/srv/irclogs.ubuntu.com/2008/08/01/#ubuntu-server.txt

kirkland	jdstrand: auth-client-config question	00:31
=== freaky[t] is now known as fReAkY[t]
RoAkSoAx	hey guys has anyone of you set up an active/passive config using heartbeat in HH ?	01:12
=== emgent_ is now known as emgent
kinema	Is there a standard way of loading iptables rules in Ubuntu?	03:08
ScottK	kinema: See the ufw package.	03:08
ScottK	It provides some basic standard settings for such.	03:08
ScottK	Personally I have a shell script I like.	03:09
kinema	Hmmm....denying all traffic when logged in via ssh isn't the smartest thing I've done today.	03:21
ScottK	Trust me, you aren't the first one to do that.	03:23
unewbi1	:)	03:24
kinema	What are the chances there is a decent Ubuntuish script or set of scripts for managing a firewall somewhere online that I could look at?	03:30
kinema	There's something I find unsettling about ufw.	03:33
* hads likes firehol		03:34
ScottK	kinema: If you find problems about ufw, please file bugs.	03:38
* ScottK likes /sh, but probably not what you're after.		03:39
kinema	ScottK: I'm going to give ufw a chance.	03:39
kinema	We'll see.	03:39
kinema	Of course I'll file bugs if necessary.	03:40
ScottK	OK, but please file bugs. It is actively developed within the Ubuntu Server team, so it's worth doing.	03:40
kinema	ScottK: Would I be correct in assuming that rules are inserted into the various tabes/chains as soon as command is executed?	03:41
ScottK	kinema: I'm not sure, as I've mentioned, I don't use it, but it's the recommended approach in Ubuntu Server for people who don't roll their own.	03:42
kinema	Thanks.	03:42
ScottK	Maybe jdstrand is around and can answer.	03:45
kinema	I thought about it and the fact that running "sudo ufw default deny" killed my ssh connection shows that rules are inserted immediately.	03:47
timboy	I just upgraded my hard drive and I can't resize my partition with my livecd... I can resize my swap just fine but can't do anything with my / partition. can someone give me a hand?	03:51
ScottK	kinema: So I make a bug based on your experience. See Bug 253840.	03:53
uvirtbot	Launchpad bug 253840 in ufw "ufw should detect if the command being given will cut off SSH access and warn if the user is connected via SSH." [Wishlist,New] https://launchpad.net/bugs/253840	03:53
ScottK	lamont: Ping.	04:10
lamont	eep	04:10
ScottK	lamont: Remember my proposed script for adding stuff to master.cf?	04:10
lamont	yeah	04:10
lamont	were you expanding that to also do chroot vs non-chroot?	04:10
ScottK	Ball's in your court. What do you think?	04:10
ScottK	There's a couple more I'd like to add, but I was hoping for some feedback on the first one?	04:11
ScottK	I'd figured on doing add policy server next as it's very similar to add smtpd listener.	04:11
lamont	ah, ok	04:11
* lamont goes looking		04:11
ScottK	Then chroot/unchroot.	04:11
lamont	attached to the bug report, yes?	04:12
ScottK	IIRC.	04:12
lamont	well, it wasn't in my email... :-)	04:12
* lamont looks on L{		04:12
lamont	LP evenb	04:12
lamont	bug 247332	04:12
uvirtbot	Launchpad bug 247332 in postfix "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/247332	04:12
ScottK	Yeah. In Bug 247332	04:13
ScottK	Heh.	04:13
ScottK	Trust me I understand L followed by unprintable characters because you're cursing.	04:14
lamont	heh	04:14
lamont	'twould be nice if USAGE were a function, just to have it not evaluate every run - but that's a nit	04:15
lamont	and very minor grumbles about you making me update debian/copyright	04:15
lamont	could you pretty please pick one of the standard licenses, and name it?	04:16
ScottK	OK.	04:16
lamont	I don't care if it's the postfix license, or another non-conflicting one	04:16
* ScottK tries to remember		04:16
ScottK	That's MIT license.	04:16
lamont	and I think PEP-8 (?) or somewhere wants imports to be one per line	04:17
lamont	or such	04:17
lamont	OTOH, you're much closer to PEP-8 that most of my stuff before I started paying attention to it under threat of pain	04:17
lamont	I also tend to make a function called __main__ or such and just say if __name__ == '__main__': \n __main__()	04:18
lamont	which gives me something I can call when I'm playing with python -i and such	04:18
ScottK	Right.	04:19
ScottK	I looked and PEP-8 says one per line.	04:19
lamont	so general feedback would be PEP-8 conformance, the muttering about main() and USAGE, and otherwise a handwavy "looks at least not-unreasonable, if not just plain reasonable, +1"	04:20
lamont	and is shutil all the rage these days? /me hasn't ever used it	04:21
