/srv/irclogs.ubuntu.com/2008/07/25/#ubuntu-server.txt

nhandlerThe openvpn package looks like it supports multiple .pid files in the init.d script. What should I do for the status action?00:31
ppireshi :-)00:42
ppiresanyone around supporting Glassfish adoption?00:47
=== Zyna__ is now known as Zyna
KirillGah!! Why doesn't DELL offer Ubuntu to come pre-installed on their intro level workstations?!!!!01:07
ppiresKirill: as long as they don't try to force you to pay for windows it's ok01:15
Kirillppires: they do though, I HAVE to go with Vista01:16
ppiresno you don't01:16
ppiresjust recline to the EULA01:16
Kirillppires: Don't I do that when I've already received the computer?01:16
ppiresafaik no. only when u accept the license the first time u use it01:17
n-iCehi01:18
n-iCeanyone knows how to use chroot?01:18
ppiresn-iCe: just call chroot on your console01:19
Kirillppires: that would only work if I recline to the EULA WHILE the order is being processed. Hmm. That's a good idea though01:19
ppiresi don't know how dell does that, but it shouldn't be the way you're describing01:19
n-iCeI want to jail, some groups users, with ssh access ppires01:19
KirillI just signed up for a corporate account with them, guess I'll hit it up with a rep when I get a buzz tomorrow01:20
ppiresn-iCe: check this out http://ubuntuforums.org/showthread.php?t=24872401:20
n-iCethanks01:21
ppiresn-iCe: i would recommend you to read the whole thread. it's small :-)01:23
n-iCe_ppires: ok im checking, thanks!01:27
n-iCe_ppires: have you configured one before?01:33
ppiresjust tried it with a friend01:36
ppiresno actual use01:36
Kirillhas anybody had any good/bad experiences with SonicWall?03:21
kirklandnhandler: fyi...  bluetooth is going to be a little bit complicated03:40
KirillOkay then, ubuntu server vs sonicwall for VPN and firewall. Any takers?03:46
nhandlerkirkland What do you mean?03:57
=== nhandler is now known as nhandler_AFK
solexious[Q] Why do I get "The following packages have been kept back:" when doing an apt-get upgrade?04:38
ScottK-laptopsolexious: [A] Because apt thinks it needs to add or remove a package and it won't do that on upgrade.04:48
ScottK-laptopsolexious: Try apt-get dist-upgrade.04:48
solexious<ScottK-laptop> ty04:49
ScottK-laptopsolexious: You're welcome.04:50
dav123192I am working on configuring the netfilter firewall via iptables. As far as I can tell, I enabled the correct ports for SAMBA, CUPS, SSH, and going out on HTTP(S) and FTP, as well as DNS in and out (not running a dns server though). Now for somereason I can only acces my server via IP address instead of hostname (mainhub). Any suggestions why? Output of iptables-save is at http://paste.ubuntu.com/305:07
dav1231920194/05:07
dav123192http://paste.ubuntu.com/30194/ - Link got cut05:08
jonesy:-D06:09
* jonesy is at oscon, where he found out about this chan06:10
sorenjonesy: Yes, this is indeed where all the cool kids hang out :)06:26
jonesy:)06:26
jonesyI've honestly never even deployed an ubuntu server, but have been doing admin-ish work for 10+ years, almost all with various linux distributions.06:27
jonesyI've used Ubuntu on the desktop on and off since inception.06:27
sorenWell, if you've worked with Debian, you should feel right at home on Ubuntu as well.06:28
jonesyyup. I've done some debian, but to be honest I didn't like it much. However, the difference with Ubuntu is that they seem to make it really easy to get started with contributing and eventually perhaps fixing/improving things.06:28
sorenWe like to think so :)06:29
jonesyI'm hoping I might start with the installer-related issues I've heard about at this conference. It seems there's some schizophrenia about kickstart/preseed/kickseed/etc.06:30
jonesyand iirc, ubuntu actually uses Anaconda, which is written in Python, which I have an interest in.06:30
jonesy...I've also done tons of automated install setups, and have worked with most of the automated installers for Linux (and Jumpstart for solaris)06:31
soren"Anaconda"?06:31
jonesyyeah, when I was here (at oscon) in '06, Jeff Waugh said that Ubuntu actually uses the anaconda installer. No?06:32
sorenNo.06:32
jonesywhoops06:32
sorenWe use d-i (debian-installer).06:32
jonesyhmm. Is anaconda an available package, perhaps in the context of parsing kickstart or something?06:33
sorenTo do automated installs, you can "preseed" the installer.06:33
sorenHowever..06:33
soren"kickseed" is a piece of software that essentially parses a kickstart file and uses it to preseed d-i.06:33
sorenkickseed has been in the installer for a couple of years now.06:33
jonesyhm. :-/06:34
nxvl<- cool kid who hangs around!06:34
sorenjonesy: No, we don't provide anaconda at all.06:34
* soren high-fives nxvl06:34
nxvlsoren: good $Whatever_time_is_in_your_time_zone06:34
jonesywow, did I ever misunderstand.06:34
* nxvl high-fives back soren06:34
sorenjonesy: :)06:35
sorennxvl: We call it morning :)06:35
nxvlthen good morning06:35
nxvlone never knows in what timezone is the person you are talking with06:35
shelbyscateshey guys how do i make a process run in the background?06:35
nxvlspecialy when they move so much around the world06:35
jonesyshelbyscates: ./process &06:36
shelbyscatesso lets say the command is x11vnc... would it be ./x11vnc &?06:36
shelbyscatesor does that work differently for programs? :p06:36
