/srv/irclogs.ubuntu.com/2008/01/11/#ubuntu-server.txt

owhJust for fun, I'm not going to have to install X just to compile/run/install vmware-tools am I?00:00
* kgoetz shrug - whats its build deps? :PO00:00
kgoetzafk. company meeting00:03
owhHave fun.00:03
=== macd_ is now known as macd
kgoetzhm. company shouting lunch today. i'm on a roll :O00:51
owhkgoetz: My company shouts me lunch, dinner and breakfast every day.01:08
kgoetzi'm a contractor, so its good ;)01:08
owhkgoetz: I wasn't bragging, my company == me :)01:08
kgoetzowh: hehe :)01:09
owhkgoetz: Now all I need to do is figure out how to make it an expense :)01:10
kgoetz*grin* 'ongoing maintainance' ;)01:11
owhROTFL01:12
owhThanks, I needed that.01:12
kgoetzits free :p01:13
thomas_newbie__hey guys :)01:14
owhWhere do I find a single paragraph description of a "valid debian policy compliant version number" so checkinstall will allow me to create a package - I'd like it to reflect reality. The actual version for the code is "1.0.4 build-56528"01:15
kgoetzthomas_newbie__: hey there :)01:15
owhAlternatively, how do I mangle that version no?01:15
thomas_newbie__my teacher suggested to me that I put in something called PAM between my router and my computer01:15
kgoetzowh: you on oftc? ask #debian-mentors (or read their /topic)01:16
kgoetzowh: actually, try #ubuntu-motu , and read their /topic :)01:16
owhphone01:17
thomas_newbie__kgoetz: hey can i ask you bunch of questiosn01:18
kgoetznot sure calling them will help01:18
kgoetzthomas_newbie__: no, but you can ask the channel :)01:18
thomas_newbie__sorry :S;01:19
thomas_newbie__anyway um, remember  you were helping me setup my server yesterday and I was saying how I have 2 computers on my internal network, 1 of them hostin web and ssh servers01:20
thomas_newbie__Now in order for the other to be hijacked or somehow intruded, the intruder has to go through my machine first right?01:20
thomas_newbie__If the other computer is not running any services, then would a hijacker be able to do something with that computer?01:24
thomas_newbie__I mean no ports would be open, so I shouldn't worry about somethign going wrong with the 2nd computer. Only mine the ones with the servers......?01:25
kgoetzafk.01:25
kgoetzlunch01:25
owhthomas_newbie__: The *only* way to secure a computer through the network is to physically disconnect the the network. After that, all you're doing is putting policies in place. There is no such thing as a secure computer, just exploits not yet discovered.01:29
wickedrashk...tape noob here.. I am trying to backup a bunch of my data to a 40/80 DLT with bacula01:39
wickedrashcan anyone help?01:39
wickedrashhello01:41
owhwickedrash: You may get a better response if you actually asked a question.01:48
owhwickedrash: "can anyone help?" does not qualify as a question.01:49
wickedrashI am having trouble with bacula-web01:50
wickedrashhello01:51
wickedrashgot a bacula tape backup question.. bacula-web says DB: not found?01:52
wickedrashthe bacula.conf is correct as far as I know01:53
thomas_newbie__owh: lol obviously i don't want to disconnect it though...I'm just trying to understand how another computer in my internal network that isn't hosting anything can be hacked if I'm hosting a server01:57
owhthomas_newbie__: My point was that if it's physically connected to the wire that is connected to the net, then technically it's possible that it can be hacked. Is it probable? Well that depends entirely on what's plugged into what and what is configured in which way. I cannot answer that with the information you've provided.02:01
owhMan I *love* clients who at the end of a five month project want their server back *now*, rather than 72 hours from now when it's finally finished :|02:03
thomas_newbie__owh: what I'm trying to get at here is, now that I have a server that is accepting incoming connections, what extra security flawls could I have added? How does one intrude an internal network? through the webserver first?02:06
owhthomas_newbie__: When packets arrive from the outside world they can be crafted to look like they're internal, thus creating the illusion of local traffic. This may then be used to gain access.02:07
thomas_newbie__owh: gain access to what? MY computer FIRST?02:07
owhbr02:08
owhbrb02:08
thomas_newbie__owh: i'm sorry if I'm being very vague02:09
owhthomas_newbie__: I didn't really want to get into a big discussion, there are not enough hours in my day as it is. My point was that if you are getting *any* traffic from anywhere, it can be used to fake things making it possible to escalate privileges. As I said, I cannot make more comment with what you've given in the way of information.02:11