lamont	while understanding that it may be the new hotness and I'm not. :)	04:21
ScottK	OK. The one functional shortcut that it takes that might be an excessive one is it just assumes if the name of the smtpd you want setup appears anywhere in master.cf it's a bad idea.	04:21
ScottK	The shutil usage is a result of, "Gee, never had to do that before, let's see what the shiny new edition of Python in a Nutshell has to say about it."	04:22
ScottK	Honestly I don't want to go to the effort to make it smart enough to do the case where it has to find out if it's a duplicative service name or something else.	04:23
ScottK	Maybe I just add MIT to common-licenses and make it easy.	04:23
lamont	anywhere as in anywhere? or anywhere as first token?	04:24
ScottK	Anywhere like it parses line by line through your master.cf and if it finds the string you gave as your desired service name it says no thanks.	04:25
ScottK	And stops.	04:25
ScottK	For a helper script like this I think it's better to bail out in the face of any uncertainty that to try to be to smart about it.	04:25
ScottK	The use case I'm thinking about it you don't want to run it twice by accident and end up adding the same service two times in master.cf.	04:26
lamont	ScottK: makes sense	05:55
=== kinema_ is now known as kinema
kinema	Any ufw people here?	06:46
=== `6og is now known as Kamping_Kaiser
kaushal	hi	07:47
kraut	moin	08:07
kaushal	hi	08:40
kaushal	I did apt-cdrom add and that got listed in /etc/apt/sources.list	08:40
kaushal	but when i try to add apache2 it gets from Internet	08:41
kaushal	and not from Cdrom	08:41
elnewb	How much more RAM would I need to add a GUI (fluxbox or GNOME) to ubuntu server?	08:53
MenZa	That would depend on how much you have now :P	08:54
elnewb	384MB (It's a really old Dell)	08:55
_ruben	kaushal: then you need to disable the internet repositories in that file	09:03
kaushal	ok	09:04
elnewb	how do i install fluxbox? I tried with this "sudo apt-get install fluxbox x-window-system-core xdm"	09:13
MenZa	384mb ram should run even a light Gnome setup decently	09:14
elnewb	ok	09:21
thefish	hello	09:55
thefish	anyone here use a free landscape alternative for updating multiple servers? i would like to eliminate the need to spend hours ssh'ing into boxes to update them...	09:56
_ruben	we're using an in-house developed script with a cvs backend	10:01
_ruben	far from perfect, but it does its job quite ok	10:01
thefish	_ruben: cool, get updates from cvs?	10:02
_ruben	thefish: the script does a cvs up every 10 mins .. and symlinks the files into place (which is one big downside of it, not all files can be 'replaced' with symlinks (chroots, sudoers file, etc))	10:04
thefish	aah ok, fair enough	10:04
_ruben	writing a replacement for it is on my todo list, along with a gazillion other things :-/	10:04
thefish	i was thinking of something closer to landscape, which will use dpkg on the client with a package	10:05
thefish	hehe i know the feeling	10:05
_ruben	its a rather common one ;)	10:06
thefish	im spending more and more time on just apt-get upgradeing - got to have a better way!	10:22
thefish	redhat/fedora now has free spacewalk	10:23
thefish	which is similar to landscape, but free as in beer as well as speech	10:23
_ruben	thefish: oh, you're talking package management .. i was referring to configuration management .. package managment is smth i do by hand still (and far from as often as i should)	10:32
thefish	_ruben: for configs, have you tried puppet? http://www.howtoforge.com/installing_puppet_on_ubuntu	10:35
thefish	ive not tried, but it looks quite powerful	10:35
uvirtbot	New bug: #253910 in samba (main) "package winbind 2:3.2.0-4ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/253910	11:20
_ruben	thefish: dont know it, so: no ;)	11:38
=== RainCT is now known as RainCT_
lch	hi	11:52
lch	I'm having problems setting up the server on my PC, installation goes fine, but when I reboot I get a segfault after Grub initiates booting	11:52
lch	I got the suggestion to use a generic kernel, how can I do that?	11:52
lch	I have installed linux-image-2.6.24-19-generic via apt now	11:55
lch	I suppose I need to get the kernel modules, too?	11:55
Kamping_Kaiser	required modules should be pulled in automatically	11:56
lch	why can't I use "admin" as an account name?	12:19
lch	debian had no trouble with that	12:19
lch	what is it that Ubuntu needs this name for?	12:19
Kamping_Kaiser	what sort of error do you have?	12:19
lch	it doesn't let me create a user with account name "admin" during installation	12:20
lch	claiming that it's used by the system	12:20
lch	or reserved	12:20
