[00:00] <arooni> when trying to set locales in ubuntu i fail hard:  http://pastie.caboo.se/195796  ... ideas?
[00:09] <Mastacheata> tonyyarusso - your server might have all of the new packages but none installed so you won't need to download the new ones but only install them. There was a dpkg parameter doing that. I forgot which, but you can find that yourself
[00:20] <nealmcb> I'm on my way to Prague - see you there!!
[00:22] <sommer> nealmcb: party!
[00:55] <tonyyarusso> Mastacheata: That sounds like it makes sense, since they would have all been downloaded into the apt cache for the mirror.  I suppose if I can't find the paramater, I could clear /var/cache/apt/ and that might short-circuit it eh?
[00:56] <Mastacheata> Makes sense to me too
[00:57] <Mastacheata> But I'm just guessing, no real knowledge behind...
[00:57] <tonyyarusso> Mastacheata: as far as this parameter you speak of, if it's a dpkg thing, how would I pass it to do-release-upgrade, or should I be using something else entirely?
[01:00] <Mastacheata> I guess the problem is that dpkg has all of the packages but not installed so there must be a parameter for dpkg which makes it install the packages. I haven't thought to the point at which you select the packages to install, yet.
[01:02] <sparky01> anyone running Nexuiz server on Ubuntu server 8.04
[01:04] <sparky01> doesn't seem to work with the file from the repos or the binary from sourceforge
[01:06] <sparky01> video game servers are a mission critical app
[01:06] <sparky01> critical for slaking off
[01:06] <sparky01> =P
[01:08] <sparky01> ok
[01:08] <sparky01> i
[01:08] <sparky01> guess
[01:11] <hads> arooni: locale-gen is in the package belocs-locales-bin
[01:47] <xenocampanoli> I hope someone is here.  I'm having trouble configuring ruby.  Apparently the "Action" directive is not available in Ubuntu's version of Apache2?
[01:54] <xenocampanoli> I hope someone is here.  I'm having trouble configuring eruby.  Apparently the "Action" directive is not available in Ubuntu's version of Apache2?
[01:54] <xenocampanoli> Sorry, I meant "ERUBY".lc
[01:58] <nxvl> 2 more days!!
[01:58] <nxvl> wohooo!!!
[02:05] <emgent> heya nxvl :)
[02:12] <nxvl> emgent: :D
[02:57] <sparky01> Anyone get Nexuiz server working/
[03:02] <MacMatt> Hello?
[03:02] <MacMatt> ...anybody?
[03:03] <RoAkSoAx> !hello | MacMatt
[03:03] <MacMatt> Can anyone here help setting up a LAN boot server?
[03:05] <MacMatt> no...?
[03:05] <MacMatt> a LAN Boot server?
[03:08] <MacMatt> so, ... no one knows?
[03:08] <MacMatt> ...no one can help?
[03:08] <ScottK> MacMatt: This is kind of a quiet time of day here.  You'll find more people active during the US/European business day.
[03:08] <MacMatt> oh
[03:08] <MacMatt> ok
[03:08] <MacMatt> thanks
[03:22] <RoAkSoAx> has anyone installed csync2 in Ubuntu?
[04:28] <Navop> Question in the perfect server setup they install ProFTPD, do you really need a ftp
[04:34] <ScottK> Navop: Only if you're a fan of tranmitting unencrypted passwords on the internet.
[04:41] <Navop> ty
[04:55] <Navop> how can i d/l ispconfig2.2.23 in console mode?
[04:57] <ScottK> Just download it or install it?
[04:57] <Navop> I need to d/l first the install it to server
[04:59] <Navop> can u use apt-get install ispconfig2.2.23?
[04:59] <ScottK> With sudo in front of it yes.  That'll download and install it.
[04:59] <ScottK> It should just be sudo apt-get install ispconfig
[05:00] <ScottK> Except that package doesn't seem to be in the Ubuntu repository.
[05:00] <Navop> yeah, wonder where i can get it from
[05:01] <ScottK> They don't seem to host .deb's either.   Not sure what to tell you.
[05:02] <Navop> ty for the help, will go and ask in ubuntu room
[05:14] <pschulz01> Greetings.. how do I install 'mono' under hardy? There doesn't seem to be any 'mono' package available.
[05:14] <pschulz01> mono-gmcs ?
[05:17] <pschulz01> Anyone here..?
[05:18] <Navop> ScottK: got my answer :)
[05:19] <Navop> ls
[06:57] <arooni> hey folks!  when i do sudo crontab -e ... i'm not editing with vim.  how can i fix this?
[06:58] <Jeeves_> update-alternatives, afaik
[06:58] <Jeeves_> But I always forget how that works :)
[06:59] <arooni> Jeeves_, is that for me?
[07:02] <hads> or just export VISUAL=vim
[07:02] <Jeeves_> arooni: Yes
[07:02] <Jeeves_> hads: You could do that, but that only works once
[07:03] <hads> Well yes, unless you put it in your .bashrc
[07:03] <Jeeves_> hads: That's true
[07:04] <arooni> how do i make sure that mysql server, apache server comes back up automatically upon hardy server restart?
[07:04] <hads> They will by default
[07:04] <arooni> how come 'reboot' doesn't cause mys erver to reboot
[07:04] <arooni> awesome!
[07:04] <Jeeves_> arooni: If you did an 'apt-get install', that automatically
[07:05] <hads> you'll need to sudo reboot
[07:05] <arooni> how can i test to make sure mysql server and apache server came back up
[07:05] <arooni> i just did a reboot
[07:05] <hads> Um... use them?
[07:06] <arooni> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
[07:06] <arooni> ubuntu /var/www: ps -lA | ack apache ... yields nothing
[07:06] <arooni> and yes i did install with sudo apt-get install
[07:18] <arooni> anyone know how to get the mysql server to load on ubuntu hardy server?  i run it:  but it gives me the error of  [ERROR] Can't start server: Bind on TCP/IP port: Cannot assign requested address; 080513  2:08:54 [ERROR] Do you already have another mysqld server running on port: 3306 ;   tried stopping it & running netstat -plon | grep 3306 with no results.   ... ideaz?
[07:19] <AtomicSpark> arooni, did you try installing it with tasksel? the LAMP option?