jonesyshelbyscates: that'll work, though I confess to never running that particular program.06:37
* shelbyscates tries06:37
jonesyshelbyscates: check the man page to see if there's an option to 'detatch' or 'daemonize' or something like that.06:37
jonesyseems like there should be for something like that.06:37
* jonesy doesn't have any kind of linux box available atm. 06:38
hadsOuch06:38
shelbyscatesok :)06:38
shelbyscatesi guess i could run the command to start vnc over ssh, then log in via vnc and open a terminal window, then enter the same command and close the ssh session :D06:39
shelbyscates:P06:39
jonesyshelbyscates: also man 'nohup'06:39
jonesyshelbyscates: or do "ssh -c"06:40
shelbyscatesssh -c?06:40
jonesyif you're just running vnc for the purpose of running a single command, it seems easier to just... run the command, no?06:40
jonesymaybe I'm misunderstanding06:40
jonesywhat is the problem you're trying to solve?06:40
shelbyscatesnah, its cool06:41
shelbyscateswhen i need a vnc server ill just run it from ssh :)06:41
shelbyscatesnot that i ever will need one ;)06:41
jonesyssh -c will just run the command on the remote host and then log you out.06:41
shelbyscatesthanks guys :D06:41
jonesynp!06:41
shelbyscatescya later :)06:41
hadsYou need a VNC server when you don't have SSH access :)06:42
jonesyhmm.06:42
jonesyI've honestly never seen a shop that allows vnc but not ssh.06:43
jonesyin fact, I don't currently have a client that allows vnc servers.06:43
jonesyI don't know if any of them disallow ssh, either. Certainly, shelbyscates' comment seemed to imply that he had both ssh and vnc access :)06:44
jonesyegads. Hope I was helpful.06:44
hadsI meant when your box breaks and you can't access it via SSH ;)06:48
nxvlsoren: you don't microblog, did you?06:48
sorennxvl: I wouldn't know how if I wanted to. What is it?06:49
nxvltwitter, identi.ca?06:50
nxvlhaven't you hear about that06:50
nxvlis like...06:50
nxvlIRC for dummies06:50
jonesyyou make your blog's font *really* small.06:50
jonesyso only folks under like 25 can read it.06:51
sorenjonesy: Oh, I can do that :)07:33
jonesy:)07:38
jonesyoff to bed for me - night!07:38
nanderssonI'm going to setup a new mail server. Before I've used courier-imap, but it seems that today Dovecot is the "weapon of choice". Is Dovecot where the "action is"?08:43
sorenI would have to say "yes".08:44
* soren likes dovecot a lot08:44
nanderssonsoren, Thanks, time to get my hands dirty and get into dovecot + postfix then.09:12
soren:)09:13
* nandersson likes Postfix09:13
krautmoin09:48
spikyjtHi all - I've just been setting up mail filtering, following the docs in the server guide for 8.04. I've noticed a mistake which I found the solution for. I seem unable to edit the docs. Are these only editable by admins?10:43
_rubenspikyjt: serverguide (on help.ubuntu.com) is maintained by the server team, not the (global) community .. so thats expected behaviour11:01
_rubeni think filing a bug on launchpad is the best way to resolve this11:01
uvirtbotNew bug: #251760 in dovecot (main) "New Dovecot 1.1.x upstream for hardy-backports" [Undecided,New] https://launchpad.net/bugs/25176011:20
spikyjt_ruben: thanks - I'll do that11:36
=== nhandler_AFK is now known as nhandler
incorrecti have a number of custom packages, i would like to setup falcon, but i am being totally stupid and can't find decent docs for it on google12:17
=== nhandler is now known as nhandler_AFK
Ins|dehi there13:48
Ins|dei've installed ubuntu server 8.1 right now but i cannot get networking to work13:48
Ins|deit doesnt work  with static ip neither  dhcp13:49
Ins|dei followed configuration guide on thye wiki, but it stils not obtaining ip address13:49
Ins|decan anybody help ?13:49
biczi'm using static conf in my box13:58
biczwhat do u need13:58
Ins|dei prefer static conf14:03
biczme 214:03
Ins|debut after running ifconfig with static ip i can only ping my ip14:04
biczsure14:04
ewookyou forgot the gateway.14:05
biczu must use iptables conf to give internet or whateva @ other box's14:05
Ins|dehwat could it be14:05
Ins|dehm14:05
Ins|dedo i need to configure iptables first?14:05
Ins|debut i cannot obtain ip by dhcp14:06
Ins|deand i got more 2pc's with dhcp attributed ip's working fine14:06
biczIns|de: nope u need configure u'r interfaces14:06
Ins|debicz, just configure /etc/network/interfaces file right?14:08
Ins|decan youtake a look at it ?14:08
biczand give some iptables regules14:08
biczwhy not14:08
Ins|dehmmm14:08
biczhttp://pastebin.ubuntu.com14:09
Ins|debut.. i'm on my win machine :S14:09
Ins|dei'm going to lunch, i'll be back :) thanks14:10
biczIns|de: u got to have something like that http://pastebin.ubuntu.com/30278/14:10
Ins|debicz, my interfaces was like that, i cannot understand what's going on, maybe routing ? i dont understand much about routing14:13
biczIns|de: there is my iptables config http://pastebin.ubuntu.com/30280/14:13
biczbut this thing are for gw with 3 eth.. and a modem on eth0 :)14:14
Ins|deyeah, i see, i have only one ethernet card connected to a router14:15
biczmhz14:15
Ins|dewith ip 192.168.10.1, is there any rule i should set ?14:15
biczso my conf isn't good for u :)14:16
bicznope14:17
biczset dns14:17
Ins|demy dns /etc/resolv.conf is equal to dns address set on win boxes14:17
biczand it didn't work?14:18
Ins|deit doesnt work14:20