thomas_newbie__owh: ok ty02:12
owhnp02:12
jordstouch: cannot touch `this': Permission denied02:16
thomas_newbie__jords: ?02:17
thomas_newbie__if I wanted to change my webserver port number how would people be able to connect through their browser?02:23
leonel http://youserver.com:thenewport02:27
thomas_newbie__leonel: what i don't understnad02:30
leonelif you changed the port  from  80  to  lets say   8502:31
leonel to access your server would be02:31
leonel http://yourserver.com:8502:32
thomas_newbie__leonel: yes but people won't type that in :S02:33
thomas_newbie__brb take a shit02:34
jordsthomas they'll have to03:07
jordsa normal web server must run on port 80 if you don't want people to have to specify the port... or you can do a redirect to send people who access on port 80 to port whatever with most registrars/ dns nameserver providers03:08
jordsso yourserver.com is redirected to yourserver.com:8503:09
XiXaQgood morning.03:20
thomas_newbie__hey XiXaQ03:23
thomas_newbie__XiXaQ: whats up remember me :)03:23
XiXaQyup.03:24
thomas_newbie__hey questino is PAM a good thing for me to set up for my apache webserver03:24
XiXaQI just woke up, so I'm having my first cup of coffee, preparing myself mentally for the installation of a CalDAV server.03:24
thomas_newbie__coooool03:25
thomas_newbie__XiXaQ: you see I want to secure my internal network03:25
XiXaQsecure it from what?03:25
thomas_newbie__XiXaQ: intruders.....hackers....viruses....etc03:26
XiXaQI don't think any one thing you do will protect you from all of that.03:27
thomas_newbie__XiXaQ: .....well i gotta do something to help03:27
XiXaQyou should do something, yes, that's wise.. I'd identify the weak points and fix those. How? I don't know.03:28
XiXaQI'm still trying to make my systems work as they should. Once they do, I'll secure the system as much as I can. Security is an ongoing process though.03:29
zulthomas_newbie__; you might want to check google for locking down apache and things like that03:29
thomas_newbie__i see03:30
XiXaQavoid the private messages please.03:30
thomas_newbie__my bad03:30
XiXaQprobably the easiest way to protect computers in a lan, is to protect the lan itself.03:31
XiXaQif you have a router with a firewall, then that can help alot.03:32
thomas_newbie__yes i have a modem then router that splits 2 connections...1 leads to my servers, the other to another PC03:32
thomas_newbie__well so should I use PAM?03:33
XiXaQfor a private lan, I'd say that's good enough if you configure it properly.03:33
XiXaQI'm not sure what you'd want PAM to do. d03:33
XiXaQyou already have PAM, don't you?03:34
thomas_newbie__my professor suggested I use it03:34
thomas_newbie__you mean by default install?03:34
thomas_newbie__i dunno03:34
XiXaQwhat did he suggest you do with it?03:34
thomas_newbie__he said I could use it as a firewall, aswell as use it to monitor suspicious activity03:35
XiXaQI'm not sure what he meant by that. Sure, you can setup ubuntu as a gateway, using iptables to route and not route traffic. I'm not sure what role PAM would play in that though. Perhaps you could use it to provide a single sign-on for your network computers.03:37
XiXaQpersonally, I'd rely on your router, unless you're doing this because you want to do it, and learn how to do it.03:41
thomas_newbie__just my 1 router? maybe i should get another between me and the first router03:43
kgoetzarvo all03:44
XiXaQthomas_newbie__, I don't know.03:51
thomas_newbie__XiXaQ: alright thanks03:52
XiXaQsleep is a really cool invention. It makes all tasks seem abit lighter :)04:09
XiXaQtoday, I think I'll get my mail/LAMP/CalDAV/LDAP-server working. That'd be really nice.04:09
kgoetznever tried caldev, but i may be able to help with teh others.. perhaps... a tiny bit.. :|04:10
XiXaQI'd be grateful :)04:10
kgoetz:)04:12
XiXaQLDAP is completely unknown territory for me, so I guess that'll be the biggest obstacle, followed by caldav.04:14
kgoetzmmm. ldap was hard (for me)04:15
XiXaQperhaps it's mostly frightening, what with all the weird item stuff, like ou, dc, etc?04:16
kgoetzgetting stuff to auth against its reasonably hard (at first), and if you dont understnad how a Directory works, its harder again04:17
XiXaQdo you mean gaining access to the directory itself, or authentication for other services?04:19
kgoetzinstall ldapscripts , ldap-util(s?), and ldapvi for starters :)04:20
XiXaQwell, actually, ldap will be the last step. :)04:20
kgoetzi'd advise against it :)04:20
