[00:00] <Centaur5> soren: Yeah, I installed a specific smartlink file from synaptic so I guess I don't know what I'm doing.  :)
[00:00] <Centaur5> soren: Would pppoe taking control of ppp0 have a conflict?
[00:02] <soren> Centaur5: Depends on what you want to do with the modem. :)
[00:02] <soren> Centaur5: Not all uses of modems involve ppp.
[00:02] <Centaur5> soren: I want to use hylafax so any machine can send a fax.  Any better method for doing this?
[00:03] <soren> Centaur5: Not sure. I've used asterisk for it a few times.
[00:03] <soren> Centaur5: But that's quite different.
[00:04] <Centaur5> I know this is going to be a newbie question but how to you find out if the modem is using /dev/ttyS0?
[00:05] <soren> Centaur5: Just use /dev/modem
[00:05] <soren> Aw, crap, I need to go to bed.
[00:05] <soren> Time flies when you're having fun.
[00:05] <Centaur5> soren: alright, thanks.  I'll try to figure it out.
[00:05] <Centaur5> or when you're arguing?
[00:06] <soren> Centaur5: Arguing is fun.
[00:06] <soren> sometimes.
[00:06] <soren> Centaur5: When it turns out to be not completely pointless, it's fine.
[00:06] <Centaur5> haha, if you're going to argue with the wife do it naked so you can make up promptly
[00:07] <soren> and this time, I managed to convince someone that I was right (or so i think), so it's all good.
[00:07] <soren> Centaur5: Good advice.
[00:07] <soren> :)
[00:07] <Centaur5> alright, g'night soren
[00:08] <hatter> yes, g'night soren
[00:08] <soren> g'night, everyone.
[00:08] <ajmitch> night soren
[00:08] <soren> Oh, hi, ajmitch!
[00:08] <soren> And good night.
[00:08] <ajmitch> hi :)
[00:08] <soren> :)
[00:08]  * soren whisks off to bed.
[00:20] <osmosis> anyone know how I can enable putting the monitor in power saving mode during inactivity, rather then just blank screen?
[00:27] <lamont> nealmcb: ew.  smarthost/password... is that sasl-ish?
[00:27] <lamont> nealmcb: so what I need is a howto-do-sasl config
[00:33] <nealmcb> lamont: I'm haven't looked at exactly what fastmail lis looking for, and maybe this is a less common use case than I was thinking, but it seems like it would be increasingly popular.
[00:39] <nealmcb> lamont: the itch that started me down this path was wanting to run caff to sign keys from the uds-boston keysigning party.  but I didn't have email configured on my laptop, and I didn't have my pgp keys configured on the server I send mail from.  I thought while I was at it, it should be a smarthost setup to fastmail (a password-protected relay)  so it would work on the road without reconfiguration.  but maybe the number of smarthost installs t
[00:41] <lamont> ah.
[00:42] <lamont> I just taught my postfix install that anyone with a cert signed by my CA is loved.
[00:43] <nealmcb> and maybe it's silly to even be wanting to run postfix on the laptop since I usually read it over ssh via mutt to another machine.  but I'll probably be changing that.
[00:44] <nealmcb> lamont: I don't run the smarthost - just the postfix on the laptop - so I don't set the policy...
[00:44] <fujin_> Anyone familiar with freeradius?
[00:44] <fujin_> I'm having some freaky issues trying to use 1.1.7-1 from debian unstable
[00:45] <fujin_> reeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so: undefined symbol: sql_get_socket
[00:50] <lamont> nealmcb: once I have a good sasl-config writeup that doesn't break the other options, I plan to include it.
[00:50] <lamont> it's more a function of me not needing it :-(
[00:52] <nealmcb> lamont: i.e. you want someone else to figure out how to fit that into the way ubuntu does sasl configs?  I'm certainly no expert there, but if I ever get the itch badly enough I may plunge in....
[00:53] <lamont> I don't care who does it... I just know it'll go faster if someone else does it...
[00:53] <nealmcb> in the meantime I'll send some patches to the doc to clarify that this is NOT what the current doc describes how to do....
[00:54] <nealmcb> re: who does it - that's what I thought - makes sense
[01:01] <ScottK> nealmcb: Did you get your smarthost problem solved?
[01:02] <nealmcb> ScottK: nope
[01:02] <ScottK> nealmcb: What do you use for SASL?
[01:02] <nealmcb> nothing yet
[01:02] <nealmcb> I'm just using my cable smarthost for the time being
[01:02] <nealmcb> no password there
[01:02] <ScottK> If you have "The Book of Postfix" it gives you a good how-to.
[01:02] <lamont> ScottK: heh.  I might at that
[01:03] <lamont> not sure where it's hiding though
[01:04]  * lamont works on figuring out what got changed in gutsy(?) that broke pam/ldap for him
[01:05] <ScottK> Using cyrus-sasl and sasl-db it wasn't that hard.
[01:05] <ScottK> Assuming you've set cyrus-sasl up once already.
[01:06] <nealmcb> Looking at my thunderbird config, I'm not even sure it uses sasl - it specifies "username and password" and "tls" but doesn't say sasl, though thunderbird may just be dealing with it under the covers....
[01:07] <ScottK> That's SASL.
[01:10] <lamont> if it wants a user/pass, it's SASL
[01:11] <nealmcb> it's been too many years since I looked at that - so even plain text passwords are sasl - that makes sense....
[01:13] <nealmcb> so in the real world, how common are plain-text passwords that use tls for secrecy, vs no-tls, and some other crypto for just the passwords?
[01:15] <lamont> anyone here using ldap for user creds?
