actually boot the damn thing?)
<jdstrand> hallyn: if there are no files, what is it accessing?
<hallyn> jdstrand: just looked, here's how it works
<hallyn> libvirt just creates $hugepagemount/libvirt/qemu, and runs qemu-kvm with -mem-path <thatpath>,
<hallyn> qemu-kvm then opens a file in that dir, mmaps memory from it, and truncates the file immediately
<hallyn> so that's why with a hugepage-backed vm running, there areno files to be found in that dir
<jdstrand> seems a rogue guest would not be able to take advantage of that... I assume there is some locking mechanism to prevent races on $hugepagemount/libvirt/qemu
<hallyn> jdstrand: qemu-kvm uses mkstemp in that dir
<jdstrand> ah
<jdstrand> that sounds ok then
<jdstrand> hallyn: thanks for looking into it
<hallyn> so the worst a guest should be able to do is grab all the hugepages
<hallyn> np.  thanks, ttyl
<jdstrand> yeah, but apparmor wouldn't prevent that anyway
<jdstrand> (assuming the user actually wants to use hugepages)
<hallyn> right
<jdstrand> or rather, assuming the host wants guests to use hugepages
<jdstrand> hallyn: hugepages is opt-in via the xml?
<hallyn> yes
<hallyn> (unfortunately :)
<hallyn> i need to look into adding a switch in virt-manager for that
<jdstrand> hallyn: so, actually, since that is the case, would it be better for virt-aa-helper to add that line only for guests that want huge pages?
<hallyn> yeah...
<hallyn> i guess i need to look deeper into virt-aa-helper anyway.  there are other open bugs with that...
<jdstrand> hallyn: I think all you need to do is in get_files() look in ctl->def->(<whatever hugepages is>) and see if you should use it, then call virBufferAsprintf() appropriately (see vah_add_file for how to do that)
<hallyn> jdstrand: waht exactly is get_files() meant to do?  get list of all paths it needs access to?
<jdstrand> hallyn: it looks in the vm definition for user specific file paths, yes
<hallyn> jdstrand: all right for now i think i will (a) push that qemu-kvm debdiff, and (b) look at every apparmor related libvirt bug i can find and see if i can get a few done in one fell swoop along with this
<jdstrand> hallyn: a few are also added in main()
<jdstrand> hallyn: this one might be better in main() (or some function you create called from main() rather than get_files(), since the actual path is user specified)
<jdstrand> err
<hallyn> jdstrand: actually this might be a problem - the path isn't user specified per se,
<jdstrand> *isn't* user specified
<hallyn> so virt-aa-helper will have to reprdouce the logic done in qemu_driver.c to determine the path
<jdstrand> hallyn: hmm
<hallyn> ok, will look into it - thanks, bbl
<sliddjur> Hello, how do I open port 53 for DNS?
<sliddjur> I created etc/iptables.rules and it contains "-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
<sliddjur> "
<andol> sliddjur: While DNS uses TCP in some cases (large responses) it most commonly uses UDP.
<sliddjur> andol, yeah, i got a line for udp too
<sliddjur> nmap shows port 22, 111 and 2049 is open
<andol> sliddjur: Of course assuming that /etc/iptables.rules is read by an iptables-restore (or an iptables-apply) somewhere.
<SpamapS> adam_g: hey, I was looking at quantal SRU's and noticed the nova and quantum SRU's which have a ridiculous number of bug #'s, but no single bug to track the general testing effort (since we'll be doing them like an MRE)
<yolanda> mm, i'm having a lintian error about empty binary package, but that package actually has some contents inside /usr/share/doc... is that a good idea to add some lintian overrides there, or what's the best fix for that?
<yolanda> jdstrand, what do you think about it? ^
<jdstrand> if it doesn't ship anything usable or isn't a meta-package, it should probably be removed.
<yolanda> jdstrand, it's the nova-compute-xcp package, and ships some documentation inside /usr/share/doc/nova-compute-xcp/
<jdstrand> yolanda: sorry for the delay
<yolanda> jdstrand, no problem, i'm trying to progress with other points
<jdstrand> yolanda: so, /usr/share/doc/nova-compute-xcp/changelog.Debian.gz is there because the package was declared in debian/control
<jdstrand> yolanda: so that shouldn't be considered
<jdstrand> yolanda: /usr/share/doc/nova-compute-xcp/copyright is an actual file
<jdstrand> yolanda: t (to be considered), but it is referring to things that the package doesn't ship. this looks to be a mistake
<jdstrand> yolanda: looking at the Depends, it seems to be a package made simply to pull in python-xenapi
<yolanda> i added an override there
<yolanda> a lintian overrides
<jdstrand> yolanda: I suggest asking zul what the intent of the package is (he added xcp support in 2012.1~e4-0ubuntu1)
<jdstrand> an override might be ok, I can't say. zul can let you know if there is a mistake there
<zul> its on my personal todo list to fix for raring
<zul> override should be fine for now
<keyz182> Hi all, not sure if there's a better place to be asking this, so point me there if so. I'm running an Essex openstack installation at the moment on Ubuntu 12.04 for a university research project. We'd like to upgrade to Folsom, and there seems to be an upgrade path out there for it, but I can't find much info on it other than Mark Shuttleworths video, and instructions on how to enable
<keyz182> the correct repo. Is there any info out there, or guides, on preperation that needs to be done, potential problems, and any manual steps? My google-fu is failing me today.
<yolanda> zul, ok, i added that override
<roaksoax> jamespage: howdy!! so I was thinking that it doesn't really make sense to make the charms (i.e. keystone) configure its own haproxy when there's really a charm for it
<roaksoax> jamespage: so we should probably use it as a subordinate
<roaksoax> or figure out a way to use it effectively
<jamespage> roaksoax, charms can only have one personality
<jamespage> subordinate or principle
<roaksoax> jamespage: right, we can have a simplified version of the HA proxy charm then
<roaksoax> jamespage: i.e. keystone principal, with 2 subordinate haproxy/hacluster
<roaksoax> and a relation in bteween the subordinates
<roaksoax> jamespage: or even colocate them with jitsu
<jamespage> roaksoax, not that last option
<roaksoax> yeah that wouldn't work with add-unit
<jamespage> everything should be deployable WITHOUT jitsu
<jamespage> roaksoax, I agree with 're-use' for haproxy but not with subordinate
<roaksoax> jamespage: right, so then there's really no way to do so without integrating haproxy in keystone
<roaksoax> jamespage: or even in the hacluster charm
<jamespage> roaksoax, OK - so reuse the same code for haproxy across all of the openstack charms that need it
<jamespage> and add stuff into the charm hooks that calls it in the right way
<jamespage> that way the principle is in charge of configuring its haproxy; hacluster takes care of the VIP/service failover
<jamespage> I think adding another subordinate is over complicating things
<roaksoax> jamespage: right, so we will only use haproxy if we have hacluster right?
<adam_g> SpamapS: what is the quantum SRU? i had put together a nova SRU last month for quantal-proposed with a meta bug (LP: 1074359) to track. but upstream has released a new stable release yesterday that ill be preparing a new one (today,m hopefully) that will supersede that one.
<SpamapS> adam_g: ah ok, want to just reject the current upload then?
<SpamapS> adam_g: I'd say just make it clear in the changelog which one is the meta bug
<SpamapS> adam_g: and re quantum, I'll just chalk that up to me assuming you did them both.
<jamespage> roaksoax, hmm - probably;  the principle should start generating config for haproxy as soon as it has peers
<jamespage> and a vip configured
<roaksoax> jamespage: right, so I think it might be easier to make the hacluster do that config, since it is there were we will configure the vip
<adam_g> SpamapS: looks like zul did the quantum one back on nov 07th. rejecting them is fine. in the new batch ill be  sure to reference the metabug at the top of the changelog
 * jamespage thinks
<adam_g> SpamapS: also FYI--i sent an email to the TB list yesterday (stuck in moderation, tho) requesting cinder and quantum be added to the existing MRE
<SpamapS> adam_g: Its still "provisional".. I wonder, how many have been done since that provisional MRE was granted?
<hallyn> jdstrand: <shrug> still playing, but i think i'll just need to add the backing file to the VirDomainDef struct
<jamespage> roaksoax, not sure TBH; I like the separation between hacluster (responsible for VIP's and service control) and a principle that set's up and configures the services
<jamespage> that way if a principle starts todo something new; then all it has todo is tell hacluster...
<roaksoax> jamespage: or, you can simply tell hacluster "get me haproxy with HA"
<roaksoax> jamespage: then hacluster will configure haproxy for such escenario
<roaksoax> jamespage: and in principal charms, you would simply say
<roaksoax> "enable haproxy, this is the VIP i want you to use"
<jamespage> hmm
<roaksoax> jamespage: i see this as a similar thing as what will happen with DRBD
<jamespage> I remain unconvinced
<adam_g> SpamapS: we managed to push out 4 SRUs (LP: #1041120).  this time around there is a set release schedule for upstream point releases, so i expect we'll be shooting to do as many in Ubuntu this time around
<jamespage> roaksoax, sorry - I'm not trying to be awkward :-)
<roaksoax> jamespage: lol no worries :)
<roaksoax> jamespage: so HA proxy in this escenario (running in the same place as keystone), doesn't make sense without hacluster
<roaksoax> right?
<jamespage> roaksoax, agreed; and it won't work really cause it does not have an IP to bind to
<jamespage> roaksoax, the way I saw it (probably) was
<jamespage> juju set keystone vip=xx.xx.xx.xx
<jamespage> juju add-unit keystone
<jamespage> (at which point we start generating a haproxy configuration using a peers hook)
<jamespage> juju deploy hacluster keystone-hacluster
<jamespage> juju add-relation hacluster keystone
<jamespage> (keystone then says to hacluster - relation-set vip=xx.xx.xx.xx service=haproxy)
<jamespage> ^^ that line is over simplified I know
<uvirtbot> jamespage: Error: "^" is not a valid command.
<jamespage> and then hacluster does it magic, brings up a vip on one of the nodes and starts up haproxy
<jamespage> roaksoax, does that make sense?
<taowa> Hos do I use wireless on ubuntu server
<roaksoax> jamespage: yeah, that's very similar workflow as I was thinking but doing so in the hacluster side
<roaksoax> as in: juju set keystone vip=x.x.x.x
<roaksoax> juju deploy keystone
<roaksoax> juju deploy hacluster
<roaksoax> juju set keystone service=haproxy
<roaksoax> juju add-relation keystone hacluster
<smoser> JoeVLcek, i'm here now.
<roaksoax> juju add-unit keystone
<taowa> Hos do I use wireless on ubuntu server
<roaksoax> jamespage: and then, hacluster say, oh wait, keystone wants to use VIP for HA proxy, let's install and configure haproxy for usch purpose
<taowa> How do I use wireless on ubuntu server?
<roaksoax> jamespage: to me, in reality, is the same in either place
<sarnold> taowa: normally, it is considered polite to repeat questions once an hour at the most.
<jamespage> roaksoax, hmm
<roaksoax> jamespage: in this case escenario it is exactly the same
<jamespage> roaksoax, I just prefer the split of what (in keystone) and how (in hacluster)
<roaksoax> jamespage: the benefit I see, however, is thta this would work (or should) if we don't deploy them in the same machine
<jamespage> roaksoax, I don't understand that last comment
<uvirtbot> New bug: #1075342 in mysql-5.5 (main) "package mysql-server-5.5 5.5.24-0ubuntu0.12.04.1 failed to install/upgrade: subprocess new pre-removal script returned error exit status 255" [Undecided,Invalid] https://launchpad.net/bugs/1075342
<roaksoax> jamespage: basically is "there might be various units of keystone, but as long there's no hacluster controller haproxy, then they are all useless"
<roaksoax> s/controller/controling
<roaksoax> so you might aswell integrate haproxy in hacluster, the same way you would do with DRBD
<roaksoax> as in, juju deploy mysql
<roaksoax> juju dmeploy hacluster
<roaksoax> juju add-relation mysql hacluster
<roaksoax> hacluster will then say, oh mysql in HA, so I need to configure DRBD, and put all the mysql stuff in the DRBD partition
<roaksoax> and control mysql
<roaksoax> jamespage: but again, to me really, it is the same doing it in keystone or doing it in the hacluster
<elventear> Hello. I am having an issue with a software raid 1 volume that is rebuilding. The new drive that was added to the volume is writing at very slow speeds, in the the hundreds of KB/s. Any ideas what could I check to see what is going on?
<jamespage> roaksoax, it think it is different
<jamespage> roaksoax, keystone should tell hacluster which resources it should HA; same with MySQL
<sarnold> elventear: anythin in dmesg that looks like io errors?
<elventear> sarnold: Nothing.
<roaksoax> jamespage: sure! again really this doesn't make any difference to me
<roaksoax> it is ust who does the configuration and controls it
<roaksoax> because my way of seeing things in this particular case is "haproxy does not make any sense without hacluster"
<roaksoax> so you might as well do the haproxy configure in hacluster rather than in keystone
<elventear> I changed the scheduler and things are better now. I was using deadline.
<roaksoax> same as it wouldn't make any sense to have DRBD without hacluster
<roaksoax> so hacluster should be the one configuring DRBD based on the specifications of whomever wants to use DRBD
<sarnold> elventear: no kidding? o_O
<sarnold> elventear: thanks for reporting back :)
<elventear> sarnold: Maybe I spoke too soon. Speeds spiked for a while but they are going down :(
<jamespage> roaksoax, I think the two use-cases are different; DRDB is 'please provide me with a replicated block device' - its just one thing
<jamespage> roaksoax, haproxy is software with potentially service specific configuration....
<roaksoax> jamespage: same as drbd :)
<sarnold> elventear: oh :/
<jamespage> roaksoax, OK _ so maybe me trying to think this through at 1800 on a Friday is not working so well.
<roaksoax> jamespage: haha maybe :)
<roaksoax> jamespage: i beer would help,. wouldn't it?
<jamespage> roaksoax, can I suggest that you put together a prototype of each; we have most of the keystone bits done for haproxy in keystone; lets work them both and compare and contrast next week
 * jamespage thinks that sometimes its a good idea to spike two solutions to see which one works best
<roaksoax> jamespage: indeed
<jamespage> roaksoax, adam_g: btw I have quantum integrated into the nova-compute charm now
<JoeVLcek> smoser: ping
<jamespage> just need to finish off the quantum gateway bits now - but that will be monday
 * jamespage <- brain is fried
<roaksoax> jamespage: to finilize my thoughts, for simplicity, keystone would manage haproxy, then you need to add support for cloud-controller no manage haproxy as well right?
<jamespage> roaksoax, yes - but the code will be shared across all os services that need this feature
<jamespage> so its a hook and a call to nova-common/openstack_common
<jamespage> +1 extra package to install
<JoeVLcek> smoser: Sorry I missed you. I was grabbing some lunch. Back now
<jamespage> roaksoax, have a good rest of the day - catchup monday
 * jamespage signs out for the weekend
<roaksoax> jamespage: alright, you have a good weekend
<jamespage> (like that actually ever happens)
<jamespage> roaksoax, you to
<qwebirc14433> Hi, my /boot ran out of space.  What's the proper way to remove files in /boot?
<qwebirc14433> I am trying to upgrade from 10.04 to 12.04 and encountered "no space left on device"
<greppy> qwebirc14433: uninstall any unused kernels
<qwebirc14433> how to uninstall?
<greppy> dpkg -l | grep linux-image
<greppy> then for instance do: apt-get remove linux-image-3.2.0-30-generic
<greppy> or whatever your old unused kernels are.
<qwebirc14433> ic.  so i can basically remove all the old kernels, maybe keep one or two just in case needed right?
<greppy> I normally only keep the last kernel and the current one.
<greppy> and once I reboot on the latest one and all is well, I have been known to remove the older ones and only leave the one.
<qwebirc14433> great, it's working!  Thanks greppy!
<Lorax> perhaps a silly question, but will the current iso fit on a 2gig usb stick with unetbootin?
<lvmer1> Where should I ask ubuntu-server dlna questions? I'm having trouble with linux -> samsung pc for some reason, while windows seems to work fine.
<lvmer1> samsung tv**
<tedski> lvmer1: which dlna server are you using?
<lvmer1> tedski: I tried minidlna & it didn't seem responsive to the tv, but it worked across computers so I uninstalled it & was just going to go down a list until I found one that worked: mediatomb, mythtv, serviio, etc. But I figured I'd ask, because Mezzmo from Win7 -> samsung tv works fine.
<sarnold> I've used ushare to my ps3 before, but it never seemed to work as well as just using the browser on the ps3 to download video files...
<sarnold> pause kinda sucked.
<lvmer1> sarnold: yah fastforward kinda sucks for me xD
<lvmer1> lol I'm 'pinging' a tv.....
<lvmer1> what has this world come to
<sarnold> lvmer1: just wait until your tv refuses to do anything until you give it a software update..
<lvmer1> sarnold: lol that already happened
<lvmer1> it forced me to download "angry birds" as part of a necessary software update
<lvmer1> lmao
<sarnold> hahaha
<tedski> lvmer1: i hate to answer your question with a different solution... but i use plex
<lvmer1> yah... makes you wonder.... what kind of deal did samsung do with angry birds lol
<tedski> lvmer1: samsung has an app for it, too
<lvmer1> yah
<lvmer1> pcsharemanager or allshare or something
<lvmer1> doesn't work even on my windows pc's no idea why
<lvmer1> doesn't work on the samsung bluray player either
<lvmer1> I doubt I can install it on linux either
<lvmer1> unless I do some crazy wine terminal stuff on the server
<lvmer1> I'm going to try plex and ushare
<lvmer1> thanks tedski & sarnold   :)
<simen> Hi guys. I am trying to locate the cause of my high load. I have low CPU, low RAM, low IO wait. Are there any other parameters that might affect my load?
<simen> I am guessing maybe some latency? Maybe epoll (memcached) or TCP/IP.
<sarnold> simen: what do you mean by 'high load'?
<simen> sarnold: I mean 10 concurrent users on a web server with 1 core and 2 GB RAM is constantly around 1.7. Web server is Nginx with APC caching and Memcached
<taowa> How do I use wireless on ubuntu server?
<sarnold> taowa: what have you tried? where are you stuck?
<taowa> Nothing..
<SpamapS> simen: so if you run top, you don't see anything using CPU?
<genii-around> man wpa_supplicant
<Danichan> hello!
<simen> sarnold: Top has brief spikes of php-fpm processes doing some work, but average CPU is around 20%
<SpamapS> simen: Is this by any chance on Ubuntu 10.04 on EC2?
<SpamapS> simen: there were problems with "phantom load" on EC2 for a while
<simen> SpamapS: No, it's 12.04 VPS - hosted by my provider. Not sure about their infrastructure
<SpamapS> "VPS" ?
<SpamapS> Can you elaborate?
<simen> SpamapS: "Phantom load" describes my problem pretty well. Good name
<TheLordOfTime> their image i think SpamapS
<simen> SpamapS: VPS = Virtual Private Server. So on some other, bigger box.
<TheLordOfTime> simen, we know that, but what architecture?
<TheLordOfTime> 32bit?  64bit?
<SpamapS> simen: but, is it a VM, or a container?
<TheLordOfTime> all VMs still have an arch.
<TheLordOfTime> :P
<SpamapS> If its a container, then thats the issue.
<TheLordOfTime> although SPamapS has a good point
<Danichan> I have a samba PDC  and a client as ROLE_DOMAIN_MEMBER that it can join to the domain using a terminal. Can i log in domain using a xdm like slim or gdm??
<simen> My service provider often talks about "container" and how there sometimes isn't room for me to upgrade on it.
<Danichan> windows domain style
<SpamapS> if its a VM, you should see the "steal%" go up with other users using your CPU, and that is also "load"
<henkjan> SpamapS: hmm, leaving canonical?
<SpamapS> henkjan: aye
<SpamapS> henkjan: have we met?
<henkjan> no, i just read your post at the planet
<SpamapS> ah ok :)
<SpamapS> simen: ignore load average
<simen> SpamapS: really?
<SpamapS> simen: though realistically, it probably *is* legitimate
<SpamapS> simen: your concern is response time of your app
<SpamapS> simen: you should be monitoring that
<simen> SpamapS: Actually, response times are not bad
<henkjan> SpamapS: you where responsible for mysql 5.5 packaging right?
<SpamapS> simen: I suggest logging how long requests take, and having your monitors watch for spikes and trends in the logs.
<SpamapS> henkjan: yes
<SpamapS> henkjan: still am responsible actually :)
<henkjan> and you keep maintaining it after you leave?
<SpamapS> simen: the load is just saying that on average you have 1.7 things waiting for resources .. with 10 users (assuming they never pause to LOOK at the screen, just keep clicking), thats still only 170ms per request
<SpamapS> henkjan: when I can, here and there.
<SpamapS> henkjan: others have the skills to pick up the slack.
<henkjan> maybe...
<henkjan> ik took long enough for 5.5 to become packaged for debian/ubuntu
<SpamapS> henkjan: only because the Debian maintainer was transitioning out of his old role, so it took a while for us to get it going
<henkjan> ah, okay
<SpamapS> henkjan: I expect 5.6 to land very quickly after it goes GA
<ScottK> SpamapS: Is that expected for raring?
<SpamapS> no
<SpamapS> definitely no
<ScottK> Oh good.
<henkjan> ScottK: afaik there is no public announced date for 5.6GA
<SpamapS> ScottK: they always need 1 or 2 point releases to shake out the final GA stuff
<SpamapS> as in, you wait for GA, then you *try it*.. then you wait for the next 2 patches, then you deploy it.
<henkjan> SpamapS: did you manage to get one of the codership guys to UDS Kopenhagen?
<simen> SpamapS: You are a legend. Thank you for connecting load with ms for me. Also, I'm quickly doing some request logging in Nginx, will post an example in a minute. Thanks
<SpamapS> It will definitely be in 14.04 unless Oracle implodes or something
<SpamapS> henkjan: they were busy.. but Stewart Smith from Percona had enough info to be helpful.
<SpamapS> henkjan: the problem with Galera at the moment is that it is somewhat invasive as a patch to MySQL, so its really like another derivative.
<henkjan> ah, would be nice to get xtradb-cluster or mysql + galera in main
<SpamapS> The plan is to do xtradb-cluster
<SpamapS> Percona's going to work on it.
<henkjan> cool
<SpamapS> And I may even still work on it.
<henkjan> i'll ask the percona guys next week :)
<SpamapS> Reminds me I need to see about going to Percona Live again. Would be 4 years in a row
<henkjan> 2nd time for me
<henkjan> got free tickets this year :)
<henkjan> SpamapS: are you next week in London @ percona live?
<SpamapS> no
<SpamapS> the US shone
<SpamapS> one
<henkjan> the big one :)
<hallyn> jdstrand: sigh, it looks like virSecurityManagerGenLabel is called too early for either hugepage backign info or vnc socket path info
<hallyn> all right guess i'll need to add fns...
<hallyn> aha, the mem info may be fine.  the vnc - i may just not be setting up an appropriate test case.  sigh
<kirkland> hallyn: howdy!
<kirkland> hallyn: have you ever used kexec in ubuntu?
<hallyn> kirkland: nope
<hallyn> well, only to test whether you cando it from a container :)
<kirkland> hallyn: and?
<hallyn> looking to do some ksplicing?
<kirkland> hallyn: no not really
<hallyn> and it needed a patch to prevent it
<kirkland> hallyn: trying to support reboots of encrypted overayroot
<hallyn> kirkland: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1034125
<uvirtbot> Launchpad bug 1034125 in linux "containers can load a kernel to kexec" [High,Fix released]
<sarnold> teehee
<hallyn> sar	:)
<hallyn> hm
<hallyn> that was weird
<sarnold> laggy ssh to your irc client?
<hallyn> very
<kirkland> hallyn: i'm failing to kexec load
<kirkland> kexec_load failed: Device or resource busy
<hallyn> kirkland: can you strace that?
<hallyn> in kernel all i see is two EBUSYs on mutex load and one if htere are frozen processes
<hallyn> (well, if freeze_processes() fails)
<kirkland> hallyn: http://paste.ubuntu.com/1400579/
<kirkland> openat(AT_FDCWD, "/sys/firmware/edd", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
<kirkland> interesting
<hallyn> well doing openat and giving a full pathname is interesting :)
<hallyn> is that the lst failure though?
<hallyn> oh nm.  it's kexec_load itself
<kirkland> hallyn: yeah
<kirkland> hallyn: what is supposed to populate edd?
<hallyn> my guess is machine_kexec_prepare() is failing.  dunno why
<hallyn> apw might have an idea
<kirkland> apw: howdy :-)
<kirkland> apw: I reckon it's late on a friday night for you
<uvirtbot> New bug: #1085225 in lxc (universe) "can't install lxc fedora "17, 18" container " [Undecided,New] https://launchpad.net/bugs/1085225
<uvirtbot> New bug: #1085255 in quantum (main) "Meta bug for tracking Openstack 2012.2.1 Stable Update" [Undecided,New] https://launchpad.net/bugs/1085255
#ubuntu-server 2012-12-01
<uvirtbot> New bug: #1080008 in mysql-5.5 (main) "package mysql-server-5.5 5.5.28-0ubuntu0.12.04.2 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1 | remove MariaDB and have some problem to install mysql after that" [Undecided,Invalid] https://launchpad.net/bugs/1080008
<VeD0S> anyone know why an ethernet interface would show up in iwconfig but not ifconfig?
<patdk-lap> cause ifconfig only shows active interfaces by default
<VeD0S> ah
<patdk-lap> try ifconfig interfacename
<patdk-lap> and it will show it
<VeD0S> ah excellent
<VeD0S> thank you
<hikenboot> hi I am working with Apache I am trying to change my apache document root to /var/www/mydomain.com/ instead of /var/www but changing it using the DocumentRoot directive seems to have no effect anyone know why?
<hikenboot> I still arrive at the old web root when going browsing the web server
<greppy> hikenboot: did you restart apache?
<hikenboot> greppy yes
<greppy> hikenboot: did you restart your web browser?
<greppy> many web browsers will cache the webpage, restarting it or possibly forcing a refresh should help.
<fubada> hi, why is 12.10 upgrade forcing me to install xorg
<fubada> along with account-plugin-facebook and other spam
<fubada> im running ubuntu server 12.04, looking to upgrade to 12.10
<hikenboot> greppy restarting the ubuntu apache server/clearing client cache restarting client browser and trying again...dont think it will make a difference. I think there is something else that controls what is setup as root for the web server
<greppy> hikenboot: what file did you edit?
<fubada> why is 12.10 isntall gui
<fubada> unity, xorg, etc
<hikenboot> the files in /etc/apache2 the apache2.conf the sites-available directory and made links in the sites-enagbled directory
<greppy> You should only have to edit one of the files in sites-enabled/
<hikenboot> well before I had 3 different sites on one install of apache so your right I only need one site in sites-enable right now
<samba35> i have apache2/sites-available/default:        DocumentRoot /var/www/wordpress but still it show default page
<_KaszpiR_> samba35 go reload apache?
<_KaszpiR_> and go to #apache or #httpd
<_KaszpiR_> second make sure to enable dir module, make sure there is a php installed  and that in dir.conf there is a index.php added
<JanC> sites-available is just that: sites that are configured, but not active
<JanC> samba35: you should read /usr/share/doc/apache2/README.Debian.gz
<greppy> files in sites-enabled should be a symlink to sites-available/
<samba35> ok
<JanC> and you should probably use a2ensite to enable them...
<_KaszpiR_> afair sites-available/default is welll, enabled by default and probably points to welcome page
<_KaszpiR_> unless they put it also somwhere else
<JanC> ("zless /usr/share/doc/apache2/README.Debian.gz" in a terminal will let you read)
<Frostbyte> um, could I get some help with openvpn? :/
<sliddjur> I need some help setting up DNS server. When I try to start DNS server I get error message about firewall I think.
<JoseeAntonioR> hey guys, when I use apache it consumes memory, and for it to release it I need to restart the serve, any ideas?
<ropetin> JoseeAntonioR: stupid question, but what are you using to check memory usage?
<JoseeAntonioR> ropetin: top
<JoseeAntonioR> and vmstat
<ropetin> And do you run out of memory?  The reason I ask is because it isn't neccessarily a problem that Apache keeps hold of hte memory
<ropetin> the memory
<JoseeAntonioR> no, I don
<JoseeAntonioR> 't
<JoseeAntonioR> I have 32GB, it uses ~30, and it doesn't release it, I need to restart the server for it to release it
<princej88> Hi, Has anyone had any luck getting forked-daapd to work correctly in ubuntu server? I am having the issue where the connection will timeout after 5 minutes.
<princej88> Running 12.04.2 lts
<princej88> 12.04.1*
<patdk-lap> JoseeAntonioR, how did you calculate memory usage of apache?
<patdk-lap> apache normally only uses about 3megs, if your using mod_php, that is your issue
<JoseeAntonioR> patdk-lap: top and vmstat
<JoseeAntonioR> we're having LOTS of users
<patdk-lap> top and vmstat?
<patdk-lap> they won't show memory usage of apache
<JoseeAntonioR> ah
<JoseeAntonioR> wait a sec please
<patdk-lap> what does the rss column of ps ax say?
<JoseeAntonioR> I have no access to the server atm, I'm in a meeting
<patdk-lap> and are you using mod_php, mod_perl, ???
<JoseeAntonioR> actually, a friend of mine has the issue
<JoseeAntonioR> patdk-lap: they say they're using the default install in ubuntu
<patdk-lap> explain, default install
<JoseeAntonioR> the one in the ubuntu repos
<patdk-lap> cause default install in ubuntu, doesnt even install apache :)
<SpaceBass> hey folks
<SpaceBass> have a system with corrupted base files. Found the root cause, not a HD issue. Can I simply install over the corrupt install and keep my current configuration?
<escott> SpaceBass, no
<escott> !clone | SpaceBass
<ubottu> SpaceBass: To replicate your packages selection on another machine (or restore it if re-installing), you can type Â« aptitude  --display-format '%p' search '?installed!?automatic' > ~/my-packages Â», move the file "my-packages" to the other machine, and there type Â« sudo xargs aptitude --schedule-only install < my-packages ; sudo aptitude install Â» (this may cause problems with multiarch before 12.10) - See also !automate
<SpaceBass> thanks escott
<escott> SpaceBass, that will NOT backup /etc or any other configs
<SpaceBass> right, I have those already in tgz and moved off the drive
<escott> !info etc-keeper | SpaceBass you might like this
<ubottu> SpaceBass you might like this: Package etc-keeper does not exist in quantal
<escott> ubottu, why are you damned stupid that you can't figure out to take a "-" out of the package name
<ubottu> escott: I am only a bot, please don't think I'm intelligent :)
<escott> !info etckeeper | SpaceBass
<ubottu> SpaceBass: etckeeper (source: etckeeper): store /etc in git, mercurial, bzr or darcs. In component main, is optional. Version 0.61ubuntu2 (quantal), package size 28 kB, installed size 223 kB
<SpaceBass> thanks, with base-files being corrupt, I cannot apt-get anything. But I'll try though source
<escott> SpaceBass, more for future reference
<escott> it doesnt do any good unless its the first thing you install
<SpaceBass> gotcha
<ChmEarl> !automate
<ubottu> Ways to automate installation of Ubuntu on multiple machines are described at https://help.ubuntu.com/12.04/installation-guide/i386/appendix-preseed.html - See also !cloning
<streulma> hello, should I use Ubuntu Server or Debian for my personal server? I have a network running with 10 ubuntu servers 10.04 but find it a little bit old and not up to date
<patdk-lap> heh, debian is more up to date?
<patdk-lap> debian is every 2 to 3 years, and ubuntu is every 6 months
<ScottK> streulma: If you want a newer  release, just upgrade to 12.04.
<escott> patdk-lap, ubuntu (usually) takes debian-testing freezes it for a few months and refines it then releases their version. so debian can be more up to date
<patdk-lap> escott, debian-testing != release
<patdk-lap> sure you can run sid if you want for a server
<patdk-lap> I wouldn't trust it for any uptime
<ScottK> I mostly wouldn't trust it for a server because there is no security update support for it.
<ScottK> BTW, I've run the regular Ubuntu 6 month releases on servers and they are fine if you want even newer.
<escott> patdk-lap, i thought yours was the question. so i was trying to explain where the packages came from. i see streulma was asking
 * patdk-lap wonders how someone can call 5 release old software, not up to date
<streulma> I love ubuntu for servers, but they came also every 5 minutes like also with a kernel update...
<streulma> I have to decise between ubuntu server, debian or centos
<patdk-lap> oh ya, centos only does releases every 5 to6 years, that is uptodate :)
<streulma> but the software that I need like tomcat and postgres are running best on ubuntu
<patdk-lap> you do know that centos only updates security patchs, not bug fixs in the kernel
<patdk-lap> I dunno about debian
<ScottK> If the frequent kernel updates bother you, you can read the security notices and only reboot into the new kernel if there's an issue that concerns you.
<ScottK> Personally, I like having bugs get fixed.
<patdk-lap> it's a personal server too, why do you need months of uptime?
<Anternat>  hi i have 10.04 server which i can only use ssh to access. I have lost access although it stays in the network when powered on.(Neither by hostname nor by ip). Happened after i did an install about security camera software. what are my options to gain access again?
<patdk-lap> what does that mean?
<Anternat> i cant ssh to my box anymore
<Anternat> but it stays in the network
<patdk-lap> two options
<patdk-lap> walk over to it and fix it using a keyboard
<patdk-lap> hack into to it using any exposed services it runs
<Anternat> no kb no monitor
<escott> patdk-lap, you left off the third option. hold a sÃ©ance
<ScottK> Did you try to ssh to it's IP address directly and not the hostname?
<Anternat> yep both
<Anternat> did even port scan but no port seemed to be open, i dont know :(
<patdk-lap> hope it has ilo, drac, ipmi, ... support?
<escott> Anternat, you don't know what is going on. it may not even be booting.
<Anternat> yes escott but does it join the network without being able to boot properly?
<patdk-lap> what does, join the network, mean?
<escott> Anternat, how do you know it is joining the network. the card could just be signalling power and the router making the offer. no reason to believe the system accepts the offer
<Anternat> there s an assigned ip to it via dsl modem router. That ip is visible when i turn the pc on
<escott> Anternat, and plenty of reason to believe it isn't. does it respond to ping?
<Anternat> didnt try, lemme do, sec plz
<Anternat> yes it answers
<escott> Anternat, then it accepts the offer, but doesn't run services. could be in the initramfs... you have no idea
<Anternat> do i have chance to go more with sorta live cd?
<escott> Anternat, i dont think the livecd runs ssh server by default, but you could customize one
<escott> Anternat, that may not do anything useful though. that would only let you check that the disks are not corrupted.
<escott> Anternat, you should always have a console level access plan
<Anternat> okay thanks for your time
<patdk-lap> initramfs only does networking stuff for network root, as far as I know
#ubuntu-server 2012-12-02
<uvirtbot> New bug: #1085537 in euca2ools (main) "/etc/ssl/certs/cert-ec2.pem is invalid symlink" [Undecided,New] https://launchpad.net/bugs/1085537
<uvirtbot> New bug: #1085538 in irqbalance (main) "irqbalance flooding syslog file" [Undecided,New] https://launchpad.net/bugs/1085538
<VonKranke> I just finished installing my ubuntu server and have a problem with the framebuffer mode it's set on my console display.  The text is VERY tiny (around 160 columns) and is only using the top 25 lines of the screen.  Is there a way I can (re) set the console video mode?
<escott> VonKranke, https://wiki.ubuntu.com/FrameBuffer
<pmp6nl> Hello, I enabled SFTP only, but I temporarily need to use just FTP.  Is there a good way to do this?  Running Ubuntu 12.04 thanks.
<escott> pmp6nl, no
<pmp6nl> escott, its that complicated? Its not just a setting in a file?
<escott> pmp6nl, you would have to install and configure an ftp server. which is an insecure and broken protocol
<pmp6nl> escott, oh, sftp is that different than ftp?
<escott> pmp6nl, yes
<escott> pmp6nl, sftp is an ssh server talking ftp
<pmp6nl> escott, ah. Ya. I figured you could just disable ssh for a few minutes and use standard ftp
<escott> pmp6nl, no need to disable ssh
<pmp6nl> ok
<pmp6nl> thanks
<gregor_> Hello, I want my ubuntu 12.04 server to automatically shutdown if there is no ssh activity
<gregor_> Maybe someone could help me?
<gregor_> ..
<StevenR> gregor_: can you be a little more specific on what you require?
<JanC> StevenR: literally it means he wants his server to shut down immediately after boot  ;)
<gregor_> I want it to shutdown after midnight and there were no connections in the past hour
<gregor_> I already found a little thread in askubuntu.com, but maybe you know more :)
<imminentCucumber> question about system load -- wget seems to have a huge effect on my system load.  Right now I'm downloading and the load is 14.  When the download is done, system load goes back down to .3 or so.  What can I check on this?  Google searches seem to only produce results about people having problems with Desktop.
<imminentCucumber> it appears to be any disk activity that does this, wget, unzip, transmissioncli, slickslice...
<imminentCucumber> I've got this in the log :  http://pastebin.com/iBCfKXhb
<imminentCucumber> but I dont' know if that's normal
<Dioxin> It is feasible to use apt-mirror on non-debian based repositories?
<orogor> hi here
<orogor> i am looking for ideas on which services would be interesting to provide on a small vpn between friends
<orogor> anyone has an idea?
<Dioxin> google is your friend, lots of options there, not had personal experience tho
<Dioxin> OpenVPN is probably the Ubuntu supported option
<orogor> i was thinking about tinc , to avoid the need for a central gateway
<yeats> Dioxin: re: your apt-mirror question - I would seriously doubt it (but I don't know your use case)
<Dioxin> TinyCoreLinux is the repo I wish to host locally on an Ubuntu Host
<RoyK> tinc looks interesting ;)
<orogor> found this too http://www.p2pvpn.org/
<orogor> the basic for the network would be 3-5 peoples which are computer knowledgable or sysadmin
<orogor> i was also thinking on providing maybe a vm image with a few softs installed
<orogor> a bit different , i found this too http://wanproxy.org/
<orogor> it s  network deduplication
<patdk-lap> heh? openvpn doesn't require a centeral gateway
<patdk-lap> I use it in p2p mode more often than client/server mode
<orogor> hoo
<patdk-lap> there is always ipsec though
<patdk-lap> I have craploads of ipsec tunnels
<orogor> how does it work when you add new nodes ? where it get the config info for reaching other nodes?
<patdk-lap> that is left for the user to do
<orogor> haaa p2p has in point to point
<patdk-lap> sounds like you don't want a p2p vpn, but an adhoc vpn mesh
<orogor> we speak of p2p as in peer to peer
<orogor> yup a mesh network
 * patdk-lap sticks with his openvpn/ipsec tunnels with bgp/ospf running on them
<orogor> i  fell like it s too much complexity
<LeChacal> hello, I have looked through the sshd_config and online but can't seem to find an anwers, is there a way to bind sshd to an interface rather than address?
<[conrad]> Hello everyone. Is it possible to configure DHCP to *only* serve static IP's via MAC? I'm able to do what I need via dhcpd.conf, but I can't seem to disable other MAC's from picking up an IP as well.
<Patrickdk> sure
<Patrickdk> I guess, not sure how you configure a protocol though
<[conrad]> Patrickdk: What that response to me?
<Patrickdk> na, the other guy asking about dhcp
<[conrad]> Patrickdk: You didn't specifically mention my name or DHCP. I just recently joined the room. You could have been talking to anyone.
<shauno> [conrad]: assuming isc-dhcp-server, "deny unknown-clients;" is your google-fodder  (I don't have an example in context, but I'm positive google does)
<[conrad]> shauno: Thanks. I was trying to tinker with the range setting, but to no avail.
<shauno> I think it works if your pool is only big enough for the reservations you have listed, but that's a side-effect and not to be trusted, allow/deny are intended for this
<patdk-lap> remove the range completely
<patdk-lap> if you only want static
<[conrad]> shauno , patdk-lap . Thank you both very much.
<axisys> what is best way to add ~audit/bin to the PATH of users in admin group?
<axisys> /etc/bash.bashrc and check for primary group id ?
<axisys> add it ^
<axisys> all have default shell bash
<escott> axisys, ~/audit/bin may not exist for every user
<axisys> ~audit/bin
<escott> axisys, what is ~audit/bin
<axisys> /home/audit/bin
<escott> axisys, no it is not. ~/audit/bin you have to have the slash
<axisys> 16:53:02 < axisys> what is best way to add ~audit/bin to the PATH of users in admin group?
<axisys> i want to have user audit's bin path available in the admin group's PATH
<escott> axisys, if you have some user named "audit" it would be better to put that in /usr/local/audit/bin not /home/audit/bin
<escott> axisys, it is very strange for a user to be running an executable in another users $HOME
<escott> axisys, and ~ is completely inappropriate for that. ~ expands (when followed by a slash to $HOME)
<axisys> ok, then how to have /usr/local/audit/bin path available in the admin group's PATH
<escott> axisys, adding an export PATH= directive to /etc/bash.bashrc is a good way to do that
<axisys> escott: i want only users who are in admin group to have that in their path.. not for all
<escott> axisys, so you can test if the output to groups contains admin
<escott> axisys, also check for sudo because 12.10 uses sudo not "admin"
<axisys> so if a user is part of admin group, his/her $PATH will have /usr/local/audit/bin in the list
<axisys> so if a user is part of "foo" group, his/her $PATH will have /usr/local/audit/bin in the list
<axisys> i guess i can chmod to "foo" group.. so if you are in that group *only* then you can run the bin/script
<escott> axisys, there is something like that in bash.bashrc already "# sudo hint
<escott> if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] ; then
<escott>     case " $(groups) " in *\ admin\ *)"
<axisys> escott: sweet! thanks a lot
<LeChacal> hello, i have manged to muck up my partion table to the point that gdisk and fdisk neither want to do anything, what can I do to get it strait. My end goal is to have the drive reformated with GPT and NTFS
<lifeless> LeChacal: if you don't care about the disk contents
<lifeless> LeChacal: dd if=/dev/zero of=/dev/sdXXX count=100 bs=65534
<LeChacal> lifeless: i have already backedup the stuff i care about,  i should mention this is an 8TB hardware RAID 6 array so I don't want to dd the whole thing
<lifeless> will write zeros over the partition table
<lifeless> LeChacal: if its md-raid then you'd want of=/dev/mdX
<LeChacal> lifeless: its an LSI (Dell PERC) card so ubuntu see the array at /dev/sda
<lifeless> righto
<escott> LeChacal, how does gdisk describe the partition tables
<LeChacal> lifeless: thank you, that was quick and easy, i thought i was going to have to do the hole array
<lifeless> anytime
<bonez2046> if I want my linux server to act as samba, file and print server, would the server version work best or could the desktop version suffice?
<Patrickdk> bonez2046, no difference
<tonyyarusso> bonez2046: It's just a question of what packages you install.  It's the same OS.
<escott> bonez2046, if all it is is a samba server then start with ubuntu-server
<bonez2046> escott: it's one box, not critcal...so I'll load the server version
#ubuntu-server 2013-11-25
<gdos> how can i configure leafnode for a local network (or ssh tunnels)? i do not want to subscribe to the 'BIG 8' news groups...just create my own.
<shauno> you might just want inn2 or equivalent for that.  transient mirrors of upstream servers is kinda leafnode's job description
<knoxy> Hi all... When I try to upgrade to kernel 3.2.0-56 I get this message http://paste.ubuntu.com/6470615/ Where I get these libraries?
<knoxy> bekks: Ubuntu 12.04
<knoxy> Ubuntu Server 12.04
<knoxy> I honestly do not know what to do, I found nothing by Google.
<knoxy> I'm afraid to restart the server because it is dedicated.
<pmatulis> knoxy: capture and pastebin all output from 'sudo apt-get update; <the command that produced the output in your last pastebin, include the '-V' option>'
<knoxy> http://paste.ubuntu.com/6471484/
<knoxy> http://paste.ubuntu.com/6471486/
<knoxy> the datacenter where is this server recommended me to remove old kernels and I did it.
<knoxy> even though I know it would not, I did.
<pmatulis> knoxy: how did you do it?
<knoxy> http://paste.ubuntu.com/6471487/
<knoxy> the result: http://paste.ubuntu.com/6471495/
<knoxy> BUT, the problem is: libraries fault... I need lib__mdma.so.1 and lib__mdmacrypt.so
<knoxy> and do not know where to find
<pmatulis> knoxy: you system was in a weird state prior to removing the first kernel
<pmatulis> *your
<pmatulis> you should not see this:
<pmatulis> The following partially installed packages will be configured:
<pmatulis>   initramfs-tools
<knoxy> I do not know exactly how it started.
<pmatulis> knoxy: i suggest you look at previous apt management.  look here: /var/log/apt/{history.lgo,term.log}
<knoxy> I need help to solve this problem, do not know what to do, honestly.
<knoxy> pmatulis: http://paste.ubuntu.com/6471517/
<knoxy> E: /usr/share/initramfs-tools/hooks/fixrtc failed with return 1. is part of failure, I solve this with chmod -x /usr/share/initramfs-tools/hooks/fixrtc, but my problema (library fault) is not solved
<pmatulis> knoxy: so you've been administering this system for a while?
<knoxy> pmatulis: yes...
<pmatulis> knoxy: my precise server does not have any of those libraries your system is complaining about
<pmatulis> knoxy: besides my earlier suggestion of looking in the logs for the *first* problem of such an issue, you can research what those libraries are for
<knoxy> pmatulis: This server had a problem in MySQL, but it was simple in the configuration file my.cnf missing a setting. I solve this past week and in the meantime came the problem with initramfs. This problem came with some aptitude dist-upgrade.
<knoxy> pmatulis: I have tried to search and find nothing
<pmatulis> knoxy: find the logs of the first appearance of the issue.  dist-upgrade will be there
<pmatulis> knoxy: also pastebin the output to 'sudo apt-get update' like i said before
<pmatulis> fwiw, http://paste.ubuntu.com/6471568/
<knoxy> pmatulis: http://paste.ubuntu.com/6471571/
<pmatulis> knoxy: these repositories might be part of the problem:
<pmatulis> repo.percona.com
<pmatulis> repos.zend.com
<knoxy> pmatulis: http://paste.ubuntu.com/6471581/
<pmatulis> knoxy: well, the files are there.  permissions?
<knoxy> pmatulis: I'm crazy? with `ls` I cant see the files...
<knoxy> pmatulis: with ls /lib/lib* I can see
<knoxy> pmatulis: look http://paste.ubuntu.com/6471602/
<gdos> shauno: cant leafnode be used on an intra-net or localhost ?
<knoxy> pmatulis: ?
<pmatulis> knoxy: output to 'sudo stat /lib/lib__mdma.so.1' ?
<knoxy> http://paste.ubuntu.com/6471625/
<pmatulis> knoxy: it's as if the system thinks these 2 files are broken symbolic links
<knoxy> pmatulis: exactly
<knoxy> pmatulis: you have these files?
<pmatulis> knoxy: i already said no
<pmatulis> knoxy: i wonder if moving them away (in your home directory say) and then copying them back will help
<knoxy> pmatulis: i'll try
<knoxy> pmatulis: mv: cannot move `lib__mdma.so.1' to `/home/lib__mdma.so.1': Operation not permitted
<knoxy> pmatulis: is there something wrong with these files... I dont know where I get that
<pmatulis> knoxy: output to 'dpkg -S /lib/lib__mdma.so.1' ?
<knoxy> what package have these files...
<knoxy> dpkg: error while loading shared libraries: lib__mdmacrypt.so: cannot open shared object file: No such file or directory
<knoxy> pmatulis: omg, look http://paste.ubuntu.com/6471662/
<pmatulis> knoxy: can you try in another directory?
<knoxy> pmatulis: http://paste.ubuntu.com/6471669/
<knoxy> pmatulis:
<knoxy> root@srv01:~# ps aux ps: error while loading shared libraries: lib__mdmacrypt.so: cannot open shared object file: No such file or directory
<knoxy> omg man...
<knoxy> im fucked
<pmatulis> knoxy: is there some encryption on this system?
<knoxy> pmatulis: no
<knoxy> pmatulis: no command works
<pmatulis> knoxy: the lib_mdma is not in any official ubuntu archive.  must be from the 2 i mentioned above
<pmatulis> the string 'lib__mdma' i mean
<knoxy> pmatulis: I lost my system?
<pmatulis> apparently, and strangely, that file you attempted to move is essential to the basic functioning of your system
<pmatulis> but it's hard to believe
<pmatulis> since it's not on a standard ubuntu server, and i did google searches and nothing turns up
<knoxy> pmatulis: you saw, did not do anything wrong, it was working and now has stopped. If I restart the machine it will not come back?
<pmatulis> knoxy: what is this system responsible for anyway?
<pmatulis> knoxy: pm me if you want
<Semor> How could I know the maxsize of heap in memory ?
<Semor> How could I know the maxsize of heap in memory ?
<saad__> Hi I'm trying to install gcc on Ubuntu 10.04 and I get the following error
<saad__> http://paste.ubuntu.com/6472447/
<saad__> anyone?
<saad__> Help trouble installing gcc on Ubuntu 10.04 http://paste.ubuntu.com/6472447/
<saad__> after trying sudo apt-get install -f http://paste.ubuntu.com/6472465/
<saad__> Help anyone trouble installing gcc on Ubuntu 10.04 Server http://paste.ubuntu.com/6472447/
<saad__> HELP trouble installing gcc on Ubuntu 10.04 Server http://paste.ubuntu.com/6472447/
<babinlonston> Hi , i have a server which was installed with post-fix mail server in VPS, now i can send mail from VPS to any emails, and even i can send mails from any email to vps too, is it possible to use this post-fix to send and receive mails from any other vps which holding applications without installing or configuring post-fix in that vps ?
<saad__> Help error installing gcc http://paste.ubuntu.com/6472691/
<babinlonston> Hi all , I'm Using Ubuntu 12.04 server and While access some webpage which was hosted in my VPS some time not opens and its shows some error as apache version and Ubuntu, I don't want to show that my server is using apache and Ubuntu as my operating system , how can i remove it ? Please Guide
<Rory> babinlonston: See the Apache docs on custom error pages http://httpd.apache.org/docs/2.2/custom-error.html
<rbasak> lifeless: the lxc task in that bug exists because I experienced the same issue in a Debian container that has yet to have its DHCP client patched. I think that fits closer to the case you're describing. But if you want to split those cases off into a separate bug, then fair enough. They're certainly closely linked and should refer to one another.
<jamespage> psivaa, where do I find the utah smoke tests again? going to convert the floodlight test into a DEP-8 test instead
<psivaa> jamespage:  lp:ubuntu-test-cases/server is the branch if that's what you're looking for
<jamespage> psivaa, thanks
<jamespage> psivaa, https://code.launchpad.net/~james-page/ubuntu-test-cases/server-drop-floodlight/+merge/196511
<psivaa> jamespage: ok, I see this DEP-8 tests are not run in smoke, but that's intended and you're running it somewhere else?
<jamespage> psivaa, yes - they will get run when its reverse-deps change or when its uploaded to distro
<jamespage> so its pre-entry rather than post entry if that makes sense
<psivaa> jamespage: ack, i think i understand :)
<jamespage> rbasak, any thoughts on how much effort its going to be to enable mongodb on arm64?
<rbasak> jamespage: I've not looked yet, but it's on my list. I don't think it'll be that hard - just need to patch atomic intrinsics in for everything.
<jamespage> rbasak, good
<jamespage> (I'll assign the work item to you then :-))
<rbasak> Sure
<jamespage> rbasak, I think the jump for v8 should be quite minimal as well
<jamespage> *think*
<rbasak> I'm not so sure about v8, but I've never touched that code base. Does it use LLVM or something else?
<jamespage> rbasak, no - its gcc - scons build system like mongodb
<jamespage> rbasak, I'm looking at it specifcally for this forked juju-mongodb package that we agreed with the security team so that we might actually get juju into main
<jamespage> (as I have to use the embedded v8 source - which has arm build disabled right now :-()
<rbasak> jamespage: what does it use for the JIT bits? Does it even have JIT bits? I assumed it did.
<jamespage> no idea
<jamespage> it does lots of asm bits
<rbasak> That's the tricky part.
<rbasak> Note that armv8 is a completely different ISA from armv7.
<jamespage> rbasak, I'm really hoping it uses gcc abstractions
<jamespage> but I suspect that is a vain hope
<rbasak> I'm not sure that's really possible for a JIT.
<rbasak> The best available abstraction that I know of is LLVM IR.
<jamespage> no - I thought not
<jamespage> no gcc primitives use that is
<jamespage> rbasak, great
<jamespage> rbasak, arrrggh - mongodb strips out all of the arm specific source as well
<jamespage> ....
<jamespage> rbasak, fwiw we are back in sync with Debian for mongodb
<jamespage> new maintainer (gcs) was been picking up everything I've been sending them
<jamespage> them/to Debian
<rbasak> Cool
<rbasak> jamespage: it sounds like I should take this on and figure out what it'll take to make the whole thing go.
<rbasak> jamespage: I don't mind doing that - just need gaughen to prioritise me.
<jamespage> rbasak, OK - I'll ping her about this
<jamespage> feels important
<Shockwave> hi people
<Shockwave> how are you!
<Shockwave> I need to make a career with ubuntu server
<Shockwave> what are the recommendations
<Rory> Shockwave: Experience
<Shockwave> Rory: yes x example, study full asterisk o better sql ,
<Rory> Shockwave: Just use Ubuntu at your current place if you have the option to for new boxes. Or configure a home server with ubuntu
<Shockwave> i want do a profesional in ubuntu server
<Shockwave> for the job
<Rory> ok...
<Rory> Learn about Linux system administration
<Rory> Apply for a Linux system administrator job
<Rory> profit
<patdk-wk> profit == working lots of unpayed overtime?
<Rory> lmao patdk-wk sounds about right
<Shockwave> Rory:  thanks!
<Shockwave> <(
<Shockwave> <)
<Rory> Shockwave: Honestly the best thing is to just use Linux a lot, and then being an admin will just be the obvious career move
<Rory> Shockwave: Try joining #reddit-sysadmin - not an Ubuntu-affiliated channel, and the language is potentially NSFW
<Rory> Shockwave: But they will probably answer your questions about the career
<Shockwave> Rory:  ok perfect
<Shockwave> thanks
<Raboo> i'm having a insane problem
<Raboo> i've setup nfs server
<Raboo> and mounting it as rw
<Raboo> as root, i still can't create files
<Raboo> no permission
<Raboo> what can possibly be wrong? it's exported as 10.0.0.0/8(rw,sync,no_subtree_check)
<patdk-wk> root_squash :)
<zul> jamespage:  quick review please https://code.launchpad.net/~zulcss/python-ceilometerclient/1.0.6/+merge/196548
<soahccc> Any idea how I managed it to have libmysqlclient15off on one server but not the other? http://files.sven.bmonkeys.net/images/___ssh_20131125_161422.png
<soahccc> Ahh nvm I've installed it manually
<mregg> Hi - We just updated our 10.04.4 server with the latest security updates, and since then, Postfix no longer sends nor receives emails. Everything is queue with "Connection timed out" error. It was working perfectly up until then. What can we do?
<zul> hallyn_/jamespage: im just looking at the libvirt python bindings split, they are calling the tarball libvirt-python should we call it python-libvirt?
<jamespage> zul, I reckon so
<hallyn_> zul: that seems more traditional to me.  (i.e. we have python-lxc0
<jamespage> but we can deal with that in the packaging
<zul> this is going to suck
<danley> Hi. I'm having a small atom machine (nothing but board, HDDs and Ethernet) with 12.04 LTS Server. I'm sending it into S3/Suspend. But it wakes up after a random time by itself. No USB-Devices connected. ethtool says eth0 only reacts to the magic packet (g). so I'm a bit clueless to why it is waking up... is there any way to get that information from the kernel?
<hitsujiTMO> danley: are you running X on the machine?
<danley> hitsujiTMO, no. at least not that I know of.
<danley> hitsujiTMO, no. at least not that I know of. I am running NFS, though
<danley> as in I export NFS shares. also samba, mysql and apache...
<danley> I think the only other process that is running and not standard is screen.
<danley> uhm, sorry. if anybody replied to my question since 19:17... looks like my bouncer had disabled the buffer so could you please repeat?
<sarnold> danley: sorry, there were no furthre responses in that time
<billy_ran_away> Why does my 2 disk RAID 1 device have no identity information? mdadm: ARRAY line /dev/md0 has no identity information.
<billy_ran_away> http://pastie.org/8508004
<sdvhbhszo8yhwtu>   YOU MAY BE WATCHED
<sdvhbhszo8yhwtu> WARNING       WARNING      WARNING,                       WARNING
<sdvhbhszo8yhwtu> WARNING             WARNING              WARNING,     WARNING         WARNING
<sdvhbhszo8yhwtu>  YOU MAYWATCHED
<sdvhbhszo8yhwtu> YOU MAY BE WATCHED
<sdvhbhszo8yhwtu>   YOU MAY BE WATCHED
<sdvhbhszo8yhwtu> WARNING       WARNING      WARNING,                       WARNING
<sdvhbhszo8yhwtu> WARNING             WARNING              WARNING,     WARNING         WARNING
<sdvhbhszo8yhwtu>  YOU MAYWATCHED
<sdvhbhszo8yhwtu> YOU MAY BE WATCHED
<sdvhbhszo8yhwtu>    YOU MAY BE WATCHED
<sarnold> thanks genii :) may need a +b too..
<genii> sarnold: If they return, I'll +b
<sdvhbhszo8yhwtu>   YOU MAY BE WATCHED
<sdvhbhszo8yhwtu> WARNING       WARNING      WARNING,                       WARNING
<sdvhbhszo8yhwtu> WARNING             WARNING              WARNING,     WARNING         WARNING
<sdvhbhszo8yhwtu>  YOU MAYWATCHED
<sdvhbhszo8yhwtu> YOU MAY BE WATCHED
<blkperl> genii:
<Arrick> hey all, if I want this to run every 15 minutes, what would be the syntax in crontab on 12.04 to schedule it?
<Arrick> sudo -u www-data php /www/mwtraining/auth/ldap/cli/sync_users.php
<zul> adam_g:  https://code.launchpad.net/~zulcss/ceilometer/icehouse-ftbfs/+merge/196617
<blkperl> 0,15,30,45 * * * * sudo -u www-data php /www/mwtraining/auth/ldap/cli/sync_users.php
<blkperl> Arrick: ^
<Arrick> thank you.
<sarnold> better would be to put that into /etc/cron.d/<something>   and use the native syntax for running a command as a user..
<sarnold> 0,15,30,45 * * * * www-data /usr/bin/php /www/mwtraining/auth/ldap/cli/sync_users.php
<sarnold> (I always give full pathnames in cron entries, path problems in cronjobs are miserable to debug.)
<Arrick> */15 * * * * /usr/bin/php /
<Arrick> yeah
<Arrick> ok, so if I put it into say /etc/cron.d/syncusers and put what you said in there sarnold, how do I test it and make sure it runs?
<sarnold> Arrick: wait 15 minutes? :)
<Arrick> yeah
<Arrick> would it be */15?
<sarnold> Arrick: you should see some PAM activity for the user in the logs somewhere..
<sarnold> */15 should also work, I forgot the new syntax. hehe.
<Arrick> ok
<adam_g> zul, typo in changelog
<zul> shazbutt
<Arrick> sarnold, where would I look for PAM activity at?
<Arrick> which logs?
<zul> adam_g:  fixed
<makara> hi. Is ports.conf in Apache2 new? Because I don't see people talking about it in 2010 when I would expect
<smoser> rharper, very unscientific
<smoser> but http://paste.ubuntu.com/6475987/
<smoser> i consistently see the non-eat-my-data 'apt-get' (line 8) taking real time 8 seconds compared to 7.
<smoser> as i said. very unscientific.
<rharper> smoser: the interesting test is if it scales based on the number of dpk installs
<rharper> smoser: I would expect that it should as it should be eliminating the sync/flush overhead at the end of each dpkg install.
<smoser> dpkg is more fsync happy than just at the end of each install
<rharper> even better then
<rharper> and it should be evident, but it'll depend on the underlying filesystem's behavoir with fsync, and the block devices as well.
<Beatstreet> during install I keep getting an error during partioning
<Beatstreet> http://i39.tinypic.com/71jlu0.jpg
<smoser> rharper, 12.04 running on azure (painfully slow disk).
<smoser> http://paste.ubuntu.com/6476081/
<smoser> the large delta in 'real'  and small deltas in 'user' and 'sys' show (me at least) that this is all IO.
<smoser> utlemming, ^ random unscientific data.
<utlemming> smoser: this is inline with the sort of thing that we have seen
<smoser> yeah, but previously i'd never used 'sync' at the end.
<smoser> which is necessary if you actually want to "finish" this install
<rharper> smoser: 12.04 defaults to ext4? and data=ordered ?
<rharper> or the cloud-image, whatever the os image is
<utlemming> rharper: cloud image takes the default -- in 12.04 it is data=ordered
<smoser> ext4 yes.
<rharper> it certainly seems like a win where we don';t have control over how the hardware/cloud/storage is configured
<smoser> hallyn_ or stgraber, do you have a guide to run a gui app in an lxc container ?
<smoser> i think ideally one with sound too.
<stgraber> smoser: I don't have a guide, though you could look at the source of steam-lxc for how to do that.
<stgraber> smoser: typically that's done by telling pulseaudio to bind to a unix socket, bind-mount that into the container and set PULSE_SERVER accordingly in the container
<stgraber> smoser: for X, it's similar, you bind-mount the X socket and /dev/dri
<hallyn_> i also want to get to where we can start X over spice in a container, but Xspice was having stability issues last i tried
<smoser> hallyn_, stgraber thanks.
<TheLordOfTime> does /var/www even exist in Ubuntu default installs?
<TheLordOfTime> (asking because unrelated to actual problems, more of a "building knowledge" thing)
#ubuntu-server 2013-11-26
<Beatstreet> http://i39.tinypic.com/71jlu0.jpg
<Beatstreet> during install I keep getting an error during partioning
<babinlonston> Hi , all  I ahve Fijutsu Primergy MX130 S2 Micro Server , I want to install Ubuntu 12.04 server edition in it and Need to Install Guest operating systems in it , is it possible to manage graphically if i install KVM in it ?
<eagles0513875_> hey guys
<eagles0513875_> i am on 12.04 on my servers and i am getting the following apache error [Tue Nov 26 06:13:19 2013] [error] Init: Multiple RSA server certificates not allowed
<eagles0513875_> this only started yesterday. thing is i only have one certificate from a CA and the other is self signed could that be causing the issue?
<syria> Hi , How can I configure ubuntu server 10.04 LTS to autostart VMs please?
<syria> Hi , How can I configure ubuntu server 10.04 LTS to autostart VMs please?
<kwoot> This is dryving me nuts. I am a newbie to vmbuilder but everytime I get an error: Failure trying to run: chroot /tmp/tmpJtt3HY mount -t proc proc /proc. What am I missing here?
<kwoot> My commandline says: sudo vmbuilder kvm ubuntu \
<kwoot>                   --verbose \
<kwoot>                   --suite precise \
<kwoot>                   --flavour virtual \
<kwoot>                   --hostname testvm1204 \
<kwoot>                   --mem 1024 \
<kwoot>                   --user jeroen \
<kwoot>                   --pass iwdi2hw \
<kwoot>                   --mirror http://nl.archive.ubuntu.com/ubuntu/  \
<kwoot>                   --iso /md0/home/jeroen/Downloads/ubuntu-12.04-desktop-amd64.iso     \
<kwoot>                   --timezone CET \
<kwoot>                   --addpkg acpid \
<kwoot>                   --addpkg vim \
<kwoot>                   --addpkg openssh-server \
<Rory> yeah kwoot don't do that
<Rory> !paste
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Raboo> patdk-wk yes, you where correct root_squash
<kwoot> Sorry about that. Will do next time. But, a hint as to why this does not work would still be appreciated.
<kwoot> Ok. So specifying an ISO image is the source of the mahem. Right.
<zul> roaksoax:  ping
<roaksoax> zul pong
<zul> roaksoax:  can you do a quick review for me?
<roaksoax> yup
<zul> https://code.launchpad.net/~zulcss/python-heatclient/icehouse-ftbfs/+merge/196722
<jamespage> zul, nice work on getting the icehouse builds up and running
<jamespage> I see lots of blue now!
<zul> jamespage:  no worries...nova is still stumping me though
<blueking> hello
 * genii slides blueking a mug of coffee
<blueking> thinking about to use ubuntu-server on my new box that should be used as router + some server stuff
<blueking> does ubuntu support latest intel hardware on nic side ?
<blueking> I210AT I350 and so on ?
 * blueking havn't tasted coffee for 30 years
 * blueking blinks at  genii 
<genii> blueking: It's just my custom to be the maker or bringer of virtual coffee :)
<blueking> doesn't sound delicious :P
<blueking> I am thinking on skip sphirewall/debian due it seems impossibly to get NAT to work :/
<blueking> so thinking about  ubuntu server
<genii> blueking: The page at https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=13663 leads me to believe that Linux drivers are available for the I350
<genii> ( and the igb driver referenced there is present on my system here which is 13.10 )
<blueking> on sphirewall/debian I had to make install of driver myself.. had to put in pci-e ethernet card to get os installed  then  install driver for onboard nic     and not sure if that caused some problem with routing  setup
<blueking> genii:  looks good
<blueking> I need extra stuff to turn ubuntu server  into router box ?
<blueking> maybe thinking about BGP  and quagga  but might be overkill for  local network at home/house
<blueking> *twiddles thumbs*
<blueking> genii:  what u think about using ubuntu server as router ?
<blueking> genii  and I might have some extra stuff on it like rtorrent/rutorrent  samba
<genii> blueking: I would probably instead have a dedicated appliance running OpemWRT, myself
<blueking> genii:  on pc hardware ?
<blueking> genii: http://www.supermicro.nl/products/motherboard/Xeon/C220/X10SLM_-F.cfm
<blueking> intel xeon E3 1230L
<blueking> and 16GB ecc udimm
<blueking> genii:   that hardware ar bought for beeing used as router
<genii> blueking: Well, if that's what it's purpose is supposed to be from the start, and it's also going to run additional services, then Ubuntu Server is not a bad choice.
<blueking> ok :)
<genii> Apologies on lag, work requires me to often be away from my computer.
<blueking> nods  not in hurry
<blueking> became father last wednesday :)
<blueking> beeing home from work 2 weeks after birth
<genii> blueking: So you need also a small side project like this to keep you busy? ;)
<blueking> genii:  have been trying to finish this project for more than a week but seems sphirewall/debian wasn't solution  :/
<blueking> just using iptables on ubuntu to setup router/nat ?
<blueking> or install some stuff to do nat stuff <?
<genii> blueking: There is a somewhat simplified tutorial here: http://www.yourownlinux.com/2013/07/how-to-configure-ubuntu-as-router.html
<blueking> seems to be a good one :)
<blueking> genii:  u know abouthing about BGP ?
<blueking> border gateway protocol
<patdk-wk> only ebgp v4
<blueking> patdk-wk:  was that about  BGP ?
<danley> blueking, I don't think you need BGP. how many routers do you have in your local network ?
<patdk-wk> bgp has nothing to do with how many routers you have
<patdk-wk> but I wonder, what exactly will this be talking to on a home network
<jamespage> zul, hallyn_: I'm trying to resync ipxe as much as possible from Debian
<jamespage> how does qemu pickup roms these days?  the ipxe-qemu package currently installs them to /usr/share/qemu
<jamespage> but thats not done in debian - everything just gets chucked in /usr/lib/ipxe/qemu
<zul> jamespage:  hallyn_ was the last one to touch qemu
<hallyn_> jamespage: ipxe-qemu is depended upon by qemu, that's how qemu gets them...
<jamespage> hallyn_, yeah - I see the package dependency
<hallyn_> jamespage: I'm not attached to how it currently is, feel free to change it
<jamespage> hallyn_, this is what was confusing me - http://paste.ubuntu.com/6479931/
<jamespage> the links to lib/ipxe come from qemu-system-x86
<hallyn_> jamespage: if those didn't include pcnet32 i'd say they were just less commonly used and you just install all of ipxe to get them.
<jamespage> hallyn_, looking up to Debian
<jamespage> http://anonscm.debian.org/gitweb/?p=pkg-qemu/qemu.git;a=blob;f=debian/qemu-system-x86.links;h=3be443dbd5f1dc4bb73494d261bbbd905b9e9ab8;hb=HEAD
<hallyn_> jamespage: ok.  haven't merged this month i guess
<hallyn_> i'm still looking for time to finish looking at the arm64 patches infinity wanted
<hallyn_> and somebody's bugging us to do our tps reports this week :)
<jamespage> hallyn_, I'm wondering whether we should put symlinks in /usr/share/qemu from the qemu packages only
<jamespage> but for now I'll leave compat links in so we don't break anything
<hallyn_> jamespage: the ../../lib/ipxe/ns8390.rom link should just be dropped, nothing like it seems to exist in ipxe
<hallyn_> jamespage: I dno't know.  1.0.0+git-2.149b50-1ubuntu3 is where I reversed the links.  Something broke when I didn't, but that's all I remember.
<jamespage> hallyn_, yeah - you would have had an install failure
<hallyn_> jamespage: I would've?
<jamespage> qemu-system-x86 trying to overwrite files from ipxe-qemu
<hallyn_> ipxe-qemudidn't yet exist did it?
<blueking> danley:   just one router + two asus wifi routers set in AP mode
<blueking> patdk-wk:   ethernet (fiber modem) - router  -  24 port managed gbit switch
<blueking> router = linux on pc
<patdk-wk> so why do you think you need to run any kind of router?
<blueking> gave up using asus rt n66u as router  beeing not stable  net dropping out several times a day
<patdk-wk> you just need 1 firewall
<patdk-wk> those are not routers, those are firewalls
<blueking> firewall + nat
<patdk-wk> firewall + nat != router
<patdk-wk> nat is a firewall function
<blueking> ok
<patdk-wk> if there was no nat at all, I would be willing to say router
<blueking> router =  dhcpd server giving IP to each device connected on local net ?
<patdk-wk> cause it would route
<patdk-wk> no
<patdk-wk> cause it's not routing anything, it's replacing
<blueking> what you recommend me to do ?
<patdk-wk> you don't need bgp
<patdk-wk> you don't need quagga
<blueking> ok
<patdk-wk> you just need a basic iptables + dhcp + dns
<patdk-wk> personally, I perfer to use shorewall for my firewall/nat config
<patdk-wk> then configure a dhcp server
<patdk-wk> then optionally a dns server
<patdk-wk> and your good
<blueking> shorewall  are ?
<patdk-wk> shorewall is a program that manages iptables (firewall, nat, )
<blueking> some guys mentioned that firewall  should be at .. uhm there are diff security levels  if have linux  and then software to ake firewall but then  base of linux are not secured from attack ?
<patdk-wk> base of linux?
<patdk-wk> I thought you where worried about setting up a home network
<patdk-wk> now your interesting in securing a shell server?
<blueking> should block all  from ethernet all ports open on inside/local net
<patdk-wk> well, that isn't very secure
<patdk-wk> block all from everything
<patdk-wk> better yet, unplug it, then it's secure
<blueking> :)
<blueking> ubuntu server  , shorewall,  dhcp server, dns server is what I need
<blueking> firewall  ?
<blueking> ubuntu server  , shorewall,  dhcp server, dns server is what I need
<blueking> patdk-wk:  no need for firewall u say or I have to install that too  or are it within ubuntu server ?
<patdk-wk> did you bother to read anything I said?
<patdk-wk> shorewall configures the firewall+nat
<blueking> ah missed that part :/
<blueking> sorry
<blueking> I'll give it a try
<blueking> wish me good luck :)
<zul> adam_g:  https://code.launchpad.net/~zulcss/nova/icehouse-ftbfs/+merge/196763
<TheLordOfTime> oh god the pebkac... has anyone else here noticed that there's an overabundance of people who use the default document root as configured in a site's config for web servers, rather than more sanely making their own location for their site's doc root?
<TheLordOfTime> and then upgrades sometimes cause their code to die because they are using the default location and not a sane separate location?
<patdk-wk> never noticed :)
<patdk-wk> never had an upgrade break something like that
<patdk-wk> but then, I never let the upgrades overwrite my configs
<patdk-wk> and I always test the upgrade first
<TheLordOfTime> patdk-wk, apparently nginx 1.1.19 has done this, i'm testing 1.4.4
<TheLordOfTime> patdk-wk, https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1194074 makes me want to punch kittens...
<uvirtbot> Launchpad bug 1194074 in nginx "Default index.html blindly overwritten" [Undecided,Confirmed]
<patdk-wk> heh, not good
<TheLordOfTime> because i always am like "WHY ARE YOU USING THE DEFAULT DOCROOT AND NOT A MORE SANE LOCATION?!?!?"
<patdk-wk> that is why I stopped using rhel
<TheLordOfTime> Hell, I don't even use the default docroot
<TheLordOfTime> i use /home/MYUSER/html/sitespecificfolderhere
<patdk-wk> cause in /etc/httpd/conf.d I would delete files I didn't want, like welcome.conf and stuff
<TheLordOfTime> mhm
<patdk-wk> and on upgrades they woudl *come back to life*
<TheLordOfTime> right
<TheLordOfTime> patdk-wk, i'm going to try and replicate with 1.4.4 in Debian, if i can replicate it with that, i'm going to say "Hey, you guys fix it, and give me a patch" lol
<TheLordOfTime> CBA to rewrite their code today, especially since it's frigid cold here today
<patdk-wk> could just look at the package, fix it
<patdk-wk> and submit a patch
<TheLordOfTime> ... blehhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh stupid snow
<TheLordOfTime> brb, need to shovel the car out of the driveway
<Chocobo> Hi all.  I am using raring-lts kernel... I need to do some iptables loging but I notice ipt_LOG does not exist.  Any ideas?
<patdk-wk> xtables?
<patdk-wk> or ULOG
<Chocobo> patdk-wk: Hmm, never used them.  I will have to look into it.
<patdk-wk> ulog is ultraconfigurable compared to log
<patdk-wk> but I was just wondering if it was hiding in the xtables package
<Chocobo> patdk-wk: I do see ipt_ULOG.
<Chocobo> Hrmmm, so I installed ulogd but I don't seem to be getting anything in the logs.   I did "iptables -t raw -A OUTPUT -d <DEST-IP> -j ULOG"
<blueking> just a question-...  no guide on how to put ubuntu server iso on memory stick for installation ?
<patdk-wk> copy it?
<sarnold> blueking: dd if=/path/to/file.iso of=/path/to/usb/device   :)
<bitbyte> Good Evening, I'm having a little trouble setting up StrongSwan, Is anyone able to help me out ?
<blueking> sarnold:
<blueking> not in windows
<sarnold> blueking: oh. let me go looking for a bit..
<sarnold> blueking: http://sourceforge.net/projects/win32diskimager/
<blueking> unetbootin ?
<genii> I think either winimage or windd also
<sarnold> oh, unetbootin looks nice.
<patdk-wk> bitbyte, don't do it
<patdk-wk> use openswan, or libreswan
<bitbyte> patdk-wk Why not use StrongSwan ?
<patdk-wk> didn't it die a long long time ago
<bitbyte> The IPsec protocol seems the best and most secure option, StrongSwan seems to implement it well
<axisys> how to install openssh-server from precise into lucid?
<Chocobo> hrmm, it doesn't look like ipt_ULOG is working within a network namespace.
<axisys> cannot upgrade lucide to precise yet
<patdk-wk> oh, strongswan is still alive
<patdk-wk> dunno, openswan works good, and is easy to configure
<axisys> lucid*
<patdk-wk> axisys, you don't
<axisys> getting a security scan and asking to upgrade openssh
<axisys> I guess I can compile one and install that way for now
<bitbyte> patdk-wk The thing i'm having trouble with is the config. I'm not really too sure about the address ranges
<patdk-wk> axisys, learn about the security scan then
<axisys> patdk-wk: OpenSSH J-PAKE Session Key Retrieval Vulnerability
<patdk-wk> axisys, you sure?
<patdk-wk> axisys, what cve?
<sarnold> axisys: http://people.canonical.com/~ubuntu-security/cve/pkg/openssh.html
<bitbyte> patdk-wk This is what i have so far but I'm not sure about the IP's http://pastebin.com/VWj9DiXJ
<axisys> patdk-wk: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478
<uvirtbot> axisys: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478)
<bitbyte> The right and left subnets I'm not really sure if their set right
<sarnold> axisys: http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4478.html
<uvirtbot> sarnold: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478)
<bitbyte> Is the left subnet, the one which belongs to the servers internal network ?
<sarnold> axisys: "not enabled at compile time"  :)
<patdk-wk> so amazing
<patdk-wk> your vaunerable to something you don't have :)
<patdk-wk> love stupid security scans
<patdk-wk> all they do is check what version you have, and ASSUME you have issues
<axisys> patdk-wk: :-)
<patdk-wk> this drives up the scanners profits
<patdk-wk> cause it finds things you don't have
<patdk-wk> proving you need them
<axisys> sarnold: help respond to the scan then. what is not enabled?
<patdk-wk> yo udon't need to
<patdk-wk> just supply that link
<sarnold> I'd wager the clear majority of people just use their distribution-provided versions of nearly all their software -- making the tools worse-than-doing-nothing for nearly everybody
<sarnold> axisys: J-PAKE authentication support
<patdk-wk> I would scream at them myself
<patdk-wk> how the hell can I be vaunerable to j-pake when I don't support it
<axisys> patdk-wk: which link.. there were few flew by including mine
<patdk-wk> http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4478.html
<uvirtbot> patdk-wk: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478)
<axisys> should ldd /usr/sbin/sshd prove that j-pake is not enabled?
<patdk-wk> dunno
<patdk-wk> them testing if j-pake is enabled would prove it
<patdk-wk> the issue is, they didn't even bother
<axisys> patdk-wk, sarnold : thanks a lot, guys!
<sarnold> axisys: woot! have fun. :)
<axisys> guess dealing with mediocre security team ;-)
<axisys> at best
<sarnold> oww
<patdk-wk> they always are :)
<patdk-wk> just enough to prove they did something
<patdk-wk> without digging into doing real work
<qman__> yeah, anybody can click 'scan' in openvas and email you the pdf
<qman__> people wo actually do their jobs check to see whether the software is actually vulnerable
<qman__> my lucid servers get lit up for PHP vulnerabilities they don't have based on the version number all the time
<blueking> kernel to choose ?
<Level15> hi, all. question, i am running win2k under kvm + libvirtd. Network speed between host and guest is way too slow. I tried changing the nic type to virtio, but it seems newer virtio drivers for windows do not support win2k. Any hints?
<blueking> shorewall  are not included in ubunti pack ?
<genii> Not by default
<blueking> ok have to fetch it myself then
<genii> blueking: If you mean install it with apt-get, then yes :)
<blueking> ah same style as debian
<genii> Yep.
<blueking> what I need for rtorrent/rutorrent ? it uses scgi ?
<blueking> php5-cgi ?
<blueking> or php5-xmlrpc ?
<qman> Level15: sorry but you're probably SOL, windows 2000 hasn't been on anybody's radar in about 6 years
<jrwren> Level15: win2k is 13 yrs old. good luck. :(
<Level15> yeah... my friend has an ancient application that only runs on win2k and i'm just trying to give him a hand
<qman> that it's working at all is surprising to me
<sarnold> Level15: try fiddling around with several of the different NICs? my 'man qemu' reports 12 different nics, and while the ne2k_isa is unlikely to be best :) it can't hurt to try several of them..
<Level15> I thought virtio was the best... found some oldr virtio drivers but gave me poor performance as well
<adam_g> dweaver`, ping
<dweaver`> adam_g, hi
<sarnold> Level15: with newer guests, virtio probably would be best. but older guests might do better with standard, well-tested drivers, and forcing the emulator to be the funny one...
<adam_g> dweaver`, hey, taking a lookat https://bugs.launchpad.net/bugs/1242992, trying to reproduce with not much luick. exactly where are you hitting this?
<uvirtbot> Launchpad bug 1242992 in python-keystoneclient "Unable to autolaunch a dbus-daemon without a $DISPLAY for X11" [Undecided,Confirmed]
<Level15> sarnold: will try, thanks
<adam_g> dweaver`, i suspect the newly backported version of keyring from 12.10 is the culprit,but unable to reproduce with python-keystoneclient alone
<dweaver`> adam_g, I did a clean deployment of Havana in our demo lab using Juju, I can paste the bundle file for you if you like.
<adam_g> dweaver`, im more interested exactly what was failing and where
<dweaver`> adam_g, Oh, OK, when trying to use openstack-dashboard you get the error in the apache log file.
<adam_g> dweaver`, ah! okay
<adam_g> ill try that
<blueking> genii:  when doing apt-get  I  want to look through what that are available  to be downed/installed   how ?