XiXaQoh?04:20
kgoetzif your authenticating against it, you want it there early to test against04:21
kgoetzunless your setting everything up seperately, then pointing them all to it somehow04:21
XiXaQyou're talking about single sign-on?04:22
* kgoetz tries to understand perl and logwatch :S04:22
kgoetzyes, or using postfix (slash your mail server) to check for valid users, etc04:22
XiXaQI see. Well, I'm working towards a production system, but at this point, I'm just experimenting and learning. Since mail, web and calendar sharing is most important, I'll do that first. Then I'll add LDAP for contact management, and then probably look into single sign-on and identity management. I also think those are the most complicated services?04:26
kgoetzprobably an ok way to do it04:27
owhnijaba: Would there be interest in making the ubuntu-jeos-builder install the vmware-tools as an option? Also I figured out how to deal with the perl locale errors.07:34
nijabaowh: sure, that would be nice :)07:35
owhThe work-around for the perl is to preface the command with LANG=C, and after the build completes, in the machine itself locale-gen "foobar"07:36
siretarthi!07:37
owhnijaba: I'm not sure how I should implement the vmware-tools build in a managable/maintainable way, because it requires the .tgz file from the .iso (I suppose you could specify it on the cmd line), and then it requires the installation of the build tools, compilation, answering yes a lot.07:37
owhnijaba: I'm loathe to just hack it in, but I'm happy to take some comment on the issue.07:38
nijabaowh: If one can just specify which tgz file to use, that would be a good start07:38
nijabaand I don't see a way away from the yes answering part, but we should ask soren...07:39
XiXaQowh, I've followed that updated blog, and I can't get it working. Same errors as yesterday.07:39
owhnijaba: That's pretty trivial. Lemmie see if I can "encourage the vmware build script" to accept input.07:39
XiXaQkrb5-config not found.07:39
XiXaQit is, of course, possible that the source has changed since he wrote that blog.07:40
owhXiXaQ: Yeah, I did get past that point, but I had a little distraction at this end. I'm hoping to spend some time on it shortly.07:40
XiXaQwhat did you do?07:40
owhXiXaQ: I also noted that the other blog post got the source from a different place and another post that recommends getting python_xattr from within the run -s, rather than a package.07:40
siretartI'm trying to unstall ubuntu 7.10 on my ultrasparc60, using software raid (raid1, mirroring) on 2 disks. Installation went file, however the installed system fails to boot: http://paste.ubuntu-nl.org/51536/07:41
owhXiXaQ: In the URL's I showed you last night - uh, yesterday your time - there was a whole lot of extra information. I'll digg them up again in a mo.07:41
XiXaQI can scroll :)07:41
siretartI'm aware of https://wiki.ubuntu.com/sparc/KnownIssues, and I left an empty partition (1mb) at the beginning. however, that didn't help07:41
owhnijaba: Lemmie have a quick play with a simple redirect, like the chpasswd code does.07:42
nijabaowh: fine07:42
owhXiXaQ: Yeah, but I also had additional information :)07:42
XiXaQoh, ok.07:42
owhXiXaQ: Here's the information I've collected so far on installing the Apple iCal server onto Ubuntu: http://paste.ubuntu-nl.org/51537/07:48
XiXaQgreat.07:48
owhXiXaQ: The forum post especially indicates that we're pretty close. Some of those postings were a hour old yesterday.07:48
XiXaQwere you able to get it up and running, you said?07:48
siretarthm. it didn't even bring up my 2nd raid device.. grrr07:48
owhXiXaQ: No, the command line barfed with missing command caldav.07:49
XiXaQoh.07:49
owhXiXaQ: I suspect that the reason people are reporting success is because I'm using JEOS, they're using ubuntu-server.07:49
owhXiXaQ: I really don't want to install server if I don't have to just now.07:49
owhXiXaQ: So, likely we're talking about a missing package.07:50
owhXiXaQ: I suppose we could play with auto-apt.07:50
owhXiXaQ: That will load everything it asks for, but it means that an autoconf will succeed for all its options, so it will ask for c, gcc, gcc+ and autoapt will get them all :(07:51
owhOf course I might be remembering all that wrong :)07:51
XiXaQowh, well. I'm using ubuntu server. I can't get it working.07:52
owhVersion?07:52
XiXaQboth 710 and 804.07:52
owhOn the 710, try the #13 post from the forum to the letter.07:53
XiXaQI wish someone could assemble a real explanation instead of just referring to other posts without any links. It's very difficult to follow.07:53