[01:15]  * nealmcb resists the urge to !ask lamont (not)
[01:16] <lamont> nealmcb: well, the follow up is "WTF am I doing wrong?"
[01:16] <lamont> I had it working in feisty, and then y'all made it better in gutsy, and broke everything
[01:16] <nealmcb> lamont: You'll have to be more specific :-)
[01:17] <nealmcb> perhaps the question is "will the last person to touch ldap step forward" :-)
[01:18] <lamont> ldapsearch -LLL -x -D cn=admin,dc=mmjgroup,dc=com -W -H ldaps://ldap.mmjgroup.com -b dc=mmjgroup,dc=com 'uid=lamont'
[01:18] <lamont> that works. finger lamont doesn't hit ldap
[01:18] <lamont> rather, if I use a diff user, which only exists in ldap, then 'no such user' although ldapsearch happily drops the entire entry above.
[01:20] <zul> 'lo
[01:25] <ScottK> nealmcb: plain methods plus TLS are the most common I believe.  I suspect plain with no TLS is nearly if not more common.
[01:38]  * lamont is reminded that he hates perl
[02:04] <lamont> fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
[02:04] <lamont> connect(3, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("192.168.35.41")}, 16) = -1 EINPROGRESS (Operation now in progress)
[02:04] <lamont> select(1024, NULL, [3], NULL, {30, 0})  = 1 (out [3], left {30, 0})
[02:04] <lamont> getpeername(3, 0xbfe35138, [128])       = -1 ENOTCONN (Transport endpoint is not connected)
[02:04] <lamont> maybe it's not me...
[02:04] <lamont> I think there should be a "connect" call after the select, no?
[02:05] <fujin_> ITS YOUUUU
[02:05] <fujin_> no
[02:06] <lamont> heh.
[02:06] <lamont> so... why did getent use ldap, instead of ldaps.
[02:08] <lamont> for the love of pete
[02:09] <lamont> diff ldap.conf{.bad,}
[02:09] <lamont> 2c2
[02:09] <lamont> < uri ldaps://ldap.mmjgroup.com
[02:09] <lamont> ---
[02:09] <lamont> > uri ldaps://ldap.mmjgroup.com/
[02:12] <lamont> it would really be nice if the docs actually said that a trailing slash is required.  Or, for the &*)(*^)( win, append a / when there isn't one.
[02:13] <fujin_> heh.
[02:14] <fujin_> have you got start_tls or whatever it is?
[02:14] <fujin_> tls start_tls
[02:14] <fujin_> ssl start_tls
[02:14] <fujin_> that's it
[02:14] <fujin_> ssl on/off/start_tls
[02:14] <fujin_> I gave up on tls/ssl
[02:14]  * lamont floods a little.
[02:14] <fujin_> and just put all of my ldap authentication into a secure airgap network and put it plaintext
[02:14] <lamont> base dc=mmjgroup,dc=com
[02:14] <lamont> uri ldaps://ldap.mmjgroup.com/
[02:14] <lamont> ldap_version 3
[02:14] <lamont> rootbinddn cn=admin,dc=mmjgroup,dc=com
[02:14] <lamont> nss_base_passwd ou=People,dc=mmjgroup,dc=com?one
[02:14] <lamont> nss_base_shadow ou=People,dc=mmjgroup,dc=com?one
[02:14] <lamont> nss_base_group  ou=Group,dc=mmjgroup,dc=com?one
[02:14] <lamont> TLS_CACERT /etc/ssl/certs/MMJ-2005-cacert.pem
[02:14] <lamont> TLS_REQCERT demand
[02:14] <lamont> use_sasl no
[02:14] <lamont> rootuse_sasl no
[02:15] <fujin_> mm, looks fine
[02:15] <lamont> works fine, except for gutsy (1) renaming all the files, and (2) changing to require that trailing slash
[02:15] <fujin_> awesome gutsyness
[02:15] <fujin_> I haven't even started testing it yet :\
[02:15] <lamont> oh, I expect that it's true in debian too
[02:15] <wasabi> Oh geeze.
[02:15] <wasabi> nss-ldapisms
[02:15] <wasabi> shield my eyes!
[02:15] <fujin_> wasabi: nothing else can do what it does!
[02:15] <lamont> nss is love
[02:15] <wasabi> Winbind and Samba can
[02:15] <wasabi> Better
[02:15] <fujin_> oh pfft
[02:16] <lamont> except for the sodomotron parts.
[02:16] <wasabi> I would not mind LDAP on Linux if nss-ldap and pam-ldap didn't suck so blatantly compared to alternatives.
[02:26] <fujin_> yeah, that's true
[02:26] <fujin_> they are pretty shit
[02:26] <fujin_> I wish my senior hadn't told me we had to use it
[02:27] <fujin_> so that I could use like, nss-mysql and pam-mysql
[02:27] <fujin_> or something, else.
[02:48]  * lamont looks around for a pam.conf knowledgeable person to confirm that '... required pam_permit.so' is basically a no-op
[02:48] <lamont> whereas '... sufficient pam_permit.so' is a "no more checking, just let'em in" directive
[02:50] <fujin_> should be sufficient pam_ldap.so
[02:50] <fujin_> required pam_permit.so
[02:52] <lamont> right
[02:53] <lamont> my "sufficient" example above being totally wrong other than for explaining how stupid it is...
[03:53]  * lamont calls the new home-config package sufficient.
[04:30] <Centaur5> is there a way to see a dhcp table of what addresses have been given out on Gutsy?