Kamping_Kaiser	the group name is in use	12:20
Deeps	sounds like an installer bug	12:21
Kamping_Kaiser	not sure i agree tbh	12:23
lch	I'm using "administrator" as a substitute, but that's kinda unnecessarily long	12:24
Koon	lch: you can rename it afterwards	12:24
Koon	lch: the installer probably tries to create a user and group with the name you provide, and the admin group is already taken	12:24
lch	yup	12:25
Deeps	thats what id susecpt too	12:30
Deeps	as i was able to create a user admin as long as i specified a group for it to go into	12:30
Deeps	hense being an installer bug if it's simply claiming the username is in use/reserved by the system	12:39
=== lch_ is now known as lch
=== fReAkY[t] is now known as freaky[t]
lch	why is python installed automatically?	14:49
lch	is it needed?	14:49
lch	same question regarding perl	14:49
sommer	lch: yes	14:50
lch	what is it used for?	14:50
sommer	lots of things... I believe apt needs perl and I'm sure there are multiple apps that need python	14:51
lch	I know that in Gentoo, the system things are programmed in Python	14:51
sommer	don't quote me on the apt thing, but basically they're installed as dependencies	14:53
sommer	and probably most admins would want them :)	14:53
maswan	and some system stuff is written in it	14:54
maswan	go check out file * \|grep python in, say, /usr/sbin	14:54
maswan	and the same for perl	14:54
maswan	I'm sure you can recognise some core component	14:54
ScottK	In Ubuntu Python and Perl are both part of the required set of packages.	14:55
ScottK	Just to pick one thing for Python the LSB standard functions for init scripts is written in Python.	14:55
lch	hmm	14:57
lch	I need to shrink my installation, though	14:57
lch	I already threw ppp over board because I don't need it, I'll do the same with the wireless and wpa stuff	14:57
lch	anything else I can throw out?	14:58
zul	kirkland: bad bad	15:00
jdstrand	zul: in your nut work (that sounds a bit odd...) have you come across anything about tripplite UPSs not reporting their battery/line power properly?	15:09
maswan	lch: /usr/share/doc ? :)	15:10
maswan	lch: a bunch of kernel modules?	15:10
jdstrand	zul: specifically, they toggle 'on battery' to 'on line power' and back frequently	15:10
lch	yeah, about that... I installed linux-generic because my system wouldn't boot otherwise	15:10
lch	but it's a hefty 125 MB	15:11
zul	jdstrand: yeah it does sound a bit odd, its suppose to be fixed in intrepid I think but I havent backported the patch to hardy yet	15:12
jdstrand	zul: oh excellent	15:12
jdstrand	it is mighty annoying, and you have an eager tester :)	15:13
zul	jdstrand: nifty are you running intrepid yet?	15:13
jdstrand	zul: no, this is a production hardy machine	15:14
=== RainCT_ is now known as RainCT
zul	jdstrand: ah ok...	15:14
jdstrand	zul: I don't mind recompiling on hardy though	15:14
lch	maswan, so assuming I don't plan to change my hardware at all for the forseeable future, I suppose I can delete all the kernel modules that aren't in use at the moment? right or wrong?	15:14
jdstrand	zul: or testing an SRU	15:14
zul	jdstrand: I could probably backport it for hardy	15:14
zul	ie: stick it in my ppa	15:15
lch	I have 62M avail :(	15:15
zul	jdstrand: but please open a bug in launchpad as well and I can see about getting a patch as well	15:16
jdstrand	zul: I'm going to recompile intrepid's version on hardy, and let you know how it goes	15:17
zul	jdstrand: sounds good	15:17
kirkland	zul: bad bad, what?	15:42
zul	kirkland: there was a typo in the winbind.init script for samba-3.2	15:43
zul	but it happens	15:43
Koon	mathiaz: about tomcat6, I've written a spec to describe the implementation options I followed (Tomcat6StackSpec). One question is related to the webapp framework, or how we expect it to be	15:54
mathiaz	Koon: I think that is a very good question	15:55
Koon	mathiaz: are we aiming to install all webapps in a common folder ? Or have some kind of registry to point the future webapp framework to the applications wherever they appear to be ?	15:55
mathiaz	Koon: hm - I've been thinking about that lately - I'm thinking about a kind of registery	15:56
mathiaz	Koon: where you'd install a webapp pkg in /usr/share	15:56
mathiaz	Koon: and then deploy it in /var/www, or /var/lib/tomcat6/webapps	15:56
mathiaz	Koon: the way you do with the sample apps in a postinst	15:57
mathiaz	Koon: it would be similar to the way dpkg operates	15:57
mathiaz	Koon: but all this is still a bit fuzzy right now	15:58
Koon	mathiaz: so where should I install the tomcat6 webapps ? Note that most of them are tied to tomcat6	15:58