[07:20] <arooni> AtomicSpark, i dont recall;  i used linode.com;  who had their default ubuntu hardy install
[07:21] <AtomicSpark> oh. how did you install mysql then? or did they?
[07:22] <arooni> AtomicSpark, no i did;  i believe i ran sudo apt-get install mysql
[07:22] <arooni> ro mysql-server; not sure which
[07:22] <AtomicSpark> hmm
[07:23] <AtomicSpark> are those dedicated servers? not bad for 20/mo
[07:23] <arooni> no they are vps
[07:23] <AtomicSpark> oh virtual.. hmm.
[07:23] <AtomicSpark> are you sure you didn't have mysql installed already? it's usually installed with LAMP
[07:26] <arooni> not sure;  i thought i needed to run sudo apt-get install
[07:26] <arooni> errors:  http://pastie.caboo.se/195925
[07:27] <AtomicSpark> that is very interesting
[07:29] <AtomicSpark> is this a production machine? hosts a website? don't want to tell you to try things :P
[07:30] <arooni> hosting a web app
[07:30] <arooni> its cool
[07:30] <arooni> we can blow it up
[07:30] <AtomicSpark> well first do this. run "sudo tasksel" you should get a blue screen. same as during install.
[07:30] <AtomicSpark> tell me if LAMP option is checked
[07:31] <AtomicSpark> oh wait
[07:31] <AtomicSpark> those errors are coming from mysqladmin. that's not mysql.
[07:31] <AtomicSpark> are those client or server errors?
[07:31] <arooni> i'm having problems with my locale that i can see:  perl: warning: Please check that your locale settings:
[07:31] <arooni>   	LANGUAGE = (unset),
[07:31] <arooni>   	LC_ALL = (unset),
[07:31] <arooni> 	LANG = "en_CA.UTF-8"
[07:31] <arooni>  
[07:31] <arooni> oops sorry for apstie
[07:32] <arooni> AtomicSpark, i'm trying to login to the the admin... but i really want the server to be up more than anything
[07:32] <arooni> it doesnt seem to be up
[07:33] <AtomicSpark> well admin is pretty pointless unless you can run it from the server. which requires gui.
[07:33] <AtomicSpark> its for configuring the server part. you probably want the query browser to interact with databases
[07:33] <arooni> AtomicSpark, thats what i mean yes
[07:35] <AtomicSpark> hm.. not sure what to tell you. i'm sure the mysqld was installed when they installed the LAMP stack (not sure if proper term)
[07:37] <AtomicSpark> you could always check if there is a mysqld or equivalent in /etc/init.d/
[07:38] <arooni> i think its a iptables thing
[07:38] <AtomicSpark> could be. ubuntu does block everything by default. it should open up the ports as the programs are installed though.
[07:38] <AtomicSpark> you could always re install. it wont remove config files unless you purge it.
[07:39] <hads> AtomicSpark: mysqladmin is a CLI program provided to administer mysqld, also the default policy for iptables is allow.
[07:40] <arooni> ok fixed it!
[07:40] <arooni> looks like my locale isn't being set properly:  http://pastie.caboo.se/195926 ... on ubuntu hardy... any ideas on how to fix?
[07:43] <AtomicSpark> hads, i thought he was referring to the gui tools. :P and i thought i read that ubuntu blocks all unused ports? maybe they were just referring to the service isn't there, its not a security hole. lol.
[07:45] <AtomicSpark> arooni, i'm not familiar with perl. as far as system wide local setting. i'm not sure either. i've only chosen it during install.
[07:46] <AtomicSpark> http://blog.andrewbeacock.com/2007/01/how-to-change-your-default-locale-on.html ?
[08:27] <kraut> moin
[08:42]  * delcoyote hi
[09:12] <vagoth|friend> Quelles différences y at-il dans ubuntu et debian serveur?
[09:13] <vagoth|friend> Mitä erot ovat siellä ubuntu-palvelimeen ja Debian on?
[09:15] <Jeeves_> English might work better
[09:15] <vagoth|friend> 	
[09:15] <vagoth|friend> Mitä?
[09:16] <Jeeves_> English
[09:17] <Jeeves_> You know, that other language :)
[09:18] <vagoth|friend> En ymmärrä.
[09:19] <Jeeves_> vagoth|friend: Stop talking your own language, and try to talk english.
[09:26] <c00l2sv> hi, did somebody succeed in configuring postfix with dkim-filter ? can that one help me too?
[09:35] <AtomicSpark> !english
[09:35] <vagoth|friend> ?
[09:37] <Kamping_Kaiser> vagoth|friend, where is vagoth?
[09:38] <vagoth|friend> u want spek with vagoth?
[09:38] <Kamping_Kaiser> yes
[09:38] <vagoth|friend> he no here
[09:39] <Kamping_Kaiser> vagoth|friend, what is your language?
[09:40] <vagoth|friend> Portuguese
[09:41] <vagoth|friend> man more too
[09:42] <Kamping_Kaiser> vagoth|friend, try #ubuntu-pt
[09:42] <AtomicSpark> !portuguese
[09:42] <AtomicSpark> yes one of those :)
[09:42] <vagoth|friend> Obrigado
[09:42] <Kamping_Kaiser> :)
[09:45] <vagothcpp> oh god...
[09:46] <vagothcpp> I need to refine my portuguese, I told him NOT to talk in irc...
[09:46] <Kamping_Kaiser> hehehe
[09:46]  * vagothcpp apologizes for any agony my portuguese friend may have caused you.
[09:47] <Kamping_Kaiser> its ok. i'm more worried about him :)
[09:47]  * Kamping_Kaiser noticed an australian hostmask, hence asking for you above :)
[09:48] <vagothcpp> Hehe, our university is doing an exchange program.
[09:48]  * vagothcpp is the host family.
[09:48] <Kamping_Kaiser> oh, nice.
[09:48] <Kamping_Kaiser> hope he gets himself fixed up
[09:49] <Kamping_Kaiser> (irc wise)
[09:49] <vagothcpp> I need to fix up my language skills first, I probably told him to try talk instead of don't talk.
[09:50] <vagothcpp> his been to all my channels.. alot of explaining to do.