[04:39] <hatter> Centaur5, do you mean /var/lib/dhcpd.leases
[04:39] <lamont> hatter: /var/lib/dhcp3/dhcpd.leases
[04:39] <lamont> er, Centaur5
[04:39] <hatter> ya thats it
[04:39] <Centaur5> perfect, thanks
[07:40] <_ruben> bah .. i suffered from Bug #141601 last night .. not sure if i should be happy with the fact that it's a "known" issue :p
[07:40] <ubotu> Launchpad bug 141601 in tasksel "tasksel packages stays at 100%" [Undecided,New] https://launchpad.net/bugs/141601
[08:03] <soren> _ruben: What does it mean that a package is at 100%?
[08:37] <svschwartz> hi all
[08:37] <svschwartz> got question
[08:38] <svschwartz> does ubuntu-server use upstart or sysv ?
[08:39] <svschwartz> Gutsy
[08:40] <svschwartz> how can I figure this out?
[08:40] <avatar_> you've installed gutsy?
[08:40] <avatar_> dpkg -l |grep upstart
[08:40] <svschwartz> yes
[08:40] <avatar_> gutsy uses upstart
[08:41] <svschwartz> Is there any tool like sysv-rc-conf to manage startup sctipts ?
[08:44] <svschwartz> there is upstart-compat-sysv package that says "compatibility for System-V-like init" so I gues sysv-rc-conf is ok
[08:47] <svschwartz> anybody here interested in creating drive images ? I've found good project - fork of partimage, it needs our help https://launchpad.net/partimage-ng
[09:05] <_ruben> soren: its indeed described a bit vague, but it means that the progress bar gets stuck at 100%
[09:06] <soren> _ruben: Aha.. Anything interesting in the process table?
[09:06] <_ruben> zombie process
[09:07] <_ruben> cant reproduce atm since im at work and the issue was at home and wol aint working on that box :/
[09:07] <_ruben> i think it was some apt-* process that was in zombie state
[09:08] <_ruben> it was 1 or 2 lines below the whiptail process
[09:08] <soren> _ruben: The proces that is a zombie is not the problem.
[09:09] <_ruben> (never really understood the real concept of zombie procs)
[09:10] <_ruben> apart from getting rid of them can be quite tedious, except for this case, killing the tasksel proc kills all
[09:12] <soren> It's hardly ever tedious.
[09:12] <soren> When a process terminates, it has an exit code.
[09:13] <soren> Until another proces has read this exit code (by issuing the wait() system call), the process can't be removed from the process table.
[09:14] <soren> A process that has terminated, but has not been "reaped" (had its exit code read), is a zombie process.
[09:14] <_ruben> ah, didnt know that
[09:14] <soren> If a process' parent process dies, the process is orphaned and adopted by init (pid 1).
[09:14] <soren> init will always take care of calling wait() on terminated processes.
[09:15] <soren> So... Putting these two facts together, we get:
[09:15] <soren> To get rid of zombie processes, you need to focus on the parent.
[09:15] <soren> Get the parent to bury its dying child process, or kill the parent so that init can take care of it for them.
[09:15] <soren> A zombie process is harmless.
[09:16] <soren> It takes a spot in the process table, but all its memory and such has already been freed.
[09:16] <soren> It's cosmetic, really.
[09:17] <_ruben> true .. tho the fact that tasksel is hanging (be it cause or result), is a bit of an issue ;)
[09:18] <soren> _ruben: Possibly. I'd need to see the process table when this happens.
[09:18] <_ruben> figured as much
[09:19] <_ruben> trying to reproduce it on a vm here probably aint gonna work, since if it'd be 100% reproducable, there would probably be more comments, etc
[09:19] <soren> yeah
[09:20] <_ruben> on the system i played with last night (dell c521) it was 100% reproducable (tried few times)
[09:20] <_ruben> tho i cant think of anything fancy that could be causing this
[09:31] <soren> Dunno.
[14:13] <AnRkey> how can i get nmap to use a broadcast ip?
[14:13] <AnRkey> it's driving me nuts cause google is not turning up much
[14:13] <ivoks> why would you do that?
[14:19] <sommer> AnRkey: do you want to scan an entire subnet?
[14:19] <sommer> AnRkey: sudo nmap -sS 10.0.0.0/8
[14:20] <sommer> for example... if you are trying to scan a subnet anyway
[14:23] <AnRkey> yeah but our cisco vlans are confed to block broadcasts
[14:23] <AnRkey> so i need to spec a broadcast ip in the nmap command
[14:24] <AnRkey> for example when we use wakeonlan we do ... wakeonlap -i 172.16.10.255 -p 9 172.16.12.0/24
[14:25] <AnRkey> so the wakeonlan broadcast for 12.0/24 goes through 10.255
[14:25] <AnRkey> i can't see any option for broadcast ip's in nmap though...
[14:26] <sommer> AnRkey: mmmm... not sure, you might double check the man page if you haven't
[14:28] <AnRkey> i have almost memorized the man page :D
[14:29] <AnRkey> thanks anyhow
[14:31] <AnRkey> i will not let it win!!!
[14:38] <ivoks> people do strange things with their networks :)
[14:40] <soren> AnRkey: It wont' work anyway.
[14:41] <soren> AnRkey: I can't imagine any system in its right mind will respond to requests sent to the broadcast address.
[14:47] <ScottK> lamont: Got a minute for an HPPA question?
[14:47] <AnRkey> good point soren
[14:48]  * AnRkey ponders his predicament...
[14:51] <ScottK> lamont: Nevermind.  Figured it out.  Sendmail isn't built yet.  Urgh.
[14:52] <ScottK> lamont: Are you planning on asking for give backs on Universe stuff that doesn't build for HPPA in Hardy because builds are out of sequence?
[14:52] <lamont> ScottK: yeah.  at some point.