Koon	(tomcat6-admin and tomcat6-docs)	15:58
Koon	(one may consider the -examples as being usable on another servlet/jsp container)	15:59
chmac	I've got two machines on a network, but only 1 has permission to access the internet. The two can talk to each other though.	15:59
chmac	What's the easiest way to give the second one access to the internet via the first?	15:59
chmac	Host a VPN server?	16:00
Koon	mathiaz: in a common /usr/share/webapps directory ? or leave them under /usr/share/tomcat6/webapps and let the future registering thing handle them there ?	16:00
chmac	Create a virtual interface and then ip masquerade?	16:00
chmac	Any suggestions?	16:00
\sh	Chipzz: NAT	16:00
\sh	sorry	16:01
\sh	chmac: NAT	16:01
chmac	chmac: Create a virtual interface and then nat the second machine through the first?	16:01
\sh	chmac: use two interfaces	16:01
jdstrand	zul: unfortunately nut 2.2.2-6ubuntu1 doesn't fix it	16:01
chmac	Hahaha, I'm talking to myself, DOH! \sh that was for you ^^	16:01
\sh	two real nics	16:01
chmac	\sh: I don't have two nics available unfortunately	16:01
\sh	chmac: if you can't ifconfig eth0:1 192.168.1.1 (or whatever rfc priv addr) and then add some -t nat -A POSTROUTING magic	16:02
zul	jdstrand: crap can you open a bug in launchpad and I can forward it upstream	16:03
chmac	\sh: Ahh, I can create a virtual interface just with ifconfig eth0:1 can I? Or will I need to create that first in /etc/network/interfaces ?	16:03
jdstrand	zul: I sure will	16:03
chmac	My /etc/network/interfaces file doesn't list eth0 currently, it only lists lo and ppp0	16:03
\sh	chmac: oh...the real way to do it is through /etc/network/interfaces (auto eth0:1 \n iface eth0:1 inet static...)	16:03
chmac	\sh: Ok, I found a howto on that, thanks :)	16:04
zul	jdstrand: thanks	16:04
jason__	I	16:09
jason__	I'm not sure how to ask a question here, so I'll just do it.	16:10
jason__	I acedentaly changed the grounps for my main user to just its own group and www-data. Without sudo how can I add the admin and other groups back?	16:10
sommer	jason__: do you have another admin user on the box? if not you'll need to boot into recovery mode which will allow you to re-add the groups	16:11
* ScottK stops typing because sommer already said it better.		16:12
sommer	:)	16:12
jason__	no, thats the only user, how do I boot into recovery mode, I've never done it before	16:12
sommer	jason__: just reboot and from the grub menu there should be a "recovery" option	16:13
sommer	jason__: I forget the actual verbage, but it should be the one after the current kernel	16:13
jason__	I only have the one install and I dont see a grub loader like when I reboot my laptop with multiple partions. How can I force the grub loader?	16:14
sommer	jason__: press escape right before booting a message should flash with a 3 second counter	16:14
jason__	ok, thanks	16:14
jason__	I'll give it a try	16:15
jason__	once I boot in recovery I just need to type "sudo usermod -G username,adm,uucp,dialout,cdrom,floppy,audio,dip,video,plugdev,scanner,netdev,lpadmin,powerdev,admin username"	16:16
jason__	is there any other groups to concider?	16:16
billoutre_	hello	16:17
kirkland	dendrobates: mathiaz: fyi, I posted to debian-devel last night, asking for permission to do mass bug filing on the init script status actions	16:17
ScottK	jason__: In the recovery console you'll be root, so no sudo needed.	16:18
jason__	I guess that should have be obvious	16:18
ScottK	Once you're there the prompt will be #, so yes.	16:19
=== edmoore_ is now known as edmoore
jason__	I'm going to my server room (bedroom closet) to give this a try, any more groups to add?	16:19
ScottK	As long as you get admin, iirc, you can fix the rest later.	16:20
jason__	ok, thanks alot, be back later.. and be fixed I hope	16:20
Koon	mathiaz: got to go now, please comment on the Tomcat6StackSpec directly with the location you prefer for Tomcat6 webapps.	16:29
jdstrand	zul: bug #253999	16:37
uvirtbot	Launchpad bug 253999 in nut "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/253999	16:37
zul	jdstrand: thansk	16:37
jdstrand	np	16:37
uvirtbot	New bug: #253993 in samba (main) "/etc/init.d/winbind has a parse error" [Undecided,Confirmed] https://launchpad.net/bugs/253993	16:51
uvirtbot	New bug: #253999 in nut (universe) "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/253999	16:51
uvirtbot	New bug: #249878 in openldap2.3 (main) "CVE-2008-2952: BER Decoding Remote DoS Vulnerability" [Medium,Fix released] https://launchpad.net/bugs/249878	16:56
kirkland	zul: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/253993	16:58