[09:51] <Kamping_Kaiser> his whois only shos 5... unless thats your usual amount
[09:52] <vagothcpp> On another server.
[09:52] <vagothcpp> I gotta go help him with our "aussie" study's
[09:52] <Kamping_Kaiser> *grin*
[09:52] <vagothcpp> Yay. Involuntry work.
[09:53] <vagothcpp> It was that or go help homeless people in china *shudder*
[09:53]  * Kamping_Kaiser wonders where he lives
[10:39] <mathiaz> nijaba: what is the proper way to file bug against the ubuntu-server guide ?
[10:39] <mathiaz> nijaba: is it against ubuntu-doc or is there another package ?
[10:39] <nijaba> mathiaz: I think it is to file it against ubuntu-doc
[10:40] <mathiaz> nijaba: thks.
[10:40] <nijaba> mathiaz: subscribe sommer to it won't hurt as well
[11:15] <Kamping_Kaiser> any idea when we would expect the .1 update? are we thinking 6 months? 12 months?
[11:16] <hads> "These will start three months after the LTS, and be repeated every six months until the next LTS is out."
[11:16] <Kamping_Kaiser> hm.
[11:16] <hads> Speaking of point releases, from;  http://www.markshuttleworth.com/archives/146
[11:19] <Kamping_Kaiser> hmm... hope desktop gets point updates with 8.04 :/
[11:20] <hads> That's exactly what that quote is discussing.
[11:21] <Kamping_Kaiser> then its not clear :)
[11:22]  * Kamping_Kaiser laughs at the thought of debian delivering to within a month of an eta
[11:23] <Deeps> it suggests that the desktop will get point releases too
[11:23] <hads> Seems pretty clear; "We also committed, for the first time, to a regular set of point releases for 8.04 LTS. These will start three months after the LTS, and be repeated every six months until the next LTS is out."
[11:23] <Deeps> point releases being for LTS desktop + server, not just LTS server, based on the colouring
[11:23] <Deeps> hads: yes, but the last LTS had a point release /only/ on the server
[11:23] <Kamping_Kaiser> Deeps, thanks... beat me to it
[11:24] <Deeps> it doesn't explicitly say that the desktop edition will get the same point release too
[11:24] <Deeps> however, the graph suggests that it will
[11:25] <Kamping_Kaiser> i had assumed 6.06 lts would as well, and i was wrong :)
[11:25]  * Kamping_Kaiser thinks its a pity the point updates are only for the first half, but i do understand the work involved problem
[11:26] <Deeps> yeah well, one would hope that given that ubuntu's strength lies in it's desktop offering, that the desktop would get the attention it needs
[11:27] <Kamping_Kaiser> yeah
[12:10] <Kamping_Kaiser> has anyone else found building/updating ubuntu mirrors to be *very* painful recently? all the mirrors i'm trying are missing bits (mostly in the debian-installer section)
[12:10] <tritonx> Anyone has setup a Raid1 with 8.04, I'd like to know how you did it
[12:50] <emja> What is the commonly used tool for automating the build process of servers? My company has previously been selling RH-based servers, built with kixtart (mindnumbingly ugly). The RH solution has not been sustainable or maintainable, so we want to move to Ubuntu. The only concern is our custom configs (smb.conf parameters, etc).
[12:53] <\sh> emja: you can still go with kickstart, or much nicer but more time to setup: FAI (Fully Automatic Installation)
[12:54] <\sh> emja: FAI is a debian project and follows some principals of Jumpstart (Solaris)
[12:54] <emja> righto
[12:54]  * \sh would run now, when MrFAI would be here ;)
[12:55] <emja> can you tell me how it handles incorporating config options in, say, smb.conf? do I need to overwrite the whole darn thing (trashing what is already there) or can I inject my changes?
[12:55] <emja> ie; WORKGROUP=office
[12:55] <ogra> there is as well a kickstart wrapper for preseeding if you want to use a more commercially supported method
[12:58] <emja> the problem with our current system is that kickstart takes a modified config file from our directory tree, and plonks it on top of the base build - thereby overwriting the equivalent config file from the package
[12:58] <ogra> (preseeding is the officially supported method to set custom configs on debian based systems)
[12:59] <emja> I have been told by a couple of my engineers that puppet is the preferred strategy, although it will take a reasonable amount of development to setup
[12:59] <ogra> thats essentially what FAI does as well (using cfengine) but that leads to lots of questions from the package management on upgrades/updates
[12:59] <emja> ahh, cfengine
[13:01] <emja> I may have not made myself clear; I'm not supporting a bunch of different server configs, but rather trying to create a consistent build process for entry-level servers (ala MS-SBS) being sold to SMB businesses.
[13:03]  * ogra would go with preseeding, but then i'm not a big FAI fan anyway and prefer the supported distro solutions, FAI is great for mass installs though, but he use of cfengine has its own probs 
[13:03] <Kamping_Kaiser> pre seeding sounds like it. esp. as you can probably keep your kickstarts
[13:04] <ogra> s/he/the/
[13:04] <emja> Am I able to end up with an unattended install process? I want to ensure that the servers are pretty close to consistent
[13:06] <mathiaz> emja: if you want to modify the configuration of packages, you should opt for preseeding.
[13:06] <emja> ok
[13:06] <zul> mathiaz: is there a reason why apache is not following the ubuntu version numbering schee?
[13:07] <emja> many thanks for the advice guys/gals/etc
[13:07] <mathiaz> emja: you can preseed answer to any question asked by debconf during an install
[13:07] <emja> mathiaz: err, what if the option I want to change is not actually asked by debconf?
[13:07] <mathiaz> emja: ex there is a debconf question for the samba workgroup - so you can put the workgroup in your preseed file.
[13:07] <emja> ie; who can login via ssh (configued in sshd_conf)
[13:07] <mathiaz> emja: then you'd have to use a late_command
[13:08] <emja> that's a preseed thing?
[13:08] <mathiaz> emja: which goes back to your kickstart way of doing things to customize your install
[13:08] <emja> overwriting the entire config file?