[14:52] <lamont> I figured I'd let it catch up, and then have someone do a mass give-back
[14:53] <lamont> sendmail should bump up?
[14:53] <ScottK> OK.  I won't worry about it then.
[14:53] <lamont> and what needs to be retried because of it?
[14:53] <ScottK> lamont: dkim-milter
[14:53] <ScottK> It was looking for libmilter1, but HPPA doesn't have it yet because Sendmail 8.14 isn't built yet on HPPA.
[14:54] <lamont> sendmail at 900, dkim-milter at 350
[14:54] <ScottK> Which means?
[14:54] <lamont> so it's _way_ down the pipe after sendnail
[14:55] <lamont> sendmail will build before anything else in universe, after all of main
[14:55] <ScottK> Well it already FTBFS once.
[14:55] <lamont> universe largely defaults to 355, so it'll come after a large chunk of universe
[14:55] <lamont> dkim-milter, taht is
[14:55] <lamont> sendmail ftbfs?
[14:55] <ScottK> No, dkim-milter
[14:55] <ScottK> Sendmail is not yet built.
[14:55] <ScottK> The new one
[14:56] <ScottK> 8.13 built, but not 8.14.
[14:57] <lamont> sendmail is next up, unless something from main hops in ahead of it.
[14:58]  * lamont needs to go heads-down on a work thang today
[15:17] <kraut> moin
[16:02] <Runithad> hello, this is my first visit, I have 2 ubuntu servers hosting 10 domains :-)
[16:09] <nealmcb> Runithad: welcome!
[16:44] <Runithad> thx
[16:54] <jaredthane> I need to build php5 with a certain configure options. How can I figure out which configure options the ubuntu php5 package has?
[16:59] <sommer> jaredthane: php --info from a terminal will tell you.
[16:59] <sommer> you could also create an info.php file calling the phpinfo() function.
[17:14] <Gargoyle> if I am using DRBD with heatbeat 2, do I still need outdate-peer in drbd.conf?
[17:35] <kshah> What is the preferred way for granting ftp access to a non home directory, for instance the apache web directory /var/www -R , using vsftpd
[17:36] <somerville32> Just give the account access to that directory
[17:36] <somerville32> Or even set it's home directory to /var/www if you want it to start there on login
[17:37] <kshah> set the users home directory
[17:37] <kshah> ?
[17:37] <kshah> or chmod the user
[17:38] <somerville32> If you want them to start in /var/www when they login, set their home directory to that
[17:38] <somerville32> However, that doesn't give them permissions
[17:38] <somerville32> You need to change the permissions to do that
[17:40] <kshah> thx
[17:40] <somerville32> No problem.
[18:00] <kshah> i want to fully understand file permissions, so if /var/www is owned by user root and group root, to give my local user write permission there, i have to execute chmod with the +o option?
[18:01] <somerville32> kshah, no
[18:01] <kshah> oh no
[18:01] <kshah> how does my local user relate to the groups?
[18:02] <somerville32> You would have to set the group for /var/www to something different
[18:02] <somerville32> And than add that user to that group
[18:02] <somerville32> and set the permissions for the group for that directory to what you want
[18:05] <kshah> okay that makes sense, but does that effect, say the daemons who need to read there, apache, or rails?
[18:05] <somerville32> It might if you don't do it correctly
[18:07] <kshah> I'm not following, as I understand the apache user is www-data, right?
[18:07] <kshah> but unless they are in the 'root' group, how does their access work?
[18:08] <somerville32> What is the output of ls -l | grep www ?
[18:09] <kshah> 755
[18:09] <kshah> for /var/www and subs
[18:10] <somerville32> Who is the owner and group of /var/www
[18:10] <kshah> root / root
[18:13] <kshah> i just don't get what is the proper way to give my user permissions to the /var/www directory
[18:16] <dantalizing> kshah "sudo chown -R <username> /var/www" then "sudo chgrp -R www-data /var/www" will allow your user to "own" the files, and the web server to read them
[18:18] <kshah> dantalizing: and that won't interfere with rails or anything like that because Apache hands off the files to rails and then rails back to Apache?
[18:20] <kshah> okay, so now I 'own' the files, and I put myself in the group that apache creates when it installs www-data? is that right
[18:21] <dantalizing> shouldnt interfere with your rails
[18:21] <dantalizing> regarding your perm setup, really depends on what else you need to do
[18:21] <dantalizing> does the web server process need to modify files?
[18:22] <dantalizing> do you have other users who will be modifying files?
[18:22] <kshah> users: probably not
[18:22] <dantalizing> if you own the files, no need to add yourself to www-data
[18:22] <kshah> web server process: i don't know, this is just a rails app
[18:23] <kshah> are you saying that if rails needs to create a file, it may have a problem since it'll be apache handling it and it doesn't have write permissions?
[18:23] <dantalizing> for instance, a typical php blog app will write to a config.php during a web based configuration, and therefore www-data would need write access to that file
[18:23] <kshah> okay i see, yeah
[18:23] <dantalizing> but if you're just reading files, www-data only needs read
[18:24] <kshah> so then what do people typically do to accomodate for all situations?
[18:24] <kshah> do they just do it case by case?
[18:24] <kshah> and grant permissions for specific files?