XiXaQ"install the packages from the other guide"..07:53
owhOh, one mo.07:53
owhXiXaQ: Doh, you only get the one post with the URL I gave you, here's a better URL: http://ubuntuforums.org/showthread.php?t=650443&page=207:55
owhXiXaQ: You're looking for #1307:55
XiXaQthat's the one I'm looking at.07:56
XiXaQpeople say 704 and 710 as if desktop and server install is the same thing.07:56
owhXiXaQ: Yeah, but the #13 post specifically says 7.10 server07:57
XiXaQok, I'll blank my server and give it another go from there. :)07:58
owhXiXaQ: Also, timeshifter only installs the packages from those two blogs, but follows the instructions from the jl42 blog.07:58
XiXaQok. Here we go :)08:01
owhXiXaQ: Post #17 is also from timeshifter.08:02
XiXaQI'll skip the python2.4 package, since 2.5 is already installed. Don't you think?08:03
owhXiXaQ: I'm following it to the letter.08:05
owhXiXaQ: I figure make it work first, then break it :)08:05
XiXaQit doesn't take too long to revert to a snapshot, so I'll try :)08:05
owhXiXaQ: I'm also using apt-get rather than what I'd normally use, aptitude.08:06
sorenowh: We have the free version of the vmware-tools in the archive now. open-vm-tools.08:07
owhsoren: You beauty!08:08
=== _Doonz is now known as Doonz
XiXaQit actually required python2.408:08
* owh jumps for joy!08:08
XiXaQsoren, that's _great_!08:08
XiXaQsoren, in hardy apt repository?08:08
owhnijaba: Did you see what soren just told us?08:08
sorenXiXaQ: And as of alpha 3, the appropriate kernel modules are included in -virtual (and the other kernel flavours as well, actually).08:09
sorenXiXaQ: Yes, in hardy.08:09
owhsoren: So, can I use that for my jeos/gutsy install?08:09
XiXaQgrand!08:09
owhsoren: Was that a silly question I asked ?08:13
owhXiXaQ: It's downloading a different version of the server, it's not taking nearly as long as yesterday.08:16
XiXaQthis is looking much better.08:16
XiXaQI'm configuring it now, so we'll know shortly :)08:17
* owh is running ./run -s08:17
owhJust finished.08:17
owhXiXaQ: Well there's lots on the console, but it appears to be running.08:18
owhXiXaQ: What's happening at your end?08:22
XiXaQI went out for a cigarette before trying :)08:22
owhHeh :)08:23
sorenowh: It won't work for gutsy, no :(08:23
owhXiXaQ: Mine is running, but I cannot connect to it yet.08:23
owhsoren: Can I back-port it?08:23
owhsoren: I'd rather not go to hardy just yet for a production machine.08:23
sorenowh: Well... Yes, I don't see why not.08:23
sorenowh: There's even a open-vm-tools-source package that you can use to provide the kernel modules (using module-assistant)08:24
owhsoren: Just to be clear, this will allow me to shut down the guest in a nice way, rather than remote power-off?08:24
sorenowh: It should, yes.08:25
owhsoren: I'll have a looksee after I've got this (*&&^% iCal server running :)08:25
XiXaQowh, are you connecting from the same machine or from another one?08:25
owhThanks muchly!08:25
owhXiXaQ: From outside.08:25
owhHmm, that's a point.08:26
XiXaQthe config is set to only accept from 127.0.0.1 it looks like.08:26
owhLemmie see.08:26
owhXiXaQ: But if you remove the address it's supposed to bind to all.08:26
XiXaQblank for all, it sais. I tried that, but I haven't run it yet, so I don't know if it'll work.08:26
* owh is installing telnet :)08:27
XiXaQit's looking very good.08:27
XiXaQwhere do I setup accounts?08:27
owhDunno yet :)08:27
owhIIRC the QuickStartGuide URL tells you that08:27
XiXaQcams blog sais its in accounts.xml in /usr/local/CalendarServer/conf.08:28
owhWell if you followed the other install it will be in /opt/iCalServer/CalendarServer/conf08:28
owhXiXaQ: My console is full of IOError, what is yours doing?08:29
XiXaQit's looking good. No errors.08:29
owhIs it silent?08:29
owhMy fstab line is like this: UUID=b3f3f4bb-98cd-47b4-9830-f9e7061a81b6 opt       ext3    user,rw,user_xattr        0       108:30
=== _icu is now known as icu
XiXaQno, it outputs alot of messages, but all good ones.08:30
owhThe fstab's the only thing I'm not sure I got right.08:31
XiXaQlooks like this: http://rafb.net/p/DzWvHH25.html08:32
owhXiXaQ: Yeah, mine doesn't look like that. Can you show me your fstab?08:32
XiXaQoh.. Ignore the first 69 lines :)08:32
XiXaQyour fstab looks good.08:33
owhI just unmounted /opt and then did mount -a, now when I run it I get: # ./run08:33
owhbash: ./run: /bin/bash: bad interpreter: Permission denied08:33
XiXaQoh.. :/08:34
XiXaQI'm still not able to connect from another machine though. I'll have to have another look at the config.08:34