[13:09] <emja> the inconsistency of the various config files' formats is what is biting me in the ass here. ;-)
[13:14] <\sh> ogra: fai doesn't use cfengine
[13:14] <\sh> ogra: it can, for sure, but it's not relying on it
[13:14] <\sh> fai comes with its own set of configuration management for rollout processes...no need for cfengine
[13:14] <ogra> \sh, well, it doesnt use debconf i guess which is the main problem here
[13:14] <\sh> ogra: nope...
[13:15] <\sh> ogra: you generate the configs beforehand, and push them during the installation to the target...
[13:15] <\sh> it's role based
[13:15] <ogra> (no matter how you overwrite configs, if they are not done in debconf upgrades wil ask questions)
[13:15] <\sh> ogra: debconf is being used in force mode, with the simplest config rollout...
[13:16] <\sh> ogra: really...people are deploying hundreds of thousands of servers with it...
[13:18] <\sh> ogra: and when you need debconf prefilled...you deploy the necessary files during the first deployment :)
[13:19] <ogra> \sh, what for do i need fai then if i already have preseed files that set all confgs ?
[13:22] <\sh> ogra: it's for unattended deployment...you can have several roles of machine, where you tweak e.g. only a bit of the config, but you need to rollout 1k Servers with the very same config...
[13:23] <\sh> ogra: you can, not only deploy with FAI debian/ubuntu machines, but also RHEL, SLES, whatever linux you want
[13:23] <ogra> right
[13:23] <\sh> ogra: a standard debian install with FAI <= 6Mins on a simple hp pizza box or blade
[13:23] <ogra> but if i only have one ubuntu server setup to deploy (or even two) i wont need fai
[13:23] <ogra> but just two different preseed files
[13:23] <\sh> deploying SLES without autoyast, means: get the sles machine ready in less then 10 mins, while you need for the same setup with autoyast 30 mins
[13:24] <\sh> ogra: yes...but with FAI it's just a simple role...on the very same server, no need for different preseeding files :)
[13:25] <\sh> it's centralized, it's fast...and it complies with other deployment tools....e.g. jumpstart....but yes, preseeding is easier...but doesn't work out in bigger environments where you do more with FAI then only deployment (think of 1&1 and rescuesystems...)
[13:25] <ogra> yes, and you blindly overwrite files that are marked as conffiles which will bite you on upgrades
[13:25] <\sh> ogra: no
[13:26] <ogra> how do you make sure the md5sums match then ?
[13:26] <ogra> ucf wll kick in if it doesnt have the packaging backing debconf gives you
[13:27] <ogra> which means lots of questions
[13:27] <\sh> how do you do upgrades today? when you tell debconf not to touch conffiles, it never touch them...
[13:27] <\sh> ogra: I'll show you at linuxtag :)
[13:27] <ogra> \sh, i know how fai works but i cant imagine a sane way to quiten down ucf without using debconf preseeding
[13:29] <ogra> the ackages know the md5sume and rewrite them on debconf changes which doesnt happen with any other mechanism i know, which in turn means you break the conffile watching mechanism of dpkg
[13:30] <\sh> ogra: for FAI you can do two ways for upgrades: the standard way, where debconf is asking you every time, or tell debconf by default not to touch anything and shut up debconf...or you use an update tool of fai, which follows FAIs way to deal with upgrades...actually, when people in DCs are dealing with mass configuration, they don't want debconf to touch anything of the stuff they do...at least for the more bigger DCs...
[13:31] <ogra> well, the first one sounds just plainly broken ... teling a security mechanism to "just shut up" seems not the fine english way
[13:32] <ogra> and the second one indeed binds you to FAI eternally
[13:32] <ogra> (which is fine if you want that indeed)
[13:33] <\sh> ogra: yes...as I said, it's possible..if it's ok for the admin team, and yes, if you use FAI, you sold your soul ;)
[13:34] <\sh> kickstart, preseeding and fai or jumpstart or whatever deploy system you use, everything has a special usecase and flaws...for your DC you need to find the right one, and stick to it...
[13:34] <\sh> there is no "right way"...as always :)
[13:35] <ogra> surely depends on the usecase
[13:35] <\sh> fun part, about FAI is, it sticks to ITIL ... and the combination of FAI as deployment tool/automation tool and ITIL with automatic collection of CMDB data is rocking...
[13:39] <\sh> but don't tell that now to your manager...because you will get an increase of your salary, a contract for staying with your company until you die, and you will hopefully have a nice dinner with the assistance of your boss ... you will be famous ;)
[13:40] <\sh> (that was a joke !:)
[13:40] <ogra> *my* manager wouldnt give me a salary raise for promoting FAI ;) be sure :)
[13:41]  * ogra is in cjwatsons team :)
[13:41] <\sh> ogra: hmmm.....that's really a problem ;)
[13:42] <ogra> nah, not for me ;)
[13:42] <faulkes-> dunno, I'm all about the dinner with my bosses assistant, she's 25 and hot and loves bikini's
[13:42] <zul> ogra: sure sure
[13:42] <\sh> ogra: well, but you are already famous because of edubuntu...so no need for more glamour ;)
[13:43] <ogra> faulkes-, if you cant do it, i'm sure \sh would step in :)
[13:43] <\sh> ogra: nope....I'm occupied :)
[13:43] <ogra> pfft
[13:43] <ogra> you dont know the bikini yet
[13:43] <faulkes-> sorry, nobody gets her but me
[13:43] <faulkes-> I'll cut you
[13:43]  * faulkes- whistles innocently
[13:43] <\sh> ogra: na..25 is too young for me ;)
[13:44] <faulkes-> dunno, I'm still dating 18yr old's so
[13:44] <faulkes-> but I'm a dirty old man
[13:44] <\sh> but we are getting offtopic now ;)
[13:44] <faulkes-> aye
[13:44] <\sh> we will get problems with our ubuntu police squad...they will shut down #ubuntu-server ;)
[13:45] <zul> oooookay...
[13:45] <Deeps> http://lists.debian.org/debian-security-announce/2008/msg00152.html this affect ubuntu as well?