uvirtbot	Launchpad bug 253993 in samba "/etc/init.d/winbind has a parse error" [Undecided,Confirmed]	16:58
kirkland	zul: can you sponsor?	16:58
edmoore	how is a server cpu different? if I'm building a headless box, should I avoid commodity intel core 2 type stuff?	16:59
zul	kirkland: already fixed	16:59
zul	3.2.0-4ubuntu3 was uploaded this morning	16:59
kirkland	zul: oh, thanks, you fixed it?	17:03
zul	yep	17:03
kirkland	zul: is there another bug?	17:03
kirkland	zul: should this one be a duplicate?	17:03
zul	it should be a duplicate	17:03
kirkland	jdstrand: can you take a look at https://bugs.launchpad.net/bugs/253816	17:16
uvirtbot	Launchpad bug 253816 in ecryptfs-utils "pam_ecryptfs needs to be added to the common-password stack by auth-client-config" [Medium,Triaged]	17:16
kirkland	jdstrand: i needed to add ecryptfs to the pam password stack, to rewrap your password if you change your login password	17:17
edmoore	can you run different sized drives in raid1? so say i have a pair of 250GB hdds, and in 3 years time one of them falls over, do I have to replace it with a 250gb hdd, or can i get a much larger one?	17:18
jdstrand	kirkland: oh so this is just a change to the ecryptfs-utils acc-profile? yeah, no problem. I assume you have tested the profile and it works in all cases? I was kinda surprised to not see 'use_first_pass'...	17:21
kirkland	jdstrand: actually, that's part of what i wanted you to take a look at that	17:21
kirkland	jdstrand: i'm actually not sure where in the stack it belongs	17:22
kirkland	jdstrand: and if "required" is correct	17:22
jdstrand	kirkland: well, it depends on what you want	17:25
jdstrand	what you have will prompt for the password via pam_unix, if it fails, end pam processing	17:26
jdstrand	if it succeeds, do the smbpass thing	17:26
kirkland	jdstrand: okay, so if a user's password change is successful, we're going to use the old password to unwrap the mount passphrase, and re-wrap it with the new password	17:26
kirkland	jdstrand: this should only run if the full password change is successful	17:26
jdstrand	then ecryptfs-- which prompts theuser again, and if that fails, then pam fails	17:26
kirkland	jdstrand: i tested it, and it did work in my one simple, direct test case	17:27
jdstrand	you were prompted twice-- correct?	17:27
jdstrand	(eg pam_unix and pam_ecryptfs)	17:27
jdstrand	kirkland: does pam_ecryptfs support 'use_first_pass'?	17:28
kirkland	jdstrand: lemme check....	17:29
kirkland	jdstrand: grep turns up no hits to that string in the pam_ecryptfs source code	17:29
jdstrand	kirkland: I haven't done pam programming, but it seems clear that the best user experience is to get the password from pam_unix via 'use_first_pass' and send that to pam_ecryptfs	17:31
jdstrand	kirkland: I wonder if it will just get that by linking into libpam.so.0 and libpam_misc.so.0?	17:34
jdstrand	(which it does)	17:34
kirkland	jdstrand: that's possible	17:34
kirkland	jdstrand: i don't see any references in the pam_ecryptfs source code, but it works	17:35
jdstrand	kirkland: so this time you aren't prompted twice?	17:35
kirkland	jdstrand: right, i'm not prompted twice	17:36
jdstrand	kirkland: good-- the last bit is 'required'	17:36
jdstrand	hold on...	17:36
jdstrand	kirkland: do you think it is reasonable that the whole operation fail if ecryptfs fails for some reasn?	17:41
jdstrand	kirkland: I am thinking particularly about password expiration	17:41
kirkland	jdstrand: well, people's data will not be immediately accessible, if their login password changes, but their wrap passphrase doesn't	17:42
jdstrand	kirkland: when might this operation fail? if the passwords are out of sync certainly, any other times?	17:43
jdstrand	kirkland: and does pam_ecryptfs output a helpful message in the case of failure?	17:44
kirkland	jdstrand: i'm trying to think of what failure might occur	17:45
jdstrand	kirkland: what if the user just delete ~/Confidential (or whatever it's called these days)?	17:45
kirkland	jdstrand: ah, right, ~/.ecryptfs/wrapped-passphrase	17:46
kirkland	jdstrand: if that disappears	17:46
jdstrand	kirkland: what if $HOME is nfs/smb mounted and is unavailable?	17:46
jdstrand	kirkland: I didn't actually think about this before, but it seems that in auth it's required, but in session it's optional	17:48
kirkland	jdstrand: yeah, i'm not sure about that either... sadly, i'm not a PAM expert	17:49
jdstrand	kirkland: that sounds wrong-- in case the user delete ~/.ecryptfs, boom no login	17:49
jdstrand	kirkland: np-- I think optional is the way to go for all of them. it'll work when it's supposed to, and fail gracefully	17:50