Ins|dehost localhost should return any value14:20
Ins|deright ??14:20
biczgud question..14:20
Ins|deeither if disconnected14:20
Ins|debut it tells me that connectio had failed14:21
biczIns|de: try to paste u0r ifconfig output14:21
Ins|dei have RX bytes but i TX is zero14:23
Ins|depackets14:23
=== c1|freaky is now known as freaky[t]
pschulz01Evening.14:53
hadsMorning14:54
lukehasnonameMorning14:54
pschulz01Just found (and installed) phpldapadmin :-)14:57
rbrunhuberi run chrooted postfix + cyrus with saslauthd so i need a link from /var/spool/postfix/var/run/saslauthd to /var/run/saslauthd15:18
rbrunhuberwould it be possible to add a option to one of the saslauthd config files that triggers the init script to check wether that link exists?15:19
sorenjdstrand: How does the ufw versioning work? I say you jumped from 0.16.2 to 0.18.2.16:38
jdstrand0.16.2.x is in hardy. 0.16.3 and higher has been in intrepid16:39
jdstrandsoren: basically, minor bug fixes get a micro version, whereas added functionality gets a minor version16:40
sorenOh. I see now.16:40
jdstrandsoren: so 0.17 and 0.18 added exciting new stuff16:40
jdstrandbut 0.18.2 not so much16:40
sorenI just somehow thought you went directly from 0.16.2 to 0.18.2, and that confused me a bit :)16:40
jdstrandsoren: apparently, you haven't been upgrading your intrepid boxes with the frequency needed to see all the new ufw versions :)16:41
sorenjdstrand: Or not been paying enough attention. Darn it. What have I been missing out on?16:41
sorenless useless logging, connrate limits..16:43
soren...and a bunch of not-so-user-visible-stuff.16:43
jdstrandsoren: 0.17 claim to fame was internationalization support, while 0.18 added the 'limit' command, split the code out for downstreams and better status16:43
sorenAlright. Cool.16:43
sorenufw has really grown on me.16:44
jdstrand(0.18 also made ArchLinux happy with setup.py improvements)16:44
jdstrandsoren: you're really gonna like 0.1916:44
jdstrandsoren: it brings port ranges (aka multiport) and dotted netmask support16:45
sorenThere are a few things, though.. I can e.g. never remember the proper syntax to allow a certain host access to everything... or something. I forget what it is. I always end up trying three different things, fail, look at the man page for a bit, and then have an epiphany :)16:45
* soren <3 dotted netmasks16:45
jdstrandsoren: so you can do your goofy non-CIDR stuff16:46
jdstrandsoren: 0.19 also does rule normalization, so everything is presented to the user consistently16:47
jdstrandeg 111.12.34.2/4 now properly evaulates to 96.0.0.0/416:48
sorenOh! that's convenient!16:48
jdstrandconvenient, and fixes bug #237446 :)16:48
uvirtbotLaunchpad bug 237446 in ufw "List of rules not consistent with the rule added" [Undecided,Fix committed] https://launchpad.net/bugs/23744616:48
sorenHeh :)16:48
jdstrandsoren: regarding the syntax-- there is 'simple' and 'extended'. simple is only for ports 'ufw allow http'16:49
jdstrandsoren: 'extended' is where you can get more fine-grained. if you think of it as needed complete clauses, it's easier to remember16:50
jdstrandsoren: eg 'to <ip>' or 'to <ip> port <ports>'16:50
jdstrandsoren: you always need to specify the source or destionation (from/to), but port is optional16:51
jdstrandsoren: you also need only specify one of source or destination16:52
jdstrandboth is obviously a choice too :)16:52
jdstrandsoren: it more or less follows PF syntax, which is used in the BSDs and generally more friendly than iptables, pcap, pix, etc16:53
jdstrandsoren: but sure-- it takes a little getting used to16:53
jdstrandsoren: I recently upgraded a server from sarge to hardy (reinstall), and it had a quite complicated fwbuilder+modifications firewall setup. I was able to get a complete ufw firewall enabled for that machine in minutes (of course, I am somewhat familiar with ufw...)16:57
jdstrandsoren: I was quite pleased with myself actually :)16:57
* jdstrand feels awesomeness swelling inside him, desperately trying to push modesty aside16:57
sorenjdstrand: Heh :)17:05
sorenjdstrand: So to let 1.2.3.4 connect to me on port 9000, I'd.. what?17:06
sorenufw allow from 1.2.3.4 to port 9000 ?17:06
jdstrandclose17:06
sorenYes. That's the one I can never get right :)17:06
jdstrandufw allow from 1.2.3.4 to any port 900017:06
sorenany! Right, right.17:06
jdstrandtbh, I forget the 'any' sometimes myself17:07
jdstrand'to <ip>|any' is required17:07
jdstrandwell, to or from17:07
jdstrandmeh-- you know what I'm saying17:07
soren:)17:08
sorenDoes ufw somehow allow me to shove -t nat rules somewhere manually? ISTR it rejected some stuff I put in before.rules because it had a table specified.17:08
soren...so I had to have a seperate setup for my -t nat rules.17:09
=== freaky[t] is now known as c1|freaky
jdstrandsoren: you can shove it into before.rules-- you just need to make sure that *nat and *filter get COMMITted separately17:11
sorenAh.17:11
jdstrandeg:17:11
jdstrand*nat17:11
jdstrand:POSTROUTING ACCEPT [0:0]17:11
jdstrand...17:11
jdstrandCOMMIT17:11
jdstrand*filter17:11
jdstrand...17:11
jdstrandCOMMIT17:11
sorenAh.. Gotcha. That'll come in handy.17:13
jdstrandfrom https://help.ubuntu.com/8.04/serverguide/C/firewall.html:17:13
jdstrandAlso, when modifying any of the rules files in /etc/ufw, make sure these lines are the last line for each table modified:17:13