[13:46] <faulkes-> yep, black helicopters swooping in, all that
[13:46] <faulkes-> morning zul
[13:46] <zul> hi faulkes-
[13:46] <\sh> back to topic. I'm really seeing into installing hardy on my new dual quad core amd machine
[13:47] <faulkes-> Deeps: it says debian related systems, so I would hazard a guess that yes, it does affect ubuntu
[13:47] <\sh> and imho is kees or jd already on it
[13:47] <Deeps> faulkes-: Ta, I'm good at guessing too though ;) nm
[13:53] <ScottK> Deeps: Our openssl packages are very similar to Debian's.  Based on the versions in the Debian announcement it would be very suprising if Feisty through Intrepid weren't affected.  As \sh says though, I'm confident that kees or jdstrand are working on it.  They collaborate closely with the Debian security team.
[13:53] <ogra> its in progress
[13:55] <ScottK> Actually not intrepid.  That's got the fixed version.
[13:55] <ogra> but who in the world would actually use intrepid anyway
[13:55] <Deeps> I'm struggling to find anything online that suggests that, which is annoying
[13:56] <ScottK> Agreed.  Just trying to be complete/correct.
[13:56] <ScottK> Note that the DTLS issue that Debian also fixed in that upload is already fixed in all Ubuntu releases.
[13:56] <ScottK> Deeps: Suggests what?
[13:56] <Deeps> Suggests that anyone at Ubuntu is aware and/or working on resolving this if Ubuntu is actually affected
[13:57] <ScottK> Deeps: It's being discussed on #ubuntu-devel and the people who are saying it's being worked on are ones who would know.
[13:58] <ScottK> Deeps: If you know the package, it'd be stunning if Ubuntu wasn't affected.
[13:59] <Deeps> ScottK: I'm sure they are, but I'm not in #ubuntu-XYZ and was searching the web for information ;-)
[13:59] <Deeps> ScottK: True, I try to think of ubuntu as stunning though :)
[14:00] <ScottK> Deeps: Right.  That's why I'm telling you.  Generally Ubuntu security people don't keep a web site listing the stuff they're working on.
[14:00] <ogra> there the upload hits the buildds :)
[14:00] <ogra> gutsy-, feisty- and hary security should have it RSN
[14:00] <ogra> *hardy
[14:01] <Deeps> ScottK: Security through obscurity? :)
[14:01] <ogra> if it has built there will be an USN note
[14:01] <ScottK> Deeps: No.  Just they don't mark it up.
[14:01] <Deeps> Fair enough
[14:02] <ScottK> The policy is that public security vulnerabilities have public bugs.  Given that Debian just announced this, I'm guessing no one has bothered to take the private flag off the bug yet.
[14:03] <zul> or it was private and someone screwed up :)
[14:44] <ScottK> Interestingly the fixed openssl package shows up in hardy-changes, but LP appears not to know about it yet.
[14:45] <ScottK> OK.  That or I had the url wrong ....
[14:47]  * CrummyGummy holds thumbs and updates to Heron.
[15:04] <CrummyGummy> Hiya, that was pretty successful. Just one issue.
[15:04] <CrummyGummy>  /sbin/apparmor_parser: Unable to replace "/usr/sbin/mysqld".  Profile doesn't conform to protocol
[15:04] <CrummyGummy> Is that something to worry about?
[15:06] <CrummyGummy> Never mind. it doesn't seem to be an issue.
[15:06]  * CrummyGummy modified his search criteris.
[15:14] <zul> mathiaz: ping im curious how is apache2 handle at the begining of the release cycle
[15:18] <ScottK> New openssl package for Hardy has hit the security repository.
[15:19] <Deeps> nice
[15:19]  * ScottK is going to have to regenerate all the dkim keys too.  Ugh.
[15:22]  * CrummyGummy gets that sinking feeling that his server isn't coming back up.
[15:22] <ScottK> Gutsy too (openssl).
[15:26] <ogra> http://www.ubuntu.com/usn/usn-612-1
[15:42] <Navop> Can someone tell me what went wrong on this installation of ISPCONFIG--->   http://pastebin.com/db8f0350
[15:46] <\sh> Navop: commercial tool?
[15:48] <Navop> \sh: not as i know of
[15:48] <\sh> Navop: I would say it's a ispconfig problem regarding the last line of the paste...
[15:48] <\sh> not ubuntus
[15:49] <Navop> k thanks
[15:49] <\sh> and seeing that it ships its own openssl lib ... I don't think it's a good tool...similar to confixx I think
[15:49] <\sh> which was broken by default
[15:50] <Navop> what is a good tool to use?
[15:50] <Navop> newbie, on server side
[15:50] <\sh> a good tool? leatherman and a good admin :)
[15:51] <Navop> What is leatherman
[15:51] <Navop> nm
[15:52] <\sh> Navop: a good tool...serious...don't use those tools when you don't know anything about server administration....learn to admin a server from scratch read some books about apache+php+mysql etc. but don't trust those tools in the first place...
[15:53] <\sh> those "isp apps" are doing things on your system, you don't see or know...(like shipping selfmade and insecure openssl libs, see security announcement from today for openssl)...
[15:54] <\sh> it's dangerous to use them without any clue what those apps are doing in the first place...
[15:56] <Navop> k thanks for info
[16:01] <Kl4m> this install a whole lot of software out of package management as I see
[16:02] <ogra> yeah, looks pretty messed up
[16:02] <Kl4m> I don't want to judge too quickly, but it's very automatix-like from what I see
[16:03] <Deeps> Navop: a leatherman is like a swiss army knife (if you know what those are)
[16:03]  * Deeps pats his
[16:03]  * ogra prefers the swiss variant :)
[16:03]  * ogra pats his pocket
[16:03] <Navop> thanks, good army knife
[16:33] <Jeeves_> Will rsync 3.0 be included in 8.04.1 ?
[16:34] <Jeeves_> Or does someone know who I should poke for that to happen? :)
[16:46] <Wicky656> Could someone point me in the right direction for what my options are for monitoring hardware for failures with server? SNMP gets me stats but i need to be alerted is something outright breaks.
[16:47] <mathiaz> Jeeves_: rsync 3.0 probably not - it's a new upstream revision. It won't go into 8.04.1.
[16:48] <Jeeves_> mathiaz: Ubuntu distributes a beta firefox for the whole world in a LTS version, but no rsync 3.0 ?
[16:48] <Jeeves_> Strange world, we live in...