[18:24] <kshah> best practice
[18:24] <dantalizing> imho, "all" is too general
[18:24] <kshah> ok
[18:25] <dantalizing> i dont know "best" practice, but for my wifes static website (no rails, no php), i made the files owned by her, read by www-data
[18:25] <dantalizing> all html is 640
[18:26] <dantalizing> and dirs are 750
[18:26] <dantalizing> that wouldnt work if you have a web based template modify page, for instance
[18:27] <dantalizing> I never leave the files with root owner/group
[18:28] <kshah> okay, and so if my rails app needs to write uploaded files, I can do it in a folder that i specifically grant permissions to that is below the web root
[18:28] <dantalizing> or preferably outside the webroot, but yes
[18:29] <dantalizing> so assuming you own the dir, and www-data is the group, that dirs permissions would be 770
[18:32] <kshah> cool, I think I got it, make exceptions to the security, not security to the exceptions
[18:32] <dantalizing> well put..
[18:33] <kshah> exceptions might not be the best word, but I get it :) thank you dantalizing
[18:33] <dantalizing> advice worth every penny you paid!
[18:33] <dantalizing> :)
[18:37] <kshah> lol
[19:16] <dendrobates> bug 155947
[19:16] <ubotu> Launchpad bug 155947 in libnss-ldap "ldap config  causes Ubuntu to hang at a reboot" [Undecided,Incomplete] https://launchpad.net/bugs/155947
[19:17] <zul> i think we got bitten by that today
[19:17] <zul> at work
[19:21] <alephant> Hey all...
[19:21] <alephant> I have a Dell PERC 5i controller that works beautifully with the megaraid_sas driver
[19:21] <alephant> but now I'd like to get notified when the array is degraded
[19:22] <alephant> I yanked out a drive, and the LEDs indicated that the array was being rebuilt, but there's nothing in syslog
[19:24] <alephant> Will the module do any status reporting, or do I need Dell's OpenManage cra^H^H^H stuff to talk to the controller?
[19:27] <alephant> ...so apparently the megaraid_sas has no hooks into /proc >:-|
[19:27] <alephant> Anybody had any luck with the Dell OMSA stuff in Ubuntu?
[19:31] <kshah> can anyone possibly tell me a reason why every time my friend visits my website (any file, ubuntu 7, apache 2.2) he has to refresh the page before it shows, the first time he visits it is a blank page?
[19:31] <mralphabet> kshah: his cache
[19:32] <kshah> mralphabet: but it is the first time he's visited the page, he clear his cache and it still requires him to refresh, or am I misunderstanding you?
[19:33] <mralphabet> so you make a page, blah.html with stuff in it and it shows blank the first time he visits it?
[19:33] <kshah> yes
[19:33] <mralphabet> sorry, I misunderstood then, that is odd
[19:35] <mralphabet> does your error log say anything?
[19:38] <mralphabet> does this happen for any other visitors?
[19:39] <kshah> it doesn't happen for me
[19:39] <kshah> checking the log
[19:39] <mralphabet> if it works for you and doesn't for him, I have to say it is something on his side of things
[19:39] <mralphabet> what client browser?
[19:40] <kshah> FF
[19:41] <kshah> its so odd
[19:41] <mralphabet> and has he tried IE?
[19:42] <mralphabet> or safari or any of the others?
[19:42] <mralphabet> or lynx if he's on a linux box?
[19:42] <kshah> asking him to use IE
[19:43] <kshah> I wonder if it is because there is a conflicting DNS entry
[19:43] <kshah> two servers both claiming to be something.com
[19:43] <kshah> doesn't seem to make sense though
[19:44] <mralphabet> that could be a roundrobin answer
[19:44] <mralphabet> attempt 1 goes to ip 1, attempt 2 goes to ip 2
[20:03] <h4x0r7h1s> damnit
[20:04] <h4x0r7h1s> I am using mod_jk to connect to an ajp13 worker, and it totally ignores my JkWorkersFile setting and just initializes a worker called ajp13 trying to connect to localhost:8009
[20:04] <h4x0r7h1s> it'll bitch if the file isn't there of course, but it doesn't load workers from it
[20:24] <kshah> not sure if I should ask this here or in #apache, but I've successfully followed the ubuntu-server guide in the past to enable SSL, self signed, but I want to it to work like a real website, only for pages that I designate as needing to be secure, login/logout, accounts, etc
[20:24] <kshah> can someone help me with that?
[20:26] <sommer> kshah: you can place the security settings in a .htaccess file
[20:26] <sommer> I'm not 100% sure if that's what you're looking for though.
[20:27] <kshah> well, like when someone clicks on 'login', that should be in https://
[20:27] <kshah> 'should be in' didn't make sense, but you know what i mean
[20:28] <sommer> kshah: for a situation like that what I usually do is a rewrite rule.
[20:28] <mralphabet> the link that you make points to https://somesite.com/somedir/somesslfile.html
[20:28] <kshah> okay, i know what you mean, i think i saw an example of that
[20:28] <kshah> sommer: in the conf file
[20:28] <mralphabet> kshah: did your friend fix his browsing problem?
[20:29] <sommer> kshah: should be there's also some great examples in the docs on the apache site.
[20:29] <kshah> mralphabet: I don't think so, I don't think its happening to him in IE, he doesn't know whats up
[20:31] <kshah> sommer: thanks, I think I read over an example there, I just wanted to confirm here in case I misunderstood
[20:31] <sommer> np
[20:39] <jtole> hey guys, I am looking to do load balancing with failover for a web site, the two locations for the site are located states away from each other and we were originally going to do DNS with two A records and low cache so we can manually remove one if a site goes down
[20:39] <jtole> but I thought you guys might know of a better solution
[20:39] <ivoks> redhat-cluster-suite + ldirectord
[20:39] <ivoks> oh... sorry
[20:40] <ivoks> states away
[20:40] <ivoks> didn't notice that part :)
[20:40] <jtole> especially if it can be automated so if one site fails, traffic is automatically diverted to site B
[20:40] <jtole> yeah, it's ok
[20:41] <jtole> plus it has to be OS independent since the sites are on windows IIS/SQL however some of them are on xen on ubuntu with a debian IDS at one site
[20:41] <jtole> SQL is fine actually, the web servers always connect to the SQL at the same site
[20:41] <jtole> so basically it would be end user @ anywhere connecting to 80/443
[20:45] <ivoks> well... you can't do much on those systems
[20:46] <ivoks> both have public IP address, right?