<adam_g> dweaver`, hmph, still no luck
<sarnold> blueking: apt-get -u dist-upgrade
<dweaver`> adam_g, I don't know what to suggest, then. I can try and re-deploy and see if I get the error again on a  new clean deployment, but that might take a while to organise as we are working on other bits of the lab at the moment.
<genii> blueking: From command-line, usually something like: apt-cache search <something>
<adam_g> dweaver`, if you hit it again please capture some log output and traces
<blueking> ok
<genii> blueking: I recommend to run first however: sudo apt-get update
<blueking> i've done that at first
<blueking> shorewall   there are diff  versions out.. currently   my isp  uses IPv4  but soon they'll start use IPv6  what to use ?
<dweaver`> adam_g, which logs do you want, just the apache log?
<blueking> shorewall6 maybe ?
<adam_g> dweaver`, if that is the only place you're seeing any errors, yeah
<adam_g> dweaver`, im interested to know if manually using the keystone client from the problematic node gives the same results, like the original bug shows
<dweaver`> adam_g, Ok, I can try that too.
<blueking> genii:  atleast ubuntu server 13.10 found nic's without issue
<blueking> oh noes.. :/    sending reboot  command in shell   makes  pc shutdown and doesn't bring it up again,  howto make it restart without needing to push powerbutton ?
<sarnold> blueking: give it a minute, it might need to spend time on shutdown to flush swap, flush dirty pages to disk, go through a slow bios, wait five seconds at a grub prompt, then perhaps wait for a dhcp lease or something..
<blueking> sarnold:  powerled  extinguishes
<blueking> had same problem with suse too
<sarnold> blueking: try looking at the reboot= option in bootparam(7) -- you might need to fiddle with that. (I haven't seen a need to change it in a decade or more, but you never know..)
<blueking> sarnold:  what file/location to look at ?
<sarnold> blueking: man 7 bootparam
<jrwren> blueking: also maybe a bios settings.
<blueking> jrwren:   reboots fine with other lix distru than ubuntu and suse,
<axisys> sudo nm -D /usr/sbin/sshd | grep method shows jpake method is not compiled in
<blueking> just wonder  ubuntu server    i have nic interfaces  p2p1 and p3p1    where p2p1 are connected to ethernet and p3p1 are local net    diff subnets   p2p1 gets ip from dhcp  192.168.1.114    and then on p3p1  static  ip 192.168.2.1    netmask 255.255.255.0  then gateway on p3p1 should be ?
<patdk-lap> none!
<patdk-lap> it's a trick question :)
<blueking> looked at example  http://www.yourownlinux.com/2013/07/how-to-configure-ubuntu-as-router.html     can't be correct to have diff subnets on same local net ?
<blueking> patdk-lap:  ubuntu machine has eth0 and eth1   10.10.6.203 and 10.10.6.204     ubuntu eth0 - switch - hostA that has ip 192.168.1.8     diff subnet from eth0 10.10.6.203 ?    this example confused me :/
<patdk-lap> what confuses me is
<patdk-lap> how can people always fine the worse, most idiotic examples, that people post
<blueking> :)
<patdk-lap> http://www.shorewall.net/two-interface.htm
<blueking> patdk-lap:  hmm I installed shorewall6 I think
<Patrickdk> why?
<Patrickdk> does your isp support ipv6?
<Patrickdk> does all the websites you use support ipv6?
<Patrickdk> aren't you having enough issues dealing with ipv4 first?
<blueking> Patrickdk:  isp are soon going to use ipv6
<Patrickdk> not likely
<Patrickdk> they have been going to use ipv6 soon for years now
<Patrickdk> and they have made even more plans to not use it
<Patrickdk> thus the invention of CGN
<blueking> so easier use shorewall two interface
<Patrickdk> it's just as easy to use shorewall or shorewall6
<Patrickdk> but shorewall handles ipv4
<Patrickdk> and shoreall6 handles ipv6
<blueking> ok done purge of shorwall6
<blueking> a question when use 'init 6' shouldn't it reboot  computer and not powerdown whole box ?
<blueking> suse and ubuntu  shuts down whole box with reboot/init 6,   sphirewall/debian  it restarted without need to push powerbutton... are there any setting that cause this powerdown when I want to restart linux ?
<blueking> uhm   what does last number 24 in  ip  mean  ?  192.168.0.0/24
<sarnold> blueking: the number of bits in a netmask; /24 corresponds with 255.255.255.0.
<sarnold> blueking: http://en.wikipedia.org/wiki/CIDR_notation
<blueking> ok
<blueking> hmm I need to static ip on local net interface...
<sarnold> blueking: man 5 interfaces -- and don't forget to set aside some IPs for static use from your dhcp server :)
#ubuntu-server 2013-11-27
<vlad_starkov> Question: Just installed Ubuntu 12.04 LTS 64bit. On boot it freezes and shows "BUG: soft lockup - CPU stuck for 21s". Anyone know what is that?
<Patrickdk> standard, kindof
<vlad_starkov> Question: Does anyone know what the hell is that http://cl.ly/image/310g2D1K462E ? "BUG soft lockup - CPU#0 stuck..."
<sarnold> vlad_starkov: does it eventually progress to fully-booted?
<vlad_starkov> sarnold: no
<vlad_starkov> sarnold: I've installed Ubuntu 12.04 on Supermicro 6015B-TB with 2xXeons E5345 / 16GB RAM/ RAID 10 (4TB)
<vlad_starkov> The same error appears on 64bit and 32bit Ubuntu 12.04
<vlad_starkov> is it possible that 4Tb partition is too big for Ubuntu?
<vlad_starkov> Or 32Gb SWAP is too big?
<sarnold> vlad_starkov: 4TB ought to be fine.. 32 gigs ought to be fine (my laptop has 16 gigs without trouble anyway..)
<sarnold> oh drat..
<sarnold> vlad_starkov: 4TB ought to be fine.. 32 gigs ought to be fine (my laptop has 16 gigs without trouble anyway..)
<sarnold> (and the last limits I heard about on swap were removed back in 2.3.3...
<vlad_starkov> sarnold: so what is the cause of the problem?
<sarnold> vlad_starkov: I believe what it is reporting is that two CPUs have requested the same data structures, and perhaps #4 locks A and needs B, while #5 has locked B and needs A
<sarnold> vlad_starkov: one is executing modprobe, the other is executing upstart-udev-bridge, which -might- also be trying to load modules .. 'modprobe' might have been kicked off by the 'ufw' during boot
<vlad_starkov> sarnold: it could be that... at least it looks quite realistic
<vlad_starkov> sarnold: I use Ubuntu for a few years on the beginner-class servers, it's my first Ubuntu install on pretty powerful hardware and I got this
<sarnold> vlad_starkov: just as a dirty hack you might be able to add 'sleep 1' to the /etc/init/ufw or similar to try to get it to run in a different order...
<vlad_starkov> sarnold: how can I access the file system?
<vlad_starkov> It's encrypted RAID with LVM
<sarnold> vlad_starkov: you can try booting with maxcpus=1
<vlad_starkov> sarnold: not baf
<sarnold> vlad_starkov: or "nosmp". Though that might trigger other bugs...
<vlad_starkov> sarnold: where can I get full list of boot parameters?
<vlad_starkov> sarnold: what should I check in BIOS?
<sarnold> vlad_starkov: bootparam(7) has many; the linux kernel source file Documentation/kernel-parameters.txt has more
<sarnold> vlad_starkov: I wouldn't bother with bios options...
<vlad_starkov> sarnold: Am I right that I selected SATA enhanced AHCI in BIOS?
<sarnold> vlad_starkov: yes that should be good
<vlad_starkov> OK
<vlad_starkov> IN BIOS there are parameters like "Adjacent Cache Line Prefetch", "Hardware Prefetcher", "Execute Disable Bit", "Core-Multi-Processing" and so on
<sarnold> too many options :)
<vlad_starkov> sarnold: so I'll try to play with them
<vlad_starkov> sarnold: thank you for you help though
<sarnold> vlad_starkov: I doubt those specific options would be involved...
<Quest> what is PUT method besides GET and POST and how is it different. Is there a PULL method also?
<Quest> in http^
<sarnold> hey Quest :) PUT is like a file upload; POST can be used for forms and the like, but PUT is really only good for a single data value. I don't know if anyone uses it...
<Quest> sarnold I was in the image the POST is used for file uploads like multipart
<Quest> sarnold hi!
<Quest>  what are the use cases of PUT?
<Quest> is there a PULL too? i heard about it but didnt caught that in any docs.
<sarnold> Quest: PUT would probably be used in a file storage system similar to amazon's s3 or backblaze's http file storage thing
<sarnold> Quest: all the http 1.1 verbs are briefly described here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
<Quest> hm.
<Quest> thanks
<rbasak> Quest: also see: REST
<rbasak> jamespage: what do you think about bug 1245113? It's in main. SRU for Saucy absolutely needed or shouldn't be permitted?
<uvirtbot> Launchpad bug 1245113 in libapache2-mod-auth-pgsql "libapache2-mod-auth-pgsql is missing in 13.10 amd64" [Undecided,Fix released] https://launchpad.net/bugs/1245113
<vlad_starkov> Question: While installing Ubuntu, there is a step for installing additional software. In case I choose "Manual package selection" the aptitude will be launched. Is it possible to add repositories for aptitude to install some additional software?
<jamespage> rbasak, it might be permitted; its fairly self contained
<Quest> rbasak thx
<NaGeL> hello i got this problem: http://askubuntu.com/questions/382592/my-postfix-server-became-a-spam-server-how-can-i-fix-this and answer says nuke it, and start from 0. does that mean to reinstall the whole server?
<foo357> Hello, is anyone here familiar with creating disk images / restoring disks?
<foo357> When I create a disk image, can I save the resulting file to said disk? (I've got a one-disk machine)
<foo357> or would it cause some funny behaviour?
<rbasak> foo357: that would cause corruption. Don't do that if you want a good image.
<blueking> have problem with ethernet on ubuntu server... tho when I type  http://192.168.1.1 I can logon asus router but  can't enter  net   what to look at     installed shorewall on box, problem are that I can't  use apt-get update/install
<jamespage> smoser, rbasak, adam_g, roaksoax, zul, yolanda, hallyn_ +anyone else: initial review of seeds for trusty - http://pad.ubuntu.com/server-seed-review
<foo357> rbasak: the harddrive I want to create a disk image of is encrypted (using the options in the ubuntu installation disc), will encryption be preserved in the disk image?
<TazmainianDevil> hi all I am running ubuntu server 12.04. I am running a media wiki on it. When i open the page from the server it renders fine. When I open it from another computer the whole left side of the page is missing?
<blueking> think I found  what my problem are   ip route ls  shows  'default via 192.168.2.1  dev p3p1'   but  device that are connected to net are p2p1
<blueking> can someone tell me if there should be more than one IP in shorewall masq file ?
<blueking> what dhcp server to go for ?
<blueking> could someone tell me what makes network interface to be primary secondary  in /etc/network/interface file ?
<blueking> lwhat I do when apt-get upgrade  and gets this initctl: unknown job: mysql ?
<blueking> bleh   ubuntu server install was fucked up had to perform reinstallation of it \o/
<Rory> 3/buffer close
<blueking> I have a question about  shorewall /etc/shorewall/interfaces  :     If I am right   device p2p1  connects to net, device p3p1 are local net     I have to  install dhpc  server to give connected units on localnet  their IP's    and then I have to setup dhcp server   but do I need to do something with /etc/network/interfaces ?
<zul> jamespage:  i dont even know why backuppc is seeded
<zul> jamespage:  well i know why but its a dumb reason
<jamespage> zul, that sounds like +1 to me
<zul> jamespage:  it is
<zul> jamespage:  cinder uses a fork of rtslib
<hallyn_> jamespage: is that saying wireless-tools and wpasupplicant are in there now?
<hallyn_> i suppose i could see that being an inconvenience (bugged me frequently in lucid), but mainly for developers.
<hallyn_> though i have some headless servers that run wireless, and they're becoming more populear - but so far they all still including a wired nic.
<jamespage> zul, that should be converged now I think
<jamespage> the licensing issue was resolved in the original project
<jamespage> hallyn_, yes - wireless tools and wpas are on the ISO right now
<zul> jamespage:  ah so it is
<Darkstar1> hello all. How do I find out my hard and soft limits for my server (12.04)
<jrwren> type ulimit -a
<jrwren> and ulimit -aH for hard
<Darkstar1> jrwren: thanks
<jamespage> zul, subunit seems a little stuffed in trust
<jamespage> y
<zul> jamespage:  broken?
<jamespage>   File "/usr/bin/subunit2pyunit", line 24, in <module>
<jamespage>     from testtools import StreamToExtendedDecorator, DecorateTestCaseResult, StreamResultRouter
<jamespage> zul, the scripts have python3.3 but the package depends on python2 libraries
<zul> erm...ok ill have a look at it
<jamespage> zul, noticed when I was patching up neutron
<zul> ack
<jamespage> (needed a refresh of patches only so pushed as a trivial)
<jamespage> zul, (un)fortunately it has a || true
<zul> jamespage:  yeah the nova tests in trusty has the same (im not sure whats happening with the database in the tests)
<jamespage> zul, let me log the subunit thing as a bug as well
<zul> jamespage:  please
<jamespage> zul, bug 1255571
<uvirtbot> Launchpad bug 1255571 in subunit "subunit2pyunit fails to run" [Undecided,New] https://launchpad.net/bugs/1255571
<jamespage> zul, we can get rid of the quantum-* transitional package now right?
<jamespage> that's a grizzly->havana upgrade transition I think
<zul> jamespage:  yes i think so
<jamespage> zul, https://code.launchpad.net/~james-page/neutron/drop-quantum-packages/+merge/196924
<blueking> wonder why my windows box connected to ubuntu-server  gets dhcp-server 255.255.255.255
<blueking> oh it was fixed when i restarted dhcpd server
<zul> jamespage:  https://code.launchpad.net/~zulcss/cinder/icehouse-ftbfs/+merge/196932
<jamespage> zul, query on that MP
<zul> jamespage:  yep
<zul> jamespage:  yeah i meant to drop it...it has namespace conflicts
<jamespage> zul, +1
<zul> jamespage:  thanks
<jamespage> zul, want me to take swift?
<jamespage> nm - thats the sphinx  build bug
<zul> jamespage:  if you want it has docs build problems though
<blueking> just wonder    doesn't dhcp server send  gateway ip to connected devices/laptop/pc ?
<kwoot> Where can I send a bugreport with fix regarding a vmbuilder instance with postgresql-server ?
<blueking> hmm
<blueking> ok this looks better :)
<blueking> now I am connected through ubuntu-server shorewall
<zul> jamespage:  subunit fixed
<jamespage> zul, excellent
<blueking> had to shutdown  shorewall to be able to use apt-get    seems firewall somehow blocks  apt-get  even when ping worked right from box itself
<patdk-wk> blueking, configure it correctly
<patdk-wk> you probably are missing the policy, accept fw net
<pmatulis> looks like slapd 2.4.31 is really dear to somebody's heart in debian-land
<blueking> patdk-wk:  ok I'll loook into it
<blueking> patdk-wk:    loc net accept,  net all drop, all all  reject    dmesg reports that it ends up at last line  rejected
<blueking> patdk-wk:  got it fixed :)
<Corey> scrollback end
<blueking> hmm  got serious problem after  had raid  array on another linux distro  and mdadm didn't seem to have mdadm --zero-superblock /dev/sdc
<blueking> superblock wasn't recognized ?
<strixUK> any suggestions about how i might keep packages between two systems synchronised?
<blueking> I get bad superblock on hdd  how to clean it ?
<blueking> on mdadm tutorial   there was mdadm --zero-superblock    is it still there ?
<ikonia> why would you zero a superblock
<blueking> because I fail mount hdd
<ikonia> but zero'ing the superbblock won't fix that
<blueking> it's used after delete of raid array ?
<ikonia> oh, you want to destroy the array
<ikonia> I thought you where trying to fix a file system
<blueking> well I've failed  mount/create raid array  after those two hdd's was used  in raid array in another linux distro
<ikonia> mount and create array are two very different things
<ikonia> I'd think about and clarify what you want to do
<strixUK> is there any way to find out what created an entry in passwd or group?
<strixUK> i've just created a fresh ec2 instance and would like to get it looking as close to our main server as i can
<ikonia> the username normally gives you a clue
<strixUK> "admin" :)
<ikonia> why do you need to know what greated it then, creating the user accounts from the old password file is simple
<strixUK> (group admin)
<ikonia> that's an ubuntu default group - legacy now
<strixUK> ah right
<strixUK> ditto lpadmin?
<ikonia> thats printing
<blueking> ikonia: tested some stuff seems I've done something wrong in fstab
<ikonia> strixUK: to be honest, what does it matter, just copy the uid/gid and re-create the users
<blueking> ikonia:  could manual  mount those hdd's
<blueking> gets error when start up linux
<ikonia> you should not be maually mount hard disks that are part of a raid array
<strixUK> sure.  i didn't install any print services on the current machine, so i'm guessing it was part of the base pkg.  "find / -group lpadmin" reports nothing anyway.
<blueking> for moment they are not in array
<ikonia> strixUK: cups
<blueking> but will be
<strixUK> ikonia: this is a backup server we're running in parallel
<ikonia> strixUK: so ?
<strixUK> what's more important is keeping the installed packages in sync between them.  i could do it manually, but it'd be nice to have it done automatically.  looks like i can do something with dpkg --get-selections.
<strixUK> i wonder if that will maintain the same state that aptitude generates
<ikonia> surly just getting an install package list and looping through them would just make it the same
<ikonia> or actually taking a proper backup of the source machine and restore to new target
<strixUK> ikonia: all possibilities worth considering
<strixUK> sounds like there's no existing automated way of doing this, and tbh i probably won't install much new stuff on the live machine anyway, so doing it manually wouldn't be that hard.  automating a check to compare what's installed probably isn't difficult either.
<strixUK> it's complicated slightly by the fact that the origins of these two machines are not identical.  they're both ubuntu 12.04, but one's the EC2 AMI that's evidently been customised somewhat for EC2.
<blueking> hmms
<blueking> shorewall not starting by default on startup of ubuntu ?
<mvhenten> Hi, I'm having trouble with ufw: ufw enable
<mvhenten> ERROR: Could not load logging rules
<mvhenten> I'm puling my hair because I just can't get a smtp server open
<sarnold> mvhenten: are there any errors in dmesg?
<mvhenten> I see things like [UFW BLOCK]
<mvhenten> but nothing that hints me to what is wrong with ufw
<mvhenten> also ufw status verbose gives me: ERROR: problem running ip6tables
<mvhenten> I've been googling but mostly found outdated helpme's and some notes about re-compiling the kernel
<mvhenten> but AFAIK this should just work right?
<sarnold> mvhenten: it usually does Just Work..
<mvhenten> yes, it's not the first server I'm using ufw with
<sarnold> mvhenten: since so much of iptables functionality is done via modules, I was wondering if there were errors loading the kernel modules
<sarnold> it could be that your current running kernel doesnt have the required modules on disk any more if "old" kernel pcakages have been uninstalled...
<mvhenten> might need to install something then?
<mvhenten> kernel is 2.6.32-042stab076.8
<mvhenten> that's a bit old
<mvhenten> right?
<bekks> It is an vps kernel built by your hoster.
<sarnold> check dpkg -l linux-image-`uname -r`
<sarnold> oooooo
<bekks> I bet you cant change it without breaking your vps.
<sarnold> are you in a container, rather than a VM?
<mvhenten> ah I see
<mvhenten> No packages found matching linux-image-2.6.32-042stab076.8.
<mvhenten> I feel like im in a echo well
<mvhenten> not a server
<sarnold> owww :(
<mvhenten> so it's really a question for my hoster then
<mvhenten> I've never had this kind of issue on normal hardware or an aws box
#ubuntu-server 2013-11-28
<sarnold> yeah; but containers can overprovision even further because everyone shares the same kernel, probably shares libc6 and so forth...
<mvhenten> ok let me look around in their web panel thing
<mvhenten> I might now know where to start looking...
<mvhenten> parralells...
<mvhenten> thing is
<mvhenten> nmap tells me smtps is closed
<mvhenten> i guess because ufw is not running
<mvhenten> enabled
<mvhenten> ok i'm gonna contact the hoster. maybe I can upgrade the kernel
<mvhenten> seems like that could solve the problem
<sarnold> they may just be blocking standard smtp
<mvhenten> and explain why every hit on google refers to issues around 2009~2010
<sarnold> it wouldn't hurt to have a converation :) hehe
<mvhenten> yeah, trying to use smtps actually
<mvhenten> really sucks using mutt over ssh
<mvhenten> hm.... plain old iptables don't work either
<mvhenten> must be something larger at work
<mvhenten> ok thanks you guys, off to bed then
<keithzg> Hrmm. New laptop at work, trying to set it up...but no response from our DHCP server (running 12.04).
<keithzg> Wireshark shows it calling out requests, and no one answers.
<sarnold> do the logs on the dhcp server indicate why it might be neglecting to respond? can you run wireshark on the server and see if it receives the requests?
<sarnold> can you throw a hub or span port between the two systems and see the packet on the network? One common source of dhcp problems is from silly nic offloading not properly filling in the udp checksums..
<keithzg> I've been running wireshark on my desktop, and I see the requests, but no response. Hmm. I could probably go and hook them up if there's space on the switch in the server room...it IS a laptop, after all.
<keithzg> To clarify, from my desktop, I see the DHCP requests from the laptop, but no ACK from the server.
<sarnold> hrm, the response might be sent back directed to the ethernet MAC that requested the address...
<keithzg> Yeah, fair enough.
<keithzg> Installing Wireshark on the server now (strange that I hadn't had to before, actually, heh).
<sarnold> you might have just used tcpdump? :)
<keithzg> ...d'oh!
<keithzg> Hmm. I'm still only getting the requests from the client, but perhaps I'm only filtering for that? I must admit I'm a bit inexperienced with tcpdump.
<keithzg> tcpdump -i br0 -vvv -s 1500 '((port 67 or port 68) and (udp[38:4] = 0x6E11BA57))'
<keithzg> The laptop's MAC is 08:60:6E:11:BA:57
<keithzg> Hmm, no, that's not the issue. Even if I just fire up Wireshark on the server now, and filter purely for "bootp", looking at it I can see the DHCP Discover requests from the laptop (which is now hooked up to the same switch as the DHCP server) but no Inform or ACK with the same transaction ID.
<sarnold> keithzg: cripes :(
<keithzg> :(
<keithzg> Still stumped. Sigh. Guess I'll try and tackle this again tomorrow. Hope this isn't the herald of a deeper issue . . .
<rostam> HI I have installed ubuntu 12.04 update 3. when system  boots , I can see the Ethernet MTU size is set to 574 bytes (ifconfig), Is this value set by defaults? thx
<jdstrand> sarnold: not sure if you mentioned it, but I like to point people at 'sudo /usr/share/ufw/check-requirements'
<jdstrand> sarnold: some VPSs don't give everything unfortunately
<jdstrand> fyi...
<babinlonston> I Have Installed Ubuntu 12.04 in LVM and if i need to Create a New Virtual machine , How can i take snapshot and what are the steps there to take a snapshot , How can i create a New VM from snapshot
<sarnold> jdstrand: oh right! I forgot about ufw's check-requirements, that's way easier than trying to recall what's used :) hehe
<sarnold> jdstrand: thanks
<makara> i want browse (Firefox) to a certain server, so the curl equivalent: "curl -H "Host: specialserver.website.com" website.com
<makara> how 2 do that?
<andol> makara: I assume the reason for you not simply putting specialserver.website.com in the url bar is the lack of such dns entry? How about just making an entry in your /etc/hosts file?
<makara> andol, correct, but there are multiple servers.
<makara> so hosts file is clumsy
<sarnold> then set up dns?
<makara> I see the Modify Headers extension does the trick
<makara> at least I don't need to root everytime I want to switch
<makara> sarnold, corporate hubris
<makara> sarnold, can you recommend a DNS server?
<ikonia> ISC bind is pretty much the most common usd
<zetheroo> how can you see if the network connection on a server is being overloaded?
<remix_tj> zetheroo: i use iptraf
<zetheroo> is there a tool which can show network bandwidth usage live?
<remix_tj> iptraf
<remix_tj> but is a good idea to keep monitoring configuring mrtg
<zetheroo> ok
<zetheroo> can iptraf show a graph of the bandwidth being used?
<remix_tj> uh, a graph no, but some infos for sure
<zetheroo> ok
<jrwren> rostam: re the 574 MTU, i've seen some DHCP servers suggest that. I usually override it. Is it your cable modem interface doing that?
<i3luefire> i am having trouble logging in via ssh on my 12.04 server. it has worked plenty of times in the past with various forms of auth but now nothing works.
<jamespage> zul: how many new MIR's so far for icehouse
<jamespage> ?
<zul> jamespage:  two so far not including deps of the new MIR
<jamespage> zul, a few on this list - http://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
<jamespage> I think most of those are openstack deps right?
<zul> jamespage:  afaik roaksoax is handling kombu but ill doublecheckdjango-compressor
<jamespage> sweet
<jamespage> zul, just thinking about icehouse1
<zetheroo> we have a server with bonded ethernet's  ... I followed this to setup https://help.ubuntu.com/community/UbuntuBonding#Ethernet_Bonding_modes
<jamespage> start of december
<zul> jamespage:  yeah
<zetheroo> however I am not sure about this line under Mode 4: Prerequisites: Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
<zetheroo> how does one find out if Ethtool is supported by the driver being used?
<jamespage> zetheroo, query your physical interfaces using ethool
<jamespage> if it reports information about speed and duplex - alls good
<jamespage> :-)
<zetheroo> never used ethtool ...
<zetheroo> installing it now ...
<zetheroo> ethtool output ... looks good no!? http://paste.ubuntu.com/6490117/
<Gorash_> Dag! Ik vroeg me af of iemand zin heeft om mijn settings voor postfix (vps) na te lopen. Sommige emails komen niet aan namelijk!
<Gorash_> I mean, does someone have time to check postfix settings with me, some of mail emails are not being delivered. Sorry for dutch ;)
<zetheroo> using iptraf it just seems like eth0 is getting 90% of the network traffic ....
<zetheroo> jamespage: ^
<jamespage> zetheroo, yeah - that looks OK
<jamespage> zetheroo, might be misconfiguration switch side/
<jamespage> ?
<zetheroo> eth0 will be having about 1800kbits/sec while eth1 is sitting at less than 100 ...
<zetheroo> I guess ... could be ... though on the switch side it's pretty much just LAG groups ... from what I saw anyhow ...
<jamespage> zetheroo, can you check /proc/net/bonding/bond0
<zetheroo> http://paste.ubuntu.com/6490144/
<jamespage> zetheroo, that output looks OK - I would suspect switch config
<jamespage> but that's obviously harder to diagnose
<zetheroo> ok
<rbasak> zul: working on apache2. Just noticed that you TIL.
<zul> rbasak:  be my guest
<Maddeth> Hi all, I am looking for advice on capacity planning. I am looking for some sore of software, or even a nagios plugin that can help me predict if and when my VSphere datastores are going to run out of CPU, RAM and Disk capacity. I have been writing a web front end to pull disk data from nagios based on the host and graph it, I could do the same for RAM and CPU easily enough, but I want to compare it to the clusters they are 
<blueking> remote desktop connection from windows to ubuntu-server (installed gnome) with xrd
<blueking> xrdp
<blueking> doesn't work
<blueking> hello again
<blueking> ubuntu server almost finished :)
<zerick> blueking, from Windows to Ubuntu, VNC maybe suits for you ?
<blueking> just miss some stuff,  thinking about to install something so windows can map network drives on ubuntu   what are recommended to use ?
<blueking> zerick:  managed to get xrdp work
<zerick> blueking, samba
<blueking> ok
<zerick> or NFS,  aswell
<blueking> what's fast reliable ?
<zerick> AFAIK NFS it is
<pmatulis> windows desktop can act as a NFS client?  nice
<zerick> pmatulis, yes, it can. You just need to instal (or enable) NFS
<zerick> s/instal/install
#ubuntu-server 2013-11-29
<pabs3> I have a server where one drive is marked as failed in /proc/mdstat (RAID1, 2 drives). I went to look at smartctl but the device node no longer exists. nothing in syslog apart from mdadm noticing marking the disk as failed. thoughts?
<makara> hi. I've setup Wordpress on Apache behind Nginx. Problem is directories in the form "site.com/dir" don't load. "site.com/file" and "site.com/dir/" work fine. What have I configured incorrectly?
<TazmainianDevil> Hi all can I ask a question about apache running on ubuntu server here or just questions about ubuntu server ?
<makara> TazmainianDevil, ask away
<TazmainianDevil> Okay I have apache 2.2.22 running on ubuntu 12.04. I would like to have a redirect when I go to localhpost/fisheye it should then load the page that is normally on localhost:8060/fisheye. I have tried the proxy.load module but it doesn't render the page correctly. fisheye is its own web server. I don't have the mod_rewrite module, or I just can't find it.
<makara> TazmainianDevil, I could tell you how to do in Nginx
<makara> it
<makara> a better option as a proxy
<maxb> TazmainianDevil: you have most mosules, but you need to enable them - 'sudo a2enmod rewrite'
<TazmainianDevil> maxb I looked in the mods available folder its not there
<TazmainianDevil> maxb okay the command work, so I just couldn't see it
<maxb> Good - though you don't actually need mod_rewrite here
<TazmainianDevil> maxb what would I use then ?
<maxb> Whilst you certainly can configure a redirect if you really want to, as makara points out, it's a lot more common to proxy things like fisheye, so that they are available to your network / the world without a port number in the URL
<TazmainianDevil> maxb Okay do I need to setup the proxy in fisheye as well ? I tried that but the page didn't render correctly, it looked all funny
<maxb> I imagine you might want something like 'ProxyPass /fisheye/ http://localhost:8060/fisheye/' based on the URLs mentioned earlier
<maxb> I don't use fisheye myself, but 'looks funny' usually implies that your URL config isn't quite right, and supplementary images / CSS / javascript are getting 404ed
<TazmainianDevil> maxb  well just there are no images and the left side of the page is located at the bottom.
<maxb> Right, missing images and CSS
<TazmainianDevil> how do I get those to load then ?
<maxb> At that point you usually want to turn on one of the web developer tools in your browser which lets you look at the HTTP requests being made to see how the URLs are wrong - e.g. F12 in Chrome
<maxb> Once you've found an URL that's being requested that's 404-ing, you can see in what manner it appears to be wrong
<TazmainianDevil> maxb, So to do the proxypass I created a file called proxiedhosts under /etc/apache2/site-available and did an ln command to the default.
<maxb> That's certainly one way to do it, though there are a2ensite and a2dissite commands to automate the linking into the sites-enabled directory
<TazmainianDevil> maxb, awh okay so I just need to fix the url then. I had similar thing with upgrading a media wiki and it did the same.
<TazmainianDevil> maxb, if I get an error You don't have permission to access /fisheye on this server. what does that mean ?
<maxb> Most likely it means you want to add an 'Allow from all' to the relevant bit of configuration
<TazmainianDevil> maxb, That would be under the apache2.conf right ?
<maxb> Yes, but not just anywhere in it
<maxb> That is one of the apache config directives that needs to be in directory context
<maxb> So inside a <Directory> or <Location> block in this case
<TazmainianDevil> maxb, okay let me just set it up from scratch then. What would ne the best way to do this ?
<maxb> uh, just type some config :-) ?
<TazmainianDevil> -.- that helps lol. i meant the redirect.
<TazmainianDevil> maxb, okay let me just ask this in the apache documentation say https://httpd.apache.org/docs/current/mod/mod_access_compat.html where do I put that Allow from all. I can't find where I should put this.
<maxb> I don't know enough about your setup to just dictate an entire config, and I'm unclear why you suddenly want to restart from scratch
<maxb> um, wait, are you actually using httpd 2.4, or are you reading the wrong documentation?
<TazmainianDevil> Using 2.22 was on the wrong page, but the command is the same
<TazmainianDevil>  https://httpd.apache.org/docs/2.2/howto/access.html It has the usuage and all but where is that?
<maxb>  inside a <Directory> or <Location> block as I said
<TazmainianDevil> maxb, okay where are the  <Directory> or <Location> blocks ? What file ?
<maxb> whereever you put them
<TazmainianDevil> maxb, okay under the default one under site-available for the directory /var/www/ allow from all is there or should I make a directory for fisheye , since its not under /var/www
<maxb> Fisheye isn't in any directory on disk that apache reads from, so you probably want a <Location /fisheye>
<TazmainianDevil> maxb, still the same
<maxb> I'm out of ideas for obvious things to check
<TazmainianDevil> maxb, thats why I want to redo the redirect.
<maxb> go on then?
<TazmainianDevil> maxb, thats Why I was asking what would be the best way to do the redirect. Since creating a proxiedhosts file does not work
<TazmainianDevil> If I used the sudo ln -s /etc/apache2/sites-available/proxiedhosts /etc/apache2/sites-enabled how do I break that link again ?
<mardraum> rm it
<TazmainianDevil> mardraum, rm the file ?
<TazmainianDevil> mardraum, if I do that apache wont start
<mardraum> rm the link
<TazmainianDevil> mardraum, okay how would a total noob remove a link ? google referes to the name of the link
<blueking> hello, need input on how to install samba4
<blueking> apt-get install samba4 gives some errors
<blueking> 'error loading module '/usr/lib/x86_64-linux-gnu/samba//vfs/acl_xattr.so': /usr/lib/x86_64-linux-gnu/samba//vfs/acl_xattr.so: cannot open shared object file: no such file or directory
<blueking> error probing vfs module 'acl_xattr': NT_STATUS_UNSUCCESSFUL
<blueking> A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf  Once the above files are installed, your Samba4 server will be ready to use  <- what files ?
<TazmainianDevil> blueking, did you try installing it using synaptic. That worked for me
<blueking> what are synaptic ?
<blueking> TazmainianDevil:  how ?
<unclezipper> Hi, does anyone have experience with proftp?
<ikonia> why don't you just ask the question you want the answer to
<unclezipper> That would make too much sense
<unclezipper> Anyway, I'm just trying to set up an SFTP server. I have TLS enabled server-side, generated a key, and logging in works fine. But, users are locked in their home directories even though I set DefaultRoot to /var/www, and even in their home directories they can't download their own files. It seems like a simple permissions issue but I don't know where to start
<unclezipper> Any ideas?
<ikonia> unclezipper: I'd look at the config file for chroot options, that may explain why the users are bound to their home directories,
<ikonia> unclezipper: with regard to the permissions, I'd check the error message to confirm it's positions, but it's possible that (depending on your setup) that the user running the proftpd daemon may not have permissions to the actual file system inside their home directory via the ftpd running user
<unclezipper> ikonia: I'll check in just a sec. I don't know if it matters, but they can see folders in the root directory. They can't view any of their contents except for /home though
<ikonia> unclezipper: that actually sounds like the "right" setup, if you're chrooting them into their home they should only see the content in their home dir
<unclezipper> ikonia: I'll keep an eye on open files while I try this; I was under the impression that it actually logged in as the user. And no, that would be the "right" setup, but I have DefaultRoot set to /var/www/ instead of ~
<unclezipper> You can understand my confusion here
<ikonia> defaultroot is worthless if you are chrooting the users, which it sounds like you are
<ikonia> also look in the ftpd log files to geta clue of what's going on and the xfer logs
<blueking> I used synaptic to install samba4   but how I enter setup of samba ?
<ikonia> "enter the setup" what do you mean ?
<unclezipper> ikonia: Thanks, you might have just pointed my nose in the right direction
<ikonia> unclezipper: not a problem, if you have problems, just explain what you see and they can be worked through
<blueking> ikonia:  yes
<blueking> to set  password domain name and so on
<ikonia> blueking: "what do you mean" - "yes" is not a valid answer to that question
<blueking> when  used apt-get install samba4   it started right on setup to put in  password  and more stuff  synaptic didn't
<unclezipper> XD
<ikonia> blueking: I see so you're expecting some sort of q/a type session
<unclezipper> blueking: The configuration file should be at /etc/smb.conf
<blueking> ok
<unclezipper> You'll need to open it as root/with sudo to edit it.
<madneon> is there a way to dump oidentd requests?
<_root_> hello i have eth0 and eth1 . I just edited the /etc/network/interfaces ;;; anyway to reload the network interface or what ever that is completely in order to that editing take effect without rebooting the server?
<blueking> damn samba4 wasn't easy to fix
<madneon> _root_: try ifdown and then ifup, but if you edited the files first you may have a problem putting them down
<madneon> _root_: so you might need to put them down manually with ifconfig
<_root_> madneon: you mean ifdown eth0 for example?
<madneon> _root_: yeah, like that
<madneon> _root_: next time try this way: ifdown eth0, then edit config, then ifup eth0
<_root_> madneon: ifdown:interface eth0 not configured . is that error you were talking about?
<madneon> _root_: most likely, try using: ifconfig eth0 down
<chmac7> One machine, `time ps aux | wc -l` shows 213 lines, takes 53s to complete. 17G mem free. 88% cpu idle. Any ideas?
<chmac> Takes nearly 60 seconds to start top...
<chmac> top shows iowait 0.0%
<chmac> cat /proc/mdstat looks fine
<chmac> Maybe it's only sudo that's slow...
<chmac> Sure enough, `sudo su -` and then `ps aux | wc -l` is super fast...
<chmac> Don't think it's hostname related, my hostname hasn't changed and it's properly set in /etc/hosts as far as I can tell...
<chmac> The server's hostname is mapped to the external IP of the server, not localhost
<chmac> Same on 3 other machines, same OS, and no issues...
<chmac> Crazy, changed the machine's hostname to resolve to localhost and it's fixed...
<chmac> Darnit, issue is back, even with the hostname change...
<chmac> OK, issue seems to be bind9 running crazy slow...
<_root_> i have a nameserver and i wanted to set it in /etc/resolv.conf ;;; but it says it will be re-written;; So where should I set my name-server (DNS)
<_root_> ???
<rbasak> _root_: FAQ here: https://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/
<_root_> rbasak: you mean i put nameserver x.x.x.x in /etc/network/interfaces ??
<frojnd> Hi there.
<frojnd> I hope someone will be able to help me. I transfered a site to my ubuntu server for my firend. Before he had at some paid company. The problem is that now when users try to send email via php form they are unable
<frojnd> There is an error in logs (I use nginx and php)
<frojnd> [error] 11348#0: *34 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught exception 'Swift_TransportException' with message 'Failed to authenticate on SMTP server with username "somegamil.account@gmail.com" using 2 possible authenticators' in public_html/app/lib/classes/Swift/Transport/Esmtp/AuthHandler.php:184
<frojnd> I've red the internet and tried to enable ssl. I've created ssl certificate spesifically for this site, then I checked phpinfo to see if ssl is enabled and indeed is enabled.
<frojnd> What else can I check?
<frojnd> I've tried different creditentials and it still fails
<frojnd> Anyone here?
<rbasak> _root_: well, it depends on your situation. See the post. It looks like if you do put something in /etc/network/interfaces, it should be "dns-nameservers" though, not "nameserver".
<frojnd> Hm. So I Was trying to send email as root using mail to one of my gmail accounts. I didn't receive a message.
<frojnd> How do I setup /etc/mail/local-host-names ?
<disposable2> i'm trying to run linux containers (lxc version 1.0.0~alpha2) on a 12.04 server. on 13.04 i had no problem, but when i do it on 12.04, i get no getty in my containers. whenever i issue lxc-console -n asfd, all i get is "connected to tty 1; Type <Ctrl + a q> to ...." Am i missing some very important step?
<zul> jamespage:  https://code.launchpad.net/~zulcss/glance/icehouse-ftbfs/+merge/197223
<jamespage> zul, +1
<jamespage> how's the opening of icehouse looking now?
<zul> jamespage:  getting closer...need to work on blueprints
<frojnd> Is there a way to tell why I can't send mails from my server to gmail?
<frojnd> using 'mail' command
<frojnd> what logs should I check
<frojnd> aha syslog
<frojnd> dufuq
<frojnd> postfix/master[17024]: fatal: bind 0.0.0.0 port 25: Address already in use
<frojnd> I purged that sendmail and netstat -pel | grep smtp still shows sendmail: tcp        0      0 localhost:smtp          *:*                     LISTEN      root       1911831     15891/sendmail: MTA
<rbasak> jamespage: have you noticed that your latest mysql upload failed dep8 testing again?
<jamespage> rbasak, yeah - I sponsored a upstart tweak
<rbasak> Oh OK, np
<frojnd> It's like I must use kill -9 for this sendmail
<jamespage> rbasak, but I'd been ignoring it whilst I got on with some other stuff
<jamespage> rbasak, not sure why the test suite fails as it does exactly the same thing during the package build
<rbasak> jamespage: we really need to resync with Debian at some point and sort it out :-/
<jamespage> rbasak, yes - I added that to the mysql blueprint
<rbasak> There was some trickery involved, IIRC.
<jamespage> rbasak, frustratingly the previous upload passed its autopkg tests
<rbasak> I don't think it's deterministic.
<zul> jamespage:  yay glance is blue
<jamespage> zul, woot
<jamespage> zul, I was trying to figure out how to sync the local repo in the lab with the packages from precise-havana
<jamespage> I setup a pull but that's not working so well
<zul> jamespage:  well alot of those packages are going to be updated in the next 5 months
<jamespage> zul, yes - but we need a base to start from
<jamespage> and the lab archive need to be fully populated for deploy testing
<zul> jamespage:  right
<frojnd> I'm rather new to this
<jamespage> zul, w00t!  my team's movember donations just busted through Â£2k!
<jamespage> zul, think my bro is showing iff
<zul> sweet
<jamespage> apologies channel - that was a little OT
<jamespage> or alot really
<zul> slightly ;)
<jamespage> frojnd, /var/log/mail.log is pretty useful normally
<frojnd> I've configured posfix and dovecot. When I try to use thunderbird and I add new mail: it says username of password invalid
<frojnd> If I understand this correctly, my email addrss is username@domain ?
<jamespage> kirkland, stop byobu-ing :-)
<jamespage> frojnd, I've not done a postfix/dovecot setup for quite a while - but I think its very much dependent on how the services are configured - i.e. which domain they think they are serving
<frojnd> jamespage: where do I check this? I have configured /etc/mail/local-host-names to be like this: localhost and next line is my domain
<jamespage> frojnd, /etc/dovecot and /etc/postfix (I think - straining the grey cells now)
<geoffmcc> hello. I have been reading tutorials on securing ubuntu server and most say to install rkhunter and chkrootkit but from what i have read on the two rkhunter does a better job. Is there really a benifit to having both installed?
<frojnd> jamespage: One question: if I havve just created A record for server's ip will this still work?
<jamespage> frojnd, you need MX records as well
<frojnd> jamespage: yeah but which MX records?
<frojnd> jamespage: just mydomain MX server'sIP  as value?
<frojnd> jamespage: I mean, for A recrods I did: name: mydomain.net type: A and value serverIP for mx the same?
<jamespage> frojnd, without know the specifics of either your dns or your mail setup its hard to say
<w0rmie> s off
<frojnd> jamespage: I have a server at leaseweb. I got ip for the server. Then I have bought a domain at another company and made A records for server ip.
<frojnd> jamespage: under /etc/resolv.conf I have three nameservers
<frojnd> I'm not sure what I should do next
<frojnd> jamespage: I found this:
<frojnd> Below you will see the list of domains which we are secondary nameserver for. This is a free service for our customers. Please make sure you put in the IP of the primary nameserver. Also make sure you allow zone-transfers from our IP.
<frojnd> Our secondary nameserver IP is: 62.212.76.50 (ns7.leaseweb.net)
<frojnd> Ups
<zul> jamespage: mind if we merge the openstack-virt spec?
<jamespage> zul, not at all
<zul> jamespage:  same as the qa one, if we can just do everything in one spec then life will be happier
<frojnd> hm
<frojnd> I think I'm gonna ned a litle help over here
<frojnd> ned=need :)
<jamespage> frojnd, sorry - a few other things going on out of channel as well
 * jamespage reads backscroll
<jamespage> frojnd, so a MX record tells the rest of the world how to deliver email for your domain - so that's mostly used for incoming delivery
<jamespage> but some spam/spoofing systems do checking to ensure that the mail is coming from the right place as well (can't remember the specifics)
<jrwren> SPF
<jamespage> your postfix/dovecot setup is probably going to reside on the server that you point that record at
<frojnd> jamespage: so I have to do mx record at domain company / different than the one that I have server located and set mx for server's ip just like I did for  A record
<jamespage> frojnd, you need todo it for the domain records that the rest of the world can see - I can't tell specifically from what you say above where that is
<jamespage> frojnd, example - "dig  shingle-house.org.uk MX"
<jamespage> frojnd, like jrwren says - SPF - sender policy framework - google it for more details
<jamespage> thanks jrwren - I must have filed that in long term memory :-)
<frojnd> jamespage: aha with dig I see if the mx records are set
<jamespage> frojnd, remember it can also take time for DNS changes to propagate as by design stuff gets cached....
<zhbfvuvabar87r>   YOU MAY BE WATCHED
<zhbfvuvabar87r> WARNING       WARNING      WARNING,                       WARNING
<zhbfvuvabar87r> WARNING             WARNING              WARNING,     WARNING         WARNING
<zhbfvuvabar87r>  YOU MAYWATCHED
<zhbfvuvabar87r> YOU MAY BE WATCHED
<zhbfvuvabar87r>    YOU MAY BE WATCHED
<frojnd> jamespage: is there a way to test if I can send email when I'm connected on a server?
<patdk-lap> define, connected on a server
<frojnd> sshed to it
<_root_> the question was long help on : http://serverfault.com/questions/558301/setting-2-ips-on-ubuntu-12-04-with-two-network-adaptor-card
<frojnd> jamespage: my domain name provider does not have spf
<frojnd> aaaaaa
<jeffci> hey, I have a bunch of flvs in a directory and all of that are named with a series of random numbers e.g: 9382.flv. I need to do a find on that current directory and re-encode with ffmpeg to a new format but preserve the numbers in the filename, how do I do this quickly without having to do them one by one?
<genii> jeffci: http://ubuntuforums.org/showthread.php?t=1430243 has an example of how to do this, I think in posting #5 or so. In that case they are going flv to mp3 but you could choose whatever format instead
<jeffci> ok thanks genii
<ice9> how to install zram on 13.04?
<genii> !info zram-config | ice
<ubottu> ice: zram-config (source: zram-config): Upstart job to enable zram support. In component main, is extra. Version 0.1 (saucy), package size 3 kB, installed size 41 kB
<genii> Hm, no wonder tab complete failed, they left.
<hazmat> smoser, what would you say to including git in the default cloud images
<jrwren> hazmat: why? its trivial to add git-core to packages section of a cloud-config
#ubuntu-server 2013-11-30
<jrwren> hazmat: i actually pitched removal of a number of packages recently :)
<hazmat> jrwren, i'm primarily looking at lxc instances (including in cloud-instances), and minimizing seconds on container boot time, its easy to avoid via some container customizerization
<hazmat> jrwren, fair enough
<hazmat> its easy to do externally
<jrwren> hazmat: do you then git clone something to teh new instance?
<hazmat> jrwren, git is used internally by juju when deploying charms, but fair enough i'm snapshotting against a base image for the containers, easy enough to add there, out of curiosity what packages were you pitching to remove?
<jrwren> oh, a juju thing.
<jrwren> would make sense to have a jujuimg separate from cloudimg IMO
<hazmat> jrwren, basically i'm creating a base juju image from each series/release cloud image, i can add the extra package there just as easily
<hazmat> although it would be nice if lxc-attach would work with precise and hwe kernels.. ssh normalizes nicely across the containers.
<hazmat> by base juju image i mean container with  btrfs snapshot for lxc-clone. the default cloud images have nothing in specific support of juju btw.
<jrwren> right. i know the cloudimg pretty well.
<jrwren> everything else you just said, i've no idea what you are talking about :)
<mushtar> is this the right channel for discussing CloudInit, i.e. https://help.ubuntu.com/community/CloudInit ?
<lifeless> it's a fine channel
<lifeless> for that and many other things
<mushtar> oh good
<mushtar> is it possible to get cloud-init to run on my mac?
<mushtar> i want to be able to use write-mime-multipart
<mushtar> figured it out. bzr branch lp:cloud-init
<kirkland> jamespage: uh oh, what happened?
<MarGul> Hi I have just unstalled ubuntu server 12.04 and I have changed ip address to static (been pinging it from my laptop and I know its connected to my network). Then I installed nginx running the command aptitude install nginx. The version of nginx is 1.5.6. When I then, on my laptop, type in my servers ip address in my webbrowser I get nothing.
<MarGul> Im following the manual http://arstechnica.com/gadgets/2012/11/how-to-set-up-a-safe-and-secure-web-server/2/
<crimsonmane> i need to re-do my certs ... i just ran through the steps i used the first time but it failed to change the cert as evidenced by the old data being present and not the new data. i used a different email address to make them stand out.
<anepanaliptos> hello..
<anepanaliptos> dont tell me !ask, i know. just being kind.
<anepanaliptos> ok guys.. so this is what i want to do. I dont really understand lvms and the like, but i know what i want..
<anepanaliptos> my old machine was a simple 1 disk setup, and while installing ubuntu i chose the guided partitoning and chose luks + lvm
<anepanaliptos> i want to do the same again, except this time, with two disks. and i want the "2nd disk" to be in teh LVM so i only have to type the key once.
<jkitchen> but not raid?
<anepanaliptos> lvm though seems to create one giant partion, like dynamic disks. i dont want that. i want one "partition" on the 1st disk, and the "other/storage" on the other
<anepanaliptos> correct. but no raid.
<jkitchen> they're separate PVs then
<jkitchen> no way around that
<anepanaliptos> um
<anepanaliptos> is there a way the "storage" disk can mount into the first group?
<jkitchen> you can mount things wherever you want
<anepanaliptos> (im at the guided screen if you wanna teamviewer and push the buttons, but i have a feeling you know what i want to do..)
<anepanaliptos> i dont mind how the "mounting process" happens, as long as.. see the reason why i want them seperate is so that i could possibly transport the second disk and mount it on another computer someplace.
<patdk-lap> anepanaliptos, why do that at all?
<patdk-lap> why *type the key* multible times?
<anepanaliptos> i dont want to.
<patdk-lap> then don't
<anepanaliptos> so how would i set it up so i dont have to?
<patdk-lap> there are many ways
<patdk-lap> I personally use a script to fetch the key
<patdk-lap> the script asks for the password to decrypt
<patdk-lap> it then uses that password to get the key
<patdk-lap> I store the keys in a gpg archive
<anepanaliptos> woah too complicated
<patdk-lap> :)
<patdk-lap> you could go lazy
<patdk-lap> just save the key onto your first disk
<anepanaliptos> ok what's that route look like?
<anepanaliptos> aa ok.
<patdk-lap> and reference that file to unlock the second
<patdk-lap> if first is locked, can't unlock the second
<anepanaliptos> ok. can that be done "near boot time" ?
<patdk-lap> near boot time?
<patdk-lap> what does that mean?
<anepanaliptos> that sounds better.
<anepanaliptos> before for example, apache2 starts up
<patdk-lap> no idea
<patdk-lap> it happens when disks mount
<patdk-lap> that is upto upstart
<anepanaliptos> perfect.
<patdk-lap> issues is, anyone that roots your server, has access to the decrypt key
<patdk-lap> so using a script, while much harder, is safer, by alittle bit
<anepanaliptos> hmm.
<anepanaliptos> hmmm.
<anepanaliptos> i think ill just type it twice.
<patdk-lap> what exactly are you protecting against?
<anepanaliptos> how do i setup luks without the volgroup stuff then?
<anepanaliptos> im trying to protect againt physical theft
<patdk-lap> then it doesn't matter
<anepanaliptos> so when you yank the power, you're done and you need the key again.
<patdk-lap> well, those are totally different
<lifeless> anepanaliptos: oh, so if people are serious about stealing kit they won't yank the power
<anepanaliptos> lifeless: lol.
<patdk-lap> the best way to steal it, is to root it and copy the data while it's up
<jkitchen> and nobody even knows
<patdk-lap> the system is much less protected when it's running
<lifeless> anepanaliptos: there are stock products that replace the power supply hot
<anepanaliptos> yeah im just talking about like a dumb theif stealing equipment.
<anepanaliptos> look, its my mailserver
<patdk-lap> then saving your key for the other disks in /etc, is safe enough
<anepanaliptos> im trying to "protect" against some "not nice people" accessing.. my mail. if it were to get siezed.
<patdk-lap> cause it's unlikely they logged in, and rooted your server to get those keys first
<anepanaliptos> that kind of thing.
<patdk-lap> siezed?
<anepanaliptos> but im happy with this solution too
<anepanaliptos> 23:42 < patdk-lap> then saving your key for the other disks in /etc, is safe enough
<patdk-lap> that implies people know what they are doing
<anepanaliptos> not really. local authoraties arent that smart.
<jkitchen> thermite trap
<jkitchen> problem solved
<patdk-lap> jkitchen, what triggers it?
<patdk-lap> not solved :)
<anepanaliptos> again, too technical.
<anepanaliptos> how do you guys protect your mail servers?
<jkitchen> patdk-lap: "oh shit" button
<jkitchen> :)
<jkitchen> tie it to your iphone "siri, nuke the drives please"
<anepanaliptos> when i had the first one, with only a physical raid, i felt "safe" with luks
<patdk-lap> personally, I have to insert a special usb stick
<patdk-lap> and type in a password
<anepanaliptos> ok. any things i can "rtfm" to help me setup something similar?
<patdk-lap> but, for email
<patdk-lap> it is much much more likely they tapped your internet connection
<anepanaliptos> eeh. still pointless. ssl.
<patdk-lap> what ssl?
<patdk-lap> smtp doesn't use ssl
<anepanaliptos> i use webmail.
<patdk-lap> so your email is safe until you send/receive
<anepanaliptos> yeah. i understand those rules.
<patdk-lap> till everyone starts doing dane/tlsa, I don't really get the whole encrypted email thing
<patdk-lap> if you secured your email, like with s/mime, or pgp
<patdk-lap> there would be no need for encryption
<patdk-lap> the only thing your somewhat protecting is your email history, from *before* they tapped your connection
<anepanaliptos> ohkay.
<anepanaliptos> so single disk it is that mounts the others via key.
<patdk-lap> well, the simple way is, use your password to unlock your root disk
<patdk-lap> then save the keys on your root disk, maybe like /etc/disk.keys/....
<patdk-lap> and use those files to unlock the other disks
<patdk-lap> someone would have to copy those files first, to unlock the other disks
<patdk-lap> or have the password to unlock the first disk
<patdk-lap> that is the simple way
<patdk-lap> any other way, gets into messing with initramfs, and that isn't much fun
<anepanaliptos> yeah. i think that way is best.
<patdk-lap> s/best/acceptable/
<anepanaliptos> and as far as the whole email thing, there is MX tls
<anepanaliptos> 23:53 < patdk-lap> s/best/acceptable/
<anepanaliptos> ^^ agreed.
<patdk-lap> smtp mx tls is mitm
<patdk-lap> it is full of selfsigned, unsigned, broken, expired, certs
<anepanaliptos> correct. but for "the people who care" that i exange email with, we have exchanged keys.
<patdk-lap> so you can't enable hard verification
 * patdk-lap just has lots of ipsec tunnels
<anepanaliptos> yeah i dont know if i trust creating an ipsec tunnel with someone.
<_root_> for IP Aliasing: both Ip should have the same MAC address?
<jkitchen> you don't need to specify the mac
<jkitchen> unless you're talking about something different than I'm thinking of :)
<_root_> I have to add my first IP to my VPS this way http://paste.ubuntu.com/6497998/ and because of that I cant get the eth0:0 to IP alias. could you give me a clue as to what should I do to get eth0:0 working
<blueking> samba seem to be tricky to manage get installed   there are some issues several places
<blueking> are there samba install scripts that are up to date ?
<nf7> How can I get /etc/crontab to run a script as if it is in the same working directory as the script?
<jkitchen> nf7: cd /path/to/dir && /path/to/dir/script
<nf7> ohhhhh
<nf7> jkitchen: is this a messy way to do it?
<jkitchen> that's the way to do it
<nf7> jkitchen: awesome, thanks a lot
<jkitchen> yup
<andol> nf7: Alt have the script start off by entering the desired working directory, assuming that applies equally well.
<nf7> andol: it's a Python script, is it possible to do that?
<jkitchen> http://docs.python.org/2/library/os.html#os.chdir
<nf7> thank you!
<nf7> jkitchen: Is it possible to have os.chdir point to the scripts path (so it will work no matter where I put the script), or do I need to always manually enter the path?
<jkitchen> nf7: http://docs.python.org/2/library/sys.html#sys.argv  http://docs.python.org/2/library/os.path.html#os.path.basename
<nf7> jkitchen: Thanks a lot. It's really hard for me to read and find my own information using the documentation. Is there some sort of guide on how to utilize the documentation properly? Or do I just need to learn more.
<jkitchen> I am permalinking you directly to the functions you want
<nf7> jkitchen: Right, I'm just asking for future reference.
<jkitchen> oh
<jkitchen> I just google for the function name
<jkitchen> or thereabouts
<nf7> Cause I need to stop bothering people so much about little things.
<jkitchen> hah, it's fine
<nf7> Ah ok, how long have you been programming with Python?
<jkitchen> I don't
<jkitchen> I've been a professional google user for about 13 years now though
<nf7> hahah
<nf7> that's always a good skill
<nf7> do you program with anything though? or just use Ubuntu server?
<jkitchen> I am a recovering perl user turned rubyist
<jkitchen> dabbled briefly in python
<nf7> cool, there's a lot of perl in linux isn't there?
<nf7> I was fixing a problem with a wifi card's hardware a while back and I ran into a lot of perl scripts
<jkitchen> there's a lot of a lot of stuff in linux
<nf7> right
<jkitchen> used to be perl was really popular for a lot of stuff though
<jkitchen> still is, truth be told
<nf7> Perl and Python are very similar aren't they?
<jkitchen> lots of folks like me who can whip up all kinds of shit in perl in no time
<jkitchen> but trying to keep up with the new hotness
<nf7> That's what someone told me anyway.
<jkitchen> perl python and ruby are like the romance languages
<nf7> What kind of stuff do you use Ruby for?
<jkitchen> my company is a rails shop
<jkitchen> so... basically everything
<nf7> Right, I've dabbled very little with Ruby, seemed almost identical to Python up to what I learned.
<jkitchen> hah
<jkitchen> not even remotely :)
<nf7> Cool, so web development?
<nf7> yeah of course, past a point
<jkitchen> no, I'm ops
<jkitchen> I just run the servers
<nf7> interesting
<jkitchen> but I use puppet for managing my servers, and foreman for managing the metal
<jkitchen> so there's some ruby there
<nf7> I've been programming for about 3 months right now. Just writing some Reddit bots, having them run on a Ubuntu server on an old netbook that I'm SSH'ing into. It's fun.
<jkitchen> now that this migration is almost finished (working on it right now, in fact, should be done shortly) I'll be able to get into the code side of things a bit more and start making things suck less
<jkitchen> cool
<nf7> Well I didn't understand much of that but it sounds interesting.
<nf7> What OS do you use for programming/personal use?
<jkitchen> OSX is my daily driver
<jkitchen> but really it's just a pretty terminal
<jkitchen> chrome, iterm, adium, and a music player
<jkitchen> my primary operating environment is an ubuntu server with about 2 dozen tmux sessions
<nf7> Yeah I was using OSX as well but I recently switched back to Windows, I like 8.1 a lot.
<jkitchen> I can't work on windows
<jkitchen> like literally am incapable
<nf7> Just don't like it or missing some particular program?
<jkitchen> there are no terminals for windows
<jkitchen> putty doesn't qualify.
<jkitchen> putty is great for what it is, but it's not what I need.
<jkitchen> plus I really enjoy having a proper unix command line on my daily driver
<nf7_> Whoops, lost the Wifi there for a moment, back though.
<nf7_> What did I miss?
<jkitchen> dunno
<jkitchen> I have one windows machine, and it's been turned off for the last 8 months.
<nf7_> Well the main reason I switched back to Windows is that I really like 8.1, they've figured out their hotkeys, took some pointers from OSX as well with the spotlight style search and a few other things.
<nf7_> Plus I really like Thinkpads
<jkitchen> if I were going to use a thinkpad it would have linux on it.
<nf7_> Can get around 12 hours of battery with two packs and the docking base is amazing
<jkitchen> but there is no finer laptop than the 13" retina macbook pro
<nf7_> I love coming home and simply snapping it on and having it connect to the speakers, mouse, screen, keyboard, external hd instantly, it's great
<nf7_> Yeah that's actually what I had as well, great machine
<jkitchen> "docking base"
<jkitchen> some proprietary thing
<nf7_> yes it's lenovo proprietary
<jkitchen> I have a thunderbolt display
<nf7_> very similar
<nf7_> the apple one?
<jkitchen> yes
<nf7_> that's one of the nicest screens, crazy expensive though
<jkitchen> was free
<nf7_> I think if I ever bought an OSX machine again I'd get a 13 inch Macbook pro
<nf7_> the battery on those things is crazy
<nf7_> macbook air*
<jkitchen> everything on this thing is crazy.
<jkitchen> oh, not the air
<jkitchen> I am spoiled by retina
<nf7_> yeah the retina is great
<nf7_> I love how you can scale the resolutions
<nf7_> you know what I'm talking about?
<jkitchen> I only use it at the 1680x1050 effective resolution
<nf7_> I like it at whatever the default it
<nf7_> is*
<jkitchen> dunno, I love linux on the desktop, but I also love not having to fuck with my laptop to have it work
<ikonia> there is no need for tha language jkitchen
<jkitchen> sorry
<ikonia> no problem, thank you
<jkitchen> (didn't realize mac was a dirty word, amirite?)
<nf7_> haha
<jkitchen> I kid.
<jkitchen> I came close to buying a thinkpad or samsung series 9 this time around, but then the mavericks preview came out where they were talking about the battery optimizations they were doing at the OS and hardware levels and stuff
<jkitchen> mind blown
<jkitchen> sorry but there's just no way linux can compete with that :(
<nf7_> OSX has crazy good power utilization.
<jkitchen> that's the kind of stuff you can do when you are fully vertical
<nf7_> Windows must be the worst.
<nf7_> Even so, I get really good battery life on my ThinkPad
<jkitchen> for sure
<nf7_> I've actually removed all Lenovo drivers
<nf7_> there were a bunch of power management ones, but I notice no difference whatsoever with them off.
<jkitchen> but there's always that time when you're sitting there and boom, 90% -> 10% in what feels like minutes because something is chewing up power
<nf7_> Yeah true
<jkitchen> happened on my android phone all the time
<jkitchen> happened on my thinkpads in the past
<jkitchen> I do miss linux on the desktop though.
<nf7_> I can't stand all the tools and utilities Lenovo puts on their machines (even if they aren't bloatware technically), first thing I did was a fresh install from a Microsoft CD
<ikonia> is this really anything to do with ubuntu server ?
<ikonia> perhaps take it to one of the offtopic channel please ?
<jkitchen> heh
<nf7_> I was just heading out anyway, thanks for the help.
<jkitchen> np, good luck
<Gilligan94> Hi I have a system without a graphics card and I want to set up ubuntu server on it, what would the best way to do this be?
<ikonia> a serial connection
<jkitchen> Gilligan94: network console
<Gilligan94> so I'll beable to install it over SSH?
<jkitchen> it really doesn't even have like an onboard vga? weird.
<jkitchen> Gilligan94: yup
<Gilligan94> yea no VGA this is an AMD system
<jkitchen> doesn't mean it doesn't have a vga port on board
<jkitchen> in fact with newer AMDs it seems like it's hardecr to get one WITHOUT an apu than with...
<Gilligan94> in this case it doesn't have any VGA
<jkitchen> crazy
<Gilligan94> I believe this mobo and CPU was aimed at gaming so they just assumed you would use a dedicated GPU
<ikonia> what is the motherboard model
<Gilligan94> not sure, I dont have it on hand currently
<jkitchen> not even hdmi?!
 * jkitchen is baffled
<Gilligan94> nope nada
<Gilligan94> kinda cool IMO keeps the cost down
<jkitchen> eh
<jkitchen> by about $2
<jkitchen> anywho OFF TOPIC
<jkitchen> try the network installer.
<Gilligan94> every little bit counts >.>
<Gilligan94> alright thanks
<jkitchen> or serial console
<jkitchen> but I doubt it has a serial port
<Gilligan94> yea I dont think it does
<ikonia> if it's not got any form of vga for "cost saving" they won't have put a serial port on
<jkitchen> right
<Gilligan94> any advantage to using 13.10 over 12.04?
<jkitchen> plenty
<ikonia> Gilligan94: it really depends on your needs
<jkitchen> go with 13.10 unless you need LTS
<Gilligan94> alright
<blueking> does there exist scripts  up to date for install of samba ?
<ikonia> blueking: the package manager will manage updates
<frojnd> Hi there. I need a little assitance with mx records. I successfully set multuiple A records for server's IP. So when I go to mydomain1.com it  goes there without a problem. It's the same with mydomain2.com Now I'd like to set up MX records for mail server for mydomain1.com. Under free DNS hosting section of my host provider, I set up: Name: mydomain1.com,  Type: MX, Value: IP
<frojnd> WHen I do dig -t mx mydomain1.com I can't see mydqomain1.com under mx...
<frojnd> Am I doing this correctly?
<frojnd> I also tried for google mails and it's rather different then I did: Name: atl1.aspmx.i.google.com, Type: MX, Value: mydomain1.com
<ikonia> dns changes will take time to go live
<frojnd> So: do I have to first set A recrod for mail.mydomain1.com and then use this?
<ikonia> mx records need to be a vali dhost name too
<frojnd> ikonia: I've set up yesterday and still not seen.
<ikonia> is the fqdn of the mx host able to be resolved
<frojnd> ikonia: so in theory, if I set first A record: mail.mydomain1.com for server's ip and then use for mx like this: mail.mydomain1.com Type: MX value: mydomain1.com will it work?
<ikonia> MX has to be a fqdn, not an ip
<frojnd> aha
<frojnd> we found a problem
<frojnd> let me try
<frojnd> It says changes will be visible in max 4 hours
<frojnd> Nevertheless I noticed a few problems with postfix
<frojnd>  postfix/cleanup[1128]: warning: mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error for "root@mydomain1.com" this warning each second, which is worring me
<frojnd> log is already 18MB big
<frojnd> ioptop is running like crazy :)
<frojnd> In that *.maps.cf I have user, password, hosts, dbname and query
<frojnd> Also in that file, user is not root
<blueking> ikonia:  not that kind I was thinking.. but script to get everything installed
<ikonia> the package manager will install everything
<leelondon> i used ubuntu-s for five years guys
<leelondon> please like https://www.facebook.com/DwayneJohnson
<leelondon> the rock
<frojnd> Ok. I have setup a MX record for mydomain1.com as mail.mydomain1.com and is also seen if I do dig -t mx mydomain1.com
<frojnd> What does that error mean for postfix?  Nevertheless I noticed a few problems with postfix
<frojnd>   postfix/cleanup[1128]: warning: mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error
<Maddeth> Hey all, anyone know if there is a netatalk channel?
<Maddeth> or anyone able to help bme with some netatalk issues
<Maddeth> s/bme/me/
<subman> I've tried adding a second hard drive to my ubuntu server machine but now it won't boot up.  It gets stuck at verifying dmi pool.  Any ideas?
<bitbyte> Hey guys any one here who can help out with a VPN problem ?
<jkitchen> ?ask
<jkitchen> ??ask
<jkitchen> don't ask to ask, just ask. if someone can help and is willing, they might just do that
<anepanaliptos> yes. but i dont know what your problem is.
<bitbyte> sorry got called away from the machine as i typed enter
<bitbyte> I'm having some problems understanding generating the certificates
<jkitchen> bitbyte: what sort of vpn are you creating, openvpn?
<bitbyte> I am following the setup outlined here : http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client
<bitbyte> but the openssl command I am having trouble finding any details for. Any ideas on some documents to read up more on it
<jkitchen> there's always 'man openssl'
<bitbyte> I am setting up StrongSwan on ubuntu server, I think I have the config right. But when i generate the certs they don't seem to work right
<jkitchen> but basically that guy is setting up a CA and such
<jkitchen> for my vpn (openvpn) I use the easy-rsa stuff that ships with openvpn
<jkitchen> to manage my ca
<bitbyte> If I'm just setting up a home VPN would i need to setup the Certificate Authority ?
<jkitchen> yes
<bitbyte> I was looking on ss64 for the openssl command but had no luck
<jkitchen> if you follow those directions on the page exactly, it should work fine
<jkitchen> what step did you have trouble with?
<bitbyte> Ok I will give it another shot, The issues began when i copied the certs over to my osx test laptop and it did not recognize the certs even when fully important to keychain
<bitbyte> The setup I have at the moment is : http://pastebin.com/g2yhYYC0
<bitbyte> If I understand this correct the leftsubnet 10.10.10.x/24 will be the network the VPN clients are on and 0.0.0.0/24 will accept any inbound IP's
<jkitchen> I can't speak to that part, sorry
<bitbyte> and having the interfaces=%default route it should pass it through to the em1 ethernet interface and connect it to my internal 10.10.5.x/24 network
<bitbyte> There was one other item i was wondering about which was that when i run the openssl to generate the certs it asks for a password, Can this be taken off ?
<bitbyte> Because if I understand it correctly, it will require the password to be entered every time its requested to be used.
<anepanaliptos> yes you can leave it blank and push enter
<bitbyte> When i pushed enter it seems to exit the creation of the cert
<blueking> hello
<blueking> I have a question about reboot/init 6      I have an issue with it    tried google for it but found no answer to it, maybe someone here knows  ?   the issue about reboot/init 6 is that it shuts down computer and doesn't restart    are there ways to force  pc/linux restart ? I am running ubuntu server 13.10
<zkvvoob> Hi guys, I'm trying to find out why my Ubuntu 12.04 server with Postfix/Dovecot suddenly stopped receiving emails. Sending works fine. Could someone give me a hand?
<zkvvoob> Please?
<zkvvoob> Anyone?
<blueking> I have a question about reboot/init 6      I have an issue with it    tried google for it but found no answer to it, maybe someone here knows  ?   the issue about reboot/init 6 is that it shuts down computer and doesn't restart    are there ways to force  pc/linux restart ? I am running ubuntu server 13.10
<sander^home> How do I decrypt a pgp message?
<jkitchen> you need the private key
<jkitchen> then you just gpg --decrypt
<sander^home> jkitchen, do you have a compleate example?
<jkitchen> sander^home: huh?
<jkitchen> gpg --decrypt filename
<sander^home> jkitchen, ah, ok. And what argument do I spesify the private key, and where do I spesify the message?
<jkitchen> sander^home: you need the private key in your keyring
<jkitchen> and you can either pipe the message in or specify a filename
<jkitchen> gpg will figure out which private key to use to decrypt the file if you have multiple private keys in your keyring
<sander^home> jkitchen, how do I import the private key into my keyring?
<jkitchen> sander^home: gpg --import keyfilename
<jkitchen> or you can pipe the key into --import
<sander^home> jkitchen, seems like I got an public key..and a message
<jkitchen> sander^home: if you don't have the private key you can't decrypt the message
<jkitchen> that's kinda the point
<sander^home> jkitchen, ok. Thanks alot:)
<zkvvoob> Hi guys, I'm trying to find out why my Ubuntu 12.04 server with Postfix/Dovecot suddenly stopped receiving emails. Sending works fine. Could someone give me a hand?
<blueking> noone had problem with shutdown -r, reboot, init 6  ?
<jkitchen> zkvvoob: what's in your maillog?
<jkitchen> also, what's the domain?
<zkvvoob> jkitchen: http://paste.ubuntu.com/6501474/
<jkitchen> Dec  1 00:20:02 server sm-mta[7723]: NOQUEUE: SYSERR(root): hash map "access": missing map file /etc/mail/access.db: No such file or directory
<jkitchen> that's not postfix, for one
<jkitchen> sm-mta I'm gonna guess is sendmail
<zkvvoob> jkitchen: but I removed that
<zkvvoob> sendmail
<jkitchen> clearly not
<zkvvoob> what do I do then?
<jkitchen> remove sendmail, install postfix
<zkvvoob> like I said, already did that: apt-get remove sendmail, apt-get autoremove
<jkitchen> how did sendmail get on there to begin with?
<zkvvoob> I was trying to figure out why the PHP Mail function was not working and tried setting up sendmail; when nothing changed, I removed it
<zkvvoob> and reinstalled Postfix
<jkitchen> ah
<jkitchen> that'll do it.
<zkvvoob> but maybe I messed something with the config files
<jkitchen> postfix ships its own /usr/sbin/sendmail, so you don't need to actually have sendmail installed
<jkitchen> dpkg -l | grep sendmail
<zkvvoob> jkitchen: http://paste.ubuntu.com/6501494/
<jkitchen> ok, what about postfix
<jkitchen> also, perhaps sendmail is still running, check your process list
<jkitchen> or try telnet localhost 25
<zkvvoob> jkitchen: http://paste.ubuntu.com/6501495/
<jkitchen> ok, postfix isn't installed either
<zkvvoob> so, apt-get install postfix again?
<jkitchen> so between that and the fact that you removed postfix and installed sendmail, that would cause mail to stop working, yes.
<jkitchen> yea, install postfix
<zkvvoob> aye, aye
<jkitchen> but first check the process list
<zkvvoob> how?
<jkitchen> sendmail may still be running
<jkitchen> ps aux | grep sendmail
<jkitchen> maybe
<jkitchen> I don't (won't) use sendmail, so I'm not sure what all processes it uses
<zkvvoob> root      4303  0.0  0.0  13548  2208 ?        Ss   Nov30   0:00 sendmail: MTA: accepting connections root      8372  0.0  0.0   4392   808 pts/0    S+   00:40   0:00 grep --color=auto sendmail
<jkitchen> yea, it's still running. kill it.
<zkvvoob> again, how? :(
<jkitchen> kill 4303
<jkitchen> 4303 is the pid of the sendmail process there
<zkvvoob> right, got it
<zkvvoob> done
<jkitchen> (second column)
<zkvvoob> now install postfix?
<jkitchen> yup
<jkitchen> and hopefully you didn't apt-get purge it before, it should still have your configu
<zkvvoob> no, I didn't purge anything
<zkvvoob> it's installed
<zkvvoob> now what?
<blueking> anyone knows what option -d means ? in -> "reboot -d -f -i"      looking at file /etc/rc6.d/S90reboot
<blueking> man doesn't mention -d option
<jkitchen> zkvvoob: in theory, postfix is up and running and your mail should be working again
<zkvvoob> hm, ok, I'll tail the mail log and send a messge
<zkvvoob> jkitchen: http://paste.ubuntu.com/6501525/
<zkvvoob> and there's no trace of the message in my mailbox
<jkitchen> Dec  1 00:45:01 server postfix/smtpd[9185]: error: unsupported dictionary type: mysql
<jkitchen> you may need to install postfix-mysql
<jkitchen> dunno if you were actually using that before or whatnot
<zkvvoob> jkitchen: nothing - http://paste.ubuntu.com/6501545/
<jkitchen> you need to restart postfix after installing the package
<zkvvoob> did that
<jkitchen> ok
<jkitchen> mailq says?
<zkvvoob> jkitchen: http://paste.ubuntu.com/6501552/
<jkitchen> zkvvoob: those are bounce messages, you can look at what they say with postcat. postcat -q B6C8C601566
<jkitchen> though unless your clock is quite off those are most likely not relevant to this matter
<Xeronix> I'm having trouble installing Ubuntu Server 13.10 - my USB keyboard is not recognized by my computer once I get into the installation steps
<Xeronix> I'm stuck at Select a Language
<jkitchen> Xeronix: replug?
<Xeronix> jkitchen: I have tried that
<zkvvoob> jkitchen: no, it's not off, they are old; aparently I've not been receiving message for quite some time, not just today
<jkitchen> just a thought :)
<jkitchen> zkvvoob: I'd bet there's a strong correlation between when you uninstalled postfix and installed sendmail and when your mail stopped working
<jkitchen> Xeronix: do you have any sort of legacy usb support enabled in your bios?
<zkvvoob> jkitchen: the thing is I never actually uninstalled postfix
<Xeronix> jkitchen: I do
<zkvvoob> jkitchen: at least I don't remember
<Xeronix> Under USB configuration
<jkitchen> zkvvoob: postfix and sendmail are mutually exclusive
<Xeronix> I have Legacy USB Support enabled
<zkvvoob> jkitchen: I know that now, yes
<jkitchen> Xeronix: you might disable that
<zkvvoob> jkitchen: so what could I try now?
<Xeronix> DISABLE it?
<jkitchen> Xeronix: yes, linux has supported usb keyboards for over a decade
<jkitchen> you don't need the bios to do that for you anymore
<jkitchen> zkvvoob: how are you testing your mail?
<Xeronix> jkitchen: Still no use, it's not working :(
<jkitchen> Xeronix: you rebooted that quickly?
<Xeronix> Yep
<jkitchen> lies.
<Xeronix> USB install
<zkvvoob> jkitchen: sending a message from another account, tail -f /var/log/mail.log; checking webmail if anything's arrived
<Xeronix> it's not a server, so it doesn't have a long POST cycle either
<jkitchen> zkvvoob: what's the domain?
<zkvvoob> jkitchen: I already sent you the output of telnet localhost 25
<zkvvoob> jkitchen: saturn13.eu
<zkvvoob> or mail.saturn13.eu - for the SMTP
<Xeronix> jkitchen: Like literally, my keyboard loses power or something
<Xeronix> hmm
<jkitchen> Xeronix: weird. is it a fancy keyboard or just off the shelf thing
<Xeronix> does Ubuntu have USB3 support built in?
<Xeronix> jkitchen: Nope, I used it yesterday to install server on another machine
<jkitchen> weird
<jkitchen> in theory it shouldn't matter, because of usb hid
<jkitchen> but yea.
<jkitchen> HEH
<jkitchen> zkvvoob: tail -f your log file
<jkitchen> you should have just seen a message from me
<jkitchen> 250 2.0.0 Ok: queued as 58C7D600040
<Xeronix> jkitchen: shite, just disabled legacy usb and my keyboard no longer works for getting into the bios
<zkvvoob> jkitchen: I think I did, here http://paste.ubuntu.com/6501595/
<jkitchen> Xeronix: wat
<jkitchen> :(
<zkvvoob> jkitchen: but I don't see the actual message in my mailbox
<Xeronix> going to CMOS reset
<DRice7> hey guys - can anyone help me with my Xorg starting problem? Error found at bottom of: http://paste.ubuntu.com/6501600/
<jkitchen> zkvvoob: bounce says unknown user bz
<zkvvoob> jkitchen: that's insane, I'm logged in my webmail with that user
<zkvvoob> jkitchen: here, I just logged out and then back in
<jkitchen> zkvvoob: well, most webmail programs are just imap clients
<jkitchen> so your imap server and postfix are disagreeing
<zkvvoob> jkitchen: right, so what should I do then?
<jkitchen> are you doing some virtual users setup or something with postfix?
<jkitchen> (I'm assuming so since you have mysql involved)
<zkvvoob> jkitchen: maybe, I'm using ISPCOnfig, maybe it got confused with the postfix situation - should I remove the account and add it again?
<jkitchen> no
<jkitchen> postfix is probably just not looking at it
<jkitchen> I don't know what ISPConfig is though, is that some sort of third party panel thing?
<jkitchen> like cpanel or plesk or such
<zkvvoob> yes, like cPanel
<jkitchen> if so, you should probably contact their support
<jkitchen> oh, it's open source.
<jkitchen> hrm
<zkvvoob> so?
<jkitchen> well, maybe ask their irc channel then? :)
<blueking> hmm
<zkvvoob> :D
<zkvvoob> Well, thank you very much for your help jkitchen !
<jkitchen> I have never used ispconfig so I have no idea how it's configured
<jkitchen> no problem, good luck
<blueking> *sighs*
<blueking> debian  and ubuntu are built on same kernel ?
<jkitchen> blueking: all linux distros are by definition built off of the linux kernel
<blueking> jkitchen:  just wonder why I have reboot problem on debian and ubuntu  but not in opensuse
<jkitchen> the 'reboot' command isn't part of the kernel
<jkitchen> what problem are you having?
<DRice7> blueking, it has to do with the acpi drivers
<DRice7> apt-get install pastebinit
<DRice7> dmesg | pastebinit
<DRice7> check the ACPI messages
<blueking> jkitchen:  reboot, shutdown -r, init 6    all shuts down pc
<jkitchen> ahh, yes. that's probably ACPI thing.
 * jkitchen hands the baton to DRice7 
<blueking> ok
<blueking> DRice7:  what am I looking for ?
<blueking> DRice7:   have some acpi warning at line 858 - 864
<blueking> jkitchen:   what should I look for about acpi in dmesg ?