sorenI completely missed the fact that these are iptables-save format things.17:13
jdstrand# don't delete the 'COMMIT' line or these rules won't be processed17:13
jdstrandCOMMIT17:13
jdstrand(thanks sommer!)17:13
* jdstrand nods17:14
jdstrandsoren: a bug report came in on that recently, I wonder if the 'ufw Masquerading' section could be clearer...17:15
jdstrandI promptly Invalidated it of course17:15
sorenGood man!17:15
soren:)17:15
rbrunhubercan anyone please give me a hand with openldap? It seems totally broken in ubuntu!17:40
sorenrbrunhuber: Ask your question/explain your problem.17:44
sorenIt's impossible to know up front if we can help you when we don't know what your problem is.17:44
sorenWell... That's not entirely true. If we know nothing at all about LDAP or Ubuntu or computers even, we could just say "no" without further ado...17:45
sorenIt just so happens that we do know quite a bit about computers, Ubuntu and even LDAP, so you might be in luck!17:45
* soren is rambling17:45
rbrunhuberok: slapd and libldap are version 2.4.9 but ldap-utils is still at 2.4.7 so dependencies are broken.17:45
rbrunhubersecond: except from luma no client is able to connect to openldap server if tls is enable.d17:46
sorenldap-utils is 2.4.9-0ubuntu0.8.04 in hardy-updates.17:46
sorenYou seem to not be entirely up-to-date.17:47
sorenrbrunhuber: I'm not sure about your second issue. ISTR there being something about CA's that need to be set properly for everything to be happy. What specifically fails to work?17:48
* soren curses tmpfs for not support O_DIRECT, by the way.17:48
rbrunhubersoren: let's put it this way: my ca cert is the standard ca cert from cacert.org shipping with ubuntu.17:51
rbrunhubersoren: my keys are issued by cacert.org and are valid. the cn matches my servername.17:52
rbrunhubersoren: what do you mean with ISTR?17:53
sorenYes..... What specifically fails to work?17:53
soren"I Seem To Remember"17:53
rbrunhuberldapsearch -H ldap://myhostname:389/ -x -ZZ fails with ldap_start_tls: Connect error (-11)17:55
rbrunhubersoren: if I add -d 5 there is an error TLS: peer cert untrusted or revoked (0x42)17:56
rbrunhuberwhich is just plain wrong the certificate is(!) valid and trusted17:56
sorenPerhaps it looks in a different place for the CA certs?18:00
sorenYou could try stracing it and see.18:00
sommerrbrunhuber: you might also check the permissions on the cert and key... the openldap user needs read access18:01
sorenWell.. The user executing the application that is failing will need read access.18:03
sommererr, yep that makes more sense :)18:04
* soren kicks parted18:08
ppiresanyone around supporting Glassfish adoption?18:13
rbrunhubersommer: i triple checked this already. but slapd fails miserably if there is no readaccess.18:17
keeswhat does your current mdadm mountfail hook script look like?18:18
keeskirkland: ^^18:18
kirklandgood question...18:19
kirklandkees: let me recover from my backed up image18:19
sommerrbrunhuber: are there any other errors if you start slapd with -d -1 ?18:21
rbrunhubersommer: no18:22
sommerrbrunhuber: can you pastebin the relavent lines?18:23
kirklandkees: mdadm looks like: http://pastebin.ubuntu.com/30327/18:24
rbrunhuberof what? slapd -d -1?18:24
sommerrbrunhuber: yes18:24
keeskirkland: perhaps alone with the 'exit 0' part, it needs to remove itself?18:26
keess/alone/along/18:26
rbrunhubersommer:  one moment please18:26
kirklandkees: yeah, isn't that bit in your documentation ?  :-)18:26
keeskirkland: yeah, I'll need to set up a test environment to really nail it down.  let me know if it continues to elude you.18:27
kirklandkees: just give me a bit18:28
kirklandkees: ah, there it is....18:33
kirklandwhile [ "$giveup" -lt 1 ]; do ....18:33
kirklandkees: the only option is giving up :-)18:33
rbrunhubersommer: it is just so overwhelming much output, so what is "relevant"?18:33
sommerrbrunhuber: there should be lines with specific errors, probably related to tls18:35
sommerrbrunhuber: also what tls options have you configured in slapd.conf?18:39
rbrunhubersommer: TLSCACertificateFile TLSCertificateFile TLSCertificateKeyFile18:42
sommerrbrunhuber: just as a test what happens if you comment the TLSCACertificateFile option and start slapd?18:44
kirklandkees: http://pastebin.ubuntu.com/30334/18:44
kirklandkees: that one has the indentation18:44
kirklandkees: and, i think the fix is in the else ... break construct18:44
RoAkSoAxkirkland, we can keep adding apps to https://wiki.ubuntu.com/InitScriptStatusActions right? (like lighttpd)18:47
kirklandRoAkSoAx: please!18:47
kirklandRoAkSoAx: you might note if it's in main/universe18:47
kirklandRoAkSoAx: obviously, we'll prioritize main ones higher18:47
kirklandRoAkSoAx: but yeah, go nuts :-)18:48
keeskirkland: hah.  oops, well, my newer loop should fix that, I think.18:48
RoAkSoAxkirkland, haha ok cool :)18:48
keeskirkland: rockin'18:48
kirklandkees: oh?  you have an update?18:48
rbrunhubersommer: I do not know what happened know but even gq is working with tls now!18:48
rbrunhubersommer: And I demand validating the server certificate18:48
sommerrbrunhuber: so it's working now?18:50
rbrunhubersommer: yes it's working now.18:51
sommerrbrunhuber: party!18:51
sommerrbrunhuber: buth that means there may be a bug with the TLSCACertificateFile... doh18:52