[16:50] <ogra> Jeeves_, ff 2.0 isnt supportable for 3 years
[16:50] <Jeeves_> ogra: A beta isn't supportable at all
[16:50] <ogra> upstream wont support it that long
[16:50] <ogra> it will be final for 8.04.1
[16:51] <Jeeves_> ogra: Sure it will.
[16:51] <Jeeves_> I don't doubt that
[16:51] <ogra> and since we dont change upstream versions in a release it had to be 3.0beta
[16:51] <ogra> ;)
[16:52] <ScottK> We will this time.  There are exceptions.
[16:52] <ogra> well, but not just for new shoeshine :)
[16:53] <Jeeves_> I just don't get why it is not ok to include rsync 3.0 ( or why it hasn't been done allready)
[16:53] <ogra> i'm sure the backport guys wont complain to provide a package
[16:54] <Jeeves_> ogra: I can provide my own
[16:55] <Jeeves_> That's not the problem :)
[16:55] <Jeeves_> It would be nice if the canonical mirrors would use rsync 3.0 as well
[16:55] <Jeeves_> for syncing the archives
[17:39] <zul> mathiaz: ping https://bugzilla.samba.org/show_bug.cgi?id=5436
[17:40] <zul> I think there are a couple of bug reports in hardy about that
[17:44] <mathiaz> zul: right - some bug reports mention this - however it's not always with Win2K
[17:45] <zul> true doesnt hurt for them to try though
[17:47] <mok0> Hmm, I uploaded torque_2.1.8+dfsg-0ubuntu2 to intrepid ~2hrs ago, but I can find no trace of it. Neither in the queue, builds or any reject mails. What can have happened?
[17:47] <giovani> I'm getting an error: "Template #4 in /tmp/openssh-server.template.152690 has a duplicate field "template" with new value "ssh/vulnerable_host_keys". Probably two templates are not properly separated by a lone newline." when I try and install the updates for openssh-server
[17:48] <giovani> on gutsy server
[17:48] <mathiaz> giovani: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/230003
[17:48] <mathiaz> giovani: known, worked on - fix should be ready
[17:48] <mathiaz> giovani: soon
[17:48] <giovani> mathiaz: alright, thank you very much
[17:49] <SuperLag> Are there any packages that you can use to document any/all changes made to server configuration, and installed packages?
[18:04] <bipolar> Does anyone know how to setup ldap authentication on the client side so that it only shows users inside a specific DN? Everything has changed so much with hardy that I can't get it to work.
[18:05] <bipolar> I tried adding "nss_base_passwd         ou=users,dc=example,dc=com?one" to /etc/ldap.conf but no dice
[18:23] <bipolar> here's another one... how the hell can I log into this box with an LDAP user when NOTHING in pam is configured for ldap?
[18:23] <bipolar> over ssh even!
[18:38]  * bipolar sacrifices a chicken
[18:43] <Lyaa> hya
[18:44] <Lyaa> has anyone installed a system using a rescue-Image via PXE and using debootstrap?
[18:46] <Wicky656> fdisk -l shows nothing with sda devices. how can I view my partition table? fdisk -l sda and fdisk -l sda1 respond with can't open device
[18:48] <blue-frog> Wicky656: cat /proc/diskstats gives you something about your HDD?
[18:49] <Wicky656> blue-frog: first it pukes on /dev/sda and then midway down gives some numbers
[18:50] <blue-frog> pukes? says what exactly?  sdaxx or hdaxx?
[18:50] <Wicky656> blue-frog: it's an IBM raid array
[18:50] <blue-frog> ah
[18:50] <Wicky656> blue-frog:  Cannot open /dev/sda
[18:51] <blue-frog> sry can't help you don't have raid. but if it's something similar to lvm, you might have it somewhere in /dev/mapper maybe?
[18:52] <Wicky656> nope Iturned off lvm to try get out monitoing system to read disk stats correctly
[18:53] <Wicky656> My real issue is "is it work the effort to rebuild with xfs for hadoop machines?"
[18:59] <xenocampanoli> Still looking to figure out eruby on Ubuntu.  I've seen a lot of stuff on the net complaining about no answer, and no answer.  A key to my problem may be getting the 'Action' directive to work.
[19:00] <xenocampanoli> I wonder if there is a specific ubuntu/apache forum...?
[19:06] <MattJ> Hi, is ssh-vulnkey Ubuntu specific, does anyone know? or is it (or will it be) in Debian too?
[19:07] <ogra> ubuntu8
[19:07] <ogra> specific
[19:07] <ogra> (sorry for the wrap)
[19:08] <MattJ> Heh, np
[19:08] <MattJ> Thanks
[19:10] <giovani> MattJ yeah, debian released their own tool
[19:10] <giovani> dowkd.pl
[19:10] <MattJ> Ah yes, I used that this morning before the Ubuntu updates
[19:10] <MattJ> ssh-vulnkey is more user-friendly :)
[19:10] <bipolar> no matter what I do, I can't get my ldap nss client (getent passwd) to only show users in a specific ldap dn. I used to be able to use the nss_base_passwd option in libnss-ldap.conf to do this, but now nothing works to solve this issue. I get every user in the entire ldap server when I run 'getent passwd'
[19:10] <giovani> indeed
[19:11] <bipolar> does anyone know what voodo is required to get this working right?
[19:12] <giovani> MattJ: but it doesn't check remote keys
[19:13] <MattJ> giovani: Which?
[19:13] <giovani> ssh-vulnkey
[19:13] <MattJ> ssh-vulnkey checks authorized_keys
[19:13] <giovani> that's not remote keys
[19:13] <MattJ> Which remote keys?
[19:13] <giovani> dowkd.pl checks remote servers and their fingerprints
[19:13] <giovani> for any given server
[19:13] <xenocampanoli> I wonder if there is a specific ubuntu/apache forum...?
[19:15] <MattJ> giovani: Oh, I see what you mean
[19:23] <cyris|> How can I go about starting slapd on port 389 and port 636?
[19:24] <cyris|> slapd -h ldap://localhost -h ldaps:/// seems to only starts listening on 389, or if I flip the order it only starts listening on 626
[19:26] <xenocampanoli> Here is my answer:  http://ubuntuforums.org/archive/index.php/t-356350.html
[19:26] <xenocampanoli> In case anyone was already looking.