<blueking> hmm'
<blueking> edited grub  put in acpi=off   no change to reboot
#ubuntu-server 2013-12-01
<Xeronix> Sounds crazy to ask this in here, but has anyone ever had a problem with their graphics card fans being too close together (and thus contacting each other)
<_root_> any take on this http://forum.nginx.org/read.php?11,245107
<Hadron2> Greetings. :)
<Hadron2> Can anyone point me to some Docs on setting up an Ubuntu Server as a bidirectional email gateway? All I want it to do is block spam/virus/malware inbound and outbound. No POP3/IMAP/etc. Been scouring Google all afternoon. Found plenty of good docs for setting up a stand-alone server, but not really for an AV gateway.
<Hadron2> Most of the pre-built virtual appliances are entirely too expensive for my application/budget. Pretty much have to do it myself.
<pmatulis> Hadron2: sounds like postfix + amavisd-new + sundry spam checks
<Hadron2> pmatulis: That's what I'm thinking. I've done that numerous times for standalone servers. (+POP3/IMAP) Never done it as a relay/gateway. Looking for guides/HOWTOs on that. :)
<Hadron2> pmatulis: This time around there will be no local storage or accounts. (ActiveDirectory, storage on Exchange 2013)
<Hadron2> pmatulis: My client blew their budget on the Exchange Server + CALs. Were doing find until the spam started rolling in. Now they want AS/AV without dropping more $$$ for a subscription.
<pmatulis> Hadron2: if you've done it before you just need to *not* have pop3/imap (mail store).  it's less, so it should be easier.  only thing you need to do is forward the mail onward
<PryMar56> is it always true that mysqld is not under upstart? or is it optional?
<anepanaliptos> guys, email server, check out zimbra
<anepanaliptos> iv been using it since 2011
<anepanaliptos> the earlier versions suck, but 7.0+ is great. (still eeeeh on v8 though)
<anepanaliptos> needs 2gb ram and decent cpu.
<dkuhlman> Anyone have a minute for a n00b question?
<jpds> dkuhlman: Not unless we know what the question is.
<dkuhlman> I'm trying to configure a static IP address on a new ubuntu server.  I've edited /etc/network/interfaces and put in the IP, mask, broadcast, network, and DNS addresses.  When I try to restart networking I get the error "ifdown: couldn't read interfaces file..."
<jpds> dkuhlman: Then, you've misconfigured something.
<jpds> dkuhlman: Sounds like you're missing a gateway?
<jpds> Putting your interfaces file on pastebin.ubuntu.com would help.
<DRice7> hey guys, I'm having some trouble with an ASRock motherboard and ACPI - here are the results.log of fstw: http://paste.ubuntu.com/6502794/
<DRice7> any insight would be appreciated
<zkvvoob> Hello! I am having problems with my Ubuntu 12.10 server and Postfix, namely when someone tries to send an email to an already configured account, it doesn't arrive. Instead, the sender gets back a MAILER-DAEMON message saying the user does not exist.
<zkvvoob> Could someone please help me troubleshoot?
<Semor> how could I reload and link a .so file without restarting my process
<Semor> how could I reload and relink a .so file without restarting my process
<eagles0513875> hey guys
<eagles0513875> I have an issue on 12.04 with dovecot + postfix + mysql for virtual users and domains as i need a multiple domain setup
<eagles0513875> scratch that
<remix_tj> eagles0513875: what's the problem?
<eagles0513875> remix_tj: think i have got it solved
<eagles0513875> :)
<eagles0513875> thanks though remix_tj
<hadifarnoud> when I tar -zxvf myfile.tar.gz, I get errors like tar: Ignoring unknown extended header keyword `SCHILY.dev'
<hadifarnoud> It does extract though. not sure it does it completely
<stetho> Hi - can anyone tell me what I might be missing? If I type sudo do-release-upgrade ( or sudo do-release-upgrade -d) in to a 13.04 server, I get "No new release found" - is there something else I have to do to get to 13.10?
<ikonia> why are you using -d
<ikonia> stetho: why are you using -d ?
<andol> stetho: Any chance that /etc/update-manager/release-upgrades for some reason is configured to only prefer lts releases?
<stetho> ikonia: To see if it made a difference. No other reason.
<ikonia> it shouldn't be as it's 13.04
<ikonia> stetho: you're aware that pushes you to a development build though right ?
<andol> ikonia: Agree that it shouldn't be, but on the other hand stetho shouldn't have the failure he is having either :) Hence the long shot.
<stetho> ikonia: Yes - like I said, just testing.
<ikonia> stetho: thats fine, just checking, didn't want you to wreck a machine
<stetho>  /etc/update-manager/release-upgrades just contains what you would expect [DEFAULT] Prompt=normal
<blueking> add RARING  are command in linux ?
<blueking> http://ubuntuforums.org/showthread.php?t=2181190&p=12823425#post12823425
<TheLordOfTime> When installing LAMP via tasksel, how does one restart the PHP5 service for the LAMP stack, thereby refreshing the PHP plugins that are loaded?
<parallel21> My guess would be sudo service php5 restart
<bekks> TheLordOfTime: sudo service apache2 restart
<TheLordOfTime> bekks, they have to restart the entire apache setup>?
<TheLordOfTime> s/setup/instance/
<TheLordOfTime> sounds bloody inefficient to me
<bekks> TheLordOfTime: Yes.
<bekks> TheLordOfTime: PHP is loaded as an apache module.
<bekks> TheLordOfTime: If it is inefficient to you, patch it :)
<TheLordOfTime> parallel21, tried that, didn't work, I'm guessing because libapache2-mod-php5 and apache modules instead of a normal service like php5-fpm which listens separately from the web server
<TheLordOfTime> bekks, might as well just go yell at apache upstream then, if you have to restart the entire Apache instance just to reload PHP modules, you're doing it wrong
<parallel21> TheLordOfTime: I use nginx for most things web. I believe bekks answer is correct
<bekks> TheLordOfTime: Well, then patch it. Be aware to face heavy discussions. :)
<TheLordOfTime> apache probably does that so sysadmins dont' have to bother restarting multiple services, but it's bloody inefficient to stop then start apache just to reload PHP
<TheLordOfTime> parallel21, same here, +1 to you
<TheLordOfTime> bekks, i wouldn't touch the Apache packages with a three-thousand-mile-long pole.
<TheLordOfTime> they're worse than the PHP5 packages
<bekks> TheLordOfTime: Then live with them as they are.
<TheLordOfTime> bekks, i prefer nginx + php5-fpm thanks :P
<TheLordOfTime> i'm asking because i was curious
<TheLordOfTime> and because i was helping someone at askubuntu with this >.>
<bekks> TheLordOfTime: php5-fpm isnt an apache module. It is a standalone server. If you are using modules in you webserver, you have to restart the webserver.
<TheLordOfTime> bekks, i'm aware, i was however mentioning i was using nginx + php5-fpm because i don't have to restart the entire webserver just to refresh PHP
<TheLordOfTime> i'm well aware of how php5-fpm works, I've patched it a couple times
<TheLordOfTime> my point is that I believe having to restart the entire web server is inefficient just to refresh a PHP module.
<TheLordOfTime> urgh, trolling in another channel i watch...
<TheLordOfTime> (back in a bit)
<jrwren> ever heard of a graceful restart?
#ubuntu-server 2014-11-24
<sheptard> so I've got an issue where virt-manager fails to build VMs
<sheptard> http://pastebin.com/d05BdCWH
<sheptard> is the incredibly helpful error I get
<sheptard> O
<sheptard> I've tried both generic and linux for OS type, same result. Tried putting the datastore in different places, smae thing
<sheptard> and I'm not able to start a VM I made a while ago
<LinStatSDR> What error msg sheptard?
<lordievader> Good morning.
<hxm> i have a dedicated server in OVH which failed, i ran the rescue mode and fixed errors in hard disk, now i restart but still fail, how can i get the last message error of that system?
<BadApe> i was wondering why my /sbin/init process was running a 3-5% cpu usage all the time
<saban> hi. is there any way to mount multiple share path to same mount point? it will be read only
<BadApe> how can i have a server transmit it hostname for ipv6? using dhcp
<pmatulis> kirkland: howdy, what happened to http://ecryptfs.org/ ?
<BadApe> pmatulis: google?
<pmatulis> kirkland: looking for documentation.  use manpages.ubuntu.com ?
<pmatulis> BadApe: huh?
<BadApe> google doesn't say it has been shutdown?
<pmatulis> BadApe: i already know it is not working
<BadApe> i meant the reason
<pmatulis> BadApe: no, but i didn't spend an hour investigating.  i'm also asking kirkland directly, thanks for your concern
<BadApe> oh i got confused, i thought it was the other major encryption system that shutdown recently
<Kheeper> Hi felows, I have trouble to setup PPTP client on server can some help me?
<Kheeper> here is working setup on my tp-link http://paste.ubuntu.com/9216115/
<pmatulis> Kheeper: no idea but you really should not be using PPTP is you have a choice
<pmatulis> s/is/if
<Kheeper> why?
<pmatulis> Kheeper: it is not secure
<pmatulis> http://goo.gl/uSyA3o
<Kheeper> okie and what should I use I can talk to provider
<pmatulis> Kheeper: OpenVPN is secure and not too hard to set up
<kheeper_> pmatulis, Loki will try to talk them to it but could you help me first with pptp
<kheeper_> here is log http://paste.ubuntu.com/9216273/ but I have see the subnet mask is wrong
<pmatulis> kheeper_: like i said, i have no idea
<caribou> The following patch request packaging of pywbem 7.0.25 to gain CA certification verification : bug #1385469
<uvirtbot> Launchpad bug 1385469 in pywbem "pywbem library on Ubuntu doesn't support CA certificates" [Undecided,Triaged] https://launchpad.net/bugs/1385469
<caribou> I think that the title is misleading; it is verification of the certificate that is not present in 7.0.4
<caribou> would it be acceptable to only retrofit the verifictation needed in our 7.0.4 package ?
<caribou> I think that the upstream commit is rather self-contained
<BadApe> i really can't figure out what is using up all this cpu
<caribou> ok, turns out that the addition required and which is part of 7.0.25 is one single RPM patch that is mostly the commit that I identified
<med_> jamespage, zul, Are you guys going to drop OVS 2.3.0+git*** into UCA for Trusty by any chance?
<med_> And or a simple SRU back to Trusty for it? (That somehow seems less likely.)
 * med_ goes looking for bugs on OVS 2.3.0
<med_> we've already put 2.3.0 into our PPPA...
<med_> and have had it in production for a month.
<jamespage> med_, I think we'll ship it alongside kilo for 14.04
<jamespage> med_, I've only just got it into vivid :-)
<med_> nod.
 * med_ was reviewing open (C) support tickets a few moments ago and noticed it was in VVVV.
<jamespage> med_, tbh the timing was bad - that's the most recent upstream lts drop
<med_> nod, noted, known.
<med_> jamespage, thanks.
<jamespage> med_, but I've become quite good a cherry picking ovs fixes :-)
<jamespage> so 2.0.x will get some love
<med_> even better.
<med_> sadly, we never found the actual "fix" that made us so much better.
<med_> didn't have time to do a binary search.
<med_> (production openstack cloud was failing at the time)
<jamespage> med_, some of the newer security features in neutron are dependent on >= 2.1
<jamespage> med_, userspace daemon issues?
<jamespage> med_, there where some fixes for that in the lastest micro I did for 14.04
<jamespage> some of the multi-threading stuff introduced in 2.0 did some bad cross thread things
<jamespage> :-(
<med_> gotcha
<LeMike> hello. I do an "exec 1 > /var/log/foo.log" but in the shell it says "permission denied" . feels odd, isn't every script allowed to write a log file? only scripts run as sudo?
<sarnold> LeMike: try the "exec 1" all on its own
<sarnold> LeMike: as for the permissions, check ls -ld /var/log /var/log/foo.log  to see if you have permission to create files in /var/log or permissions to modify /var/log/foo.log
<LeMike> thanks sarnold . /var/log is og+x but i am not in the group. damn it :/ where do I put my log files? I don't like this - /var/log would be just right and other scripts might log there as well, so why not the custom ones?
<sarnold> LeMike: you could create a new directory in /var/log, say /var/log/foo/, and set the owner of that directory to the user account that will run the script
<LeMike> oh yeah, that is a solution sarnold . but it won't ever run as sudo on our servers to achieve this. so I guess I need another place for those logs :/
<lordievader> LeMike: In the solution of sarnold the owner of the folder can write logs there.
<sarnold> LeMike: another option is to use syslog to do the logging for you; check out logger(1), it's an easy scriptable interface
<LeMike> yee, logger puts it all to the syslog. I read the man but didn't figure out how this can write to /var/log . I just put it somewhere else if /var/log is not writable.
<sarnold> LeMike: you'd also need to configure /etc/rsyslog* to log your stuff to a different file.
<LeMike> sarnold: this rsyslog.d :D didn't know how complicated logging can go in my initial contact with it ^^ always just wrote bash-scripts down without thinking about it
<LeMike> thanks. helped a lot!
<sarnold> LeMike: the downside to syslog is that there's not that many "local" services available. :/
<zermanno> Hi, i have a hd with badsectors, smartctl has 1450 current pending sector. I have found howtos to force the reallocation of a single badsector. is there a way to reallocate all of them?
<qman> zermanno: no, not really, that's handled by the drive firmware
<zermanno> qman, form what i read the firmware reallocate at a write call
<zermanno> *from
<qman> If you have 1450 of them, the drive is probably junk
<genii> Yep.
<qman> You should never have more than a few at a time, the firmware should take care of it
<zermanno> qman, ok i know, so there is no way to force a reallocation on all of them?
<zermanno> ah ok
<zermanno> thanks, ill change the hd
<ruben23> hi guys i plugin a 2 Terabyte HDD on my existing ubuntu server how do i check it and somehow add to my existing full HDD on the server any idea.>?
<RoyK> ruben23: want to add the storage of a usb drive to your current storage?
<ruben23> RoyK: no i added a new HDD to my curent storage
<ruben23> how do i set this up to increase my current storage, coz my curernt storage is already ful
<RoyK> ruben23: using lvm?
<RoyK> ruben23: or raid?
<ruben23> using lvm
<RoyK> pvcreate /dev/whatever
<RoyK> vgexpand
<ruben23> but first how do i check if teh 2 terbyte HDD is detected by the server..?
<RoyK> vgextend perhaps
<RoyK> cat /proc/partitions
<RoyK> ruben23: did you find it?
<ruben23> http://pastebin.com/eFLdB1QN
<RoyK> no 2TB drive there
<RoyK> what does dmesg have to say?
<FilthyMacNasty> I have an interesting question about openvpn if any of you are well acquainted
<ruben23> RoyK:  still there..?
<ruben23> hi guys i plugin a 2 Terabyte HDD on my existing ubuntu server how do i check it and somehow add to my existing full HDD on the server any idea.>?
<FilthyMacNasty> I have a question about openvpn and where your attached vpn computer resides in the network
#ubuntu-server 2014-11-25
<aurorauser> anyone have experience with mdadm arrays?
<aurorauser> mdadm, anyone?
<neurotus> is there a package for cgi:irc in 14.04 ?
<neurotus> there is one in 10.04 but in 14.04 ?
<neurotus> or an alternative ?
<sheptard> I approve
<soren> Yeah, that was getting old.
<jonascj> Hi all. I have rented a server with hetzner.de and after installation of Ubuntu Server 14.04 the system have a single user 'root' which I can log into. What would the recommended action be at this point, to get to a system where I don't use the root account?
<jonascj> Should I just add another user and setup sudo (maybe it already is), and disable the root account?
<jonascj> And how should I disable the root-account, remove the password or "PermitRootLogin no" in the ssh-config?
<lordievader> Good morning.
<RoyK> DanaM: probably quite a few here that knows mdadm ;)
<peetaur2> Hi. Why do I have these strange ntp servers that don't appear in my ntp.conf? https://bpaste.net/show/6f9ef78b6616
<ihre> Hello, what happens when an application sends a a line bigger than 1024 characters syslog?
<peetaur2> and missing the 2nd and 3rd ntp server I have from conf. the list there should be ntp, ntp3, localhost
<peetaur2> oh nevermind...found it. there was some file here:  /var/lib/ntp/ntp.conf.dhcp
<peetaur2> how do I tell it to install without removing the other stuff? https://bpaste.net/show/f04a392fc245  (like with rpm --force --nodeps)
<peetaur2> I guess this worked:    apt-get -d install rsyslog ; dpkg --force-depends-version -i /var/cache/apt/archives/rsyslog_7.4.4-1ubuntu2.3_amd64.deb
<peetaur2> but not sure if it will survive updates ;)
<zul> jamespage:  any objections to update alembic?
<MacroMan> I have read advice saying it's best to turn off DNS recursion in Bind9.
<MacroMan> I only use Bind9 for locally hosted websites. Is it safe to turn off recursion?
<maswan> MacroMan: It is best to separate authorative and recursive nameservers, so that the same bind/whatever doesn't do both.
<MacroMan> I'll be honest, that's gone over my head
<maswan> using it "for locally hosted websites" doesn't say which kind of use
<MacroMan> I use my servers IP addresses in my nameserver settings on my domains, so I think I use it authoritively
<maswan> The IPs in /etc/resolv.conf or equivalent is "recursive"/"resolving" use
<maswan> Authorative is when you configure it to answer questions to the whole world for a particular dns zone/domain
<MacroMan> Then I use it Authoritvely
<jamespage> zul, nope
<peetaur2> sigh.... my solution before to the rsyslog issue wasn't so good. Unlike what I said with zypper/rpm, it results in stupid errors so you can't install anything else normally afterwards: https://bpaste.net/show/7ea74828b41e
<ogra_> well, package maintainers dont add versioned dependencies just for fun (they are not fun to maintain at all)
<dpes> hi all
<dpes> how to disable apparmor
<dpes> ?
<dpes> i'm still getting apparmor module is loaded. after stop
<ogra_> you edit your kernel cmdline
<dpes> on 14.04
<dpes> without restart...
<jdstrand> dpes: boot with apparmor=0. that said if you are trying to workaround policy bugs with Ubuntu-shipped policy, I would advise reporting the bugs at: https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug
<dpes> jdstrand: could You confirm that then there is no >ZERO< loaded profiles in apparmor
<dpes> then it don't interfer in os?
<dpes> after teardown
<jdstrand> dpes: if you boot with apparmor=0, apparmor will be disabled
<dpes> i cannot boot this machine
<jdstrand> dpes: with teardown, you can see if anything is loaded with 'sudo aa-status'
<dpes> apparmor module is loaded
<jdstrand> dbck: you will always get that the apparmor module is loaded if you aren't booting with apparmor=0
<dpes> and everywhare 0
<dpes> 0 profiles *
<jdstrand> the module is loaded in the kernel
<jdstrand> but if no profiles are loaded in the kernel, the module will not do anything
<dpes> ok i get it
<dpes> so it won't be apparmor issue
<jdstrand> you can also watch /var/log/syslog for apparmor DENIALs
<jdstrand> err
<jdstrand> DENIED messages
<jdstrand> I use this when try to see if apparmor needs to be adjusted: tail -f /var/log/syslog | grep DEN
<dpes> thx
<jdstrand> np
<jamespage> jdstrand, do you have a revised set of apparmor patches for docker/libcontainer?  just looking at the merge for vivid - the current patch applies OK - but I see some chat upstream :-)
<Daviey> jamespage / jdstrand: Are you tracking CVE-2014-6407 ?
<uvirtbot> Daviey: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6407)
<jdstrand> jamespage: not yet, on my todo
<Daviey> Ah, doesn't look like it impacts the ubuntu version.
<jdstrand> we also have hardlink and symlink protections via yama
<jamespage> Daviey, yes I am
<TechIsCool> Got a question about services. In windows a service can be assigned a user account. How can I check if services are attached to a user account in ubuntu? I am trying to remove a old user account but want to confirm I will not break anything by removing the account
<jamespage> jdstrand, 1.3.2 is testing OK with the current patch from 1.2.0; I'll upload that as a merge and we can take if from there
<jdstrand> jamespage: yeah, that should work fine. the upstream stuff is for running a new docker with old apparmor userspace
<jamespage> jdstrand, ack
#ubuntu-server 2014-11-26
<FcukYou> ffasdf
<igoryonya> hello, I have some sshfs file systems, configured in fstab, they don't always connect automatically after the system boots up and I have to do mount -a. Is there a way to fix that behaviour and make sure that they get connected every time.
<amjjawad> Hi, I became an Ubuntu Member a week ago and while I was trying to configure my @ubuntu.com to work with my gmail, I couldn't do that and this page: https://wiki.ubuntu.com/UbuntuEmail#Sending_email_from_GMail_with_your_Ubuntu_address is very unhelpful and I did contact rt@ubuntu.com and lamont suggested to contact you
<amjjawad> My launchpad is: https://launchpad.net/~amjjawad
<lordievader> Good morning.
<VD|2> Hello
<lordievader> o/
<VDSecond> o/o
<VDSecond> how can I change the nick when nick tis emporarily unavaliable?
<VDSecond> strange
<YamakasY> whay do I miss on my mirror comparing to the following 404's ? or is my sources on my servers just too large ? http://pastebin.com/kMPf6Khh
<lordievader> YamakasY: Your 'http://mirror.domain.local' cannot be resolved I guess.
<lordievader> Or at least "http://mirror.domain.local/ubuntu/dists/trusty" is not found.
<YamakasY> lordievader: yes only those are not found, they are not on the mirror I guess
<lordievader> YamakasY: Does mirror.domain.local resolv for you?
<YamakasY> lordievader: yes the mirror works perfectly, I just don't like these :D
<lordievader> YamakasY: Ok, what happens when you go there with your webbrowser?
<YamakasY> lordievader: forbidden
<lordievader> YamakasY: There you go ;) wonder why it throws a 404.
<YamakasY> lordievader: it shouldn'tshoud it ?
<lordievader> YamakasY: No it should be accesible.
<YamakasY> lordievader: strange thing is, it's just a default mirror setup
<lordievader> YamakasY: Apache?
<YamakasY> lordievader: yap
<lordievader> YamakasY: Then check the directory config why it is not allowing access.
<YamakasY> does it only a check for that ?
<YamakasY> I mean
<YamakasY> directory list will be off I think
<lordievader> YamakasY: Read your apache configuration ;)
<YamakasY> ye syes
<YamakasY> but does ubuntu do a check on 404's ?
<YamakasY> I mean when visiting a repo ?
<lordievader> YamakasY: No, it tries to get the info, info is not found (404). Apt throws 404...
<YamakasY> lordievader: this is what I get: [Wed Nov 26 11:32:37.368605 2014] [autoindex:error] [pid 6327:tid 140045914658560] [client 172.16.24.110:5380] AH01276: Cannot serve directory /var/www/ubuntu/dists/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
<YamakasY> what kind of index does apt need ?
<lordievader> None, but clearly your mirror is broken.
<YamakasY> mhh files are there
<YamakasY> installs go right
<YamakasY> so
<amjjawad> Hi, I became an Ubuntu Member a week ago and while I was trying to configure my @ubuntu.com to work with my gmail, I couldn't do that and this page: https://wiki.ubuntu.com/UbuntuEmail#Sending_email_from_GMail_with_your_Ubuntu_address is very unhelpful and I did contact rt@ubuntu.com and lamont suggested to contact you
<amjjawad> <amjjawad> My launchpad is: https://launchpad.net/~amjjawad
<DonRichie> Hi, can somebody give me some /etc/network/interfaces examples how to configure ipv6 on ubuntu-server? Awesome would be: one example for stateless autoconfiguration, one for stateless autconfiguration with router advertising, one with dhcpv6 and one with static ipv6 configuration
<DonRichie> I am talking about the client side network configuration
<zul> jamespage: erm....ok...why would python-taskflow install the test-/requirements.txt file...wird
<mribeirodantas> I have a 10.04.3 installation and I need to set up a Python/Django project in it. I can't reinstall the system since lots of other projects are running, so I basically wanted pip and virtualenv to have a safe place to work with news versions
<mribeirodantas> but pip and virtualenv are in very old versions. What's the best approach? Compiling manually pip/virtualenv and doing the rest within a virtual environment?
<Pici> mribeirodantas: Personally, I'd forgo the ubuntu packaged versions of those, and install pip from the get-pip.py that pip itself distributes.
<mribeirodantas> how about python3?
<peetaur2> mribeirodantas: you could use a chroot
<mribeirodantas> Wait, I think the packaged version of python3 is not that old.
<mribeirodantas> it may work.
<Pici> mribeirodantas: I'd look at the deadsnakes ppa for that.
<Pici> If what lucid provides is too old, that is.
<mribeirodantas> thank you.
<sander^work> whats the procedure to upgrade mysql in a live system?
<sander^work> is it adviced to stop mysql?
<sander^work> or will apt-get take care of that gracefully?
<jrwren> sander^work: great question. I would have hoped for an upgrade section in https://help.ubuntu.com/14.04/serverguide/mysql.html
<ChrisP1948> Scott - here is output of debdiff clamav_0.98.5+dfsg.dsc clamav_0.98.5+dfsg-1~ubuntu14.04.1~ppa1.dsc | less
<ChrisP1948> dpkg-source: error: cannot fstat file /home/chris/clamav_0.98.5+dfsg-1.debian.tar.xz: No such file or directory
<ChrisP1948> Use of uninitialized value $from in stat at /usr/share/perl/5.18/File/Copy.pm line 278.
<ChrisP1948> Use of uninitialized value $from in string eq at /usr/share/perl/5.18/File/Copy.pm line 102.
<ChrisP1948> Use of uninitialized value $from in -d at /usr/share/perl/5.18/File/Copy.pm line 134.
<ChrisP1948> Use of uninitialized value $_[0] in substitution (s///) at /usr/share/perl/5.18/File/Basename.pm line 341.
<ChrisP1948> fileparse(): need a valid pathname at /usr/share/perl/5.18/File/Copy.pm line 89.
<ChrisP1948> There is no /home/chris/clamav_0.98.5+dfsg-1.debian.tar.xz:
<ChrisP1948> I have clamav_0.98.5+dfsg.debian.tar.xz and clamav_0.98.5+dfsg.orig.tar.xz
<ScottK> ChrisP1948: Hello.
<ScottK> ChrisP1948: Try doing "pull-lp-source clamav" and then "debdiff  clamav_0.98.5+dfsg-1.dsc clamav_0.98.5+dfsg-1~ubuntu14.04.1~ppa1.dsc | less"
<pleia2> hi there, working with crinkle here, wondering how to get new openstack components included in the UCA
<pleia2> specifically looking at python-openstackclient
<sarnold> hey pleia2, first guess, ask bigjools and/or Odd_Bloke
<pleia2> sarnold: cool, thanks
<ScottK> ChrisP1948: Looks like the Ubuntu security team has beat us to the punch: https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-November/002741.html
<YamakasY> guys I get these errors on my internal mirror: http://pastebin.com/Yc83vUKz
<YamakasY> do I need them or not ?
<YamakasY> any idea guys ?
<ScottK> ChrisP1948: An update for lucid is still needed, so once we get through the basics, we can work on that.
<sarnold> YamakasY: probably fine
<YamakasY> sarnold: what do you mean by that ?
<sarnold> YamakasY: apt-get source won't work but you are probably still getting the amd64 lists, right? not many people have i386-only systems any more...
<YamakasY> sarnold: the issue is I get this because of my local mirror, which doesn't contain them... which I think it strange as they are not in my sources.list also
<YamakasY> sarnold: I know :)
<YamakasY> sarnold: so how to fix ?
<YamakasY> is my sources.list bad or something else wrong in apt ?
<sarnold> YamakasY: sorry, no, I'm content with local caching rather than mirrors...
<YamakasY> sarnold: yes I can enable caching too.. but how does caching work, they the packages exist forevery ?
<YamakasY> forever
<sarnold> YamakasY: I suspect squid cleans them up periodically, I've never looked...
<YamakasY> sarnold: ah ok, I cannot have that :(
<sarnold> YamakasY: ... hmm, I see some things in my squid cache that's nearly a year old. I've only been using it for a year, so it may not clean things up...
<YamakasY> sarnold: here, check this, same error: http://ubuntuforums.org/archive/index.php/t-2220757.html
<sarnold> YamakasY: you could try changing your deb lines to deb [arch=amd64] as described here, see if that helps: https://wiki.debian.org/Multiarch/HOWTO
<YamakasY> sarnold: mhh, let me check my puppet manifests
<YamakasY> mhh unclear such things
<YamakasY> bad documented
<YamakasY> sarnold: why would it grab those sources ?
<sarnold> YamakasY: don't know, sorry
<YamakasY> ok
<YamakasY> thanks
<ChrisP1948> Sounds good Scott, sorry, after lunch I just crash out for about 2hrs every day. VA trying to figure out why.
<ChrisP1948> Here's the output - dpkg-source: warning: extracting unsigned source package (/home/chris/clamav_0.98.5+dfsg-1~ubuntu14.04.1~ppa1.dsc)
<ChrisP1948> diff -Nru clamav-0.98.5+dfsg/debian/changelog clamav-0.98.5+dfsg/debian/changelog
<ChrisP1948> --- clamav-0.98.5+dfsg/debian/changelog 2014-11-20 00:02:46.000000000 -0600
<ChrisP1948> +++ clamav-0.98.5+dfsg/debian/changelog 2014-11-25 20:05:53.000000000 -0600
<ChrisP1948> @@ -1,3 +1,9 @@
<ChrisP1948> +clamav (0.98.5+dfsg-1~ubuntu14.04.1~ppa1) Trusty; urgency=medium
<ChrisP1948> +
<ChrisP1948> +  * No changes, update for Trusty
<ChrisP1948> +
<ChrisP1948> + -- Chris <cpollock@embarqmail.com>  Tue, 25 Nov 2014 20:05:07 -0600
<RoyK> !pastebin
<ChrisP1948> +
<ChrisP1948>  clamav (0.98.5+dfsg-1) unstable; urgency=medium
<bitfury_> clamav
<teward> ChrisP1948: use a pastebin please - paste.ubuntu.com for instance
<teward> also...
 * teward points at ~ppa1 and says "um, what"
<Malinux> pastebinit is a nice cli program that can pastebin things directly like
<Malinux> cat <sometihing> | pastebinit
<teward> true, but if he copypasted it already... :P
<Malinux> well :)
<Malinux> I thinked maybe next time :)
<sarnold> everyone learns about pastebinit somewhere :) it's fantastic..
<Malinux> sarnold: yes... I have paste things into a channel more than once..... :$
<ChrisP1948> Oops, sorry, will do that from now on
<teward> Malinux: so have I, but now I just throw things into my own pastebin XD\
<teward> anyways, i digress
<Malinux> teward:  :)
<ScottK> ChrisP1948: That's exactly what you would want.
<ScottK> teward: We're working in a PPA for now, so that's correct.
<teward> ScottK: ahhh, I see, I missed that
 * teward kicks his ZNC for having packet loss
<ChrisP1948> Ok Scott, I'm going to remove all these builds and so forth again and start over
<ScottK> ChrisP1948: Before you do, how about trying to upload this to the PPA?
<ChrisP1948> Sure, I can do that, let me look at your last email for the instructions
<hxm> hello, what kind of backup system do you use?
<hxm> rsync?
<ChrisP1948> Upload and signing successful http://pastebin.com/K3Wz59ux
<sarnold> hxm: I use rsnapshot
<ScottK> ChrisP1948: I don't see your gpg key associated with your LP account: https://launchpad.net/~cpollock
<hxm> sarnold: thanks
<ScottK> That looks like a correct upload, but if LP doesn't know your key, it'll silently discard it.
<ChrisP1948> It was signed - http://pastebin.com/GhiNbpJC I've sent my key to the Ubuntu keyserver multiple times what else do I need to do?
<ChrisP1948> I just resubmitted it to Launchpad will see if I get the email, which if I remember I never have.
<ScottK> Adding it to the keyserver is half the battle.
<ScottK> ChrisP1948: If you go to https://launchpad.net/~cpollock you should see a part of the page that says opengpg keys with an icon to click on.
<ScottK> That'll start the process of adding the key to your account.
<ChrisP1948> Yep, just did that again for about the 5th time. Put the fingerprint in now it says to wait for an email which I've never gotten in all my attempts
<ScottK> I'd check that your email address in the account is correct.
<ChrisP1948> email address is correct
<ScottK> OK.  I assume you've checked the spam folder, etc.
<ScottK> How about if you join #launchpad and we'll see if we can get that sorted.
<ChrisP1948> Will do scott
<ChrisP1948> I'm there Scott
<ChrisP1948> Scott, all is good with the key now
<ScottK> Great.
<ScottK> Now you can try that upload again.
<ChrisP1948> Will do
<ScottK> You will get an error that says you need to force it due to it having been uploaded already.
<ScottK> That's fine, just either force it or delete the .upload file.
<ChrisP1948> Done - used the -f parameter, see what it looks like now
<ScottK> I see the key in your profile new.
<ScottK> Don't see the package yet, but it can take a few minutes.
<ScottK> ChrisP1948: Check your inbox.
<ScottK> Ah.  Trusty/trusty.
<ScottK> ChrisP1948: I need to go soon, but you can fix that and re-upload.
<ScottK> Have a happy Thanksgiving.
<ChrisP1948> Great who knew it was syntax - will fix and reupload. You and your family have a great Thanksgiving also Scott. Will talk to ya later
#ubuntu-server 2014-11-27
<hallyn> zul: smb: would one of you mind pushing the patchset for bug 1396070?  looks straightforward enough
<uvirtbot> Launchpad bug 1396070 in libvirt "Libvirt patches for launching VMs with 'ppc64le' architecture." [High,Confirmed] https://launchpad.net/bugs/1396070
<Opswatch> Got a question anyone know any instructions on how to upload a windows image into Ubuntu maas on 14.10? I cant find any
<Opswatch> Anyone?
<LinStatSDR> Anyone having issues with MaaS region importing from the Ubuntu main archive ?
<smb> hallyn, can have a look. assuming vivid (not that you would be expected to be around to answer as you likely have to struggle with a huge bird)
<eto> hello
<eto> anybody friendly enought to explain to me question 2 or 3 about packages?
<lordievader> eto: Fire away ;)
<eto> lordievader: we have several machines with external admins running ubuntu
<eto> lordievader: on my oses i am using this thing https://launchpad.net/~cpick/+archive/ubuntu/pam-ssh-agent-auth <- which is provided by my os packaging
<eto> lordievader: but it seesms that one is not in base in ubuntu right?
<eto> lordievader: will my external admins trust that thing?
<lordievader> !info pam-ssh-agent-auth
<ubottu> Package pam-ssh-agent-auth does not exist in utopic
<lordievader> eto: Depends on the admin, but likely not. Random ppa's are allways a bit sketchy ;)
<eto> lordievader: okay what i my other options?
<lordievader> !info libpam-ssh
<ubottu> libpam-ssh (source: libpam-ssh): Authenticate using SSH keys. In component universe, is optional. Version 2.01-1 (utopic), package size 49 kB, installed size 180 kB
<lordievader> !info ssh-agent
<ubottu> Package ssh-agent does not exist in utopic
<eto> lordievader: ssh-agent is part of base ssh install
<lordievader> eto: Jup just made that conclusion ;)
<eto> lordievader: also i am using libpam-ssh but only personal machines - it's solving completely different problem though
<lordievader> Ain't that an option?
<lordievader> Ah, then I misunderstand the problem I think...
<eto> lordievader: libpam-ssh is used to login interactively into machine using you ssh key password (instead of one in password databse) - if you have correct password, it will auth you for login and it can load key into ssh agent right away
<eto> lordievader: so as lon you are logged you already have your key in session
<eto> lordievader: pam-ssh-agent-auth does other thing though. when you are logged remotely through ssh, and you forward your local agent, you can instruct sudo, su and other programs to auth you based on key loaded into ssh agent
<lordievader> Ah, interesting.
<eto> lordievader: so i guess it's not used by ubuntu admins?
<lordievader> !info libpam-sshauth
<ubottu> libpam-sshauth (source: libpam-sshauth): authenticate using an SSH server. In component universe, is extra. Version 0.3.1-1 (utopic), package size 16 kB, installed size 81 kB
<lordievader> Would it be ^
<eto> lordievader: ty gonna research that!
<eto> lordievader: great find but this seem to be actually exact oposite - it auths your local machine against remote one
<eto> lordievader: :) pam-ssh-agent-auth works exactly other way - remote server auths you through your local agent
<lordievader> Hrmm, furthermore nothing shows up when I search for "pam ssh"... :(
<eto> lordievader: may i know where are you searching besides bot?
<lordievader> eto: apt-cache search ;)
<eto> lordievader: ty
<adsc> I have two webservers that need to be configured so that if the first one goes down, the second one can take over...I thought about using mysql server replication and DRBD for synchronising file uploads, any thoughts about that?
<adsc> so basically, both servers would run the full LAMP stack and be self-contained systems
<adsc> I know the usual approach is to seperate DB and Storage into own dedicated redundant systems, but I can only have two servers
<zul> hallyn:  sure wil do it this morning
<soren> I have a server behind a firewall. It can't connect to an smtp server. I think sbuild pulled in nullmailer. I've now removed nullmailer, but I keep getting THOUSANDS of log entries from it.
<soren> ...and I can't work out where they're coming from.
<soren> The entries all look like this:
<soren> Nov 27 12:15:16 uc1 nullmailer[52289]: message repeated 116 times: [ smtp: Failed: Connect failed]
<soren> (with a varying number of repeats)
<soren> The pid grows rapidly.
<soren> I've not been able to identify what sends these messages.
<soren> The pids are in the range of what new processes are assigned, so these aren't lingering messages. They
<soren> 're fresh.
<soren> Any idea on how to find the culprit?
<jpds> soren: ps auxf and see who the parent is?
<jpds> adsc: Seen percona?
<soren> jpds: There's NO TRACE of them in the process table.
<soren> Oh.
<soren> Now it stopped.
<soren> All of a sudden.
<jpds> soren: Hmm.
<kevindf> I'm running a OpenVPN server on my Ubuntu 14.04 server and i'm able to connect to the VPN without any problem but when my ufw firewall with iptables is enabled on my server I have no internet connection, when I disable the firewall I have a internet connection without any problems. I've tried analyze the kern.log to see the UFW blocks but I noticed that it's blocking loads of attempts all on different ports. Anyone that has expe
<kevindf> I will put the kern.log on pastebin
<kevindf> http://pastebin.com/jCY0ruMH
<lordievader> Your dns is likely broken when you enable your firewall.
<lordievader> UDP port 53 ;)
<kevindf> I have port 53 UDP allowed from anywhere in my iptables rules
<zul> hallyn/smb: done
<smb> zul, fuck
<lordievader> kevindf: It is being blocked though.
<smb> zul, Would be nice if you checked whether someone else has put himself as assign in the bug
<kevindf> I'll do a double check for the iptables, thanks
<zul> smb: sorry
<bananapie> I can't seem to find the option in dnsmasq that let's me specify for which IPs DNSMASQ will do recursive queries. can someone point me in the right direction?
<kevindf> lordievader: I've checked my Iptables rules and i've got these configured: " -A INPUT -p udp -m udp --dport 53 -j ACCEPT"     "-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT"             "-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT"   yet it's still blocking port 53
<lordievader> kevindf: "iptables -I FORWARD 1 -i tun+ -o eth0  -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT" Assuming here you have a rule allowing RELATED & ESTABLISHED.
<kevindf> I got "iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" will try out the rule
<kevindf> thanks
<lordievader> kevindf: Could you pastebin the output of "iptables -vnL --line-numbers"?
<lordievader> Also, conntrack != state: http://unix.stackexchange.com/questions/108169/what-is-the-difference-between-m-conntrack-ctstate-and-m-state-state
<kevindf> lordievader: http://pastebin.com/kxR0ncb3
 * lordievader stupid ufw...
<kevindf> :)
<lordievader> kevindf: iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISED,RELATED -j ACCEPT
<kevindf> iptables v1.4.21: Bad ctstate "ESTABLISED,RELATED" is the output i get
<lordievader> kevindf: iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
<kevindf> that worked
<lordievader> kevindf: Does nslookup still timeout?
<kevindf> Will try it out now
<kevindf> Still doesn't work unfortantly
<lordievader> kevindf: "tail /var/log/syslog|grep 53" does that give output?
<kevindf> Yes
<lordievader> kevindf: Please pastebin it.
<kevindf> http://pastebin.com/bSdA0fXt
<lordievader> DNS should be fine...
<kevindf> I will try to connect again when i'm at home, as i'm on a private network here that might be blocking something too
<kevindf> Thanks for the help again
<lordievader> kevindf: No problem ;)
<kevindf> Have a nice day futher, bye :)
<j-horowitz> hey all, if Im trying to install ubuntu server using RAID 1, Im having some difficulty getting to boot
<j-horowitz> Im currently using the onboard RAID that came with my motherboard
<j-horowitz> should I scrap that and use the RAID setup that comes with Ubuntu?
<j-horowitz> f
<j-horowitz> i.e. is it better to have the RAID setup through my motherboard or through the software that comes with Ubuntu?
<pmatulis> j-horowitz: yes, scrap the m/b (fakeraid) stuff
<j-horowitz> pmatulis: ok why is that the better option? and also isn't using the ubuntu raid software also considered a "fakeraid"?
<pmatulis> j-horowitz: fakeraid is stupid
<j-horowitz> hah
<j-horowitz> well I just want it to serve the purpose.. have 2 disks in raid 1
<j-horowitz> will the ubuntu raid software accomplish that all the same?
<pmatulis> j-horowitz: enter the bios, remove the raid array, and the disable the raid feature
<pmatulis> j-horowitz: when you install the server you can configure raid
<Noskcaj> zul, Could you please bump the epoch of python-novaclient to be equal with debian (2)?
<zul> Noskcaj:  why?
<Noskcaj> tuskar-ui (and probably other packages) have versioned deps on novaclient
<Noskcaj> Or would it be better to patch the deps
<zul> Noskcaj: patch the deps
<Noskcaj> ok
<Vladimirski> How do I open a new screen tab ?
<Vladimirski> not a whole new session of screen, but just another tab
<sheptard> ^A-c
<sheptard> er
<sheptard> ^a-c
<Vladimirski> thanks guys
<Vladimirski> thanks sheptard
<Vladimirski> :D
<Vladimirski> alot
#ubuntu-server 2014-11-28
<jgornick> Hey guys, if I clear out my udev 70-persistent-net.rules file and reboot the computer, why isn't the file being automatically repopulated with my devices?
<pmatulis> jgornick: i think that was a trick only for older releases.  not 100% on that
<t3flon> happy tgivings.  I'm having an issue where on reboot my machine does not automatically connect to the network interface.  Ubuntu server 14.04.1, connection is managed by networkmanager (managed=true)
<t3flon> anyone have experience getting this to work?
<t3flon> I just need to make one click and it connects
<t3flon> but it would be a life-saver to not have to make the one click
<ozysimpson> I am trying to configure vnc for a user on my box everytime i run vncserver command a user it uses different port 5901, 5902, 5903 and so on how can i stop it from happening and force it to use port 5901 as default port? the issue being i have change my firewall rules everytime ?
<Cloudman> heads up, cheap servers, great for test stuff http://www.online.net/en/dedicated-server/dedibox-kidechire 1.99 euro lol, get em why they last :) be gone in an hr or so I bet
<bigbrovar> .
<pmatulis> ,
<ogra_> ;
<jpds> :
<hariom> Hi, I have setup an aws vm and running nginx. It is running fine. But when I access that server from my laptop, it gives me this error: http: error: ConnectionError: ('Connection aborted.', gaierror(-2, 'Name or service not known'))
<hariom> This error comes irrespective of http or https
<hariom> Can anybody guide me why this error comes when I try to connect my remote vm from my PC: ConnectionError: ('Connection aborted.', gaierror(-2, 'Name or service not known'))
<pmatulis> hariom: what is the URL you are trying to reach?
<hariom> pmatulis: Looks like that issue got fixed automatically. I have surpise but I just restarted server and it disappeared.
<hariom> I am trying to setup stunnel4. It was working fine yesterday but today when I start, it says that starting but I don't see it in 'ps -e' list
<hariom> Is there anyway to test if stunnel4 is working fine?
<hariom> or is it possible to run in foreground and see whats is going on
<pmatulis> hariom: start by looking at the man page and then upstream documentation
<hariom> pmatulis: its very confusing. I see stunnel, stunnel3, stunnel4
<hariom> I have just installed stunnel4
<hariom> pmatulis: it is working fine. I found the mistake I was doing in syslog file
<pmatulis> hariom: good work
<tom[]> what command(s) could i use to discover the dependency that ended up putting apache2 http service on my machines, enabling and starting it?
<adsc> i have the following packages which have been kept back: linux-generic linux-headers-generic linux-image-generic
<adsc> now it seems everyone recommends to do a dist-upgrade to install them
<tom[]> adsc: i apt-get install them
<adsc> but I don't really want to upgrade to 14.10
<adsc> tom[]: yeah, i've seen that, but it seems to have the side effect that apt marks them as user-installed, and hence they won't be able to be removed by autoremove in the future
<tom[]> will that be a problem?
<adsc> well...
<adsc> what are they, anyway? The kernels of the 14.10 distribution?
<adsc> do I really need them?
<tom[]> http://packages.ubuntu.com/trusty/linux-generic
<tom[]> i like to keep the kernel updated
<adsc> i'll try a pretend and see what it does
<adsc> hmmm
<adsc> tom[]: do you then explicitly remove old kernel packages, too?
<tom[]> no
<tom[]> i'm of the mind, the less i touch, the less damage i do
 * tom[] the worlds worst sysop
<hariom> How to change source repository? I am connected to in.archive.ubuntu.com but it seems to be very slow.
<hariom> How to chage the ubuntu server repository mirror? On my server, the current mirror is very slow
<hariom> Change the country code example in to sg will work?
<adsc> it's worth a try
<Patrickdk> I just run a local repo
<Patrickdk> but then, I have more than one system using it
<hallyn> zul: muchas gracias
<Plizzo> Hi! I recently upgraded my server from Ubuntu Server 11.10 to 13.10, and ever since my system totally freezes every few days. All tasks hog, it doesnât respond to SSH and the LCD panel on the front even has time frozen. Any ideas what could causing this? Iâve check dmesg, syslog and kernlog without any traces. Please help me!
<lordievader> Plizzo: 13.10 is EOL, please update to 14.04 or 14.10.
<sarnold> Plizzo: please note that 13.10 hasn't received any updates for four months. Please consider upgrading to 14.04 LTS, which will be supported until 2019.
<Plizzo> lordievader: How would I go about updating to 14.04 or 14.10? A release upgrade made it into 13.10
<sarnold> another do-release-upgrade  ought to do it
<lordievader> !eolupgrade
<ubottu> End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<Plizzo> sarnold: Alright, Iâll give that a shot and hope it also resolves the issues
<Plizzo> lordievader: That page doesnât show 13.10
<Plizzo> lordievader: Do I still need to add the old-releases into my /etc/apt/sources.list?
<lordievader> Plizzo: Which page are you reffering to?
<Plizzo> https://help.ubuntu.com/community/EOLUpgrades
<sarnold> probably you don't need to worry about old-releases just yet
<Plizzo> Iâll just try do-release-upgrade then?
<sarnold> yeah
<Plizzo> Thanks, Iâll hook up physically with a keyboard to do that, nothing I want to do over SSH :P
<sarnold> :)
<Plizzo> sarnold: Upgrading as we speak
<Plizzo> sarnold: Worked like a charm, hoping that this also fixes the freezing..
<sarnold> Plizzo: I hope so too :) good luck
<Plizzo> sarnold, lordievader: Thanks to you both!
<lordievader> Plizzo: Hope it does :)
<rtyuio> hello there anyone tried nomachine
<rtyuio> 4 on windows and ubuntu as guest ?
<rtyuio> anyone there ?
<rtyuio> hello there ?
<guntbert> rtyuio: NX in a server? what for?
<rtyuio> i got this error : http://paste.ubuntu.com/9288488/
<rtyuio> i installed freenx
<guntbert> rtyuio: what has that to do with Ubuntu *Server*?
<rtyuio> is the error is explicit ?
<guntbert> rtyuio: how is "running/accessing NX" server related? You already asked in Ubuntu.
<rtyuio> so what ?
<guntbert> don't crosspost and don't ask for non server things here
<rtyuio> ok keepquite
<rtyuio> then
<rtyuio> thanks for listening
<Webdevb> Hey everyone, can anyone help with mysql errors?
<teward> Webdevb: depends on the errors
<Webdevb> think it just ran out of memory really teward
<Webdevb> http://paste.ubuntu.com/9289667/
<sarnold> can't allocate 128M? ouch
<Webdevb> sarnold, what do you mean?
<sarnold> Webdevb: 128M is so .. small .. in the grand scheme of things today
<sarnold> Webdevb: do you have any errors in dmesg?
<Webdevb> sarnold, how do I find this... sorry I'm not the best.
<sarnold> Webdevb: dmesg | tail -30
<teward> sarnold: unless this is a really really small VPS or something... in which case 128M might be the max ram on the system.
<Webdevb> sarnold, teward: http://paste.ubuntu.com/9289705/
<Webdevb> first time it's happened in over a year.
<Webdevb> well it's never happened before.
<sarnold> ouch, that's the OOM killer..
<Webdevb> sarnold OOM killer?
<sarnold> Webdevb: when you're out of memory, the kernel starts killing processes, using the "OOM killer"
<teward> yep, to prevent the system going totally instable
<teward> looks like apache is being killed too
<Webdevb> arrrr ok, guess we can put this down to black friday
<Webdevb> it's ok now
<teward> Webdevb: website going down repeatedly, I guess?
<sarnold> Webdevb: probably something else is wrong on that machine; check top output sorted by memory used
<teward> agreed with sarnold, something else is probably going on
<Webdevb> it seems ok now
<sarnold> Webdevb: it might take some apache tuning to prevent it from spawning too many processes
<Webdevb> sarnold, teward: http://paste.ubuntu.com/9289791/
<Webdevb> it's only got 1gb of memory and it's been a really really busy day
<sarnold> only one gig? no wonder it's in pain :) heh
<Webdevb> sarnold does the top look ok...
<sarnold> you might want to limit apache to only five or six children
<Webdevb> sarnold will that now stop people access the site?
<sarnold> Webdevb: well, it's tricky; if it means that your system doesn't swap as much, each individual request -might- be handled more quickly, and your users might get better experience
<Webdevb> ok, or should I just increase the memory...
<sarnold> if that's an option, definitely
<sarnold> you've got 2.2 gigabytes of apache processes, .9 gigabytes of mysqld processes, and then there's nova-agent and driveclient
<sarnold> four gigabytes would make that a much happier machine
<Webdevb> ok no problem... it seems ok at the moment, we have had quite a large offer on today so I guess it's just had enough of today...
<Webdevb> haha
<sarnold> hehe :)
<Webdevb> like me really
<Webdevb> it's been a bloody long day.
<Webdevb> haha
<Webdevb> sarnold new setup... 2 servers behind a LB both with 4GB of memory... is that better?
<sarnold> Webdevb: much better, though I don't know how well your database will love it. I hope you don't double-sell any inventory..
<Webdevb> double-sell?
<Plizzo> I have an issue with my server. I upgraded from 11.10 to 13.10 using âdo-release-upgradeâ, and started experiencing seemingly random hogging/freezing of my entire machine and system. I then today tried to upgrade to 14.04 LTS to remedy this issue, but to no avail. The upgrade to 14.04 does seem to have had the opposite effect. The first freeze now occured after approx. 2 hours. Any ideas what could be causing this?
#ubuntu-server 2014-11-29
<sarnold> hey Plizzo, sorry to hear it's still happening :/
<sarnold> Plizzo: it might be worth storing off the dmesg every ten minutes or something and see if you can find the issue in the logs before the whole thing hangs
<sarnold> Plizzo: it might be worth installing mcelog too, perhaps it's a machine check exception
<Plizzo> sarnold: No worries, Iâm just trying to get an understanding of why itâs doing that. If I canât find a way to fix it it might be quicker to do a whole clean install.
<sarnold> Plizzo: it has the feeling of something that wouldn't go away with a clean install. :/
<Plizzo> sarnold: Here is my last syslog
<Plizzo> http://paste.ubuntu.com/9290289/
<Plizzo> sarnold: Sorry, I meant to say dmesg
<sarnold> Plizzo: wow, that looks pretty clean.
<Plizzo> sarnold: Yeah, from what I can see. All my logs are perfectly cleanâ¦
<Plizzo> sarnold: I think a clean system install might be faster than to debug this..
<Plizzo> sarnold: I will never update my Ubuntu release again, this happens every time I upgrade, last year also..
<tarvid> Still recovering from my last upgrade. Joined this discussion late. What is the problem
<Plizzo> tarvid: I upgraded from 11.10 to 13.10 using âdo-release-upgradeâ, and started experiencing seemingly random hogging/freezing of my entire machine and system. I then today tried to upgrade to 14.04 LTS to remedy this issue, but to no avail. The upgrade to 14.04 does seem to have had the opposite effect. The first freeze now occured after approx. 2 hours. Any ideas what could be causing this?
<Plizzo> tarvid: Once it freezes, there are no records in the logs and itâs impossible to reach the server over SSH. It completes disappeares and becomes unreachable. I have to perform a hard restart in order to get it back on track.
<Plizzo> tarvid: But Iâm just waiting for it to freeze again..
<tarvid> Haven't seen that issue. I upgraded from 12.04 to 14.04 and had many apache2 issues. I did have one halt on reboot
<tarvid> I am now looking for an inexpensive KVM over IP to avoid the 6 hour drive to press the reset button
<Plizzo> tarvid: I also had some apache2 issues with htpasswd etc, but got most of them sorted out.
<sarnold> tarvid: you might just want to look for e.g. a remote-control power switch, some PDUs have them, some UPS have them
<sarnold> Plizzo: oh, so e.g. 11.10 worked fine? I wonder if 12.04 LTS might work for you, that's still supported for another 2~3 years..
<Plizzo> sarnold: Yeah, everything worked perfectly on 11.10 - but since it was an old release I figured I should upgrade. Thatâs when the freezing hell broke loose.
<tarvid> sarnold, I have an old APC PDU, that would do for a power bounce but I had the damnedest  urge for a peek at the monitor.
<tarvid> Plizzo, I wonder if the grub boot options changed and you now have a feature enabled that is not stable. I had that happen years ago when ACPI was enabled
<Plizzo> tarvid: Maybe so, what option could that be?
<tarvid> How old is the motherboard?
<sarnold> tarvid: oh you want to know -why- it doesn't come back from a reboot ;) picky picky :)
<Plizzo> tarvid: The motherboard is about three years old. But this just happened after software update, and itâs happened before. Only way Iâve been able to fix it is with a clean install.
<filipsohajek> Hi, can you please help me? My postfix server (with MySQL) is sending and recieving to one domain, but other domains can only send
<lnxmen> Hello.
<lnxmen> Is there possibility to set priority of usage on memcached clients? I have production server with 40% usage of RAM and other two VPSes with 40% and 6% usage of RAM. How to make my VPSes more encumbered? Generally, is there any point in doing it?
<mirexx> hello, I'm facing some problems with installation of oracle weblogic server, could some1 help with that ? pm pls, thanks :]
<lnxmen> mirexx: firstly, paste your log
<John_John_> i want to setup a mail server in ubuntu 14.04 but i dont have a registered domain. does this prevent me from completing the task ?
<maxb> Rather depends on what you mean by mail server (smtp, imap, pop3) and how you want mail to reach it
<John_John_> postfix and dovecot
<John_John_> and imap
<John_John_> http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/
<John_John_> here â¦i want to follow this guide.
<John_John_> do you know ?
<SCHAAP137> John_John_: yes, you need your own domain
<John_John_> OHHH
<SCHAAP137> domains are cheapo
<SCHAAP137> *cheap
<John_John_> is there a work around ?
<John_John_> i want it for educational purposes only!!
<SCHAAP137> you could e-mail based on IP-address, or some crappy subdomain
<SCHAAP137> but it's uncommon, and probably spamfilters will not like it
<SCHAAP137> some kind of domain, with control over the DNS entries, is needed
<SCHAAP137> at least to set MX records and such
<SCHAAP137> A, MX, SPF, DKIM, DMARC, TLSA, whatever
<John_John_> all i want is just to send from myself to me
<SCHAAP137> it can be accomplished without a domain, but also for educational purposes, it's better to do it the right way
<SCHAAP137> which is, with a unique domain name
<tanob> hi, i've installed ubuntu server using the netinstall and during install it detects and sets up wireless, but after restart I dont see the wireless configured, what's the simplest way to get it working and persistent across restarts?
<John_John_> i see your point
<SCHAAP137> domains are cheap John_John_, i mean, $3 per year or so
<SCHAAP137> of $5
<John_John_> where can i get one cheap ?
<SCHAAP137> *or
<John_John_> really ???
<John_John_> that cheap ?
<SCHAAP137> what do you want? a .com? .nl ?
<John_John_> i didnt know
<SCHAAP137> sure
<SCHAAP137> even .eu is only 7 euros a year or so
<John_John_> com, eu or gr or .net
<SCHAAP137> i got my domains at www.transip.nl
<John_John_> or anything that is cheap i guess
<SCHAAP137> they have .nl's for 2 euros a year
<SCHAAP137> .com for 7 euro a year
<SCHAAP137> or 6
<SCHAAP137> not sure
<SCHAAP137> you should check
<SCHAAP137> but remember, a domain, is just a domain
<John_John_> i ll check it out now and buy one i guess :))
<SCHAAP137> which is, a bunch of DNS records
<John_John_> which means what ?
<SCHAAP137> to assign a particular name to particular IP-addresses
<SCHAAP137> it's not a server, or a machine, in itself
<SCHAAP137> it's just DNS registration
<John_John_> yes yes i know tah
<SCHAAP137> good
<John_John_> that*
<SCHAAP137> i built my own mailserver as well, with ubuntu and postfix
<John_John_> but then i can set up myserver like machinename.mydomain.com for example ?
<SCHAAP137> multiple domains
<SCHAAP137> yes, definitely
<John_John_> aha
<SCHAAP137> that's just an A record
<John_John_> tell me more about your setup please ?
<John_John_> what do you use exactly ?
<John_John_> http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/
<John_John_> is this guide a good one to follow ?
<SCHAAP137> i followed this guide
<SCHAAP137> http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/
<SCHAAP137> long time ago
<SCHAAP137> since that time i tweaked and improved on it
<John_John_> i am interested in imap too
<John_John_> is it easy to change between pop3 and ima ?
<John_John_> imap*
<SCHAAP137> you can serve both
<John_John_> very nice!!!
<SCHAAP137> but i would recommend just serving pop3-ssl and imap-ssl
<SCHAAP137> not the unencrypted ones
<SCHAAP137> if you wanna do it really properly, get an SSL certificate as well from a CA
<SCHAAP137> set up a webmail as well, with RoundCube or squirrelmail
<SCHAAP137> set up an SPF record, set up DKIM
<John_John_> are ssl certificates cheap ?
<SCHAAP137> some of them are
<SCHAAP137> Comodo PositiveSSL is like $10 a year
<SCHAAP137> for a single domain
<John_John_> ok nice to know that
<SCHAAP137> depends on the type of certificate
<SCHAAP137> wildcard certs, or EV certs, can be very expensive
<John_John_> but for the moment i need the simplest setup possible
<SCHAAP137> the guide i pasted the URL from, is a good way to get you started
<SCHAAP137> it uses virtual users as well, in a mysql database
<John_John_> really thanks for the info :)
<SCHAAP137> no need to create actual unix user accounts
<John_John_> aha
<SCHAAP137> for the mail users
<SCHAAP137> which is an advantage
<John_John_> yes thats what i am interested in actually !!!
<SCHAAP137> it will take a moment to set up, but when it's working, you will be happy
<SCHAAP137> and then you can expand it slowly
<SCHAAP137> add more advanced features, better security, etc
<John_John_> another importan question
<SCHAAP137> or, if you are REALLY lazy, you can check this out
<SCHAAP137> https://mailinabox.email/
<SCHAAP137> it does everything for you
<John_John_> this is talking for the cloud yes ?
<John_John_> so i need to have linux on the cloud ?
<SCHAAP137> not necessarily
<SCHAAP137> just linux anywhere is good
<John_John_> i have 14.04 server installed locally
<SCHAAP137> but, for a good mailserver, u want it to be online all the time
<SCHAAP137> and fast
<SCHAAP137> a nice VPS in a datacenter or something
<John_John_> not in my concern for now
<John_John_> but please tell me where can i buy a vps cheap from ?
<SCHAAP137> hehe, i got mine from TransIP.nl as well
<SCHAAP137> first month is half price, $5 instead of $10
<SCHAAP137> gives you 1 core, 50 GB HDD, and 1GB RAM
<SCHAAP137> i run a medium one, with 2 cores, 4GB RAM, and 150GB HDD
<John_John_> i see
<John_John_> problem is i dont understand duch
<John_John_> so i need something in english or greek :)
<SCHAAP137> it's better to get one geographically close to you
<SCHAAP137> for better performance during control sessions, speed, etc
<John_John_> we are not far actually :)
<John_John_> but its ok i ll find one
<SCHAAP137> http://www.pointer.gr/en/vps
<SCHAAP137> seems a bit expensive this one
<John_John_> i am only interested in the domain name only right now i guess
<John_John_> we ll see about vps later
<John_John_> is my 14.04 server local machine enough for now ?
<SCHAAP137> depends on your network setup
<SCHAAP137> does your ISP block any ports?
<John_John_> nope
<SCHAAP137> some ISPs block port 25 on consumer lines
<SCHAAP137> then it should be sufficient
<John_John_> ok then
<SCHAAP137> but for a "production" mailserver, you want more sense of security, uptime, etc
<John_John_> how can i learn if my isp blocks port 25 ?
<John_John_> i dont need any production right now
<SCHAAP137> no idea, pbly only by testing it
<John_John_> i just need it for development server
<SCHAAP137> by sending out mail
<John_John_> how can i test that now easily ??
<SCHAAP137> mail servers talk on port 25, outbound, but also inbound / amongst eachother
<SCHAAP137> hmm, difficult
<SCHAAP137> you need a mailserver to test it i think :P
<John_John_> lol ok
<mardraum> telnet to some remote mailserver on port 25
<SCHAAP137> ah yeah, indeed
<John_John_> telnet from inside ubuntu you mean ?
<John_John_> can you give me the shell command please ?
<SCHAAP137> telnet smtp.yourmailprovider.gr 25
<John_John_> wait a sec please
<mardraum> no, you want NOTyourmailprovider
<SCHAAP137> ah yeah true
<mardraum> they should certainly allow you to connect to their server
<John_John_> ok i got it
<John_John_> i ll use my workâs email server
<John_John_> just a sec
<John_John_> is this command correct ?
<John_John_> ok it is sorry
<SCHAAP137> after connecting, you need to identify yourself with HELO or EHLO
<SCHAAP137> followed by your IP or domainname, of your internet line
<mardraum> if you can connect at all, it's enough to establish your ISP isn't blocking outbound on port 25, assuming the server tested isn't also allowed by them
<John_John_> Microsoft ESMTP MAIL Service readyâ¦â¦
<John_John_> is this correct ?
<SCHAAP137> for testing inbound, you would need a mailserver locally
<mardraum> uh huh
<SCHAAP137> yes, it means it connected
<SCHAAP137> so outbound port 25 is clear
<John_John_> ok nice one :)))
<John_John_> but i ididnt identified myself ok ?
<SCHAAP137> not a problem, the connection is there
<SCHAAP137> like mardraum said
<John_John_> thanks
<John_John_> how can i disconnet now :)
<SCHAAP137> usually QUIT
<SCHAAP137> or BYE
<SCHAAP137> i thought
<John_John_> ok it wotrked
<John_John_> so i only have to buy my domain name right ?
<SCHAAP137> correct, then you can set an A record in your DNS control panel
<SCHAAP137> of the domainname
<John_John_> is the ubuntu server i just installed ok ?
<SCHAAP137> A record should point to your IP
<John_John_> should i better install a desktop too ?
<SCHAAP137> not necessary
<John_John_> ok
<John_John_> because i am on a mac and have the ubuntu server as a VM now
<John_John_> thats my setup already actually
<SCHAAP137> ah, okay, that changes things
<John_John_> geeeee
<SCHAAP137> the VM, how does it connect?
<John_John_> bridge
<SCHAAP137> it uses a bridged adapter, or virtual NAT ?
<SCHAAP137> ah bridge, nice
<SCHAAP137> so it has an IP on the physical network?
<SCHAAP137> then it should be okay
<John_John_> yes it is like that
<John_John_> how do i change the server name after i got my domain ?
<SCHAAP137> what do you mean exactly?
<SCHAAP137> ah, you want to give your server a domain name?
<SCHAAP137> you create an A record, to point to your IP-adress
<SCHAAP137> with some kind of name
<SCHAAP137> lets say
<John_John_> yes
<SCHAAP137> mail in A 1.2.3.4
<John_John_> how do i create an A record ?
<SCHAAP137> then you have mail.domain.name pointing to that IP-adress
<SCHAAP137> in the DNS control panel, from the provider where u have the domain name
<teward> John_John_: you have to set it up in the DNS provider, whether its third party or wherever you have the domain.
<SCHAAP137> after making the A record (name pointing to IP)
<SCHAAP137> then u create the MX record
<teward> wow lagggggy here...
<SCHAAP137> which will be pointing to the (full) name from the A record
<John_John_> aha so when i buy a domain i have a panel too ?
<John_John_> i didnt know that
<SCHAAP137> at TransIP yes, you get a control panel for the DNS settings
<SCHAAP137> so for example you have the domainname maestro.gr
<SCHAAP137> you make an A record
<SCHAAP137> mail in A 1.2.3.4
<SCHAAP137> so then mail.maestro.gr will point to 1.2.3.4
<John_John_> ok please give me 5 minutes so i can find a domain provider in greece please and i ll get back to you ok ?
<SCHAAP137> then after, you make an MX record
<John_John_> hold on
<SCHAAP137> @ in MX mail.maestro.gr.
<SCHAAP137> @ in MX      10 mail.maestro.gr.
<John_John_> i cant catch it all from the start
<John_John_> i am new to this :)
<John_John_> wait please ?
<SCHAAP137> i cannot explain everything, you will need to learn and inform yourself as well :P
<SCHAAP137> how DNS works etc
<John_John_> lol of course
<SCHAAP137> what an A record is, what an MX record is, IP-adress, etc :P
<John_John_> i will follow the guide anyhow right ?
<SCHAAP137> cool, good luck
<John_John_> thanks but maybe ill need your help for the first step if thats ok with you
<SCHAAP137> if i'm around here i will try to answer
<John_John_> thanks :)
<SCHAAP137> other ppl here should also know about it, i guess
<SCHAAP137> i cannot be the only one to know about setting up mail
<SCHAAP137> :PO
<SCHAAP137> ;P
<SCHAAP137> you will get there
<SCHAAP137> setting up your own DNS server is harder than setting up your own mail server, with externally managed DNS
<SCHAAP137> once you have mail up and running, it can be intriguing to host your own DNS as well
<SCHAAP137> gives extra possibilities
<SCHAAP137> like DNSSEC, TLSA and such
<SCHAAP137> the options for setting different DNS records, with a managed DNS service, are more limited
<teward> of course setting those up isn't the most trivial task either
<SCHAAP137> that is definitely true
<teward> if your ultimate goal is just to have a web server with a domain and a mail server the whole DNS setup process is likely overkill, and you can explore DNS setups in virtual environments at home in sandbox environments
<teward> case in point the 25 sandbox VMs I have for various purposes (IPSec VPN, mail server, Apache, nginx, DNS, the list goes on)
<SCHAAP137> that's a good method for testing setups indeed
<teward> and you can break things allll you want and then fix em without nuking your servers in the process
<teward> granted, I have actual hardware for virtualization here, got a whole ESXi server sitting at home
<teward> and a new ESXi server in four days coming in ;)
<SCHAAP137> indeed nice, i have some clusters in datacenters around holland i can play with
<teward> mhm.
<SCHAAP137> not at home though
<SCHAAP137> also vSphere based
<teward> true, but to some extent VMWare Workstation can manage the server a little, and since most of my VMs start in a Workstation environment, it's just a case of click and upload
<teward> anyways, that's going into the techie, paranoid level of crazy :P
<teward> (security on my network is equally intense)
<teward> but i digress :)
<SCHAAP137> ah, being a bit paranoid is good
<SCHAAP137> i'm very security-minded as well
<teward> s/a bit paranoid/overly crazy paranoid/
<SCHAAP137> big fan of security through obscurity
<teward> my home net has a whole firewall appliance at the edge - pfSense with Snort and IPSec VPN
<teward> waaaaaaay overkill for a typical home network
<teward> (VLAN'd out the wazoo too)
<SCHAAP137> i assume you're already disabled SSL 3.0 everywhere
<SCHAAP137> *you've
<teward> first thing i did when i ran updates :P
<SCHAAP137> with the whole POODLE thing
<SCHAAP137> hehe, cool
<teward> i use nginx, so it's as simple as putting an `ssl.conf` into /etc/nginx/conf.d/
<teward> and set ssl rules across each server as a sort of global argument
<SCHAAP137> i edited my apache's source code to include SPDY and NPN
<SCHAAP137> and change the default EC params to something other than the prime256v1 curve
<SCHAAP137> secp521r1 ftw
<SCHAAP137> can't wait for a QUIC module @ apache
<SCHAAP137> tried running nginx/apache compiled with LibreSSL already?
<SCHAAP137> hope OpenSSL will implement the CHACHA20-POLY1305 cipher as well soon
<mirexx> hello, I just installed jboss server on my localmachine, I want to reach it from my virtualhost but I can't, what should I do  pls? (I have installed apache and tomcat and both are reachable from virtual machine) thanks
<John_John_> can you please suggest me a domain registration provider with default language of english or greece which you know that a control panel is included in the price ?
<John_John_> www.europeregistry.com
<John_John_> i found this one
<John_John_> can you confirm please ?
<andol> John_John_: Do you only need a registrar or do you also need dns hosting to be included?
<SCHAAP137> not sure if they provide a DNS control panel as well
<John_John_> i guess dns hosting too since its very hard to set up my own dns right ?
<andol> John_John_: Anyway, https://www.gandi.net/ is generally a good choice.
<John_John_> https://europeregistry.secure-admin.com/login?__utma=137147300.1225744559.1417273584.1417273584.1417273584.1&__utmb=137147300.6.9.1417273760872&__utmc=137147300&__utmx=-&__utmz=137147300.1417273584.1.1.utmgclid=CK3bq8KLoMICFYvItAodgWsAXQ|utmccn=(not%20set)|utmcmd=(not%20set)&__utmv=-&__utmk=71004752
<John_John_> see this please
<SCHAAP137> andol, i think John_John_ would also need a kind of DNS control panel for the domain name, does gandi provide that?
<SCHAAP137> to make A and MX records etc
<John_John_> please follow the link above i think it has it all ?
<SCHAAP137> like, a domain including some kind of managed DNS
<andol> SCHAAP137: Yepp.
<SCHAAP137> seems useful John_John_, the suggestion from andol
<John_John_> ok i ll check that out now
<jak3000> hi all how to open port 3306? i try: sudo iptables -A INPUT -p tcp --dport 3306 -j ACCEPT      and sudo ufw 3306 allow    but can connect from other pc
<SCHAAP137> it is probably a mysql server setting, jak3000
<SCHAAP137> to only allow connection from localhost
<SCHAAP137> 3306 is mysql right?
<jak3000> yes mysql
<SCHAAP137> probably server-side setting, to only allow connection from localhost
<jak3000> how to check? in my.ini right?
<SCHAAP137> i think so, i am not a mysql expert
<SCHAAP137> probably initial setup made this config
<SCHAAP137> try to just allow non-root access from outside
<SCHAAP137> keep root user access only on localhost
<jak3000> ok.
<jak3000> thanks
<SCHAAP137> yw
<jak3000> good idea because i typed similar rules for port 22 and worked(cann connecT)
<SCHAAP137> yes, but sshd is different
<SCHAAP137> it is made for remote access
<SCHAAP137> usually u want mysql database to only talk with local services
<SCHAAP137> like webserver, or software running locally
<SCHAAP137> you don't want SQL over the network, you want the applications to talk over the network, with encryption
<SCHAAP137> and local databases to interpret the data locally
<jak3000> understand
<jak3000> SCHAAP137 friend.
<jak3000> ak3000: remove bind-address= and skip-networking from my.cnf and grant permission to the external 'user'@'host' and remove any firewall rules blocking port 3306 and make sure no overrides on the mysqld commandline. See  http://hashmysql.org/index.php?title=Remote_Clients_Cannot_Connect
<SCHAAP137> indeed, that should be it
<SCHAAP137> but still, it is not common practice i think
<SCHAAP137> it is 'unsafe'
<SCHAAP137> maybe you can make some kind of VPN for the SQL traffic that traverses the network, or a VLAN
<jak3000> ye sunderstand
<SCHAAP137> or just use iptables to limit the access
<SCHAAP137> is not a perfect solution ofcourse
<SCHAAP137> if the iptable rule breaks for a moment, it will allow access for someone, potential attack vector, and it is not encrypted by default
<jak3000> Thanks SCHAAP137 for your time, i tell you, if win or not win.. :)
<SCHAAP137> hehe cool, let me know
<jak3000> commented the line bind-adress and worked
<jak3000> :)
<SCHAAP137> okay
<SCHAAP137> but still, remember that a different solution is nicer
<SCHAAP137> to nÃ³t have SQL traffic over the network, just locally on the machine
<SCHAAP137> let the applications talk something else, and SQL only locally in the machine from application to database
<jak3000> ok
<jak3000> ok thanks
<SCHAAP137> yw
<SCHAAP137> because it means, other machines can potentially access the SQL now as well
<SCHAAP137> or you contain it with iptables?
<SCHAAP137> if u allow external access, you should define the rules in iptables, for the IP's that should have access to the mysql service on port 3306
<SCHAAP137> and block others
<jak3000> ok
<jak3000> understand i am working now in this step: allow ips and block others
<SCHAAP137> best firewall policy is the 'default-deny' idea
<SCHAAP137> everything is disallowed, expect the things u define
<SCHAAP137> *except
<SCHAAP137> iptables is not perfect
<SCHAAP137> pf, from OpenBSD, is nicest
<jak3000> a quesiton
<jak3000> iptables and uwf can work at same time, or need disable one?
<SCHAAP137> i don't know uwf
<SCHAAP137> ah
<SCHAAP137> uwf is a method to make easier iptables configuration
<SCHAAP137> so both is good i guess
<SCHAAP137> https://help.ubuntu.com/community/UFW
<teward> jak3000: ufw will supersede the iptables rulesets, on its own
<rsully> is there a specific room or person i should talk to about the certified images released for the joyent public cloud?
<teward> jak3000: you will need to use either ufw or iptables - ufw ultimately sets iptables rules, that's why
<jak3000> ok, then no problem if type any rules with iptables and others with uwf, thanks
<SCHAAP137> does uwf 'replace' other custom iptables rules teward ?
<teward> SCHAAP137: haven't tested.
<SCHAAP137> like, some iptables stuff in /etc/rc.local, and afterwards uwf commands
<teward> SCHAAP137: i know there's a way to add custom rulesets to ufw outside the bounds of ufw's commands, but as the uber techie I prefer iptables over ufw
<SCHAAP137> good question indeed
<teward> besides i have special masquerade rules that ufw breaks in any situation so i stick to an iptables ruleset
<SCHAAP137> i'm more of a /etc/pf.conf kind of person, but i prefer iptables over uwf (i guess) as well
<teward> and the only things open are to local, private IPs (or on my remote servers, specific system IPs), so... there's no real 'openings' in my own computer clients' systems, or my remote servers
<teward> (and at home everything's behind the pfSense, called 'darkness', so... :P)
<teward> SCHAAP137: i could spin up a VM and test, but i'm on battery power for now, on the bus...
<teward> so meh
<teward> (infinite bandwidth though - my phone is my hotspot instead of the bus's wifi)
<SCHAAP137> ah, riding a bus atm?
<teward> yep, from my hometown to my actual home in harrisburg :P
<teward> IPSec VPN is evil on this hotspot but i've had worse....
<teward> only got an hour of battery on the laptop
<teward> 6 + 6 (with the external battery pack) for the phone
<SCHAAP137> IPsec is just IP-header stuff right
<SCHAAP137> not actual data encryption
<SCHAAP137> why not an SSLVPN ?
<Patrickdk> heh?
<Patrickdk> ipsec is much better than sslvpn
<Patrickdk> just ipsec doesn't passthough firewalls cleanly like sslvpn
<SCHAAP137> SSLVPN over an IPsec tunnel, even better
<Patrickdk> no, that would be horrible
<Patrickdk> your mtu would be crap
<teward> L2TP over IPsec is okay but its still bleh
<teward> and i just need IPSec so the data doesn't look like it originates from my location :P
<SCHAAP137> i think with pf.conf you could let IPsec tunnels pass cleanly over different networks
<teward> that and i'm accessing my media server :)
<Patrickdk> I just do ipsec, no l2tp
<teward> ... back at home :)
<SCHAAP137> on an OpenBSD system
<teward> Patrickdk: yeah, it's tricky to do ipsec+l2tp, but my pfSense firewall has IPSec but not the hybrid of that and l2tp
<SCHAAP137> through NAT and whatever
<SCHAAP137> shouldn't be an issue
<teward> SCHAAP137: yeah i have nat traversal outbound on my ipsec vpn
<Patrickdk> heh?
<teward> but its not like i need it to be infinite security - it's only me on it :P
<Patrickdk> there is nothing special about ipsec+l2tp, they are two totally different things
 * teward shrugs
<teward> Patrickdk: windows expects it unfortunately
<Patrickdk> you just run ppp over the ipsec link and boom, you have ipsec+l2tp
<teward> ootb anyways it does
<teward> linux, it works fine with just the IPsec, just need a few extra plugins
<hadifarnoud> how can I keep the owner of files in a directory the same? with every git pull some new files become root:root
<teward> hadifarnoud: are you running the pull as root?
<hadifarnoud> teward: I am.
<teward> that's your problem
<teward> hadifarnoud: don't run the pull as root xD
<teward> or have an extra recursive chown
<teward> chown --recursive foo:bar /path/to/dir
<teward> (replace what's relevant)
 * Patrickdk makes sure to add some suid binaries into that git
<teward> heheh
<hadifarnoud> teward: so I can't make ubuntu keep the owner then?
<Patrickdk> ubuntu has nothing to do with it
<Patrickdk> use the correct user to do it, would be best
<Patrickdk> tell git to do it
<Patrickdk> or use a stick bit
<Patrickdk> lots of options
<lordievader> Strongswan with virtual ip is nice :D
<teward> hadifarnoud: it's not an ubuntu issue - it's a pebkac user
<teward> s/user/issue/
<teward> hadifarnoud: your issue is that running the git pull as root makes it assume `superuser` default settings, i.e. root:root
<teward> hadifarnoud: the solution is to NOT run the git pull as root, and instead as the user you intend to have the permissions set for
<hadifarnoud> teward: that would be www-data
<teward> hadifarnoud: or add an extra command to the pull at the end, and set it as the combo you want, via the chown command i said
<teward> hadifarnoud: well then your other solution is run the pull as root and then add a command, either by using a script to handle the pull AND the chown, or... manually
<Patrickdk> well, into the git postpull script
<teward> right
<teward> or do what i do, scripts for everything, all of em run on their own xD
 * teward overcomplicates administration :)
<hadifarnoud> cool. will do teward. have to google how to add a script to git pull
<teward> postpull perhaps
<teward> Patrickdk is likely more fluent with git than I
 * teward has been learning bzr which has effectively squished his git knowledge >.>
<Patrickdk> everyone uses git :)
<Patrickdk> besides ubuntu using bzr
<Patrickdk> and companies using perforce
<ScottK> And people that still use svn.
<ScottK> Or even, shudder, cvs.
<Patrickdk> people don't normally start new stuff in svn
<Patrickdk> I hated cvs
<Patrickdk> svn was ok
<ScottK> Sure, but lots of stuff still around using it.
<teward> Patrickdk: i use bzr because i'm pushing stuff for the CVE tracker (as ScottK knows, theres quite a few cves that're WRONG against wireshark so i've been... kinda doing cleanup_
<teward> that and i use the bzr method of package merges >.>
<Patrickdk> I only know alittle git
<Patrickdk> use it for a few things
<teward> same, git clone, git commit, git push...
<Patrickdk> but mainly use it for illumos commits
<teward> mhm
<Patrickdk> lots of git rebase :)
<ScottK> One of the nice things about bzr is that for people that want to, you can use it exactly like svn, just do bzr command instead of svn command.  That makes it a nice bridge into the world of DVCS for projects where some people are stuck in the old paradigm.
 * teward shrugs
<teward> ScottK: i'm still a stickler for old fashioned packaging: pull the source package, tweak, changelog entry, rebuild
<teward> then debdiff xD
<Patrickdk> main reason I have never used bzr, why bother learning yet another
<ScottK> That's generally true about tools.  There's little point in learning them for their own sake.