sommerat least with that option18:52
rbrunhubersommer: no i did not remove the option.18:52
sommerrbrunhuber: really?  and its magically working now?18:53
rbrunhubersommer: not so magically. bad things happened... . Someone named the cacert.org ca certificate root.pem18:53
rbrunhuberon my server i have symlink to it but it was broken.18:54
sommeroooooooohhhhh... that makes sense, heh18:54
rbrunhuberi still consider this a bug. why can anyone name a certificate root.pem?18:54
sommerrbrunhuber: there last name is root?18:55
sommerrbrunhuber: I'm here all week :)18:55
sommerwhat should it be named if not root.pem?18:55
rbrunhubersommer: cacert.org.pem?18:55
rbrunhuberit is sitting in /etc/ssl/certs/18:55
sommerthat would be more discriptive, heh18:56
rbrunhubersommer: i have a suggestion for saslauthd are you the "right" one for this?18:57
sommerrbrunhuber: I show that file as a symlink:  /etc/ssl/certs/root.pem -> /usr/share/ca-certificates/cacert.org/root.crt18:57
rbrunhubersommer: I know now.18:58
sommerrbrunhuber: probably not, but some else in the channel may know more about saslauthd18:58
rbrunhuberHow about adding a option to saslauthd where it configures itself for "chroot" setups?18:59
sommerrbrunhuber: heh, as related to postfix?18:59
rbrunhubersommer: yes18:59
sommerrbrunhuber: ya, that's been discussed, or it's been discussed that it can cause issues, but I'm not sure what the end result was/is19:00
sommerrbrunhuber: it's probably worth filing a wish list bug about, at least to track the progress if nothing else19:00
rbrunhubersommer: that is a good idea. And i makes explaining things easyier than writing lines and lines in irc19:01
sommeryeppers, and folks that aren't online at the moment will have a chance to comment19:02
rbrunhubersommer: who is not online at the moment is not even worth to comment ;-).19:02
sommerheh, it's after 5:00 on a friday in some parts of the world... that makes it party time :)19:03
kirklandkees: whoop!19:04
kirklandkees: the latest initramfs-tools (with the else ... break works like a charm!)19:04
lukehasnonameI want to believe the truth is out there19:04
keeskirkland: \o/19:04
kirklandkees: here's what initramfs-tools patch looks like: http://pastebin.ubuntu.com/30347/19:06
kirklandkees: i edited the changelog entry too...  see what you think19:06
keeskirkland: that still shows the old giveup syntax...19:07
kirklandkees: hmm, i must have missed an update from you....19:07
keeskirkland: I thought you said "break works like a charm"?19:08
kirklandkees: it does19:08
kirklandkees:19:08
kirkland+# The root device showed up, whoop!19:08
kirkland+break19:08
keeskirkland: http://people.ubuntu.com/~kees/intrepid/initramfs-tools_0.92bubuntu7.debdiff19:09
keesthat's what I had19:10
keesyour break is probably an important element regardless.  :)19:10
* kirkland goes play with filterdiff :/19:10
keesbut the usplash timeout reset needs to happen19:10
keesoh, wait, it's already in there19:11
keesstupid indenting.  :)19:11
keeskirkland: can you paste the whole current "local" file?19:11
keesI think you're fine19:11
kirklandkees: yeah, you bet19:11
kirklandkees: http://pastebin.ubuntu.com/30349/19:12
keeskirkland: hrm.  if the rootdev shows up during the wait, this won't work.19:14
=== nhandler_AFK is now known as nhandler
keeshrmpf19:15
kirklandkees: why's that?19:15
keeskirkland: imagine entering the while, then the if, and during the sleep 0.1 loop, the device shows up.  when we exit the sleep while, exit the if, run the failure handlers, etc19:16
kirklandkees: so we need another break19:17
keesyeah, I'm trying to figure out the best way to handle the 3 places the rootfs is tested19:17
kirklandkees: how about this....19:20
kirklandkees: while [ "$giveup" -lt 1 && "$rootfound" -lt 1 ]  ....19:21
kirklandkees: and instead of my break, i'll set rootfound=119:22
kirklandkees: and if we break out of the innermost while, we "continue" to skip out of the bottom bits19:22
kirklandkees: and let the if [ $ROOT ] ... handle it19:23
keeskirkland: http://people.ubuntu.com/~kees/intrepid/local19:24
kirklandkees: :-)  root_missing vs. rootfound19:24
kirklandwho's the optimist here ....  :-P19:24
keeskirkland: well, I wanted to very carefully not change the logic, and remove the duplication of code.  the same test was already happening in 3 places, and I couldn't add a 4th without making a function.  :)19:25
kirklandkees: this certainly looks cleaner19:26
keeshrm, and that really should be while root_missing19:26
kirklandkees: yes19:26
keesone sec, reworking again...19:26
kirklandkees: you don't have any breaks :-)19:26
keesI have one, but it's not useful if root is found.  :)19:27
kirklandkees: right19:28
keeshttp://people.ubuntu.com/~kees/intrepid/local19:28
keeshow's that look?19:28
kirklandkees: one minute, let me read comprehensively19:29
keesupdated it again -- combined the root_missing and tryhooks if test19:30
kirklandkees: i like the root_missing() function19:31
kirklandkees: more readable, for sure19:31
keesyeah.19:31
kirklandkees: might be nice to write a function for if [ -x /sbin/usplash_write ]19:33
kirklandkees: that's used a few times19:34
kirklandkees: attempt_usplash_write()19:34
kirklandkees: do the -x test, always return true19:34
kirklandwell, it's only 2 calls19:35
kirklandkees: okay, looks good to me19:36