owhYeah, it really doesn't like me :)08:35
owhXiXaQ: Ah, I cannot exec on this partition at the moment :)08:38
XiXaQI am able to connect using w3m on the server though, but that's not very easily interpreted.08:38
owhXiXaQ: Does yours show user,rw,user_xattr, or does it show defaults,user_xattr08:38
XiXaQseems to ignore my configuration changes..08:38
XiXaQUUID=94a96528-c889-45a1-bc98-d9d02ecdd59c /               ext3    defaults,errors=remount-ro,user_xattr 0       108:39
owhRiiiight.08:39
owhXiXaQ: Niiice, now I get what you get :)08:40
owhAnd I can connect locally.08:40
XiXaQperhaps I'll help if I try to edit the right configuration file.. :)08:40
owhROTFL08:40
XiXaQit did :)08:41
owhWhoot!08:41
owhRemote and all!08:41
XiXaQit's caldavd-dev, not caldavd.08:42
XiXaQyes :)08:42
owhWell, that's step 1 done.08:42
owhNow I did come across a link that talked about how to make Thunderbird talk to this IIRC.08:42
owhSo, the magic was the svn source and making sure that the fstab entry was right.08:43
owhLemmie document that somewhere :)08:43
XiXaQI'm not able to connect from evolution yet though.08:43
owhXiXaQ: One step at a time my friend.08:44
XiXaQyup.08:44
owhToday you achieved a running server :)08:44
XiXaQthat's true :)08:48
XiXaQit would be nice if I could use it for something as well though. :)08:49
owhThat is also true. ATM I'm documenting my steps.08:49
owhXiXaQ: This is how I did it: http://paste.ubuntu-nl.org/51540/08:50
owhXiXaQ: Basically post #1308:50
XiXaQright. Me too.08:55
XiXaQI thought I'd actually confirm that it's working, and not just running before I start documenting.08:55
owhXiXaQ: Except that there are a few others pulling out their hair too...08:56
XiXaQyes, I am going to document it using both 710 server and hardy, but I'm reluctant to say that it's a working setup before I'm actually able to use it.08:57
owhI'll add the disclaimer :)08:58
owhHows this as a disclaimer: Note that this just makes it run, we haven't done any configuration, haven't confirmed we can actually use it, that it won't fill up your hard disk or kill kittens.08:59
XiXaQheh09:07
XiXaQI don't like disclaimers.09:07
XiXaQwell, I've gotten one step closer. Evolution seems to recognize, and connect properly, but when I'm trying to add a new calendar entry, it sais Authentication Required. I have entered username and password though.09:08
=== \sh_away is now known as \sh
owhXiXaQ: Does the console show anything?09:12
XiXaQ2008-01-11 09:26:54+0100 [-] [caldav-8008]  [HTTPChannel,25,84.236.191.26] 'Authentication failed: nonce-count value out of sequence: 3 should be one more than 1'09:12
XiXaQI agree.. 3 _should_ be more than 1.09:13
owhHEHE09:15
owhBug #16019009:16
ubotuLaunchpad bug 160190 in evolution "Evolution cannot authenticate against caldavd" [Undecided,New] https://launchpad.net/bugs/16019009:16
owhXiXaQ: There is a work-around in that bug.09:17
owhAFK ..dinner..09:18
XiXaQhey.. I think it works..09:26
XiXaQit does indeed!09:28
XiXaQI'll go get some food too then! :)09:28
=== mdz_ is now known as mdz
XiXaQowh, did you do the apt-get install's like you write, or one by one?10:21
XiXaQwe also need to make scripts to start the server at boot, and script in /etc/init.d to control it.10:26
XiXaQhow do we do that?10:26
owhXiXaQ: Gotta go and get some fuel, but yes, the apt-gets were done as I wrote them.10:28
owhXiXaQ: I'll be back in about an hour or so.10:28
XiXaQok :)10:30
nawtyHi! :) I'm stuck after updating my ubuntu dapper (which was booting fine) to gutsy (through the releases one by one)10:33
nawtyit seems to now boot and go up to the initramfs prompt, with a message about the /dev/..../by-uid/... being in use10:34
nawtyI've attempted to make it use /dev/hd* values instead, and from there it seems to give me a message about the device not existing, but i do an 'ls' in /dev/, and they're there.10:34
nawtythe original -server kernels work, just the later ones, and the -xen ones don't.10:34
nawtyI've since moved to hardy, in an attempt to see if it was a bug somewhere, but alas, the same thing, unless i boot from an old old old (dapper) kernel.10:35
nawtyAnyone have any idea on where to start?10:35
Nafallonawty: have yu got evms installed? if so, do you use it?10:35
Nafalloyou even10:35
nawtyEvms would only be installed if it's on -server by default, although i'm not sure.10:37
nawtyGive me a moment to see if there's a /dev/evms*10:37
Nafallonawty: dpkg -l evms10:37
nawtynafallo, need to do a reboot to an old kernel quick first10:38
Nafallonawty: evms was installed by default back in dapper.10:38