<Patrickdk> git I was pretty much forced to, as everything switched to it
<Patrickdk> svn I used for years
<ScottK> teward: I mostly use diff and patch to get stuff into/out of the VCS, so I hear you.
<Patrickdk> cvs I was forced to use, once, and I dropped that
<teward> ScottK: yeah, i'm even worse, i nitpick upstream commits, and at times have had to actually manually recreate the patches via quilt
<teward> 'twas painful
<teward> but not unexpected...
<Patrickdk> quilt makes it easy
<teward> yeah, well, reading the upstream diff and converting that to manual edits is tricky sometimes
<Patrickdk> attempt to strip out 40+ commits from fork, and attempt to remerge them
<teward> especially with gedit having changed crazy between 10.04 and now
<teward> Patrickdk: eheheh
<Patrickdk> and remove extra fluf
<Patrickdk> and fix *missing* parts
<ScottK> I recently went through a process where I made a local branch in git and used git cherry-pick to pull the subset of upstream changes I wanted and then exported the commits as patches.
<ScottK> Then it was mostly a matter of adding the patches to debian/patches/series.
<ScottK> That way most of the hard work of resolving the differences we done in Git.
<Patrickdk> my issue is, someone opted to change a whole style of atom locks
<Patrickdk> causing all kinds of fun conflicts
<ScottK> Probably nothing will help you there.  Just fun all around.
<mirexx> could I install 32bit version of weblogic on 64bit ubuntu?
<teward> ScottK: ahh, yeah, i work command line manually, and by doing the patches by hand i learn the underlying software...
<teward> that's my thinking on manual patch recreation anyways
<Patrickdk> if you install all the 32bit libs it wants, sure
<mirexx> ty
<teward> mirexx: you can do that easy by installing the 32bit dependencies, via package:i386
<teward> unless it needs manual building of the deps :)
<teward> (then it can get tricky i believe)
<Patrickdk> if your building, it shouldn't really matter
<Patrickdk> but you can't build weblogic :)
<teward> true
<teward> Patrickdk: build deps of the dep you have to build though
<teward> depending on the software, that can get VERY tricky and time consuming
<Patrickdk> ya, I spent 3 days working on that for dovecot
<Patrickdk> building all the deps I needed in omnios so I could build a fully featured dovecot
<mirexx> yes, I didn't find the 64bit version of weblogic :/ so I need to install 32bit version
<teward> heh
<Patrickdk> actually, building them wasn't the horrible part, but I was attempting to package it correctly, so I wouldn't have to do it again :)
<teward> Patrickdk: ahahahahh, yeah THAT gets tricky
<teward> Patrickdk: kinda glad i don't have to worry about the naxsi packages in nginx nowadays though, that isn't trivial to maintain
<teward> (thank goodness debian dropped them, from Vivid onwards I can have relatively easy maintenance... :) )
<Lartza> I know one should really REALLY not run own mail servers, but I have to. There's literally no easy way still and you have to configure everything meticulously?
<SCHAAP137> there is
<SCHAAP137> https://mailinabox.email/
<Patrickdk> the problem with email servers is, everyone has different kinds of spam, so everyone blocks it differently and uses different things to process and reject/filter/...
<Lartza> SCHAAP137, That requires a fresh box :/
<SCHAAP137> true
<Patrickdk> if it wasn't for that, a standard postfix/dovecot stack would be simple
<SCHAAP137> http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/
<SCHAAP137> this guide is good as well
<Patrickdk> oh evil, courier
<teward> wheeeeee laggy
<Patrickdk> save yourself a ton of pain and use dovecot :)
<mirexx> can I add 32bit libraries through these commands: 1. sudo dpkg --add-architecture i386  then 2. sudo apt-get update ?
<SCHAAP137> i heard good stories about dovecot, i use courier-imap-ssl myself
<SCHAAP137> users, domains, aliases, all virtual in mysql, mapped in postfix
<SCHAAP137> opendkim
<Lartza> Is amavis like spamassassin?
<SCHAAP137> still wanna do TLSA
<SCHAAP137> but need my own DNS for that
<Patrickdk> no, amavis *includes* spamassassin
<Patrickdk> ya, I'm fully tlsa
<SCHAAP137> i use 4096-bit DKIM keys, some servers have a hard time verifying them
<Patrickdk> I mainly use my email via webmail, and use tlsa for mx and to verify my webmail link
<Patrickdk> 4k for dkim is kindof insane
<Patrickdk> I hate google killed dkim for everyone
<Patrickdk> your suppost to rotate your dkim keys weekly or monthly, but since google didn't everyone must suffer
<SCHAAP137> true
<teward> whoopsies
<Patrickdk> maybe that is something I should start tracking
<Patrickdk> keep track of dkim verifications
<Patrickdk> and if I see the same key again, over x days old, derate it
<Patrickdk> I used a 768bit dkim rotated weekly, for years
<Patrickdk> or well, used to
<Lartza> I'm literally thinking of buying a VPS for mail in a box now...
<SCHAAP137> still need to set up my own nameserver
<SCHAAP137> so i can do some TLSA
<Lartza> But I think I'll just get around to installing all this
<SCHAAP137> secondary caching/forwarding with some ip checks pbly
<SCHAAP137> still need to learn some shit about DNSSEC before proceeding
<Patrickdk> dnssec is simple
<Patrickdk> but just don't be stupid, when you rotate your keys
<SCHAAP137> need moar DNS knowledge in general tbh
<ScottK> Patrickdk: DKIM key less than 1024 bits is not a great idea.
<ScottK> SCHAAP137: 4096 is overkill though.
<Patrickdk> why?
<SCHAAP137> 4096 all the way yo
<Patrickdk> bits only dictate how long till it's bruteforced
<SCHAAP137> relaxed/simple
<Patrickdk> if you rotate often, and expire the old key, not an issue
<ScottK> Patrickdk: Yes, and with 768 it's not that long.
<Patrickdk> the problem was, people where not doing so
<Patrickdk> and google was using a 512bit key for years
<teward> 4096 is overkill, but if you're security-paranoid like i am... :P
<ScottK> That's true, but there are some systems that decline to trust keys < 1024.
<Patrickdk> yes, cause of that google problem
<ScottK> Patrickdk: They were using 512 until they got brute forced.
<Patrickdk> they said, lets make 1k the limit
<ScottK> Doesn't change the fact that if you use 768 many receivers will ignore your signature.
<Patrickdk> why would they?
<SCHAAP137> i am, teward
<SCHAAP137> in different ways pbly
<Patrickdk> and as I said, if you read, BEFORE 1k became the limit, I used 768bit rotated weekly
<Patrickdk> afterwards, well, I had to change
<ScottK> Because most people don't do key rotation.
<Patrickdk> people not doing rotation is insane
<Patrickdk> like not rotating your ssl certs, dnssec keys, and everything else
<ScottK> opendkim, which is the most common implementation for Sendmail/Postfix use has a 1024 limit.
<teward> i have an 8192bit ssh key too, which is REALLY overkill xD
<teward> (just sayin)
<Patrickdk> opendkim is relatively new
<ScottK> Not really.
<Patrickdk> teward, I attempting that before, openssl had no support using >4k
<ScottK> It's a fork of dkim-milter which was an update of dk-milter.
<Patrickdk> scottk, opendkim wasn't widely used till around the google 512bit key incident
<teward> Patrickdk: openssl or openssh?  (ssh keys 8192 worked for me since 11.04)
<Patrickdk> teward, yes, and that is pretty new :)
<Patrickdk> I mean back in like 2002
<Patrickdk> it could *make* 32k keys
<Patrickdk> but it coulding use anything >4k
<Patrickdk> totally pissed me off :)
<teward> ahhh right
<teward> Patrickdk: yeah I am REALLY overkill with my ssh keys ;)
<ScottK> Since dkim didn't exist in 2002, it's completely true that all the software for the protocol didn't exist either.
<Patrickdk> who is talking about dkim in 2002?
<ScottK> Nevermind then.
<Patrickdk> ssh != dkim
<ScottK> The oldest supported Ubuntu release (10.04) has opendkim.
<ScottK> It's also the last one with dkim-milter.
<ScottK> So I think it's not that new.
<teward> yep
<Patrickdk> and google had their key compromised in nov 2012
<Patrickdk> considering it takes people a year or two to upgrade to the newest version
<Patrickdk> yes, I would say I was pretty right on
<Patrickdk> people started using opendkim heavily around when google 512bit was compromised
<ScottK> opendkim 1.0 was released in 2009 (and that's when it entered Debian/Ubuntu).
<ScottK> The reason it was forked from dkim-milter is the author changed jobs.
<ScottK> Before that, dkim-milter was the predominate implementation for Sendmail/Opendkim.
<Patrickdk> yes, I still use dkim-filter
<Patrickdk> but I pretty much forked it myself
<Patrickdk> as it's completely mysql backed
<Lartza> Anyone have experience with iRedMail?
<Lartza> Oh needs a fresh server too
<Lartza> Mhh
<ScottK> opendkim supports mysql.  Not sure why you'd stay with ancient, unsupported software, but meh.
<Patrickdk> hmm, I can't find anything in the documentation about it
<Patrickdk> was just reviewing it again
<Patrickdk> guess maybe the documentation is lacking
<Patrickdk> and unsupported only means, someone other than my supports it
<Patrickdk> as I said I forked it
<Patrickdk> that was long before opendkim existed though
<ScottK> See the --with-sql-backend config option described in INSTALL.
<Patrickdk> ya, but not described in the config file manual
<Patrickdk> I did see a readme.sql in the source
<Patrickdk> but I don't normally look at the source for documentation
<mirexx> hello guys, I'm using ubuntu 64bit and I'm trying to install oracle weblogic server but after I put this command : java -jar wls_121200.jar to the terminal  it's output is following: The OpenJDK JVM is not supported on this platform.
<mirexx> The Oracle Universal Installer failed.  Exiting.
<mirexx> what I am suppose to do to run this properly?
<Patrickdk> it told you
<Patrickdk> use oracle jvm
<Patrickdk> why are you using openjdk?
<mirexx> I am newbie in this.. :/
<mirexx> so first thing I have to do is to install oracle jvm right?
<shaan> hey guys what is a lightweight secure email server
<shaan> ??
<shaan> i just need simple E-mail and IMAP
<mirexx> ok Patrickdk got it now, thx very much for  your help ;]
<JanC> postfix + dovecot is reasonably lightweight
<sheptard> why not get email hosted by google
<JanC> privacy probably?
<Patrickdk> gmail is *private*
<JanC> it might even be illegal if he is inside the EU and has personal data about other people in his email/contacts
<Patrickdk> or in ma, usa
<maxb> What is not lightweight is doing your own spam & virus checking
<maxb> spamassassin and clamav are pretty good, but require CPU time and admin care and feeding
<qman> rolling your own antispam/antivirus is hard, I use scrollout F1
<mirexx> guys, I'm trying to start my weblogic  server but, when I execute startWebLogic.sh it says: Can't open .../Oracle/Middleware/oracle_common/common/bin/commEnv.sh      #I don't  even have that directory..
<mirexx> where is the problem ? :(
<bekks> Well, it tells you it cant start because that directory and that file mentioned doesnt exist.
<mirexx> yes I know that, but what I need to do about that ? I didn't find nothing about this problem so far..
<bekks> mirexx: You need to install the WebLogic server properly, I guess.
<allen> How can I make sure that my entire wordpress directory is readable, writable, and executable by my user?
<allen> Like I want full privileges, and no permission related issues for this directory and all its subdirectories and files lower in the heirarchy
<bekks> Where is your wordpress directory located?
<RoyK> allen: the easiest, though not safest choice, is to chown -R youruser /path/to/wordpress/dir
<allen> in /var/www/html/wordpressdirectory
<bekks> That directory should not be owned by your user.
<RoyK> bekks: why not? so long that it's readable by the apache group, it doesn't matter
<bekks> RoyK: Well, it opens the door for vulnerabilities by using the users account.
<RoyK> allen: btw, /var/www/html/... is typically a redhat/centos thing - I don't think I've see the html dir in any debian-based distros
<RoyK> bekks: he's saying full rwx to his user, so yes
<allen> RoyK,its like that on ubuntu-server 14.04
<Patrickdk> royk, ubuntu *or debian* gave in a few years ago
<allen> Thanks guys, I think its working, I'm not to stressed about security right now
<allen> i just need things working, i'll tighten it up later
<RoyK> allen, Patrickdk: I was looking at wheezy and some older ubuntu release - seems there's a html there now, yes
<RoyK> allen: then chown -R
<John_John__> what desktop to install in 14.04 server ?
<bekks> The one you want, basically. :)
<John_John__> ok i need the most stable one
<bekks> All available desktops in the Ubuntu repos are considered to be stable.
<John_John__> ok which one is the most featured and which one is the lightest ?
<RoyK> John_John_: why would you want to install a desktop environment on a server?
<RoyK> John_John_: if it's a desktop you want, just install ubuntu desktop and the server packages you need.
<John_John_> because â¦.i think might have a better experience ?
<RoyK> probably not
<John_John_> actually i cant paste from my mac into ubuntu
<RoyK> linux servers are configured on the commandline, although there exists other solutions, but not remotely as good
<RoyK> just ssh into the server and paste into the terminal
<John_John_> aha
<John_John_> can you give me the exact command please ?
<RoyK> on the mac, open terminal and type "ssh user@host" wher "user" is your username and "host" is the hostname or ip address of the server
<John_John_> connection refused...
<RoyK> then apt-get install ssh
<RoyK> on the server
<John_John_> yep :)
<John_John_> thanks alot !
<John_John_> so no need a gui at least for now i guess
<John_John_> question....
<John_John_> when i installed the server i installed LAMP too
<John_John_> now i cant seem to be able to stop mysql serice for example
<John_John_> i mean it seems it restarts by itself when i stop it
<RoyK> John_John_: that would be the first 5 minutes of a linux 101 ;)
<RoyK> John_John_: which ubuntu version?
<John_John_> 14.04
<RoyK> service mysqld stop should work well
<John_John_> mysqld: unrecognized service
<RoyK> mysql, perhaps
<John_John_> something missing in my path maybe ?
<RoyK> nope
<RoyK> service mysql
<RoyK> not mysqld
<RoyK> my fault
<John_John_> mysql stop/waiting
<John_John_> what it means ?
<RoyK> it means it's stopping
<RoyK> but that may take a few seconds
<RoyK> commiting transactions etc
<RoyK> try service mysql status
<John_John_> sudo service mysql status
<John_John_> and still the same answer
<RoyK> wait a wee while
<John_John_> lol how while ???
<John_John_> how much*
<John_John_> i think something is wrong!
<John_John_> still stop/waiting
<John_John_> any thoughts ?
<John_John_> a bug maybe ?
<bekks> It's stopped, when you got the command prompt back.
<RoyK> John_John_: ps axf|grep -v grep|grep mysql
<qman> stop/waiting means it's stopped
<qman> which is what you should expect, since you stopped it
<John_John_> it gives me no answer
<John_John_> aha
<RoyK> qman: shouldn't that say just 'stopped'?
<bekks> John_John_: It gave you a prompt back, where you typed service mysql status already.
<John_John_> i see
<qman> not from my experience
<qman> upstart jobs say stop/waiting
<RoyK> qman: ok
<bekks> RoyK: The service is stopped and waiting for further instructions.
 * RoyK doesn't like upstart
<RoyK> ok
<John_John_> mysql start/running, process 1711
<John_John_> after i start it again
<RoyK> good
<John_John_> but it doewsnt give me the uptime info and all
<John_John_> like this one commandâ¦udo /etc/init.d/mysql status
<RoyK> John_John_: mysql ... "show global status;"
<bekks> Because /etc/init.d/mysql status shows you the mysql stats, while service mysql status shows you the upstart status for the mysql service.
<John_John_> show which method is the most secure/correct ?
<RoyK> just use "service ..."
<bekks> John_John_: Depends on which status you want to see.
<John_John_> ok hear this
<John_John_> i stopped with init.d and it doesnt stop at all!!!!
<bekks> Why didnt you use service...?
<John_John_> with service command it works fine i guess
<John_John_> so i ll use that
<bekks> Thats what you did before, yes.
<John_John_> does the same work for apache2 too ?
<bekks> Yes.
<RoyK> John_John_: yes, or apache's own "apache2ctl (something)"
<John_John_> udo service apache2 start
<John_John_> worked
<John_John_> so i am fine so far i guess
<John_John_> one more question please ?
<John_John_> i have installed parallels tools
<Prezident> Hey
<Prezident> sur.
<John_John_> where can i find the mount ?
<bekks> Which mount?
<John_John_> its ok maybe they are installed correctly because i found my mac share folder under /media/psf
<John_John_> but what exacly is /media/psf ?
<John_John_> why psf ?
<John_John_> can i give it an alias/shortcut ?
<bekks> How are we supposed to know why you named your device "psf"? :)
<John_John_> no no no noi didnt named that
<bekks> Then it wouldnt be named like that ;)
<John_John_> my device is called âElementsâ and its under /media/psf/
<bekks> So your user is named psf, then?
<John_John_> no no
<John_John_> my user is also displayed under psf too!!!!
 * RoyK gets off to do something more productive, like drinking beer
<bekks> RoyK: :)
<John_John_> RoyK:  LOL
<John_John_> maybe psf is a name that paralles created ? who knows
<John_John_> but anyways can i give an alias to what is under /media/psf ?
<bekks> "Parallels Shared Folder".
<John_John_> right!!!!
<John_John_> so what about the alias ?
<bekks> Which alias?
<John_John_> all i want is to say âElementsâ
<bekks> It says "Elements".
<John_John_> and access /media/psf/Elements
<John_John_> is that possible ?
<bekks> And it is mounted under /media/psf - that how things work in Parallels.
<John_John_> maybe i do not ask correctly
<John_John_> anyways not so important
<John_John_> hmm
<John_John_> java -version
<John_John_> The program 'java' can be found in the following packages:
<John_John_>  * default-jre
<John_John_>  * gcj-4.8-jre-headless
<John_John_>  * openjdk-7-jre-headless
<John_John_>  * gcj-4.6-jre-headless
<John_John_>  * openjdk-6-jre-headless
<John_John_> Try: sudo apt-get install <selected package>
<John_John_> i just want the oracle jave 8
<John_John_> what shoud i do ?
<bekks> You have to install that manually.
<bekks> http://askubuntu.com/questions/464755/how-to-install-openjdk-8-on-14-04
<John_John_> no not open jdk
<John_John_> i want this one!!!
<John_John_> http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
<bekks> http://tecadmin.net/install-oracle-java-8-jdk-8-ubuntu-via-ppa/
<RoyK> John_John_: really, java?
<RoyK> John_John_: java is for visiting, java coffee is for drinking, java in computing is for loathing
<John_John_> lol why you say that ?
<bekks> Because it is the truth.
<John_John_> which other open source language/framework is close to microsoftâs .net ?
<bekks> Mono.
<John_John_> fuck monoâ¦mono is shit
<John_John_> are you a developer ?
<bekks> It is far more close to .Net than Java.
<John_John_> i dont think so really
<John_John_> i know java is shit ok
<bekks> Then you are denying technical facts.
<John_John_> but php is better ?
<bekks> PHP has entirely nothing to do with .net
<John_John_> i know that
<John_John_> but i need to develop and be safe
<John_John_> i am adeveloper
<bekks> Then dont use PHP at all.
<John_John_> lol
<bekks> PHP is a big pile of crap.
<John_John_> what to use then ?
<RoyK> C? HTML5?
<bekks> Depends on your requirements - just naming different languages doesnt specify them.
<John_John_> i need to create a mail client application
<bekks> Arent there enough MUA already? :)
<RoyK> apparently not....
<John_John_> this is a long discussion now
<John_John_> my mail client will have âspecial featuresâ
<bekks> Like?
<RoyK> John_John_: anyway - what is it openjdk can't do?
<John_John_> like departmental email management ?
<bekks> John_John_: Thats nothing a client should handle, but your mailserver should do :)
<RoyK> I don't think that is closely tied to a specific language
<John_John_> i dont know openjdk but i hear is not compatible with oracle java sadly
<bekks> "I hear" - thats not very reliable.
<RoyK> John_John_: it's the other way around
<John_John_> i agree
<RoyK> John_John_: and if you're using it server-side, why bother?
<John_John_> i need a server side technology that it is a stable one
<bekks> So use OpenJDK 8.
<John_John_> anyways i want to go with java for now
<RoyK> bekks++
<RoyK> John_John_: the code written for openjdk8 is compatible with the jvm from oracle, but that doesn't matter. So long the java stuff is done on the server, the users won't even need java installed (which is a jolly good thing)
<John_John_> i am talking about me now and the tools i ll be using
<John_John_> not the end users
<RoyK> then use openjdk
<John_John_> and why oracle supports only .rpm ?
<RoyK> forget oracle
<John_John_> that makes me think to move to CentOS i guess
<John_John_> forget oracle ??????
<RoyK> yes. forget. oracle.
<RoyK> use openjdk
<RoyK> it works
<John_John_> i am not that good in java i guess and i dont have time for such risks
<RoyK> omg
<John_John_> i maybe think about it for a while
<bekks> I still can see "I hear" is the main reason for assumptions in your design process.
<John_John_> shameâ¦and i like ubuntu!
<RoyK> John_John_: if you don't know too much, learn more
<JanC> John_John_: technically, Oracle JDK 8 is a commercial release fork of OpenJDK 8
<John_John_> ok i have just installed the default jdk
<JanC> and they probable use.rpm because that's what Oracle Linux uses  :p
<John_John_> whis is openjdk 1.7
<John_John_> is that ok ?
<John_John_> for some reason it doesnt give me 1.8 by default
<John_John_> only 1.7
<John_John_> but if i want i can download the tar from oracle and install it locally in my home folder
<JanC> that should give you support on older OS versions too, so unless you really need any JDK 8 (= 1.8) features JDK 7 should be fine
<John_John_> i dont need 8 features no i guess
<John_John_> how do i search for a package with apt get ?
<John_John_> for example glassfish ?
<JanC> apt-cache search
<John_John_> is cache upto date ?
<JanC> run 'apt-get update' to make it up-to-date
<John_John_> i have done so
<JanC> it's up-to-date until at the point in time when you last ran that  :)
<John_John_> lol ok
<John_John_> how can i download files from internet in console ?
<Quoexl> wget?
<JanC> there are several ways, but usually people use wget or curl
<John_John_> thanks i ll check out how they work
<Quoexl> wget http://whatever the download link is
<JanC> wget is probably the easiest for simple downloads
<Quoexl> or install links2 and use the text based browser
<John_John_> how can i tell to what directory should download ?
<Quoexl> it downloads right where you are sitting
<Quoexl> if you have access to write to that dir
<John_John_> ok that works for me
<John_John_> actuall i am in my home dir
<Quoexl> then it will drop right where you sit
<John_John_> which is totally empty
<John_John_> no predefined dir structure like dokuments and downloads in server edition ?
<JanC> wget also has a -P/--directory-prefix option
<JanC> but the default is '.', so "wherever you are"
<JanC> John_John_: I doubt it's totally empty (likely has some .dotfiles)
<John_John_> yes only those
<JanC> but you can create directories as you like, of course
<John_John_> ok so ill create my Downloads directory i guess :)
<John_John_> with mkdir right ?
<JanC> most of those directories don't make sense on a server anyway
<JanC> yes
<John_John_> so where an expert user downloads things on a server ?
<JanC> wherever you need/want them?
<John_John_> i need to download glassfish app server
<John_John_> where is a good location to download and extract ?
<John_John_> is inside the home folder a safe bet ?
<JanC> I have no idea; ultimately you probably want/need it to be in some particular folder related to your project?
<JanC> you can always copy/move it later though
<John_John_> ok i guessed so
<John_John_> ok thanks :)
<JanC> _personally_ I tend to make some project directory where I store everything related to that project
<John_John_> thats good i agree
<JanC> seems like glassfish is already available in Ubuntu though?
<John_John_> alrighty
<John_John_> so far so good
<John_John_> i have installed and run latest glasfish and work ok so far with openjdk 7
<John_John_> for now i am good from the server side
<John_John_> now my client/host is a mac
<John_John_> ubuntu is on vm
<John_John_> i have installed everything i need on my macâ¦java/ide etc
<John_John_> can i use for example eclipse on my mac to access glassfish on ubuntu ?
<John_John_> i have set up hosts already and i can reach glassfish console from my local browser on the mac
<RoyK> John_John_: I'd suggest a separate machine, perhaps a raspberry pi or something, for the linux stuff
<RoyK> John_John_: makes it easier to handle
<Guest63112> i was woundering if i could get some help with my ubuntu server ive setup. its running a dhcp and its giving out ips correctly the only problem is that for android phones the device is not able to connect to anything untill its pinged from inside the network
<Guest63112> is anyone monitoring this chat?
<TheSpawnMan> @nomadjim how does this magic place work?
#ubuntu-server 2014-11-30
 * pmatulis yawns
<jstrem> I'm having a problem with a new install. grub keeps failing. I'm installing via usb drive.
<Prezident> What error messag?
<jstrem> give me a bit and I'll give details. I'm trying the install again. it has a few minutes to go.
<Prezident> ok
<jstrem> wr
<jstrem> error message: unable to install grub in /dev/sda . executing failed. fatal error.
<sheptard> I hate how ubuntu assumes you want the boot loader installed on SDA
<sheptard> s/SDA/sda/
<jstrem> skip it and do a manual install... I'm guessing is the work around?
<christinasalisbu> Hello!
<christinasalisbu> I have a couple âmaybeâ quick questions, it is more Minecraft specific. So we keep getting this error Authentication servers are down. But authentication servers Arenât down, so I feel like it is a problem with our firewall or if anyone knows something else that would be great!
<jstrem> sounds like a port forwarding/minecraft/router issue rather than a ubuntu issue?
<jstrem> yeah. new install and dodge grub. .. bad idea. I get nothing but a blank screen on boot. time to burn a dvd and forget usb.
<christinasalisbu> It sounds more like a Firewall issue is there a way to uninstall  I tried something like sfw disable or something like that.
<jstrem> fixed. forget usb install. what a mess.
<hadifarnoud> how can I give non root users access to run a command that needs sudo? I want to give www-data user access to nginx command
<rajvi> Hi Guys. Could anyone tell me what's the most common, easiest & safest practice to add startup scripts?
<hxm> can i change a partition type with fdisk?
<Patrickdk> depends
<Patrickdk> though, the partition type normally doesn't mean anything and is rarely used
<hxm> is a logic partition with linux format but i want swap
<hxm> ah found it, "t"
<Patrickdk> assuming your using old partitions, and not gpt
<hxm> yes, old partitions
<hxm> i saw the warning
<Finetundra> has anyone here managed to install ubuntu server on an IBM xSeries 225 type 8647?
<bekks> Finetundra: Which issue exactly do you have, installing Ubuntu on a IBM xSeries 225 type 8647? :)
<Finetundra> bekks, primarily its getting the blasted thing past GRUB. past that nothing much that effects useability too badly
<bekks> Whats the issue at that point?
<Finetundra> i get a message saying that the resolution cannot be displayed and then it just sits there with that message
<Patrickdk> but who is saying that?
<Finetundra> what do you mean who?
<Finetundra> Patrickdk, the graphics card i believe
<Patrickdk> no, graphics cards don't print errors
<Patrickdk> sounds like you have a crap monitor
<Patrickdk> and your system knows it can do better so it did
<Patrickdk> if you can see grub, then grub isn't the problem
<Patrickdk> something else is using a high video res
<Finetundra> Patrickdk, the graphics card has 8mb of vram. the monitors i use work perfectly fine with signal coming off of any other machine
<Patrickdk> yes, but what does any of that have to do with this issue?
<Patrickdk> did you tell the other systems to use the same video res that this system is using?
<Patrickdk> if you did, the same issue would exist
<Finetundra> so what are you getting at?
<Patrickdk> I already told you
<Patrickdk> what part of it didn't you understand?
<Finetundra> yes, but booting to grub is the only thing that causes this. what you suggested leaves me a tad confused
<Patrickdk> can you see or not see the grub menu?
<Finetundra> can't see it at all.
<Patrickdk> even if you use the shift key?
<Finetundra> usually. i got past ti with that once but never again
<Finetundra> *it
<Finetundra> it displays fine with everything but grub
<Patrickdk> so your looking at doing soemthing like this
<Patrickdk> http://ubuntuforums.org/showthread.php?t=2189519
<Patrickdk> depending on exactly what video card your using
<Finetundra> i think so
<qman> Finetundra: have you trued the nomodeset option?
<qman> tried*
<Finetundra> qman, whats that?
<qman> it turns off kernel mode setting
<qman> Finetundra: there should be an F key option to use it from the live disc, but if you don't see it, just hit to enter parameters manually and add nomodeset to the end of the kernel boot line
<Patrickdk> qman, but nomodeset is a kernel option, not grub
<Patrickdk> it would have no impact on grub
<Patrickdk> and the kernel loads after grub
<qman> grub's visibility is irrelevant as long as it's working afterward
<qman> especially for the installer
<Patrickdk> but he only said he had an issue with grub
<Patrickdk> though, the video the kernel uses afterwards, is completely independent
<JustEnki> hi, is anyone here familiar with socat?
<grendal_prime> this is sort of off topic...but ummm i need some project management software for something kinda odd.
<grendal_prime> like for a hydro electric company.
<kevindf> I'm currently running a Teamspeak server & OpenVPN server on my Ubuntu server that's running on a "old" PC, I'm planning to run a LAMP server also in order to host a Teamspeak web interface. If i'm correct installing and hosting a LAMP server just for this web interface without traffic won't take much of my hardware resources if i'm correct?
<grendal_prime> can anyone recomend something?
<grendal_prime> screen sharing is pretty proc intensive
<grendal_prime> when you say old pc...what is the specs on it?
<grendal_prime> and teamspeak server?  i though with teamspeak you sent your stream to their servers...therefore reducing the bandwidth required on your uplink.
<kevindf> AMD Athlon(tm) XP 3000+ with 1048GB RAM
<kevindf> 1024*
<Finetundra> kevindf, you sure about that being GB?
<Finetundra> not mb
<kevindf> It's just about hardware resources, I've got enough network capacity
<kevindf> Yes sorry, that's a typo :)
<hxm> how to quick format with makefs.ext3?
#ubuntu-server 2015-11-23
<eman_no1> Does anyone know if there is an updated PPA for HSTR/Server 15.10?
<dustin_> I'm trying to update a production server that is running an EOL version of ubuntu 14.10. I keep getting errors regarding the mirrors. Is there an easy way to upgrade to the lts version?
<lifeless> dustin_: theres a copy of all the old releases  you can use
<lifeless> dustin_: you need to update your sources.lists files to point at them
<hateball> !eolupgrade | dustin_
<ubottu> dustin_: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<dustin_> My server is on digital ocean. I have read through the EOLUpgrades link and am trying that now. I'm about to just spin up another server and re-deploy. This is too difficult for this time of night.
<dustin_> lifeless : how do I find the codename of the dist that is on my server?
<bradm> dustin_: https://wiki.ubuntu.com/Releases
<lordievader> Good morning.
<Yossarianuk> hi - how to I stop 'ALLOWED' apparmor rules from writing to the logs?
<Yossarianuk> e.g -> im getting lots of '[44955.878729] type=1400 audit(1448269350.768:220): apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/var/lib/sss/pubconf/krb5.include.d/domain_realm_ipa_xxxxx_co_uk" pid=8515 comm="ldap_child" requested_mask="r" denied_mask="r" fsuid=0 ouid=0' - can I modify the apparmor rules to not write to the file ?
<jjohansen> Yossarianuk: set your syslog filter to through out the messages if you don't want them in your logs
<Yossarianuk> jjohansen: cheers - wasn't sure if the filtering could be done via apparmor rules..
<keyf> Is there a way to increase entropy generation on ubuntu? I'm trying to read a few kb from /dev/random and its been 30 minutes already
<keyf> banging on the keyboard to no avail
<hateball> they left before they could learn about /dev/urandom
<jpds> hateball: That's insecure :-O
<jrwren> lol
<jrwren> 'cept its not.
<hateball> :\
<jrwren> http://www.2uo.de/myths-about-urandom/
<jpds> jrwren: sudo apt-get install rng-tools
<jpds> jrwren: And you're /dev/random will hardly ever block
<patdk-wk> it's not, anymore, insecure
<jrwren> jpds: nice.
<patdk-wk> rng-tools broke for me, on upgrade to 14.04
<Xat`> hi guys
<Xat`> I'm using 15.04 and I installed xen-hypervisor. I'm able to select "Xen hypervisor" entry at grub screen, but it crashes after "LOADING DOMAIN 0", then reboot
<smb> Xat`, That is not really much information to work with. One thing which could cause something like this would be that you try to boot in UEFI mode. That is not working that well and you may be more successful when using backwards compatible BIOS mode (whatever that is called)
<Xat`> smb: I'm using standard BIOS
<Xat`> (old)
<Xat`> I followed this link : https://help.ubuntu.com/community/Xen
<Xat`> and everything works well with 14.04
<smb> Xat`, Maybe try to install xen-system-amd64 instead of xen-hypervisor-amd64 if that gets you some xen-utils that is the problem
<Xat`> smb: I'll try
<Xat`> smb: same behavior
<smb> Xat`, hard to say then what is wrong. Maybe adding "loglvl=all guest_loglvl=all" to GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub.d/xen.cfg, then run update-grub and then reboot shows something usable. But if it quickly reboots it might be hard to read anything before its gone
<T3DY> Is there a command to setup automatic backups to another backup server? / Whats the best way?
<thebwt> What kind of backups?
<lordievader> T3DY: I use dirvish for that.
<T3DY> for the whole server I guess
<T3DY> lordievader Ill check that out, thanks
<halcyforn> hello. i need antivirus for server. is something good what can scan all files what users upload on server, i need detect and kill all windows viruses malwares troyans etc.
<sarnold> halcyforn: i'm afraid clamav is probably your best bet
<lordievader> There is clamav.
<tarpman> halcyforn: there's no such thing as a "good" antivirus, but clamav is probably what you want
<lordievader> !info clamav
<ubottu> clamav (source: clamav): anti-virus utility for Unix - command-line interface. In component main, is optional. Version 0.98.7+dfsg-0ubuntu4 (wily), package size 96 kB, installed size 718 kB
<halcyforn> ok i hear some people say they have laptop and they dont need antivirus they only send files to server what sit on ubuntu. thats why i want  add something what detect and clear this files what people send to server. this clamav detect malwares or not?
<tarpman> it tries.
<halcyforn> hmmm or try  eset for linux
<quantic> halcyforn: And what OS are they running on their laptops?
<halcyforn> windows 7
<RoyK> T3DY: I use bareos
<quantic> halcyforn: aaand they say they don't need antivirus.
<halcyforn> yes
<quantic> halcyforn: I'm waiting for the absurdity of that statement to sink in.
<halcyforn> or they dont need because kaspersky slow down computer :D
<sarnold> I'm not surprised they don't -want- antivirus, it usually makes computers miserable slow etc
<quantic> want vs need.
<sarnold> and it's a constant stream of attempts to upsell people on more securityware
<tarpman> halcyforn: force windows defender on them all with group policy, job done?
<sarnold> the best one out there was microsoft's security essentials. no crap, no upsells, just a bare-bones AV. it was great. they killed it.
<quantic> halcyforn: yeah, your problem is not the server. your problem is endpoint security.
<halcyforn> maybe work but when i see what they install i want secure server and people what use files on this server.
<sarnold> AV on the ubuntu system still makes some sense, since the clients can be bypassed or not have sufficient definitions, etc..
<quantic> sarnold: I'm gonna bet that even a freeware Windows AV product is going to catch more than clamav.
<halcyforn> kaspewrsky dont detect malwares this is bought for company antyvirus. this people use  downloaders form sites
<halcyforn> thats why i want detct some shit on server
<sarnold> quantic: yeah, but people turn things off, or they ignore the "update virus definitions?" dialog boxes, etc.
<quantic> sarnold: Avast business, push via policy console. Free.
<quantic> Decently performant, good detection rates, and you can lock down endpoint configuration.
<halcyforn> avast hmm on older machines can make nice slow down
<halcyforn> like kaspersky
<sarnold> halcyforn: there's no way around that.
<sarnold> halcyforn: the trick is to find one without a crappy UI that makes things worse than they need to be :)
<quantic> halcyforn: Do you want a fast solution that doesn't actually catch anything, or do you care about security as well?
<halcyforn> i care for security and i care for people what have antiviruses on their machines but if they send infected files to server kaspersky dont detect malwares and some shit like troyan downlaoder when they download infected files from server. thats why i think about something what can detect this shit on server.
<quantic> i understand what you're going for, but you're running around with unprotected endpoints, and think that installing clamav or something on the server is going to do the trick.
<halcyforn> this is not a perfect solution but add some security
<quantic> halcyforn: see also: layered defense.
<k2gremlin> Hey all, kind of a unique situation here. Got 2 VM's. First one is my WAN/LAN firewall Cent OS. Second is my GNS3 Debian build. I noticed that all of my traffic is appearing on both VM's. Lan traffic should only go out the Firewall server. Why is my GNS3 server also seeing the SAME traffic?
<quantic> k2gremlin: what hypervisor are you using, and are they on the same logical network segment?
<k2gremlin> quantic, using ESXi and yea they are on the same vswitch
<quantic> k2gremlin: same host?
<k2gremlin> nope
<k2gremlin> 2 different VM's
<quantic> k2gremlin: yyyeah. I said host. :P
<k2gremlin> Errr same physical box yes
<k2gremlin> lol
<quantic> k2gremlin: I think that VMs on the same host share the PHY layer. Both VMs are going to see traffic on the wire.
<quantic> k2gremlin: but, uh, double check that.
<k2gremlin> It makes sense that them being on same vSwitch would cause this.. but same host??
<k2gremlin> Ill split up the vSwitch :)
<quantic> k2gremlin: Um, think about that for a second.
<zingz0r> hi
<k2gremlin> well, the other vSwitch would be on a seperate VLAN.
<k2gremlin> traffic should not cross vlans
<quantic> k2gremlin: Being on the same vSwitch would NOT cause this.
<zingz0r> can you help me understand what is this mean: Failed to start user service: Unknown unit: user@0.service
<quantic> k2gremlin: But the same host certainly could, as it's all the same physical hardware.
<zingz0r> it'sw in dmesg
<k2gremlin> quantic, let say I have a router and switch hooked together. I have 3 vlans on the router trunked to the switch. However, on the switch I have 3 seperate access ports. Traffic doesnt cross vlans there..?
<k2gremlin> even though using same physical
<k2gremlin> :)
<quantic> k2gremlin: But you have two VMs on the same host on the same vSwitch on the same VLAN. They're sharing everything except MAC addresses.
<quantic> k2gremlin: So, yeah, they're gonna see everything on the wire together.
<quantic> k2gremlin: New VLAN and vSwitch would fix it, but then you've got to adjust routes.
<k2gremlin> Yea thats why I said if I put the GNS3 on a seperate vSwitch (seperate NIC) should resolve the issue
<k2gremlin> Yep yep :) Ill have to add another interface to my Cent box, put that on the same vswitch as the GNS and route it
<k2gremlin> Now, my question is, since I only need to talk between the cent box and the gns box, do I need to have a cable physically connected to the un-used NIC on my server?
<requiest> hi all
<thebwt> Is there a way to simply fetch the release codename via cat'n a file or something? I'm writing some docs and have to assume the reader doesn't just know 14.04 means trusty.
<tarpman> thebwt: lsb_release -cs
<thebwt> tarpman: BOOM! thanks!
<Ripmind> Does anyone know a good UPnP server for ubuntu?
<quantic> Ripmind: I use miniupnpd
#ubuntu-server 2015-11-24
<neonixcoder> hi team, this is general question not specific to Ubuntu but this is happening on Ubunut. So I am asking it here..
<neonixcoder> We have a script which monitors network connections, if there is no network connection(3G connection) it just tries to enable networking. If this is not working out, this script will reboot the system. And these reboots happens, untill we get network connectivity back.
<neonixcoder> The issue is after 5 bad pings, this script is not writing anything to log file. We tried to replicate this in lab, and everything working fine..
<neonixcoder> bit strange and I am not able to conclude what is happening with the script.
<neonixcoder> any suggestions?
<patdk-lap> based on that info? none at all
<patdk-lap> it did not provide any useful info
<neonixcoder> the file system is rw mode, so read-only mode is eliminated..
<sarnold> pastebin the script?
<sarnold> pastebin how you're running the script?
<neonixcoder> How are you Arnold?
<neonixcoder> Give me 2 mins..!
<patdk-lap> what the filesystem is and what is the reboot?
<sarnold> not bad, surprised how quickly the weekend went, but not bad :) you?
 * patdk-lap is just upset he debugged for 2hours why a patch wasn't working
<patdk-lap> to come to find, the patch was not installed
<patdk-lap> and to find, myself from 2years ago, was smarter than I am today :)
<neonixcoder> http://pastebin.com/6ymadTvb
<neonixcoder> I am good Arnold, thanks for asking..
<sarnold> patdk-lap: oh yeah, been there. It's especially fun to find my own answers on stack overflow.
<patdk-lap> add some syncs in there
<patdk-lap> not sure what kick_watchdog.sh does
<patdk-lap> but it doesn't sound filesystem friendly
<patdk-lap> sounds more like, yank power
<sarnold> poor dog
<neonixcoder> patdk-lap: It is just a watchdog script which is poweroff the machine completely and boots after 5 seconds.
<patdk-lap> yes, but exactly how?
<neonixcoder> Up to 104 line it is fine, but 105 line on words I dont see any logs..
<patdk-lap> it matters if the kernel has time to write everything to disk or not
<patdk-lap> watchdogs normally don't
<neonixcoder> patdk-lap: We have a c code in that kick_watchdog.sh script which take care of kicking power off.
<patdk-lap> so it's not friendly
<patdk-lap> at the top of kick_watchdog.sh add sync command
<patdk-lap> should help
<neonixcoder> patdk-lap: what you mean by not friendly?
<sarnold> it doesn't give the filesystem a chance to sync, umount, etc
<neonixcoder> patdk-lap: We can not use sync as we deliberately delayed writting to disk by 30mins in kernel.. but when we do kick_Watchdog.sh run, it have sync included.
<neonixcoder> sarnlod: Can you explain a bit?
<sarnold> neonixcoder: the kernel will buffer writes until some convenient time in the future
<sarnold> writes to files don't happen immediately, they happen at only certain points
<neonixcoder> yes..
<patdk-lap> even worse if mapper stack is used
<sarnold> so the usual thing to do is to run sync to make sure that those changes have been flushed to disk, and if you can umount the filesystem first, that's even better
<neonixcoder> sarnold: my  script struck up there like 2 to 3 days with out writing anything to log file. just a note, we sync data to disk every 30mins.
<sarnold> btw, all these 'sudo' in here seem funny
<sarnold> does this run as root? or not?
<neonixcoder> :)
<neonixcoder> I know it sarnlod, I am going to modify it.
<sarnold> if it doesn't run as root, is sudo configured to allow it to run those commands without prompting and so no?
<neonixcoder> This is written while back, if I past you actual script, you will laugh at me ;)
<sarnold> note that the sudo foo >> bar may not work as you want. everyone gets tripped up with that..
<neonixcoder> sarnold: Yup, I am going to remove sudo from it.
<neonixcoder> sarnold: will that helps?
<sarnold> neonixcoder: unlikely
<neonixcoder> yes.. this script was running for a while with out any issue.
<neonixcoder> We are seeing this issue recently on couple of servers..
<neonixcoder> Our servers are connected to network through 3G, if there is no 3G network, our script tries to disable/enable for some time. If its unable to bring network, it will reboot machine.
<neonixcoder> If there is no network for 10 mins, the system will be rebooted. At the time of reboot, system disks are synced. so there is no point why my script is unable to write to disk.
<neonixcoder> Any suggetions?
<sarnold> are you sure the machines arent hung entirely?
<neonixcoder> They dont hung..
<neonixcoder> Y'day we sent a technician to see if can login. And he is able to do that. I ran some simple tests like checking network connectivity(Which is not there at the time of testing), weather my script is running or not(ps -ef | grep scriptname shows that script is running), I tried to create empty files to see file system is not mounted as readonly and I am able to create empty file as well.
<neonixcoder> And the funny part is, I am unable to replicate in our lab.
<neonixcoder> Our script is doing what it is meant for.
<sarnold> you've got a shell ona system that's showing the issue? that's awesome; you can attach strace to it and find out what it's doing :)
<sarnold> strace -f -o /tmp/strace.log -p pid
<patdk-lap> you sure the pci_modem status program isn't hanging?
<patdk-lap> due the the 3g issue
<neonixcoder> great, sarnold. I forgot to do this.
<neonixcoder> I will do this when we see this issue again.
<neonixcoder> and see if I can find, what our script is doing.
<sarnold> good point, if any of the called programs hang, it might be hard to tell it apart..
<patdk-lap> well, we where assuming it rebooted
<patdk-lap> but if it isn't :)
<sarnold> hehe
<neonixcoder> patdk-lap: I too have same doubt about pci_modem status program. I will try to check next time when it happens..
<patdk-lap> add a timeout timer to it
<patdk-lap> in shell script, that could be annoying though
<sarnold> a watchdog for the watchdog script :)
 * sarnold runms
<patdk-lap> well, the watchdog script doesn't have a proper gun
<neonixcoder> patdk-lap: The status command worked fine till 4 bad pings.. have a look at my log file at http://pastebin.com/eztiyvub
<neonixcoder> patdk-lap: From the 5th bad ping, it stopeed writing to log file, I see other programs are able write to same log file successfully.
<SyncopatedFool> Having trouble setting up postfix on Ubuntu server, I have POP3 working properly, but SMTP without authentication won't allow me to send outgoing mail, and I am having troubles setting up authentication.
<SyncopatedFool> mainly I have the configuration set up fine, but I have no clue how to setup the auth key to make it work
<SyncopatedFool> Having trouble setting up postfix on Ubuntu server, I have POP3 working properly, but SMTP without authentication won't allow me to send outgoing mail, and I am having troubles setting up authentication.
<SyncopatedFool> mainly I have the configuration set up fine, but I have no clue how to setup the auth key to make it work
<SyncopatedFool> been using this guide to set up smtp auth, but failing at proving authentication http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html
<eahmedshendy> Is that right that Ubuntu 14.04 the last version with Upstart ? I'm studying Upstart to add some scripts at the boot time, but someone told me it is deprecated with systemd?
<TJ-> eahmedshendy: it's optional on 15.04, and not used on 15.10
<eahmedshendy> TJ-: Ok, now we are working on Ubuntu 14.04, and I am studying Upstart, Am I wrong?
<eahmedshendy> I have this error:http://paste.ubuntu.com/13492759/
<eahmedshendy> Hi, anybody here?
<teward> rbasak: ping
<jgrimm> teward, fyi rbasak is out on holiday all this week
<teward> ok
<teward> then nevermind :)
 * teward yawns
<teward> (it's only the nginx merge that's blocked because testing is in failure state due to the sbuild schroots being busted by a bad bug in ubuntu)
<jgrimm> cpaelzer, feel free to add yourself to the irc meeting rotation -> https://wiki.ubuntu.com/ServerTeam/Meeting
<cpaelzer> jgrimm: done
<jgrimm> thanks!
<Sazpaimon> when building an ubuntu server AMI, is there a known list of directories/files to clear/empty out in order to have a clean image?
<Sazpaimon> I know stuff like things in /var/log, and maybe .bash_history, but I can't think of anything else
<Sazpaimon> I also dont know if completely deleting the contents of /var/log is safe
<sarnold> probably /etc/ssh stuff too, to ensure you generate a unique host key on reboot ..
<helo> where does openssh-server log to?
<helo> i see it is set to use AUTH syslog, but i see nothing in syslog or auth.log
<sarnold> /var/log/auth.log on my 14.04 lts system
<patdk-wk> heh, /var/cache
<jelly> where do VMs on amazon get their entropy from? Re: > generate a unique host key on reboot ..
<sarnold> jelly: in theory they could use somethinglike virtio-rng http://wiki.qemu.org/Features-Done/VirtIORNG
<sarnold> jelly: another option is touse an entropy-as-a-service tool such as pollinate to grab some entropy from a service such as entropy.ubuntu.com
<sarnold> jelly: another option is to use something in cloud-init to provide a seed, but I'm not sure if that's pre-made and ready to go or not...
<jelly> thanks, I was not aware of half that stuff
<Logos01> Howdy, folks -- I'm trying to set up an stunnel connection between an Ubuntu 14.04 machine and a CentOS 7 machine -- I'm invoking stunnel4 as the client on the Ubuntu machine. The problem is that even though I've hard-coded the config file to use TLSv1, it's still giving me SSLv3 errors
<Logos01> As though it's not using TLSv1 at all.
<Logos01> Anyone run into this before?
<Logos01> I keep getting "SSL3_GET_RECORD:wrong version number" in /var/log/syslog
<sarnold> that alone wouldn't worry me too much, there's enough similarity between sslv3 and tls1 that there's function re-use, keeping same names etc..
<sarnold> try confirming both endpoints with openssl s_client or .. wireshark? ettercap? to try to figure out which specific protocol is  being used
<Logos01> Well, I've tried hard-coding tlsv1 and/or sslv3 on both ends and I keep getting that error.
<Logos01> I keep seeing disconnects as well.
<denbeiren> hi all,.. i was thinking if there is a distro or tool that specifies on "booting a buggy computer and backing up all of the standard data to a networklocation" type of thing
<Logos01> Hrm... openssl s_client -connect ubuntu.machine:port -tls1 -CAfile /etc/stunnel/ca-chain.pem returns "no peer certificate available"
<Logos01> What the devil did I do ... this was working a minute ago. :(
<sarnold> denbeiren: knoppix is popular for that
<sarnold> denbeiren: ubuntu livecd, if that still works..
 * teward pokes sarnold
<sarnold> afternoon teward :)
<teward> sarnold: got a few moments for a PM?
<sarnold> sure
#ubuntu-server 2015-11-25
<VictoriaXOXO> Q: Hello! How do I FULLY disable ICMP timestamp requests and responses on my Ubuntu 14.04 box? :)
<VictoriaXOXO> Q: Hello! How do I FULLY disable ICMP timestamp requests and responses on my Ubuntu 14.04 box? :)
<k2gremlin> VictoriaXOXO, shut it down? lol j/k idk
<VictoriaXOXO> k2gremlin: :|
<OerHeks> old answer, still valid, http://blogs.reliablepenguin.com/2009/11/17/iptables-filter-icmp-timestamp-requests >> but why would you want that?
<VictoriaXOXO> OerHeks: Dude. You didn't include my nick.
<VictoriaXOXO> So I missed it.
<VictoriaXOXO> OerHeks: Does this mean that it worked? http://pastebin.com/mmQtxuf8
<trippeh_> root@mental:~# virsh start ato-pelle
<trippeh_> error: Failed to start domain ato-pelle
<trippeh_> error: unsupported configuration: numad is not available on this host
<trippeh_> root      1134  0.0  0.0  19956   136 ?        Ssl  05:14   0:00 /usr/bin/numad -i 15
<trippeh_> hrms ;)
<trippeh_> not sure if numad is cool even, just trying things out
<sarnold> interesting, I hadn't heard of numad before; is it libvirt-specific?
<trippeh_> doesnt seem like it
<sarnold> hmm, I wonder what it does that numactl doesn't already do
<trippeh_> libvirt can query it for placement information
<sarnold> there we go
<trippeh_> well, recomended placement
<sarnold> i've thought about building that myself, in part becuase I don't seem to get along with libvirt :)
<trippeh_> libvirt tells it how many vcpus and how much memory, and it gives some recomendation back
<sarnold> nice
<trippeh_> "use these nodes"
<trippeh_> of course now THP stopped working :P
<trippeh_> hm, changed the config, it seems to do something
<trippeh_> Wed Nov 25 05:37:32 2015: Advising pid 1969 (qemu-system-x86) move from nodes (0-1) to nodes (0)
<trippeh_> and THP suddenly works
<trippeh_> and numastat says all memory for the vm is on the correct node
<trippeh_> huh
<sarnold> woo :)
<sarnold> now start ten more and see what happens :D
<trippeh_> I'm trying to keep my huge Plex media VM on node 0 as all the SAS HBAs and 10Gbes are on it as well ;)
<sarnold> your qpi link will thank you :)
<trippeh_> could be kernel is smart enough out of the box these days tho
<sarnold> i'm not sure about that
<trippeh_> ok maybe not for hba/10g locality, but mem
<sarnold> riel's been working on code to keep the memory and the processes aligned but I haven't heard of any efforts to keep the close tothe devices they need
<trippeh_> hmm maybe thp stopped working because qemu is forgetting to madvise if you set static numa config or something
 * trippeh_ tries thp = always instead
<trippeh_> nopes
<trippeh_> for some reason if numad tells qemu to use a node, thp works, but if node is set in libvirt config, it doesnt anymore
<trippeh_> smells buggy ;)
<trippeh_> just using a cpuset seems to do the right thing
<sarnold> and hopefully riel's work will keep the memory local just out of convenience
<trippeh_> numastat says all the memory is on the right node
<trippeh_> 3190 (qemu-syste  49221      0 49221
<sarnold> is that pid, comm, node1, node2, total?
<trippeh_> ya
<trippeh_> well node0, node1 ;)
<trippeh_> altough some of the other vms seems to bleed over a little
<Xat`> hi guys
<Xat`> anyone knows why I'm getting "Commissionning to failed commissionning", and in maas.log I have "Marking node failed: Node operation 'Commissioning' tmed out after 0:20:00"
<Xat`> I tried to debug this during about 5 hours, unsuccessfully
<Xat`> I have maas 1.7
<AtuM> I am searching for a way to integrate ubuntu to MS-AD. I know that login to ubuntu can be done with an AD account.. but would that also give me proper access to windows shares or not?
<AtuM> I would like to use autofs to reach the necessary shares.. I am now just wondering if I'll have to set up "credentials" files or not..
<AtuM> found it. i have to see if it works on ubuntu
<eahmedshendy> Hi, I tried to uninstall mysql-server-5.5, then install mysql-server-5.6 but I got this error while installation: http://paste.ubuntu.com/13502312/
<eahmedshendy> Ubuntu 14.04.3
<ikonia> thats coming from the Mysql PPA
<eahmedshendy> ikonia: yes, so?
<Mik0z> Hello, I have a fairly simple question that I can't seem to find a consensus on what to do. I am trying to figure out how to setup permissions for ubuntu 14.04.1 to allow apache to host files out of /srv/www/site.com/public_html and allow a group called webmasters, to upload files, etc. Im struggling to figure out what permission set results in this configuration, while being secure
<nat0> Can anyone tell my why preseeding a fresh install of 14.04 from a local mirror fails after searching for dists/precise-updates/Release, which doesn't even exist on the 14.04 installer DVD?
<TJ-> nat0: something in the preseed file maybe
<nat0> I've combed through it several times. :-\
<nat0> Happy to put it online for other eyes to gleen though.
<tpsilva> I'm trying to deploy Openstack with autopilot (Ubuntu 15.04), but it hangs at 82%... can anybody help me?
<sarnold> tpsilva: try using fatrace or or something similar to see what it's doing? is there anything enlightening in any of the log files? (there ought to be enough to choose from..)
<tpsilva> sarnold: I can see from cinder logs that rabbitmq is probably not running properly
<sarnold> tpsilva: aha,a start.. :)
<tpsilva> sarnold: but I don't even know which node is supposed to run rabbitmq... I'm used to single node devstack :)
<sarnold> tpsilva: does the autopilot thing use juju to deploy the the nodes? you may be able to juju ssh rabbitmq/0 if it does..
<tpsilva> it does use juju... let me check that
<tpsilva> sarnold: it says that there is no environment specified, but when I try to get a list of environments (juju switch -l), it gives me no result
<sarnold> aww :/
<sarnold> juju switch is newer than the last time I used juju.. look around for ~/.juju directories?
<keithzg> Huh, under 15.10 the sort order of `ls -la` is all wonky---by which I mean it ignores dots and case. Which, sure, for average users might be best, but really not what I'd want myself. What changed in that regard since 14.04?
<keithzg> Things go back to how I expect if I export LC_ALL=C, but I can't seem to find an equivalent "incorrect" (from my perspective) setting anywhere in /etc.
<keithzg> Or at least, the obvious culprit /etc/default/locale has the same value now as it did in 14.04 . . .
<keithzg> ...wait, was it wonky then and I just didn't notice? Now I'm feeling like I'm a crazy person ;)
<sarnold> keithzg: en_US and en_US.utf8 have had the annoying non-C sort for a dozen years or more
<sarnold> keithzg: my guess is you've have LC_COLLATE or LC_ALL or LANG set to C or C.utf8 in your ~/.bashrc or something similar :)
<keithzg> sarnold: Ah, interesting. Yeah, that's probably it then, LC_COLLATE sounds very familiar; I definitely remember monkeying around with that in the past, and most of the systems I deal with either don't have cluttered home directories or have ones longstanding and/or mounted from central network shares, so I probably "fixed" this for myself long ago and only now am noticing it isn't that way everywhere.
<sarnold> :)
<keithzg> sarnold: Thank you, as always :)
<sarnold> it took me the longest time to admit defeat and accept en_US.utf8 sorting order..
<Gnjurac> does minimal come with some partrition tool
<Gnjurac> ?
<tarpman> Gnjurac: fdisk(8), and I think cfdisk(8) too
<sarnold> probably fdisk and maybe cfdisk or gdisk or .. ?
<sarnold> gparted perhaps?
<sarnold> parted?
<Gnjurac> ok
<Gnjurac> tarpman:  ty
#ubuntu-server 2015-11-26
<HewloThere> Hi. I'm having trouble setting up a directory so that the directory can be edited by the 2 users. One controls the application (AMP/McMyAdmin) and I need a second user to be jailed within a directory inside it, but also have read/write.
<Node_000> hi
<sivir> hello
<Node_000> how to join this group
<Node_000> why name appears as node_000
<TheKing> join
<zingz0r> hi!
<zingz0r> is it normal if on power loss md0 raidis not remounting?
<zingz0r> in fstab:/dev/md0        /home   ext2    defaults        0       0
<Gnjurac> hi i installed ubuntu minimal with lxde but i have 1 problem  system trey bare isent working isent showing any app in it
<Gnjurac> probbably need some dependecis or somthing
<Gnjurac> any suggestion
<Gnjurac> got it
<ikonia> Gnjurac: why don't you just install lubuntu
<ikonia> that is ubuntu with a fully working and configured lxde enviornment
<Gnjurac> got it to work anywey
<Gnjurac> lubuntu comes with bloatwere for sure
 * ogra_` wonders why Gnjurac expects to get a proper answer for a desktop prob in #ubuntu-server ... i'd ask in #lxde or some such
<Gnjurac> i allraedy figure it out
<Westerdutch> o7
<Westerdutch> So im trying to configure my little ubuntu server for external access but failing horribly... any pointers where i should start looking at?
<Westerdutch> my router is se up correctly (openwrt server works like a charm)
<Westerdutch> ssh over lan works perfect as well
<Westerdutch> but no matter what i do i cannot access my ubuntu box externally (firewall off)
<lordievader> Good afternoon.
<padan> does anyone know of a way to get either nfs or cifs mounts in an lxc container? (using lxd in ubuntu 15.10)  i can't seem to get apparmor to not block it
<RoyK> padan: doubt it, since both are kernel-based - perhaps something with FUSE
<padan> it looks like you can get apparmor to allow it, but i can't seem to find the right syntax to implement per-container apparmor profiles - i should just be able to add "allow mount fstype=nfs," to the apparmor profile
<padan> lxc config set containername raw.apparmor "allow mount fstype=nfs" ... causes teh container to not start with no useful error messsages
<puffi> any ideas why apt-get install or cache wouldn't look in a repo that shows in apt-cache policy and seems to update in apt-get update?
<puffi> just can't seem to find any software in it
<padan> ahh - just needed to add teh stupid comma at the end :)  still not mounting, but at least apparmor isn't blocking it
<padan> well crap now i'm just getting mount error(1): operation not permitted
<padan> for both cifs and nfs
<padan> inside the container
<padan> fuse won't even install - can't mknod the device...
<tarvid> running apcupsd but reboot stops on grub screen, is that the result of apcupsd shutdown?
<bekks> tarvid: So what happens on the grub screen? The machine boots, finishes the POST, enters grub - and then?
#ubuntu-server 2015-11-27
<GeekMan1222> is the trs 80 100 a fun machine to mess with ?
<GeekMan1222> woops wrong roomm
<OerHeks> sure, https://en.wikipedia.org/wiki/List_of_software_for_the_TRS-80
<dcosnet> i highly suggest investing in a 486 or 586 not a trs80
 * dcosnet shrugs
<dcosnet> pre-mmx era though.
<kuryanto> Assalamulaikum.
<disposable> i've just installed 14.04 in virtualbox with EFI enabled. now i'm stuck at grub prompt with no menu. i created sda1 EFIboot partition (256MB, bootable) and sda2 for root filesystem. when i boot off rescue disk, i can see uuid of /dev/sda1 in fstab as /boot/efi and grub-efi-amd64 is installed (i've even done grub-install /dev/sda). have i missed something important?
#ubuntu-server 2015-11-28
<pmatulis> stokachu: ping?
<pmatulis> stokachu: hey. with the openstack-installer, where does the juju bootstrap server end up? i can't find it anywhere :)
<stokachu> pmatulis: single is in a container
<pmatulis> stokachu: i looked at the containers that got built on the node that the installer grabbed. i don't see a ~/.juju anywhere
<pmatulis> i want to be able to do 'juju ssh landscape-server/0'
<eatingthenight> any way that i can mount a new drive to something like /. say / is currently a 8GB volume and I want to mount a 500GB volume on / without losing any data or having to reboot
<bekks> You cant.
<lordievader> Good morning.
<lordievader> eatingthenight: Do you use LVM?
<eatingthenight> lordievader: let me check... just started at a new job and am really not liking how the ops guys have these servers setup
<bekks> 11"not really liking" :D
<lordievader> That is inevitable :P
<bekks> Thats not a valuable argument for changing things in a production environment :)
<bekks> On a server, 8GB / is most likely more than enough :)
<lordievader> Agreed.
<eatingthenight> i'm not going to argue with them it's just not how i have set them up in the past
<bekks> Yes. And maybe your way of setting up servers doesnt match the requirements of your new job.
<lordievader> Anyhow, to more or less answer your question. If you do not use lvm your idea is (likely) not going to work.
<bekks> That is what I meant with "not really liking" is not a justification for anything else but a personal opinion.
<eatingthenight> ok so instead of trying to do the above i'll give an example. I am using docker and when pulling down containers i'll eat up the 8GB provided for / fast. Would you instead partition another drive and make a storage volume and configure docker in the instance to use that storage volume?
<lordievader> I'll just compare it to our lxc setup. Each lxc container has its own logical volume.
<bekks> eatingthenight: I'm not using partitions for a decade now, I am using LVM.
<bekks> And I am using setups not requiring insanely large / volumes.
<eatingthenight> is it common to setup the root mount as 'none on / type tmpfs'
<bekks> Depends on the setup.
<eatingthenight> hmm guess i'm really not sure how mounting with a virtual filesystem all works
<eatingthenight> i'll have to read up
<disposable> eatingthenight: look up overlayfs and have a look here - http://askubuntu.com/questions/109413/how-do-i-use-overlayfs
<bekks> eatingthenight: Maybe you should investigate the entire setup of your production servers before changing it.
<eatingthenight> bekks: i mean i am i haven't changed everything yet. but we have virtual 0 docs on the setup
<lordievader> Investigate why things are set up the way they are.
<disposable> bekks: also, what bekks said. (i've personally never had more than 4GB for /)
<eatingthenight> i read all the provided ones already
<bekks> eatingthenight: Well, then you have to investigate how things are setup.
<bekks> eatingthenight: Forget the docs of your admin, grab a ssh shell and start investigating things.
<sexywoodenspoon> Afternoon all! Postfix question here- Looking for a way to log all email addresses that have received an email. At the moment I've got a small postfix server with forwarding set up (no mailboxes). Got a wildcard set up to forward all mail to one address for a domain and it'd be really cool if I could log those email addresses that receive an email to a file... if that's possible. Anyone got any id
<sexywoodenspoon> eas?
<mrbrdo> hey guys. I have a /64 block of IPv6s and want to bind all of them to my ubuntu server. I only found instructions on how to add specific IPs but not how to add the whole range. Since these are billions of IPs, is there a way to add the whole range instead of individual IPs? Could someone point me in the right direction?
<JuanDaugherty> https://answers.launchpad.net/ubuntu/+source/apache2/+question/259165 anybody know how to deal with that?
<JuanDaugherty> (aside from the obvious: build the module myself and adjust the config manually)
<JuanDaugherty> wow it looks like there's nothing ubuntu for building apache modules
<JuanDaugherty> just a branded apache-dev with nuthin to go with it
<maxb> JuanDaugherty: I was curious, so I looked around. Looks like imagemap was demoted from the 'most' set to the 'never build unless explicitly requested' set during 2.3 development
<JuanDaugherty> does ubuntu have anything specific to it for building apache modules?
<JuanDaugherty> (ie. specific to ubuntu)
<maxb> Seems unlikely, the Ubuntu packages aren't modified much compared to Debian
<JuanDaugherty> what one expects is that apache2-dev would be coordinated with the apache usage in the distro
<JuanDaugherty> acknowledged
<maxb> I don't understand what you mean about 'coordinated'. There is an apache2-dev package and it contains apxs, so..... what?
<JuanDaugherty> ok, it's been a few years since I build apache modules
<JuanDaugherty> coordinated basically means documentation and fitting the thing within ubuntus offerings
<JuanDaugherty> *ubuntu's
<JuanDaugherty> *built
<quantic> JuanDaugherty: the apache2-dev package contains the dev headers and apxs2 binary. Also has the debhelper stuff. What else are you expecting to be there?
<JuanDaugherty> well I'm familiar with the apache build env
<JuanDaugherty> if the concept of ubuntu coordination with the pkgs it redistributes is too much, peccavi
<JuanDaugherty> and nvm
<quantic> JuanDaugherty: The problem isn't necessarily the concept, it's how you're communicating it.
<JuanDaugherty> ah, good
<quantic> JuanDaugherty: But hey, if you want to be snarky instead of explain, that's your right, of course.
<JuanDaugherty> well conceptual clarity is paramount
<JuanDaugherty> clarity/cogency
<maxb> I really have no idea what you are wanting right now, you seem to have veered off into a deeply abstract discussion
<JuanDaugherty> no worries
<quantic> Â¯\_(ã)_/Â¯
<JuanDaugherty> but here's another way of putting it
<JuanDaugherty> should I on the base of my knowledge of apache internals and by virtue of having installed the appropriate pkgs in synaptic
<JuanDaugherty> be able to get the source for the module, move it into a file structure of the pkg(s) or find that it was included with one
<JuanDaugherty> and then build and move the move the module to the working config on the same machine in a straightforward way?
<JuanDaugherty> s/move the//
<JuanDaugherty> alternatively
<maxb> If you happened to be an expert in the use of apxs, you could probably manage it
<maxb> Otherwise, probably not
<JuanDaugherty> is there any documentation for the use of the apache2-dev module or for building apache modules which ubuntu isn't distributing?
<JuanDaugherty> so as I say clarity and cogency of concepts is paramount
<JuanDaugherty> the other is that emotional intelligence bullshit
<maxb> You've gone back to abstract-meaningless land
<JuanDaugherty> as part of my survey may I ask if you are a native speaker of English?
<maxb> As for documentation, you're working with an area of complexity where you'd want to look at Apache httpd upstream documentation rather than Ubuntu/Debian stuff, I think
<maxb> I am a native speaker of English
<JuanDaugherty> or if you are in the right end of the political spectrum in whatever country you're from?
<maxb> I am the kind who mostly ignores politics entirely
<JuanDaugherty> you vote tory?
<JuanDaugherty> or not at all?
 * JuanDaugherty checks UK turnout rates.
<JuanDaugherty> about same as here (US)
<JuanDaugherty> so that's the crisis of democracy
<JuanDaugherty> 65% turnout with the winner seldom getting more than 50% of that
<JuanDaugherty> which would be OK if people were satisified and that's why they didn't bother to vote
<MACscr> is it just me or do none of the current NFS server/client tutorials for Ubuntu have detailed iptables info? Most of the tutorials that i have found that include that info are for rhel/centos and obviously some of the settings paths are different where some of those ports are set
<JuanDaugherty> ha looks like the same thing can be done with cgi
<JuanDaugherty> and forgot about client side
#ubuntu-server 2015-11-29
<Sprocks> does anyone know how i would go about connecting my Ubuntu server to a PPTP server?
<Sprocks> does anyone know how i would go about connecting my Ubuntu server to a PPTP server?
<eahmedshendy> Hi I have this in my auth.log (Ubuntu 14.04): http://paste.ubuntu.com/13556599/
<eahmedshendy> Is that something to be afraid of ?
<eahmedshendy> Or what does is mean, I am new in Linux administration, and I just search for something weired
<Seveas> eahmedshendy: the POSSIBLE BREAK-IN ATTEMPT is just a ridiculous message you can ignore
<eahmedshendy> Seveas: OK :)
<Seveas> th rest of the message means that your ISP (assuming it's your ip address in that message) has misconfigured their DNS.
<Seveas> openssh likes to whine about that while in reality many ISPs make mistakes there.
<profall> Hello
<profall> I get a new server and open up /etc/network/interfaces to add my new static IPs just like I have done a thousand times before and.....
<profall> the primary network interface goes like...
<profall> auto p1p2
<profall> iface p1p2 inet static
<profall> That is the main IP already configured, and I tried auto eth0 down below with a new IP and all of that and it did not work. How do I add new static IPs
<profall> http://pastebin.com/71n0Rhfh
<profall> Nevermind, fixed.
<lordievader> profall: You are running 15.10?
<Ricky_Rat5005>  I have googled the 'snot' out this. I am trying to install tftp server on Ubuntu 14. I am following this guide: http://askubuntu.com/questions/201505/how-do-i-install-and-run-a-tftp-server but when I do an apt-get install xinetd tftpd tftp it gets to setting up xinetd and just hangs.
<X-Rob> Ricky_Rat5005: setting up xinetd hanging is usually a DNS issue
<X-Rob> make sure you can 'ping google.com'
<X-Rob> you may need to wait, too
<X-Rob> so try 'apt-get install xinetd' and wait for a while
<Ricky_Rat5005> ping google.com works fine.
<X-Rob> Odd. I'm 100% sure that it works-for-me. Which isn't much of an answer, I know.
<Ricky_Rat5005> Should I ctrl-c and try the apt-get install xinetd then? It's been over 15 minutes installing so far with no change
<X-Rob> Yes, just xinetd
<X-Rob> you should also try rebooting first
<X-Rob> something may be half started and be blocking
<Ricky_Rat5005> X-Rob rebooting now.
<X-Rob> I realise that's not a unix-y thing to do, but you're obviously still in setup 8)
<Ricky_Rat5005> X-Rob LOL... whatever works!
<Ricky_Rat5005> says dpkg interrupted, run dpkg --configure -a (which I am doing now)
<Ricky_Rat5005> now it's setting up xnetd.... I'll wait... how long is 'normal'? (I know varies with server speed, but just a ballpark)
<drmessano> There was probably something hung before you started these installs
<drmessano> Which wouldn't clear until dpkg --configure a
<drmessano> So anything after that would install, but hang
<Ricky_Rat5005> ok, I'll let it run. About how long would you say (generally)
<drmessano> Are you seeing any output on the console?
<Ricky_Rat5005> drmessano nope
<X-Rob> Ricky_Rat5005: On my ubuntu 14 machine, a small package like xinetd shouldn't take more than 30 secs or so to install
<X-Rob> however, drmessano there is more knowledgeable about this stuff than I am.
<Ricky_Rat5005> X-Rob yeah, with most things it's pretty instant, but for some reason it doesn't like this.
<X-Rob> drmessano: is there a debug on dpkg so you can see what it's hanging on? I'm guessing there's something in the install script that is doing something unexpected
<drmessano> Which package did you last install?  Which Ubuntu release is this?
<drmessano> X-Rob: there is a dpkg log.
<drmessano> Really need to debug the process that's hanging.. Standard log files would apply
<Ricky_Rat5005> drmessano not sure which was b4 this one / 14.04
<Ricky_Rat5005> drmessano what do I need to pastebin to help?
<drmessano> Try a Ctrl-C
<drmessano> Just curious if the script is just hung
<Ricky_Rat5005> ok, I am back at cli
<drmessano> so run that dpkg command again
<Ricky_Rat5005> going back to setting up xinetd
<Ricky_Rat5005> still stuck
<drmessano> Did you run that command again?
<drmessano> Before
<Ricky_Rat5005> yes
<drmessano> and it ran fine?
<Ricky_Rat5005> yes...
<Ricky_Rat5005> just ran again and I think it worked this time.
<Ricky_Rat5005> stby
<drmessano> Ok.. so that tells me your system state is fine.. Something with this install
<Ricky_Rat5005> xinetd start/running, process 3441
<drmessano> Thats promising
<Ricky_Rat5005> drmessano yes. now to test tftp...
<Ricky_Rat5005> something still isn't right. /etc/init.d/xinetd staus returns * is not running
<Ricky_Rat5005> one sec...
<bekks> Ricky_Rat5005: Try starting it manually, in a terminal.
<bekks> Ricky_Rat5005: Without using /etc/init.d/xinetd
<Ricky_Rat5005> service xinetd start says start/running process xxxxx  so looks like that part is working, however when i try tftp 10.0.0.20 and then get test (a file I placed in /tftpboot) it times out.
<bekks> Use the xinetd binary, not the service facility.
<Ricky_Rat5005> bekks not sure what you mean by that.
<bekks> Do not use /etc/init.d/xinetd or service xinetd, but use the xinetd binary itself for starting/stopping.
<bekks> So you can check wether you have syntax errors in your config files, etc.
<Ricky_Rat5005> bekks what is the command for that please?
<bekks> xinetd
<Ricky_Rat5005> xinetd returns nothing
<bekks> Then look at the startup script in /etc/init.d/xinetd to see which parameters are needed.
<Ricky_Rat5005> bekks not sure what I am looking for in that file.
<bekks> The parameters passed to the xinetd binary.
<Ricky_Rat5005> bekks I am a linux newbie... Still not following. I need the 'for dummies' version of that please.
<bekks> That was the "for dummies" version...
<bekks> In the /etc/init.d/xinetd file, the xinetd binary is called with some parameters.
<Ricky_Rat5005> bekks well that's an ego boost... Is this what you are asking: "Usage: /etc/init.d/xinetd {start|stop|reload|force-reload|restart|status}"
<bekks> Ricky_Rat5005: No.
<Ricky_Rat5005> would a pastebin of the file help?
<bekks> No. It is your job to find the parameters passed to the xinetd binary.
<Ricky_Rat5005> bekks ok, I am trying to provide the correct info...
<RoyK> Ricky_Rat5005: http://bfy.tw/31xv
<Ricky_Rat5005> RoyK Not helpful sir. I am trying. I have googled this.
<Ricky_Rat5005> I am not lazy, just new
<RoyK> Ricky_Rat5005: atftpd is far better than the old one, and runs as a daemon
<RoyK> (x)inetd is decades old - better use something better
<X-Rob> Ricky_Rat5005: 'ps auxw | grep inetd'
<X-Rob> is there an xinetd running?
<X-Rob> if not, ps auxw | grep xxxxx , but replace xxxx with whatever process number you had earlier
<RoyK> X-Rob: pidof inetd, perhaps
<RoyK> still, I'd recommend using atftpd
<X-Rob> Probably, if that's available on 14.04?
<RoyK> it is
<RoyK> it's old, but still far more updated than the old inetd-based inetd
 * RoyK only uses (x)inetd at gunpoint
<X-Rob> RoyK: the background you don't know is that this is a PBX In A Flash install. This is a pile of shellscripts that installs huge amounts of crap for no real reason (eg: iscsi terminator. On a PBX. WTF). It's quite possible that something NEEDS xinetd and has broken it as part of the install.
<RoyK> X-Rob: termiantor? or was that target? or initiator?
<X-Rob> The guy who writes it doesn't accept bug reports, and bans you if you try to submit them. I'm not joking.
 * RoyK has never heard of an iscsi terminaltor and wonders if it's made of liquid metal or not
<bekks> X-Rob: So is that stuff running on some Ubuntu?
<Ricky_Rat5005> ok, atftpd installed now. X-Rob will it work with freepbx?
<drmessano> bekks: unfortunately
<drmessano> bekks: we've repeatedly sent him nasty tweets asking him to not allow his crap code to install on Ubuntu or even Debian, and he refuses
<drmessano> I told him "Slackware works for everyone"
<drmessano> But nooooo
<drmessano> Ricky_Rat5005: FreePBX doesn't care what tftd is running.. Nor does anything else
<Ricky_Rat5005> drmessano ok.
<Ricky_Rat5005> drmessano is configure same?
<drmessano> Ricky_Rat5005: it's tftpd.  You install, put files there, it serves them
<drmessano> What is there really to configure?
<Ricky_Rat5005> drmessano in OSS Endpoint I now get "local tftp server is not correctly configured"
<drmessano> Do you have the permissions correct?
<Ricky_Rat5005> drmessano probably not!
<drmessano> So go look
<Ricky_Rat5005> drmessano A little help on that step please (or a lot of help)
<Ricky_Rat5005> I have apt-get install atftpd but there isn't much I can find to go to the next step...permissons, config, test... doesn't seem like it's the same as tftpd.
<bekks> Ricky_Rat5005: its totally the same - do you know what TFTP is used for?
<Ricky_Rat5005> bekks yes
<drmessano> a TFTPd is a TFTPd
<drmessano> They all do the same thing
<bekks> Ricky_Rat5005: So you know that aftftpd does the same thing as tftpd.
<drmessano> Check the permissions on the folder
<Ricky_Rat5005> the tftpboot folder?
 * drmessano hates windows terms
<drmessano> Yes
<drmessano> Check the config in EPM.. make sure it's looking for the same location
<drmessano> ./tftpboot != /var/lib/tftpboot
<drmessano> So make sure that's not your issue
<Ricky_Rat5005> Yes it's looking for /tftpboot/ in EPM
<X-Rob> Ricky_Rat5005: there's a command line tftp client. You want to test with that first. Make sur eyou get a file not found error
<drmessano> You need to fix that.. that's some Wart crap
<drmessano> Point EPM to /var/lib/tftpboot
<RoyK> Ricky_Rat5005: the tftp dir is configurable
<RoyK> Ricky_Rat5005: don't use something on the root
<Ricky_Rat5005> ok, /var/lib/tftpboot doesn't even exist, creating it now
<Ricky_Rat5005> I did chmod -R 777 /var/lib/tftpboot/ and chown -R nobody /var/lib/tftpboot/ OSS still says local tftp server not configured correctly
<Ricky_Rat5005> and it is set to that dir in EPM
<Ricky_Rat5005> tftp 10.0.0.20 though says /usr/bin/tftp No such file or dir.
<bekks> So is there a binary named like that?
<drmessano> tftpd is not ftp
<drmessano> Try to grab a file
<X-Rob> Ricky_Rat5005: apt-get install tftp
<X-Rob> or tftp-client or whatever it's called
<X-Rob> you can use apt-cache search tftp
<Ricky_Rat5005> So I need that in additon to atftpd or instead of?
<drmessano> You need a CLIENT to test
<drmessano> You dont have a CLIENT
<drmessano> You have a SERVER
<Ricky_Rat5005> ok, so I have tftp installed now. I tftp 10.0.0.20 (my server ip). I have a file called test in the /var/lib/tftp boot dir, but when I get test it says file not found
<Ricky_Rat5005> correction /var/lib/tftpboot dir
<drmessano> Verify atftpd is looking there
<drmessano> Check the config
<Ricky_Rat5005> ok, where does atftpd config file live?
<drmessano> Where would you think it resided?
<drmessano> Try /etc.. Look for it
<Ricky_Rat5005> I am asking as I did look there.
<drmessano> http://www.ubuntugeek.com/howto-setup-advanced-tftp-server-in-ubuntu.html
<Ricky_Rat5005> looks like it want's to use /tftpboot, but I am being told here to use /var/lib/tftpboot
<drmessano> What does?  the config?
<drmessano> the config file on your system?
<drmessano> Be specific.. "it" doesn't tell me anything
<Ricky_Rat5005> sorry the link you sent says to create /tftpboot (from root) so I am assuming that is the default. The link says nothing (that I can see) about changing that.
<drmessano> Ricky_Rat5005: ???
<drmessano> NO
<drmessano> NO
<drmessano> NO
<drmessano> I didnt send you the guide so you can change everything around
<drmessano> It shows you the key locations and permissions
<drmessano> Go check YOUR Config file
<Ricky_Rat5005> previously in this chat I was told not to use /tftpboot
<drmessano> YOU WERE
<drmessano> Go check YOUR Config file
<Ricky_Rat5005> is that /etc/default/atftpd ?