kirklandkees: i'm going to add the attempt_usplash_write() function and test19:36
keeskirkland: I'd prefer avoiding additional deltas that are semi-unrelated.19:37
kirklandkees: okay, no prob19:37
kirklandkees: I'll go test this one19:39
kirklandkees: http://pastebin.ubuntu.com/30354/19:41
kirklandkees: poo....19:43
kirklandkees: Kernel panic - not syncing19:43
kirklandkees: this was on my first test, regression testing, booting with a perfectly sync'd 2 disks19:44
keeshmpf19:45
kirklandkees: let me diff my last working local from yours ....19:46
kirklandkees: http://pastebin.ubuntu.com/30356/19:48
kirklandkees: that's the diff from my last good, working copy, and your latest19:48
keeskirkland: I guess just take it piecemeal.  maybe the root_missing stuff isn't as sane as we thought?19:49
kirklandkees: well, i can wrap my head around stuff like the infinite loop i saw earlier... but a kernel panic?19:50
keeskirkland: dunno?19:51
kirklandkees: oh....19:52
kirklandkees: your root_missing isn't precisely the same thing ....19:52
kirklandkees: the first place you use it, you're replacing:19:53
kirkland[ ! -e "${ROOT}" ] || ! $(get_fstype "${ROOT}" >/dev/null) || ! /sbin/udevadm settle19:53
kirklandkees: the second time, the same thing...19:53
kirklandkees: the third time, however....19:53
kirklandyou've replaced19:53
kirkland[ ! -e "${ROOT}" ] || ! /lib/udev/vol_id "${ROOT}" >/dev/null 2>&1 || ! /sbin/udevadm settle19:53
kirklandget_fstype vs. vol_id19:54
TarrenceIs there a Ubuntu Server web based management GUI available? Or a Mac OS X application?19:58
keeskirkland: eeek!19:59
kirklandkees: okay, i'm taking your patch piecemeal20:00
kirklandkees: i'll add just the root_missing() function20:00
keeskirkland: wait a second...20:00
keesget_fstype just calls vol_id20:00
kirklandget_fstype calls vol_id20:00
kirklandkees: and a bit more20:00
kirklandkees: i'm going to just drop in your root_missing() function, and it's 3 calls20:01
keeskirkland: yeah, go for it, I have to shift attention20:01
kirklandkees: sure20:01
kirklandkees: perhaps root_missing needs a "local ROOT" ?20:03
kirklandkees: nevermind, sorry20:04
kirklandopposite of what we want20:04
TarrenceIs there a Ubuntu Server web based management GUI available? Or a Mac OS X application?20:14
kirklandTarrence: perhaps ebox, or webmin20:47
kirklandkees: figured out the kernel panic20:54
kirklandkees: return [ ! -e "${ROOT}" ] || ! $(get_fstype "${ROOT}" >/dev/null) || ! /sbin/udevadm settle20:55
kirklandis busted20:55
kirklandkees: s/return//20:55
kirkland(happy Drupal'ing)  :-)20:57
keeskirkland: ah-ha, yeah, good catch.21:00
kirklandkees: okay, i'm running through my full gamut of tests21:00
kirklandkees: but I think we're nearing the finish line21:00
kees\o/21:01
kirklandkees: who should I talk to about the mdadm conf/config/conffile bit ?21:01
kirklandkees: the postint bit works well for initial purposes21:01
kirklandkees: but doesn't pose the debconf question21:01
keeskirkland: start with jdstrand (since he knows debconf), then maybe move to soren/mathiaz for preseed/server-install questions, and then evand, and finally cjwatson.21:02
keeskirkland: yeah, it's good for testing.21:02
kirklandjdstrand: how much longer are you around today?  debconf questions...21:04
keeskirkland: if you want to get this stuff uploaded, I'd actually remove the postinst bit you've got, just to avoid a conffile ever getting onto disk before you've got a settled solution.21:06
kirklandkees: good call21:06
kirklandkees: assuming these tests pass, are you willing to upload, or do you want me to pass all of this by luke/colin first?21:07
keeskirkland: who is the "approver" on the spec?21:08
* kirkland checks...21:08
kirklandkees: Rick Clark21:08
kirklandhttps://blueprints.edge.launchpad.net/ubuntu/+spec/boot-degraded-raid21:08
keeshrm, okay.  I think if luke is happy, we can push it.21:09
RoAkSoAxkirkland, what's the difference in having lsb-base (>= 3.2-14) under Build-Depends instead of Depends ?21:12
kirklandRoAkSoAx: it should be under Depends21:12
kirklandRoAkSoAx: build-time dependency, versus run-time21:13
kirklandRoAkSoAx: it's needed to *run*, not so much to *build*21:13
RoAkSoAxkirkland, because xinetd has lsb-base under Build-Depends21:13
kirklandRoAkSoAx: that sounds like a mistake21:13
RoAkSoAxkirkland, ok so gonna change it then :)21:14
kirklandRoAkSoAx: to be safe....21:14
kirklandRoAkSoAx: add it to the Depends21:14
kirklandRoAkSoAx: for some reason (I can't imagine...) but it might be needed to build too21:14
kirklandkees: no-go ...  :-/21:15
RoAkSoAxkirkland, so I leave Build-Depends as it originally was: lsb-base and under Depends i add: lsb-base (>=3.2-14)21:15
kirklandRoAkSoAx: I think that's fine21:16
Smaugis there a simple way to restrict a user to their home directory?21:16
kirklandRoAkSoAx: in practice, lsb-base is pretty much *always* there21:16
kirklandRoAkSoAx: as practically every init script uses it21:16
RoAkSoAxkirkland, and what about those apps that doesn't have lsb-base as a depends? becaus i've tryid with nginx and after adding everything, it showed a message that said something like: status_of_proc was not recognized or something like that21:18
kirklandRoAkSoAx: those absolutely need lsb-base >= 3.2-14!!!21:18
kirklandRoAkSoAx: that's what has the magic status_of_proc() function ;-)21:18