[20:48] <fujin> jtole: use the linux HA packages
[20:49] <fujin> can do easy failover between n+1+x systems
[20:49] <fujin> I use it here locally on a private LAN for a callcentre Asterisk setup
[20:49] <fujin> across the intertrons it should work fine
[20:49] <fujin> oh what
[20:49] <fujin> one server is windows? nevermind
[20:50] <ScottK> ivoks: Saw your reply on the server list.  Sounds very good.  I think this will be a big step forward for Ubuntu mail server easy of setup.
[20:50] <ScottK> easy/ease
[20:52] <ivoks> i hope so
[20:53] <ivoks> fujin: HA or redhat-cluster-suite is not good options for this situations
[20:54] <jtole> ivoks: yes, they are all on public IP, like I said, right now our main coarse of action is DNS with two A records and a 5 minute cache time but if one server goes down it requires manual intervention to initiate the failover
[20:54] <jtole> fujin: so for linux HA I am fscked?
[20:55] <ivoks> jtole: do you really have a fail over?
[20:55] <ScottK> jtole: You could write a script to check and modify the DNS if it gets no response.
[20:55] <ivoks> i mean... i guess each server has it's own sql database, right?
[20:55] <ivoks> so... services don't fail over
[20:55] <ivoks> they just die, right?
[20:56] <ScottK> Personally, I think it's more trouble than it's worth.  Just make the primary as reliable as you can and suck up what little outages you get unless it's so critical you can afford to do it right.
[20:58] <jtole> ivoks: no, not yet, the second co-location will be implemented in about two weeks
[20:58] <jtole> right now we just simply have a primary site
[20:58] <ivoks> will they have same SQL data?
[20:59] <jtole> ivoks, there will be SQL servers at each site, currently there are two at our main site but no fail over and it is managed hosting solution (which I don't like) and they will not provide us one
[20:59] <jtole> however both sites will be getting transaction (up to the minute) updates of remote sites
[20:59] <jtole> MS SQL transactional replication
[21:00] <ivoks> and one machine is windows, and the other is linux?
[21:01] <sommer> ScottK: hey, just wondering if you'd had a chance to review the Mail Filtering section of the Postfix docs?
[21:01] <ScottK> No.  Sorry.  Still on my list.
[21:01] <sommer> ScottK: cool, no rush
[21:08] <jtole> ScottK: it is not only crucial but was more then a recommendation of upper management, so far I have allocated 24k in new hw expenses as well as 1400 a month on co-location costs and it was all approved in record time
[21:09] <jtole> I don't imagine any big web site has only one location and I have seen many mid sized companies in previous employment that do not
[21:09] <ScottK> jtole: In that case, I'd suggest doing a proper failover or HA solution like ivoks was suggesting.  Don't mess with the Windows/Linux mix
[21:09] <jtole> well right now windows is a requirement
[21:09] <fujin> yuck@windows/linux mix
[21:09] <fujin> then do windows/windows
[21:09] <ScottK> jtole: True, but I think it's more important for scalability than reliability.
[21:10] <fujin> and use the windows cluster tools
[21:10] <jtole> fujin: windows VM is a pain in the ass and we want quick restoration in the event of a problem
[21:10] <ScottK> My web host, on a shared server has ~5 minutes of down time a year.
[21:10] <mralphabet> all that you have right now is round robin dns answers and a low TTL, that is not failover ;(
[21:10] <jtole> i.e. in xen copying c:\ from 5 days ago back over corrupt c:\ etc
[21:11] <jtole> ScottK: well our managed hosting provider has had 3 of our servers go down in the last few months
[21:11] <ivoks> so those are windows on top of linux
[21:11] <mralphabet> jtole: if you want quick recovery from a meltdown on the windows side, there is a symantec product that can restore to bare metal in ~ 1 hour
[21:11] <ivoks> ayayay
[21:11] <jtole> that is why co-location is now a priority
[21:11] <fujin> jtole: then use linux/linux
[21:11] <ScottK> jtole: Then get a better provider.
[21:11] <jtole> ivoks: yes A windows on top of linux
[21:11] <jtole> xen
[21:12]  * mralphabet sighs
[21:12] <ivoks> drop linux and go with windows only
[21:12] <ivoks> nothing else works
[21:12] <jtole> fujin: windows is a requirement, this site has been long established for years and is all ASP / SQL 2000
[21:12] <jtole> ScottK: co-location will be a better provider
[21:12] <mralphabet> then take linux out of the equation and use the windows HA tools
[21:14] <mralphabet> does the linux OS actually do anything other then serve xen?
[21:14] <jtole> mralphabet: no but it will be serving multiple machines on xen
[21:15] <mralphabet> and what do these multiple vm's do? one for asp and one for sql?
[21:15] <jtole> two for IIS, one SQL, one mail, another one running linux nagios on one of the machines
[21:16] <ivoks> so many xen machines...