kirkland	jdstrand: yeah, that does sound better	17:50
jdstrand	kirkland: it will require testing though, in various failure modes	17:50
jdstrand	s/modes/situations/	17:50
kirkland	jdstrand: i'll do some testing here, and resubmit the patch	17:51
jdstrand	kirkland: excellent! :)	17:51
* delcoyote hi		17:55
RainCT	Why does "dpkg-reconfigure slapd" ask for an organization name, if it isn't used for anything?	19:07
sommer	anyone know if there is a way to restrict "sudo bash"?	19:23
Deeps	afaik you can restrict what commands can be run by sudo	19:24
Deeps	man sudoers would know more	19:24
sommer	Deeps: heh, true thanks	19:24
Deeps	happy to help :)	19:25
stiv2k	Does anyone here use ddclient? It's not updating my ***** IP address	19:51
egoleo	is not dd	19:52
egoleo	is dhclient	19:52
egoleo	i gues	19:52
stiv2k	egoleo: No, it's ddclient I'm talking about	19:52
egoleo	oh ok	19:52
egoleo	sorry	19:52
egoleo	never used that	19:53
Deeps	Description: Update IP addresses at dynamic DNS services	19:53
stiv2k	Deeps: It just isn't updating. I can't figure out why... it used to though	19:53
Deeps	dont use it either, sorry	19:53
* stiv2k drop kicks his server.		19:53
egoleo	how do i upgrade ubuntu server 6.04 to 8.04 server	19:54
=== kraut_ is now known as kraut
egoleo	any link plse	19:54
=== kwa is now known as K-Mile
kees	winbind status has a typo and is making it uninstallable.	20:05
K-Mile	Hi folks, I am having difficulty with network connectivity using 2 interfaces on an server running in VMware Server (both Ubuntu 7.04). Either LAN works, WAN works, or neither. I can't figure out if the host or the guest drops the connections. VMware (bridged networking) should not get in the way, right?	20:05
kees	kirkland: ^^ (winbind)	20:06
kirkland	kees: it's fixed	20:06
kees	kirkland: ah, okay, I just got unlucky. :)	20:06
kirkland	kees: needs to be sync'd out	20:06
kirkland	kees: yeah, sorry	20:06
kees	kirkland: np :)	20:06
bamed	K-Mile: I know this is a dumb question, but just to make sure, your WAN and LAN aren't on the same subnet are they?	20:07
K-Mile	bamed: no, both are on a different router, different IP ranges, and I can connect from LAN using either the public or the local IP address..	20:08
K-Mile	but the setup is shaky, since I had some trouble with conflicting DNS settings provided.. they are both on DHCP, that might not be an optimal solution..	20:09
K-Mile	the reason I want the two interfaces is that I want to expose Apache and SSH to the world, but they rely on LDAP authentication to a local server in the LAN	20:11
bamed	VMWare creates a couple of virtual NIC's; make sure those subnets don't conflict with anything, I've seen the vmnet interface cause routing problems in such cases	20:12
K-Mile	thanks.. just found out that my VMware died on me... expired beta it seems	20:13
K-Mile	why do they timebomb that thing?!	20:13
K-Mile	will check those vmnet interfaces though	20:14
K-Mile	the vmware server has 2 default gateways..	20:16
_ruben	they timebomb it so ppl wont end up using beta stuff for ages when better (more) final versions are out	20:16
K-Mile	yeah, figured that out.. I remember how hard it was getting this thing running, so I feel reluctant to go through that again :/	20:17
K-Mile	could be me though...	20:17
_ruben	vmware server 2 is easier to setup than vmware server 1 actually	20:18
_ruben	since ubuntu 7.10 and 8.04 are actually supported for 2 and not for 1	20:18
egoleo	how can i upgrade from 6.04 to 8.04	20:19
egoleo	server	20:19
Deeps	6.04? o_O	20:19
egoleo	6	20:20
egoleo	server	20:20
Deeps	oh, dapper	20:20
egoleo	yeah	20:20
egoleo	is that possible	20:20
_ruben	first hit of google: http://www.ubuntu.com/getubuntu/upgrading	20:20
egoleo	is the server	20:20
egoleo	ok	20:20
K-Mile	_ruben: is there a package for VMware, or is it just a install from src from VMware?	20:23
K-Mile	binary from VMware I mean	20:24
bamed	binary vrom VMware is the only way I know to, and it won't run without some tweaking to your system, but there's some good info in the wiki	20:27
bamed	s/vrom/from	20:27
egoleo	hey guys anyone running exim mail server?	20:27
egoleo	i am receiving all sort of junk mails and also getting my IP been blocked all the time	20:28
egoleo	any help on that	20:28
K-Mile	bamed: thanks.. will take a while before I can get to those networking issues ;)	20:28
K-Mile	vmnets are in different subnets btw	20:28
bamed	if you're wanting data from the WAN to be passed to the LAN then make sure net.ipv4.ip_forward = 0	20:29
bamed	I mean = 1	20:29
K-Mile	bamed: no, I don't want to route from WAN to LAN.. I just want to expose some services over WAN	20:32