nawtyah, forgot about that10:38
nawtylet me get rid of that then ;)10:38
Nafallo:-)10:38
nawtyevms is on it's way out10:39
nawtyi read somewhere about the dual UUID thingie generated by EVMS10:40
nawtythat be it then?10:40
nawtyevil ibm.10:40
nawty'i are in your linux, breaking your boot!'10:40
nawtyquick way to regenerate all initrd?10:41
nawty(s)10:41
Nafalloinitramfs? the post-remove should do that I believe?10:46
nawtyonly did the active kernel for some reason10:49
nawtybut as i had to boot into a long old one :P10:50
nawtyand i wanted a newwer one regenerated10:50
nawtyi just -reconfigured the xen one manually.10:50
nawtyperfect boot ;) Thanks Nafallo10:50
Nafallono worries :-)10:57
owhXiXaQ: Hiya.11:35
owhXiXaQ: Just dropping in to say that something's come up at this end and I won't be able to do anything tonight. I'm on LP onno-itmaze, drop me an email.11:36
=== \sh is now known as \sh_away
=== \sh_away is now known as \sh
tjaaltonsoren: ok, I'm ready to test kvm.. I've installed virt-manager and python-virtinst, what else do I need?13:21
* soren is on the phone13:22
tjaalton:)13:22
tjaaltonthere doesn't seem to be a gui for creating guests yet13:33
=== ember_ is now known as ember
sorentjaalton: That's what virt-manager is supposed to do.. Well, among other things.13:44
tjaaltonbut it's not there yet?13:44
sorenSort of.13:44
* soren is still on the phone13:45
* tjaalton reads the wiki howto's13:45
tjaaltoner, kvm howto's from wiki13:46
sorentjaalton: It's sort of tricky..13:49
sorentjaalton: If you're a member of the libvirt group, you can connect to qemu:///system, which gives you privileges to set up various networking stuff etc., but virt-manager is too stupid to understand this. It only looks to see if you're root.13:50
soren...so13:50
sorenyou probably want to run run virt-manager as root to start the installation.13:50
soren...and then afterwards you can connect as your regular user.13:51
* soren is *Really* going to lunch now.13:51
tjaaltonsoren: ok, I'll try. Thanks!13:52
tjaaltonhave a nice meal :)13:52
tjaalton1h22min until alpha3 is downloaded.. time to visit the post office then13:59
zulmorning14:01
ScottKmorning14:02
jordsmorning14:05
jordsit's 3am for me :S14:05
_ruben3am .. that must be aussieland or smth .. since its 3pm here ;)14:38
_rubenwell .. 3:38 by now14:39
=== \sh is now known as \sh_away
=== \sh_away is now known as \sh
nxvl_workmathiaz: around?15:19
tjaaltonsoren: hum, virt-manager complains that it cannot connect (running as root), and suggests to verify that libvirtd is running15:23
sorentjaalton: Is it?15:23
soren:)15:23
tjaaltonno, can't find a single file with that name :)15:24
tjaaltonso maybe I'm missing something15:24
sorenlibvirt-bin is your friend.15:24
tjaaltonok, is there a pseudopackage to pull all of this?15:25
tjaaltonalright, now we're talking :)15:25
tjaaltonheh, no Ubuntu on the OS list :)15:27
sorenDoh.. :)15:27
tjaaltonok, so X fails miserably with kvm :)15:32
sorenOh, really?15:32
tjaaltonwell, it drops into failsafeX15:32
tjaaltonbut kvm rocks, now that I finally have hardware to support it properly15:33
* soren has only really tested it with server or cli installes15:33
soreninstalls, even.15:33
tjaaltonI took the livecd, since there already are bugs that it fails somewhat15:34
sorentjaalton: I can hardly remember which card it emulates.. It's not a Cirrus, is it?15:35
tjaaltonnot sure yet, forgot to change the kb layout15:36
tjaaltonso can't check the log :)15:36
sorentjaalton: oh?15:37
tjaaltonit was broken somehow15:37
sorenlspci says it's a Cirrus Logic GD 5446.15:38
tjaaltonyes, the "bios" screen also says that it's cirrus15:39
sorenOh, ok.15:39
tjaaltonhmm, I can't make it boot the cd image again?15:39
sorenI forget how you do that :)15:39
tjaaltonheh15:40
soren..from the gui, that is.15:41
XiXaQis there a memoserv on this network?15:43
XiXaQor, can someone decipher this message? <owh> XiXaQ: Just dropping in to say that something's come up at this end and I won't be able to do anything tonight. I'm on LP onno-itmaze, drop me an email.15:44
XiXaQwth is an LP onno-itmaze? :)15:45
tjaaltonsoren: ok, so I destroyed the image, created a new one and now it fails to boot the cd, just hangs with a black terminal15:49
sorenXiXaQ: https://edge.launchpad.net/~onno-itmaze15:51
XiXaQah! :)15:51
sorentjaalton: Er..  No clue. :)15:51
XiXaQthanks soren :)15:51
sorentjaalton: virt-manager needs some serious love, IMO. As I said: I usually drive kvm from the commandline.15:52
sorenXiXaQ: no worries :)15:52