[21:16] <ivoks> i hope you have two quad core processors :)
[21:16] <jtole> that is what xen was built for
[21:16] <fujin> you're doing it wrong
[21:16] <ivoks> and 16GB of ram :)
[21:16] <fujin> as I said earlier
[21:17] <mralphabet> aye, you are doing it wrong
[21:17] <jtole> yes, AMD 2.4 Ghz w/ 8GB RAM and RAID 5 with 5 250GB sata 2
[21:17] <fujin> take Linux out of the equation and use the windows clustering/HA tools
[21:17] <mralphabet> your stated goals do not match up with the hardware / software mix you have
[21:17] <jtole> on two machines + IDS and bypass switch + switch w/ monitor port
[21:17] <jtole> so you guys are saying to lose windows all together on this one?
[21:17] <akincer> !pastbin
[21:17] <ubotu> Sorry, I don't know anything about pastbin - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
[21:18] <jtole> er, lose linux I mean
[21:18] <akincer> !pastebin
[21:18] <ubotu> pastebin is a service to post large texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu-nl.org (make sure you give us the URL for your paste - see also the #ubuntu channel topic)
[21:18] <fujin> jtole: either lose linux, or lose windows
[21:18] <mralphabet> or go to vmware esx
[21:18] <fujin> a 100% linux environment will enable you to use the heartbeat / linux-ha clustering packages for failover
[21:18] <mralphabet> esx has failover packages for vm's
[21:18] <fujin> and a 100% windows environment will let you do a similar thing with clustering
[21:18] <fujin> mralphabet: esx wont' work, as, his two servers are 'states' away afaik
[21:18] <ivoks> khm... redhat-cluster-suite instead of ha :)
[21:18] <jtole> like I said, I can't lose windows, I would like to but I cannot
[21:19] <fujin> wth@ redhat-cluster-suite
[21:19] <fujin> I don't even know what that is, it's so wrong
[21:19] <fujin> s/redhat.*//
[21:19] <mralphabet> fujin: I thought esx could do remote failover in case a building disappears
[21:19] <jtole> lol
[21:19] <ivoks> fujin: ?
[21:19] <fujin> mralphabet: not sure about that
[21:19] <fujin> but ESX at both locations would be expensive
[21:19] <ivoks> fujin: it's a tool, fully suported in ubuntu
[21:19] <fujin> (san, n+1 esx hosts)
[21:19] <ivoks> wich isn't something you can say for ha
[21:19] <jtole> well, unfortunatly, we won't have linux at all at one site
[21:20] <fujin> ivoks: apt-get install heartbeat?
[21:20] <fujin> apt-get install heartbeat2
[21:20] <ivoks> fujin: in universe
[21:20] <mralphabet> fujin: he's already 24k deep /shrug
[21:20] <jtole> although this may become two co-locations once the first one is up and proves useful
[21:20] <ivoks> fujin: r-c-s is in main
[21:20] <ivoks> fujin: and much much better than ha
[21:20] <fujin> mralphabet: san+esx host(s) > 100k
[21:20] <mralphabet> fujin: what's another 75?! ;)
[21:20] <fujin> I guess.
[21:20] <akincer> I posted here a week or so ago about a Tripp Lite KVM keyboard and touchpad that didn't work in the server install. I got it working only by unplugging and plugging it back in. I included output of dmesg in this process here http://paste.ubuntu-nl.org/45942/
[21:21] <fujin> akincer: log a bug
[21:21] <akincer> Was just thinking that
[21:21] <mralphabet> fujin: i'm just being sarcastic
[21:22] <fujin> Generally the engineer shouldn't have to worry about pricing.
[21:22] <mralphabet> true, to a point
[21:23] <mralphabet> anyway, jtole, as I said before, your stated goals and what have already don't really mix
[21:23] <jtole> I gotta run, cheers
[21:23] <mralphabet> I feel kinda bad for him
[21:24] <fujin> heh, yeah.
[21:24] <fujin> I wouldn't want to inherit that shitbag of a system.
[21:24] <fujin> he *is* doing it wrong, though.
[21:24] <mralphabet> yes
[21:24] <mralphabet> he's asking for help AFTER he already bought the system
[21:24] <fujin> "I did it wrong! help!"
[21:24] <fujin> ;|
[21:25] <fujin> epic fail
[21:25] <mralphabet> how about the novel approach of doing a little research first ;(
[21:25] <fujin> That's always good.
[21:28] <ivoks> fujin: if you use HA, really check out cluster-suite
[21:29] <akincer> Got a bug report of my very own. How nice
[21:29] <fujin> It'd be a pain to change it.
[21:29] <ivoks> fujin: it provides some features HA doesn't and provides support for shared (file) systems like drbd and gfs
[21:30] <ivoks> fujin: that's what i tought so
[21:30] <fujin> ivoks: I rolled heartbeat v1 (linux-ha) for my systems, for basic ping-node failover.
[21:30] <ivoks> fujin: now i just wish i did't it sooner :)
[21:30] <fujin> and have no use for drbd/gfs
[21:30] <fujin> I just check if asterisk is running, check conectivity etc
[21:30] <fujin> it's only very basic.
[21:30] <ivoks> ok
[21:31] <ivoks> s/drbd/gnbd/
[21:31] <fujin> is gnbd functionally identical to drbd?
[21:31] <ivoks> no
[21:31] <fujin> I had thought of using drbd for voicemail replication etc
[21:31] <ivoks> drbd provides shared disk
[21:31] <fujin> but gave up and went with one-way rsync from the secondary from the primary
[21:31] <ivoks> gnbd provides access to physical disk
[21:31] <fujin> oh, cool
[21:32] <fujin> ivoks: without copying the data?
[21:32] <ivoks> with drbd you can set up network mirror
[21:32] <ivoks> with drbd?
[21:32] <ivoks> i'm using drbd for web servers
[21:33] <fujin> what does GNDB do?