K-Mile	I could try just to enable the WAN interface on the guest OS	20:34
K-Mile	but I need apache to authenticate with LDAP in the LAN..	20:34
uvirtbot	New bug: #254053 in samba (main) "[intrepid] winbind /etc/init.d/winbind error during upgrade" [Undecided,New] https://launchpad.net/bugs/254053	20:36
_ruben	K-Mile: the binary package provided by vmare for server 2 (rc1) installs just fine on ubuntu 8.04	20:43
K-Mile	Hmm.. I've got Feisty AFAIK	20:43
_ruben	for 7.04 and 7.10 there's an ubuntu package for server 1 in the partner repo	20:43
_ruben	havent tried server on feisty myself	20:44
_ruben	but it is support by vmware iirc	20:44
K-Mile	yeah, I know, but I already run server 2, so I can't really downgrade	20:44
K-Mile	will try the binary package	20:44
K-Mile	from VMware	20:45
K-Mile	could the fact that I have 2 default gateways on the host interfere with WAN access to the guest OS?	20:45
_ruben	it ougta be pretty painless .. except for you having install a package or two from the ubuntu repos (like a compiler and some libs)	20:46
_ruben	2 default gateways is asking for troubles, unless configured 'perfectly'	20:46
K-Mile	they probably aren't ;-)	20:46
_ruben	gotta go for now .. might be back in a bit	20:46
K-Mile	will set the wan interface to static	20:46
K-Mile	k, thanks so far!	20:46
=== freaky[t] is now known as fReAkY[t]
=== fReAkY[t] is now known as freaky[t]
Deeps	haha	21:02
Deeps	comparing debian testing with ubuntu hardy	21:02
Deeps	apt-get --help	21:02
Deeps	debian: autoremove - Remove automatically all unused packages	21:02
Deeps	ubuntu: autoremove - Remove all automatic unused packages	21:02
Deeps	brilliant	21:02
ogra	Deeps, and the fun stuff is that its the same maintainer :)	21:05
Deeps	lmao	21:05
ogra	hardy was frozen way before lenny though ... that explains why the fix is in debian testing, unstable and intrepid	21:08
Deeps	safe	21:09
K-Mile	that	21:10
K-Mile	that's weird.. the second time my server freezes while working on the network settinga	21:10
K-Mile	a=s	21:10
K-Mile	got one ssh session still going, two died on me, as well as the local terminal	21:11
K-Mile	and calling ifconfig also screwed my last session :(	21:13
K-Mile	I expected the SSH session to go when I reset my networking, not the entire system EXCEPT the SSH session..	21:14
_ruben	ssh usualy survives a network restart, unless an ip change is involved	21:19
K-Mile	yeah, but two out of three died, as well as the box itself...	21:19
K-Mile	num-lock does not even respond.. cant switch to different terminal with alt-Fx	21:20
K-Mile	I really don;t like hard-resetting the box two times in a row...	21:21
_ruben	strange	21:24
K-Mile	yeah..	21:24
K-Mile	its an almost new dell poweredge.. so far no issues.. except today when I unplugged a network cable, same thing happened	21:25
_ruben	hmm .. scary	21:28
K-Mile	yeah	21:29
K-Mile	does respond to SysReq combinations..	21:29
K-Mile	rebooted..	21:29
K-Mile	http://xkcd.com/349/	21:34
K-Mile	What started out as an attempt to expose Apache over WAN, got me reinstalling VMware and now checking my systems memory and filesystem because of system freezes..	21:34
K-Mile	one of those nights.. ;-)	21:34
hocmin	Does ubuntu support installs on a headless server? If so, are there any guides?	22:25
hocmin	No one knows?	22:31
kirkland	hocmin: sure	22:33
K-Mile	what are you going to use your server for?	22:33
kirkland	hocmin: can you elaborate?	22:33
hocmin	kirkland: bought a ibm eserver. I'd like to install ubuntu server on it	22:33
hocmin	kirkland: what other information do you need?	22:34
f11f12	does anyone use anjuta?	22:34
kirkland	hocmin: and you don't have a monitor hooked up to it?	22:34
hocmin	K-Mile: simple web server, file server, maybe e-mail if I'm feeling adventurous	22:34
hocmin	kirkland: right, no monitor	22:35
K-Mile	well, almost everything can be done using SSH, only during installation you'd need to hook up peripherals	22:36
hads	Traditionally you'd just find a monitor to hook up while you are installing.	22:36
hocmin	K-Mile, so then ubuntu does not support a headless install	22:36
hocmin	ok	22:36
K-Mile	I'm not sure if you can install it without	22:36
K-Mile	live CD	22:36
K-Mile	's don't have a root password set	22:37
hocmin	actually, I need to find some sort of c2t/vga adapter, but ok	22:37
K-Mile	so that makes external access a bit tricky	22:37
hocmin	thanks for the info	22:37
f11f12	hocmin: is the serial port an option?	22:37
K-Mile	maybe use a KVM switch?	22:37
hocmin	f11f12: there is a serial port. What can I do with that?	22:37