RoAkSoAxkirkland, haha ok, i'll work on nginx and show it to you21:19
=== RoAk is now known as RoAkSoAx
Smaug..fine then, new question.  i have a website in home/name/public_html/website/    if I change the permissons on directory "name" from 755 to 750, would that have any affect on the websites inside it?21:25
Smaugyo dudes21:28
RoAkSoAxkirkland, xinetd is in main right?21:28
kirklandRoAkSoAx: apt-cache show xinetd | grep Filename21:29
RoAkSoAxkirkland, how does it look?: http://pastebin.ubuntu.com/30380/21:35
kirklandRoAkSoAx: looks good to me ;-)21:37
kirklandkees: okay, found another problem with your code21:40
kirkland                if root_missing && ! try_failure_hooks; then21:40
kirkland                        break21:40
kirkland                fi21:40
kirklandto get it to actually boot a degraded raid, i have to change that to21:41
kirkland                if ! try_failure_hooks; then21:41
kirkland                        break21:41
kirkland                fi21:41
kirklandkees: i think you added the root_missing check in case the device showed back up....21:41
kirklandkees: but it has an inadvertent mal-effect21:41
keeskirkland: but without that it will run fail hooks even if the root appears during the timeout21:43
kirklandkees: i think we're going to have to make root_missing smarter then....21:44
kirklandkees: i'm having a hard time articulating the problem ....21:44
kirklandkees: but this causes the failure hooks not to run at all21:45
keeswhat problem is being caused by doing the root_missing check?21:45
keeskirkland: in the case of finding the rootfs, that's correct.21:45
kirklandkees: so i tell it to bootdegraded21:46
kirklandkees: and it drops me to a busybox shell21:46
kirklandkees: where md0 has sda1 marked as a spare, and not activated21:47
* kirkland continues to be aggravated by the fact that you can't copy-and-paste from a KVM :-/21:48
keeskirkland: dunno but I'm very sure we don't want to run the failhooks when the rootfs already exists.  :)21:49
kirklandkees: let me grab a screen shot21:50
RoAkSoAxkirkland, why do you think nginx show's me this: http://pastebin.ubuntu.com/30395/ ?21:56
kirklandkees: http://people.ubuntu.com/~kirkland/Screenshot.png21:58
kirklandkees: looks like it finds a filesystem that it likes, but it's not quite good enough21:58
kirklandRoAkSoAx: is that init script sourcing . /lib/lsb/init-functions ?21:59
RoAkSoAxlet me check xD21:59
keeskirkland: I'd just start adding lots and lots of text debug output to everything, and turn off splash while booting.22:00
kirklandkees: as if I would have splash running :-P22:00
keesheh22:00
kirklandkees: basically, root_missing is succeeding in a situation where it *should not*22:01
kirklandkees: rather, it's finding what it thinks is a suitable root device, but isn't really22:01
keeskirkland: if you replace the root_missing call with the prior lists of tests, does it behave correctly?22:01
kirklandkees: no22:02
kirklandkees: but not performing that check gets the failure hooks to actually run at the bottom of the loop22:02
kirklandkees: which starts the raid22:02
RoAkSoAxkirkland, it wasn't, i added it (just above the case "$1"...), but, where should it exactly go, or that does not make any difference.22:03
keeskirkland: I'd need a few hours to build up a test environment.  Can you document the test-cases you're using?  I think we're very close, but just some small shell glitch is biting it (which is why I suggested extensive debug output to verify each assumption)22:03
kirklandkees: yeah, don't worry about setting us a test env, though I will document it22:04
* kees nods22:04
kirklandkees: i'm going to digg deeper into [ ! -e "${ROOT}" ] || ! $(get_fstype "${ROOT}" >/dev/null) || ! /sbin/udevadm settle22:04
kirklandkees: one of those is TRUE in a situation where it should not be22:04
kirklandkees: i mean, in a situation where we want to run the failure hooks anyway22:05
kirklandRoAkSoAx: it does make a difference22:05
kirklandRoAkSoAx: grep for it in your /etc/init.d22:05
kirklandRoAkSoAx: *most* scripts should use it...  look where those call it22:05
RoAkSoAxkirkland, done.. oh this is fun :) xD22:10
kirklandRoAkSoAx: glad you're enjoying ;-)22:17
RoAkSoAxkirkland, yeah!! at least i have something to do during the day... since i don't have anything else to do :P22:20
kirklandkees: okay, so here's the problem....  /dev/md0 shows up, but it's not ready to roll22:30
keeskirkland: sounds like the vol_id stuff isn't being run.22:30
kirklandkees: which makes the -e /dev/md0 succeed, and the root_missing22:30
kirklandkees: i agree with that22:31
kirklandkees:22:31
kirkland        eval $(fstype "${FS}" 2> /dev/null)22:31
kirkland        if [ "$FSTYPE" = "unknown" ] && [ -x /lib/udev/vol_id ]; then22:31
kirkland                FSTYPE=$(/lib/udev/vol_id -t "${FS}" 2> /dev/null)22:31
kirkland        fi22:31
kirklandif I run "fstype /dev/md0"22:31
kirklandwhile it's in a "not-ready" state, FSTYPE is null, and not "unknown"22:32
keesthat feels like a separate bug you just happened to hit...22:33
kirklandkees: yup, i see it clearly22:33
kees(i.e. a change in the behavior of fstype)22:33
kirkland        if [ -z "${FSTYPE}" ]; then22:33
kirkland                FSTYPE="unknown"22:33
kirkland        fi22:33
kirklandthat's lower22:33