[21:33] <ivoks> imagine you have NAS
[21:33] <fujin> provide access to data over the network (like NFS)?
[21:33] <fujin> I've been looking for a way to share mailstores between my 3 mailhosts
[21:33] <ivoks> well, yes and no... :)
[21:33] <fujin> all the data is on a SAN, but implementing file locking between them has been a pain
[21:33] <ivoks> filesystem does that
[21:34] <ivoks> with gnbd you export device
[21:34] <ivoks> and then create GFS on it
[21:34] <fujin> I see.
[21:34] <ivoks> so all systems can access that device at the same time
[21:34] <ivoks> you just need to make sure that gnbd server doesn't fail
[21:34] <ivoks> this is why i use drbd
[21:35] <ivoks> drbd keeps data in sync on two machines
[21:35] <ivoks> and allows both machines to rw at the same time
[21:35] <ivoks> with GFS on top of it, problems with locking are solved
[21:36] <fujin> but theoretically
[21:36] <fujin> I'm reading the usage stuff now
[21:36] <fujin> it looks like it'll do what I want
[21:36] <ivoks> i took me one week to figure it out what is what exactly :)
[21:36] <fujin> drbd would work, but replicating 300gb of mail is silly
[21:36] <fujin> between all 3
[21:36] <ivoks> you can't do that
[21:37] <fujin> oh?
[21:37] <ivoks> you can have only two primaries at the same time
[21:37] <ivoks> it's doesn't replicate all 300GB, only changes
[21:37] <ivoks> so, on reboot, only changes are replicated
[21:37] <fujin> I see
[21:37] <fujin> but it'll still mean having 300gb x X
[21:37] <fujin> just to redundantly have 300gb
[21:37] <ivoks> yes
[21:37] <fujin> while space isnt' really an issue (we've a 5tb~ SAN)
[21:38] <fujin> I'd prefer something that just shared the exact data, with happy file locking
[21:38] <fujin> (and wasn't NFS!)
[21:38]  * fujin cringes @ NFS
[21:38] <ivoks> gnbd+gfs
[21:38] <fujin> Yes, it seems like it'll do what I want.
[21:38] <ivoks> just don't use OCFS
[21:39] <ivoks> ocfs died on me couple of times during testing
[21:39] <ivoks> gfs works great
[21:39] <fujin> Thanks for the suggestion
[21:39] <fujin> I've made note of it and will investigate further when my current projects are completed
[21:40] <ivoks> source: http://sources.redhat.com/cluster/
[21:40] <ivoks> :)
[21:40] <fujin> And you said it's apt-gettable?
[21:40] <ivoks> it's in main
[21:40] <fujin> That's handy.
[21:40] <ivoks> it's only clustering system supported in ubuntu
[21:41] <ivoks> everything else is in universe
[21:41] <ivoks> community supported
[21:41] <fujin> I see.
[21:41]  * Nafallo hates servers
[21:41] <fujin> I hadn't had any issue with linux-ha, and that was the first tutorial I found
[21:41] <ivoks> me too
[21:41] <fujin> generally don't do application-level failover.
[21:41] <fujin> or, hadn't done it before
[21:41] <ivoks> i had one problem with linux-ha
[21:42] <ivoks> two machines, both runing mysql in master-master replication
[21:42] <ivoks> each machine has it's own IP
[21:42] <ivoks> and mysql binds to that IP
[21:42] <ivoks> one has VIP, so mysql binds to VIP also
[21:42] <ivoks> but when that machine fails, VIP goes to other machine
[21:42] <fujin> nasty
[21:43] <ivoks> and then you have a problem
[21:43] <fujin> I hate two-way MySQL replication.
[21:43] <fujin> we do master-slave here, with manual failover
[21:43] <ivoks> mysql needs restart, cause it isn't binded to VIP
[21:43] <ivoks> with r-c-s, you don't have to do that :)
[21:43] <fujin> ivoks: any resources/tutorials on r-c-s configuration?
[21:43] <ivoks> fujin: there's a GUI tool for setting up :D
[21:44] <fujin> My servers don't run GUI's!
[21:44] <ivoks> it creates cluster.conf
[21:44] <ivoks> no... it's a tool; you can run it on your laptop
[21:44] <ivoks> it creates cluster.conf, which you then transfer to servers
[21:44] <fujin> I wouldn't run Ubuntu on a desktop, either.
[21:45] <fujin> does apt-getting redhat-cluster-suite install all of the magic stuff? like gfs-tools etc?
[21:45] <ivoks> yes
[21:45] <fujin> ah, it's a metapackage I see.
[21:45] <fujin> so, basically
[21:46] <fujin> the clients (my mailhosts, in this example) will have gfs and gndb client configured
[21:46] <fujin> and then theoretically behind that I'd have say, mailstores
[21:46] <fujin> with gndb-server and gfs installed on it
[21:46] <fujin> s/it/them/
[21:46] <ivoks> right
[21:47] <fujin> cool
[21:47] <fujin> sounds great
[21:47] <fujin> now if only I could find some documentation or a tutorial on rcs
[21:47] <ivoks> there are PDFs
[21:47] <ivoks> search for Global_Network_Block_Device.pdf
[21:48] <ivoks> and
[21:48] <ivoks> Cluster_Administration.pdf
[21:48] <ivoks> and Global_File_Syste.pdf too
[21:48] <fujin> cool, found it
[21:49] <fujin> will pass them onto my senior and have him browse through
[21:49] <fujin> may roll it on my phone system too, for the fun of it :)
[21:50] <ivoks> if you have only two servers
[21:50] <ivoks> it would, maybe, be better to stay with HA
[21:53] <ivoks> anyway... good night to you all