XiXaQI'm writing a howto for CalDAV on the wiki, but I could use some help: http://wiki.ubuntu.com/CalendarServer15:53
tjaaltonsoren: heh ok, this is from redhat right?15:53
sorentjaalton: It is. Completely fresh version (from this morning).15:53
tjaaltonooh15:53
sorentjaalton: We get them faster than Fedora :)15:53
sorenI find that amusing :)15:53
=== \sh is now known as \sh_away
tjaaltonah, now I found the place for the image..15:55
tjaaltontheres another device for it, hdc15:55
tjaaltonand it's removed on shutdown :/15:56
tjaaltonand while recreating it assumes it's a normal partition <shrug>15:57
sorenHuh?15:58
tjaaltonuh, no.. it's just not that intuitive15:59
tjaaltonyou can select the cd image as "source" and then specify cdrom as "target"15:59
sorenAh..15:59
tjaaltonat least I found that confusing15:59
sorenThe reason it went missing after the first run is due to a weird assumption that you only need the CD during install and never again.16:00
soren...so it's only connected during the first run.16:00
tjaaltonyeah, and it wont boot from it even if you add it again16:00
sorenNo, there's no way to specify boot device.16:00
soren...that I've found anyway.16:00
sorenAh.. Typo in the vnc code. Ctrl-Alt-Del doesn't work.16:01
tjaaltonso should I file bugs against virt-manager?16:02
sorenOh, yes, please.16:02
sorenThat would be lovely.16:02
tjaaltonI guess the plumbing is good16:03
sorenThe basic building blocks are there... It just needs a lot of love.16:03
tjaaltonI like the way vmware works, since it's much like what a decent pc does16:05
tjaaltonI mean booting wise16:05
tjaaltonpress F12 to start netboot, or "anykey" to boot from cd etc16:05
sorentjaalton: That would be nifty, yes.16:06
tjaaltonbut maybe bios deficiencies can be worked around from the gui16:06
sorenYeah, I think that's the idea.16:06
tjaaltonit just calls kvm?16:06
sorenNot entirely.16:07
sorenIt asks the libvirt deamon to start kvm.16:07
sorenThat daemon attaches itself to kvm so that you can attach new devices at runtime and such.16:07
soren...migrate it to another node.16:07
soren...detach devices...16:08
sorenthat sort of thing.16:08
tjaaltonok, but it should be pretty trivial to specify the boot media16:08
sorenQuite.16:08
sorenIt's a virt-manager limitation.16:08
sorenlibvirt supports it.16:08
tjaaltonyeah16:08
tjaaltonit's been a wet dream of mine to run all the supported distro versions as virtual machines, and I've tried vmware a couple of times now.. but I also like to run the latest devel release, so when vmware modules are not available the setup is unusable16:12
tjaaltonand now it seems that I finally can do it16:13
tjaaltonand keep it16:13
sorentjaalton: Yeah. I've had them all running in vmware as well, but I'm moving them over to kvm one by one now.16:13
tjaaltonhah, no bugs against virt-manager :)16:15
tjaaltonor no users :)16:15
sorenno users, probably.16:15
soren:)16:16
sorenApart from me, and I don't bother filing the bugs. I just fix them :)16:16
tjaaltonthat's good, you'll hear a lot from me then :)16:16
* soren just heard from his new ISP that his new house will be connected to the Intertubes on February 8th16:17
soren\o/16:17
sorenShould be just in time for the move.16:18
tjaaltonheh16:23
geniiDoes anyone know how to go about obtaining a block of telephone numbers in Canada? http://www.cnac.ca/ and the crtc homepage are extremely obtuse on this subject.16:42
* ScottK looks around in /topic for that....16:43
geniiScottK: Heh :) I figured if any ppl in here running asterisk or similar on ubuntu boxes might know is all16:46
=== vjl323_ is now known as vjl323
zulsoren: so what a 2400 baud modem?17:46
sorenzul: 20Mbit down, 2 Mbit up.17:47
sorenIn theory.17:47
zulsoren: cool dsl?17:47
sorenThe other end of the cable is ~450 yards away, so it might be slightly less than that.17:47
sorenYeah, DSL kind of thing.17:47
ScottKSounds like what we get with fiber here.17:47
sorenNot too pricey, either.17:47
zulnfity17:47
sorenAround £40/mo.17:48
zulthats kind of expensive17:48
sorenScottK: Wow. With fiber, I'd get... Loads more.17:48
sorenzul: Not in Denmark.17:48
zulhow much are you paying now?17:48
sorenzul: About the same for 10Mbit down and 384 kbit up.17:49
ScottKThe phone company here (Verizon) is pushing fiber to the house.  I've got the slow one which is (IIRC) 15 MB down and 2MB up.17:49
sorenFiber is *very* expensive here in most places.17:49
leonelplop ..17:49
sorenTo the tune of at least £1000 for installation.. and that's if you're lucky.17:49
zuli just have cable i think its like $40/month (20 ukp/month)17:50
zulsoren: at least its not isdn17:50