<drmessano> Right there in the guide
<drmessano> 10 mins to check your config for a path.. come on
<Ricky_Rat5005> this is the config file. I assume I need to change /srv/tftp to /var/lib/tftpboot is that right? http://pastebin.com/ZVTnLAru
<bekks> Or you keep using /srv/tftp and configure the content in ther.
<bekks> *there
<Ricky_Rat5005> ok
<Ricky_Rat5005> ok, for simplicity I set it up exactly as the link suggests. /tftpboot I have the test file in /tftpboot Here is the config file http://pastebin.com/1eYbAzSP I am doing tftp 10.0.0.20 and then get test I still get file not found.
<bekks> And you are sure you started atftpd?
<bekks> ps -ef | grep atftpd
<Ricky_Rat5005> root      9130  2226  0 15:21 pts/0    00:00:00 grep --color=auto atftpd
<bekks> Its not running...
<Ricky_Rat5005> bekks hmm, well that sucks... I have tried the start commands in the link.
<bekks> In which link?
<bekks> How about just starting ther service?
<Ricky_Rat5005> http://www.ubuntugeek.com/howto-setup-advanced-tftp-server-in-ubuntu.html
<Ricky_Rat5005> root@pbx:/etc/default# service atftpd start
<Ricky_Rat5005> Starting Advanced TFTP server: atftpd.
<bekks> So check wether it is started.
<Ricky_Rat5005> same thing:
<Ricky_Rat5005> root@pbx:/etc/default# ps -ef | grep atftpd
<Ricky_Rat5005> root      9455  2226  0 15:33 pts/0    00:00:00 grep --color=auto atftpd
<bekks> So look at the init script and see how atftpd is started, then start it manually.
<bekks> Again, you need to get the parameters from the init script.
<drmessano> ps -ef | grep tftp
<drmessano> Probably has 3 or 4 tftpds running now lol
<drmessano> Well not running, installed
<Ricky_Rat5005>  ps -ef | grep tftp
<Ricky_Rat5005> root      9504  2226  0 15:37 pts/0    00:00:00 grep --color=auto tftp
<bekks> I'm wondering about what the big picture is - a PBX with tftp?
<drmessano> Yes
<bekks> What for? :)
<Ricky_Rat5005> bekks yes, exactly
<Ricky_Rat5005> phone provisionoing
<Ricky_Rat5005> *provisioning*
<bekks> ah, I see.
<drmessano> Need it to configure the phones
<drmessano> Is the path correct?
<Ricky_Rat5005> this is the path http://pastebin.com/1eYbAzSP
<bekks> Thats a config file, not a path.
<drmessano> Thats not /var/lib/tftpboot in the config
<drmessano> Not sure if you noticed
<drmessano> But /tftpboot != /var/lib/tftpboot
<bekks> drmessano: Well, basically he can use /tftpboot as well, but he has to use a consistent configuration :)
<drmessano> I get that
<drmessano> Trying to set this up once, and in a way that can be easily supported
<drmessano> Because who knows what else is hosed on this box already
<Ricky_Rat5005> dr nothing, fresh install
<Ricky_Rat5005> I am just following this: http://www.ubuntugeek.com/howto-setup-advanced-tftp-server-in-ubuntu.html
<drmessano> ok
<Ricky_Rat5005> so I'm just trying to use the /tftpboot path
<bekks> Ricky_Rat5005: So did you start atfftpd manually, as I told you?
<drmessano> Well sounds like you go it handled
<Ricky_Rat5005> drmessano is that sarcastic? I'm trying.
<Ricky_Rat5005> bekks how do I find the parameters from the init script so i can be sure?
<bekks> Ricky_Rat5005: I told you multiple times.
<bekks> Ricky_Rat5005: you need to read and understand the start script, and you need to look at the config file.
<Ricky_Rat5005> bekks I posted the config file... I don't see what I am missing in there.
<bekks> Ricky_Rat5005: No one said you are missing things in there.
<Ricky_Rat5005> missing seeing
<drmessano> Unless you buy a phone that pulls config from Pastebin.com, you need to start doing what you're being asked
<bekks> Ricky_Rat5005: but in the config file, there are a few parameters already. now look at the start script, get all additional parameters if there are any, and start the service manually.
<Ricky_Rat5005> drmessano dude, I am trying
<bekks> drmessano: Or hire someone who does.
<drmessano> That too
<drmessano> bekks: there is nothing he needs here more than a simple working tftpd install.  When tftpd is working, if ever, there's a web based manager that generates the config files for the phones.  It simply needs to point to the valid tftpd directory and it spits the files there
<drmessano> if you want the "Whole picture"
<drmessano> So nothing fancy or custom or anything other than a 2 minute tftpd install
<bekks> ah ok.
<drmessano> Which I guess is more like 2 hours now
<drmessano> I've never had actual problems doing this on Ubuntu.  It's documented ad nauseum and generally just works out of the box
<bekks> Indeed.
<Ricky_Rat5005> Look guys, i appreciate your help, I am trying, and I am trying to follow what you are saying.
<drmessano> tftpd is every other file transfer protocols little broken that was dropped on its head when it was a baby and just sits around all day eating apples.  There's really nothing to it
<drmessano> little brother*
<Ricky_Rat5005> ok, so how come it's not working?
<bekks> Ricky_Rat5005: Did you do what I told you to do?
<bekks> If no, do it.
<bekks> If yes, whats the outcome?
<quantic> wtf, we're still fighting with a tftp server?
<Ricky_Rat5005> bekks I don't know what the parameters are. I have looked at the config file. I am not understanding what you are telling me to do.
<bekks> Ricky_Rat5005: So what do you think "OPTIONS" are from line 3: http://pastebin.com/1eYbAzSP ?
<bekks> quantic: yes.
<Ricky_Rat5005> I see those, but not sure how to apply them into a cli to get it to start like you are asking. I have tried service atftpd (inserted those options) start
<bekks> service atftpd is what I told you to NOT use.
<bekks> look at the init script on how atftpd is actually started.
<bekks> Then, insert all options, and start it, using the full path to the atftpd binary. NOT using servic whatever.
<Ricky_Rat5005> ok, like this then? /etc/init.d/atftpd start --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /tftpboot
<bekks> No.
<bekks> /etc/init.d/atftpd is the INITSCRIPT. It is NOT the BINARY.
 * quantic facepalm.
<Ricky_Rat5005> I guess I don't understand why there are help channels if people are upset when others ask for help.
<bekks> Well, we are telling you the same things for hourse now - and you arent even doing what you are told to do.
<bekks> Wouldnt you get upset when that happens to you?
<Ricky_Rat5005> show me where you told me how to run the binary...and I will do it.
<quantic> Ricky_Rat5005: for one, we absolutely HATE writing walkthroughs. there are tons online already, and configuring a tftp server is seriously basic.
<bekks> I told you a gazillion of times.
<bekks> Ricky_Rat5005: that proves that you dont even try to understand what people tell you.
<bekks> I am out of that issue now. Good luck.
<Ricky_Rat5005> bekks no sir I am trying, but if you don't want to help, I appreicate your time in trying.
<bekks> Ricky_Rat5005: I dont want to repeat myself a million times.
<bekks> Ricky_Rat5005: I told you everything you need to know on how to start that thing manually.
<bekks> For two different tftpd servers, already.
<bekks> Dont blame me for your laziness of doing what you are told to.
<Ricky_Rat5005> bekks Name calling isn't helpful. I am not lazy. I am trying.
<bekks> Then why didnt you try tp look at the init script, as I told you often enough?
<quantic> Ricky_Rat5005: I think the frustration comes in that you're trying to have people help you set something up when you're not even competent with the OS on an administrative level.
<bekks> Instead you are trying to discuss why people dont spoonfeed you.
<Ricky_Rat5005> quantic I am learning.
<Ricky_Rat5005> bekks I am trying dude. Sorry you are feeling frustrated.
<quantic> Ricky_Rat5005: Never said you weren't, but you need to learn the platform before trying to deploy something on it.
<Ricky_Rat5005> Lookup the init script means nothing to me w/o knowing how to look up the script.
<drmessano> I'm a jerk about insisting on core OS competency when I help someone.  I make no apologies for it. If you can't find and grep and cat and some of the other basics, there's no hope.  Also, being able to take a suggestion and run with it shows troubleshooting competency.  Asking over and over "how do I do that?" always means "paste what I need to type".
<drmessano> Nobody has time to do something FOR someone else. That's not helping.
<bekks> Ricky_Rat5005: Then why on earth dont you just ASK whats the initscript?
<drmessano> Ricky_Rat5005: "find" "locate"
<drmessano> Google
<bekks> Hours ago I told you to look at the initscript - and NOW you come up with "I dont know what that is"?
<Ricky_Rat5005> bekks what is the initscript please?
<bekks> I told you.
<bekks>  /etc/init.d/atftpd
<quantic> Ricky_Rat5005: Honestly, I think you've hit the limit of what you're going to get here. You need to become competent with Linux basics and Ubuntu server admin before you go further.
#ubuntu-server 2016-11-28
<drab> hi, I'm trying to preseed ubuntu on a raid1 and the preseed worked except that / and swap got flipped, so I got a huge swap and very small root partition
<drab> anybody seen that before? this is the relevant preseed snippet: https://paste.ubuntu.com/23546912/
<drab> whcih seems about correct to me, shuold give me a swap no bigger than 2GB and a / of everything else (-1 max size)
<drab> a similar ex[ert recipe works just fine with non raid setup
<mozart1893> HELLO CAN ANYONE HELP ME THROUGH ON ADDING A NEW NETWORK INTERFACE TO A UBUNTU SERVER 16.04 WITH ens33
<jamespage> coreycb, ddellav, zul: lescina was backed up on storage - freed up some space
<jamespage> the local apt repository had a morgue directory with the full history of deb updates in it...
<tomreyn> mozart1893: no need fopr caps lock. are you still looking for assistence? if so, please describe the issue you're facing in more detail.
<Roshan> I have install plain Linode server with apache and now want install my own mail server and need your help to do this.
<tomreyn> use postfix or exim, read their manuals / getting started guides first of all.
<tomreyn> poistfix has a pretty good manual / starting guide.
<tomreyn> mailservers are a complex matter, be prepared to spend a lot of time.
<tomreyn> ... or have someome else do it for you.
<Roshan> tomreyn, I want to do it on Linode server
<rbasak> cpaelzer: I looked at bug 1644595 but couldn't find the claimed violation. I commented.
<ubottu> bug 1644595 in krb5 (Ubuntu) "krb5-1.13.2+dfsg-5 source contains source subject to the aladdin license" [High,Incomplete] https://launchpad.net/bugs/1644595
<OerHeks> https://www.linode.com/docs/email/running-a-mail-server
<rbasak> Oh, I see what's going on.
<cpaelzer> rbasak: I found the file itself, but I'll read the bug - thanks for looking at it
<rbasak> cpaelzer: no, my mistake.
<rbasak> I'll comment with a correction.
<cpaelzer> rbasak: ah ok
<cpaelzer> rbasak: you might - as I did first - have stumbled over Al[l]adins number of "l" chars
<rbasak> It looks like it's typod in the boilerplate.
<rbasak> cpaelzer: so this should be reported to Debian as a policy violation. I can do that, or would you prefer to?
<cpaelzer> rbasak: If that is the way to go I can do that
<cpaelzer> rbasak: I was just a bit out of my comfort zone, that is why I pulled you in
<rbasak> cpaelzer: OK. Make it "Severity: serious" as it's a "severe violation of Debian policy".
<rbasak> I checked and it applies to current sid, too.
<jurislav> anyone thinks ZFS as a production fs is a bad idea..?
<zul> coreycb/ddellav/jamesage:The way that neutron loads its plugins have changed in ocata so im going through the neutron plugins in universe and make sure they are kosher
<coreycb> zul, got a pointer?
<zul> coreycb: yep
<zul> coreycb:gimme a sec
<zul> coreycb: for ex https://github.com/openstack/neutron-lbaas/commit/00568ab38e5e057aec9fd0231bf8fa3101e4ceac
<coreycb> zul, ok that's lbaas plugins. does that change how how plugins are configured?
<zul> coreycb:i dont think so because i was able to run the smoketests against ocata without a problem
<coreycb> zul, ok i'm still poking at horizon
<zul> coreycb: ok cool...
<zul> coreycb: i didnt upload horizon last week because i wanted to be double sure now im glad i didnt
<coreycb> zul, thanks
<zul> coreycb: ill be in plugin hell
<samba35> please correct me if i am using ethernet   pci passthrought in guest  ,is that is full virtualization ?
<ppetraki> samba35, nope, it's bare metal, that device cannot be shared with anyone else
<samba35> ok
<ppetraki> samba35, you typically use PCI passthrough only when speed, or some specific functionality is desired. Like giving a storage controller to a VM functioning as a virtual storage appliance is a good example.
<ppetraki> samba35, it's also helpful for hacking kernel drivers in VM, it won't crash your main system
<samba35> ok
<samba35> thanks
<ppetraki> you're welcome
<samba35> i am confused with full and para virtualization
<ppetraki> it is confusing :)
<samba35> do you have better way to explain to lay man :)
<ppetraki> In a nutshell: full virtualization is when you completely emulate a device, which can be expensive as the driver is doing "lots of stuff" as if it was still talking to the firmware on that device... but that device isn't there, the software just presents a device that quacks like it.
<samba35> Thanks
<ppetraki> para virtualization: is when you create a new class of device that  performs the intended function e.g. network, storage. But actually knows it's in a virtual environment. So there's alot less overhead, which makes it faster, but also makes that VM's performanced biased towards that platform
<ppetraki> virtio drivers are considered para-virtual
<samba35> okk
<ppetraki> pci passthrough is zero-virtualization, well everything else is virtualized but that device is not. So you get all the benfits of a VM... except the ability to move it, because the destination must have the same physical device available
<samba35> can you please explain what do u mean by " completely emulate a device"
<ppetraki> pick any device that shows up in lspci on your physical hardware, the VM presents a device that responds exactly as if the hardware was really there, down to touching it's registers
<ppetraki> as a result, there are only a handful of fully virtualized devices available.
<ppetraki> I can't even name one
<samba35> i bought 1 motherboard to test  pci-passthrouth with core2 quad cpu @40 us $
<ppetraki> does it have intel vt-d?
<samba35> yes
<ppetraki> then you're good, that supports "modern pci passthrough" you can attach and detach a device to a VM as much as you want.
<samba35> can i do pco-passthrought without vt-d ?
<ppetraki> you can... but you have to plan it. You literally have to tell the system kernel "don't touch this device", that's how Xen did it
<ppetraki> no one does it that way anymore, if they can help it
<samba35> ic
<samba35> this info was new to me i never ever use xen
<ppetraki> most people don't need to deal with pci passthrough, virtio is plenty fast
<samba35> Thank you !
<ppetraki> :)
<ppetraki> yw
<ppetraki> have fun
<samba35> i do use virtio with nic but what is best way to get gpu in guest ?
<samba35> i have install palo alto networks firewall on ubuntu 12.04 as a 1st guest and again ubuntu as a 2nd guest as a dmz but i am not able to do some tasks
<ppetraki> samba35, gpu as in cuda or brook gpu? or do you just want 3d accell?
<samba35> as i am new to palo alto networks firewall
<samba35> 3d accell?
<samba35> 3 d accelerator ?
<ppetraki> samba35, virtio-gpu and connect to it with spice
<samba35> please correct me to use spice do i require special hardware ?
<ppetraki> nope, it's just a viewer protocol
<samba35> ic
<ppetraki> the docs could be better: http://askubuntu.com/questions/250981/how-do-i-configure-spice-with-kvm
<samba35> Thanks
<ppetraki> follow the instructions for adding the virtio-gpu in virt-manager, then apt install spice-client-gtk python-spice-client-gtk
<ppetraki> I'm surprised I can't find a native wiki on it...
<coreycb> jamespage, we're getting some xenial-ocata backport failures for packages that need debhelper  > 10.  but prior to those we had some that backported successfully and i think they were picking up debhelper 10.2.2 from xenial-backports.
<jamespage> coreycb, hmm
<coreycb> jamespage, does that make any sense?  could something have changed?
<jamespage> coreycb, unlikely - backports is not enabled by default in either our build schroots or the ppa's
<samba35> will give try later today
<coreycb> jamespage, ok.  i did have debhelper 10.2.2 backported the the ocata uca for a bit until i realized it was in xenial-backports, and it seemed to be causing problems.  maybe it's deb was lingering around after i deleted it.
<jamespage> coreycb, that might be possible
<ddellav> zul thanks for the heads up on the neutron plugins
<zul> ddellav: yep
<coreycb> jamespage, i think i'll try to backport it again after we test/promote b1
<jamespage> coreycb, ack
<coreycb> zul, horizon's uploaded.  i have a charm change to go along with it.
<coreycb> ddellav, ^
<zul> coreycb: sweet
<ddellav> coreycb excellent
<coreycb> zul, ddellav: do you have anything else outstanding for b1?
<ddellav> coreycb according to the list, just the debian syncs are remaining as far as i can tell
<zul> coreycb: we should be good to go...i was able to run a smoketest against the ci ppa
<coreycb> ddellav, ok yeah
<coreycb> zul, awesome, how many failures?
<zul> coreycb:we might as well upload newer versions of those "syncs"
<zul> a couple but those tests were not confgiured properly
<rbasak> powersj: based on your comment in bug 1643245, I think that should be Fix Released?
<ubottu> bug 1643245 in sssd (Ubuntu) "Fix related to skip invalid certificates" [High,Fix committed] https://launchpad.net/bugs/1643245
<powersj> rbasak: I only moved it to fix committed since zesty isn't released.
<powersj> Should I have done something different?
<rbasak> powersj: we still treat it as Fix Released if it's in the zesty (ie. development) release pocket.
<powersj> ok
<powersj> then yes please, go ahead and change it to released. Thank you!
<rbasak> powersj: done, thanks. Consider it this way: if you uploaded a fix to Zesty with a bug reference, that would automatically change to Fix Released as soon as the package hit the zesty release pocket.
<rbasak> I appreciate that's a little unintuitive from a wider Ubuntu perspective.
<powersj> rbasak: ah ok, that makes it clearer to me
<coreycb> jamespage, zul, ddellav: xenial-ocata-staging looks good - http://paste.ubuntu.com/23550029/
<coreycb> can't test zesty until some zesty charm updates land
<zul> coreycb: yeah waiting for them to land
<zul> coreycb: i think thats what i got as a result as well
<coreycb> zul, ok also there are 2 charm updates to land.  beisner is picking up the swift charm-helper update to enable 2.11.0 in the zesty syncs, and there's a PR for horizon static files
<zul> coreycb: you mean this one? https://code.launchpad.net/~zulcss/charm-helpers/swift-ocata/+merge/311743
<coreycb> zul, yup. sorry didn't know you had that out there for review.
<zul> coreycb:no worries
<jamespage> coreycb, I'll shove that lot into proposed then
<coreycb> jamespage, thanks
<jamespage> zul, coreycb: we should look to get libvirt into the UCA as well
<jamespage> anyone looking at that?
<zul> jamespage: i can probably
<jamespage> zul, I see qemu already went back
<jamespage> libvirt is a natural partner for that
<jamespage> there are some nice features for migrations
<zul> jamespage: qemu wasnt me ;)
<jamespage> oh
<jamespage> who was that?
<coreycb> jamespage, not me
<jamespage> coreycb, zul: might have been me
<zul> jamespage: just did a quick check we dont have to backport libxen this time ;)
#ubuntu-server 2016-11-29
<rvinkovic> hello guys. I have a problem with mariadb on ubuntu server 16.04. It wont bind to specific adress it is binded to 127.0.0.1
<rvinkovic> hello guys. I have a problem with mariadb on ubuntu server 16.04. It wont bind to specific adress it is binded to 127.0.0.1
<sarnold> rvinkovic: can you pastebin anything non-private from the config? (I can't recall if there's anything private in there, just be sure to read it over before pastebinning)
<rvinkovic> some1 on #mariadb helped me, i comented all bind-address from conf files, restart mysql few times and nothing. after server restart now it work. -5h of work and i dont know why now it works
<jancoow_> Hi. When i try to update my ubuntu server i get the following error: https://jancokock.me/f/61ddf/
<jancoow_> how can i resolve this?
<jancoow_> I want to keep owncloud but it prevent me for updating my whole machine.
<sarnold> jancoow_: looks like they changed the key a few weeks ago https://github.com/owncloud/core/issues/26176
<sarnold> very annoyingly there's no way to verify that the new key is legitimate
<jancoow_> sarnold: i will try that, thanks
<jancoow_> sarnold: what do you mean with that?
<sarnold> jancoow_: normally when people do a key rotation they'll take some steps to distribute the new key to e.g. /etc/apt/trusted.d/ automatically, so that things keep working and you trust the new key if you trusted the old key; or they'll sign the key with their own developers' keys, so that you can check signatures, or sign the new key with the old key...
<jancoow_> okay so.. owncloud didn't do that?
<jancoow_> why didn't they?
<sarnold> but when I run gpg < Release.gpg I just get a bit of data about that key, no signatures. (I'm not _confident_ that it would show signatures, but I think it would if there were any...)
<jancoow_> are there any security risks now?
<sarnold> the fact that this bug has been open on github since september is slightly re-assuring. if you were being attacked with this thing, probably someone from owncloud would have said something on this bug report if it were 100% wrong..
<sarnold> jancoow_: btw, your url is 9.0 but the url in the bug report is 9.1 -- are you sure your version is still supported?
<sarnold> owncloud folks didn't want to support multiple versions, that's why they asked us to remove owncloud from the distribution
<jancoow_> sarnold: i've no clue. My owncloud installation is a mesh. It was a hard to isntall
<jancoow_> sarnold: and i've upgrade issues right now
<sarnold> jancoow_: just be sure to look into 9.0 vs 9.1 once you make apt happy again
<sarnold> jancoow_: oh, good news, you've got a few months: https://github.com/owncloud/core/wiki/Maintenance-and-Release-Schedule
<jancoow_> sarnold: mm.. I can upgrade owncloud through the webUI
<jancoow_> let's see if that works..
<jancoow_> first waiting until my backup is finished
<jancoow_> sarnold: yay upgrade finished
<jancoow_> it worked, thanks!
<sarnold> jancoow_: great :)
<jancoow_> another question, when i enable the docker service i get al ot of errors: https://jancokock.me/f/d6d00/
<jancoow_> it something with the new systemd but i cna't find a solution for it
<sarnold> jancoow_: eww
<sarnold> jancoow_: good news: https://github.com/docker/docker/issues/28781
<sarnold> looks like you can probably delete old docker upstart configs
<sarnold> or maybe old docker sysv scripts
<sarnold> or both?
<jancoow_> great!
<jancoow_> will try that
<jancoow_> sarnold: that + reinstall worked! great!
<jancoow_> it didn't regenerated the new config files
<sarnold> I'm glad it had an easy solution. it looked annoying. :)
<jancoow_> sarnold: yeah haha. Thanks for all your help!
<sarnold> jancoow_: have fun :)
<jancoow_> currently trying to setup gluu server ;p
<jancoow_> looks good
<jancoow_> any experience with that?
<macduff> sup sup... Maas install - able to login to the dash but does not display menu bar .. it did at first any thoughts?
<macduff> older box install 32bit (i386) was suprised the openstack/
<macduff> Maas install worked.. to be more specific the MAAS web ui works, I can loggin /intro/user and then the menu bar flickers as it connects but does not display any menu items
<kdo> Hi
<kdo> I was wondering if installation of ubuntu-server LTS versions work on RAID ? Because it seems to fail on grub-installer
<kdo> https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1315344 for example
<ubottu> Launchpad bug 1315344 in grub-installer (Ubuntu) "Grub install failed on disks with software RAID" [Undecided,Confirmed]
<kdo> I try to make an installation in RAID 6 and the ubuntu installer can't install grub
<cpaelzer> kdo: I think this is outdated - see https://help.ubuntu.com/community/Installation/SoftwareRAID
<cpaelzer> that should qualify for "from the installer"
<cpaelzer> thou I must admit if I've done it I did it via commands due to being used to them
<cpaelzer> kdo: you should be able to follow the howto in the link and if you encounter issues with it then please literally "bug us" with a bug report
<cpaelzer> kdo: also there is https://help.ubuntu.com/lts/serverguide/advanced-installation.html
<cpaelzer> less graphical but a bit more on the explaining side IMHO
<cpaelzer> kdo: not tested myself, but the doc lists that at least /boot has to be RAID 1
<cpaelzer> kdo: you said raid 6, that the bootloader can't read - maybe that is your issue?
<rbasak> nacc: if I try "usd import python-django", I get a push failure. It's telling me that the xenial-devel push would be a non-fast-forward
<SipriusPT> hello guys
<SipriusPT> i have updated my openssl through macports to see if i could substitute the older one that came by default
<SipriusPT> and it seems that i have done it
<SipriusPT> but i am not sure
<SipriusPT> can some one see this printscreen just to confirm that i have successfully made the upgrade?
<cpaelzer> kdo: I tested the linked documentation it works fine for me, I updated the LP bug about it
<kdo> cpaelzer: let me check thank you
<kdo> cpaelzer: http://www.hastebin.com/zolikuyuki.sql then I try grub-install /dev/sda. I reboot but grub is not installed
<cpaelzer> kdo: did the installer set it up this way for you (because that is what the referred bug was about) ?
<cpaelzer> kdo: when I check the same I see that my flags are different and that the online raids are seen by parted as well
<cpaelzer> kdo: http://paste.ubuntu.com/23552683/
<kdo> cpaelzer: I had to tweak it because the installer couldn't install grub
<cpaelzer> :-/ as I said for me the installer just did as it should
<kdo> :(
<kdo> I tried with LTS version 14.04 et 16.04 and the installer couldn't install grub
<cpaelzer> kdo: to understand your setup - that are 4x 4TB disks
<kdo> yes
<cpaelzer> kdo: part 3 on each is 3.9 TB for a raid 5 or 6
<cpaelzer> kdo: part 2 on each is ?
<cpaelzer> kdo: could you warp up your disk usage in a txt and link it - with some luck we find something
<cpaelzer> s/warp/wrap/
<kdo> cpaelzer: part 2 is / and part 3 is /home
<kdo> cpaelzer: http://www.hastebin.com/xitifizeye.md
<cpaelzer> kdo: should md128 become /boot then ?
<cpaelzer> which is sdc/sdd part 1
<cpaelzer> and then there is sda1 sda4 and sdb1 left to understand
<cpaelzer> I think the most important is where is /boot in your case
<kdo> cpaelzer: yes you are right
<cpaelzer> kdo: so if sdd1 sdc1 should become /boot it needs the boot flag (maybe more, but that for sure)
<cpaelzer> as you can see in my example I posted
<kdo> cpaelzer: so we need an explicit partition /boot, we can't use the one from / in raid setup ?
<cpaelzer> kdo: the contraint is more fine grained
<cpaelzer> kdo: /boot can only be raid1
<cpaelzer> kdo: so you can either all-raid1 or as I did in my example do a small raid1 for /boot and raid-X for the rest
<kdo> ok I understand thank you
<cpaelzer> https://help.ubuntu.com/community/Installation/SoftwareRAID
<cpaelzer> to quote "Warning: the /boot filesystem cannot use any softRAID level other than 1 with the stock Ubuntu bootloader. If you want to use some other RAID level for most things, you'll need to create separate partitions and make a RAID1 device for /boot. "
<luxpir> Just to double check in with some server folks... If I install php7.1 from ondrej/PPA, that will be installed alongside existing php5 install?
<luxpir> (from same PPA)
<zioproto> jamespage: are you around ?
<zioproto> Upgrading Horizon from liberty to mitaka on trusty I got stuck with the openstack-dashboard paackage
<zioproto> http://paste.openstack.org/show/590802/
<zul> coreycb: testing with newer libvirt...i dont expect any problems
<coreycb> zul, ok
<zioproto> coreycb: are you around ? I am having issues upgrading the package openstack-dashboard from liberty to mitaka in trusty. Looks like there is a django upgrade that is not trivial
<jgrimm> cpaelzer, are you leading irc meeting today?  You are still listed on agenda, but IIRC you led last week.
<pk2x3> Hello everyone.
<pk2x3> I have an Ubuntu server 12.04.2 LTS like a web frontal with  (Varnish+ModSecurity+Nginx) in front of it. I have other four fronttal with the same configuratios (hardware and software). One of they with peaks of very high Load Average. CPU normal, RAM normal, SWAP norma, threads normal, like the others.
<pk2x3> I think the Load Average is false because the web front has the same configuration than others.
<cpaelzer> jgrimm: I though nacc would do
<cpaelzer> jgrimm: forgot to update, so maybe I'm on as it is my fault then
<lordievader> pk2x3: High io wait can cause a high load but low CPU usage ;)
<pk2x3> Ok, how can i comprove it?
<lordievader> pk2x3: Comprove?
<pk2x3> check
<lordievader> pk2x3: You can see the iowait in many utilities. Top, htop, vmstat, etc
<jgrimm> cpaelzer, yeah, that's why i thought to poke, as he may not realize he is up
<coreycb> zioproto, that's not good.  what version of django are you at?
<cpaelzer> jgrimm: if he is not up its me then
<jgrimm> cpaelzer, thanks sir
<pk2x3> Ok, I will check it.
<pk2x3> Thank you.
<zioproto> coreycb: the jump is from 1.7.9 to 1.8.7
<coreycb> zioproto, right, just wanted to make sure you're at 1.8.7
<zioproto> South is now end of lifed in favour of the ânew migrations framework in Django 1.7, which is based on South but with significant design improvements.
<zioproto> coreycb: I am stucked in this http://paste.openstack.org/show/590802/
<ddellav> coreycb should we be updating the debian sync packages for b1?
<coreycb> ddellav, if there's anything available to sync then yes
<ddellav> coreycb i meant if there's nothing to sync from debian but the upstream is still > what we have.
<coreycb> ddellav, probably not worth it until there are ocata packages available
<ddellav> coreycb ok
<danpawlik> Hello, quick question about nova debianize: Why http://paste.openstack.org/show/qj6xr3q6tssrFpiq0I7Q/  in condition is exclamation mark?
<danpawlik> nova-manage db sync should be executed only on controllers or hosts which have defined connection parameter, not on compute hosts where connection parameter is not required
<jonah> Hi can anyone help. I'm running two Ubuntu Servers (16.04 LTS) and have a really funky problem. Every time I reboot postfix bounces emails back because a nameserver is removed from /etc/resolv.conf on one of the servers. Yet on the other server the nameserver stays in resolv.conf and that works fine. Does anyone know why one is different or how I am supposed to add them to resolv.conf?
<rbasak> powersj: FYI, massive ubuntu-server-triage.py refactor incoming. Please don't change it :)
<powersj> rbasak: haha ok
<coreycb> zioproto, i found a few things that may be useful in the django package
<coreycb> zioproto, http://paste.ubuntu.com/23553748/
<coreycb> zioproto, http://paste.ubuntu.com/23553750/
<nacc> cpaelzer: yeah, i recall you saying my name last week
<cpaelzer> nacc: ok, would you ming chairing even I forgot to update the wiki?
<cpaelzer> nacc: please  please please
<nacc> cpaelzer: yeah of course
<cpaelzer> nacc: puh, thanks
<nacc> cpaelzer: np!
<zioproto> coreycb: not sure this is the right thing: http://paste.openstack.org/show/590850/
<zioproto> coreycb: I found my problem
<zioproto> I had a django extension
<zioproto> that was installing and importing south
<zioproto> I need a new version of that extension compatible with django 1.8.7
<coreycb> zioproto, ok good
<samba35> cpaelzer: hello how r u ?
<cpaelzer> samba35: good, how are you?
<samba35> i am fine thanks
<samba35> dpdk guy right ?
<cpaelzer> kind of
<samba35> now i have two nic installed on ubuntu 16.04.1 server and both are dhcp 1 nic is configuer with openvswitch but i want all traffice to be controlled by nic which is not configure with openvswitch for that what i should do ?
<samba35> this is machine is behind/manage by firewall /utm
<jgrimm> jamespage, coreycb: fyi, will probably want to get fix for bug 1642763 into the cloud archive as well
<ubottu> bug 1642763 in keepalived (Ubuntu) "keepalived raising VIP apply error" [Medium,Triaged] https://launchpad.net/bugs/1642763
<jgrimm> coreycb, jamespage: nacc is working that bug
<nacc> importing it right now, will upload the fix(es) shortly
<jgrimm> but wanted you to have heads up
<NOVAtechies> \]
<NOVAtechies> whoops sorry everyone
<jamespage> jgrimm, nacc: ta - thankfully keepalived is not in the UCA so well just pickup the default from xenial or trusty
<jgrimm> jamespage, great!
<nacc> jamespage: ok, good to know
<john75077> hello all
<john75077> i am spinning up the conjure-up openstack with NOVALXD, and now the follow up question.... Is there a conjure-up that tells a new separate machine to connect and be seen?
<jgrimm> nacc, "risk is low" everyone says that. more useful would be to additionally document testing done over that codepath, also a mention of testing against some other arch as regression proofing <- jgrimm channels rbasak
<jgrimm> nacc, wrt SRU template responses on that keepalived bug
<nacc> jgrimm: ack
<rbasak> jgrimm: right, thanks :)
<rbasak> nacc: another thing is to consider where a regression might be if it does exist, in order to direct verification testing.
<nacc> rbasak: right
<nacc> rbasak: in this particular case, we're *growing* the size of the static buffer, afaict, in all cases where there is any change from the prior binary
<ddellav> coreycb aodh newton sru done: lp:~ddellav/ubuntu/+source/aodh
<coreycb> ddellav, ok lemme know when they're all done and i'll do them as a batch
<ddellav> coreycb ok, will do
<john75077> @mmcc - hello
<john75077> [12:57] <john75077> i am spinning up the conjure-up openstack with NOVALXD, and now the follow up question.... Is there a conjure-up that tells a new separate machine to connect and be seen?
<mmcc> hi john75077, the juju controller that conjure-up uses for the openstack-novalxd spell is only able to control containers on the same host that you run conjure-up on.
<mmcc> if you want to deploy openstack on multiple machines, the way to do it is to install MAAS, enlist those machines into MAAS, then deploy using juju onto that MAAS - conjure-up can help you with the last step, the deploy, if you select the "Openstack Base for MAAS" spell
<zul> coreycb: http://pastebin.ubuntu.com/23554792/ :(
<coreycb> zul, not as good as xenial, but not bad
<john75077> the problem i have been having with maas is it doesnt use WOL anymore as of the last couple of updates. in launchpad they say to go back to 14.04
<zul> coreycb: boot from volume tests fail
<coreycb> zul, ceph isn't in the ocata cloud archive, i wonder if that's related
<roaksoax> john75077: MAAS 2.X+ doesn't support WoL anymore
<john75077> i know thats sad -
<roaksoax> john75077: you do have a "manual" power type that will allow you to manually power it on/off
<john75077> i was really looking to either build up from the openstack novalxd install and add more nodes or work with juju and lxd to add more physical machines
<zul> coreycb: straight ocata
<zul> coreycb: sorry zesty/ocata
<coreycb> zul, right just saying different versions of ceph may be the difference
<zul> coreycb: yeah
<coreycb> seyeongkim, were you planning to provide kilo patches for bug 1323660?
<ubottu> bug 1323660 in Ubuntu Cloud Archive icehouse "[SRU] Glance image properties not copied to cinder volume with glance V2 API" [Undecided,In progress] https://launchpad.net/bugs/1323660
<coreycb> beisner, hi can you promote neutron 2:8.3.0-0ubuntu1.2~cloud0 from mitaka-staging to mitaka-proposed?
<Village> Hello, i was delete all iptables "iptables -F" and now i can't connect to my eggdrop via DCC? It;'s can by that i delete iptables? How i can restore? Thanks
<john75077> I don't know about that, did you save the rules before you ran the command?
<sarnold> Village: dcc doesn't work well across NAT firewalls unless you've got some funny helpers installed to read your irc traffic (seriously)
<Village> john75077, no i don't save anything i just enter command "iptables -F" because before i was try pptpd.. and i was want that all entered iptables commands gone, and when now i want connect eggdrop via DCC it's not happens
<Village> :/
<beisner> coreycb, neutron promoted to mitaka-proposed re: https://bugs.launchpad.net/bugs/1573073
<ubottu> Launchpad bug 1573073 in neutron "[SRU] When router has no ports _process_updated_router fails because the namespace does not exist" [Undecided,In progress]
<coreycb> beisner, thx
<beisner> yw coreycb
<Village> sarnold, so iptables no asotiate with eggdrop DCC? Please answer
<Village> I know that router must be 113 port that ident be accepted at IRC server and then connect to Eggdrop via DCC, but it's not happens:(
<john75077> @Village - I dont know about how to recover from that, though I would strongly suggest making this your new best friend as it has some conditions https://help.ubuntu.com/community/IptablesHowTo
<sarnold> Village: this looks useful https://home.regit.org/netfilter-en/secure-use-of-helpers/
<Village> first link is simplest i think so
<Village> now need understand it
<john75077> do we have any lxc / lxd folks in here?
<rattking> hmm I have been converting some VM's from xen to kvm and I find that when I specify more then 1 cpu in the libvirt/qemu config the VM kernel panics on boot with "BUG: soft lockup - CPU#1 stuck for 22s!" does anyone know why that would be?
<nacc> rattking: fyi, that's not a panic
<nacc> rattking: that's a soft lockup warning/error
<rattking> ahh right. wrong term.. it sticks there and keeps dumping its stack
<rattking> last thing it does before that is "Trying to unpack rootfs image as initramfs..."
<nacc> rattking: i assume your host actually has sufficient CPUs to run multi-CPU guests?
<rattking> it has 8 cores
<nacc> rattking: do you get any messages in the host?
<nacc> rattking: are yu still running xen on the same host, as well?
<rattking> "kvm [20855]: vcpu0 unhandled rdmsr: 0xc0010001"
<rattking> no xen was on another host
<nacc> rattking: is your VM configured to be a particular CPU type? and possibly different than the physical CPU type?
<rattking> nacc: this could be.. I have cpu match='exact' and <model>Opteron_G3</model> in the xml file.. and the CPU is a AMD Opteron 6212
<nacc> rattking: that would be my guess, i would specify to run the same CPU as the host, or a generic x86 cpu
<nacc> rattking: it's possible the smp code is getting messed up
<rattking> ok thanks! I will research the various cpu options
<nacc> rattking: i think there's a checkbox in virt-manager for 'use host cpu'
<rattking> sadly I cant use virt-manager in my environment.. cli only
<rattking> I made a small effort to get virt-manager to jump through anouther ssh node but was unable to get it working
<nacc> rattking: ah ok, just drop your modifications to the <cpu> stanza
<nacc> iirc
<nacc> https://libvirt.org/formatdomain.html#elementsCPU
<nacc> rattking: i would guess you want either host-model or host-passthrough, or nothing at all, (and libvirt will dtrt)
<nacc> rattking: is there a reason you want a Opteron G3?
<rattking> no, I based my config off an existing xml file.. I suspect that vm has the same issue :)
<nacc> rattking: ah ok
<rattking> nacc: thanks a ton for the help
<nacc> rattking: np, gl!
<rattking> hmm even with <cpu mode='host-passthrough'/> I cant boot with more then 1 vcpu
<nacc> rattking: try with just no options to <cpu> ?
<rattking> that shows "CPU 0 -> Queue 0" and "CPU 1 -> Queue 0" then stops there
<nacc> rattking: on the kernel messages?
<rattking> yes
<nacc> rattking: no idea, sorry :/
<rattking> ok NP
<bitdon> hey all, so I have 3 ubuntu boxes all with only -main -security and -universe repos enabled. When I log into all three I get a notfication saying there's 7 security updates but when I do apt-get update && apt-get upgrade it says 0 upgraded
<bitdon> what did I miss?
<nacc> bitdon: maybe try `apt-get dist-upgrade` (meajning a version change maybe?)
<bitdon> nacc: let me try it
<nacc> bitdon: by which i mean, 'upgrade' tries to be a bit safer, but won't remove pacakges, e.g., iirc
<nacc> bitdon: dist-upgrade will generally do the whole thing, which is why (aiui) `apt` just has 'upgrade' and 'full-upgrade'
<bitdon> nacc: that did it, so what was the problem? :\
<bitdon> In order to install the new kernel, you need to run apt-get dist-upgrade . Notice how an apt-get upgrade will say that the kernel packages have been held back . That's the cue for using apt-get dist-upgrade . ... The apt-get upgrade command will normally only install updates (or fixes) to currently installed packages.
<bitdon> ^ that explained, never mind
<bitdon> thanks nacc
<nacc> right :)
<nacc> bitdon: you can also look at `man apt-get` to see the differences
<bitdon> will do
#ubuntu-server 2016-11-30
<Datz> Hi, at some point I've altered /etc/resolvconf/resolv.conf.d/original I'm not sure how to bring it back to its original state. I've having trouble with DNS resolution from what I can tell. How can I troubleshoot this?
<sarnold> Datz: depending upon your environment there may or may not be anything worth trying to recover.. that's one of the most configurable services around, and no two environments are the same, and the resolvconf service drastically complicates the whole thing...
<Datz> I see
<sarnold> Datz: do you have nameservers that must be included? do you get dns servers assigned with dhcp lease information?
<sarnold> Datz: do you have running dns servers 'locally' on your system for libvirt or lxc or lxd or whatever else that might require local dnsmasq instances?
<Datz> I do not have nameservers that must be included. I'm not sure if dns servers are assigned with dhcp lease information.
<Datz> This is a home setup, and I got a new modem/router today
<Datz> There are no DNS servers running locally
<sarnold> i'm a very lazy person, I'd rather fix /etc/resolv.conf by hand when needed than have magic tools fix it up, so I uninstalled resolvconf and just manage it manually
<sarnold> does your modem/router have a local dns recursor or proxy?
<Datz> I see. I noticed resolv.conf was not generated when I checked
<Datz> sarnold: I'm not actually sure.
<sarnold> Datz: something like "host www.google.com 192.168.0.1" should tell you if it's got a live cache/recursor running -- just replace the IP address with the IP of the gateway/modem
<Datz> Ok, it's just telling me that I don't have /etc/resolv.conf
<Datz> I'd create the file, although I'm not sure how to populate it
<sarnold> hrm I thought 'host' would ignore /etc/resolv.conf if you gave it two arguments. now i'm confused.
<Datz> well, it said it failed to parse
<sarnold> ahhh
<sarnold> my 'host' command is supplied by the bind9-host package
<sarnold> (the Real DNS people always use dig, of course, but I find it _baffling_)
<sarnold> I can't get host to fail when I run it like "host www.google.com 192.168.0.1" -- no /etc/resolv.conf, broken /etc/resolv.conf, they're both fine..
<Datz> I see
<Datz> Well, should I get rid of resolvconf?
<Datz> or just hang the box in the woods with meats nailed to it?
<sarnold> I like that idea
<sarnold> very poetic ;)
<sarnold> Datz: what's in your /etc/resolv.conf file now?
<Datz> an obvious problem from what I can tell
<Datz> couple of nameservers with bad syntax
<Datz> one is added from /etc/resolvconf/resolv.conf.d/head even though it's commented out
<Datz> other is added from /etc/resolvconf/resolv.conf.d/original apparently
<sarnold> Datz: I can't remember exactly how things work but I -think- it goes something like...
<sarnold> when it starts, it copies what's there into .../original. it then takes .../head, smacks it in front of what's there, and appends .../tail --- and when changes are made by dhcp clients or libvirt or whatever, they're written in the 'middle' of the file, but .../original isn't updated. I'm not sure what happens across a reboot.
<Datz> well, that seems to make sense
<Datz> maybe it wasn't overwritten on reboot
<Datz> I can get it to rewrite /etc/resolv.conf with -> service networking restart ?
<Datz> oh, I suppose I can just edit it
<Datz> well, that worked
<Datz> oh, it's back..
<Datz> so I guess I thought that commenting out the nameserver in /etc/resolvconf/resolv.conf.d/head would prevent it from making its way into /etc/resolv.conf I was wrong. Problem seems fixed now.
<Datz> Thanks for your help and suggestions sarnold
<sarnold> Datz: are things mostly working?
<Datz> Things appear to be working at the moment, guess I should test some other stuff out
<sarnold> Datz: if it gets too crazy try uninstalling the resolveconf service and just manage the file by hand
<Datz> I will do that. Thanks again. :)
<sarnold> Datz: you get a maximum of three entries, they should all return identical results, and if they don't exist it adds SIX SECONDS to every name lookup, so make sure you remove entries when they don't work -- life isn't worth living i fyou've got six second penalties to every single name lookup.
<Datz> I competely agree. It should be more like 5 seconds, at least give you a chance at life.
<sarnold> lol
<JohnMcClain> Here's some software I want to run. http://www.ce.berkeley.edu/projects/feap/feappv/ . I ran the makefile and succesfully make'd it. Here are the current directories. Which one looks like I should be able to run it?  http://imgur.com/a/eZkV5
<sarnold> JohnMcClain: i'd try "FEAPFVHOME3_1=`pwd` make install"
<sarnold> JohnMcClain: and if this is a brand new VM, run "apt-get install build-essential gfortran" first
<JohnMcClain> ok. I did another apt-get install build-essential. Thanks. Once I follow those 2, what file should I expect to see to run it or how would I find out what commands are available to me?
<JohnMcClain> I installed gfortran and build-essential already. o upgraded....
<JohnMcClain> I'm going to say " export FEAPPVHOME3_1=/`pwd` make install   "
<sarnold> if you use the export then do it on two line,s one for the variable, one for the make install
<JohnMcClain> This is my last result: http://i.imgur.com/y9j6EzW.png
<JohnMcClain> I feel like it should be able to run
<sarnold> looks promising. try ./main/feappv -h or something
<JohnMcClain> that's it
<sarnold> \o/
<JohnMcClain> ok... so how did you know that's what I needed?
<sarnold> the first few lines of the makefile.in gave me the impression that it wanted the top directory of the unpacked sources
<sarnold> you could either assume that that would be the current working directory, or have the person run make -C, but this thing runs on a wide variety of crazy compilers and ancient-feeling systems, where make -C may not work reliably everywhere, and there might be funny reasons for not wanting it to be the current working directory first...
<sarnold> so it seemed like a safe assumption to suggest; and if it failed, it'd hopefully fail quickly :)
<JohnMcClain> ./main seems like something like root/home directory
<JohnMcClain> If I wanted to see where the ./main/feappv file is, how would I find it?
<sarnold> if ./main/feappv runs it, then run pwd -- and add the main/feappv bit after that
<sarnold> (pwd, without any arguments. I made that mistake recently, using -- as puntuation when it also looks like the start of a parameter)
<JohnMcClain> I'm writing down everything I did to get to this point
<JohnMcClain> the ./main/feappv -h command only works when I'm in the ver31 directory
<JohnMcClain> the idea of pwd is to make the command always available in the 'namespace' ?
<sarnold> the pwd just reports the present working directory
<sarnold> if you want you could 'cd main' and then you only need to type ./feappv
<sarnold> or you could mkdir ~/bin and cp the file into ~/bin . Then logout, login, I think our default shell scripts add the ~/bin directory to your path automatically
<sarnold> if you want to make the file executable for other users on the machine too, not just root, that'd take a bit more work; copy it to /usr/local/bin/
<JohnMcClain> http://i.imgur.com/h5eTlgd.png
<JohnMcClain> I'm in the ~/ver/31/main and I can see feappv, but I cannot run it while in that directory
<sarnold> you need the leading ./
<sarnold> the current working directory isn't in the PATH by default
<sarnold> you can set that if you want to but it's a terrible idea so please don't do that :)
<JohnMcClain> I need to be able to call this with PHP which is another user
<JohnMcClain> So I could try to add it to /usr/local/bin/
<JohnMcClain> cp the file wouldn't hurt the program's (absolute?) paths?
<sarnold> that depends upon the program.
<sarnold> this -looks- like it will tolerate being copied
<JohnMcClain> you're right!
<JohnMcClain> http://i.imgur.com/w6CYL1Q.png
<JohnMcClain> What are your expectations regarding how the program wants me to pass it a file located in ~ ?
<JohnMcClain> or perhaps I could put it in /var/www/ (not in html, where it could be accessible to others) ?
<JohnMcClain> then I could write all of my files in the /var/www/ directory, and I expect the software is only looking in the directory it's located in?
<JohnMcClain> Now it's saying: FEAP X11 Driver unable to open X windows connection. That means I need to reconfigure X11
<sarnold> woah
<sarnold> is your php program a web thing?
<JohnMcClain> Yes.
<sarnold> your web server probably shuoldn't be doing X11 things...
<JohnMcClain> I'll be writing the files and controlling access
<sarnold> sorry to bail just when things get interesting but my tacoshop closes in 18 minutes :)
<JohnMcClain> Since I'm running this headless, perhaps I can find a way to not use the x11 elements.
<JohnMcClain> I get that error, but everything runs just fine.
<sarnold> but i'd strongly recommend either disabling X11 in this program or not running it via web, something like that... that'd be far easier than getting apache or nginx or whatefver to open X11 clients
<JohnMcClain> This software just takes a text file and outputs one. There should be no need for graphics of any kind.
<JohnMcClain> From what I'm reading, that's the primary use of x11.
<JohnMcClain> I'm going to wipe the server and try installing it again to make sure I got it
<JohnMcClain> Ok. This is everything I used to install it on a fresh Ubuntu 14.04 server. http://i.imgur.com/xmIHET3.png . Bah, forgot something about x11
<JohnMcClain> so I added apt-get install libx11-dev after apt-get install gfortran
<JohnMcClain> Ok. So now I have a full list of steps needed to completely install it with the requisite dependents
<JohnMcClain> Now the idea is to copy it into /usr/local/bin/ and provide www-data access to the software
<JohnMcClain> btw, this server will contain only this software and LAMP with bare-minimum data.
<JohnMcClain> Alright. I learned a lot today. It's my first time make'ing something in Linux. Maybe I'll be able to evaluate other software using what I know now instead of being stuck with $16k software packages.
<achiang> hello, does anyone here look after the ubuntu vagrant images?
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes'
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<mozart1893> can anyone help with the AWS Floating IP setup for failover purposes
<SipriusPT> hello guys
<SipriusPT> I am unable to redirect mail from one account to another in postfix
<SipriusPT> and i have already tried several methods that i have saw
<SipriusPT> and still no success
<SipriusPT> here i have posted info about my files
<SipriusPT> http://serverfault.com/questions/817875/unable-to-redirect-mail-from-account-to-account-with-postfix
<SipriusPT> anyone?
<tsimonq2> SipriusPT: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<Gargoyle> SipriusPT: You just need entries in /etc/aliases for a default install
<SipriusPT> thanks for the responses guys
<SipriusPT> Gargoyle: i have my config files in that path
<SipriusPT> i have there a smart host config in that location
<SipriusPT> and now i am trying to redirect mails
<SipriusPT> but i was only able to redirect 1 but i made a lot of changes after i notice it =/
<Gargoyle> did you run newaliases? (not 100% sure if thats needed with virtual maps)
<SipriusPT> i made it once after postmap
<SipriusPT> but i can try again, i was playing with aliases syntax
<SipriusPT> give me a minute
<SipriusPT> doesnt seem to  work
<SipriusPT> i will take a look at postfix docs
<Gargoyle> SipriusPT: You could probably save a lot of time if you make that your default action for any problem
<Gargoyle> Obviously, I mean reading the appropriate docs....
<Gargoyle> postfix man pages are not going to help you bake a cake...
<SipriusPT> i did it in a quick way and i notice that there was not such good examples
<Gargoyle> unless you're emailing your mum for the recipe
<SipriusPT> lol
 * Gargoyle should probably stop now
<coreycb> jamespage, hello, openstack-trove 1:5.1.1-0ubuntu2~cloud0 is ready to promote to mitaka-updates if you have a sec
<coreycb> jamespage, also horizon 3:11.0.0~b1-0ubuntu3~cloud0 is ready to promote to ocata-proposed
<deadnull> ok so I think I am losing my mind, staring at this preseed trying to figure out why its failing on linux-generic (16.04.1 auto install) - the failure is on 4.4.0-47, but that is not available. The machine has access to the internet. It should be installing 4.4.0-51 if im not mistaken. Any input would be greatly appreciated.
<samba35> i am trying to configure rsyslog server for logs from other server i think i have configure server correct but i am not able to get log to file
<samba35> i check with tcpdump port 514 some traffice is comming from remote server but no idea where it is going
<samba35> my hostname is ubuntu but it say ubuntu-2  ??
<samba35> 20:07:12.298536 IP 192.168.2.100.35630 > ubuntu-2.local.syslog: SYSLOG user.info, length: 320
<coreycb> jamespage, hmm, looks like django 1.10 sync is coming down the pipe and upstream horizon says there are still some issues, they've done limited testing so far.
<coreycb> nacc, are you syncing python-django?  mind if i do some testing with it first?
<jgrimm> coreycb, +1
<coreycb> jgrimm, ok thanks. i'll keep you posted.
<jgrimm> coreycb, i asked nacc to coordinate that with y'all before pulling trigger
<coreycb> jgrimm, awesome, appreciate that
<jgrimm> np
<rbasak> jgrimm: maybe something to bring up at the next IRC meeting too?
 * rbasak remembers his mysql-5.7 mistake.
<jgrimm> rbasak, yep... though coreycb and team have a standing conflict at our scheduled time, so we may have to schedule specifically with them
<coreycb> zul, the switch to pyldap for barbican makes no sense
<coreycb> unfortunately upstream openstack has a mix of ldap3 and pyldap usage
<coreycb> zul, sorry the switch to pyldap does make sense if we patch out ldap3 correctly
<coreycb> i guess it's the changelog that makes no sense
<coreycb> zul, the patch refresh missed a ldap3 import.  fixing that.
<cpaelzer> rbasak: fixed some stuff in https://code.launchpad.net/~paelzer/ubuntu/+source/multipath-tools/+git/multipath-tools/+merge/311921
<cpaelzer> rbasak: even more ready for your review now (just to fill up your todo list)
<rbasak> OK :-/
<nacc> coreycb: yes, i'll put it in a PPA in the bug before upload
<coreycb> nacc, no need unless you need it.  i have it in a ppa now.
<nacc> coreycb: ah ok
<nacc> coreycb: well, i need to coordinate with at least two teams to make sure no regressions, so probably will regardless :)
<coreycb> nacc, ok :)
<nedbat> Looking at this page: http://releases.ubuntu.com/xenial/ , it seems like there's a bunch of text copied and pasted at the top... Am I misunderstanding something?  There used to be an "alternate install", is that just gone for Xenial?
<bitdon> hey all, probably the wrong channel to ask this in but I got nothing in the ansible channel, hoping someone here could help. Anyone here ever deployed AIDE to Ubuntu servers? trying to understand what they are matching for here: https://github.com/lyrasis/ansible-aide-role
<bitdon> they have a regex matching a line and replace it with another, but I'm not replacing anything (since it's a fresh install) I would just like to add.
<jamespage> beisner, hey so https://launchpad.net/~james-page/+archive/ubuntu/newton will contain the patches for nova and os-brick for newton to hopefully resolve that s390x problem
<jamespage> it does not directly support s390x - but you can download the debs and install directly to validate
<beisner> jamespage, ++1,000,000
<jamespage> beisner, the nova patch may need a minor adjustment for newton - lets see
<jamespage> self._host -> self
<jamespage> it will fail unit tests if so
<zul> coreycb:yeah i have a patch in the wroksupstream for barbican
<zul> coreycb: good afternoon btw
<coreycb> zul, i fixed it up
<zul> coreycb: cool
<zul> coreycb: for the pyldap MIR it looks like we will need to use autopkgtest
<coreycb> zul, ok
<coreycb> zul, are there a lot of python-ldap rdepends?  if so those will probably need to be switched over to python-pyldap.
<coreycb> zul, i assume they'll take python-ldap out of main and put pyldap in
<zul> coreycb: just keystone that i know of
<zul> coreycb: *sigh* sahara, keystone, and nova
<coreycb> zul, i think it's a drop-in replacment so it shouldn't be a big deal
<zul> coreycb: yeah keystone is already using it in the testsuite
<beisner> jamespage, nova ftb in that repo
<EmilienM> coreycb, jamespage: fyi, we bumped our puppet CI to ocata-1, everything works fine, good job!
<coreycb> EmilienM, that's good. are you using the ocata-proposed pocket for xenial?
<coreycb> EmilienM, fyi the packages were all just promoted to ocata-proposed this morning so hopefully it's not a false positive. (crosses fingers)
<EmilienM> coreycb: that's what we test, ocata-proposed in xenial
<coreycb> EmilienM, cool
<EmilienM> I tested ocata-updates, but in fact it's newton
<EmilienM> so I use proposed
<coreycb> EmilienM, exactly
<jamespage> EmilienM, \o/
<coreycb> zul, did you have fixes coming for the ocata *-aas failures?
<zul> coreycb: nope i poked at it
<coreycb> zul, which means? :)
<zul> coreycb: poked...cursed.....got nothing :)
<coreycb> zul, gotcha
<thmbssfruit> anyone can access: renypicot.com.mx  (can see the webpage)?
<ddellav> coreycb zul fyi, all the newton sru packages are pushed and built except nova, running that now. You can start the reviews.
<ddellav> and i did rebase nova to include jamespage's changes from a little while ago.
<ddellav> here is the bug for reference https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1645772
<ubottu> Launchpad bug 1645772 in nova (Ubuntu Yakkety) "[SRU] newton stable releases" [Undecided,New]
<thmbssfruit> ddellav any help?
<ddellav> thmbssfruit downforeveryoneorjustme.com
<thmbssfruit> just for you
<coreycb> ddellav, alrighty
<coreycb> ddellav, looks like neutron needs a rebase
<ddellav> coreycb ok
<coreycb> ddellav, i think neutron-lbaas needs to be done too
<coreycb> ddellav, aodh, cinder, heat, horizon, ironic are pushed/uploaded
<ddellav> coreycb ok. Nova is exploding everywhere so I'm digging into that
<coreycb> ddellav, ok
<ddellav> it's spitting out xml errors now
<coreycb> ddellav, can you rebase ironic-inspector on this branch?  https://code.launchpad.net/~ubuntu-server-dev/ubuntu/+source/ironic-inspector/+git/ironic-inspector/+ref/stable/newton
<ddellav> coreycb ok
<coreycb> ddellav, also since we have the same versions in yakkety and zesty, we'll have to upload 4.2.1 to both releases
<ddellav> coreycb ack
<coreycb> ddellav, i'll get zesty
<coreycb> ddellav, you can use this for the yakkety version 4.2.1-0ubuntu0.16.10.1
<ddellav> coreycb ok
<guille1> hi! I have a problem with nginx on ubuntu. A website won't load from outside my LAN. This happened 2 days ago with no prior change to the site. I can load it from inside my LAN and I can also access another website hosted on the same server from anywhere. Can someone help me please troubleshoot this problem?
<Ben64> what happens when you try
<guille1> Ben64: I get a timeout error
<sarnold> do you get errors in the nginx logs? system logs? firewall logs on the machine or routers?
<guille1> no errors on the nginx logs
<sarnold> look the hostname manually outside the lan, or use a dns service to look it up, and make sure the ip address looks sane
<guille1> hmmmm I get a lot of blocks from ufw on syslog
<guille1> sarnold: the ip address is correct
<guille1> I'll deactivate ufw for a sec
<guille1> it didn't help
<Ben64> use wget
<guille1> Ben64: what do you mean?
<Ben64> wget site.com
<guille1> ok
#ubuntu-server 2016-12-01
<guille1> I'm able to download the index page
<Ben64> then it works
<guille1> Ben64: but it doesn't... :/
<Ben64> you were able to get the site via wget
<sarnold> restart your browser perhaps/
<sarnold> check your /etc/hosts on the machine with the brwoser to make sure that you didn't fake it up for a bit? :)
<guille1> sarnold: I'm using a proxy to check it from outside
<nacc> sarnold: feels like you're speaking from experience :)
<guille1> it doesn't load
<guille1> I did the wget from within the same server... I think that means I cheated a bit
<sarnold> nacc: *ahem* me no I never make mistakes no never! :)
<Ben64> yeah, you need to wget from outsite ....
<Ben64> what's the website
<nacc> sarnold: that's my operating assumption now :)
<sarnold> uhoh :)
<guille1> I can't really do wget from here
<guille1> I'll get intercepted by the router when I come back
<Ben64> ok so what's the site
<guille1> https://guillermourcera.com
<Ben64> yep, doesn't work
<guille1> Any ideas? It worked wine until a couple of days ago, and I can load other sites on the same server just fine
<Ben64> 80/tcp filtered http
<guille1> it's really weird
<Ben64> you need to open the port
<Ben64> and probably stop trying to run a site from a home connection
<guille1> Ben64: open port 80? isn't it open on "Nginx  Full" ? Also, if I'm only using https don't I just need 443?
<Ben64> 443/tcp filtered https
<Ben64> you should have both open
<Ben64> and really, stop running servers at home
<sarnold> All 1000 scanned ports on guillermourcera.com (2.136.41.191) are filtered
<sarnold> hehe yeah looks like a firewall somewhere is unhappy
<Pinkamena_D> hello, I am looking for a way to install Latex with a working package manager (system wide), is this possible?
<jge> Hey all, anyone know why in ubuntu 16.04 I'm seeing a bunch of "permission denied" when I do 'sudo find / -name blah'
<jge> I'm getting it when I run command as root too
<sarnold> Pinkamena_D: apt-get install texlive-latex-base   should get you a working pdflatex command. Of course you may need more packages depending upon what your documents require.
<sarnold> jge: for which files/directories?
<Pinkamena_D> sarnold: Thank you, my issue is that I am trying to install the 'tracklang' package for all users. Using the 'tlmgr' program I can only install it for one user.
<jge> sarnold: lstat() failed for /var/lib/lxcfs/cgroup/blkio/blkio.reset_stats:Permission denied lstat() failed for /var/lib/lxcfs/cgroup/blkio/init.scope/blkio.reset_stats:Permission denied
<Pinkamena_D> sarnold: Also using the 'how to manually install a package' instructions I encountered other missing packages which are dependencies, so I assume going down that route will be a nightmare
<sarnold> Pinkamena_D: the texlive-generic-extra package claims to have tracklang
<jge> that's an output from aide by the way which is giving a lot of permission denied errors as well
<jge> I have the same exact set up using 14.04 and not seeing it
<Pinkamena_D> I did $ apt-file search "tracklang.sty" and got no results, was this incorrect?
<Pinkamena_D>  ; how did you find that package?
<sarnold> Pinkamena_D: hmm is your apt-file up-to-date? mine wasn't, but after updating it, I find: $ apt-file show texlive-generic-extra | grep tracklang.sty
<sarnold> texlive-generic-extra: /usr/share/texlive/texmf-dist/tex/latex/tracklang/tracklang.sty
<sarnold> Pinkamena_D: I ran 'apt-cache search tracklang' to find the package name
<sarnold> jge: curious. I wonder how that happens. :) what filesystem type is mounted there?
<Pinkamena_D> ahh, apt-cache - I will keep that in mind, thanks! ; So I guess the idea in general is to just pray that the packages are in one of the ubuntu .debs , then?
<sarnold> that's been my approach to latex packages for sure :)
<sarnold> I never got the hang of their 'native' packaging thingy..
<Pinkamena_D> sarnold: ok, I appreciate it. Have a good night!
<sarnold> you too, have fun :)
<jge> sarnold: it's ext4
<jge> weird issue, fresh install too
<sarnold> jge: _really_? I was expecting either cgroups or lxcfs. I wasn't sure which one to expect.
<jge> hmm yeah I dont know whats going on
<jge> sarnold: not to be annoying but do you happen to have a fresh install of ubuntu server 16 around you can test something for me?
<sarnold> jge: let me spin on up
<jge> awesome, thank you
<sarnold> jge: alright, it's up
<jge> sarnold: could you as root run, 'find / -name blah'
<jge> do you get any permission denied messages?
<sarnold> jge: all the same stuff in /var/lib/lxcfs/cgroup/
<jge> sarnold: ok, so it's not something I did..
<sarnold> lxcfs on /var/lib/lxcfs type fuse.lxcfs ....
<sarnold> jge: yeah. lxcfs over fuse makes sense to me, that's the most luikely thing to return permissionm denied to root, woot
<jge> sarnold: not sure I understood that last line, so is this normal?
<jge> my aide reports are also getting a bunch of permission denied on /var/lib/lxcfs and /run/lxcfs
<sarnold> jge: yeah, it probably only makes sense 'within' a container of some sort
<sarnold> feel free to tell aide to skip all those
<jge> yeah I'll tell it to ignore
<jge> thanks for looking into that sarnold
<sarnold> my pleasure, I was curious too :)
<jge> ;)
<EvilAngel> I missed the message but the 16.04 lts server install doesn't boot on an ibm x3850 m2
<EvilAngel> I think the 16.10 does, but I'm checking now
<EvilAngel> might be needing iommu=soft
<nedbat> Looking at this page: http://releases.ubuntu.com/xenial/ , it seems like there's a bunch of text copied and pasted at the top... Am I misunderstanding something?  There used to be an "alternate install", is that just gone for Xenial?
<sarnold> eww :)
<OerHeks> nedbat, for a long time now, mini iso and netinstall are your choise
<nedbat> OerHeks: any idea why that page has the same paragraphs three times?
<EvilAngel> I see the same
<EvilAngel> two desktops and 3 servers
<OerHeks> nedbat, page is borked indeed, multiple links to .iso and .img
<sarnold> some of it is because there's 16.04 and 16.04.1 links in the different paragraphs
<OerHeks> oh, that clears it up
<sarnold> well, it explains four of the five paragraphs :) the doubled server 16.04 links still dont make sense
<sarnold> and it's probably not right no matter what, I think just 16.04.1 links alone would be best
<nedbat> Â¯\_(ã)_/Â¯
<sarnold> thanks nedbat, I filed https://bugs.launchpad.net/ubuntu-cdimage/+bug/1646335
<ubottu> Launchpad bug 1646335 in Ubuntu CD Images "duplicated text on http://releases.ubuntu.com/xenial/" [Undecided,New]
<seyeongkim> coreycb, yes. and I re-uploaded debdiff for Kilo.
<Pinkamena_D> I have used ubuntu on my HTPC for a few years, all is usually well but with a few videos there is some low framerate issues. I just switched out the TV so I can no longer use the S-video out from the old vidoe card and I need to buy a new card with HDMI. Any recommendations of a good card for linux which would be able to make use of hardware acceleration?
<Pinkamena_D> oops wrong channel
<masber> hiyesterday
<masber> yesterday suddenly the remote host identification was changed
<masber> is this something to do with the "Packages that will be upgraded: python-cryptography vim vim-common vim-runtime vim-tiny" entry I see in the unatended-upgrades log file?
<masber> hello
<lordievader> Good morning
<danpawlik> Hello, why in dpkg buildpackage for python project, in building its only include *py files without others ?
<thekrynn> any reason why duplicating a file on an NFS store to the same directory its in triggers a read/write of that data over the network? I thought NFS was smarter than that
<Gargoyle> Don't think so. It's your machine copying the bits!
<zul> coreycb: neutron was buidling fine last night....now ostestr is tracebacking out
<coreycb> zul, yeah it was ok eod yest
<zul> coreycb: yeah ill take a look at it when i get in (offically)
<coreycb> zul, ok thanks
<zul> coreycb: although i dont see why it should
<coreycb> danpawlik, you may need a manifest file.  although for openstack projects they're starting to drop their manifest because python-pbr is supposed to do the right thing.
<danpawlik> coreycb: thanks
<danpawlik> coreycb: one more question: http://paste.openstack.org/show/591118/
<danpawlik> And other people who are here: why cloud archive package have debian/nova-common.postinst have the condition with " ! "  http://paste.openstack.org/show/591118/
<danpawlik>  
<coreycb> danpawlik, i think the idea behind that was to leave db migration to the user or config management on non default installs
<coreycb> danpawlik, by default it uses an sqlite db but you wouldn't use that in production
<danpawlik> coreycb: sure, but in first condition it try to run it on compute node, where is no "connection" and sqlite connection params. Only controller should have it so I guess it's a bug
<coreycb> danpawlik, yeah that doesn't seem ideal.  does it cause any issues though?  btw we've talked about dropping the default sqlite db's recently but i think we need to get an exception because services wouldn't start by default.
<danpawlik> coreycb: normally not. I will not find it but one of my compute hosts was failing and I was wondering why.  Now I thinking that condition is bad... I don't know if other people have the same error.. Google doesn't show some interesting posts/errors reported on forums.
<coreycb> danpawlik, you should be able to just delete the sqlite db after install
 * coreycb is leaving for an hour
<cpaelzer> rbasak: could you usdi import ntp for me?
<cpaelzer> rbasak: I get a ERROR:ubuntu/devel is not a defined object in this git repository, but then the latest Debian is also missing - so maybe a refreshed import will fix it all
<cpaelzer> nacc: ^^ in case you are on unexpectedly early :-)
<rbasak> Trying
<cpaelzer> rbasak: let me know if a clone works cleanly for you afterwards - it might be that "my" lpmep has an effect since I merged ntp last time
<cpaelzer> logwatch behaves the same for me :-/
<rbasak> cpaelzer: done, and "usd clone ntp" works for me too.
<cpaelzer> rbasak: tks, checking on my side now
<rbasak> Doing logwatch
<cpaelzer> rbasak: seems to work now for ntp
<zioproto> I guess this is very basic
<zioproto> neutron.notifiers.nova MissingAuthPlugin: An auth plugin is required to determine endpoint URL
<KlausedSource> hey guys, i got a question. i got a network printer. i want 1 spool for 1 kind of paper and another 1 for the other kind. the printer always has both kinds of paper.
<KlausedSource> when i install a printer with cups i need to enter the IP. can i just go and make a "duplicate" entry with the same IP?
<ddellav> coreycb I'm rebaseing neutron now, but i noticed the version number has the 0ubuntu1.16.10.1 should I carry that forward?
<ddellav> coreycb also neither neutron nor neutron-lbaas have any changes in the git log or changelog since last month at the latest.
<ddellav> for stable/newton that is
<coreycb> ddellav, you can use 2:9.1.1-0ubuntu1
<coreycb> now that zesty has moved on to 10.0.0*
<ddellav> ok
<coreycb> ddellav, are you able to import the released upstream tarball?
<ddellav> coreycb yes, without even having to use replace merge mode
<coreycb> ddellav, ok
<cpaelzer> nacc: I'll quickly do logwatch merge (seems very very minor) - let me know if you already started
<cpaelzer> rbasak: nacc: fyi I also just completed NTP and sent a MP for your review queue
<am0nrahx> Anyone know of an alternative to this? https://linux-dash.github.io/
<am0nrahx> for Windows
<teward> am0nrahx: wrong channel for Windows
<teward> try ##windows
<am0nrahx> Figured someone in here would know since that's a linux utility, but ill try ther.
<teward> this isn't a Windows channel though :p
<zul> coreycb: " oslo_db.exception.DBNonExistentTable: (sqlite3.OperationalError) no such table: floatingipdnses [SQL: u'DELETE FROM floatingipdnses']"
<nacc> cpaelzer: nice!
<ddellav> coreycb neutron and neutron-lbaas rebased
<coreycb> ddellav, ok
<ddellav> coreycb ironic-inspector rebased on new repo and available
<coreycb> ddellav, did ironic-inspector build ok?
<ddellav> coreycb yes, on xenial and yakkety
<coreycb> ddellav, neutron pushed/uploaded.  neutron-lbaas looks to be a no-op.
<Datz> Hi, I'm having an issue where I can only reach my apache server from outside of the local network. If I use the domain name from within the network, I get ERR_CONNECTION_REFUSED, but if I use a local IP, I get some text through, but it looks as though css doesn't make it through (no structure or images). Am I correct in assuming that this is a apach2 configuration problem?
<Datz> Thougth it was the router, but I've just relpaced the old one, and the problem remains.
<zul> coreycb: doh....maybe....https://github.com/openstack/oslo.db/commit/e03b0dd06940a9262d90ec2699a4452835c05b56
<ddellav> coreycb zul are you guys aware of any issues with nova in newton? I can't get it to build binaries even as-is on xenial or yakkety locally. I'm running it in my ppa just to check but something is up.
<zul> ddellav: no im not
<zul> coreycb: yeah oslo.db regression
<monsune> was it a good idea to install 15.04 server? or should i rather go for 14 or 16?
<tarpman> monsune: 15.04 reached end of life back in february and hasn't received any security updates since then. you should not use it any more
<tarpman> monsune: for a new system you should use either 16.04 (if you want to install it and leave it) or 16.10 (if you're ok with upgrading to a new release every 6 months)
<tarpman> monsune: support lifetimes are documented here: https://wiki.ubuntu.com/Releases
<monsune> tarpman thank you very much, that was a precise info :)
<monsune> just not understanding why 15 reached end of life while 14 is still being updated?
<nacc> monsune: LTS versus non-LTS
<monsune> so does it mean that 14 will, in fact, have newer packages, than 15?
<sarnold> monsune: every two years we release a version that we'll support for five years. every six months we release something that we support for nine months.
<monsune> i basically didn't want 16 and wanted something most recent below that
<nacc> monsune: no
<monsune> sarnold oh hm
<nacc> monsune: 15.04 and 15.10 are irrelevant to talk about at this point, they are no longer supported releases
<nacc> monsune: you absolutely should not install 15.*
<monsune> so many versions... this is really confusing :/
<nacc> monsune: what is confusing?
<nacc> monsune: first of all, don't say '15' or '14', they are not Ubuntu versions
<monsune> nacc ok so looks like my first step it to wipe 15, but not really sure what's next...
<nacc> monsune: second of all, 14.04 is an LTS (so supported for 5 years), as is 16.04 (and 18.04 will be)
<nacc> monsune: all other releases are supported for only 9 months
<tarpman> monsune: 14.04 for the most part has the same versions it has when it was released. a stable release receives targeted fixes for important bugs, and security fixes, but that's it for the most part. new software is generally (with only a few exceptions) not added to an existing release
<tarpman> monsune: if you're not sure, just go with 16.04 LTS
<monsune> an example what is confusing to me: 14.04.1, 14.04.2, 14.04.3, 14.04.4, 14.04.5... and all maintained and supported separately. why is that? i'm sure it makes sense but i'm still not getting it.
<nacc> monsune: https://wiki.ubuntu.com/Kernel/LTSEnablementStack
<sarnold> the .2, .3, .4, .5, are mostly just newer kernels with newer hardware support
<sarnold> it's 99.99% the same packages
<nacc> monsune: at this point, only 14.04.0, 14.04.1 and 14.04.5 are supported
<monsune> tarpman my problem with 16 is php7 that i don't want at the moment but at the same time i don't have access to newest packages if i decide for 14 so this is really hard choice for me
<nacc> monsune: you don't have the 'latest' packages in 16.04 either (again stop saying '16')
<monsune> oh so those are different kernels mostly, ok got it.
<nacc> !latest | monsune
<ubottu> monsune: Packages in Ubuntu may not be the latest. Ubuntu aims for stability, so "latest" may not be a good idea. Post-release updates are only considered if they are fixes for security vulnerabilities, high impact bug fixes, or unintrusive bug fixes with substantial benefit. See also !backports, !sru, and !ppa.
<monsune> i should say newer packages in 16.04 compared to 14.04
<nacc> monsune: kernels and X stack, yeah
<monsune> i wonder about various libs also, etc.
<nacc> monsune: yes, they will be "newer" in 16.04 than 14.04
<nacc> monsune: generally; specific packages will get more specific responses
<monsune> wish i came here to ask for advice before i went with 15.04 (or was it 15.10)
<nacc> monsune: when did you do that?
<nacc> monsune: as in, when did you do that install
<monsune> 2 days ago
<nacc> monsune: where did you download those from?
<monsune> but does it mean that currently supported 14.04 will have newer security updates than 15.04/10?
<sarnold> monsune: if your applications can't use php7 yet then it's probably best to stick with 14.04 LTS
<nacc> monsune: 15.04 and 15.10 are not supported and don't get any updates!
<monsune> well many of them can't
<monsune> i'm just not ready for php7
<monsune> at the same time i'm sure i could "profit" from 16.04 in many ways but looks like i'm somehow forced to use 14.04
<nacc> monsune: to have 2 days ago installed 15.04 or 15.10 feels like you had to go out of your way (or not updated your installer USB or whatever): http://cdimage.ubuntu.com/releases/
<monsune> so that's why i thought 15.04/10 would be a good choice...
<monsune> "newer than 14.04, older than 16.04 but still good enough for me" while it came out to be absolutely wrong :)
<sarnold> 15.04 hasn't gotten any security updates since february; 15.10 hasn't gotten any security updates since july
<monsune> nacc i just downloaded 15.04 (or .10) from some mirror and installed it
<nacc> monsune: that's ridiculous
<sarnold> 14.04 LTS got a security update a few hours ago :) https://www.ubuntu.com/usn/usn-3133-1/
<monsune> why? i think the naming scheme is simply confusing
<monsune> versioning*
<nacc> monsune: you downloaded a, potentially, random ISO from some mirror, without checking what was supported or not?
<monsune> sarnold so in fact that "old" 14.04 LTS got more security than "newer" 15.04 :)
<monsune> nacc it's an official mirror listed at your website
<monsune> they have 15.04/10 there so why not
<monsune> i guess you should just remove 15.04/10 everywhere if it is so bad to use it
<nacc> who is this "you"?
<monsune> that's my opinion from an ubuntu noob, the way i see it
<monsune> i addressed that to someone who previously said "we release"
<rbasak> They usually do get moved to old-releases, but I believe there are complex reasons why 15.10 in particular hasn't been moved (Ubuntu phones)
<sarnold> monsune: other projects often designate one or two versions as an "lts" version that they'll support for longer-than-normal, and other versions are "short-term" releases that they support for only a short while
<monsune> rbasak oh ok so that's why
<rbasak> But there always be a period of time after a release is end-of-life but before it has been moved. You shouldn't rely on it.
<monsune> yeah but seriously, it seemed so logical to use 15.04/10 if 16.04 was "too good" for me and 14.04 just seemed "too old"...
<monsune> 15 > 14
<monsune> while i totally missed the LTS thing which in fact makes 14 > 15.
<nacc> monsune: i feel by your logic, then, old versions of software should not be on github either, because they are discoverable. Yes, you have to spend some effort to konw what's supported or not. You could also just look at www.ubuntu.com to get the current supported version(s).
<monsune> seriously, no trolling here or anything, that's just how i see it and decided to share with you
<nacc> monsune: I think that misses the point (14 > 15) -- it's that 14.04 is supported still and 15.04/15.10 are not.
<monsune> as i said previously - i should really ask in here before installing
<nacc> or just read the ubuntu website?
<monsune> yeah i should study it all, there was lots of time pressure though
<nacc> you were under so much time pressure, you couldn't check if you downloaded a supported version? that seems crazy to me.
<nacc> i think i'm done talking about this
<monsune> so i really wasn't thinking much: "hm 15 > 14, cool with me"
<monsune> nacc it wasn't even in "unsupported" section first of all
<nacc> monsune: https://wiki.ubuntu.com/Releases
<nacc> monsune: so ... it was
<tarpman> monsune: where did you even find a 15.05/15.10 image? https://www.ubuntu.com/download/server only lists 16.04 and 16.10
<monsune> this is where i went to grab it: http://de.releases.ubuntu.com
<monsune> can you tell from what you see that it wasn't supported and a nono to download?
<tarpman> right... guess that falls under what rbasak said earlier (still there because reasons)
<tarpman> yeah, that's not ideal
<monsune> compared to this mirror: http://ftp.acc.umu.se/mirror/cdimage.ubuntu.com/releases/
<monsune> if i went to .se instead of .de i would not use 15 now for sure
<monsune> because they removed it there and that would catch my attention absolutely
<nacc> that only shows you waht they host
<nacc> not what is supported
<monsune> unluckily i clicked on Germany and that's how i got 15...
<nacc> i feel like you're missing the point altogether
<monsune> no, i just don't have experience with this versioning scheme
<sarnold> no matter how the version numbers are assinged it's always a good idea to ask "how long is this supported?" :)
<monsune> so i was thinking: "if 14.04 is still supported than 15 would be as well for sure"
<monsune> and "why use 14.04 if i can get newer libs etc. in 15.04"
<monsune> really, nothing to add here :) that's how it went
<sarnold> hehe
<monsune> saw it, grabbed it, installed it
<rbasak> monsune: Ubuntu was early in the LTS thing, but many things in our ecosystem work the same way. Linux kernel versions for example.
<rbasak> There are intermediate Linux versions that are not supported, but ones either side that are, for exactly the same reason.
<monsune> now i'm laughing too, shit happens :) will backup, wipe, reinstall with 14.04 and things will be good :)
<rbasak> To participate in our ecosystem you really just need to know to look up support lifetimes, sorry.