kirklandi think FSTYPE="unknown" should be initialized as such at the top of that function22:33
kirklandlemme try that....22:33
keeskirkland: where does "fstype" the function/tool get defined/installed?22:34
kirklandhave i told you that test iterations of this sucks?  :-)22:34
keesyeah.22:34
kees:(22:34
kirklandkees: its in /bin/fstype in the initramfs22:34
keeshunh.22:35
keesI wonder what that is....22:35
keeswhat does it output in the failed state?22:35
* kirkland curses the lack of cut-n-paste22:35
kirklandfstype /dev/md022:36
keesah, it's in klibc22:36
kirkland /dev/md0: error 022:36
kirklandkees: and it does not set those env variables (FSTYPE, FS)22:36
keesevil!22:36
kirklandkees: fstype /dev/sda22:37
kirklandFSTYPE=unknown22:37
kirklandFSSIZE=022:37
kirklandkees: fstype /dev/sda122:37
kirklandFSTYPE=ext322:37
kirklandFSSIZE=208909107222:37
kirkland(which is actually a Linux RAID member)22:37
kirklandseems bad that it doesn't detect that22:37
keesthat's okay, that's vol_id's job.22:38
kirklandkees: okay, here's what I changed....22:38
kirklandkees: http://pastebin.ubuntu.com/30402/22:38
kirklandkees: haha22:40
keeskirkland: I would move the -z check between the eval and the if in the case that fstype ever tries to spit out 'FSTYPE='22:40
keesrather than setting a default22:41
kirklandkees: oh, in case fstype nulls out FSTYPE?22:42
keesright22:42
keesoh!  yeah, I know why this suddenly became a problem -- it's the race between mdadm doing the degraded start and the next while check.  riiight.22:43
keesanyway, good to get fixed regardless.22:43
ScottKkees: Thanks for the openssl upload.  Better you than me. ;-)22:43
kirklandkees: FSCKing A!!!!!!!!!!!!!!!!!!!!122:44
keesScottK: heh, yeah.  I figured I'd take the heat.  I break all sorts of other security things, so why not?  ;)22:45
keeskirkland: I hope that's the sound of success?? :)22:45
kirklandkees: yes, it is22:45
kees\m/22:45
kirklandkees: I just may have to finish this over a beer!  :-)22:46
keesor maybe I should say  [U_]22:46
keeskirkland: heheh rockin'22:46
kirklandkees: you may say [U_]22:46
kees:)22:46
kirklandkees: here's what the debdiff is looking like now ... http://pastebin.ubuntu.com/30406/22:52
keeskirkland: cool! minor suggestions: move the comment on the first root_missing while loop back above the while to avoid the diff, and check white-space on the FSTYPE functions, I think they were tabs before, not spaces.22:54
kirklandkees: k22:54
kirklandkees: http://pastebin.ubuntu.com/30409/22:57
keeskirkland: oh! crap, the -z test is needed above and below.  :(22:58
kees(in the case that vol_id breaks it)22:58
keeseverything else rocks22:59
kirklandkees: ah, right22:59
kirklandkees: http://pastebin.ubuntu.com/30410/23:02
keeskirkland: ship it!  :)23:03
kirklandkees: let me comprehensively test it :-)23:04
kirklandkees: but i'm cracking open a beer :-)23:04
kees:)23:04
kirklandkees: my wiki notifications say that you've been busy auditing :-)23:05
keeskirkland: sure have been.23:08
kirklandkees: okay, [UU] booted fine (regression testing) CHECK23:09
kirklandkees: dropped disk sdb, after timeout, dropped to busybox (default behavior)23:10
kirklandCHECK23:10
uvirtbotNew bug: #251996 in samba (main) "package winbind 3.0.28a-1ubuntu4.4 failed to install/upgrade: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/25199623:11
kirklandkees: dropped disk sdb, gave kernel bootdegraded=true, after timeout, booted degraded raid23:12
kirklandkees: dude, we are MONEY!!!23:12
* kees hugs kirkland23:12
keesbeer o'clock!  :)23:12
kirklandkees: i'll attach an updated patch to the bug23:12
kirklandyou're 13 minutes behind me :-)23:13
keeskirkland: heh, well, it's 1.75 hrs to beer o'clock for real here, but it's celebration o'clock.  :)23:13
kirklandkees: true, you're technically 2 hours behind me :-)23:14
kirklandkees: do my changelogs in that last pastebin look good?23:14
keeskirkland: I would break the scripts/local into several "   - blah..." sections for each logically separate thing (fstype fix, root_missing rework, fail handler rework)23:15
kirklandkees: k, let me do that...23:15
keesonce you've got that, mdadm, and lvm2 ready to fly, I'll install locally for a little extra regression testing too.23:16
kirklandkees: okay, i'll push to my ppa23:17
kirklandkees: bollocks.... is initramfs a bzr-managed package?23:19
keeskirkland: hm, no, seems to be debian-git managed.23:22
kees(we just patch on top of it)23:22
kirklandkees: hmpf, sorry, i on a weird page in Launchpad23:23
kirklandkees: changelog: http://pastebin.ubuntu.com/30416/23:25
keess/to replaced//23:26
kirklandkees: got it.23:27
kirklandkees: initramfs-tools_0.92bubuntu7~ppa10 uploaded to my PPA, if you want to test23:33
kirklandkees: along with mdadm - 2.6.7-3ubuntu2~ppa923:33
kirklandkees: (you'll need them both)23:33
keesrockin'23:33
kirklandkees: i'm yanking the config file bits out of my mdadm patch23:38
kirklandkees: saving them off somewhere ;-)23:38
kirklandkees: I'm going to post my test instructions in the wiki Spec page23:39
kirklandkees: okay, updated patches attached to https://bugs.edge.launchpad.net/ubuntu/+source/mdadm/+bug/12037523:45
uvirtbotLaunchpad bug 120375 in initramfs-tools "cannot boot raid1 with only one disk" [Undecided,Confirmed]23:45
* kirkland goes write test instructions23:46

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!