soren20Mbit downstream is fine.17:50
sorenOh, well, I've got to run.17:52
* soren calls it a day.17:52
ScottKGood night soren17:53
figginatorHello, does ubuntu server 6.06 need to run a firewall or is it secure by its self? I understand that I should turn off and remove services/programs I'm not using but running a standard lamp install leave me vulnerable18:15
ScottKfigginator: That's a matter of some controversy.  By default it isn't listening to any outside ports and so a firewall offers little if any advantage.18:15
ScottKThe LAMP install does, of course, listen to outside port.18:16
figginatorScottK: so if I'm running the LAMP you suggest I run a firewall18:16
ScottKIt look at what ports are open and decide yourself.  If you are listening on port 80, you really can't firewall it and still have a web server.18:17
* ScottK runs one primarily to let the kernel filter out traffic from abusive sources without bothering any applications.18:18
figginatorscottk: ok, so basiclly running a firewall and then opening up specific ports like 80 and 21 don't really offer great advantages18:18
ScottKNot great, no.18:18
geniifigginator: A page here with some server hardening tips18:19
geniihttp://docs.indymedia.org/view/Sysadmin/ImcSecurityServerHardeningDebian18:19
ScottKOTOH, other than the time invested in managing it, it doesn't hurt.18:19
figginatorscottk: what is the kerne\l filter you run?18:19
figginatorgenii: thanks thats exactly what i'm looking fore18:20
ScottKiptables18:20
geniifigginator: Anytime18:20
figginatorI'm kinda new to ubuntu servers and I just want to make sure I'm not doing something dumb and leaving it wide open18:20
* ScottK doesn't run the LAMP stack, so shouldn't be taken as a definitive answer.18:20
figginatorscottk: is there a tutorial that you know of that explains how to configure iptables for a cookie cutter lamp box?18:21
ScottKNot that I know of, but I haven't looked.18:22
figginatorok18:22
geniifigginator: A good place to check normally for this stuff is on the howtoforge, I seem to recall previously they had ubuntu iptables tutorials there18:23
ScottKAnything written for Debian will likely work out reasonably well for Ubuntu too.18:24
geniiI just found the official one (perhaps not specifically LAMP related however) https://help.ubuntu.com/community/IptablesHowTo18:25
figginatorThanks again genii18:27
ScottKAnything in the community section isn't "official", but most things I've seen are reasonably good.18:27
geniiScottK: Well OK stating it as "official" was over-reaching18:27
geniifigginator: np18:27
h00sI have a problem with ubuntu server 7.10 installed on usb stick/disk (corsair voyager 1gb). After 1 week of running, server just died and showed errors like 'rejecting I/O to dead device'. After reboot everything is ok again. What could be the problem?20:11
leonelacpi ??20:16
h00sso, i should disable it and try without it?20:18
LandonI recently got a VPS set up with Feisty on it, I was wondering if there was any harm in using gutsy repos so I could update some stuff like fail2ban20:30
ScottKh00s: How old is the box you're using it on?20:48
h00sScottK: it's 2 months old :) Intel 201GLY motherboard, SiS964L, Celeron 1.3320:57
ScottKWhat's the chipset?20:57
h00ssis96420:58
h00ssry, it's SiS662 - http://www.intel.com/products/motherboard/D201GLY/index.htm21:00
* ScottK would wonder if that chipset has proper kernel support yet. I'd suggest consulting Google.21:00
h00sok, thank you for the advice21:01
Landonso, would it be safe for the most part to use gutsy repos on a feisty system? (just so long as I didn't do apt-get upgrade or something liek that)21:09
h00sLandon: i was always told that doing such thing is not safe. new software can overwrite dependencies and that dependencies could be used by other software too, so updating one program could break other ones.21:12
Landonoh good point21:12
Landonso I'm basically left to do a dist-upgrade on the VPS account?21:13
LandonI figured that might break more stuff21:13
h00syou could try build that program from source?21:14
Landonwouldn't I still need to update dependences for it that might break other programs?21:16
h00si think it wouldn't (usr directory?) I would like someone confirm this because i'm not sure21:18
nealmcbowh - thanks for the link to your launchpad account - glad to meet you!21:18
nealmcbowh/soren - so what is up with open-vm-tools, libvirt, etc.  do open-vm-tools help with folks running kvm/qemu?21:19
=== nxvl_work_ is now known as nxvl_work

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!