<monsune> i just didn't realize about the LTS thing
<sarnold> and no doubt about it the HWE versioning is bloody confusing
<rbasak> You just fell in a gap by knowing enough to go straight to a mirror but not enough to look up support lifetimes.
<rbasak> For example start from www.ubuntu.com and you get to https://www.ubuntu.com/download/server which makes it clear.
<monsune> of course i don't deny that it was solely my fault, not blaming anyone but myself, still i stand the ground with the versioning scheme being slightly confusing to noobs and it shouldn't be
<sarnold> we're also changing the HWE slightly for 16.04 LTS in a way that I hope makes it less confusing, once the older HWEs are finally gone :) https://wiki.ubuntu.com/Kernel/RollingLTSEnablementStack
<nacc> monsune: the versioning scheme makes complete sense. It tells you when something was released.
<nacc> monsune: it gives you no more information than that
<monsune> i typed in google: ubuntu mirrors and clicked 3rd result: https://www.ubuntu.com/download/alternative-downloads
<monsune> then i scrolled to select nearest mirror and that's it
<monsune> maybe i would read up more if i wasn't tired and time pressured
<nacc> monsune: you also didn't read the top of the page
<monsune> i did
<nacc> monsune: http://de.releases.ubuntu.com/, "the following release of Ubuntu are available"
<monsune> it wasn't really convencing not to download 15.04 :)
<nacc> monsune: again, just because a file is hosted on a website, that doesn't mean *anything*
<monsune> why isn't there big, fat 15.04 listed in grey with *unsupported* tag?
<monsune> that would really help some people imho
<nacc> i've not heard of anyone else running into this problem
<monsune> so everyone clearly knows what isn't supported anymore
<monsune> heck, there is even 12.04 LTS available :) why wouldn't i believe that 15.04 was supported too?
<nacc> because it's not listed on the 'following releases' list
<nacc> you made a huge assumption about something fairly important
<monsune> and those big names are for torrent so i skipped that completely as i wasn't using torrent to download - thus i ended up in mirrors and de mirror in particular
<nacc> monsune: *what* are you talkinga bout? http://de.releases.ubuntu.com/
<nacc> monsune: read the first 5 lines
<monsune> i might be just dumb but really, adding clear info there that 15.04/10 isn't supported anymore would help some people for sure
<nacc> monsune: or, as is done now, only use ones that are listed
<monsune> someone should look into download stats and see how many people download 15.04/10
<nacc> really, done now
<monsune> i didn't use the ones listed because it says torrent there so i wasn't interested and didn't care to check why 15.x wasn't listed
<sarnold> how would we get download stats for mirrors we don't control? :)
<monsune> i don't know, i thought it was possible somehow, like they send you stats, etc.
<monsune> i'm 100% sure that the .de mirror is "poisoning" some people with 15.x every day :)
<dasjoe> monsune: 15.04 on de.archive.ubuntu.com is snappy, not regular Ubuntu
<monsune> what does snappy mean?
<monsune> also, why wouldn't the ubuntu download page include tables from https://wiki.ubuntu.com/Releases?
<sarnold> "snappy" is an entirely new packaging format, see http://snapcraft.io/ for details there.
<monsune> so it's so easy and clear to see what's supported, not supported, dates, etc.
<dasjoe> It's using a different packaging system and makes use of transactional upgrades. Check out http://blog.dustinkirkland.com/2015/01/snappy-ubuntu-for-devices-year-of-linux.html
<sarnold> the 15.04 snappy thing is insanely unfortunate. that never should have been productized imho.
<monsune> or at least a nicely visible link to that wiki
<monsune> sarnold see? and i became a victim of it...
<dasjoe> monsune: what's supported is easy and clear to see, see the list following "The following releases of Ubuntu are available:"
<monsune> dasjoe that's just terrible, looks like i installed the worst ubuntu server version possible :)
<monsune> dasjoe nope, available is just available together with others like 15.x :)
<dasjoe> monsune: just use 16.04 for servers
<monsune> "supported" would be the better word then
<monsune> dasjoe i can't because lots of my php isn't ready for 7
<monsune> that's the major problem
<monsune> and that's why i started to look for something "fairly recent but not ancient" and 15.x seemed logical, only that i missed the LTS meaning...
<monsune> i wish there was 16.x with older php than php7, then i would install for sure
<dasjoe> Just fix your PHP, or do what apparently most people do and make use of ondrej's PPA for 5.6 etc
<monsune> trust me, there are more people breaking their head because of php7
<dasjoe> Keep in mind you'll be on your own when you're installing unofficial packages
<monsune> dasjoe it's not only my php
<monsune> and i'm not going to sit for a year or pay thousands to have it all updated
<monsune> i think it's clear?
<monsune> i just want 5.5 or 5.6 for now like many people
<dasjoe> monsune: I've had to deal with ancient PHP stuff for some of my clients, we're using ondrej's PPA now
<monsune> i will certainly give it a try
<monsune> assuming it's a good idea to use PPA
<monsune> which i might doubt a little
<monsune> more and more people decide on centos+cpanel also just to be able to run php5 and php7 at the same time
<dasjoe> Good for them, I guess
<monsune> so i guess it's not the best idea to force people into php7 in ubuntu 16.04
<monsune> ubuntu would "profit" from php5 branch in 16.04 and i'm a clear example of such user
<sarnold> php5 would look pretty silly in 2021..
<dasjoe> You are free to use whichever PHP you want, you'll just not get official packages
<monsune> i do agree sarnold but still, people can't just switch instantly
<sarnold> monsune: good thing 14.04 LTS is supported until 2019 :D
<monsune> they often have custom solutions coded, coders gone long ago, they have to stick to it or pay a lot to have it re-written
<sarnold> aka "technical debt"
<sarnold> you get to pick when you pay it down
<monsune> sarnold that's why i'm going with 14.04 LTS for sure now :) or hm... well... 16.04 plus PPA for 5.6?
<monsune> also, networking is different in 16.04
<sarnold> is it?
<sarnold> most people notice systemd first
<sarnold> hehe
<monsune> he he
<monsune> ok... 14.04 LTS for me :)
<dasjoe> afaik FreeBSD ships 5.6, too
<monsune> there is debian also of course
<monsune> forcing php7 in 16.04 is same thing as forcing LXC in proxmox 4.3 - lots of crap there and people crying every day about issues they are having
<monsune> as moving from openvz isn't either easy or hassle-free
<monsune> and some people just can't afford experiments, it has to work fine, thus i rather stay back with 14.04 than risk money and time migrating stuff to php7 and deal with other issues
<dasjoe> All you're doing is postpone the investment
<monsune> dasjoe sure but i can at least control when i do invest and how much
<monsune> i can slowly prepare for a change
<monsune> meanwhile it has to be up and running without breaking my head
<monsune> for same reason i dumped all openvz instead of making them lxc and just went for KVMs instead
<dasjoe> http://php.net/supported-versions.php â Hmm
<monsune> well yeah
<dasjoe> Here, a migration manual in a somewhat weird mix of English and German, it's just like MS-DOS 6.22 again: http://php.net/manual/de/migration70.php
<monsune> thank you, i will certainly give it a read
<monsune> what i meant is that i knew i had to migrate, it's just that i can't do this right away
<monsune> so i would rather schedule and plan the works step by step
<monsune> ...using older ubuntu because that's how maintainers wanted it
<monsune> anyway it's not too bad with 5.6 and extended security fixes period
<monsune> ubuntu 14.04.5 LTS till april 2019 and php 5.6 till january 2019 :)
<monsune> interesting coincidence :)
<monsune> so that's my real deadline for moving into php7
<RoyK> monsune: two years isn't really that long a time ;)
<mozart1893> can anyone help with any network traffic monitoring tool with ubuntu server 16.04
<monsune> mozart1893 console?
<mozart1893> yes
<monsune> do you need to investigate or just watch bw a bit?
<mozart1893> monsune: i will like to monitor the bandwidth utilization and sometimes track the source of over-utilization aswell
<monsune> i often use nload and iftop
<mozart1893> monsune: many thanks....
<mozart1893> monsune: may i ask how they work.../
<monsune> also nethogs as it can show you the bw used by particular process
<monsune> just try them and play around
<monsune> you may begin with bmon anyway :)
<Pici> iptraf has a lot of information if you want to dig deeper into the packet side of things
<monsune> yes iptraf too of course :) he wanted some general overview of his bw so i didn't suggest iptraf
<mozart1893> many thanks Pici....
<monsune> testing speedometer now :) nice gfx
<mozart1893> i will try all out and see what suites my need most
<monsune> that's right mozart1893
<mpo42vr> Good evening
<mpo42vr> Guys, what do I do if I find out that nothing has been written to syslog for months?
<tarpman> panic
<mpo42vr> And beyond that? :)
 * tarpman hides
<mpo42vr> Where do I find the configuration of syslog?
<monsune> in /etc/syslog.conf?
<mpo42vr> Yeah, it wasn't there
 * mpo42vr scratches head
<mpo42vr> Either I was very confused and switched to rsyslog or I was hacked
<monsune> run rkhunter and stuff
<RoyK> mpo42vr: has your machine been booted for that amount of time?
<RoyK> system logger can hang -
<mpo42vr> Yes, it's a web server, it was online all the time
<RoyK> or crash
<tarpman> mpo42vr: confused how? rsyslog is the default syslog in ubuntu
<RoyK> mpo42vr: rebooted?
<monsune> never ignore any symptoms because they usually mean something bigger so definitely you need to find out about this - when in any doubts - backup and reinstall fresh
<RoyK> monsune: perhaps better to research the problem without jumping to conclusions
<mpo42vr> I don't think the machine was rebooted, but can't say
<monsune> so you try to tell him that syslog just hanged and it's all fine :)
<RoyK> mpo42vr: 'uptime' will tell
<monsune> never seen a hanged syslog in my life and i got boxes with 2 years+ uptime
<RoyK> monsune: I've seen syslog die more than once
<RoyK> not hang, though, but still
<monsune> ok
<RoyK> some bad memory or other hw issues can cause quite interesting segfaults
<monsune> first thing to find out is why isn't there /etc/syslog.conf
<monsune> oh it's not here either :]
<RoyK> monsune: probably because rsyslog.conf is there instead ;)
<monsune> yeah
 * RoyK slaps monsune with a small manpage
 * monsune likes that
<monsune> ok... rkhunter won't hurt anyway
<RoyK> man bash | slap monsune
<monsune> slap () { man bash }; is better :)
<monsune> then you could just slap, slap, slap anyone and don't worry about piping anymore :)
<mpo42vr> RoyK: Yes, there was a reboot around the same time
<mpo42vr> It was the reboot that killed my syslogd
<monsune> mpo42vr or that's what you are supposed to think
<mpo42vr> monsune: It appears I'm a bit more relaxed than you
#ubuntu-server 2016-12-02
<lordievader> Good morning.
<iDanoo> Morning
<lordievader> Hey iDanoo, how are you?
<iDanoo> Not bad, just finished an 8 hour recovery after my OS drive died :(
<iDanoo> but everything seems to be working and backups were up to date so I"m good!
<iDanoo> yourself?
<lordievader> Doing okay, got coffee to wake up with.
<iDanoo> Nice! It's Friday night here - so just about to enjoy my weekend
<iDanoo> After a hectic release to prod at work too
<jurislav> does anything prevent me from reinstalling the machine that local CA was generated on?
<Adri2000> hello
<Adri2000> reporting bugs against a cloud-archive package should be done on the cloud-archive LP project right?
<Adri2000> was asking for bug #1632743
<ubottu> bug 1632743 in Ubuntu Cloud Archive "Missing files from python-magnum 3.1.1-0~cloud0" [Undecided,New] https://launchpad.net/bugs/1632743
<Adri2000> magnum package for newton just doesn't work... (it seems that's been the case for some time :()
<SipriusPT> hello guys
<SipriusPT> i am trying to redirect mail in my server with postfix
<SipriusPT> but i am having problems with the syntax that i am using in the file where i have all the forwarding emails
<SipriusPT> right now i am using tabs instead of spaces and seems to be working for internal email accounts
<SipriusPT> but i am unable to forward to outside
<SipriusPT> i have send one to outside by just messing with this file but i didnt notice and made some changes in this file
<SipriusPT> and till now i am unable to set this up do redirect to other domains
<SipriusPT> anyone?
<blackflow> SipriusPT: how are you doing redirects?
<SipriusPT> <usernameA> <TAB!> <usernameB>@<ISP domain> <TAB!> <usernameC>@<ISP domain> ....
<SipriusPT> but i am still able to redirect for the domain of my local accounts
<SipriusPT> *i am just still
<blackflow> SipriusPT: I mean, like, how are you doing redirects in terms of postfix config. virtual_alias_maps? did you define the file as a hash?
<SipriusPT> yes in virtual_alias_maps
<SipriusPT> i have defined well otherwise i was not able to redirect from one local account to several local accounts
<SipriusPT> i was doing that in the file that i was pointing from virtual_alias_maps
<blackflow> virtual_alias_maps is not for local (unix) accounts. use alias for that .
<blackflow> I mean /etc/aliases
<blackflow> or wherever alias_maps is pointing to
<SipriusPT> i dont have it set at main.cf but i will use it instead of virtual
<SipriusPT> i didnt notice that there was an alias_map
<blackflow> it is, and it has a default value. `postconf -d | grep alias_maps`
<blackflow> *there is
<SipriusPT> alias_maps = hash:/etc/aliases
<SipriusPT> is set as a default
<blackflow> use `newaliases` after you update the file
<SipriusPT> ok
<SipriusPT> with alias_maps i will be able to send mails to other domains?
<blackflow> with alias_maps you define email addresses or local user accounts to which mail will be sent instead of the local recipient. yes, you can send out to external addresses
<SipriusPT> thanks a lot blackflow!
<coreycb> zul, ddellav: i'm backporting debhelper 10.2.2 again to the ocata uca
<zul> coreycb: ok...im drinking from the release firehose
<coreycb> zul, ok don't drown
<zul> coreycb: heh i need to see uhf again
<coreycb> beisner, hi can you promote libvirt from kilo-proposed -> kilo-updates?
<coreycb> beisner, and openstack-trove from mitaka-proposed -> mitaka-updates please
<SipriusPT> blackflow are you there?
<SipriusPT> after testing just with aliases i am able to send mail to local accounts, but still not sending to outside domains
<SipriusPT> i double check my virtual_alias_maps and had the value that came by default
<SipriusPT> to be 100% sure that i was using aliases
<SipriusPT> and i have double checked also the external domain email
<am0nrahx> Anyone familiar with Observium? Freshly installed, cant access web interface. Google has failed me.
<ddellav> coreycb zul can one of you please take a look at nova in newton branch? I cannot get it to build binaries and run tests successfully. I dug through CI and there are successful builds right before and after the version I'm testing (14.0.02) but neither my PPA nor my local system can get a passing binary build. (source builds fine of course)
<ddellav> i actually rolled back my changes and I'm just trying to get it to build what's there in the repo
<zul> ddellav: where is your ppa?
<ddellav> zul https://launchpad.net/~ddellav/+archive/ubuntu/xenial-newton
<coreycb> ddellav, is this the error? AttributeError: 'module' object has no attribute 'InvalidConnectorProtocol'
<ddellav> coreycb thats one of them, yes. but I'm also getting AttributeError: 'Host' object has no attribute '_host'
<coreycb> ddellav, which line of code is that on?
<coreycb> ddellav, and which file?
<ddellav> coreycb File "nova/tests/unit/virt/libvirt/test_driver.py", line 3387, in test_get_guest_config_with_virtio_scsi_bus_bdm
<coreycb> ddellav, have the full traceback?
<ddellav> coreycb http://paste.ubuntu.com/23568051/
<am0nrahx> Disregard previous question. Fat fingered editing the config.
<ddellav> coreycb do you have a fix for AttributeError: 'module' object has no attribute 'InvalidConnectorProtocol'?
<coreycb> ddellav, first thing that jumps out at me for your traceback is that the line "File "nova/virt/libvirt/driver.py", line 4478, in _get_guest_config" is a blank line in the upstream source
<coreycb> ddellav, which probably means we patch it
<ddellav> coreycb there is jamespage's patch bug1639239.patch that seems to intend to fix the InvalidConnectorProtocol issue
<ddellav> coreycb but that file is patched heavily. Each patch touches it
<ddellav> well except for wsgi-intercept.patch
<jamespage> ddellav, that also requires a bump to os-brick for newton
<jamespage> to introduce the new exception type
<jamespage> its in the python-os-brick branch
<jamespage> but if that's in the way revert my changes on stable/newton for the moment
<ddellav> that would explain why i can't build it as-is
<ddellav> ok coreycb zul mystery solved. I'll revert james changes for now and push the new update. Once it builds successfully that way i'll re-apply his patch.
<jamespage> ddellav, ok I reverted those patches and pushed to the repo
<jamespage> you can rebase
<ddellav> jamespage thank you kindly
<bananapie> I have a software running on my ubuntu server that has a massive memory leak. Is there anyway to debug the memory leak without restarting the service?
<bananapie> like can I get a memory dump of the software and run it through analytical software?
<bananapie> ( like valcachegrind, but for memory )
<bananapie> the software doesn't leak outside of production
<ddellav> coreycb zul nova newton is done and ready for review.
<coreycb> ddellav, nova pushed/uploaded
<drfritznunkie> Hello all. I'm looking for someone who manages ubuntu cloud images... New AWS regions (us-east-2, ap-south-1, and ap-northeast-2) are missing AMIs for the latest Trusty release
<ikonia> drfritznunkie: they will get populated
<drfritznunkie> there typically a lag? The latest in those regions is 20161109
<ikonia> does seem a little slow
<drfritznunkie> and even that doesn't include hvm-ebs volumes
<drfritznunkie> I have go back to 20160810 to find one of those in us-east-2
<nacc> rcj: --^ ?
<Odd_Bloke> drfritznunkie: o/ trusty is published using EC2 tools that don't understand v4 signing, so we have to do a separate batch sync in those regions.
<ddellav> coreycb thanks
<Odd_Bloke> drfritznunkie: Evidently that hasn't happened in a while; could you file a bug at https://bugs.launchpad.net/cloud-images/+filebug and we'll dig in to what's going on?
<Odd_Bloke> (Probably on Monday at this point, all the US members of our team are travelling today)
<genii> Is there some UDS?
<nacc> Odd_Bloke: thanks!
<nacc> genii: there's a canonical sprint next week
<Odd_Bloke> Yep, though in this case they're also travelling _from_ re:invent.
<Odd_Bloke> So that's a fun weekend of travel for them. :)
<nacc> Odd_Bloke: oh really? yeah that's no fun :)
<genii> nacc: Thanks, was wondering :)  ...also !uds is really really old...
<nacc> genii: i can imagine :/
<genii> Heh
<genii> !uds
<ubottu> The Ubuntu Online Summit will be held between 10th June - 12 June 2014.  See http://summit.ubuntu.com/uos-1406/ for agenda and participation information.
<nacc> it did just happen, online only, a few weeks ago
<genii> Is the same naming convention used in the URLs... like, would summit.ubuntu.com/uos-yearmonth/ for the most current one work?
<nacc> http://summit.ubuntu.com/uos-1611/ was the most recent
<nacc> but i'm not sure if the exact month is always the same?
<nacc> genii: you might ask dholbach
<Pici> We don't have ubottu variables for just the 16, so I don't think we can easily come up with a template for the factoid
<nacc> yeah, I'm not seeing anything obvious
<genii> Pici: Yeah that's sort of where I was headed
<drfritznunkie> Odd_Bloke: thanks! Will open a ticket
<HELPPLS> Hello!! anyone familiar with LTSP?!?!
<HELPPLS> Currently, my clients boot up and load LDM, but I need them to use the LightDM login system... any help??
<zul> coreycb: i see you did oslo.messaging which one are you working on now?
<coreycb> zul, just that one.  i'm working on backports for bug 1518430
<ubottu> bug 1518430 in python-oslo.messaging (Ubuntu Yakkety) "liberty: ~busy loop on epoll_wait being called with zero timeout" [Undecided,New] https://launchpad.net/bugs/1518430
<zul> coreycb: ok
<zul> coreycb: cool thanks
<codedmart> What is the easiest way to install downgrade inkscape to 0.48 in ubuntu 16.04?
<sarnold> codedmart: you can use apt-get install <packagename>=<version> for every version number that's reported for that package in the apt-cache policy <packagename> output
<codedmart> sarnold: Only have the latest in the cache
<codedmart> Is there an online cache I can look at and download from?
<sarnold> codedmart: it's not as easy in that case
<codedmart> sarnold: I believe 0.48 was available on 16.04 at one point. Can't I find a deb somewhere and install that?
<sarnold> codedmart: you can download individual packages from the mirrors, e.g. http://archive.ubuntu.com/ubuntu/pool/main/i/inkscape/ or launchpad https://launchpad.net/ubuntu/+source/inkscape but it may be harder to satisfy dependencies
<codedmart> Hmm... well that didn't work.
<nacc> codedmart: why do you need to downgrade?
<nacc> codedmart: i'm fairly sure 16.04 *never* had 0.48
<nacc> codedmart: i think you're thinking of 14.04
<codedmart> I could be.
<nacc> codedmart: based upon 15.04 having 0.91 already
<codedmart> We use inkscape for a lot of svg rendering and 0.91 seems to have some issues that we didn't have with 0.48.
<sarnold> it may also have been due to underlying libraries
<sarnold> this is a decent enough first debugging step but .. it might get complicated.
<sarnold> if you're more confident it's in inkscape, and you can clearly tell a "fail" from a "sucess", maybe a bisect of the inkscape sources would be a quick way to find The Problem
#ubuntu-server 2016-12-03
<terabyte> Hey, I'm confused about .deb package signatures. Having just built a .deb file, I was expecting to look inside and find a signature file, instead I have a .changes file in addition to my .deb file which contains a signature. Have I missed something or is there no way to have a single signed .deb file? Tools used to sign are (choice of either: dpkg-sig, debsig-verify)
<terabyte> Looking around I see that debsigs is used to sign .deb files and contain the signature inside the file, is it the case then that I should use debsigs and that the other two tools are not designed to sign the packages themselves?
<sarnold> terabyte: afaik there's no equivalent to rpm's signatures-on-packages
<terabyte> hmm
<sarnold> terabyte: I think the signed .changes files are strictly for admitting packages into the builders
<sarnold> terabyte: .. and then the apt hashes in repositories are used for distributing packages back to machines
<terabyte> ok
<seph> i'm just learning nginx for the first time so i'm trying to document how i would want to configure the web server for security/optimization. can anyone briefly review the relevant sections on this doc? just the letsencrypt and nginx related sections. thank you! ^_^ https://www.razorbelle.com/public/text/initial_server_config_NGINX.txt
<sarnold> seph: seems sane
<sarnold> seph: you know you're just a few steps away from a full automation.. puppet or chef or ansible or salt or whatever you dislike the least :)
<seph> im not familiar with those
<seph> do you have a recommendation among those choices?
<sarnold> seph: basically you'd write recipes or playbooks or whatever they call them, and then deploy them to servers, where they'd run and configure things asy ou wish
<sarnold> seph: not really, they've all made staggeringly stupid mistakes, and all have their own proponents who like them for various reasons.. :)
<seph> ok
<seph> so i will trust doing it by hand
<seph> especially since this is specifically for security
<sarnold> fair enough, after all that's mostly how I manage my few machines :)
<sarnold> but just keep in mind when you've copy-pasted these and filled in *username* a few too many times, that you can automate automate automate
<seph> yeah
<seph> i have 7x vps, but most are just basic apache web servers
<seph> this one i want to be more secure and fast
<sarnold> you can even automate 'give me new machines running foo, bar, baz, and hook them all together" https://jujucharms.com/
<seph> yeah
<seph> i broke nginx a few times so i spun up a new vps just to play and test things
<seph> going to reformat and follow my own guide
<sarnold> :)
<seph> see if it works and gets a+ ssl
<thmbssfruit> why remotely (from internet) my servernot accept ssh? connections but in my lan yes
<iDanoo> Probably portforwarding thmbssfruit
<iDanoo> From the internet what IP are you trying to connect to?
<thmbssfruit> iDanoo
<thmbssfruit> assk me user and password
<thmbssfruit> i think isnt a portforwarding
<iDanoo> Oh okay
<thmbssfruit> ssay me access denied
<thmbssfruit> why?/
<iDanoo> If you check your sshd_config under /etc/ssh/sshd_config, there may be a line labelled #ListenAddress
<iDanoo> you need to make sure that is set to 0.0.0.0, or commented out should work
<thmbssfruit> wait
<thmbssfruit> with nano how to find a string?
<iDanoo> ctrl+w I believe
<iDanoo> Otherwise you can try run 'sudo netstat -nlp | grep 22' and paste the line it outputs :)
<iDanoo> wait
<iDanoo> No I'm wrong sorry.
<iDanoo> You said it was hitting authentication
<thmbssfruit> was commented
<thmbssfruit> enabled and then:
<thmbssfruit> : /etc/init.d/ssh restart
<iDanoo> If you're hitting the user:pass it shouldn't make much difference though
<thmbssfruit> try and
<iDanoo> but you can always try that
<thmbssfruit> again access denied
<thmbssfruit> :(
<iDanoo> How are you testing this?
<iDanoo> Are you just trying to use your public IP from inside the LAN?
<thmbssfruit> yes
<thmbssfruit> inside the lan i can connect
<iDanoo> can you try in the commandline
<iDanoo> curl <publicip>
<thmbssfruit> in client?
<thmbssfruit> or server?
<iDanoo> just do that on the client :)
<iDanoo> I have a feeling it's hitting your routers SSH server instead of your one.
<thmbssfruit> iDanoo i am on windows pc
<thmbssfruit> http://pastebin.com/NKEgV3qT
<thmbssfruit> see please
<iDanoo> Yeah, it doesn't look like it's hitting your ssh server and failing.
<iDanoo> It looks like it's hitting your router/modem instead.
<iDanoo> Some have a setting with portforwarding like "LAN Loopback".
<thmbssfruit> you know about fortigate?
<iDanoo> I don't sorry
<iDanoo> But I would assume it's not actually a server problem.
<iDanoo> If you tried from a different network - it will probably let you log in
<thmbssfruit> outside?
<iDanoo> Yeah a different internet connection.
<iDanoo> You could even try from your phone, and turn off wifi for example.
<thmbssfruit> ok
<lordievader> Good morning
<ElinKattunge> Hi
<ElinKattunge> Does anyone have trouble with mosh sessions stayings open for eternity on your servers?
<ElinKattunge> The max login should've been 2 sessions, but I had to hire it for a customer because I couldn't kill their mosh sessions. I've used skill -KILL -u <username>, I've used skill -KILL -v /dev/pts/x (where x is a number)
<andol> ElinKattunge: Isn't that the expected/unavoidable behavior when you have unclean client shutdowns?
<ElinKattunge> I've also tried using pkill and kill to kill the mosh processes on their user with no sucess
<ElinKattunge> andol: Yes
<ElinKattunge> the user is on a very unstable HP chromebook
<ElinKattunge> where the wifi drops out a lot
<ElinKattunge> andol: who claims they are logged in tho
<ElinKattunge> andol: Reboots usually clear problems up, but it's not a solution
<ElinKattunge> This is a server, it must stay up!
<andol> Perhaps do something where you sort mosh-server processes per UID, and only allow the N most recent, killing the older ones?
<ElinKattunge> andol: Do you have a solution on how to implement that?
<andol> You could write a shell script, and loop over the following ps command
<andol> ps --no-headers --sort=start_time -C mosh-server -o user,pid
<andol> Or some version of it
<ElinKattunge> andol: I also found something weird
<ElinKattunge> On one system SFTP reported to the customer "Message too long", which I know is to do with long echo statements in bashrc and profile
<ElinKattunge> and it was vague to me, it wasn't explaining a problem at all, so I SFTPed into that user, on my own system and it said what I expected which was max logins exceeded for that user, so I highered the security limits and it fixed both errors...
<ElinKattunge> I was banging out head hard on the desk, because that first error message just simply made no sense to me.
<andol> Well, I think the original error message is more about *any* echo statement leaking into sftp, rather than a too long one.
<ElinKattunge> I just came in here for a sysadmin to sysadmin chat on things, you know? Broaden my insight on things!
<ElinKattunge> andol: I disagree
<ElinKattunge> I login successfully via SFTP all the time as long as the echo statements aren't too long
<andol> Ok, I might very well be wrong on that account then.
<ElinKattunge> andol: The error has confused me too at times
<andol> Except that I suspect that I'm right after all :-) Putting the following in my ~/.bashrc was enough to trigger the too long
<andol> echo "hello"
<andol> Perhaps you have something like this in your ~/.bashrc, and had your echo afterwards?
<andol> [ -z "$PS1" ] && return
<ElinKattunge> andol: Well, no
<ElinKattunge> again, I don't understand why the error was thrown on my customers computer
<ElinKattunge> yet a different error on mine
<ElinKattunge> The error appearing on my friends computer was all to do with echo statements, there are non on that account, but on my system the error was about the maximum number of logins exceeded and the second error made perfect sense to me (I know my systems), so I highered the login limit and it cleared both errors.
<ElinKattunge> So there are things about the first error which aren't documented, or it was triggered by a fluke
<ElinKattunge> andol: Most accounts on this server just hold PHP scripts and webspace, nothing more.
<ElinKattunge> Capprentice: Are you an Apprentice?
<Capprentice> Yes. Curious Apprentice.
<Capprentice> ;)
<ElinKattunge> Capprentice: Good, doesn't what, I hope you are enjoying it!
<ElinKattunge> *doing
<Capprentice> Yep!
<Capprentice> Have you ever set up a squid cachhe in bridge mode? Im trying to do that! Feeling frustrated...
<ElinKattunge> Capprentice: Recently, I set a squid proxy with, 8 privoxy proxies sitting behind it as slaves
<Capprentice> With Tproxy?
<ElinKattunge> If T means transparent then no, however I have set transparent ones up in the past
<ElinKattunge> Capprentice: Is this part of your learning on the job?
<Capprentice> yes.
<ElinKattunge> hmm
<ElinKattunge> Well, I am self taught since 2007, been ill for 5 year and waiting to hit a job myself
<ElinKattunge> I was about to tell them that there is a squid channels for that which might help them better!
#ubuntu-server 2016-12-04
<EvilAngel> anyone get 16.04/10 to install on an x3850m2?
<EvilAngel> 4
<wolflarson> does anyone know of a netboot server you can access over the internet that pulls in 16.04?
<wolflarson> for VPSs that dont have updated images ?
<hades007> I need help with systemd-resolved and unbound
<EvilAngel> You need some good trap music, not systemd
<EvilAngel> well fsck, still no go booting this beesh
<mozart189> can anyone help with the configuration of virtual IP on a UBUNTU 16.04 server
<teward> mozart189: what do you mean 'virtual IP'?
<mozart189> i need a secondary IP address configured on my network interface...
<Pinkamena_D> my ssh server wont start. I get message "failed with result 'exit-code'" in $ /etc/init.d/ssh/status. Where can I find where the actual error is?
<qman__> sudo tail /var/log/syslog
<Pinkamena_D> ok, so this leads to  problem rpcbind.service is not running - "cannot add dependency job, ignoring: unit rpcbind.service failed to load: Invalid argument.
#ubuntu-server 2017-11-27
<cpaelzer> good morning
<lordievader> Good morning
<cpaelzer> hi lordievader, welcome to a new week
<lordievader> Hey cpaelzer , how are you doing.
<lordievader> ?
<cpaelzer> trying to deflect cybper-whatever ad-mails this week :-)
<lordievader> Good luck ð
<jamespage> coreycb: I pushed a patch to stestr for the os-testr autpkgtest failure
<jamespage> coreycb: also raised PR upstream
<rbasak> cpaelzer: thank you for the review!
<cpaelzer> rbasak: yw++
<cpaelzer> rbasak: the tests were really good
<cpaelzer> no additional issue found (on these tests :-) )
<rbasak> Thanks!
<cpaelzer> rbasak: if you could have a quick look (just to confirm if it hit sonly me) on bug 1734657 mabye?
<ubottu> bug 1734657 in usd-importer "collision with debian dir on build-source - FileExistsError: [Errno 17] File exists: 'debian'" [High,New] https://launchpad.net/bugs/1734657
<rbasak> Looking
<rbasak> cpaelzer: based on the code I think that's a valid bug
<rbasak> It needs an rmtree in debian/ if it already exists first
<rbasak> I can't remember why we aren't using dpkg-source -x already but IIRC there's a good reason
<cpaelzer> rbasak: for now knowing it is valid is good enough
<cpaelzer> rbasak: I can get around in that case with dpkg-buildpkg for now
<cpaelzer> rbasak: FYI the old thing I remembered in regard to that mysql could you keep my chown/chmod was dpkg-statoverride
<ahasenack> rbasak: ubuntu/devel in the bind9 tree is still pointing at xenial. If you run the importer on bind9 again, will that be fixed?
<ahasenack> or does it need an actual new upload?
<rbasak> ahasenack: I need to rerun the importer against it.
<ahasenack> can you do that, or have you transitioned fully to mysql already? :)
<danrik> `/dev/vdb1       655360 655360       0  100% /var` I cant create any directories because my inode usage is apparently above 655k.... why?
<danrik> why cant I just have a lot of files on FS? I dont remember running into this inodes issue before
<sdeziel> danrik: the amount of inodes is usually determined at the time of the mkfs and is based on the size of the FS. If you need more, I think you'll need to create a fresh FS and tell mkfs to allocate more inodes
<danrik> sdeziel: is inodes some new thing? I dont remember ever having to worry about number of files ahead of time  - just the space available...
<sdeziel> danrik: not new, no. Since it usually depends on the size of the FS, maybe you used bigger ones before?
<danrik> well - learn something every day. thx. Ill makes ure to max out inode numbers next time
<Nafallo> or less files ;-)
<danrik> it's our deployment system. we deploy entire project, which is only ~7mb comporessed, but has a lot of files. When we deploy we just copy & symlink to new version. So many files accamulated in dev - never thought this would be an issue :)
<ikla> how do I list/remove startup scripts in 16.04?
<ikla> it looks like 1/2 is systemd and others are upstart
<mike-zal2> I have a problem with network configuration during installation. automatic one fails and I want to configure it manually but installer asks for host name and jumps to the next steps, always. even when I go back, I can't set network manually.
<mike-zal2> during install I was asked about user and its password, this will become sudo user. but what about root? how can I log in directly as root?
<sarnold> mike-zal2: I believe it's enough to use sudo passwd root to set a password and unlock the account
<mike-zal2> ok, thanks sarnold. I am used to have option to root password on other systems.
<mike-zal2> sarnold: I chaned root password and it seems to be ok, but I can't log in with it via ssh. it says that password is incorrect, but I paste the same so it cannot be wrong
<Sling> mike-zal2: you shouldn't log in directly as root
<Sling> bad security practice
<sarnold> mike-zal2: my /etc/ssh/sshd_config has PermitRootLogin prohibit-password
<sarnold> mike-zal2: probably yours is similar
<mike-zal2> Sling: I know. it's not the point. I want to firt HAVE a root passowrd and then I will block it and estabilish a key
<Sling> just 'sudo passwd' then
<sarnold> mike-zal2: there may be additional mechanisms prevening root login over ssh, either via password or key, possibly also in PAM configurations. root password bruteforcing is a popular hobby of botnets, so it's probably not easy to enable.
<mike-zal2> sarnold: that's weird, because usually when root is blocked it gives different output
<Sling> also you can add a pubkey without actually logging in as root, if you have sudo
<mike-zal2> I know how to secure server, I just need to do few things first
<sarnold> mike-zal2: well, I'd expect the error given to the ssh _client_ to be very useless, but the error message in the _logs_ to be very much more helpful
<Sling> just put it in /root/.ssh/authorized_keys
<mike-zal2> Permission denied, please try again.
<mike-zal2> maybe you're right, will check if root login is permitted
<mike-zal2> usually it was permitted by default, at least on my previous instals
<mike-zal2> I don't see root login prohibition in ssh_config
<mike-zal2> but new root passowed seems to work when I swicth from user to root. but not when newly connecting
<mike-zal2> screw it then ;). installing virtualmin. I can set everything from there.
<sdeziel> PermitRootLogin is probably what's preventing you from using a password
<sarnold> is virtualmin one of those terrifying web-based management consoles?
<sarnold> if so, pleae firewall the living hell out of it. those are normally disasters.
<sarnold> way worse than just using root password=password123 or something.
<Sling> yeah virtualmin is like turning your smooth fortress walls into a climbing wall with hooks and nooks for anybody to climb into your server
<Sling> so much attack surface :)
<drab> is there a vpn that's easier to get going and manage than openvpn?
<drab> I mean, if it worked on a phone, I'd totally just use ssh creating a SOCKS5, that does everything that's needed, tunnelling both dns and traffic over ssh
<drab> but you can't do it on a phone (at least a non rooted one, android rooted actually can setup ssh tunnel + proxy everything)
<sdeziel> drab: strongswan is pretty nice and let you use the phone/client's OS builtin client. It's not exactly easy to get going though
<drab> sdeziel: thanks. also iirc some of those vpns solutions weren't playing well with NAT
<sdeziel> drab: with strongswan, you should not have problems with NAT, IPsec can deal with NAT relatively well
<drab> ok
<drab> I'll take a look
<drab> I don't quite understand why the vpn biz can't be as simple as ssh... probably not understanding the complexity behind it
<drab> ssh with key based auth seems pretty good, can get in only if you have the pvt part and know the pwd to unlock the key... and if you the fingerprint to identify the server
<drab> s/if you/you have/
<sarnold> Sling: haha, 'climbing wall' :)
<drab> sdeziel: actually it seems to end up the way if you wanna setup mobile clients, ie generating a whole bunch of certs
<drab> altho maybe there's no generating the .ovpn file for the clients
<sarnold> drab: strongswan looks good, wireguard looks good but has had WAY less scrutiny. There's also a hell of a lot less code to wireguard.
<drab> sarnold: what pains me is the management of the thing, which I guess is why ppl pay for openvpn server connect
<drab> configuring the whole shebang and managing all the clients is sort of annoying, you're basically maintaing a whole CA
<sarnold> drab: yeah. Probably no real way around that though. it's either shared keys (eww) or certs and the like (eww)
<sdeziel> drab: with openvpn or strongswan, you can have client authenticated with username/password
<drab> like I said above, ssh seems plenty good as long as you have the fingerprint printed with you to verify it
<drab> sdeziel: oh, the pre shared key seemed to be only for static ips, but maybe it was just the couple tutorials I saw
<sdeziel> strongswan supports a similar authentication scheme where you don't need X.509 certs but can use bare pub/private keys
<drab> most seemed to go back to x509 aith
<drab> ah
<drab> I missed that
<drab> I'll google again
<drab> thanks
<sdeziel> drab: you usually want to use a X.509 cert on the server as most client require that. Then with IKEv2, you can use username/password for the client auth
<sdeziel> drab: the oldest client that doesn't support IKEv2 is the Android builtin client (but you can install the Strongswan app). This builtin client does support IKEv1 with XAUTH mode which is essentially provides what you'd get from IKEv2 in roadwarrior setups
<sdeziel> drab: don't trust random guides, they will burn you ;) https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 is a very good starting point
<drab> yeah, that's why I ask here :P
<drab> #ubuntu-server is my non-random guide ;)
<sdeziel> alright, good night then
#ubuntu-server 2017-11-28
<keithzg> Hmm, the "Ubuntu Customization Kit" seems to be dead, what's the easiest way to spin up a live image with customized packages? (Need the latest kernel on a live USB session to fix a BTRFS array on a server)
<keithzg> Wait, I stand corrected, it's just the Ubuntu apps directory that an old forum post pointed me to for the uck doesn't go past 13.10, it does still appear to be in the repos
<drab> keithzg: it didn't really work for me, but you're welcome to give it a go, maybe something in my setup
<drab> keithzg: ended up spending about 12hrs over two days trying to find something that didn't require a ton of sweat and blood end eventually landed on this:
<drab> https://launchpad.net/cubic
<drab> keithzg: if you're willing to trust that ppa, the tool works and actually does so rather well
<keithzg> drab: I shall take your recommendation and try that first :)
<drab> the idea is really exactly the same, extract the iso, unsquash the squash root, chroot, install stuff, repackage
<drab> I've looked at enough of those things I basically just do it myself manually at this point...
<keithzg> Heh fair enough
<keithzg> Yeah, I figured it wouldn't be *too* hard to do manually but I was sure there'd be some easy, automated way out there
<drab> keithzg: lemme know how it goes, tbh I foudn this by accident almost, apart from uck not much is really advertised
<drab> not quite sure why, maybe customizing isos isn't a common thing to do anymore
<keithzg> Yeah, I mean to be fair folks' internet connections tend to be fast enough these days that just installing something and *then* customizing things tends to be the easy solution.
<keithzg> In my case though I want it to just immediately boot with the 4.14 kernel since only then do I have a chance at replacing the dead drive in a Btrfs array!
<drab> I hear you, I ended up making myself a custom pxe image for that
<drab> cuz I didn't want to have to go around with usb keys or CDs and stuff
<drab> and that was even worse, there's no single small pxe bootable rescue system based on ubuntu for some reason
<drab> closest was the old dsl, but it's abandoned
<drab> keithzg: oh, the other tool I found that looked nice was this: https://sourceforge.net/projects/pinguy-os/files/ISO_Builder/
<drab> seems a fork of remastersys
<drab> updated last year and reported to work on xenial
<drab> keithzg: https://www.ostechnix.com/pinguy-builder-build-custom-ubuntu-os/
<keithzg> drab: Hmm the more I think of it the more tempting it is to just unsqash, chroot, and resquash, heh
<keithzg> I do have a PXE server running at work after all
<keithzg> Can't remember now if I got UEFI live instances to work or not though
<drab> keithzg: fwiw, these were my rough notes from the first pass... cleaned it up since then but been lazy and not republished
<drab> keithzg: https://gist.github.com/spikedrba/057acad8b3bfb0266544347ced8b53d4
<drab> keithzg: it's now offically called PXERescue ;)
<drab> it uses ramboot initrd script to load the OS in ram
<drab> keithzg: the bug I haven't fixed is dns resolution in busybox, so the pxe parameter ramboot should actually use the ip, not hostname
<drab> ask for a bit
<keithzg> Heh well Pinguy-builder is a bust certainly, since it crashes with "Gtk-WARNING **: Unable to locate theme engine in module_path: "adwaita",". Silly Gnome.
<sarnold> OH NO NO THEME BETTER CRASH
<keithzg> heh
<keithzg> No go on uck either, I just get a "Building failed" popup eventually and the log says "kdialog: cannot connect to X server :0" "Script cancelled by user"
<sarnold> ew
<keithzg> Surely there are official instructions out there somewhere for how the *actual* ISOs all get built? I can't seem to find them for some reason.
<sarnold> keithzg: I've been shown the exact code on launchpad several times and can't ever recall where it is when someone asks. :(
<keithzg> sarnold: Drat! Yeah I keep finding things like https://wiki.ubuntu.com/DerivativeDistroHowto#Tools_for_building_distro and I'm thinking at this point "I don't want to know about the tools that 'make this easy', I want to know how to do it The Right Way"---the easy ways aren't so easy if they outright don't work!
<keithzg> Maybe drab's pxe method will end up being the best way, debootstrapping along those lines now.
<drab> keithzg: could never found official instructions, asked around in -dev, no joy either
<drab> keithzg: if you find them let me know, I agree that that process should be documented somewhere, maybe an internal wiki
<drab> keithzg: the pxe method I'm using is the cleanest ime, it's simple, makes a very small and fast image, has no dependencies past lpxelinux/ipxe and fetches over http so no funny nfs server or slow tftp server
<drab> btw, about openvpn, found this which is kind of nice: https://github.com/Nyr/openvpn-install/blob/master/openvpn-install.sh
<sarnold> wow, looks nice enough. pity it downloads and executes stuff without checking authenticity, but it's otherwise pretty sharp-looking
<drab> sarnold: lol, now now, so demanding.. you want ppl to actually check what they download, ah!
<drab> have some faith man, double rainbows and all of that
<sarnold> hahahaha
<keithzg> drab: Sadly, the PXE method didn't work for me in the end, although not because it wouldn't, but because the 4.14.2 packages from the Ubuntu Mainline Kernel PPA simply fail to install. So I seemingly could create a bootable PXE image your way, just not with the one thing customized that I actually want!
<keithzg> I'm kindof surprised to find that there's no Linux distro out there that specializes in always having bleeding-edge kernels (or if there is one, my google-fu is apparently very weak)
<cpaelzer> good morning
<lordievader> Good morning
<cpaelzer> hi lordievader
<lordievader> Hey cpaelzer
<lordievader> How are you doing?
<cpaelzer> ok enough :-) and you?
<lordievader> Doing okay. Haven't head coffee yet. I suppose this morning has chances of improving ð
<mojtaba> Hello, I have installed stunnel, and restarted the service; but it doesn't show up when I type: ps -ef | grep stunnel
<peetaur2> mojtaba: which ubuntu release?
<mojtaba> peetaur2: 16.04 LTS
<peetaur2> so then let's see   systemctl status stunnel
<mojtaba> peetaur2: inactive (dead)
<mojtaba> Reason: No such file or directory
<mojtaba> peetaur2: my conf is in /etc/stunnel
<peetaur2> pastebin https://bpaste.net the whole output... snippets will just waste time
<peetaur2> if there's no such file, I expect a filename too
<mojtaba> peetaur2: http://paste.ubuntu.com/26063374/
<mojtaba> peetaur2: systemctl status stunnel4 gives me http://paste.ubuntu.com/26063379/
<peetaur2> bleh...silly pastebin has no raw button
<peetaur2> so it seems not to say which file exactly, but seems to fail to find some SSL related file... maybe a CA cert
<mojtaba> peetaur2: yes
<peetaur2> and says [openvpn] on the next line, so maybe there's some openvpn ca cert you are missing
<mojtaba> I have them inline in the openvpn config file. (ovpn file)
<peetaur2> is it relative or absolute path? try absolute
<mojtaba> peetaur2: I have pasted the cert file in the ovpn file.
<mojtaba> peetaur2: between <ca></ca> tags.
<peetaur2> ok, then that sounds good, but then why does it want a file? what other file might it expect?
<mojtaba> peetaur2: I don't know. That should be just the .pem file.
<peetaur2> did you set a .pem file?
<mojtaba> peetaur2: cert = stunnel.pem
<peetaur2> so try absolute path on that one
<mojtaba> again failed
<mojtaba> peetaur2: this one is different
<mojtaba> peetaur2: http://paste.ubuntu.com/26063469/
<peetaur2> mojtaba: ok so now it says permission denied...so maybe it's running as one user, like stunnel, and /var/run is owned by root, so it can't write
<mojtaba> peetaur2: Yes, so what should I do?
<peetaur2> so my favorite fix for that is to add in the init script (but that's systemd... will have to look that up) that it makes a dir and chowns it to that user, eg. /var/run/stunnel/ and then in the conf, set the pid file like /var/run/stunnel/stunnel.pid
<peetaur2> and also report it as a bug...the distro should do all that work for you
<peetaur2> but fix it first...just to verify you know what the problem really is
<peetaur2> another option is make a blank file /var/run/stunnel.pid and then chown the file (not dir), and then hopefully it can modify the file instead of making a new one
<peetaur2> systemd also should support making these files and doing that for you, but this error likely means the service is expected to do that part (which is normal for some...like apache requires that it does that work for itself, runs as root and drops privs)
<peetaur2> and another option is run as root, and drop privs
<peetaur2> the lazy insecure way is to only run as root.. you could also test that, but I don't recommend it (and running it that way can leave a mess of files behind owned by root, so you have to chown or rm them to clean up)
<mojtaba> I think running as root and drop privs is better, what do you think?
<mojtaba> How should I report this bug?
<peetaur2> sure but the program has to support it... you have to see what's possible
<peetaur2> first find a way to make it work, so you verify your assumptions
<mojtaba> peetaur2: I see. Ok
<mojtaba> I will try your second option
<peetaur2> and then just report it the usual way.... paste the error, and say what it ought to do, and show the fix that works, and that afterwards the daemon runs as the correct user
<peetaur2> one assumption to check is the service file... does it say like we expect  User=stunnel  rather than run as root and drop privs
<mojtaba> peetaur2: There was stunnel4 directory in /var/run.
<mojtaba> I just added that part in the config file.
<mojtaba> So instead of pid = /var/run/stunnel.pid, it should be /var/run/stunnel4/stunnel.pid
<mojtaba> peetaur2: Thanks for your help
<peetaur2> ah good, and who made the error in the config, you or the distro?
<mojtaba> peetaur2: The distro.
<mojtaba> It was supposed to be like that, based on the doc.
<peetaur2> so if the distro shipped a conf (that wasn't commented out or in the readme) that doens't work, you could still report it
<peetaur2> pid file path is not really an admin's job to set... so probably their fault
<cpaelzer> the default is actually /var/run/stunnel4.pid at least in the most recent version
<cpaelzer> ... checking xenial
<cpaelzer> yeah in xenial as well
<mojtaba> cpaelzer: I checked with that too
<cpaelzer> just started it with that - works fine
<cpaelzer> let me read all your backlog here
<peetaur2> mojtaba: and btw, you shouldn't need absolute path...just path relative to something; normally openvpn is relative to the conf file, but maybe that's controlled by the init (like maybe it does cd /somedir/; openvpn thatfile.conf, so it's really relative to the cwd, not the conf); so you could figure out what it's doing and set it relative if you want to
<peetaur2> like in my conf I usually have a keys dir (that has stricter permissions), so the conf says   whatever=keys/blah.pem
<cpaelzer> mojtaba: hmm - if you end up reporting a bug please make sure to describe the steps to trigger the actual issue as it seems to just work (in the basic setup)
<cpaelzer> so the non-basic part of your setup is important to the bug report
<peetaur2> yeah, if they can't reproduce it, they might not bother trying to fix it
<mojtaba> peetaur2: cpaelzer: sure. and thanks for your help
<peetaur2> like this bug of mine which they just ignore https://bugs.launchpad.net/ubuntu/+source/linux-lts-xenial/+bug/1724173
<ubottu> Launchpad bug 1724173 in linux-lts-xenial (Ubuntu) "bcache makes the whole io system hang after long run time" [Undecided,New]
<peetaur2> best I could reproduce was a "Kernel panic - not syncing: stack-protector: Kernel stack is corrupted"  which is not my original issue
<peetaur2> and maybe if they fixed that, my test script would cause the original issue
<mojtaba> peetaur2: cpaelzer: It doesn't work with stunnel4.pid in the config file, also it doesn't work with relative path to certificate.
<cpaelzer> so after all a different issue
<cpaelzer> ?
<mojtaba> cpaelzer: No, I just tried those to see if they work or not.
<cpaelzer> ok, thanks
<mojtaba> I am now using openvpn with stunnel. But still no luck. I am in China, and I cann't open sites like youtube.com
<mojtaba> Do you know any other way to work around this?
<cpaelzer> peetaur2: FYI I slightly fixed your repro script in the bug and let it run
<cpaelzer> with some luck I can make it confirmed and thereby bump it a bit
<peetaur2> cpaelzer: thanks a bunch :)
<peetaur2> cpaelzer: I found it crashed easily with a slow hdd cached on RAM, but never crashed with ram backing and hdd cache.... so not sure if ram + ram works too
<cpaelzer> hrm
<peetaur2> and also tested hdd and hdd I think, also no crash. Maybe it's an shm bug, and not even bcache ;)
<cpaelzer> well you could state so in the bug and modify it slightly to base the "slow" dev on a local image file instead of shm
<peetaur2> and I'll run it with ram+ram too
<peetaur2> cpaelzer: how long do you plan to run it? for me, it sometimes crashed within 30 min, but other times took a few hours, but never a day
<cpaelzer> depends on how soon the consumed cpu annoys me
<cpaelzer> hours at least I think
<cpaelzer> peetaur2: I added a modified version which sets up the disk on an image on the base disk
<cpaelzer> that should be slow enough
<cpaelzer> running with ~100-150k changes per sec according to /sys/block/bcache0/bcache/...
<cpaelzer> will let you know in a few hours if it triggered
<mojtaba> Hello, I am using stunnel and openvpn, (I am in China), but still I cannot open websites like youtube.com Does anybody know what should I do?
<peetaur2> mojtaba: find out why... does dns fail?
<mojtaba> peetaur2: How can I check it?
<peetaur2> do a dns query, like with dig
<peetaur2> if it returns the great firewall of china's "you have been caught, and goons have been dispatched to your location" page, then it fails
<mojtaba> peetaur2: What should I run exactly?
<peetaur2> just like   dig youtube.com
<mojtaba> I ran stunnel in my server, and I am seeing: Error binding service [openvpn] to 0.0.0.0:443
<mojtaba> bind: Permission denied (13)
<mojtaba> peetaur2:
<peetaur2> the port 443 can't be bound to by a non-privileged user... it has to be 1024 or higher
<mojtaba> peetaur2: I want to show it as https
<mojtaba> peetaur2: Do you know what should I do?
<peetaur2> run as root, or redirect as root
<peetaur2> or chnage the sysctl that sets which ports are privileged...which I think is net.ipv4.ip_unprivileged_port_start
<peetaur2> or maybe there's a cap for that
<mojtaba> peetaur2: I think I am running stunnel as root in server. How can I make sure?
<peetaur2> if it's still running, ps -ef | grep stunnel
<ahasenack> rbasak: when you have a moment, I'm seeing something weird with the branch being proposed here: https://code.launchpad.net/~orion-cora/ubuntu/+source/sssd/+git/sssd/+merge/334317
<ahasenack> rbasak: there is his commit, orion-cora/xenial-sssd-hbac-rule-1722936 (4241de79bb78020f01c1a99017ef217173900101)
<ahasenack> rbasak: then there is 42a95c2755c71846672a040fa3deda768b323442 which corresponds to an import of patches-unapplied of 1.13.4-1ubuntu1.9
<ahasenack> rbasak: and 44f6b9dc1a1c2befd83ab9c114185993d5fc5579 which is pkg/upload/1.13.4-1ubuntu1.9
<ahasenack> for some reason, the lintian thinks there are two changelog entries: one for 1.10 (his commit) and one for 1.9, but that is already there and wasn't added in his branch
<ahasenack> was this that race we keep talking about, between upload tag and dput?
<mojtaba> peetaur2: It is running by stunnel4 user, in a chroot
<mojtaba> peetaur2: This is my stunnel.conf in my server: http://paste.debian.net/997971/
<rbasak> ahasenack, cpaelzer: beta updated to master. I'm running a bind9 import now.
<ahasenack> ok
<cpaelzer> thanks rbasak
<cpaelzer> peetaur2: it won't die in the last hour and I need my cpu back :-)
<cpaelzer> peetaur2: I hope the fixups and clarification will help to be looked at by the kernel Team
<cpaelzer> ahasenack: did you want to review the sssd MP yourself and just wanted an extra review slot?
<ahasenack> cpaelzer: I mainly wanted it to be visible in our review queue
<ahasenack> cpaelzer: but linter is complaining
<cpaelzer> complaining for a bug in git ubuntu, or imperfect MP?
<cpaelzer> maybe the missing pushed tags we spotted last week
<peetaur2> cpaelzer: thanks so far, for taking a look :)
<peetaur2> it'd be so nice if my ceph nodes didn't die every month or two
<cpaelzer> reasonable wish
<cpaelzer> jamespage: coreycb: ^^ in case you might have seen ceph+bcache=crash things consider reading the log above about peetaur2's bug
<ahasenack> cpaelzer: I don't know, that's why I asked
<cpaelzer> ahasenack: ok so you want me to look as well on that?
<ahasenack> if you have the time, sure
<cpaelzer> That is never the right condition, if we wait until I'm bored we wait forever :-)
<cpaelzer> I'll try to look later on
<ahasenack> true
<rbasak> ahasenack: I think this could be a bug in the lint tool, or the the importer's commit graph, or both.
<rbasak> (orion-cora's MP)
<ahasenack> the lint tool is indeed detecting two changelog entries somehow
<rbasak> ahasenack: though I get "All lint checks passed". What's your cmdline?
<ahasenack> git ubuntu lint
<rbasak> Version?
<ahasenack> using the snap,
<ahasenack> 0.6.2+git44.e7002be
<ahasenack> also tried with master just now
<ahasenack> I patched it to print what versions it found in that check
<ahasenack> E: must add exactly one changelog entry
<ahasenack> E: changelog.versions: [Version('1.13.4-1ubuntu1.10'), Version('1.13.4-1ubuntu1.9')]
<rbasak> Can you find steps to reproduce in a fresh clone please?
<rbasak> I can't reproduce with a git ubuntu clone, git ubuntu remote add, git checkout and git ubuntu lint.
<rbasak> On the same version as you.
<ahasenack> ok
<ahasenack> rbasak: hmpf, worked after I did rm -rf sssd; clone sssd
<ahasenack> I wonder if it failed before because I had my own remote, ahasenack, with a bunch of sssd branches, including the Version('1.13.4-1ubuntu1.9')] one
<ahasenack> oh well
<rbasak> ahasenack: I'm not sure. If you manage to figure out what was different, or the next time you see it, please, let me know.
<ahasenack> rbasak: fwiw, git log now does NOT show that import patches-applied that I mentioned
<ahasenack> rbasak: this is what it looked before: http://pastebin.ubuntu.com/26064436/
<ahasenack> this is what it looks like now: http://pastebin.ubuntu.com/26064439/
<ahasenack> ok, so it is still there
<ahasenack> but now it has tags
<ahasenack> git ubuntu lint would barf with http://pastebin.ubuntu.com/26064436/
<rbasak> ahasenack: you didn't have the pkg branch tips either
<ahasenack> rbasak: like I missed a git fetch pkg? Maybe with --tags?
<rbasak> Maybe
<ahasenack> but I had "Import patches-unapplied version 1.13.4-1ubuntu1.9 to ubuntu/xenial-proposed". The hash is the same. It just didn't have the tags
<ahasenack> so maybe --tags was missing
<ahasenack> from my fetch
<ahasenack> gotta remember to add that
<rbasak> But what did pkg/ubuntu/xenial-devel point to before?
<ahasenack> commit fdff32f77aa7899455f215b9f631ea30f328016e (pkg/ubuntu/xenial-devel, ubuntu/xenial-devel)
<ahasenack> ...
<ahasenack>     Update ubuntu/xenial-devel from 1.13.4-1ubuntu1.7 to 1.13.4-1ubuntu1.8
<ahasenack> I guess that explains it
<ahasenack> lint added 1.9 to the list
<ahasenack> because it thought 1.8 was the previous
<ahasenack> rbasak: is the bind9 (re)import still ongoing?
<rbasak> ahasenack: last I looked, yes. Sorry, it's failed a couple of times due to me (I suspended the laptop it was running from stupidly, and the second time I didn't see it requesting auth and it timed out).
<ahasenack> ok
<cpaelzer> ahasenack: rbasak: here you are :-)
<ahasenack> tada!
<rbasak> Aargh. It timed out on auth again. I thought I'd given it auth already. This is frustrating :-/
 * rbasak files a bug
<ahasenack> you mean that bit where you have to open a launchpad link and authorize the app?
<cpaelzer> rbasak: should I do the import while you are filing?
<rbasak> I've already tried to rerun it :-/
<rbasak> cpaelzer: actually, I'll cancel
<rbasak> Done
<rbasak> cpaelzer: would you mind? It's more likely to actually land then. I've tried enough times :-/
<cpaelzer> hehe
<cpaelzer> ok started already
<cpaelzer> lets see if prompts get less lost on less screens
<ahasenack> make sure to approve it for more than 1h :)
<cpaelzer> actually while it always came back to me due to a bug on the conversion it recently didn't ask anymore
<mojtaba> Hello, I am trying to configure stunnel to communicate over port 443. But when I run netstat -natp | grep :443,  I get the following:
<mojtaba> tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      20790/stunnel4
<mojtaba> tcp        0      0 192.168.2.250:443       5.116.10.151:56716      ESTABLISHED 20790/stunnel4
<mojtaba> Also I get Error binding service [openvpn] to 0.0.0.0:443
<mojtaba> Do you know how can I fix this issue?
<ahasenack> mojtaba: you already have it running and listening on port 443, and even servicing a connection to a client
<mojtaba> ahasenack: What about the error?
<rbasak> ahasenack: I used the old (timed out) link and approved it indefinitely, but seems to have not worked.
<ahasenack> openvpn is failing because it's trying to use the same port, 443
<ahasenack> mojtaba: you can't have to services binding to the same exact socket (0.0.0.0:443 in this casE)
<rbasak> Maybe the protocol requires the original requesting cookie to complete the auth.
<rbasak> (rather than completing on web ui approval)
<ahasenack> rbasak: I think so, if it timed out, that old link is toast
<mojtaba> ahasenack: I didn't configure openvpn to listen to 443!
<cpaelzer> mojtaba: isn't that what you want overall http://blog.deadcode.net/tunneling-openvpn-with-https-to-bypass-censorship-with-stunnel-and-ubuntu/ ?
<mojtaba> cpaelzer: yes
<cpaelzer> mojtaba: I wonder if it would make sense to start over in a container
<cpaelzer> with the doc as I linked it
<cpaelzer> to ensure no old part of the config attemps interfree
<cpaelzer> interfere
<cpaelzer> not sure if there would be any no-no'S n regard to openvon in a container thou
<ahasenack> that doc doesn't explain the openvpn bits, though
<ahasenack> ah, later on it does
<ahasenack> sorry
<mojtaba> I am not sure, why I am getting that error, as I am not configuring openvpn to listen on 443.
<mojtaba> Any idea?
<ahasenack> paste the openvpn config
<ahasenack> maybe you have multiple conf files in /etc/openvpn and it's starting one daemon for each via systemd
<cpaelzer> ahasenack: the import is actually done already since 3 minutes
<cpaelzer> ahasenack: could you check what you get on your end?
<ahasenack> cpaelzer: checking
<mojtaba> ahasenack: server or client for openvpn?
<ahasenack> where stunnel is running and listening on port 443
<mojtaba> ahasenack: server, ok
<mojtaba> ahasenack: http://paste.debian.net/997988/
<ahasenack> cpaelzer: looks good now, thanks
<ahasenack> mojtaba: is that the only config file you have? Do you have something listening on port 1194 right now?
<ahasenack> cpaelzer: one step further, but merge start crashes (https://bugs.launchpad.net/usd-importer/+bug/1734364 and new comment https://bugs.launchpad.net/usd-importer/+bug/1734364/comments/1)
<ubottu> Launchpad bug 1734364 in usd-importer "merge start fails with bind9" [Undecided,New]
<ahasenack> I thought it could be crashing before because ubuntu/devel was incorrect and I was using ubuntu/bionic
<ahasenack> ok, lunch time :)
<mojtaba> ahasenack: that was for openvpn, config file
<mojtaba> ahasenack: no, just openvpn
<Slashman> hello, I have a server on ubuntu17.10, I have changed the config file /etc/netplan/01-netcfg.yaml, how can I reload the config file to apply it ?
<peetaur2> Slashman: if it's just something read on service start, restart the service.
<Slashman> peetaur2: do you know about netplan? because that is not that simple it seems
<Slashman> https://wiki.ubuntu.com/Netplan
<peetaur2> no idea
<cpaelzer> ahasenack: did a check on your issue, and I think I found it - but we need rbasak to give it the code-POV
<cpaelzer> ahasenack: I updated the bug
<Slashman> ok, the answer is right on the page, did'nt look closely enough
<cpaelzer> Slashman: thre is an apply/generate to netplan
<Slashman> cpaelzer: yah, I just noticed that, I didn't saw it on the manpage
<rbasak> cpaelzer: I think it's all in gitubuntu/merge.py
<rbasak> I don't remember ever having looked in there.
<jamespage> coreycb: think I have gnocchi ready for upload with py3 enabled; had todo one patch
<coreycb> jamespage: awesome
<jamespage> coreycb: yes confirmed - no more mismatch problems, and reports are now showing updates again!
<jamespage> woot
<coreycb> jamespage: yep looks good!
<dpb1> Howdy all!  office hours is officially starting.  Please bring all questions
<cpaelzer> thanks for opening that up dpb1
<dpb1> ... the canonical server team puts their hands behind their head and their feet up
<slashd> dpb1, lol
<dpb1> oh, hi slashd, sorry, we weren't napping, just resting our eyelids
<slashd> dpb1, of course ;)
 * dpb1 turns around the office hours sign from open to closed.  night all!
<xpistos> Hey guys. I could use a hand with something. I am automating a virus scan to send me an alert whenever I get a hit. I am setting the file name using "$(date +%B_%e)_scan_results.log" but I am not sure how to push that into mail using the date command. if it is a static file name I just use mail -s Test EMAIL << FILENAME.LOG it works fine
<drab> xpistos: assign the date to a variable: $DATE_CUR=$(date+%B_%e) ; and the filename becomes ${DATE_CUR}_scan_results.log
<drab> eer, DATE_CUR=, no $ there
<drab> or probably even cleaner FN_NAME="$(date +%B_%e)_scan_results.log" and then mail -s Test EMAIL << $FN_NAME
<xpistos> tells me the body is null
<xpistos> using the $FN_NAME version
<drab> well I don't know your script, that variable must be available by the time you call the mail command
<drab> maybe pastebin your script on dpaste.com
<xpistos> not a script, basically just touch "$(date +%B_%e)_scan_results.log" && DATE_CUR="$(date +%B_%e)_scan_results.log" && mail -s Test EMAIL < $DATE_CUR
<xpistos> I am getting th email just nothing in the body
<xpistos> and I have tried it with both < and <<
<xpistos> I will probably make this a script though
<dlloyd> you can use -a to attach a file
<drab> well that's a different problem then, maybe the mail command doesn't work like that, haven't used it in a while, but iirc you echo to it, not sure < works
<drab> try this: FN="$(date +%B_%e)_scan_results.log && echo $FN | mail -s Test EMAIL
<drab> see if you get the filename in the body
<drab> apparently mail -s xxx < file is accepted syntax
<drab> is there anything in your file? touch won't put anything in it, so the email body will obviously be empty
<xpistos> drab: I am trying to get the contents of the file in the body not the file name itself
<drab> if all you're running is the above oneliner there's nothing in your file
<xpistos> right now it says "Infected=0"
<xpistos> drab: that file does anyway
<drab> ok, then you aren't running the above oneliner. it's really a bad practice to tell ppl you're doing something that's not what you're doing and ask for help
<drab> does mail -s Test < whatverfile_with_something_in_it work?
<xpistos> I am an idiot. It was supposed to have somethign it but I didnt' cause I just touched it
<drab> it's ok, it happens
<drab> http://www.bash.org/?201579/
<drab> a bash quote for every occasion... :)
<xpistos> Good. I am not alone!
<xpistos> drab: Thanks for the help.
<drab> you're welcome
<sdeziel> boy, my productivity just went down the drain, thank for the quotes site ;)
<drab> like I said, you're welcome :P
<drab> I got ovpn working in the end inside a container
<drab> I'm somewhat confused why it works actually, I was expecting the bridge setup to require more work, but it doesn't
<drab> I suspect it's something to do with the fact it's lxc and those network interfaces are already sitting on top of a bridge
<drab> if two interfaces aren't bridged, one should not arp for the other's ip, should it?
<drab> tun0 has its set of ips, which are overlapping with the one on eth0/LAN, but I still don't see how/why the host would respond to arp requests for a vpn client behind tun
<maxb> I think there are some fairly confusing sysctl values to affect this
<sdeziel> drab: there is no arp for tun devices, it's layer 3 only
<sdeziel> but since you are talking about bridge, maybe you meant tap?
<drab> sdeziel: so, see, that's the thing, I was gonna set it up on server-bridge + tap, but then just for testing I kept the default tun thinking of doing masquerading
<drab> so it's on tun right now
<sdeziel> tun is the recommended dev type by upstream
<sdeziel> less overhead and generally cleaner
<drab> right, but then you're supposed to masquerade, no?
<drab> or you can do server-bridge with tun?
<sdeziel> it really depends for the masquerading
<sdeziel> bridging requires a tap as that's Ethernet bridging
<drab> right
<drab> so basically right now everything is working and I don't quite understand why :P , I thought it would not
<drab> I was expecting to have to add some static routes
<drab> yeah, I think I figured it out... it's an issue with how I'm testing
<drab> altho, uhm, icmp pkts are coming from the vpn ip, so looks like all traffic is being correctly tunneled
<HackeMate> hi, i want to forward all traffic from eth0 to eth1, shall i use iptables or simply sysctl net.ipv4.ip_forward=1 ?
<HackeMate> the goal is firewall that lan
<drab> HackeMate: iptables doesn't forward traffic per se, the sysctl setting is what does that
<drab> to say tho that you want to forward traffic and then to say that you want to firewall that lan is confusing to me tho
<drab> HackeMate: what are you trying to accomplish?
<metastable> sysctl for forwarding, iptables for filtering rules, most likely.
<HackeMate> i want put a minipc between router and lan computers and firewall its connection
<HackeMate> the minipc has 2 ethernet, one for the router incoming data and the other one for the computer lan switch
<HackeMate> is the plan correct?
<drab> depends what correct means, what are you trying to achieve?
<drab> install a firewall to protect the LAN?
<metastable> Why are you putting a firewall box between the router and the switch?
<HackeMate> yes, protect the lan
<HackeMate> i do that because i have to save logs, parse them and show statistics based on those logs
<metastable> Logs of what? Statistics of what?
<metastable> "Protect the LAN" from what?
<metastable> PS: "Hackers" is not an answer.
<sarnold> be verbose in your answer, that may change the tools / approach we recommend :)
<metastable> ^
<drab> so I was correct, once I stepped out to public wifi I could vpn in, but get nowhere else except the vpn server
<HackeMate> it is for an educative center, teachers wont allow students use its wifi connection for instagram in example, i said there are many things to reach instagram without opening instagram website, so this is the startpoint
<drab> I'm glad thing still make sense even if it means it doesn't work :)
<metastable> HackeMate: A firewall is NOT going to help you with that use case.
<metastable> drab: I can help with VPNs.
<HackeMate> vpn is slower though
<metastable> HackeMate: The VPN comment wasn't to you.
<HackeMate> ah sorry
<HackeMate> a firewall is for block those connections to instagram and other social networks
<HackeMate> or whatever they use for bypass firewall
<metastable> HackeMate: You will NEVER accomplish that with any kind of real efficiency using iptables.
<metastable> HackeMate: You are applying the wrong tool, plain and simple.
<HackeMate> what could you use then?
<sarnold> I've heard good things about http://e2guardian.org/cms/ but have never used it myself
<HackeMate> dns proxy?
<drab> HackeMate: if you can afford it, just get untangle https://www.untangle.com/
<metastable> HackeMate: What you really need is a web category filter. Untangle is one option, though for non-home use it can get pricey.
<metastable> pfSense and SquidGuard could also work.
<drab> sarnold: it's the best in class, with redwood being second best (even if just because it's newer). then you have pfsense, but that's not linux anymore
<HackeMate> pfsense is a router basically, no?
<sdeziel> drab: if you are assigning your VPN clients IP addresses from say 10.8.0.0/24, you will see this net range when those VPN clients try to reach machines next to the VPN server
<metastable> pfSense is a lot more than just a router.
<metastable> drab: I don't quite care if it's Linux or not. All of this is off-topic here already because it's not Ubuntu.
<drab> also pfsense will use e2guardian (optional) or dansguardian (built-in, and pretty meh)
<drab> sure
<sdeziel> drab: you have different solutions to make the return packet reach your VPN clients, one of them is adding a static route (back to the VPN server) to the machine you are trying to reach
<metastable> drab: pfsense will use squid with whatever blacklists you enable.
<drab> sdeziel: yeah those are the static routes I thought I'd need to add, trying now
<sdeziel> drab: the other (less clean) is to SNAT/MASQUERADE what goes out of the VPN server itself. Something like -A POSTROUTING -s 10.8.0.0/24 -o eth+ -j MASQUERADE
<sdeziel> drab: the SNAT/MASQUERADE trick is so much quicker though :)
<drab> sdeziel: you might be right
<drab> lemme look into that...
<metastable> I don't EVER MASQ the stuff coming out of my VPN server. Enable the forwarding sysctl variable, and make sure the router knows how to send traffic to the VPN subnet.
<metastable> One static route in the router to the VPN server's LAN IP, done.
<drab> fair point
<metastable> If you're using iptables, make sure that the FORWARD policy is ALLOW, or add a rule to that effect.
<drab> I'm gonna try with static routes first, I think that's what I did a long time ago and it worked and saves me from having to think about the FW stuff
<metastable> drab: I can set up just about any VPN from memory, so if you want to dig into this, I'm game.
<drab> metastable: appreciate it, I like to do my homework before asking so lemme poke at it and if in bit I got nowhere I'll come and bug you
<metastable> drab: Oh, I won't do it for you. Trust me, you'll learn plenty.
<HackeMate> squidguard is a plugin for squid, squid is  a proxy, users can bypass the proxy settings, no? thats why i think about using a firewall, how can i force to use proxy, putting it as gateway?
<metastable> HackeMate: Transparent proxies can't be bypassed by the means you're thinking of. They intercept ALL web requests, and require no configuration on the client system.
<drab> sarnold: if the code was good, it looks promising: https://github.com/andybalholm/redwood
<HackeMate> ah
<drab> sarnold: somebody was trying to build debs a while back
<drab> also e2g is being rewritten and 5 will be coming out soon with a completely diff design, including transparent ssl proxying, right now it only works in explicit mode
<sarnold> drab: well, it's in go, so at least it's unlikely to have buffer overflows and use-after-frees and so on :) hehe
<metastable> drab: Which will still suck unless you have an easy method of deploying the proxy's CA cert to the clients.
<sdeziel> drab: metastable: the static route added to the router is the best way but require there is no more direct way between the servers and the VPN otherwise you will see some ICMP redirects
<drab> metastable: tell me about it, was about 3 weeks of nightmares
<drab> figuring out how firefox, chrome etc read the CA list
<drab> which they all do differently
<metastable> sdeziel: If you're entering the route in the correct place and your routing structure isn't a garbage fire, that shouldn't happen.
<sdeziel> metastable: I don't want to assume anything about the network topology that drab's dealing with :)
<metastable> sdeziel: Also correct. :P
<metastable> And a very fair point.
<metastable> I have worked in places where the routing structures were garbage fires, alas.
<sdeziel> some put their VPN servers in their DMZ which makes it annoying when connecting to those other machines in the DMZ for example
<drab> topology is pretty simple: one flat lan, one of the hosts on the lan has ovpn set up on it, gw/fw has a portforward to it. ovpn host has its own eth0 on the lan and a tun0 on the vpn network (diff than the lan network)
<sdeziel> drab: so yeah, you'll have ICMP redirects :)
<metastable> Static route will be your best bet, there.
<metastable> Uhh. What?
<metastable> How will you have ICMP redirects?
<metastable> I feel like I'm missing a part of the conversation.
<Epx998> Is it possible to rename a network interface via early command or something in the preseed?
<sdeziel> metastable: all the LAN machines have a default GW as their only route
<metastable> sdeziel: Yyyyyeah, and? VPN traffic hands traffic for a different subnet off to the router, router forwards that traffic to the next hop interface, etc.
<sdeziel> metastable: so when the VPN server relay traffic for the VPN client range, the LAN machine will send the return packet to the default gw which will send ICMP redirect if it has a static route to the VPN range
<metastable> sdeziel: I don't think that's right...
<sdeziel> metastable: try it
<metastable> Will do.
<sdeziel> the VPN server, the gw and the LAN machines are all part of LAN so the gw has to tell the LAN machines to not hop through it because there is a shorter path
<metastable> That does make sense, actually.
<sdeziel> let's use some IP ranges to exemplify this
<metastable> No, I get it.
<HackeMate> i like the squidguard option, i just need the ipv4 forwarding for achieve this, right?
<sdeziel> LAN: 192.168.0.0/24, GW: 192.168.0.1, VPN server: 192.168.0.94, serverA: 192.168.0.2
<metastable> I GET IT.
<metastable> :P
<sdeziel> alright :)
<Epx998> hmm
<drab> sdeziel: is there a particular reason you brought up the ICMP redirects? I mean, is it just because of the added noise on the network or what that I should care about them?
<sdeziel> drab: I heard this mechanism of finding a more optimal path didn't work reliably but I never really ran into a situation with ICMP redirects myself. Maybe it will work well in your environment?
<drab> I guess I'll find out soon
<drab> brb, someone can't print :(
<sdeziel> drab: most people don't run into this problem because their VPN endpoint is their router
<metastable> I have a dedicated box running strongSWAN, ocserv, openvpn.
<metastable> strongswan is... interesting to configure, to say the least.
<sdeziel> if by interesting you mean hugely fun then yes, I agree
<sdeziel> never heard of ocserv though
<sdeziel> nvm, openconnect.
<metastable> It's the server-side component.
<metastable> Technically, openconnect is the client.
<metastable> I already use the AnyConnect client for work, so it made sense.
<coreycb> jamespage: I have pike stable point releases queued up via bug 1734990
<ubottu> bug 1734990 in nova (Ubuntu Artful) " [SRU] pike stable releases" [Undecided,New] https://launchpad.net/bugs/1734990
<jog> powersj, I just opened bug https://bugs.launchpad.net/ubuntu/+source/ipxe/+bug/1735015
<ubottu> Launchpad bug 1735015 in ipxe (Ubuntu) "FTBFS: ipxe on zesty" [Undecided,New]
<powersj> jog thanks will ping others about it as well
#ubuntu-server 2017-11-29
<drab> for some reason no joy, trying to figure out what's wrong
<drab> I've added the one routing rule on the gw, and I can ping the gw of the lan from behind the vpn, but not other hosts on the lan
<TJ-> does the 'other' end of the vpn 'know' about the LAN subnet?
<drab> TJ-: the default gw does, it has a static route to it, I thought that should have been enough
<drab> tomorrow I need to go to a startbucks, like this I can't even debug, if I connect to ovpn from inside the lan the results are skewed
<drab> I tried to test using someone's phone data, but they are gone now
<sarnold> you could spin up a gce or aws instance for a few bucks if you're not actually interested in the coffee :)
<TJ-> drab: let me be clear; your problem is when connecting into the LAN through the VPN, the client that connects cannot ping hosts on the LAN sub-net?
<drab> TJ-: correct. but they can ping the gateway of the lan and ping the internet
<drab> sarnold: you mean installing a vpn client on it?
<sarnold> drab: yeah, or whatever testing you needed..
<drab> fair enough, I guess it'd be enough to figure out the routing issue
<TJ-> drab: in the openvpn config file on the openvpn server have you got a "push "route 10.254.201.0 255.255.255.0"  " ? (with your LAN sub-net, not mine)
<drab> TJ-: oh, eer, I don't. why does it matter? aren't the vpn clients going to send those pkts to their default gw (the ovpn server), which then knows (has a direct route) to the hosts on the lan?
<TJ-> drab: and the client's config should have a "pull" to ensure those are accepted
<TJ-> drab: the remote client does not know about the server's LAN sub-net, so the server has to tell the client about it
<drab> but wouldn't a vpn, like any other network client, send pkts for hosts it doesn't recognize on its lan to the default gw? (the ovpn server)
<drab> effectively achieving the same result
<drab> since I'm forcing all traffic to go through the vpn
<drab> I have that push "redirect-gateway def1 bypass-dhcp"
<TJ-> drab: you're using redirect-gateway ?
<drab> yeah, that's in my server conf
<TJ-> drab: OK, is the openvpn server on the LAN also acting as the LAN's gateway to the internet, or is that done by another router?
<drab> done by another router (also an ubuntu-server)
<TJ-> drab: if the default gateway of the LAN is another router, then all those PCs need to have a route added for the VPN sub-net so they can *return* packets
<drab> sdeziel earlier was mentioning icmp redirects, which I thought made sense
<drab> won't the gw, which they will send it to since they don't know what to do with it, tell them?
<TJ-> drab e.g: gw 192.168.0.1, ovpn-server 192.168.0.254, vpn 10.0.1.0/24 ... LAN clients will need a "ip route add 10.0.1.0/24 via 192.168.0.254"
<drab> right, I added that route on the gw, thinking that when the clients send it pkts for the vpn host the gw would have redirected them
<drab> I guess that doesn't work
<TJ-> drab: drab you said the ovpn-server has 2 NICs, one on the LAN and the other to the router?
<drab> I wasn, all hosts are on the lan, the ovpn server has the lan nic and its tun interface
<drab> wasnt clear*
<TJ-> drab: oh, I misread
<TJ-> OK, that makes more sense :)
<TJ-> so the router has effectively "ip route add 10.0.1.0/24 via 192.168.0.254"
<drab> correct
<TJ-> is ip4_forward enabled on the ovpn-server's interfaces?