[19:42] <bipolar> kirkland: are you at the keyboard?
[19:42] <kirkland> bipolar: yes
[19:43]  * ScottK was waiting for you to answer no.
[19:43] <bipolar> kirkland: I'm in a bit of a bind here with my hardy ldap client config. I'm hoping you have a min to perhaps help me out
[19:44] <bipolar> the new config has really gotten me confused
[19:44] <bipolar> I've been at this one problem all day
[19:44] <kirkland> bipolar: okay, i'll do what i can
[19:44] <bipolar> the short story is that I can't figure out how to narrow the list of users visable on the client to a specific dn.
[19:45] <bipolar> I used to be able to set nss_base_* in /etc/libnss-ldap.conf to do it
[19:45] <bipolar> but those options seem to have no effect no matter what file I put them in.
[19:46] <bipolar> I've tried /etc/ldap.con /etc/ldap/ldap.conf /etc/libnss-ldap.conf
[19:46] <kirkland> bipolar: please define "visible on the client"
[19:46] <bipolar> I see my samba workstation 'users' when i run 'getent passwd'
[19:47] <bipolar> they are in ou=workstaions,dc=domain,dc=com
[19:48] <bipolar> my real users are in ou=users,dc=domain,dc=com
[19:48] <bipolar> and my groups are ou=groups,dc=domain,dc=com
[19:49] <kirkland> bipolar: okay, so /etc/ldap/ldap.conf is what's used if you're running command line ldap queries
[19:49] <bipolar> so i set nss_base_(passwd|shadow) to ou=users,... and nss_base_groups to ou=groups,....
[19:49] <kirkland> bipolar: and /etc/libnss-ldap.conf is for nss/pam logins
[19:49] <bipolar> the only thing in /etc/ldap/ldap.conf is TLS key config. thats all. 3 lines.
[19:50] <bipolar> libnss-ldap.conf does not exist... I only created it to test out if thats where it would look for the nss_base_* lines. everything is in /etc/ldap.conf
[19:50] <bipolar> which is where debconf put them
[19:50] <bipolar> but 'getent passwd' shows all the users under my basedn
[19:51] <kirkland> bipolar: right, so a /etc/libnss-ldap.conf is owned by package libnss-ldap
[19:52] <kirkland> bipolar: what owns /etc/ldap.conf ?  that doesn't seem right for hardy....
[19:52] <bipolar> um... I don't think so... I had to create that file by hand
[19:52] <bipolar>  /etc/libnss-ldap.conf that is
[19:53]  * kirkland goes play with a virtual machine....
[19:53] <bipolar> btw... loggin in, pam, X, ssh, everything works.
[19:53] <bipolar> with the ldap users
[19:55] <bipolar> when I run 'apt-get install libpam-ldap libnss-ldap nss-updatedb' I answer the questions debconf asks me, and it creates /etc/ldap.conf and everything worked.
[19:55] <kirkland> bipolar: and the problem is that you want to narrow the list of users who can legally login to this computer?
[19:56] <bipolar> to those in a dm, yes. actualy, they are all samba workstation accounts, so they couldn't log in anyway (no set password), but the result is the same.
[19:58] <kirkland> bipolar: when installing libnss-ldap, debconf asks for the ldap search dn
[19:58] <kirkland> bipolar: and I stand corrected....
[19:59] <kirkland> bipolar: that writes to /etc/ldap.conf
[19:59] <kirkland> my bad
[19:59] <bipolar> kirkland: confusing, isn't it.... :)
[19:59] <kirkland> bipolar: yeah
[20:00] <kirkland> bipolar: in /etc/ldap.conf, i'd think you'd want to customize the "base ...." line
[20:00] <bipolar> kirkland: ok. the problem is that groups and users are on the same level in the ldap database. ou=groups,dc=domain,dc=com and ou=users,dc=domain,dc=com
[20:01] <bipolar> so currently my basedn is dc=domain,dc=com
[20:01] <bipolar> but then it picks up ou=workstations,dc=domain,dc=com
[20:02] <bipolar> in feisty and debian I used the nss_base_passwd/shadow options to restrict users to that user dn
[20:02] <bipolar> and nss_base_group to the group dn. it worked wonderfuly.
[20:03] <bipolar> now that option, even though it's listed, explained, and commented out in /etc/ldap.conf, does not work.
[20:03]  * kirkland sees it there
[20:05] <bipolar> I keep hoping that it mearly needs to be moved into a diffrent config file. :(
[20:05]  * bipolar sacrifices a small goat
[20:06] <kirkland> bipolar: to be honest, i'm not intimately familiar with these options.  if they're not working for you, i'd file a bug, if i were you.  if this is a regression since feisty, please note that, as it'll help us track down the root cause.
[20:06] <kirkland> bipolar: you're welcome to subscribe me to the bug
[20:08] <bipolar> ok
[20:08] <ogra> bipolar, hey, nobody has cleaned up the chicken yet. please only one animal a day per channel
[20:08] <bipolar> I left it there for the voodo god who handles these things
[20:09] <ogra> :)
[20:09] <bipolar> kirkland: ok. I'll post it.
[20:09] <kirkland> bipolar: any idea if it worked in Gutsy?
[20:09] <giovani> is he different from the voodoo god?
[20:09] <bipolar> not really...
[20:09] <kirkland> bipolar: file it against libnss-ldap
[20:09] <bipolar> ok
[20:09] <bipolar> giovani: I don't care who he is... I just need this to work.
[20:10] <bipolar> :)
[20:14] <bipolar> kirkland: thank you very much for your time. I really apreciate it ;)
[20:15] <kirkland> bipolar: no problem, i'm sorry i'm not of more use at the moment
[20:15] <kirkland> bipolar: but i will look into it
[20:15] <kirkland> it's a bit of a busy day ;-)
[20:28] <bipolar> kirkland: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/230065
[20:28] <bipolar> haha
[20:28] <bipolar> good bot
[20:39] <ericvw> what is the keyboard cmd or shortcut to scroll back through a terminal buffer?