<drab> yep
<drab> sysctl -p
<drab> net.ipv4.ip_forward = 1
<drab> but I just realized that probably yhe gw has icmp redirect disabled
<drab> net.ipv4.conf.all.send_redirects = 0
<TJ-> OK, well, test your routing manually. Create a dummy interface on the ovpn-server with the IP subnet the vpn usually uses. Then try to ping that IP from the clients on the LAN. Use tcpdump on the various PCs to see where it is going astray, if it doesn't work
<drab> oh, right, such a simple and great idea, I can just test that way, brilliant
<TJ-> you can also connect a local client with a VPN to your ovpn-server and test that :)
<drab> I tried that, results were skewed
<TJ-> if all that works then you've an issue in the ovpn config itself
<TJ-> are you using UDP ?
<drab> no, I set it up with tcp
<TJ-> Ahhh. I've always used UDP; not had a problem in over 10 years
<sarnold> encapsulating tcp within tcp is often a recipe for catastraphic latency when you least want it :)
<drab> point taken
<TJ-> not to mention fragmentation and MTU issues
<TJ-> but basic ping should not be upset by those
<drab> but for the local test, the issue seemed to be that routes on the android phone still show lan routes
<drab> so I thought when I tested that way that reachability worked because some pkts "leaked" or something
<TJ-> I prefer UDP since it's harder to DoS it, especially using the ta.crt option
<drab> ok, I'll switch to udp, but don't think it has to do with my issues right now
<TJ-> drab: don't switch NOW! You'll introduce another variable
<TJ-> get your TCP config sorted first, one thing at a time
<TJ-> 1. Prove your LAN routing works as you expect and you can ping the dummy i/f from clients on the LAN that are using the default GW
<TJ-> 2. create VPN tunnel from a client to the ovpn-server and check each stage of the routing through it, using ping/tracepath
<drab> roger that
<drab> thanks
<TJ-> drab: when I first started with openvpn I got the same kind of problems; I found running tcpdump on each hop on the network really useful for figuring out issues. The main is when you try to ping from PC1 to PC2 and it doesn't work you assume it's PC1 at fault, but often it's PC2 doesn't have a return route so it receives the ping packets but never replies. You can see that instantly with tcpdump
<drab> true, seen that in the past debuggin other issues
<drab> will look for that
<drab> ok
<drab> so indeed pings aren't getting back to the vpn subnet and get lost at the gw. if I add a route on the hosts on the lan too then it works
<drab> but I'm not going to add a route for that everywhere
<sarnold> drab: hrm. does the vpn even encapsulate icmp? or .. uh.. something?
<drab> I don't understand the question. the behavior makes sense, I thought icmp redirect would have fixed that, but it's disabled by default and it seems I don't wanna enable it
<drab> when the hosts on the lan get the pkts they don't know what to do with it and send it to the gw and they die there
<drab> I have a great idea that i'm sure will make everybody cringe :P
<drab> since I don't wanna do masquerading, add a route on each host or enable icmp redirect
<drab> what if, I gave the vpn client a range that's on the same subnet as the lan but unused, and then had the ovpn server arp_proxy for it?
<drab> that way when a host on the lan gets a pkg from a vpn client it'll think it's on the lan, arp for it, adn the ovpn proxy will respond for it
<TJ-> drab: I'd sooner want to figure out why the router isn't using the route? Did you also add firewall pin-hole rules to ensure the vpn traffic was allowed to be forwarded/
<drab> TJ-: yeah, I was thinking about that, but I feel I'm back on networking 101 and my brain not responding well to it...
<drab> TJ-: shuold the router, when it sees a pkt from a client on the lan, having a route to the vpn clients, send it over to the ovpn-server?
<TJ-> Yes
<drab> ok, good point, lemme check on the fw part
<TJ-> but it has to go through the FORWARD tables
<TJ-> you may need to enable a default ACCEPT for anything arriving from the LAN side and leaving on the LAN side
<drab> once again you're right, they are in ulog... adding a rule
<drab> TJ-: ok, it works, and I see the icmp redirect , I thought those were disabled by default but guess they aren't and they weren't issued becuase the fw was blocking stuff
<TJ-> drab: you're about sorted now then
<TJ-> drab: seems like that was your problem all along
<drab> well my problem is that I haven't got a clue anymore... if I ever had it :P
<TJ-> well are your pings ponging?
<drab> yeah
<drab> everything checks out
<drab> I'll do one last test tomorrow from the actual phone, but from the dummy itnerface everything works
<drab> I can see the icmp and the redirects with tcpdump and all
<drab> so I'm assuming the phone will work too tomorrow
<hdon_> hi all :) can i "install" ubuntu server to a ramfs/tmpfs?
<cpaelzer> good morning
<lordievader> Good morning
<zioproto> good morning
<cpaelzer> hiho zioproto
<zioproto> anybody already faced this ? :
<zioproto> gbp:error: Pristine-tar couldn't checkout "horizon_10.0.5.orig.tar.gz": pristine-tar: delta is version 3, newer than maximum supported version 2
<cpaelzer> zioproto: https://bugs.launchpad.net/launchpad/+bug/1732400 ?
<ubottu> Launchpad bug 1732400 in Launchpad itself "please upgrade pristine-tar to support version 3" [Undecided,New]
<zioproto> looks like it
<cpaelzer> zioproto: do you get that locally on your system?
<zioproto> I get it on the buildroot for horizon
<cpaelzer> hmm, yeah so likely the bug I linked
<zioproto> I do
<cpaelzer> but in the scope of your build then
<zioproto> mk-sbuild xenial
<cpaelzer> which will be xenial which is on pristine-tar 1.33 (current is 1.42)
<zioproto> I guess that is the problem
<zioproto> so it is just about upgrading pristine-tar in Xenial ?
<cpaelzer> well, that would not match SRU policy right - as it is feature addition at the cost of regressions for others
<cpaelzer> but in that case I'm not sure how it woud be handled
<cpaelzer> zioproto: are you doing backports building that in xenial?
<zioproto> I am building a package for Openstack Newton
<zioproto> in Xenial
<zioproto> horizon exactly
<zioproto> I have to test a patch
<cpaelzer> ok, so that could be the issue
<cpaelzer> hmm, I'm sure the openstack Team has sometihng in place to make this not a FTBFS
<cpaelzer> jamespage: coreycb: ^^ ?
<cpaelzer> zioproto: are you building "through" gbp ?
<cpaelzer> maybe that is the issue then
<cpaelzer> as it might rely on pristine-tar in your cae but you might be able to get going with e.g. dpkg-buildpkg + sbuild or such
<cpaelzer> I'd not have expected to need the "in target" pristine-tar for a build
<cpaelzer> on the other hand, if your host is xenial it might be you just need it on your system
<zioproto> I am trying to upgrade pristine-tar
<zioproto> this tool does not even print his own version
<jamespage> hmm that's a new one
<cpaelzer> zioproto: I have no personal involvement to pristine-tar, just using it :-)
<cpaelzer> zioproto: but you might find https://www.preining.info/blog/2014/06/debian-pristine-tar-packaging/ amusing
<cpaelzer> actually it never broke me, so I'm good
<cpaelzer> it's also of 2014 and recently seems well maintained
<cpaelzer> jamespage: other question on planning OVS/DPDK in binoic
<cpaelzer> jamespage: I mentioned https://code.launchpad.net/~ubuntu-server-dev/ubuntu/+source/openvswitch/+git/openvswitch/+ref/ready-for-dpdk-17.11 last week
<cpaelzer> jamespage: 17.11-1 would be ready to sync this week
<cpaelzer> jamespage: what is your intended OVS version in bionic?
<jamespage> cpaelzer: 2.9.x
<cpaelzer> jamespage: that is bug 1733325 btw
<ubottu> bug 1733325 in openvswitch (Ubuntu) "Update in Bionic to match DPDK 17.11" [Undecided,New] https://launchpad.net/bugs/1733325
<jamespage> cpaelzer: yeah sorry I was off on leave last week - I'm bad at catching up on backscroll
<cpaelzer> jamespage: ok, so would it be ok for you if I upload dpdk this/next week and along that a small delta to OVS 2.8.1 to make it work for now
<cpaelzer> jamespage: that delta will be droppable on the 2.9 upload then
<zioproto> I dont get it for Horizon. In the pristine branch I get the files horizon_10.0.5.orig.tar.gz.delta and horizon_10.0.5.orig.tar.gz.id. But the all thing fails looking for the file horizon_10.0.5.orig.tar.gz that is not there
<cpaelzer> zioproto: so it wants to generate the tarball via pristien-tar and that is failing you
<zioproto> yes... this I got it
<cpaelzer> you could work around all that by just getting the file there
<zioproto> so the Horizon release 10.0.5 does not even exist in Openstack
<zioproto> I cannot download the tarball
<cpaelzer> cd ..; pull-lp-source horizon yakkety; cd -
<cpaelzer> well
<cpaelzer> this might overwrite your dir dpeending on what you work on
<cpaelzer> so do the same in /tmp and copy the tarball
<cpaelzer> or fetch it from LP
<zioproto> wow, let me try this
<cpaelzer> https://launchpad.net/ubuntu/+source/horizon/3:10.0.4-0ubuntu1
<cpaelzer> oh that is 10.0.4
<cpaelzer> zioproto: where did you base your version on?
<zioproto> the latest ubuntu cloud archive
<cpaelzer> maybe in cloud archive there is something newer than at the end of yakkety support
<zioproto> 3:10.0.5-0ubuntu1~cloud1 500
<zioproto> can I use pull-lp-source to pull stuff from the ubuntu cloud archive ?
<cpaelzer> zioproto: then just enable the deb-src lin in /etc/apt/source.list.d/<cloudarchive>
<cpaelzer> apt update; apt source horizon
<cpaelzer> that will give you the source as it is there
<cpaelzer> zioproto: in that regard UCA is like a ppa, so not pull-lp-source, but the above with apt-source will work
<zioproto> it worked !
<cpaelzer> \o/
<adrian_1908> I still frequently see `service <servicename> <action>` being mentioned, which works with systemd services as well. Isn't this (strictly speaking) deprecated in favor of `systemctl <action> <servicename>` or will both remain correct indefinitely?
<Ussat> No, not indefinately, and yes, depricated
<Ussat> its there as a conveniance
<adrian_1908> ok, thanks.
<rbasak> Ussat: do you have a citation for it being deprecated?
<rbasak> I'm not aware that it is.
<Ussat> citation no, but that is the way things are moving...
<Ussat> Its pretty logical to me, that the old way will not stick around forever since the new way has been introduced. Its only there now as a transition
<rbasak> Debian still supports multiple init systems. That's where the wrapper comes from.
<rbasak> It's useful because you don't need to care about which init system is in use.
<Ussat> ....
<rbasak> ...so I don't see it going away any time soon.
<Ussat> I dont care about debian
<rbasak> Not until Debian drops support for multiple init systems.
<rbasak> Therefore it isn't deprecated.
<Ussat> ...
<Ussat> ok
<rbasak> Unless some more closely associated Debian or Ubuntu developer says it is.
<rbasak> But I'm not aware of any such position.
<Ussat> sigh..ok
<coreycb> cpaelzer: zioproto: 'pull-uca-source horizon newton' is also an option
<zioproto> thanks !
<cpaelzer> uh - pull-uca-source
<cpaelzer> nice
<cpaelzer> coreycb: package?
<cpaelzer> I actually have a ~/bin/pull-uca-source.py - probably from you coreycb :-)
<coreycb> ha
<coreycb> cpaelzer: ubuntu-dev-tools
<cpaelzer> ah but post xenial
<cpaelzer> found it
<cpaelzer> https://bugs.launchpad.net/ubuntu/+source/ubuntu-dev-tools/+bug/1661324
<ubottu> Launchpad bug 1661324 in ubuntu-dev-tools (Ubuntu) "add pull-ca-source to ubuntu-dev-tools" [Low,Fix released]
<coreycb> jamespage: if we were to do a snapshot of the latest upstream gnocchi commit, we could drop pandas from the queens cloud archive
<jamespage> coreycb: I peeked at that yesterday - we could just pick the commit that drops it
<coreycb> jamespage: yes true, looking for that
<jamespage> oh nice I'd not realized that pull-uca-source had got into dev-tools
<jamespage> coreycb: having a run at deploying queens :-)
<jamespage> needed to switch keystone to v3 but that bit is working ok
<jamespage> glance is foobar
<jamespage> aodh don't know what queens it
<jamespage> coreycb: prob need a  charmhelpers release for that
<coreycb> jamespage: ok awesome about queens. want me to get charmhelpers?
<coreycb> jamespage: i'm uploading gnocchi with the patch and will get rid of pandas
<jamespage> coreycb: charmhelpers is ok - it just needs a release for the reactive charms
<jamespage> coreycb: oh ok - oops
<coreycb> jamespage: oh ok
<jamespage> git push --force over my changes :-)
<coreycb> jamespage: oh you got it already? no prob :)
<jamespage> coreycb: no you take it
<coreycb> jamespage: ok that's uploaded
<cpaelzer> rbasak: ahasenack: is the serverguid still the on on bzr?
<jamespage> coreycb: awesome
<cpaelzer> rbasak: ahasenack: I always have something on the back of my mind they wanted to change, but miss to remember if that happened
<jamespage> coreycb: where did we leave glance b1?
<jamespage> I remember we had some sort of unit test failure right?
<ahasenack> cpaelzer: should still be in bztr
<ahasenack> bzr
<coreycb> jamespage: i think we were going to skip it due to https://bugs.launchpad.net/glance/+bug/1728368
<ubottu> Launchpad bug 1728368 in oslo.serialization "oslo.serialization 2.21.2 breaks glance" [Undecided,New]
<jamespage> right
<rbasak> cpaelzer: I think it may be but I'm not certain.
<drab> sdeziel: TJ-: fwiw when I tested today with the actual phone from a remote connection it did not work unless I put static routes on the individual nodes
<drab> I'm out of time so I can't look into why, I know last night I saw the icmp redirect and it worked with the dummy interface
<drab> but it would not trying to ping the android phone
<drab> luckily I actually don't really care to get to all the nodes on the lan from the phone, just out to the network and to my workstation and I can reach everything else from the latter
<drab> s/network/internet/
<sdeziel> drab: the clean fix would be to relocate the VPN server to a new network zone that is directly attached to the router, this way, you'd only need the static route on the router itself
<drab> you mean like in a DMZ?
<sdeziel> drab: kind of  but only for the VPN server
<sdeziel> drab: because if you put some machines next to the VPN server, you'd run into the same problem when trying to access them from the VPN clients
<drab> oh, I see
<sdeziel> drab: in other words, you need to always have your router between your destination and your VPN server otherwise, machine will figure out that the router's hop is pointless
<drab> I guess I could do that, yeah, hopefully nothing funny happens with the fw, when I was working on it last night I saw some weird things happening (I'm using firehol as a frontend to iptables)
<drab> right, got it
<drab> because if the ovpn is still physically on the lan interface then I have inface/outface on the gw both being lan and it seemed to trigger some issue with rule matching
<drab> anyway, I'm about to take off so for this trip it's staying this way, but when I coem back that does sounds like a cleaner/permanent solution
<drab> sdeziel: thanks
<sdeziel> drab: you could probably use a dedicated vlan to get a new interface
<drab> good point, I'll explore that
<drab> thanks again, afk
<ahasenack> hi, could someone please accept my nominations in bug #1732032? Thanks
<ubottu> bug 1732032 in iproute2 (Ubuntu) "ip maddr show and ip maddr show dev enP20p96s0 show different data" [Undecided,In progress] https://launchpad.net/bugs/1732032
<ahasenack> and a question: do we SRU FTBFS fixes?
<ahasenack> or only when there is another needed change, then we really have to fix the ftbfs problem?
<sarnold> ahasenack: done
<ahasenack> sarnold: thanks
<sarnold> ahasenack: I'm going to guess it's not worth an sru to fix ftbfs
<ahasenack> sarnold: ok, ideas on how not to "lose" the fix, when a real sru comes by? Leave it attached to the bug?
<ahasenack> just wondering
<ahasenack> https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1735158 in this case
<ubottu> Launchpad bug 1735158 in iproute2 (Ubuntu) "FTBFS with gcc7" [Undecided,In progress]
<sarnold> ahasenack: is it fixed in the devel release yet?
<ahasenack> no, I"m about to do that
<sarnold> ahasenack: my guess is that fixing it in devel is sufficient
<ahasenack> ok
<ahasenack> hm, I don't understand this git ubuntu lint error
<ahasenack> E: Targetted branch distribution (devel) and changelog distribution (bionic) do not agree
#ubuntu-server 2017-11-30
<keithzg> Yeesh, I guess I'm done buying ASUS motherboards ever. Got a response from their customer service and the only way to patch the Intel ME vulnerability is indeed to run the updater which only works on Windows.
<sarnold> what is it with firmware / hardware people..
<sdeziel> not even providing a bootable ISO with something like freedos is really bad
<keithzg> Yeah, I mean frankly anything involving updating firmware on a motherboard you'd think you'd want to be able to do without relying on an installed OS!
<metastable> I enjoy my MSI boards for that reason. Insert stick, push button. BIOS flash, even from soft-brick.
<keithzg> metastable: To be fair though, the Intel Management Engine is an additional, somewhat self-contained entity with its own firmware, so the ease of flashing "BIOS" isn't necessarily an indicator that they'd get *this* right. I tried checking MSI's support pages to check how they've been handling Intel ME updates but I keep getting 504 errors from nginx on their servers . . .
<keithzg> Hmm from what little information MSI provides on https://www.msi.com/news/detail/tbzkKfKPAi1ALASqaWkS99rxLH-FNw7O9AC8b2jsPHSoz1kSuAag52YLmCGiuuD9LhFJ7_wgczjFmbrnR5UGCA~~ it seems like they might also require you to run Windows to update the Intel Management Engine.
<cncr04s> anyway to have mdadm scrub a raid array to look for inconsitencies ?
<Sling> cncr04s: thats what you'd have raid 1 or raid 5 for
<Sling> what kind of inconsistencies ar eyou expecting?
<metastable> Ew. RAID 5...
<metastable> cncr04s: echo check > /sys/block/mdX/md/sync_action
<metastable> cncr04s: Where 'mdX' is the md device number of the mdadm array. Check /proc/mdstat for this.
<cncr04s> i have a raid5 and a raid 6 array
<cpaelzer> good morning
<lordievader> Good morning
<cpaelzer> hiho lordievader
<lordievader> Hey cpaelzer
<lordievader> How are you doing?
<cpaelzer> lordievader: good, you as well I'd hope
<lordievader> Yes, doing allright.
<cpaelzer> great
<lordievader> My zabbix experiments seem to pay off somewhat.
<lordievader> We want to create some triggers wich compare the data of today with yesterday.
<lordievader> So I build a graph which does that.
<gun1x> guys, quick question
<gun1x> just got an ubuntu server up on an infra that i do now own
<gun1x> and i have something strange in terminal ... i get some strange characters
<gun1x> does anybody know an apt command to install missing packages so i have all characters ?
<Frickelpit> what do you mean by "strange characters"? did you check your locales settings?
<add1ctus> I was enabling firewall on my server. Just added all the ports I need (22, 80, 443) to allowed list and did ufw enable. Everything else had default settings. Since then connections slowed down towards the server, and I disabled it immediately. But connections are still slow, and even apachectl status doesn't give any output. Checking with htop, it says server isn't under any load. Anything I could do?
<rbasak> Slow how?
<rbasak> Could it be reverse DNS timing out?
<add1ctus> When I try rapidly checking tracert, every third request gets stuck. The website hosted on the server is also slow (Chrome gets stuck on Connecting..)
<sdeziel> add1ctus: I'd make sure ICMP is authorized to have PMTU working
<sdeziel> I think ufw allows what's needed by default but I don't know for sure
<add1ctus> @sdeziel: I didn't kinda understand what you're trying to say. How should I check that?
<sdeziel> add1ctus: A quick way to check this would be to add those 2 rules: sudo iptables -I INPUT -p icmp -j ACCEPT; sudo iptables -I OUTPUT -p icmp -j ACCEPT
<rbasak> add1ctus: every third request getting stuck is a Cisco signature IIRC. I'd ignore that.
<HackeMate> hello
<HackeMate> i have some servers that i need to maintain, so i wanted to use something like teamviewer but for server (it means bypass firewalls)
<HackeMate> exists a tool like that in ubuntu, or any way to do that?
<HackeMate> both computers connect to a common servers via http port and share data
<sdeziel> HackeMate: it's not like teamviewer but you can remote administer servers and transfer files using SSH
<HackeMate> yes i know, but i cant pass trought firewalls or vlans
<HackeMate> i dont know how teamviewer gets that
<sdeziel> I think that teamviewer has the agent phone home to essentially build a HTTPS tunnel. You can then connect to teamviewer servers and access your servers through that.
<sdeziel> HackeMate: this feels like a MITM to me so I prefer SSH :)
<HackeMate> yes, thats the reason i want use an own method
<sdeziel> HackeMate: you have several options. 1) you could tweak the firewall to expose your server's SSH via port forwarding 2) you could setup a VPN that connects to a server you trust 3) you could run tor on the servers to use it as a backchannel to SSH in
<sdeziel> HackeMate: and probably a lot more
<RoyK> hm - seems I'm getting this when attempting to install ubuntu 16.04 in a kvm/libvirt vm on jessie: Checking installer location failed: Could not find media '/data/iso/Linux/x64/Ubuntu/ubuntu-16.04.3-server-amd64.iso'.
<RoyK> any ideas?
<TJ-> RoyK: looks like a libvirt issue on the host based on the path
<RoyK> TJ-: everything looks right, permissions and so on
<TJ-> RoyK: have you refreshed the pool with "virsh pool-refresh default" (assuming it's using the default pool)
<RoyK> TJ-: afaik it's not a pool, just "local" file
<TJ-> RoyK: right, but the 'pool' should list it for the guest if I recall correctly
<ahasenack> RoyK: was that error inside the vm, or in virt-manager?
<TJ-> it's a virsh/libvirt error
<RoyK> virt-manager - interesting, regardless of file rights, I tried to ln (not -s) the file to where the debian iso was, and that works, meaning it's quite possibly a pool thing - I've never seen that issue before
<TJ-> I've seen it in the past, when I manually added an ISO rather than adding it to the pool, and had to refresh the pool for the guest to see it
<RoyK> I didn't try to refresh the guest pool, though - I don't know too much about these pools
<RoyK> TJ-: anyway - thanks
<rbasak> cpaelzer, ahasenack: BTW, mail-stack-delivery is something I've wanted to deprecate for years, but never got round to driving.
<ahasenack> rbasak: it seems handy, but I can see how it would be a maintenance burden
<rbasak> But it doesn't really cause us any pain except in merges, because I think barely anyone actually uses it
<ahasenack> it's in the lts guide
<rbasak> Yeah so it's quite a bit of work to deprecate and remove :)
<ahasenack> yeah
<ahasenack> we just have to remember to update it with what is considered best practices that year :)
<ahasenack> smtpd_tls_mandatory_protocols = SSLv3, TLSv1 <-- that isn't, for example
<ahasenack> SSLv3
<ahasenack> something I'm raising in my review
<ahasenack> defaults from postfix:
<ahasenack> # postconf -d smtpd_tls_mandatory_protocols
<ahasenack> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
<ahasenack> maybe we should leave it at the postfix's default instead of hunting down what's bad and what is not
<rbasak> I think that's a good idea. Make sure it's matches the postfix's packages default too. Eg. if postfix ships a conffile with an important setting that gets overriden by mail-stack-delivery, that could be a problem.
<rbasak> Sort of like you found it as it is now :)
<morphine> hi guys, anyone here ever came across a situation where Apache 2.4 just wouldn't log rewrite activity no matter what you set the LogLevel rewrite:trace directive to?
<sarnold> morphine: if you deliberately break the configuration in some blatant obvious way do you see that take affect as you expect? (I'm curious if perhaps the file you're editing is being ignored entirely)
<morphine> yeah, this configuration is working perfectly and as expected. The context here is that I'm debugging a single rewrite rule
<morphine> I went ahead and enabled rewrite logging, and two hours later I'm still trying to figure out why that never shows up on any of the logs
<morphine> doesn't seem to be a unique problem, found a couple forum threads about it but no actualy solution
<morphine> already tried a million things up to and including defining a vhost that has next to no configuration but the rewrite/log settings
<morphine> (and no, I didn't forget to reload/restart Apache :)
<sarnold> :)
<sarnold> morphine: nothing in the docs stands out :/ it might be worth a bug report
<morphine> could be, but it's probably some obtuse and apparently-unrelated setting
<morphine> which has been my experience with Apache 2.4 in particular
<sarnold> reminds me of the day I lost due to a '/' on the end of a directory name.
<ahasenack> morphine: can you see the rule checks progressing until your rule is hit? Or not even that?
<ahasenack> (in the debug logs)
<ahasenack> I was in that situation a few times, it was always *something*
<morphine> that's the whole problem, I don't see the rule logs *anywhere*
<ahasenack> did you set LogLevel?
<sarnold> are they maybe going to syslog rather than a file? or file rather than syslog?
<ahasenack> that's new in 2.4, according to what I'm reading
<ahasenack> "Those familiar with earlier versions of mod_rewrite will no doubt be looking for the RewriteLog and RewriteLogLevel directives. This functionality has been completely replaced by the new per-module logging configuration mentioned above."
<morphine> yeeeep
<morphine> because it made sense before, so it had to change!
<morphine> (sorry)
<ahasenack> mod_rewrite made sense?
<ahasenack> :)
<morphine> har
<morphine> don't even get me started on the Log/ErrorLogFormat mess
<ahasenack> http://httpd.apache.org/docs/current/mod/core.html#loglevel
<ahasenack> hope that helps
<morphine> I already tried like 10 variations of the LogLevel line (including some obtained from forums/how-tos)
<morphine> but I might as well try a couple more
<ahasenack> try setting it for other things, see if you get that to work
<ahasenack> if not even that changes the logs you are seeing, then something else is going on
<ahasenack> gotta go, g'night
<morphine> thanks for the input
#ubuntu-server 2017-12-01
<lordievader> Good morning
<mojtaba> Hello, I have installed openvpn and stunnel. I am running openvpn through cmd. I am seeing "Initialization Sequence Completed" as the last statement, and I can connect to my local network. But I cannot open websites like youtube.com. Do you know how can I check what could be wrong?
<jamespage> morning all
<mojtaba> Hello, I am configured openvpn and stunnel, but when I try to traceroute youtube, it gives me a fake ip address: 10.10.34.34
<mojtaba> http://paste.ubuntu.com/26087878/
<mojtaba> I have these lines in the openvpn server config file.
<mojtaba> push "dhcp-option DNS 10.8.0.1"
<mojtaba> push "dhcp-option DNS 208.67.222.222"
<mojtaba> push "dhcp-option DNS 208.67.220.220"
<mojtaba> push "dhcp-option DNS 8.8.8.8"
<mojtaba> But it seems dnsmasq is overriding my dns setup. http://paste.ubuntu.com/26087915/
<mojtaba> Do you know what should I do?
<mojtaba> My server is in Canada, and I am in Iran now.
<lordievader> mojtaba: That is netwoekmanager controlling the resolving (with dnsmasq). Though normally it should use the DNS servers it gets from the DHCP.
<ahasenack> this is weird, this morning's apt update has a new entry: http://pastebin.ubuntu.com/26088344/
<ahasenack> Hit:6 http://179.184.158.85:80/pdata/0211cbbab141e5bb/security.ubuntu.com/ubuntu artful-security InRelease
<ahasenack> never saw that before
<ahasenack> that ip belongs to my isp, or to one of its customers
<ahasenack> is that a cdn for security.u.c?
<rbasak> owner:       TELEFÃNICA BRASIL S.A
<rbasak> I think they may be doing a redirect to their own cache maybe?
<rbasak> https://www.reddit.com/r/Ubuntu/comments/7dpnwl/requests_to_archiveubuntucom_being_redirected_on/
<rbasak> It's safe as long as their cache doesn't go stale.
<rbasak> apt does have options for staleness checking but they aren't enabled by default IIRC.
<rbasak> Max-ValidTime
<gun1x> Frickelpit: i totally missed your message yesterday. please say gun1x if you say something for me.
<gun1x> Frickelpit: i am checking locale now
<gun1x> Frickelpit: it worked by changing locale from gb to us, thank you
<Lope> I'd like to run many FTP servers on a single public IP address, each FTP server inside a LAN IP for it's respective VM. I'd like to run some kind of reverse proxy server on the root server (that has the public IP). I've searched the repos for FTP reverse-proxy servers but didn't find anything. I've heard that jftpgw can do it but it looks like it was last updated in 2004!
<jamespage> coreycb, beisner: I've uploaded fresh pxc-5.6, percona-galera-3 and percona-xtrabackup to bionic
<jamespage> that gets things up-to-date for development
<jamespage> pxc and galera updates really need to go back to xenial/zesty/arftul as well
<coreycb> jamespage: ack
<ahasenack> rbasak: do you know about dpkg-query -f '${Conffiles}'? The manpage just says "internal"
<ahasenack> I'm trying to parse this sed
<ahasenack> which seems overkill
<ahasenack>  dpkg-query -W -f='${Conffiles}' mail-stack-delivery | sed -n -e "\' /etc/dovecot/conf.d/99-mail-stack-delivery.conf ' { s/ obsolete$//; s/.* //; p }"
<ahasenack> as the output of dpkg-query seems to be just a file and md5, and some spaces that can be more easily removed than that sed sequence
<ahasenack> in particular, " obsolete" doesn't show up, at least in this case I am at
<rbasak> Is that trying to get a list of conffiles that mail-stack-delivery has on the system?
<ahasenack> # dpkg-query -W -f='${Conffiles}' mail-stack-delivery ;echo
<ahasenack>  /etc/dovecot/conf.d/99-mail-stack-delivery.conf 257ba5af418b630ef4d8075100bf7809
<ahasenack> just one, and its md5
<rbasak> Obsolete conffiles happen if a newer package version doesn't ship a conffile but doesn't explicitly remove it. Then it remains on the filesystem but dpkg considers it obsolete. Which is usually a bug.
<ahasenack> but a simple awk would fetch the md5 in that output
<rbasak> If a conffile is obsolete, perhaps that output has an additional field so the awk would grab the wrong field number.
 * rbasak is guessing
<ahasenack> sounds reasonable
<rbasak> "The manpage just says "internal""
<rbasak> Sounds like the script shouldn't be doing this at all.
<ahasenack> also reasonable
<ahasenack> as it might change I suppose
<rbasak> I'm not sure there's necessarily a way to fix it though.
<rbasak> Though I don't know for certain, my gut says this kind of hack is needed because the model of packaging that mail-stack-delivery needs to do its job doesn't work very well with dpkg and debs.
<ahasenack> the idea of one package changing the configuration of many others?
<rbasak> Yeah that kind of thing.
<rbasak> I used to do "configuration management" using custom local debs that pulled in dependencies and configured them in around 2003.
<rbasak> It doesn't work very well.
<ahasenack> git ubuntu lint isn't happy with that dovecot branch, I can't get it to run: http://pastebin.ubuntu.com/26089211/
<ahasenack> any ideas?
<ahasenack> the branch is https://code.launchpad.net/~paelzer/ubuntu/+source/dovecot/+git/dovecot/+ref/bionic-merge
<cpaelzer> for the sake of not beeing alone IÃve seen exactly this conffile + sed in multiple packages
<cpaelzer> that doesn't mean it is right or wrong, just FYI
<cpaelzer> ahasenack: is there a comment in the MP about an issue with that I should look at - or did you just wonder what dpkg could report in those cases?
<ahasenack> cpaelzer: I was wondering about the " obsolete$" case
<ahasenack> since the manpage didn't talk about it
<cpaelzer> well it can has this appendix or not
<cpaelzer> the sed is meant to drop it if it is there
<cpaelzer> I had such changes, but rbasak already explained how it happens
<ahasenack> yep, all good
<ahasenack> any idea about the lintian?
<ahasenack> does it run on your local copy of the branch?
<cpaelzer> ahasenack: it didn't on strongswan, let me check dovecot ...
<ahasenack> rbasak: thanks for the endorsement!
<jamespage> coreycb: just saw a load of these from pike-proposed -  sbuild-build-depends-ceilometer-dummy : Depends: python-gabbi (>= 1.30.0) but it is not going to be installed
<ahasenack> cpaelzer: iproute2 down to just 1 test failure, arm
<coreycb> jamespage: hmm
<ahasenack> a timeout in a test called "201-freqaccumulation"
<cpaelzer> ahasenack: did you check it in any way more than the retry we did?
<ahasenack> cpaelzer: last evening we had 3, this one and two others
<ahasenack> the others seemed like infra problems
<cpaelzer> yeah
<ahasenack> timeout launching the adt vm
<cpaelzer> maybe even this one
<ahasenack> slangasek clicked the retry button for me
<cpaelzer> ahasenack: so on dovecot "git ubuntu lint" passes
<ahasenack> this one, I looked at the code but didn't come up with any ideas, I would have to run it locally
<cpaelzer> but I had to remove some confusion on it first - especially since I had new/debian (from last merge) and another new/debian that I pushed
<ahasenack> cpaelzer: can you push --force just to be sure I get all the bits? Or you rather not
<cpaelzer> ahasenack: hmm does autopkgtest work on arm "as usual"
<cpaelzer> ahasenack: how does the linter fail you?
<cpaelzer> is it missing any tag or such?
<ahasenack> cpaelzer: http://pastebin.ubuntu.com/26089211/
<ahasenack> I did git fetch paelzer --tags already
<cpaelzer> umm, I don't get this :-/
<cpaelzer> ahasenack: and you are on the bionic-merge branch when you do this?
<ahasenack> yes
<ahasenack> when I started the review a couple of days ago, I did git checkout -b paelzer-bionic-merge paelzer/bionic-merge
<ahasenack> and I have been getting your updates without problems
<cpaelzer> ahasenack: I saw that I needed to drop the ~ppa version for the linter
<cpaelzer> reasonable, I just didn't want 20 commits adding and removing them
<ahasenack> sure
<cpaelzer> ahasenack: I also pushed an updated new/debian - that was the one conflicting for me from last merge
<ahasenack> doesn't seem to be what's confusing it here
<cpaelzer> ahasenack: could you fetch branch and tags and check again?
<cpaelzer> ahasenack: with verbose, I'll do the same
<cpaelzer> maybe we spot the difference
<ahasenack> no change: http://pastebin.ubuntu.com/26089277/
<ahasenack> I see a tag update for new/debian
<cpaelzer> ahasenack: http://paste.ubuntu.com/26089281/
<cpaelzer> lets compare these :-)
<ahasenack> ah
<ahasenack> http://pastebin.ubuntu.com/26089284/
<ahasenack> mine doesn't get far
<ahasenack> same when I pass target-branch
<ahasenack> let me try cloning it fresh elsewhere
<cpaelzer> ahasenack: also try a few different things as target-branch
<cpaelzer> probably debian/sid, bionic-merge ,... ?
<cpaelzer> I'm not really sure what it would/should expect as that arg
<ahasenack> same on a fresh clone
<ahasenack> http://pastebin.ubuntu.com/26089308/
<ahasenack> will have to check the code
<ahasenack> I won't block on this
<ahasenack> would be cool to see what's going on, though
<cpaelzer> ahasenack: I just see in my inbox you listed more small/medium comments - thanks I'll take a look
<ahasenack> cpaelzer: the ssl ones, let's not go crazy there. I think just the postfix one
<ahasenack> I verified ssl3 is not enabled in dovecot (imap, pop)
<ahasenack> we can file a separate bug to revise those settings
<ahasenack> what do you think?
<cpaelzer> I didn't read all your feedback yet, so I might be out of context
<ahasenack> ok, take your time
<cpaelzer> but that seems right (to be disabled) right?
<ahasenack> it should, but we explicitly *enable* it for postfix in mail-stack-delivery :)
<cpaelzer> I'll read and think through and ping you later
<cpaelzer> not yet fully out of my inbox for today
<cpaelzer> ahasenack: I can partially reproduce and partially avoid the linting issue - will let you know
<ahasenack> heh :)
<jamespage> coreycb: looking at pxc-5.6 it basicaly produces one package with binaries in it; a meta package and some debug symbols
<cpaelzer> ahasenack: I see conflicts around old/ubuntu != old/ubuntu
<cpaelzer> but - between the two hashes is no diff
<jamespage> coreycb: and I think you'll need xtrabackup >= 2.4 as well
<jamespage> 2.3 is the 5.6 aligned version afaict
<cpaelzer> ahasenack: as if linter and importer would not agree if they should use the same commit reperesenting an import
<cpaelzer> ahasenack: I think you should report a bug - I confirm it fails from a new clone + checkout
<cpaelzer> ahasenack: but it works with http://paste.ubuntu.com/26089367/
<coreycb> jamespage: ok
<ahasenack> yeah, that worked too
<cpaelzer> ahasenack: it must internally know how to call it right
<ahasenack> minus the lp integration, I had to open the url manually
<cpaelzer> ahasenack: that should be enough of a lead to spot the code issue
<ahasenack> I'll file the bug
<cpaelzer> thanks
<cpaelzer> killing mails, then looking to your MP feedback
<cpaelzer> oh and checking my Triage list for today ...
<cpaelzer> :-/ 30 is a lot for a friday
<ahasenack> that's between yesterday and today?
<cpaelzer> yep
<cpaelzer> but I see at least some share is from doko's pytohn3 burst
<ahasenack> I have a few in my inbox that I want to respond to, the usual sssd and samba combo
<ahasenack> but first finish this review
<cpaelzer> FYI - if anyone being php could help verifying bug 1721607 for the SRU release that would be great
<ubottu> bug 1721607 in php7.0 (Ubuntu) "please update to latest upstream release 7.0.24" [Undecided,Incomplete] https://launchpad.net/bugs/1721607
<xpistos> Hey guys. quick question, I have a few different files in test.tar.gz. one file has the string "grep for zoo" in it. I am trying to grep for that in the gz file but since it isn't a compressed log, it doen's know what to do with the request. since zgrep doesn't support -r or -R is there a way to search that gz file for the string without extracting it?
<Poster> zcat will push it to stdout, from there you can use a standard grep
<Poster> though if you've got multiple files in there you'd need to untar it :|
<dpb1> a tar is just a linear concat of files with some metadata, you can grep it without untaring
<dpb1> zcat or gzip -c should work
<dpb1> of course, if you have binary data, it could get interesting, but... :)
<sdeziel> cpaelzer: I can run some basic tests but is there something specific to test?
<xpistos> dpb1: thanks, it isn't giving me what I am looking for but isn't really important it was just an afterthought while working on strengthening my bash scripting
#ubuntu-server 2017-12-02
<Avere> Ubuntu Landscape needs a UA subscription for more than 10 machines. Should UA be bought for the server running landscape or for every machine?
<ducasse> Avere: you should probably ask canonical directly, but the only canonical channels i can find are #canonical-sysadmin and a pointer to https://wiki.canonical.com/MessagingSystems/InternalIRC
<Avere> Alright. Thanks
<Nafallo> Avere: for the clients. if you want the server in-house it's normally $2000 to buy.
<Avere> So assuming in-house server along with 15 clients : 15*$150+ $225 just for using landscape management
<Nafallo> Avere: I can't find the reference to $150 on the homepage?
<Nafallo> oh. desktops?
<Avere> Yes. https://www.ubuntu.com/support/plans-and-pricing#ua-support
<Avere> Turns out UA is needed for both Server and Desktop
<Nafallo> Avere: desktops are minimum 50 pcs I believe. you might want to mail sales AT canonical.com
<roasted_> Morning all. Trying to rule out some performance issues I'm having. 14.04 Server, hosting samba shares, gigabit LAN, with 3 clients on 17.10. Clients mount samba share with mount -t cifs via CLI. Performance is slow, about 7 MB/s.  If clients mount via GVFS, they get about 68-70 MB/s. If I rsync from clients, I get about 110 MB/s. Mounting cifs via CLI was always the quicker way vs GVFS, but not here. Is there anything on server end that
<roasted_> could be contributing? Having a hard time researching it from a "client is the problem" point of view as all sources point to GVFS being the slow one, yet it's the fast one here.
<roasted_> just compared another distro (one of these machines dual boots antergos/17.10) and it behaved identically -- GVFS much faster, mount -t cifs over CLI wildly slow.
#ubuntu-server 2017-12-03
<m15k> Is named a default enabled ubuntu server service? I'm a little bit unsure who starts the process...
<Neo1> I've installed mysql and got error
<Neo1> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
<Neo1> I used this mysql_secure_installation
<Neo1> commands mysql doesnt work
<Neo1> I press $ sudo mysql also doesn't help
<m15k> Neo1: Seems that you've assigned a password for mysql.
<Neo1> yes
<Neo1> I've soled it use sudo mysql -u root -p
<m15k> try mysql -u root -p
<Neo1> yes, thanks
<Neo1> I'd installed LAMP a few minutes ago, What shall I do now? How I can create databases?
<Neo1> m15k: ?
<m15k> Neo1: It's a little bit unclear what you want to achive...
<Neo1> this is my real site http://american-chat.ru , I want create database and a few subdomains such as test.american-chat.ru, test1.americanchat.ru and whatnot...
<Neo1> m15k: I want doing chat on node.js and install there wordpress
<m15k> And what's your problem?
<Neo1> m15k: see at first I think about databases
<Neo1> m15k: I don't know how it create, what do you use for it? I am thinking about phpmyadmin?
<m15k> If you want to install wordpress that worpress should take care about creating the databse
<m15k> If you want to do it manullay you could use phpmyadmin or even mysql command
<Neo1> m15k: yes, exactly, therefor I need create a few databases, before I used ISPManager and there all was
<Neo1> m15k: I want to do it in easier way, probably not manual?
<Neo1> m15k: yes I misunderstood, and how you do it?
<m15k> Easier is just a perspective. For me it's easier to just use command line instead of installing a webapp
<m15k> that way: https://dev.mysql.com/doc/refman/5.7/en/creating-database.html
<Neo1> m15k: phpmyadmin is necessary app unless you don't use LAMP?
<Neo1> m15k: and in phpmyadmin shall I create users not root too?
<Neo1> we don't use root for server and probably we don't use root for MySQL
<m15k> Hopefully ^^
<m15k> "phpmyadmin is necessary app unless you don't use LAMP?" The sentence does not make sense for me.
<Neo1> well, 3 commands and you can create dB in console...., but nevertheless phpmyadmin is much better, more opportunities
<m15k> phpmyadmin is just a frontend for mysql. You can use and/or create user as you like.
<Neo1> m15k: why? unless means if not
<Neo1> m15k: phpmyadmin is necessary app if not you don't use (without) LAMP
<m15k> LAMP is just a tech stack: LinuxApacheMysqlPhp
<m15k> And phpmyadmin is a frontend for Mysql based on Php
<m15k> So phpmyadmin is never necessary at all.
<Neo1> yes and I think we should always install phpmyadmin if we use mysql, yes?
<m15k> I don't agree. But that's not the question rightÃ
<Neo1> ok
<Neo1> m15k: well it's personal preferences rather )
<m15k> On that I can agree :)
<Neo1> I'm going to do this 3 things namely: install phpmyadmin, create a few virtual hosts and setup free tsl/ssl certificut,
<Neo1> Then install node.js.
<Neo1> Afterwards make conclusions, write short plan how to do and reinstall everything again follow plans again correct plan and again a few times reinstall everything....
<Neo1> Seems this way give me skill of customize server over SSH
<Neo1> and at the end write shell script that will automatically to do all of this routine work....
<Neo1> I've got this error:
<Neo1> Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
<tomreyn> then do as it says
<[Kid]> anyone use corosync and/or pacemaker with CLVM for clustered storage?
<[Kid]> got a question mainly about corosync and pacemaker
<Doow> Hi, I'm running backups with duplicity as the user backup. One of the things I'm backing up is gitolite folders, to do this properly I need to run the gitolite writable command as the gitolite user. The gitolite user doesn't have a login shell. What's the best way to do this?
<Doow> Right now I'm running the duplicity scripts from a python script, but I could change that if needed.
#ubuntu-server 2018-11-26
<lordievader> Good morning
<victorh> hi guys. is anyone experienced with running ubuntu server on a pci-express solid state drive?
<oskie> is it safe to install a new Ubuntu server (bionic) on a public IP, unfirewalled?
<TJ-> oskie: lotuspsychje just copied your question to me since I only just arrived. Generally the answer is 'yes' but it can depend on what packages were selected at install time.
<TJ-> oskie: E.g. there is usually a package delta between the ISO and the archive now (as bug-fixes, etc. are published) which /theoretically/ may fix vulnerabilities that could be publicly exploitable, but if you follow the usual sys-admin procedure which would be to apply default firewall rules on first boot the time-window for such an attempt would be only a minute or so /and/ an attacker would have to
<TJ-> know in advance of the IP address, the exact version being installed, its vulnerability, and be able to launch the attack in a very narrow time window measured in seconds
<ahasenack> good morning
<victorh> morning
<victorh> oskie: the default settings for the iptables is that none of the ports are open except for standard services as ssh. but for that matter the root account is also disabled.
<victorh> so you should be fine, but it is not recommended
<victorh> of course it is best so set up everything exactly how you'd like it before hooking it up to the bad and evil interwebs
<victorh> for the newcomers: is anyone experienced with running ubuntu server on a pci-express solid state drive?
<lotuspsychje> victorh: do you have one, or think to buy one
<vlt> victorh: There are default iptables settings on Ubuntu server?
<blackflow> there aren't
<blackflow> there's uwf present iirc, but the iptables chains are of default policy ACCEPT with no rules
<blackflow> *ufw
<victorh> lotus: i have one. somehow its not working well with the pci-express active state power management
<lotuspsychje> victorh: can you provide us a link of your ssd, volunteers might have ideas
<oskie> TJ-, victorh thanks
<TJ-> victorh: there are quite a few bugs arouund ASPM, there is an option to disable it in-kernel
<oskie> I'm installing bionic from the live server ISO. Does it require an internet connection
<oskie> ? I can't seem to continue from network config because it times out.
<victorh> tj-: how you can check if it's disabled. I also tried to set it to performance, but in /sys/module/pcie_aspm/parameters/policy it still says default
<TJ-> there's a boot-time kernel command-line option "pcie_aspm=off"
<TJ-> victorh: you could use that as a diagnostic aid to prove if ASPM is definitely the cause
<victorh> TJ-: yes, and it's set in the grub right?
<TJ-> victorh: yes, you can set it manually at boot-time by tapping Esc key to get to GRUB boot menu and editing the boot entry's command-line, or set it permanently via /etc/default/grub GRUB_CMDLINE_LINUX=
<victorh> TJ-: i've set it in the cmdline_linux_default
<TJ-> victorh: and do "sudo update-grub" of course!
<victorh> now it's "pcie_aspm=performance"
<victorh> haha yes of course. easy to forget though
<TJ-> I don't see "performance" as an option, only "off" or "force"
<victorh> $ cat /sys/module/pcie_aspm/parameters/policy => [default] performance powersave
<TJ-> victorh: see https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
<victorh> TJ-: Thanks
<victorh> i'll hook up again when I have more info
<victorh> *afk going for lunch
<tobias-urdin> coreycb: are canonical publishing stein packages? it's hard working with centos packages based on master and ubuntu rocky packages
<tobias-urdin> also do you know if there is any effort on debian based packaging for moving out placement?
<victorh> tobias: no idea, sorry
<coreycb> tobias-urdin: yes but i don't think it's been tested much. you'll have to do this to enable for now: https://paste.ubuntu.com/p/ZnGZq2HVBt/
<coreycb> tobias-urdin: note that we've dropped py2 packages for stein
<coreycb> tobias-urdin: and yes, we're aware of placement but haven't created the package yet. hopefully will get that done soon.
<tobias-urdin> coreycb: ok thanks, we are working on py3 for the puppet projects where RDO is also working on porting the packages to py3
<tobias-urdin> there is effort to move placement out of nova as well, that why i asked, since it's hard to perform unless both has moved out to separate packages
<coreycb> tobias-urdin: ok yes. i'll make placement a priority for this week.
<coreycb> tobias-urdin: yay py3 :)
<tobias-urdin> thank you coreycb!
<faekjarz> Hi! Is there any boot option, or installer option, command line switch, that causes the alternate server installer (18.04.1 / LTS) to not setup any SWAP?
<Slashman> hello, where can I ask about the ubuntu certification for Dell servers?
<Slashman> previously I saw that the Dell R6415 was certified with ubuntu and now it seems it's not anymore
<sdeziel> faekjarz: there should be a swap *file* in the root, no?
<Slashman> in fact this server is completely gone from the ubuntu website https://certification.ubuntu.com/server/models/?query=R6415
<sdeziel> faekjarz: what do you get from "swapon -s"?
<faekjarz> sdeziel: in this case it's not relevant whether it's a file or a partition. The installer sets up swap, and i want to tell it not to do it. (i know, i can disable it later, but that's not the problem i intend to solve right now.)
<sdeziel> faekjarz: oh OK, that's not what I understood, sorry
<faekjarz> no worries
<faekjarz> i could use btrfs; afaik, there's no swap allowed on btrfs â¦and the installer would comply
<faekjarz> i stand corrected, just tested it and the alternate server installer creates a swap file on a btrfs m)
<lordcirth> Can someone familiar with netplan tell me why this seemingly simple config doesn't work?  It works without the bridge, but the moment I add the bridge, it stops working.  Regardless of whether I put the address on the vlan or bridge.  Thanks!
<lordcirth> http://paste.ubuntu.com/p/hT3f7BGpCs/
<compdoc> are the bridges used for kvm?
<compdoc> oh, vlans
<lordcirth> For lxc, similar
<lordcirth> We have 16.04 IaaS systems that have a 10Gb/s link with various dotted interfaces, each with a matching bridge, which lxc containers get attached to.  Works great. Trying to move to 18.04/netplan and it all breaks
<lordcirth> Also we don't normally need an address on the lxc interface, but this machine does.
<compdoc> I had problems too, but found that everything worked if I used netplan for the interfaces, then added the bridges in /etc/network/interfaces
<compdoc> in 18.04
<lordcirth> Well that's a bit odd
<cyphermox> lordcirth: try something like this: https://paste.ubuntu.com/p/4WJZQ8DTCp/
<cyphermox> if you define the physical interface by mac address it helps networkd do the right thing
<lordcirth> cyphermox, ah, ok, I was about to ask what the key difference was.  I will try, thanks
<cyphermox> the key diff is really the fact that there's a "match: macaddress: " for the physical device
<lordcirth> cyphermox, should I use a custom name instead of enp0s8?
<lordcirth> Does it matter?
<cyphermox> nope
<cyphermox> use whatever you want
<cyphermox> in there I was testing more things
<cyphermox> this is a config I have in production, but I do use that server to test some of the hairier configs
<lordcirth> does rebooting without running 'netplan apply' apply things, or do you have to run it first?
<cyphermox> rebooting always applies whatever is in the file
<cyphermox> 'netplan apply' is just for if you want the changes to take effect immediately
<xnox> jamespage, openstack-dashboard & ceph => are they switching to python3 by default and/or what is that blocked on?
<xnox> i've tried looking into it, but failed to establish the missing parts.
<lordcirth> cyphermox, so, I switched to matching on mac, and now it gets stuck on boot trying to bring the network up for ages, then it boots and works.  I'm confused
<cyphermox> lordcirth: maybe run 'systemd-analyze blame' to see what is taking up time
<lordcirth> cyphermox, 2min 66ms systemd-networkd-wait-online.service
<lordcirth> syslog: systemd-networkd[465]: enp0s8: Link is not managed by us
<lordcirth> That's odd
<lordcirth> Does netplan rendering to networkd not count as managed by networkd?
<cyphermox> probably a red herring unless you do DHCPv6
<lordcirth> Ok.  Not sure how to track down the error
<lordcirth> cyphermox, hmm, networkctl status -a shows br10 as "nocarrier: configuring" and the vlan tagged iface doesn't exist
<lordcirth> enp0s8 is 'off'
<cyphermox> that certainly won't help
<cyphermox> you'll want to check your config, but also if the device is correctly connected, etc.
<cyphermox> not much else I can help with; this depends a lot on your hardware and networkd
<cyphermox> *network
<lordcirth> It's in virtualbox, actually.  The virtual network is quite standard and functional
<teward> does anyone know what the default I/O scheduler settings are for Ubuntu?
<teward> Ubuntu Server*?
<teward> I accidentally posted this in the wrong channel sorry for the crosspost
<sdeziel> teward: grep CONFIG_DEFAULT_IOSCHED /boot/config-$(uname -r), says cfq here
<sdeziel> teward: you might want to check /sys/block/$DEV/queue/scheduler as some dev type use a different scheduler (virtio == none)
<teward> sdeziel: ack, #ubuntu-devel gave me some of the info too heh
<teward> thanks
<sdeziel> np
<jamespage> xnox: tbh I think I'm just going to drop the py2 support from ceph and switch over to py3 wholesale
<jamespage> xnox: coreycb is workingon the dashboard + plugins but it needs a new package to complete
<coreycb> yep working on that right now (django-debreach for horizon)
<xnox> jamespage, what about cloud-archive? are backports into that going to use py2 or py3?
<xnox> coreycb, ooooh, nice.
<jamespage> xnox: py3
<xnox> ok
<lordcirth> cyphermox, I'm trying netplan 0.40 from ubuntu-proposed, in case it's related to the bug...
<lordcirth> Doesn't seem to have helped
<lordcirth> cyphermox, so brctl show says the bridge has no interface.  adding 'vlan10' works perfectly and ping starts working.  Any idea why netplan refuses to connect br10 to vlan10?
<cyphermox> lordcirth: not without looking at the full config
<lordcirth> cyphermox, what files do you need?
<cyphermox> anything in /etc/netplan
<lordcirth> cyphermox, 10-tagged.yaml: http://paste.ubuntu.com/p/XZyrc4cPdf/
<lordcirth> 01-netcfg.yaml: http://paste.ubuntu.com/p/pw3j3pbnPz/
<lordcirth> That's all
<lordcirth> I've also tried with and without /etc/systemd/network/50-netplan-brup.network: http://paste.ubuntu.com/p/fVNXdgB954/
<cyphermox> lordcirth: I guess missing dhcp4: no  dhcp6: no  accept-ra: no for vlan10
<lordcirth> cyphermox, no change
<cyphermox> ok, then let's look at the files in /run/systemd/network
<TheBloke> Hi all. I have an Ubuntu Server system with two 3TB disks. Currently only one disk is in use.  Is it possible to convert this to an LLVM array, without losing data?  The active disk has three partitions (8GB swap, 40 GB for OS, then the remainder for data.)  The second disk is blank (or will be).   Is it possible to activate the second disk as part of a RAID-0 stripe or RAID-1 mirror with the active disk, while preserving the existing
<TheBloke>  partitions and data on disk1?
<cyphermox> lordcirth: can you send the files to me (cyphermox at ubuntu.com)
<lordcirth> cyphermox, does this work? http://paste.ubuntu.com/p/jmHCKwC4xM/
<lordcirth> They are fairly short
<cyphermox> yeah that works
<lordcirth> 'tail -n 100 *' is handy, it puts those headers in automatically
<lordcirth> An interesting thing is that if I add the interface to br10 manually, it brings it up automatically, like something was blocking on it
<cyphermox> I see nothing wrong with the config
<cyphermox> didn't you say earlier than enp0s8 was down initially?
<cyphermox> here, assuming you have access to the console and not just remotely, I'd reboot and check what networkd says its state is, whether it is degraded or what, and then the output of 'ip link'
<cyphermox> lordcirth: maybe file a bug in Launchpad
<lordcirth> Yeah it's a VM on my workstation
<lordcirth> networkctl status -a : http://paste.ubuntu.com/p/k37RzBfrRV/
<lordcirth> ip link : http://paste.ubuntu.com/p/GwvMtGCC5y/
<lordcirth> Anything else?
<lordcirth> I'm not even sure where the problem lies, to report it properly
<TJ-> lordcirth: I can't compare this locally at present, but in the status output for vlan10 it reports "/run/systemd/network/10-netplan-enp0s8.network" ... I'm wondering if that should be "10-netplan-vlan10.network"
<TJ-> lordcirth: what does it show when the interface is up correctly?
<blackflow> TJ-: unit filename is not directly related to NIC name (it only matters when overriding through the hierarchy of systemd dirs)
<TJ-> blackflow: right, but there is a glitch there so it could be a clue.
<blackflow> hrm, possibly yes
#ubuntu-server 2018-11-27
<lordievader> Good morning
<oskie> I'm setting up KVM in bionic, and I am not sure why I'd need bridge-utils. It depends on ifupdown which kind of conflicts with netplan
<lordievader> If you want libvirt to setup bridged networking bridge-utils is needed.
<lordievader> In the traditional sense, you want bridged networking.
<xnox> oskie, you don't need bridge-utils, iproute2 can do everything.
<xnox> lordievader, that's obsolete....
<Greyztar_> how do i get ipset from fail2ban and iptables-persistent/netfilter-persistent to get along,been battling this for a long time and think ive found the culprit,it seems iptables/netfilter-persistent tries to load the rules but fail2ban or ipset havent create it yet and end up with seems like a default set
<Greyztar_> on reboot*
<lordievader> Really? Guess I'm old fashioned. I should look into that.
<lordievader> Thanks xnox ð
<xnox> lordievader, please familiarize yourself with the new world order of https://baturin.org/docs/iproute2/ ;-)
<xnox> https://baturin.org/docs/iproute2/#Create%20a%20bridge%20interface and so on
<xnox> specifically
<xnox> iproute2 is really a one-stop-shop these days, for everything.
<lordievader> I know. I have been using it for a lot. Just wasn't aware it also did bridge stuff.
<blackflow> Greyztar_: fail2ban is not persistent across reboot by default. You'll need to write a custom action handler that adds to the ipset AND to a file that will be used by ipset on boot.
<blackflow> and then use the ipset in your iptables rules (loaded by netfilter-persistent)
<Greyztar_> blackflow: thank you very much! I temporary unscuffed it by not using ipset as action for jail,then it works fine though,i saw same behaviour on other server with ipset sets not loading then netfilter-persistent would notload rules at all,im so happy finally figured this out ,really annoying when all rules gets purged
<blackflow> Greyztar_: netfilter-persistent does nothing but exec /etc/iptables/rules.{v4,v6} on boot. so you need to write out rules that use the ipset  (-m set --match-set ...)
<Greyztar_> blackflow: thank you,time to get stuff workin again!
<victorh> Greyztar_: wouldn't the rule become permanent then or will it still delete the rule after the jail-time has passed
<Greyztar_> victorh: sorry i was out having lunch,this i didnt think of thanks for pointing that out,for now im just happy that it doesnt flush iptables though but i will look into this
<victorh> Greyztar_: Will be though I think, since fail2ban doesn't load old bans (far as i know)
<Greyztar_> victorh: yes seems like i would have to come up with a new solution for this,really didnt think that fail2ban was the reason iptables got scuffed,have had these problem a really long time and only solution i came up with was to manually load the rules upon reboot,this did work somewhat ok as i almost never reboots with live patches,but this is computers should be auto everything (,")
<oskie> what kind of device is "vlan5@bond0"? is it a bridge?
<victorh> Greyztar_: did you check out these guys? http://denyhosts.sourceforge.net/
<Greyztar_> victorh: hmm might look at that also,though i have some custom filters to fail2ban for some spesific apps with api logins i kind of need but ill check it out thanks
<ahasenack> rbasak: hi, could you please import lmdb and add it to the whitelist?
<ahasenack> it's a new dep debian added to ldb, we might have to mir it even
<ahasenack> cpaelzer: dep3 question, author is optional, origin is only optional if author is present, so we need either one or the other, right?
<ahasenack> Applied-Upstream doesn't replace either
<muhaha> Ola Guys. Can anyone help me with Kickstart+CloudInit ? I want to provision Ubuntu like -kernel http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hd-media/vmlinuz -initrd http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/hd-media/initrd.gz, but I am lost how to use cloud-init in this c
<muhaha> ase
<compdoc> who you calling an ase?!!
<cpaelzer> ahasenack: yes
<ahasenack> thx
<microwaved_> hi all, just a quick question i've been struggling with the temporary failure in resolving security.ubuntu.com
<cpaelzer> author+!origin - means coded for the package
<cpaelzer> author+origin usually means modified from origin
<cpaelzer> and just origin is a clear backport
<cpaelzer> ahasenack: ^^
<cpaelzer> that ok for you ?
<microwaved_> i can't even ping google.com, i can ping ip addresses. i've tried multiple solutions but it doesn't work as i'm not able to call on apt-get update
<ahasenack> cpaelzer: yep
<compdoc> dns has to be working to use apt
<microwaved_> i know but i edited resolv.conf to add nameserver 8.8.8.8 and 8.8.4.4
<microwaved_> doesnt work
<microwaved_> its an ffin new install, and its annoying me how can an iso from ubunto.com be this broken
<nacc> microwaved_: query them directly (use dig)
<nacc> microwaved_: if that works, then try to fix your system DNS configuration. If that doesn't work, it's something else. ping isn't a useful test.
<microwaved_> well ping 8.8.8.8 is succesfull
<microwaved_> but its about dns so ping isn't usefull on that level
<microwaved_> i just wanted to confirm that i have inet connection
<microwaved_> ok hold on i'll do a dig
<microwaved_> nacc: what checks do i need to have my dns configuration properly conf'd
<microwaved_> i have the idea since netplan got introduced it messed with the dns thingy
<microwaved_> but anyway my bright new install returns: Temporary failure resolving 'security.ubuntu.com'
<microwaved_> and its on 18.04.1 lts alternative install which is basically the old install but both the new iso's do it
<compdoc> netplan works here
<cyphermox> if you edit resolv.conf then yes, you might confuse things
<cyphermox> however, 'dig google.com' should work
<cyphermox> (or nslookup)
<microwaved_> dig didn't work
<cyphermox> that's to at least check that you can really reach the nameservers and they respond to you
<cyphermox> but ping worked?
<microwaved_> yes sir
<cyphermox> that smells like firewall
<cyphermox> microwaved_: could you pastebin the entire result from dig?
<microwaved_> i checked and its completely open
<microwaved_> ehm sure
<microwaved_> hold on
<microwaved_> it only returns one sentence
<microwaved_> cyphermox: it only returns: connection timed out: no servers could be reached
<cyphermox> right, so it doesn't reach it at all
<microwaved_> but ping 8.8.8.8 returns , success
<cyphermox> sure
<cyphermox> that doesn't mean the firewall really lets you DNS to it
<cyphermox> I don't know that there really is anything else
<cyphermox> just to be sure, you could try "dig google.com @8.8.8.8
<microwaved_> ofcourse sir, hold on
<cyphermox> you should see something like this: https://paste.ubuntu.com/p/jrDzQrc7Bc/
<cyphermox> if it still times out, the best I can say is it's a firewall issue, since you can ping the routing would be ok
<microwaved_> exactly but ill have a look again, thnx for your effort to check
<cyphermox> if you're seeing the same output as I just pasted, then it's your configuration on the machine
<cyphermox> on >=18.04 we use systemd-resolved; which handles /etc/resolv.conf; so you shouldn't modify it -- all you'll see in the file is "nameserver 127.0.0.53"
<cyphermox> then to debug this stuff you can run 'systemd-resolve --status' to see all the configs for each interface
<cyphermox> (you'd see 8.8.8.8 under there for example, or the DNS server from your ISP)
<microwaved_> yeah i see that
<microwaved_> i think i'm gonna reinstall again, i just typed in the a command and i got a kernel panic
<rbasak> ahasenack: lmdb imported and added to future whitelist
<ahasenack> rbasak: thanks!
<microwaved_> cyphermox: i just checked main firewall and firewall isn't an issue, i'm gonna reinstall image again and try then, thanks for your effort, check above
<ahasenack> rbasak: just confirmed, in bionic, with squid3, I can redefine the "squid" log format
<ahasenack> logformat  squid      %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
<ahasenack> access_log daemon:/var/log/squid/access.log squid
<ahasenack> leads to
<ahasenack> 27/Nov/2018:14:52:32 +0000     15 10.0.100.20 TCP_MISS/304 263 GET http://br.archive.ubuntu.com/ubuntu/dists/bionic-security/InRelease - HIER_DIRECT/200.236.31.4 -
<ahasenack> rbasak: I just filed https://bugs.squid-cache.org/show_bug.cgi?id=4905
<cyphermox> microwaved_: tbh I have no idea what else it could be..
<lordcirth> TJ-, good morning XD.  So, fresh reboot, vlan10: "Network File: /run/systemd/network/10-netplan-enp0s8.network".  Ran "brctl addif br10 vlan10": still the same
<microwaved_> cyphermox: i just ran a reinstall again, and now it works, i don't even know whats different i even deleted the disk
<rbasak> ahasenack: +1
<grendal_prime> anyone familar with inotify?
<grendal_prime> I have a sed script i need to run on my /var/www/html folder every time a file changes.
<grendal_prime> I just want to run this script on the files that change, not the entire dir.
<grendal_prime> So far inotify seems to be the tool (from what i have read) and i have used it in the past (very distant) but i cant remember how i scripted it.
<vlt> grendal_prime: inotifywait is what I use.
<grendal_prime> ya that sounds familar.
<grendal_prime> Im looking at incrontab right now
<grendal_prime> it seems like i had to do something to kick that off though.
<grendal_prime> like i had to make a startup script.  I want to avoid that sort of thing.  My biggest issue is figureing out how to call the name of the file that has changed so i can feed that into the sed command.
<grendal_prime> getting close, im just getting werid...return on the file.
<grendal_prime> name that is
<teward> +1 to the subiquity installer for letting me change the names of the LVM and resize it from the editing panel heh.  Just discovered this in 18.04.1 / 18.10 heh
<grendal_prime> grrr...its not exectuting the sed command correctly
<grendal_prime> im wondering if i need to encapsulate it quotes or something
<grendal_prime> very frustrating
<grendal_prime> syslog sys incron is executing the command but it is not performing the changes, if i run the exact same sed command manually it works
<teward> has anything changed in update-grub that'd prevent `elevator=noop` from being applied in /etc/default/grub to the Grub system when I do `sudo update-grub`?  Because it's not working when I update `/etc/default/grub` and then do `sudo update-grub`
<teward> 18.04.1
<Greyztar_> so i did a test and edited netfilter-persistent service to be Type=idle instead of oneshot and now iptables has all rules and set for fail2ban even,so i think this was a matter of execution order and that netfilter-persistent was started before fail2ban had created ipset table so netfilter-persistent wouldnt find it and thus error and restoring default rule set
<computa_mike> If I create a user SSH key, and add my key to the authorized_keys file then I understand that if I connect using that key I'm that user....  So I can connect using (for example ssh octopustestadmin@xxx.xxx.xxx.xxx) and a whois reveals that I am octopustestadmin - which works out because that's the name of the user on the server.  I've also got a Jenkins process that connects - and if i get the script to issue a
<computa_mike> whoami it reports that it is the user jenkins.  Which doesn't work because I'm using the same octopustestadmin@xxx.xxx.xxx.xxx.   Not sure I understand what's going on here.
<computa_mike> hold up - irl colleague might have an idea ... possibly picnic issue
<sdeziel> teward: could you elaborate on the "not working"? As in not showing in /boot/grub/grub.cfg, or in /proc/cmdline or being ignored by the kernel altogether?
<teward> sdeziel: as in if I edit it in the grub defaults line of GRUB_CMDLINE_LINUX_DEFAULT so that it says GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity elevator=noop" in 18.04.1 server, it does maybe-ubiquity but ignores elevator=noop to set the I/O scheduler
<teward> doesn't show that up at all in grub.cfg after an update-grub'
<teward> it *does* if I set it in GRUB_CMDLINE_LINUX but ignore it if it's put after maybe-ubiquity in the GRUB_CMDLINE_LINUX_DEFAULT line
<teward> or if i manually apply it in grub.cfg
<teward> sounds like "odd behavior" since I shouldn't have to update anything but GRUB_CMDLINE_LINUX_DEFAULT no?
<TJ-> teward: have you done "grep elavator /boot/grub/grub.cfg" to see where it is being applied, if at all?
<teward> yes I have, and it's not being applied at all
<sdeziel> teward: yeah, I normally only edit the _DEFAULT version
<teward> sdeziel: then this sounds like regressive behavior
<teward> because I only edit DEFAULT typically too
<teward> sdeziel: I have *zero* idea where this behavior change got introduced though
<sdeziel> teward: maybe you have something in /etc/default/grub.d/* that overwrites the GRUB_CMDLINE_LINUX_DEFAULT var?
<teward> sdeziel: on a base 18.04 installation I just did?
<teward> fresh?
<teward> i'd doubt it but i'll check
<teward> ahhh there it is
<teward> sdeziel: it's because curtin is a PITA
<sdeziel> teward: I remember of a bug for this
<teward> sdeziel: well it's present in 18.04.1
<powersj> ah yes something we are trying to get fixed
<grendal_prime> grrrr
<teward> sdeziel: I assume if I make 99localized.cfg in /etc/default/grub.d then that'd be executed last and processed properly?
<teward> (so a localized override settings)
<sdeziel> https://bugs.launchpad.net/curtin/+bug/1527664
<ubottu> Launchpad bug 1527664 in curtin "/etc/default/grub.d/50-curtin-settings.cfg overwrites GRUB_CMDLINE_LINUX_DEFAULT" [Low,Triaged]
<sdeziel> teward: I haven't look at the update-grub script in a while but I'd expect is use run-parts, so probably yes :)
<sdeziel> err, probably not run-parts for that part but more like alpha sorted dir listing+include...
<teward> there THAT worked >.>
<teward> sdeziel: powersj: TBH I think upstream should be prodded if possible to expedite the fix?
<teward> because this is a PITA when you try and change the IO scheduler for VMware VM performance increases >.>
<sdeziel> TBH, I really dislike how /etc/default/grub.d is handled. Every time the grub package is updated, it wants to fold everything right back into /etc/default/grub, which is precisely not what I want since I used the .d dir...
<teward> heh
<lordcirth> I want to disable netplan *but* use systemd-networkd, not ifupdown or /etc/network/interfaces.  What's the correct way to toggle this?
<cyphermox> lordcirth: just remove any file in /etc/netplan
<lordcirth> cyphermox, great, thanks
<teward> cyphermox: am i correct that netplan config files are read in order, such that 50-cloud-init.yaml would be overwritten by 55-blah.yaml if they touched on the same interfaces?
<cyphermox> yes, sounds about right
<teward> 'tis what i assumed but was never certain, thanks for confirming cyphermox
<teward> powersj: wow, I really had 3 nginx uploads to the development release since the last dev summary went out?  o.O
<teward> shows you how frequently I pay attention to the number of dputs I issue :|
<powersj> heh :)
<teward> oh that reminds me 1.15.7 was pushed by me today, just released today as well
<teward> mostly bugfixes ;)
<teward> powersj: i haven't kept super on top of the triage, but let me know if we start seeing TLS1.3 bugs against nginx
<teward> that's the biggest concern on my radar as of currently
<teward> sec team (sarnold) is probably alos keeping an eye out
<teward> (it's not LTS though, but it's still something to keep in mind since we now enable TLS1.3 since Cosmic post-release by default for nginx)
<DammitJim> do you guys know why there isn't a tomcat 8.5 or 9 in the Ubuntu repositories?
<DammitJim> for Ubuntu 18.04
<DammitJim> I only see tomcat8 but that's end of life
<sdeziel> DammitJim: upstream EOL doesn't mean it's EOL in Ubuntu
<DammitJim> what does it mean?
<sdeziel> DammitJim: for packages in main, Ubuntu/Canonical will backport security fixes for as long as the distro is supported
<DammitJim> oh, but it has to be from main?
<DammitJim> how do I know if I'm using packages from main?
<sdeziel> DammitJim: https://packages.ubuntu.com/bionic-updates/tomcat8 says it's in universe (not main)
<sdeziel> DammitJim: meaning it's supported by the community
<DammitJim> oh ok, so either way, I'm not supported by Canonical, right?
<sdeziel> DammitJim: not officially, no
<DammitJim> ok, thanks
<sdeziel> DammitJim: but it looks like someone wants to have tomcat8 supported as they ensured to have some updates land in bionic-security in the past
<DammitJim> ok, thanks for the info
<DammitJim> I'll have to have an internal discussion, then
<sdeziel> np
#ubuntu-server 2018-11-28
<Delvien> Ubuntu server 18.04 - when I lose internet connection it never comes back up. I have to reboot the server.
<Delvien> tried restarting /etc/init.d/networking, nothing
<Delvien> its not running nmcli, or network-manager
<Delvien> netplan apply does nothing.
<sarnold> don't do /etc/init.d/networking restart -- on 18.04 it'll probably be a harmless no-op, but on previous systems it could wedge the system bad enough that your only solution is to reboot it
<sarnold> you'll have to figure out why you're losing networking. find that, then you can probably start on a solution.
<Delvien> sarnold: i lost internet connection because i was working on my firewall, however internet access should come right back up automatically, and its not
<sarnold> Delvien: how were you testing that you didn't have internet access?
<Delvien> ping, curl to a url
<Delvien> i had LAN, but no WAN
<Delvien> guess i should of been more specific
<sarnold> were you pinging IPs or DNS names?
<sarnold> what does 'ip route get' show for IPs off your network?
<Delvien> 10.10.10.1 dev ens160 src 10.10.10.12 uid 1000
<Delvien>     cache
<Delvien> from using 10.10.10.1
<Delvien> sarnold so is there anyway i can fix this? I cant have it no automatically connect back if WAN drops.
<Delvien> cant have it not*
<sarnold> Delvien: sorry, I expected more results and popped back to code review..
<teward> just a stupid question, but I did a clonezilla clone from a 256GB cruddy Samsung NVMe disk to a 512GB nice Samsung NVMe disk, but `efibootmgr` among others list UEFI as the original 256GB disk, is there a way to update the metadata for that EFI data via command line to reflect the newer disk?
<sarnold> Delvien: so that one bit you've got there shows me that you can route to a local address, but doesn't say anything about how you get to a remote address ..
<teward> asking here since I seek solely CLI options and I have a similar setup in a *new* server that's going to have the same problem once I finish the cloning of data over
<Delvien> sarnold: well im speaking to you from that same server, so
<teward> sarnold: would it helpt o have their entire `ip -4 route list` ?
<teward> which shows all system routes including their default.
<sarnold> teward: maaaaaybe. normally it's enough to ask for e.g. a route to 8.8.8.8 and make sure that the system uses the same route off the network as the admin expected :)
<teward> sarnold: well i have to assume some systems are stupid :P
<teward> because they never behave the way I expect them to :P
<teward> 'course that happened to me today when I touched the IO scheduler for a few VMs, but this is what backups are for :P
<teward> aaaaack more git vulns sarnold how come y'all didn't tell me >.<
<teward> (unrelated I bother sarnold too often :P)
<Delvien> thanks for your help, ill do some forum surfing
<sarnold> teward: heh, maybe we ought to machine up a plaque for you, "if git doesn't have a vulnerability then systemd does"  :)
<sarnold> heh
<teward> sarnold: Rule 9000 of the Internet: If a piece of software exists, there's a vulnerability in it.
<teward> :P
<teward> sarnold: i dropped in late was Delvien trying to do autofailover WAN?
<teward> 'cause... i have that working with some pretty hefty evil scripts :|
<sarnold> teward: no, he was trying to debug "why his machine didn't reconnect with the internet"
<teward> ah
<sarnold> but couldn't describe in what way he *wasn't* connected to the internet.
<teward> heh, indeed.
<sarnold> and didn't bother to answer my questions
<sarnold> so
<teward> heh
<teward> cyphermox: I noticed netplan.io doesn't have any IPv4 and IPv6 examples of the two in conjuction with each other on the same box, would that be a nice example to add under static addressing on the site perhaps?
<acu> I installed 18.04.1 Server as a virtual machine - and I see cloud init installed and also it seem there are a bunch of scripts - why do I need cloud init ? I run a small kvm server with around 15 virtual machines - so is mostly virt-manager virsh, so I am interested why cloud init launches by default, and what exactly it does ?
<bindi> yo, installed updates and restarted, sendmail is having some trouble now though
<bindi> Nov 28 08:17:14 meskhenet sm-mta[19739]: My unqualified host name (meskhenet) unknown; sleeping for retry
<bindi> https://paste.ubuntu.com/p/ZzXR65ytwN/ is the last bit causing issues maybe? running dnsmasq
<bindi> 127.0.0.1       localhost.bindibox.net localhost meskhenet
<bindi> this fixed it
<bindi> mind you i havent touched the hosts file in ages
<bindi> so some package started doing something differently, dnsmasq or sendmail :P
<bindi> although now if i use meskhenet locally I get both 192.168.1.1 and 127.0.0.1 as results, not ideal
<lordievader> Good morning
<lotuspsychje> welcome iron_houzi
<iron_houzi> Thanks!
<iron_houzi> I wanted an alternative to Alpine for a small VM, so I installed Bionic server on a 2GB hard drive. The system requirements state 1.5GB minimum. Now I cannot update due to insufficient space on the hard drive. Should it be possible to get updates with such a limited amount of space?
<lotuspsychje> iron_houzi: ask your issue here, but idle a bit as volunteers might not be all awake yet
<iron_houzi> ^^ - No worries
<lotuspsychje> iron_houzi: im not the server expert, but 2G sounds very low to do stuff properly
<lotuspsychje> even on a mini ubuntu install, updates would still take a few space right
<sarnold> did you start from a cloud image or a server image? I think I would have expected something smaller..
<sarnold> granted the smallest images I hear about in regular use are 10G..
<lotuspsychje> iron_houzi: ^
<wyseguy> ayeoo
<lotuspsychje> wyseguy: i think this channel might suit you better for tips & tricks on the ubuntu move
<wyseguy> got it
<lotuspsychje> wyseguy: re-ask here please
<wyseguy> so small business is running windows server 2016, they all use thin clients to rdp into the server. their current setup is offsite but they are going to be moving servers inhouse and are interested in linux if possible. Issue is they use quickbooks enterprise (they hate it and want to find something else) dazzle, ups worldship, shipgear, ms office and a few other programs...
<wyseguy> curious if its possible to switch over the linux, not sure how this will be done with some programs that I believe only run on windows
<wyseguy> last post here talks about worldship in 2015... https://www.linuxquestions.org/questions/linux-software-2/ups-worldship-419247/
<wyseguy> https://www.ups.com/lc/en/help-center/technology-support/worldship/system-requirements.page
<wyseguy> everything is on ESX, so we can spin up vm's as needed. Thinking maybe we have a "Shipping Room" vm that we put this program on and allow remote access to the program somehow on the linux desktops? ideas?
<avu> wyseguy: generally, at least some of those programs (like ms office) won't be available on Linux. There are different strategies to cope with this. You can switch to alternatives (like LibreOffice) or you can use VMs either on the users' machines or on a server like you already mentioned
<wyseguy> avu yes moving to libreoffice would be fine
<wyseguy> other issue i see if ups worldship wont work on linux either
<wyseguy> is*
<lotuspsychje> wyseguy: just for personal interest, can i ask why the move?
<wyseguy> lotuspsychje licensing costs mainly, issues with windows in general, employees causing issues, malware, something more stable
<lotuspsychje> nice mate
<wyseguy> but i feel this is going to be an uphill battle unless i can find alternative programs
<lotuspsychje> wyseguy: ubuntu has tons of alternative packages to play with
<wyseguy> well main ones are ups worldship, quickbooks and dazzle
<wyseguy> those are the ones holding me back
<wyseguy> i looked at odoo (to replace quickbooks) but seems like a money pit
<lotuspsychje> gnucash perhaps?
<lotuspsychje> dazzle is for dvr cams?
<wyseguy> they are pushing 20k different items that they sell, they required quickbooks enterprise for this
<wyseguy> dazzle if for USPS
<wyseguy> is*
<wyseguy> dazzle = endicia
<wyseguy> https://www.endicia.com/landing-pages/usps-shipping-software?referredby=wgpd&gclid=CjwKCAiAlvnfBRA1EiwAVOEgfId_6WPbEsM6YAyV1d2jTzvbRoAt4-g1XY9-XkUDH55OcEb3_xJXGBoCABIQAvD_BwE&gclsrc=aw.ds
<lotuspsychje> !info libbusiness-us-usps-webtools-perl
<ubottu> libbusiness-us-usps-webtools-perl (source: libbusiness-us-usps-webtools-perl): Perl module enabling use of USPS Web Tools services. In component universe, is optional. Version 1.11-2 (bionic), package size 13 kB, installed size 100 kB
<wyseguy> hm
<lotuspsychje> im just poking around a bit
<wyseguy> ill have to look into that
<wyseguy> ya
<wyseguy> or...
<wyseguy> maybe have a windows vm that can somehow open a app window on their linux desktop for just that app...
<lotuspsychje> thats possible too, or wine
<wyseguy> and the app would be running in windows on another vm, but would need to present the app on the linux desktop as just an app
<wyseguy> wine wont work
<wyseguy> database issues
<lotuspsychje> wyseguy: these days, there's a lot of available in the cloud too
<wyseguy> https://www.linuxquestions.org/questions/linux-software-2/ups-worldship-419247/
<lotuspsychje> wyseguy: so combine ubuntu server/clients with cloud based services and your good to go
<wyseguy> very true
<wyseguy> well...