[20:42] <Jeeves_> shift-page up
[21:09] <Lyaa> should there be still an /etc/inittab on Hardy? or is that nit required with upstart?
[21:09] <Lyaa> s/nit/not/
[21:35] <melter> when i do an upgrade, why are openssh-client and openssh-server "kept back"?
[21:36] <giovani> melter: probably because they force a regen of your server keys, and that may want to be a planned upgrade/change
[21:37] <Nafallo> melter: wasn't on any of my systems. was that upgrade or dist-upgrade?
[21:38] <giovani> Nafallo: it was on my feisty box just an hour or so ago -- on a regular upgrade
[21:38] <Nafallo> melter: in case of upgrade they are held because they want to install an additional package.
[21:41] <melter> Nafallo, "upgrade"
[21:41] <Nafallo> there we go then
[21:41] <melter> so what do i do? i had to regenerate new keys on my desktop system
[21:42] <giovani> you need to regenerate all keys you generated with the bad copy of openssl
[21:43] <melter> openssh-server generates its own keys, so can i just delete the old ones?
[21:44] <infinity> melter: You need to dist-upgrade, not upgrade, since openssh-server grew a new dependency.
[21:44] <giovani> it should overwrite the old ones when you do an upgrade
[21:44] <infinity> melter: "upgrade" will never add/remove packages, only upgrade existing ones.
[21:45] <giovani> but if you've generated keys and placed copies on other remote systems ... you'll want to revoke/regenerate those
[21:46] <melter> isn't dist-upgrade the same command for upgrading, say, 7.10 to 8.04?
[21:47] <infinity> melter: "dist-upgrade" isn't for "upgrading between dists" (though you can use it for that), it's just for doing any "complex upgrade" (anything that adds or removes packages).
[21:47] <infinity> melter: dist-upgrade won't switch you to another release or anything, you'd need to manually edit sources.list for that. :)
[21:48] <melter> infinity, thanks, that addresses my concern :)
[21:49] <bipolar> kirkland: OMG... I'm so damned embarresed. I had the option for the workstation accounts REPEATED at the end of the file. I didn't even notice it.
[22:08] <Nafallo> hmm
[22:08]  * Nafallo gives infinity do-release-upgrade ;-)
[22:33] <LiENUS> is ubuntu 6.06 LTS affected by the debian openssl bug?
[22:34] <ScottK> LiENUS: No.
[22:59] <lucasv3> Hi, I have just tried to upgrade my server. apt-get upgrade, then apt-get dist-upgrade. (from dapper to hardy). apache is not starting anymore and dpkg is segfaulting
[23:00] <Deeps> you're not supposed to dist-upgrade, as it can cause stuff to break (like this)
[23:01] <lucasv3> Deeps: so what's the normal procedure?
[23:01] <Deeps> upgrade instructions point to upgrade manager / do-release-upgrade
[23:02] <Deeps> not sure how to go about fixing it now mind, ubuntuforums might have someone else who tried this and encountered similar problems
[23:03] <JanC> dpkg segfaulting is weird anyway?
[23:07] <lucasv3> JanC: Setting up mime-support (3.39-1ubuntu1) ...
[23:07] <lucasv3> Segmentation fault
[23:08] <lucasv3> JanC: it might be the package that's causing it
[23:08] <JanC> yeah
[23:09] <JanC> I didn't test dapper → hardy upgrades myself  :-/
[23:11] <lucasv3> JanC: http://pastebin.com/m392e5b20
[23:11] <lucasv3> not really
[23:11] <lucasv3> :(
[23:11] <lucasv3> /usr/sbin/apache2ctl: 124: /usr/sbin/apache2: Permission denied
[23:12] <JanC> Looking for keymap to install:
[23:12] <JanC> NONE
[23:12] <Deeps> not to be one to shy away from a challenge, but i'd reckon it'd be easier for you at this stage to install from scratch
[23:12] <lucasv3> Deeps: well, it's a dedicated server
[23:12] <JanC> &dpkg: error processing console-common (--configure):
[23:12] <JanC>  subprocess post-installation script returned error exit status 139
[23:12] <JanC> Setting up mime-support (3.39-1ubuntu1) ...
[23:12] <JanC> Segmentation fault
[23:13] <Deeps> no terminal server / ip kvm?
[23:13] <lucasv3> no
[23:13] <Deeps> JanC: nice, defeating the point of a pastebin? ;)
[23:13] <Konam> can you define more than one subnet with just one router (or device to which several computers are connected)?
[23:13] <JanC> sounds like an issue with the console/terminal ?
[23:14] <JanC> Deeps: who cares about 2-4 lines  ;)
[23:14] <lucasv3> JanC: after that, it just lists the packages which weren't configured because of dependency problems caused by the first few errors.
[23:14] <JanC> Konam: of course
[23:15] <lucasv3> Deeps: I wouldn't mind reinstalling
[23:15] <Konam> JanC but how will the client identify that he is on a different subnet?
[23:16] <JanC> Konam: the same way it does in all other cases?
[23:17] <JanC> (things like the subnet mask & the routing table are relevant)
[23:18] <Deeps> Konam: can I ask why you're wanting to have different subnets for different devices all connected to a single interface?
[23:20] <Konam> Deeps I'm just reading the dhcpd.conf man page and was curious about that, but I still don't get how the client will realize that it is on a different subnet :/
[23:21] <Deeps> it wont unles you have it running off different physical wires, or have vlans
[23:21] <Deeps> well, i say different wires, i mean different interfaces on your router
[23:23] <Konam> that's more understandable
[23:23] <Deeps> if you have a vlan aware switch, then you can 'cheat'
[23:23] <Konam> but JanC suggested that it will like it does in any other case, I didn't get that.
[23:24] <Deeps> it will in the sense that you can have statically assigned addresses + subnets all running over the same physical network without any vlans
[23:24] <Deeps> but that'll be subnets in name only, as you loose most of the point of having subnets doing it that way
[23:24] <Konam> oh, maybe I left the DHCP part then
[23:25] <Konam> all the clients are getting their configuration through dhcp
[23:25] <Deeps> through dhcp you cant, unless you have different physical interfaces from your dhcp server, or virtual interfaces + vlan aware network
[23:26] <Konam> that's what I thought