<wyseguy> ups worldship is a big one
<wyseguy> they set packages on a scale and press enter, label is printed and next package is put on scale, tons and tons of packages daliy
<wyseguy> it ties directly to UPS
<lotuspsychje> wyseguy: perhaps you could contact canonical on that one, see if they have experiences with it?
<wyseguy> thats an idea
<lotuspsychje> !canonical
<ubottu> Canonical Ltd. is committed to the development, distribution and promotion of open source software products, and to providing tools and support to the open source community. It is the driving force behind the Ubuntu, Kubuntu, Xubuntu, and Edubuntu Operating Systems. Canonical's website is at http://www.canonical.com/
<lotuspsychje> asking is free right
<wyseguy> well it comes down to more of an issue with UPS i think
<wyseguy> i believe they require you to use their software
<wyseguy> is there a way to have an app run on a windows machine and be able to access just that app on a linux vm and "make it look like" its running on the linux desktop?
<lotuspsychje> wyseguy: do they have webbased/cloud services? perhaps investigate that too?
<iron_houzi> I wanted an alternative to Alpine for a small VM, so I installed Bionic server on a 2GB hard drive. The system requirements state 1.5GB minimum. Now I cannot update due to insufficient space on the hard drive. Should it be possible to get updates with such a limited amount of space?
<lotuspsychje> iron_houzi: answer the question sarnold asked you
<wyseguy> iron_houzi you should be able to expand the drive
<lotuspsychje> !ubuwin | wyseguy perhaps?
<ubottu> wyseguy perhaps?: Windows 10 has a feature called Windows Subsystem for Linux, which allows it to run Ubuntu (and other Linux distro) userspace programs without porting/recompliation. For discussion and support, see #ubuntu-on-windows or ##windows. For installation instructions, see https://msdn.microsoft.com/en-us/commandline/wsl/install_guide
<iron_houzi> Oh? I didn't catch that. Sorry
<wyseguy> lotuspsychje that sounds correct but backwards :p
<wyseguy> need it the other way around
<iron_houzi> I know how to "fix" the problem. I'm just checking if there are "Right Way (TM)"'s for keeping the system updated on a 2GB hard disk.
<wyseguy> i think ill test out play on linux and crossover
<wyseguy> https://www.codeweavers.com/compatibility/crossover/ups-worldship
<wyseguy> hm.. seems to answer that one
<avu> wyseguy: since I've seen the mention of libbusiness-us-usps-webtools-perl above: beware of relying on packages in universe. Ubuntu is very unreliable when it comes to providing critical (security) upgrades for such packages.
<wyseguy> got it
<wyseguy> thanks
<blackflow> iron_houzi: that really depends on what you're installing on it. for example, we do debootstrap based installations, 700M is the base minimum for the bootable server OS.
<blackflow> huh... incredible how many important server packages are in universe. just looking at those on our installations. zfs-initramfs, python-virtualenv, uwsgi, munin, netfilter-persistent, busybox, dehydrated (ACME client), dropbear (initramfs ssh to unlock LUKS root), .....
<blackflow> roundcube is completely neglected, that one I know, I install it from source.
<ahasenack> good morning
<cpaelzer_> kstenerud: I see dovecot is not only green
<cpaelzer> it also completed migration
<cpaelzer> https://launchpad.net/ubuntu/+source/dovecot/1:2.3.3-1ubuntu1
<cpaelzer> shows it as released
<cpaelzer> thanks
<cpaelzer> I'll mark nspr and dovecot green on the roadmpa board
<cpaelzer> if you have any other trackers please update them yourself
<kstenerud> ok
<avu> blackflow: yeah, it can be a bit daunting because you are essentially on your own when it comes to maintaining those packages, Canonical completely pushes the responsibility to the community. Tinc (a VPN package) has had unfixed CVEs since September for example. Canonical doesn't care.
<rbasak> avu: we can't boil the ocean. Use openvpn if that matters to you, that's in main.
<rbasak> avu: or, please contribute the fixes!
<avu> rbasak: I just switched back to Debian, somehow they do manage to provide security fixes for their complete archive
<rbasak> They have plenty of open CVEs too.
<rbasak> They're dependent on volunteers just as Ubuntu is for universe.
<avu> My experience when dealing with their security team has been completely different than what I experienced when dealing with Canonical when it comes to universe
<avu> Sure, they rely on volunteers for everything, they actually have processes set up for this where at least one team of those volunteers feels responsible for every security related issue
<avu> Canonical just dispatches into some ill defined cloud of volunteers and stops caring at that point when it comes to universe
<avu> the worst thing about this is, IMO, that they don't do a good job of communicating this. Universe should be disabled by default and when you install packages from it, there should be a warning. It should also be better documented how to curate a list of all packages you have installed from universe
<avu> But I guess the marketing folks wouldn't like that
<Ussat> whats this about ?
<Ussat> avu, how about taking some responsibility for researching the software you decide to use ?
<Ussat> but ya its alwats easier to blame others
<rbasak> avu: I think you're conflating Canonical with Ubuntu there.
<avu> Ussat: I do, that's why I tell people to beware when installing packages from universe, which started this discussion
<avu> rbasak: how?
<Ussat> free software has issues, news at 11
<Ussat> yawn
<avu> Ussat: so what's your point? That we shouldn't talk about these issues?
<rbasak> Canonical doesn't command the volunteers, and in fact has no say whatsoever over them. Debian doesn't have a company to command volunteers either.
<Ussat> No, but playing the blame game doesnt help anything does it
<Ussat> avu, my point is if you want something better do something about it
<avu> I already did, thanks
<Ussat> ya ok
<avu> rbasak: maybe I just missed it, is there some kind of community team that deals with security issues in universe?
<rbasak> I think you're missing my point.
<avu> from what I read and from the responses I've seen on launchpad, it all seemed very vague to me
<rbasak> Ubuntu has it's own governance, that isn't tied to Canonical.
<rbasak> (except at the top there's a person who wears two leadership hats)
<avu> Sure, that's fine, totally unrelated to my question though, I wasn't trying to say that thi has to be a team designated/created/curated by Canonical
<avu> I was just interested in the structures or processes that exist to deal with critical bugs in universe because to me it kind of seemed that there are basically none
<rbasak> It's down to individual volunteers to care about specific packages in universe.
<avu> Ah, so I was right, okay
<rbasak> A process like Debian's won't work in Ubuntu because Ubuntu doesn't have individual maintainers for packages in universe that are synced from Debian.
<Ussat> avu here is a thought, why dont you volunteer to pay somene so they can dedicate all their time to this, do you understand VOLUNTEER
<rbasak> However I think you should look at the actual results, rather than deflecting into comparisons of process
<avu> In Debian, there's not only the individual maintainers though, there's also the security team who feel responsible for security issues in *all* packages
<avu> Something like that could be created for Ubuntu as well, no?
<rbasak> I don't think that will work for Ubuntu.
<Ussat> avu you volunteering to do that ?
<avu> (And I'm not talking about Canonical paying someone to do that, I'm talking about a community effort)
<rbasak> There is a Launchpad team that I think was an attempt to do that, but it is inactive.
<rbasak> https://launchpad.net/~motu-swat
<rbasak> A community effort still needs volunteers :)
<frickler> jamespage: coreycb: could you consider adopting xmltooling into uca? we need a working version for keystone in bionic, and I don't think that 3.0 will be backported from cosmic. https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1776489
<ubottu> Launchpad bug 1776489 in xmltooling (Ubuntu) "libxmltooling7 depends on libcurl3, which has been replaced by libcurl4 in Bionic" [Undecided,Confirmed]
<Ussat> what avu is saying is OTHER poeple should volunteer their time do do this, I am content to sit here and complain
<rbasak> There are however some very well maintained packages in universe by volunteers. When enough people care about a package, that happens (and we're grateful to them)
<rbasak> We of course move the most popular packages into main.
<avu> Ussat: that's in no way what I said, that's just what you read into what I'm saying. All you are doing in fact is spew insults at me without even trying to contribute anything interesting to the discussion.
<rbasak> I wonder how much that really leaves in universe that is actually a problem for real world users.
<Ussat> avu, that is exactly what you are saying
<rbasak> I use ejabberd from universe for example, but keep it confined quite severely with apparmor.
<avu> rbasak: Ubuntu doesn't run anything like Debian's popcon, right?
<rbasak> Ubuntu does have a popcon, but it is not opt-in and so probably isn't that reflective of Ubuntu users.
<rbasak> Especially on server I suspect.
<rbasak> V
<rbasak> https://popcon.ubuntu.com/
<coreycb> frickler: can libapache2-mod-auth-mellon be used instead? that is in main and thus has security support for 5 years in bionic.
<coreycb> well, i guess longer than that based on recent news
<coreycb> not sure of those details though
<coreycb> frickler: fyi bug 1610286
<ubottu> bug 1610286 in libapache2-mod-auth-mellon (Ubuntu) "[MIR] libapache2-mod-auth-mellon, liblasso3" [Medium,Fix released] https://launchpad.net/bugs/1610286
<frickler> coreycb: that may be possible, but I don't know enough of the details. I'll forward that suggestion to the keystone folks. or maybe you can add that comment on https://bugs.launchpad.net/keystone/+bug/1802901 yourself?
<ubottu> Launchpad bug 1802901 in OpenStack Identity (keystone) "Federation functional job failing on Bionic" [Undecided,New]
<coreycb> frickler: sure i'll comment on the bug
<frickler> coreycb: cool, thx
<ahasenack> kstenerud: the samba-eexist ppa needs a newer build, but I will push a bileto ticket for you, so we will also get the dep8 test run done forus
<kstenerud> ahasenack: OK. Do I need to do anything from my end?
<ahasenack> kstenerud: no, just give me an ok to tag an upload, via a hash, if the tests are ok
<ahasenack> kstenerud: 4f81d752ad1daac7575255baba1721358d5fa52e I believe is the current head, right?
<ahasenack> cpaelzer: the "irc nicks" list in bileto, is it comma separated, space separated, or what? It doesn't say
 * ahasenack guesses space
<cpaelzer> ahasenack: space
<ahasenack> kstenerud: if you join #ubuntu-ci-eng, your nick will be pinged with status changes
<ahasenack> about this test run
<kstenerud> oh cool
<ahasenack> kstenerud: ok to sponsor tomcat8? https://code.launchpad.net/~kstenerud/ubuntu/+source/tomcat8/+git/tomcat8/+merge/359229
<ahasenack> hash 4d56628304b1c3a940067debbffa71faa7123324
<ahasenack> kstenerud?
<kstenerud> sec let me make absolutely sure
<ahasenack> k
<kstenerud> ahasenack: Yes please sponsor
<ahasenack> k
<kstenerud> thank you
<coreycb> jamespage: placement is in the new queue for disco. i'll seed that and get an MIR opened.
<talx> Hello guys,
<talx> got a little issue whtn trying to install ubuntu via pxe
<talx> it fails on the mirror archive selection
<talx> I've copied the extracted iso file to /var/www/html/ubuntu and I can reach it by using the browser
<talx> not sure what I'm doing wrong
<blackflow> avu: rbasak: problem is, at least some popular server packages should be in main. I mean, if Canonical wants to compete with RH (and judging by Mark's recent "attack" at RH's OpenStack back in May), then Canonical really should become a viable alternative to the enterprise grade support of RH. So far it isn't.
<cyphermox> blackflow: not sure I follow. A lot of popular server packages are in main
<setuid> blackflow: What do you base this opinion on? "Canonical really should become a viable alternative to the enterprise grade support of RH. So far it isn't."
<blackflow> cyphermox: and a lot aren't. and it's not obvious to users that, say, roundcube (the most popular webmail) is pulled once for each ubuntu release and never patched for security for the duration of that release.
<blackflow> setuid: from personal interaction with both.
<rbasak> blackflow: I'm forever dealing with weird customer requests including putting stuff nobody else cares about into main. When Canonical has a customer that wants it it generally happens. So appealing to the business end doesn't really work in an argument.
<cyphermox> blackflow: we can't make it more obvious than it currently is. supported things do show a supported: like in apt.
<rbasak> blackflow: businesses typically don't use roundcube.
<setuid> Everything you can install on server, doesn't belong in main, and thus, doesn't require or merit the same support as those packages found in Universe.
<cyphermox> blackflow: you'll always be able to pick an example of something that is in universe and "popular" given some arbitrary metric. What I'm saying is that when we see something is very popular we often pull them in to main
<cyphermox> blackflow: additionally, there is a process through which you can request for something to be put in main
<blackflow> rbasak: which is beside the point. the point here is that packages like roundcube shouldn't be in official repos to begin with. look at xenial's 1.2-beta-...... with a myriad of CVEs unpatched since Mar 2016
<setuid> It's also a matter of dependencies
<cyphermox> it requires review (I'm part of that review team), and you'll need buy-in from the server team in the case of server packages, but thre is a way to do it
<rbasak> blackflow: if you care, why haven't you patched it?
<cyphermox> available in some way in universe is also better than not available at all; we're derived from Debian after all
<blackflow> cyphermox: I disagree with that tho'. universe is obviously to some extent supported by canonical. I mean why would postgresql-server-dev-10 be in universe if it wasn't.
<talx> anyone ?
<Ussat> As someoine who has BOTH RH and Ubuntu in his enterprise, RH's "support" isnt all its cracked up to be
<blackflow> so the problem here is some packages get support, some don't and generally it's advised to be wary of "universe", is it not?
<cyphermox> blackflow: only "supported" in that it's in the archive, we only officially support what's in main.
<setuid> talx: What did the console logs show?
<cyphermox> blackflow: Ubuntu is not just Canonical, it's the entire community
<setuid> talx: alt-left-arrow, activate console, look at syslog
<talx> I'm in the middle of installation
<talx> you are talking about using alt + f3 ?
<Ussat> its smart to be wary of ALL OSS, no matter where its from
<blackflow> cyphermox: hence my opinion that it better not be in repos at all, if it's gonna be pulled once in 2016 and never touched again.
<cyphermox> blackflow: has it been updated in Debian since?
<rbasak> The problem is that the term "support" has always been overloaded.
<setuid> talx: No, I'm talking about activating the console, not jumping out of graphical install
<rbasak> In Debian, the entire archive is community support.
<rbasak> In RHEL, the entire archive is unavailable unless you already pay for support.
<Ussat> blindly installing in an enterprise is stupid, no matther where its from
<blackflow> cyphermox: it has been dropped in debian because of lack of maitainer support, for jessie, then reinstated in Debian and yes patched for recent CVEs
<cyphermox> rbasak: yeah: universe is community support -- if someone cares enough it will get updated/fixed/wahtever
<rbasak> In Ubuntu, you can buy support from Canonical, and in practice I see things in universe updated based on customer request.
<rbasak> However for the general public, main has a support commitment from Canonical and universe doesn't.
<cyphermox> rbasak: he has a good point for roundcube, it probably needs a bit of kicking
<rbasak> This has always been perfectly clear IMHO.
<talx> it says Warrning mirror does not support the specified release (xenial)
<cyphermox> blackflow: I think the point above all is that we're relatively few employees, can't be expected to care and see everything that happens to every of the 40k+ packages in the archive
<cyphermox> so yeah, some things may be dropped, not cared for for a while
<talx> setuid: it says Warrning mirror does not support the specified release (xenial)
<talx> its from /var/log/syslog
<rbasak> We have dropped and blacklisted things from universe in the past.
<rbasak> bitcoin comes to mind.
<cyphermox> I'm going to look at roundcube but it's likely been patched in ubuntu, or blocked in the same state because of the drop from Debian ?
<blackflow> cyphermox: that's understandable, and, again, in my opinion packages that aren't / can't be cared about (for whatever reason) should be kicked out
<teward> rbasak: we also had additional reason to blacklist Bitcoin
<cyphermox> rbasak: yeah, but we need a good reason to not provide something in the archive at all
<teward> because hardforks, constant dev, no revcompat, etc.
<cyphermox> bitcoin was blacklisted for a good reason :)
<teward> yes it was, I was partly involved :P
<rbasak> cyphermox: I agree that's the current status quo.
 * teward still subs to the bitcoin blacklist bugs heh
<rbasak> I personally sway towards removing things more readily though.
<cyphermox> rbasak: I don't think there needs to be any change
<blackflow> I mean I just came from a meeting with a client whose infra we have to support and who had hard time understanding that half of packages they use are basically unsupported.
<blackflow> (because "but it's in the repos!")
<setuid> blackflow: that's not quite valid... 'unsupported' does not mean the same thing as 'community supported'
<rbasak> FOr example the long tail of PHP reverse dependencies in universe - I feel that it causes far too much effort to maintain these over PHP transitions versus the very small (possibly zero, if they have users at all) user benefit.
<cyphermox> things come in from Debian, why would we decide not balcklist it because it's unmaintained, only to lose it completely and then forget to unblacklist it when it's fixed in Debian later.
<blackflow> setuid: for them, it's the same thing :)
<setuid> You mean 'Not included in UA Support from Canonical'?
<talx> setuid ?
<cyphermox> rbasak: I think in all these cases whether something is "popular" or "beneficial to the user" is very subjective.
<setuid> talx: Are you installing from a pxe/netboot image? an ISO? and is it correctly xenial?
<talx> I believe so
 * cyphermox goes to have a look at roundcube
<rbasak> cyphermox: I agree it's a tough call but that's not a reason to make a decision by inaction. Somebody has to make the call.
<talx> and yes I'm installing from pxe
<setuid> roundcube is pretty legacy, iirc, last release was 2012?
<blackflow> lolno
<blackflow> it's very much alive and supported upstream.
<hyperlumic> 1.3.8 was released on 26 Oct 2018.
<setuid> hrm, maybe I'm thikning of Squirrel
<blackflow> yah that's a bit on the ancient side.
<cyphermox> blackflow: clearly you're talking about roundcube in xenial
<rbasak> IMHO, webapps are a poor fit for the distribution model.
<blackflow> cyphermox: yeah
<rbasak> wordpress is another example
<cyphermox> rbasak: I'm not advocating decision by inaction. I'm saying things are broken doesn't mean they're completely useless
<setuid> Tools like roundcube have a mountain of deps, depending on plugins, php versions, php's own deps, etc.
<blackflow> not quie
<blackflow> *quite
<cyphermox> and there's a cost-benefit analysis to be made, given that you and I alone can't cover the entire archive
<rbasak> cyphermox: I think we agree then :)
<cyphermox> it's not much effort to remove something from the archive, but it *is* effort if you count that you remove it when it's going to be readded a few months later because the debian maintainer woke up.
<setuid> apt-rdepends on roundcube shows 650 deps.
<cyphermox> and in the meantime, we make such a package useless to those people who might be able to use it, despite whatever issues it might have
<blackflow> I run roundcube from upstream tarball. all I needed for it is regular PHP from Bionic
<setuid> 158 top-level dependencies
<blackflow> those 650 probably come from the full dep tree, including glibc and the core of the core :)
<cyphermox> ie. if you're installing roundcube internally for a company, behind a firewall, you don't necessarily care much about /some/ of the CVEs.
<blackflow> cyphermox: not true. recent ones had incoming mail XSS their way into stuff...
<talx> setuid: I've deleted everyting
<cyphermox> blackflow: I don't know nor use roundcube, it was an example.
<blackflow> problem is even if behind the firwall, it deals with data (email) coming from outside of the firewall and is this equally exposed as if it wasn' behind the firewall
<talx> setuid: which iso should I use for installing ubuntu 16.04 via pxe
<blackflow> *is thus
<talx> http://releases.ubuntu.com/16.04/
<cyphermox> talx: server
<hyperlumic> cyphermox: Assuming that the internal network is more trustworthy than external networks is a fallacy.
<cyphermox> hyperlumic: it was an example, without knowing what the CVEs were about
<talx> oaky downloading
<blackflow> cyphermox: aka uneducated opinion ;)
<talx> does anything have a good manual for setting up pxe ?
<cyphermox> no.
<hyperlumic> cyphermox: I understand that, but the notion itself is incorrect.
<cyphermox> talx: yes
<talx> google gave me just troubles
<teward> talx: there's an ubuntu wiki article on pxebooting
<talx> orly
<talx> I'd like to have the link for it if possible
<teward> talx: i assume you mean PXE boot the installer
<talx> yea
<teward> https://help.ubuntu.com/community/PXEInstallServer
<cyphermox> blackflow: not uneducated. if it doesn't do auth quite correctly, you might not care that much
<teward> https://wiki.ubuntu.com/UEFI/PXE-netboot-install
<cyphermox> XSS, you obviously should care.
<talx> thank you
<teward> one or both of those, talx
<teward> havent tested either but they're there so
<talx> you are awesome thanks
<teward> nah I just have google-fu ;)
<blackflow> (uneducated in the way you said you didn't use it (and thus have no experience with what it does and what the vectors are) and dint' know what the usual CVEs for it are, and yet you had an opinion that it's okay to run it behind a firewall)
<teward> cyphermox: not sure if you saw my message last night, my ZNC derped and didn't send me scrollback today - would a combo IPv4 and Ipv6 static config example be nice to have for the netplan examples on netplan.io?
<teward> because I didn't see any v6 examples :P
<teward> had to go digging in documentation
<cyphermox> teward: yes, I saw
<teward> had to go digging in documentation to find how
<talx> hmm
<cyphermox> it's fine to add in the addresses: array
<talx> I've fast read it, it looks great
<teward> cyphermox: yeah that's what i discovered digging in the docs.  :)
<cyphermox> teward: as for the website, I'll fix it when I next upload I guess
<teward> cyphermox: ack, no problem or rush :)
<cyphermox> I need to see if I can still fix it easily or if it's paperworks ;)
<teward> heheh
<leftyfb> Is there some solution from Canonical that will generate and possibly deploy(not as important) an ubuntu and run post-install on it? I know all about MAAS but that doesn't really fit our needs.
<rbasak> leftyfb: you're going to have to be more specific, otherwise my answer is going to be MAAS.
<leftyfb> Right now we're booting via PXE, doing a d-i install, some basic post-installation via kickstart and then a post-post install on next boot via a script pulled down during the kickstart
<leftyfb> The first step is to get away from d-i.
<xnox> leftyfb, MAAS does PXE boot, blasts a preinstalled squash image on disk, and can run arbitrary post-installation scripts / stuff, i.e. via trivial cloud-config/cloud-init yaml specified hooks.
<xnox> leftyfb, neat thing it's just $ apt install maas
<xnox> leftyfb, it's based on preinstalled/bootable cloud-images and curtin.
<xnox> leftyfb, is this for servers? desktops? cloud? baremetal?
<leftyfb> robots
<leftyfb> moving robots only accessible via wifi once the NUC is in the robot
<leftyfb> the initial deployment is fine to rely on ethernet
<lordcirth> On 16.04, we have a network setup like so: eth1 -> vlan10@eth1 -> br10.  LXC containers attach to br10 or other bridges and get put on the right VLAN.  I can't get this to work in systemd-networkd on 18.04.
<lordcirth> Does anyone have a similar setup they could paste?
<lordcirth> nevermind, figured it out.  The bridge needs VLANFiltering=false, and have the same MAC as the physical interface.
<coreycb> jamespage: ok i've pushed the placement seed. fyi i didn't add breaks/replaces as nova still has placement code.
<Epx998> Should I see an amd64 version of a iso in -> http://cdimage.ubuntu.com/ubuntu/releases/16.04/release/
<sarnold> Epx998: http://releases.ubuntu.com/16.04/
<teward> Epx998: releases.u.c, not cdimage.u.c, for standard ISOs :)
<teward> as sarnold linked :)
<Epx998> gotcha
<Epx998> when the iso installer fails on apt get heh
<sarnold> o_O
<teward> sounds like internet fail in those cases heh
<Epx998> its just a cd install
<Epx998> meh
<Epx998> must be the network mounted cd image
<Epx998> hash sum mismatch from the cdrom, ok. guess i can see if i can use ub18
<sarnold> uhhhh.. how'd that happen?
<Epx998> who knows
<Epx998> https://ibb.co/vwLCYvy
<sarnold> yikes. memtest86 on that machine?
<sarnold> it might not hurt to try mounting the image from elsewhere and manually walking through the InRelease and Packages.gz files to make sure hashes match
<Epx998>  id just talk them into a working distro ;P got a few to choose from in this lab.
<sarnold> the question is, is the image busted? or your network? or your machine?
<sdeziel> Epx998: have you validated the integrity of the iso with http://releases.ubuntu.com/16.04/SHA256SUMS ?
<Epx998> issue was duplicated on 3 chassis, going to see if i have issues with rhel7.6 and maybe sles12
<Epx998> i grabbed the cd off the ubuntu torrent
<sdeziel> hmm, interesting
<sarnold> Epx998: I mean in the long run I think you'd be better served by using the cloud images anyway, but if you want to keep using a cd-based installer to get to finished systems, then it'd be worth finding out *why* you've got broken bits :)
<Epx998> ill grab it off release.ubntu as well
<Epx998> cd installer was cause the cloud image wasnt grabbing the kickstart, i wanted to see if it was a network issue
<Epx998> i used the dell lifecycle for fun, maybe that was it
<sarnold> you'd want to use cloud-init instead of kickstart for cloud images
<Epx998> we typically do not use cloud images
<Epx998> though i do have a sprint item for working with RH on something cloud based
<Epx998> Look like it was Dell's lifecycle bit
#ubuntu-server 2018-11-29
<lordievader> Good morning
<rbasak> leftyfb: have you looked into Ubuntu IoT stuff? Read only images, atomic updates, etc.
<ahasenack> cpaelzer: rbasak: hi, when any of you have a moment, I have this MP to unblock ldb in disco: https://code.launchpad.net/~ahasenack/ubuntu/+source/ldb/+git/ldb/+merge/359774
<rbasak> Looking
<rbasak> done
<cpaelzer> that was fast rbasak, I didn't even see it until now :-)
<rbasak> Anything to distract me from this qemu+libvirt SRU review :-P
 * cpaelzer sniff
<ahasenack> rbasak: hah, I did forget update-maintainers
<ahasenack> ran it and pushed
<rbasak> ahasenack: go ahead and upload, no need for me to look again
<ahasenack> thx
<cpaelzer> thanks rbasak
<rbasak> yw
<rbasak> Thank you for your diligence in preparing the update. Makes review easier.
<rbasak> Lining up the patch names across the releases was a great help.
<cpaelzer> yeah
<cpaelzer> unfortunately the backports were different for the two target versions
<rbasak> Yeah libvirt patch 5 threw me a little
<cpaelzer> but as you said - I have hoped that keeping patch metadata and names intact would help
<kstenerud> ahasenack: What does it mean when a bileto ticket is abandoned?
<cpaelzer> rbasak: was that the fused one?
<cpaelzer> rbasak: TBH IBM was the one fusing it into one, I personally would have preferred three stripped down patches. But then I was glad for their help - so no complaining
<rbasak> I think so
<rbasak> lp1787405-0005-qemu-Extract-MDEV-VFIO-PCI-validation-code-into-a-se.patch vs. lp1787405-0005-qemu-domain-device-definition-hostdev-validation.patch
<cpaelzer> I see
<rbasak> What I've been doing recently for similar SRUs is to first identify how the uploads are different between devel and the SRU target releases, and confirm I'm happy with those differences. Once done I reduce what I have left to review to one release only.
<rbasak> (plus changelog and other metadata, but at least there's less meat that way)
<ahasenack> kstenerud: I dropped it, since I was satisfied with the results and uploaded the package already
<ahasenack> kstenerud: it will disappear in due time
<muhaha> Anyone using Proxmox and using PXE to boot/install unattended install ?
<talx> hello folks
<ahasenack> rbasak: cpaelzer: hi again, ldb is basically done, but now I need a samba upload, which is a rebuild because of ldb bump, and a merge from debian: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/359776
<ahasenack> kstenerud: check "trying: ldb" in http://people.canonical.com/~ubuntu-archive/proposed-migration/update_output.txt
<ahasenack> kstenerud: this one is an indication that samba needs a rebuild, because of samba-dsdb-modules
<kstenerud> ahasenack: So that means taht samba-dsdb-modules depends on ldb?
<ahasenack> yes, a very strict dep
<ahasenack> from d/rules (samba's):
<ahasenack> # samba ships ldb modules, which are specific to the ldb version, so we need a
<ahasenack> # strict dependency on the upstream ldb version
<ahasenack> # this also mean samba needs a rebuild when the upstream ldb version changes
<ahasenack> LDB_DEPENDS = "libldb1 (<< $(LDB_EPOCH):$(LDB_NEXT_VERSION)~), libldb1 (>> $(LDB_EPOCH):$(LDB_VERSION)~)"
 * ahasenack -> lunch
<ahasenack> rbasak: when you say "Since we can't easily unpin with a cached copy of pylint", you are talking about https://people.canonical.com/~rbasak/git-ubuntu/pylint-1.7.2.tar.gz or something else that snapcraft caches?
<rbasak> ahasenack: yeah, the p.c.c one.
<ahasenack> rbasak: ok
<Pcost8300> hello Everyone and good afternoon, I would like to know if changing an Ubuntu Server 14.04 Time to just one hour up could cause any trouble with databases or the glassfish server that is running in there.
<lordcirth> Why do you need to change the time?  Is it currently wrong?
<rbasak> Pcost8300: if you change the server's idea of UTC, then that will break things. Changing the server's timezone is generally fine though.
<Pcost8300> rbasak: Thank you for the information, when i type date command it says time with CST 2018 at the end
<Pcost8300> rbasak: sorry for asking but what does it mean
<Greyztar> Central Standard Time no?
<rbasak> He's gone
<Greyztar> :/
<ahasenack> rbasak: around still? https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1805178 is asking to have apparmor allow access to /etc/letsencrypt for the certificates, is the "canonical" place for the certs? What is its structure?
<ubottu> Launchpad bug 1805178 in openldap (Ubuntu) "Apparmor should include letsencrypt directory for Slapd" [Undecided,New]
<rbasak> ahasenack: IIRC, /etc/letsencrypt/live/$domain/ and then pem and keys in there
<rbasak> ahasenack: private keys are very sensitive. I'm not sure it makes sense to default to giving all services access to them.
<ahasenack> rbasak: can you imagine us shipping some sort of default allow-to-read apparmor role?
<ahasenack> yeah
<ahasenack> I'm inclined to suggest that users override that locally when needed
<rbasak> For example, if I were running an HTTPS server, it may be the completely wrong thing for a compromise of slapd to compromise the key
<rbasak> Maybe jjohansen and/or jdstrand have an opinion on that: ^
<ahasenack> I was hoping that /etc/letsencrypt structure would include the service name, or user name
<rbasak> AIUI letsencrypt makes no distinction on service name.
<rbasak> Everything is HTTPS, but you apparently can re-use certs for other services
<ahasenack> I mean, the directory structure could be something like /etc/letsencrypt/slapd/*.pem
<rbasak> (and you don't need HTTP/HTTPS to get a cert, since you can use DNS to prove domain ownership)
<sdeziel> ahasenack: I the same cert for various services (postfix + dovecot typically)
<ahasenack> yeah, the re-use makes this more complicated, if it's common
<sdeziel> s/I the/I use the/
<ahasenack> apparmor ships with two abstractions related to certificates
<ahasenack>  /etc/apparmor.d/abstractions/ssl_certs and /etc/apparmor.d/abstractions/ssl_keys
<ahasenack> they are not pulled in by default
<ahasenack> maybe we could have an letsencrypt abstraction, and let the user decide what he/she wants (or augment the existing ones for letsencrypt)
 * ahasenack just noticed that he is not in #ubuntu-hardened
<sdeziel> with the proliferation of Let's Encrypt clients, it will be hard to catch up with abstractions
 * sdeziel uses local/ includes
<teward> sdeziel: ahasenack: it sounds like this should be posed to the Security team for additional consideration/review as well?
<teward> because such additional abstractions to /etc/letsencrypt or {Insert Paths Here} can be security concerns in and of themselves
<teward> (read: privkey security, etc.)
<ahasenack> sure
<jjohansen> rbasak: hrmmm I need to spend some time looking at this to have an informed opinion. I don't like having a default that might be wrong on servers
<jjohansen> I agree with teward that this should go to the security team for additional consideration
<teward> rbasak: ahasenack: in *theory* I agree with the idea for the apparmor access via an abstraction
<teward> but from the **security** side of theory I have some very harsh critiques for the practice
<teward> in sysadmin and ease of use theory*
<ahasenack> there is one such abstraction already, fwiw
<teward> because as rbasak says, private key sensitivity
<teward> ahasenack: the second part of the argument is catching up with all the clients
<ahasenack> I fully expect a wide range of paranoid levels around this issue
<jjohansen> I marked the bug public security for now
<ahasenack> for now I suggested in the bug that he use the apparmor.d/local mechanism to add his local changes
<ahasenack> and asked what's the structure of his /etc/letsencrypt directory
<teward> +1 for local abstractions per your suggestion ahasenack
<ahasenack> teward: about the "all the clients" argument, we should first think about what the ubuntu client (certbot in this case) does
<teward> +1
<ahasenack> I subscribed to the bug, will know when there is a reply
<ahasenack> thanks for the quick discussion :)
<teward> ahasenack: AIUI, /etc/letsencrypt/live/*/[crt,key,etc. here] is where it'd need to be reading
<teward> * for the individual domain(s) as masters on the cert
<teward> and then the individual certs and keys under that
<ahasenack> ok
<teward> as well as the CA chain where needed
<sdeziel> the only sensitive part in there is the key so is it root owned and with a special extension (like .key)?
<teward> I think so *double checks his LE test system*
<sdeziel> thanks, I only use dehydrated myself :)
<teward> sdeziel: actually, access to the dir might be tricky
<rbasak> jjohansen: understood. Thanks!
<teward> sdeziel: live/* root:root 700
<sdeziel> teward: most daemons start as root so what's your concern?
<teward> sdeziel: true, but in cases where a daemon woudln't it wouldn't have access
<teward> i'm not familiar as much with openldap, it starts as root I assume?
<sdeziel> teward: probably since it bind port 389 and/or 686
<teward> i just realized I don't have latest certbot on this system :|
<teward> sdeziel: at least with 0.22.2, /etc/letsencrypt/live/*/privkey.pem
<teward> but i'mma have to spin a bionic for newer testing
<teward> ... once I get home (can't access my infra at home for better testing from here at the moment)
<sdeziel> teward: thanks
<teward> sdeziel: but everything in that folder is a *.pem so it's not a special extension to specify the key
<teward> IIRC this is still the way it behaves today in latest but eh
<teward> ... oh THERE'S my VPN keys... I was looking for these earlier to VPN back home >.>
<sdeziel> so far, the safest way I found (please let me know of any flaw) is to have an install/deploy hook to put the cert/key in /etc/$daemon/certs/ and make them root:root 0600. Combined with this Apparmor rule: "/etc/$daemon/certs/* r,"
<teward> sdeziel: 30/60d cert regen means you need to redeploy the cert each time, unless I misunderstand what you mean by 'deploy hook'
<sarnold> root:root may mean you've got to run your daemon at higher-than-needed privs
<teward> duh I forgot sarnold was in here LOL
<teward> *facedesks, then goes to find more caffeine*
<sarnold> don't take that to mean I'm *paying attention*
<sdeziel> sarnold: for the services I manages, most of them keep a master process (nginx, postfix, dovecot) so a simple reload is enough to pick up the new cert/key. prosody is an outlier here though
<teward> sarnold: no, I just meant I can ping you and annoy the heck out of you on these things in here *evil grin*
<sarnold> sdeziel: nice
<teward> :P
<sarnold> ah :)
<sdeziel> to improve on the Apparmor rules, I guess that leveraging the hardcoded names would work "/etc/$daemon/*chain.pem r," and "owner /etc/$daemon/privkey.pem r,"
<sdeziel> and I forgot the $domain so they should all be prefixed /etc/$daemon/*/ to support whatever CN you happen to use
<sdeziel> anyway, I like this scheme better than all the keys in /etc/ssl/private
<sdeziel> teward: yes, I re-deploy certs and keys all the time (I don't reuse keys)
<Greyztar> setting after and wants in systemd service file ,will that make the parent service not start until the dependencie is successfully started?
<lordcirth> Greyztar, that's the idea, yes
<Greyztar> lordcirth: ive been doing some reading,just wanted it confirmed as google can be sometimes well...thanks for answering me (,")
<lordcirth> np
<docmur> I have a fresh apache2 setup with two domains configured 000-default.conf and test.conf, whe nI try to navigate to test.ca, I'm getting the default location /var/www/html returned and not /var/www/test, these are the config files: https://pastebin.com/L8LYfH6x
<docmur> shouldn't that work?
<docmur> I just did a purge and install of apache2 so everything else should be generic
<Greyztar> when sourcing a file with some variables or so in bash,that would only last current session no?So when a reboot takes places what have been sourced is gone?
<mybalzitch> will changes made by ovs-vsctl to add/remove ports persist through a reboot?
#ubuntu-server 2018-11-30
<cpaelzer> good morning
<lordievader> Good morning
<ahasenack> good morning
<baffle> Hi, I am trying to get frr to start on boot on 18.04, and the unit-file has Wants/Before=network-online.target .. But network-online.target is never reached, status says "inactive (dead)".. network-online.target has depends on systemd-networkd-wait-online.service (I use netplan for interface config), but that is also "inactive (dead)".  It again depends on systemd-networkd.service, wich is "active
<baffle> (running)" and has no errors, and have configured interfaces.. Any tips? I'm getting really frustrated. If I do "systemctl --type=target" network-online.target is not listed..
<baffle> If I switch back to using /etc/network/interfaces, network-online.target has other dependencies, but still doesn't trigger.
<TJ-> baffle: if you've got a Wants= surely you need an After= not a Before=
<baffle> TJ-: Sorry. /lib/systemd/system/frr.service has [Unit] After=networking.service, [Install] WantedBy=network-online.target.
<baffle> TJ-: If I do systemctl show frr.service it says "Before=shutdown.target network-online.target" and "After=basic.target system.slice networking.service systemd-journald.socket sysinit.target".
<TJ-> baffle: ahhh... maybe I've got confused again over 'Wants=' - I seem to recall someone in #systemd telling me it is like an inverse dependency, as in this unit becomes Want-ed by the named unit
<theGoat> so i would like to centrally manage the authentication of my linux VMs, without using AD.  was wondering what my options were?
<cyphermox> LDAP
<cyphermox> also NIS, and probably something I forgot, too
<leftyfb> Anyone know of some documentation on deploying a disk image (from dd maybe) using PXE? (Not the fog project)
<lordcirth> leftyfb, you probably want clonezilla
<leftyfb> nope
<leftyfb> clonezilla won't use a dd image
<leftyfb> we want to create images in a CI system and then deploy them using PXE
<lordcirth> That's surprising.  Have you considered not using dd, then?  It is pretty inefficient
<leftyfb> possibly
<lordcirth> Also, the clonezilla page says you can use dd images
<lordcirth> "Based on Partclone (default), Partimage (optional), ntfsclone (optional), or dd to image or clone a partition."
<teward> leftyfb: you can use advanced clonezilla server / client modes
<teward> and make it use dd
<teward> it's slow (and I mean SLOW) but
<leftyfb> define slow
<leftyfb> slower than a d-i install via pxe?
<teward> no i mean the dd process :P
<lordcirth> probably depends on bandwidth vs cpu
<teward> ^ this
<lordcirth> d-i is bottlenecked by dpkg unzip, I think
<TJ-> leftyfb: what have you tried? are you using syslinux?
<leftyfb> I must say, I was VERY impressed with FOG. It pull a 10G image from a 120G drive and compressed it down to about 600M, all within a minute or 2. Takes the same amount of time to deploy it back to the same drive
<lordcirth> leftyfb, that's pretty cool
<leftyfb> TJ-: yes, I'm using syslinux
<lordcirth> So, why aren't you using fog, then?
<TJ-> leftyfb: so you can do "LINUX memdisk" "INTRD disk.img" "APPEND raw" ?
<TJ-> s/INTRD/INITRD/
<leftyfb> lordcirth: because it's way overkill for what we need, not sure about the importing of dd images from a separate CI system and there would be a ton of custom work to get it to use the system serial# from DMI to determine a hostname as opposed to MAC address. At the moment I can't even get it to change the hostname after deployment like it's supposed to
<TJ-> leftyfb: oh, you wouldn't even need the APPEND for a HDD/partitioned image file > 4GB
<leftyfb> TJ-: At the moment I'm only using syslinux to run a d-i install. Are you saying syslinux is capable of deploying a dd image on it's own? I'm not looking to run it live, I need it to dd the image back to the drive
<TJ-> leftyfb: using memdisk, yes
<TJ-> leftyfb: maybe this'll help: https://www.syslinux.org/wiki/index.php?title=MEMDISK#Hard_disk_images
<leftyfb> TJ-: you sure this will dd the disk image to the physical drive and not just try to run it live in memory?
<TJ-> leftyfb: if you want to write the image, you'd need to boot a minimal initrd.img that fetches the disk/img and writes it to the device
<leftyfb> ah, see, right
<leftyfb> That's what I'm looking to do, write the image
<TJ-> leftyfb: it'd have to be 2 stage, you've got to have something that can do the fetching and writing
<leftyfb> TJ-: is there documentation on writing such an initrd.img? Can it run a python script as well?
<leftyfb> TJ-: what do you mean by 2 stage? As in chain loading initrd's or something?
<TJ-> leftyfb: 2 stage as in 1) PXE boot a kernel and initrd 2) initrd fetches disk.img and writes it to disk, then sets things up to pivot to its rootfs and start its /sbin/init
<leftyfb> ah right, for any post-install(HOSTNAME) right?
<TJ-> leftyfb: casper is designed to do that but with an ISO image; you may be able to adapt those casper initialramfs scripts/config/directives to do it
<TJ-> casper loads/fetches the ./casper/filesystemd.squashfs for example
<leftyfb> The only thing I need to do post-image is change the hostname. I could do that just by mounting the partition and sed'ing the /etc/hostname
<leftyfb> So maybe all I need is a custom initrd
<TJ-> yes, it sounds like it
<leftyfb> Can dd use an image it's getting live over wget or the like? It'll be in the 10's of GB's, not enough to stick in memory
<lordcirth> leftyfb, dd will accept from a pipe.  Get it there how you please
<lordcirth> honestly you could probably netcat it
<leftyfb> ok, that's what I figured. I've done it from tar/zip
<lordcirth> netcat may not be a wise idea, though
<leftyfb> looks like I have a ton of stuff to look into/learn
<lordcirth> Don't we all
<leftyfb> it's too bad FOG wasn't easier to play with. The imaging/deploying was so efficient
<lordcirth> I've added FOG to my tech todo list
<leftyfb> The install was a bit of a mess
<lordcirth> I want to install OpenNebula on my home server, and put FOG in a VM on it
<leftyfb> It's a well-meaning project and it's got the imaging stuff down nicely, but the UX is pretty bad
<lordcirth> It's not a homelab if it's not needlessly complex for home use
<leftyfb> lordcirth: https://photos.app.goo.gl/LmdPoSS9wP4VtCDt8
<leftyfb> my "home lab"
<lordcirth> neat
<leftyfb> lordcirth: have you seen my little pi rack?
<lordcirth> no
<leftyfb> https://photos.app.goo.gl/UBtwQK2mumzh4w7F9
<mybalzitch> oh shit, that's nicely organized and everything!
<leftyfb> :)
<mybalzitch> that 2nd photo is real pleasing to look at
<leftyfb> all custom
<lordcirth> Shiny
<bjonnh> running docker in LXD : https://support.plesk.com/hc/en-us/articles/360012448554-Docker-updated-leads-to-the-failed-docker-service-Dependency-failed-for-Docker-Application-Container-Engine
<bjonnh> I had to follow (some how, they have a lot of mistakes) that
#ubuntu-server 2018-12-01
<rsully> Does anyone have any recommendations for vendors to configure servers from? If this isn't allowed here please feel free to PM me regarding this.
<xibalba> I'm trying to NAT from my LAN into my tun0 interface. I've used the iptables cmd, sbin/iptables -A FORWARD -i ens160 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT, however when i do a tcpdump I dont see any data going into my tun0 interface. I have the tun0 interface up, and ping across the internet to the other peer point. Any suggestions?
<xibalba> it's a tun interface spawned from ssh
#ubuntu-server 2018-12-02
<xibalba> als i'm wondering how do i get ubuntu to stop issuing ICMP redirects? 192.168.1.25 â 192.168.1.129 ICMP 126 Redirect . I've disabled it in sysctl.conf and reloaded. net.ipv4.conf.all.send_redirects = 0
<xibalba> i ran the following, https://8n1.org/14114/5bd1
<koffel> hey all i have a dell r610 poweredge is ubuntu server supported
<mybalzitch> is it a 64bit cpu with an intel/amd chip? chances are pretty good it will at least boot
<Intelo_> How much a laptop be constantly used in 24 hours for cpu usage above 70% and 90% ram. A laptop like m6700?
<mybalzitch> the cpu will throttle if the cpu temps get higher than spec
<Intelo_> mybalzitch,  how can I check temps?
<Intelo_> using kubuntu
<Intelo_> mybalzitch,  nevermind. will manage
<Intelo_> mybalzitch,  if the temperature is undercontrol, I can use it 24/7?
<mybalzitch> why wouldn't you be able to
<koffel> i getting errors left and right then stops in middle of install
<Intelo_> mybalzitch, https://imgur.com/a/sS094YU
<ahasenack> hello
<senaps> hi all, i have installed danted and ocserv in ubuntu server 16.4, but i don't have any access to filtered websites i tried to bypass using danted or ocserv. but, i can connect to ocserv and then use my danted service!
<senaps> anybody able to help me with configuring danted? i can pass websites not blocked by our government, but twitter and other websites are not passed with this proxy.
<senaps> what can be wrong? why is it passing part of the traffic only, and with another isp, i don't have that problem...
<senaps> hi all, i have ocserv installed and configured, i am able to connect just fine using `openconnect` but no traffic is through
<Intelo> Sending mail via echo "My message" | mail -s subject user@mail.com    works fine but when I send via a thirdpart nodemailer (nodejs lib), it says lost connection after RCPT. 451 4.3.0  <user@mail.com>: Temporary lookup failure;
<bjonnh> how hard would it be to install a ubuntu over an existing fedora with only a ssh access to the machine?
<bjonnh> (it is using uefi)
<Intelo> virtualbox?
<mybalzitch> there used to be software for that
<mybalzitch> damned if I can remember the name of it
<bjonnh> Intelo: no baremetal machine
<Intelo> virtualbox?
<Intelo> bjonnh,  ok. don't know
<bjonnh> I wish I had a kvm
<mybalzitch> bjonnh: https://help.ubuntu.com/lts/installation-guide/i386/apds04.html look at that! a framework
<bjonnh> really nice
<bjonnh> I just stumbled on something similar too
<compdoc> thats cool
<bjonnh> ok I'll try that right now
<bjonnh> will keep you posted ;)
<bjonnh> getting from fedora 26 to ubuntu
<ChmEarl> bjonnh, fedora has debootstrap... install ubuntu into a chroot
<ChmEarl> bjonnh, stay in fedora and control the install before rebooting into ubuntu
<bjonnh> debootstrap from fedora refused to install
<bjonnh> E: Error executing gpgv to check Release signature
<mybalzitch> surely you can google that error and work around it
<mybalzitch> perhaps you need to install gpgv
<bjonnh> I'm following the ubuntu guide
<bjonnh> at least IÂ will have an up to date debootstrap too
<bjonnh> same error
<bjonnh> oh nm
<bjonnh> works now
<bjonnh> mybalzitch: I didn't had gnupg at all (I thought I did though)
<bjonnh> W: Failure trying to run: chroot /mnt/ubuntu mount -t proc proc /proc
<bjonnh> says that mount doesn't exist
<bjonnh> trying with bionic instead of cosmic
<bjonnh> I also disabled selinux
<bjonnh> that could help
<bjonnh> nope same thingâ¦
<bjonnh> looks like it should use an absolute path
<bjonnh> so it really didn't like the debootstrap from ubuntu
<teward> bjonnh: that sounds like something specific to the Fedora debootstrap
<teward> bjonnh: are you just trying to get an Ubuntu system available on Fedora, or are you trying to replace Fedora with Ubuntu?
<bjonnh> yeah so I just took the cosmic recipe from it
<bjonnh> teward: I am replacing fedora
<bjonnh> "apt install makedev"
<bjonnh> no package makedevâ¦
<bjonnh> I'll just bind mount
<tomreyn> hi, what's the recommended application server for RoR production deployments these days? Unicorn, Puma or Passenger? and for the webserver, i assume nginx + wsgi is fine?
<tomreyn> oh wait (u)wsgi is python, so scratch this part of my question, please
<bjonnh> rebooting
<bjonnh> will see what happensâ¦
<bjonnh> failedâ¦
<bjonnh> it refuse to rebootâ¦
<mybalzitch> good thing you have a ipkvm to troubleshoot remotely?
<mybalzitch> ;p
<bjonnh> nope
<bjonnh> if I had a kvm that would probably have been easier ;)
<bjonnh> I think the install is clean, it is just fedora that refused to reboot
<bjonnh> will see tomorrow
<bjonnh> when I can get to the machine
<bjonnh> also that's a mac pro so EFI is touchy
#ubuntu-server 2019-11-25
<lordievader> Good morning
<lordievader> explore: Depends on how you configure your vnc server. You can usually configure it to destroy any running application when the user disconnects.
<smoser> Odd_Bloke: fyi https://code.launchpad.net/~simplestreams-dev/simplestreams/+git/simplestreams/+merge/375843
<Odd_Bloke> smoser: Yeah, I'm going to be looking at fixing that this afternoon.
<Odd_Bloke> Both rafaeldtinoco and I ran the focal build locally before landing which worked, but that didn't catch it for some reason.
<smoser> Odd_Bloke: your local build had python
<smoser>  /usr/bin/python was there
<Odd_Bloke> I thought I used a schroot which wouldn't have it, but maybe I'm misremembering.
<smoser> Odd_Bloke: i just recreated failure here with a schroot build.
<smoser> but all schroots are nto created equal
<smoser> you want sbuild-launchpad-chroot
<Odd_Bloke> Yeah, now I did too.
<Odd_Bloke> So who knows what I did last week. :p
<smoser> its possible that it disappeared just over the wekeend
<smoser> from the launcpad schroots
<explore> lordievader: thank you
<Odd_Bloke> smoser: https://code.launchpad.net/~simplestreams-dev/simplestreams/+git/simplestreams/+merge/375984
<Odd_Bloke> smoser: Ugh, actually, I missed that this is causing CI failures.
#ubuntu-server 2019-11-26
<genii> sarnold: Did the user in #u ever get his guest session issue of not being able to access external drives sorted out? I couldn't hang around that night to see the end of the saga
<sarnold> genii: I don't think he did
<genii> Ah :(
<sarnold> genii: my vague recollection was someone aimed him at a SO post from 2012 or something that suggested some apparmor policy changes, and then he took off :/
<genii> Thanks for the update, was curious
<sarnold> genii: what's really frustrating is that it might not have been so terrible to have been seated at the machine and figure things out, but over text, slow-ish responses, not big on details :(
<genii> Yes. Sometimes I have the time available to go in depth with such users, but not that day, unfortunately
<oerheks> another one today, with usb not rw under guest session, fixed it himself with a setting in  /etc/usbmount/usbmount.conf  ... which is empty on my system
<genii> oerheks: Interesting
<oerheks> <g3poandlsl> Found the solution to permission issues for FAT32 USB automounted drives.  Solution was to edit /etc/usbmount/usbmount.conf to change the fmask and dmask for FAT32
#ubuntu-server 2019-11-27
<lordievader> Good morning
<ruben23> hi there guys how does the gpg key-server for ubuntu .?
<ruben23> like this how did they identify and acquire the keys -----> apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
<sarnold> ruben23: we've collected a lot of the gpg key fingerprints on https://wiki.ubuntu.com/SecurityTeam/FAQ#GPG_Keys_used_by_Ubuntu
#ubuntu-server 2019-11-28
<frickler> is there some glibc maintainer around here? I'd like to get the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=23844 into bionic, seems to affect multiple consumers, in our case openvswitch
<ubottu> sourceware.org bug 23844 in nptl "pthread_rwlock_trywrlock results in hang" [Normal,Resolved: fixed]
<rbasak> frickler: packages in Ubuntu are team maintained
<rbasak> frickler: we'd be grateful if you could test/QA/land any bugfix in Ubuntu. See https://wiki.ubuntu.com/StableReleaseUpdates for details on how to do that, and please ask if you have any questions.
<frickler> rbasak: thanks, I guess I would rewrite my question then as: Is there someone with enough interest in fixing that glibc bug such that I don't have to do the SRU procedure myself? ;) otherwise I'll try to get something started once I can confirm that the fix works for me locally
<rbasak> frickler: please start by filing a bug - then coordination with others who are affected can begin.
<rbasak> frickler: what proportion of Ubuntu users are likely to be affected? If that number is high, then the Canonical Server Team will prioritise it. If low, then it'll be up to volunteers only.
<frickler> rbasak: I would re-target https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1839592 once I confirm the correlation
<ubottu> Launchpad bug 1839592 in openvswitch (Ubuntu) "Open vSwitch (Version 2.9.2) goes into deadlocked state" [Undecided,Confirmed]
<rbasak> frickler: sounds good. Thank you for coordinating!
<rbasak> frickler: the 'sts' tag suggests to me that there's interest from Canonical customers, so you may be in luck with "someone with enough interest" :)
<m_tadeu> hi...I have a VM that is mounting a ext4 that lives on the host:tempfs...seems like it's caching, which seems unnecessary....how can I enable direct access (no caching for this device on the VM)?
<tomreyn> this sounds like something you'd manage non the virtualization you're using
<m_tadeu> tomreyn: sorry didn't get it...I'm creating img files in the host tmpfs and using them as disks in the VM....problem is that the VM is caching data from a disk that is already in memory
<tomreyn> m_tadeu: i don't think i'm getting this scenario where "the VM is caching data from a disk that is already in memory". maybe it'll help if you'll discuss which ubuntu server version you're discussing here, what's running on the host and guest, which virtualization you're using, and how virtual storages translate into physical storage.
<tomreyn> maybe you're saying that you would like the gurst system to use the hosts' I/O cache. this is not something you can setup on the guest, though, but need to configure on the virtualization.
<m_tadeu> host is ubuntu-server16.04 and the vm is ubuntu-server18.04. I'm using libvirt+kvm+qemu. I have a tempfs in /ramdisks, where I'm creating a disk1.qcow2 file. This file (/ramdisks/disk1.qcow2) will be used and mounted in the VM.
<m_tadeu> now this disk1.qcow2 is already in the host memory (since it's in a tmpfs), but when the VM is using it, it's caching data (from disk1.qcow2) that is already in memory
<cpaelzer> m_tadeu: cache=none in the libvirt xml would do what you need
<cpaelzer> => https://libvirt.org/formatdomain.html#elementsDisks
<m_tadeu> cpaelzer: I'm getting a 'Invalid argument' error when I use that. any ideas?
<cpaelzer> m_tadeu: it will have to open the disk with O_DIRECT not sure if that works on TMPFS
<cpaelzer> but also I think on tmpfs there will be no page cache
<cpaelzer> I'd not assume the kernel is that stupid
<cpaelzer> can't proove it, just gut feeling
<cpaelzer> yep, as I assumed https://lkml.org/lkml/2007/1/4/55
<cpaelzer> nice to see nown names so much back in time :-)
<m_tadeu> so it fails because cache=none uses O_DIRECT and fails because it's in tmpfs?
<cpaelzer> yes
<m_tadeu> crap
<cpaelzer> you can't tell it to not-cache where there isn't a concept of cache+backingstore to begin with
<m_tadeu> well not on the tmpfs...but the vm seems to see it a regular partition....so it's filling all the memory as it uses that partition....so it seems to be caching in the vm
<tomreyn> !info nocache
<ubottu> nocache (source: nocache): bypass/minimize file system caching for a program. In component universe, is optional. Version 1.0-1 (bionic), package size 16 kB, installed size 60 kB
<tomreyn> ^ in case you can't edit source code.
<rafaeldtinoco> !info eatmydata
<ubottu> eatmydata (source: libeatmydata): Library and utilities designed to disable fsync and friends. In component main, is optional. Version 105-6 (bionic), package size 5 kB, installed size 21 kB
<rafaeldtinoco> as well =)
<m_tadeu> :) gonna check that
<m_tadeu> is there a way for systemctl staatus <service> not to print special chars, like the initial ball?
<sdeziel> m_tadeu: if all you care is to know if a unit runs or not, you might try 'systemctl is-active <service>' instead. Not sure that would achieve what you want
<m_tadeu> sdeziel: woaa...that's what I really need....thx
<sdeziel> cool
<sdeziel> m_tadeu: it accepts --quiet if you only care about the return code
<m_tadeu> sweet
#ubuntu-server 2019-11-29
<linuxperia> hi all. i have a strange problem with ubuntu server. when i try to compile a programm i get this error here => "error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory" libtinfo however exist on my system and is located at /usr/lib/x86_64-linux-gnu/libtinfo.so What is wrong and how can i fix this Problem ?
<mybalzitch> do you have a so.5 symlink to libtinfo ?
<mybalzitch> linuxperia: ^
<linuxperia> mybalzitch: thank you very much for your helpfull tip. i just looked it up and this is how it looks like on my side => it points to version 6 instead 5 => /usr/lib/x86_64-linux-gnu/libtinfo.so -> /lib/x86_64-linux-gnu/libtinfo.so.6
<mybalzitch> yes, create another symlink pointing libtinfo.so.5 to libtinfo.so.6
<linuxperia> so i need change then the version in the code to use 6 instead 5 and then everything should be perfect. ahh okey this will work also. thank you very much will do it and report back
<mybalzitch> or recompile, yeah
<linuxperia> Yes got one step further. now it complains that /lib/x86_64-linux-gnu/libtinfo.so.5: version `NCURSES_TINFO_5.0.19991023' not found looks like need older ncurses hmmm
<linuxperia> mybalzitch: thank you very much for your helpfull tip with the symlink. you helped me recognize the problem!
<mybalzitch> no problem! hope you get it sorted
<vlm> how can i bind sshd to an address that works through reboots? If i bind to address and manually restart daemon it works but it doesnt manage to bind to address upon booting,journalctl shows failed: "Cannot assign requested address fatal: Cannot bind to any address"
<tomreyn>  this sounds like the ip address you're having sshd listen on isn't bound to an interface by the time sshd is starting.
<tomreyn> you could either bind sshd to a different systemd target which ensures that the ip address has been bound to the interface, or make sshd listen on ANY and set up firewall restrictions to limit where inbound copnnections will be accepted from / to
<tomreyn> vlm: ^
<vlm> tomreyn: ill try those options thanks
<rbasak> vlm: if you're using netplan with networkd or networkd on its own, then "systemctl list-units" will show you the After= target to use. For example mine is sys-subsystem-net-devices-enp0s31f6.device.
<vlm> rbasak: nice tip ill give it ago aswell!
<vlm> seems had it right first time only i had a spelling error, network.online.target instead of network(-)online.target,would it be any advantages with your approach rbasak?
<rbasak> vlm: network-online.target is vague if you have multiple NICs.
<rbasak> Or hotplug any NICs.
<rbasak> vlm: see https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
<rbasak> So if you're binding to an address on a specific device and need to start a service only when that address is ready, the best thing is to start the service only when that specific device is up.
<rbasak> But as tomreyn said, better to avoid that situation altogether.
<rbasak> Why do you need to bind ssh to a specific address anyway?
<vlm> I was reading the link earlier on but missed that,seems its not so dependable,it works on a test system but on the server i need it doesnt,i just want to restrict traffic,i knew i could do it in firewall but got curious to how come sshd  wouldnt
<vlm> bind on reboot so started researching
<rbasak> Ideally sshd would adapt dyamically as the systemd documentation page describes
<rbasak> Failing that, I'm not sure I would trust the firewall configuration on its own
<rbasak> Maybe use Match, DenyUsers and AllowUsers directives in sshd_config and test that independently to ensure it's working as expected.
<rbasak> And then add a firewall configuration on top of that
<vlm> rbasak: seems like a good idea indeed,more layers of security is nice so if the one fails we got backup,started poke around pam access.conf and host.deny aswell
<rbasak> vlm: I would pick two only. More complexity means more likelyhood of a mistake :)
<sdeziel> vlm: to build on rbasak's suggestion, "Match LocalAddress" would probably be useful to you
<vlm> rbasak: it could get too much also, usually i document stuff i do when it get complexed so common faults that may occur in such situations i can easily resolve,have helped me alot when things go wrong
<vlm> sdeziel: yes that was what i was thinking aswell thanks for chime in
<vlm> sdeziel: or i was thinking might be an option to Match ThisIp or so ,its nice to have options atleast to secure in many ways is my thought
<rbasak> bryce: around?
<rbasak> bryce: I implemented the mk_commit refactoring you requested
<rbasak> But I ended up doing it as a constructor method (a classmethod) in repo_builder.Commit.
<rbasak> Question: do you want a test for that? It's entirely within the test infrastructure so not used in production, and it's being fully exercised by the tests.
<rbasak> Here's the implementaton: https://git.launchpad.net/~racb/usd-importer/diff/gitubuntu/repo_builder.py?h=importer-add-tests&id=a0f087ec7539a909ee01bdb68820693fc3012122
<rbasak> (the branch is still a work in progress)
<rbasak> In general I'm not sure what our policy needs to be for testing the test helpers
<mbeierl> Hello.  I am looking to find the difference between Ubuntu cloud images (from https://cloud-images.ubuntu.com/bionic/20191127/ ) with .img and .vmdk extensions.  When I use the .vmdk under VMware vCloud Director, it boots, but converting the .img to .vmdk causes it to hang.  I have other .imq and .qcow2 images that I want to convert and they all exhibit the same behaviour.
<crodriguez> Hello, I have a question regarding netplan in ubuntu 20.04. For a server with 3 interfaces with each their own gateway, how does networkd determines the default gateway? It seems like ip route get always returns the right interface,  I'm trying to understand how it chooses the correct interface as its default gateway. I haven't defined any route in the netplan config.
<bryce> rbasak, yep just back from lunch
<bryce> hmm good question on testing test helpers
<bryce> in other projects I've not tended to worry about testing test helpers, since the testsuite itself exercises the code adequately most of the time
<bryce> but for more complex helpers, or if it helps in doing the development, I suppose no reason not to allow them
<bryce> rbasak, that said, since this code would live in the main code rather than purely in a *_test.py file, a test case would probably be appropriate
<rbasak> OK, thanks. I'll add some tests for it.
<rbasak> ...on Monday. Enjoy your weekend :)
<bryce> I imagine monkeypatch could be an alternate way to do it.  No idea how easy/hard that'd be though.
<bryce> rbasak, right, cya monday!
<bryce> btw I (might) have jury duty next week
<rbasak> OK
<ericlafontaine> Hi, my name is Eric Lafontaine and I was told that some people over here could help me understand a behaviour with the networking/kernel
<ericlafontaine> I'm having a server with 3 NIC using DHCP and all having gateways.  The behaviour I'm seeing is that the kernel is able to know that the last interface should always be the default gateway interface, whatever bouncing of the interface I do.  This seems like magic to me and I'm trying to understand how come.  all 3 default routes are present, but it's always the last interface that is used by
<ericlafontaine>  the kernel as the route to internet.
<ericlafontaine> (I have this behaviour with the base image of Ubuntu 20.04 )
<ericlafontaine> (on an openstack environment)
<crodriguez> ericlafontaine: hi ! I think rbasak will be able to help you out. Maybe he's EOD though, might have to wait for Monday
<rafaeldtinoco> ericlafontaine: why would u have 3 gateways ?!
<ericlafontaine> Hi @crodriguez, thanks.  If anyone else want more details/are curious, please contact me directly :)
<ericlafontaine> I'm putting a router in place to abstract network complexity.
<rafaeldtinoco> ok but what is the purpose of having 3 gateways ?
<rafaeldtinoco> you want to load balance traffic among all 3 ?
<ericlafontaine> It's my first time using an IRC, so I'm not sure if I should try to summarize or go all out on explanations...
<rafaeldtinoco> just answer the question
<rafaeldtinoco> its easier =)
<rafaeldtinoco> ericlafontaine: you have 3 net providers and want to load balance among them ? is that it ?
<rafaeldtinoco> or something like it ?
<ericlafontaine> basically, I have an intranet for which my "router" will be acting as the gateway (ubuntu server) for other servers on the intranet.  The second network is another intranet for which some routes are provided (this one doesn't actually have a gateway, but dhcp put's one in anyway... bug? maybe, didn't get time).  The third interface is the real external network and should stick to being my de
<ericlafontaine> fault gateway whatever happens.
<ericlafontaine> I get the behaviour I want, but I can't explain how it works, which is troubling me.
<rafaeldtinoco> ericlafontaine: dhclient can drop gateway
<rafaeldtinoco> for example
<rafaeldtinoco> its not because dhcp server gives you HAVE to use =)
<rafaeldtinoco> check /etc/dhcp/dhclient.conf
<rafaeldtinoco> you can configure an interface not to "request" routers, for example, but request everything else
<rafaeldtinoco> you can request only IP, or IP and NTP, IP and DNS, etc
<ericlafontaine> I found that it's using the systemd-networkd and whatever bouncing of interface I do, my last interface stays the default interface.  I would have expected this to be like dhclient behavior you're describing, but it wasn't dhclient
<rafaeldtinoco> ah gotcha
<rafaeldtinoco> so you're using netplan
<ericlafontaine> yes
<rafaeldtinoco> with systemd-networkd backend
<ericlafontaine> default 20.04 ubuntu server
<rafaeldtinoco> ok lets check how to drop dhcp options in systemd
<rafaeldtinoco> 20.04 ? (focal ?)
<rafaeldtinoco> its -devel
<ericlafontaine> I know :)
<ericlafontaine> still it does what I need it to do
<rafaeldtinoco> ok
<ericlafontaine> which is why I was looking at it
<ericlafontaine> my problem is that I don't understand how it can keep the last interface whatever "bouncing" I do...
<ericlafontaine> It's an happily nice behaviour :) I just can't explain it
<rafaeldtinoco> looks like
<rafaeldtinoco> https://github.com/systemd/systemd/issues/5134
<rafaeldtinoco> the feature you're looking for was in this issue
<rafaeldtinoco> http://man7.org/linux/man-pages/man5/systemd.network.5.html
<rafaeldtinoco> check [DHCP] section
<rafaeldtinoco> UseRoutes=
<rafaeldtinoco>            When true (the default), the static routes will be requested from
<rafaeldtinoco>            the DHCP server and added to the routing table with a metric of
<rafaeldtinoco>            1024, and a scope of "global", "link" or "host", depending on the
<rafaeldtinoco>            route's destination and gateway. If the destination is on the
<rafaeldtinoco>            local host, e.g., 127.x.x.x, or the same as the link's own
<rafaeldtinoco>            address, the scope will be set to "host". Otherwise if the
<rafaeldtinoco>            gateway is null (a direct route), a "link" scope will be used.
<rafaeldtinoco>            For anything else, scope defaults to "global".
<rafaeldtinoco> you can change the generated systemd file
<rafaeldtinoco> and UseRouters=false
<rafaeldtinoco> UseRoutes=false
<rafaeldtinoco> for the interfaces you don't want a gateway set
<rafaeldtinoco> (for example)
<ericlafontaine> my network configuration only had [DHCP] active, nothing else
<rafaeldtinoco> let me check if netplan supports it
<rafaeldtinoco> https://netplan.io/examples
<rafaeldtinoco> it shows an option
<rafaeldtinoco> "dhcp4-overrides
<rafaeldtinoco> Connecting multiple interfaces with DHCP
<rafaeldtinoco> check this there ^
<rafaeldtinoco> suggestion they give is to raise the route metric
<rafaeldtinoco> so the default router is used by your main interface
<rafaeldtinoco> and the other gateways are "ignored"
<rafaeldtinoco> because they have a big metric
<rafaeldtinoco> did you check that ? have you tried ?
<ericlafontaine> yes, all my interfaces turned out to have the same metric...
<rafaeldtinoco> even using the override ?
<ericlafontaine> I haven't tried any change, I just tried to understand how the kernel knew...
<ericlafontaine> can i send you the routes and netpan?
<ericlafontaine> I have those with me.
<rafaeldtinoco> ericlafontaine: if you put 3 gateways with same weight
<rafaeldtinoco> or metric in this case
<rafaeldtinoco> kernel will round robin among them
<rafaeldtinoco> so you will use tcp retransmissions
<ericlafontaine> that's what I would've had expected
<rafaeldtinoco> ah thats the default behaviour
<rafaeldtinoco> and its designed that way
<rafaeldtinoco> because you are using the same routing table
<rafaeldtinoco> (without knowing)
<rafaeldtinoco> kernel has multiple routing tables you could use
<ericlafontaine> yeah, I would have expected that, but it didn't do that
<rafaeldtinoco> it didnt ?
<ericlafontaine> which is why I don't understan
<rafaeldtinoco> what did it do ?
<ericlafontaine> it stuck with the "highest" interface in the order "ens5" > "ens4" > "ens3"
<ericlafontaine> I've been starting to read about the kernel internal structure to understand
<ericlafontaine> fib_tree, etc.
<ericlafontaine> so trying to see what am I missing
<rafaeldtinoco> so it always used the latest default router
<ericlafontaine> I was expecting to be kicked out of the server when I restarted "ens4" but that didn't happen
<rafaeldtinoco> routes are cached for existing connections
<ericlafontaine> ip route show cache is always empty
<ericlafontaine> maybe I didn't bound the interface the right way?
<rafaeldtinoco> well you didnt assign them weights
<ericlafontaine> "ip link set down dev ens4" ?
<rafaeldtinoco> so im not sure the correct behavior nowadays
<ericlafontaine> I didn't and cloud-init gave them 100 I believe by default
<rafaeldtinoco> the old behavior was:
<rafaeldtinoco> https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html
<rafaeldtinoco> ahhhhhhh actually
<rafaeldtinoco> the old behavior without weights
<rafaeldtinoco> was not to load balance at all
<rafaeldtinoco> was to use latest default gateway
<rafaeldtinoco> #)
<ericlafontaine> ?
<rafaeldtinoco> so if you're using the same routing table
<rafaeldtinoco> which likely you are
<ericlafontaine> (by the way, I really appreciate :) I spent 1-2 days on this, and curiosity was killing me )
<rafaeldtinoco> and you add 3 routes to 0.0.0.0
<rafaeldtinoco> only the last one will work
<rafaeldtinoco> that is what happened to you right ?
<rafaeldtinoco> BUT if you have different routing tables
<rafaeldtinoco> then you can assign them weights
<rafaeldtinoco> and load balance among them
<rafaeldtinoco> but you have to have different routing tables
<rafaeldtinoco> not the same one
<rafaeldtinoco> because the rules have hierarchy
<rafaeldtinoco> if you satisfied the route, you dont need another
<ericlafontaine> it's rules over route tables, right?
<rafaeldtinoco> yep
<ericlafontaine> 30 sec
<ericlafontaine> I'll go on the server
<rafaeldtinoco> sure
<ericlafontaine> I might lose my connectivity...
<rafaeldtinoco> #(
<ericlafo_> Alright, I'm back
<rafaeldtinoco> ok
<ericlafo_> so I can send you the all the routing I have on the server
<rafaeldtinoco> so.. 1st things 1st
<rafaeldtinoco> you're using netplan to configure its nics
<rafaeldtinoco> correct ?
<ericlafo_> yes
<rafaeldtinoco> can I see your /etc/netplan/* files ?
<rafaeldtinoco> in order for that
<rafaeldtinoco> you can pastebin them
<rafaeldtinoco> its easer =)
<ericlafo_> here?
<rafaeldtinoco> paste.ubuntu.com
<rafaeldtinoco> paste there and get me a likn
<ericlafo_> https://paste.ubuntu.com/p/mw9fGR3QtK/
<ericlafo_> I'll get you the routing table as well
<rafaeldtinoco> alright
<ericlafo_> https://paste.ubuntu.com/p/Z5t9qhzn4V/
<ericlafo_> routing ^
<rafaeldtinoco> default via 198.18.200.1 dev ens5 proto dhcp metric 100
<rafaeldtinoco> default via 192.168.128.1 dev ens4 proto dhcp metric 100
<rafaeldtinoco> default via 192.168.129.1 dev ens3 proto dhcp metric 100
<rafaeldtinoco> so they're all in the same routing table
<rafaeldtinoco> with the same metric
<rafaeldtinoco> only the latest interface (to get dhcp)
<ericlafo_> yup
<rafaeldtinoco> will have an operatinal gateway
<rafaeldtinoco> you should drop the gateways you dont need
<ericlafo_> The behaviour I have is the ens5 can be the only interface not bounced and it still would be the default gateway used.
<rafaeldtinoco> what do you mean by bounced ?
<ericlafo_> "ip link set down ens3"
<ericlafo_> "ip link set up ens3"
<rafaeldtinoco> ah gotcha
<rafaeldtinoco> so a reset
<rafaeldtinoco> if you reset a nic then you lose the default gw
<rafaeldtinoco> and then you lose conectivity
<rafaeldtinoco> because the other one becomes operational
<rafaeldtinoco> is that it ?
<ericlafo_> nope, I'm not losing my connectivity...
<rafaeldtinoco> lose conectivity meaning nic down / nic up again
<ericlafo_> ens5 stays my default gateway in the server
<rafaeldtinoco> because its your last added gateway
<ericlafo_> which is the behaviour I wanted but I don't get how it works
<ericlafo_> what do you mean by "last added"?
<rafaeldtinoco> if you do this:
<rafaeldtinoco> route add default gw 1.1.1.1
<rafaeldtinoco> route add default gw 2.2.2.1
<rafaeldtinoco> route add default gw 3.3.3.1
<rafaeldtinoco> all 3 have the same metric
<rafaeldtinoco> kernel will only reach 2.2.2.1 if 3.3.3.1 can't be reached
<rafaeldtinoco> no ?
<ericlafo_> well that wasn't what I would have expected since I removed the dhcp interface, no?
<ericlafo_> so I would have expected the route to be re-applied when I was bringing the interface up again
<rafaeldtinoco> ooooooooooo
<rafaeldtinoco> no you did not remove the ip
<rafaeldtinoco> its a real nic
<rafaeldtinoco> if it was a virtual nic.. you would have dropped the nick
<rafaeldtinoco> like veth0 for example
<rafaeldtinoco> but for a real one
<rafaeldtinoco> IP stays there if you up/down
<rafaeldtinoco> have u shutdown the networkd for that nic ?
<ericlafo_> nope, I didn't find individual interface services
<ericlafo_>    26  systemctl status sys-subsystem-net-devices-ens3.device
<ericlafo_>    27  systemctl restart sys-subsystem-net-devices-ens3.device
<ericlafo_> I did try this though;
<ericlafo_> but it was denied as an operation
<rafaeldtinoco> are you root ?
<rafaeldtinoco> =)
<ericlafo_> yup
<rafaeldtinoco> this is the device itself
<rafaeldtinoco> its a .device unit file
<rafaeldtinoco> so it wont restart
<rafaeldtinoco> its internal to systemd
<ericlafo_> so what would the service be named?  I only found the "systemd-networkd" service which seemed to manage all interfaces
<ericlafo_> (did I say that I really appreciate?  I really do :) I've been struggling to understand )
<rafaeldtinoco> let me get one example here
<rafaeldtinoco> damn, all my machines are using ifupdown currently
<rafaeldtinoco> :o)
<ericlafo_> XD
<rafaeldtinoco> im unsure you can control the interfaces like a systemd unit
<ericlafo_> I'll setup my other non-work computer to be able to continue discussing here while having the server connected to tryout stuff
<rafaeldtinoco> i think you would change your .network files
<rafaeldtinoco> and restart networkd
<rafaeldtinoco> and it would reconfig as you want
<rafaeldtinoco> networkctl shows the configured nics
<ericlafo_> I didn't find the .network file in /etc/systemd/network
<rafaeldtinoco> thats the netplan secret
<ericlafo_> I'll try the networkctl
<rafaeldtinoco> if you had create the .network files on your own
<ericlafo_> ha ha !, thanks
<rafaeldtinoco> you could put into /etc/systemd/network
<rafaeldtinoco> for example
<rafaeldtinoco> yours is probably at
<rafaeldtinoco>  /var/run/systemd/network
<rafaeldtinoco> give it a try
<rafaeldtinoco> cd /var/run/systemd
<rafaeldtinoco> find . | grep -i network
<rafaeldtinoco> i gotta go now (dinner time here)
<rafaeldtinoco> ericlafo_: rafaeldtinoco@ubuntu.com
<rafaeldtinoco> drop me an email if you have any other questios
<rafaeldtinoco> ill try to address if I can
<rafaeldtinoco> or hang around here
<rafaeldtinoco> we're always over here =)
<ericlafo_> alright, thanks :) I'll look through what you provided an email you the conclusions :)
<ericlafo_> thanks a lot!
<rafaeldtinoco> sure. good luck
<rafaeldtinoco> my pleasure. take care o/
<ericlafo_> o/
#ubuntu-server 2019-11-30
<ericlafo_> Hi Folks, I found out what was happening, there is a neighbor monitoring working for ipv4 (router discovery).  This causes my 2 other interface on which one didn't have a gateway and the other wasn't configured yet.  So, in all 3 of my interfaces, only one had a working gateway and was usable.  The kernel was aware of this and returned always the working gateway interface when looking at it with "ip route get x.x.x.
<ericlafo_> ise here was the dynamism with which the kernel was able to adapt.  :) I will now return satisfied.
<foo> I have an old netbook. 7+ years old. I want to install ubuntu server on it mainly to ssh in and transfer data to an external drive. It looks like 18.04.3 LTS is 64-bit only, not sure if that's best for this old netbook. Any other suggestions?
<mybalzitch> if your cpu supports 64bit its fine
<foo> mybalzitch: how would I know? I can get into safe mode shell on it with an older ubuntu distro now (not sure what's on here just yet)
<mybalzitch> if you can get me the cpu name from cat /proc/cpuinfo I can look it up and tell you
<mybalzitch> but you can probably use that older ubuntu distro just as well as anything else to copy files on/off
<foo> mybalzitch: looks like this: https://www.newegg.com/p/N82E16834152115
<foo> mybalzitch: intel atom inside
<foo> hmm
<foo> mybalzitch: yeah, hm. It seems to be hanging at "checking battery state"
<mybalzitch> it's 32bit only, so that other OS won't boot
<mybalzitch> can you ctrl+c the check?
<mybalzitch> or wait it out I guess
<foo> mybalzitch: thank you for the confirmation. ctrl+c doesn't seem to matter. I do have another dell inspiron here that is newer... I might just use this instead
<mybalzitch> would you like me to check that for you as well? ark.intel.com is the site I'm using
<foo> mybalzitch: thank you for asking, just turning it on now... this is 2019 I was told. Waiting for it to boot up to see what's on it.
<mybalzitch> I'm not sure what hte battery state being checked entails, there should be a way to interrupt it you'd think, but maybe not
<mybalzitch> oh, so much newer
<foo> mybalzitch: ... yeah. It might also have usb 3 which would be nice.
<foo> mybalzitch: and yes, I am surprised a battery check could prevent a system from booting up. There may be another power issue going on, I'm really not sure
<mybalzitch> what happens if you press ctrl+alt+f1 or ctrl+alt+f2, do you get a login prompt?
<foo> ubuntu 9.10 kernel 2.6.31-15-generic on the old netbook. The inspiron is still coming online (looks like it's installing windows updates).
<foo> mybalzitch: oh, there is a login screen when I ctrl+alt+f1. Nice. Uh, err, I don't remember this user/pass. But nonetheless, at least I can get into it. Looks like ubuntu 10.04.2 LTS actually
<mybalzitch> :)
<foo> mybalzitch: thanks for "being there" - I've done quite a bit of tinkering with linux in my day but am a bit rusty. :)
<mybalzitch> ah sometimes hand holding is nice for both parties
<mybalzitch> :)
<mybalzitch> if you are copying off a NTFS drive, a newer version of ubuntu will probably work best
<mybalzitch> but if its fat32 or a linux filesystem, pretty much anything will do
#ubuntu-server 2019-12-01
<foo> mybalzitch: 1TB, 4GB of RAM, intel core i3 CPU @ 2.10Ghz... is what this inspiron has. awesome.
<jayjo> (asked this on #ubuntu) what are the best tools for monitoring disk usage on an ubuntu cluster? are there solutions available that do things like give both cluster info and per-host info? I'm on ec2, and I see some cloudwatch agents you can run in order to ship info to their service. Are there some good alternatives?
<Zaliek> I'm working with a new install of ubuntu server 19.10 and for some reason setfacl isn't installed? Is there a reason it's not included anymore? Did it get replaced in favor of something else?