hocmin	(9 pin if it matters)	22:37
f11f12	hocmin: pass this kernel option (in grub): console=ttyS1,9600 console=tty0	22:37
hocmin	f11f12: how do I pass kernel option on a headless box?	22:38
K-Mile	you could create a live cd with the correct settings	22:38
K-Mile	and boot it up and install from there	22:38
f11f12	hocmin: better this one: console=ttyS0,9600	22:38
f11f12	hocmin: you will have to make a special CD for it or boot once with a keyboard/screen	22:39
hocmin	ok, never done this before, but I can look for a guide. I'm assuming this is pretty easy thing?	22:42
f11f12	hocmin: if you remove the graphics adapter form the machine, it might not boot, depending on your bios, a VGA Card is maybe mandatoty (you get beep codes)	22:42
hocmin	I don't think I got a beep code when I booted it	22:43
f11f12	hocmin: http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/index.html	22:43
hocmin	it's possible I bought a server that's lacking parts to run, but I think that's a little unlikely	22:43
hocmin	ok cool	22:43
hocmin	I'll read up on that guide and try to connect to the server	22:43
f11f12	hocmin: did you detach the speaker too? ;-)	22:44
hocmin	I haven't detached anything	22:44
hocmin	I just bought the thing	22:44
hads	Finding a monitor to use for an hour or so might be easier :)	22:45
hocmin	it's not the monitor	22:45
hocmin	it's getting an adapter for it	22:45
hocmin	no vga port	22:45
hads	No adapter at all? How odd.	22:45
K-Mile	what kind of server is it?	22:46
K-Mile	you just bought it?	22:46
hocmin	ibm eserver 335	22:47
hocmin	it's got c2t	22:47
hocmin	had to look that up	22:47
hocmin	and it's got serial	22:47
K-Mile	you'd need an IBM kvm switch for that	22:47
f11f12	hocmin: if it is a server w/o vga card, then it usually responds on the serial console, my siemens board does it.	22:47
* hocmin dies a little inside		22:48
hocmin	f11f12, yeah that is sounding like my best option	22:48
hocmin	f11f12, I'll read the guide on making my own live CD, how to work on serial, and then give it my best shot	22:48
K-Mile	good luck with that ;-)	22:48
hocmin	thanks	22:50
K-Mile	ah crap, somebody shoot me...	22:50
K-Mile	i downloaded the 32bit version of VMware	22:50
K-Mile	and I'm behind a slow connection :(	22:50
K-Mile	(and a 64bit box)	22:50
f11f12	hocmin: you do have a serial (null-modem) cable? :-)	22:53
K-Mile	just a quick question while I download a new VMware...	22:57
K-Mile	i have a server with a wan and lan connection	22:57
duiu	IS there a way to make 'sudo shutdown -h now' to run when I hit the power button?	22:58
K-Mile	i need the DNS lookup of the lan connection, but my preferred gateway is the wan	22:58
K-Mile	is it a bad idea to mix those up too much?	22:58
K-Mile	duiu: do you have ACPI	23:01
duiu	Is that default, I know I don't have APIC?	23:01
K-Mile	duiu: probably, if you have a modern pc	23:02
K-Mile	duiu: you could try modifying /etc/acpi/powerbtn.sh	23:02
K-Mile	duiu: if you have that one	23:03
duiu	K-Mile: thanks	23:03
duiu	K-Mile: It's not there	23:04
duiu	no acpi folder	23:05
K-Mile	duiu: do you have the /etc/acpi folder?	23:05
duiu	no	23:05
K-Mile	k	23:05
K-Mile	and /proc/acpi	23:06
K-Mile	?	23:06
duiu	/proc/acpi is there	23:07
K-Mile	you could try installing acpi-support	23:09
duiu	installing...	23:11
K-Mile	see https://help.ubuntu.com/community/SuspendHowto#Event%20Processing	23:12
duiu	K-Mile: that gave me the folder, thanx	23:15
K-Mile	np	23:16
duiu	K-Mile: That did it, thanx again!	23:18
K-Mile	great!	23:19
duiu	I'd help you, but I don't know much about DNS	23:19
duiu	I mean, resolv.conf	23:19
K-Mile	:-)	23:19
K-Mile	yeah, been struggling with getting two interfaces, one LAN, one WAN, to work nicely on a host and VMware guest machine	23:20
duiu	there might be a 'force hostname resolution' parameter	23:20
duiu	you could try that	23:20
kirkland	jdstrand: mathiaz: kees: zul: hey, ecryptfs-utils has been promoted to main and pitti asked me to added to a seed. i put it in the server-ship seed under filesystems. who can commit this for me?	23:33
kirkland	https://code.launchpad.net/~kirkland/ubuntu-seeds/ubuntu.intrepid	23:33
* kees leaves seeds to soren and mathiaz. there are subtlties I'm less aware of.		23:34
mathiaz	kirkland: is there any reason to put it on the cd ?	23:39
kirkland	mathiaz: i have changes in the pipeline that will make 'adduser' depend on ecryptfs-utils	23:39
kirkland	mathiaz: which means that ecryptfs-utils would be used in the installation	23:40
mathiaz	kirkland: for intrepid timeframe ?	23:40
kirkland	mathiaz: yes	23:40
kirkland	mathiaz: those changes have been on ice until the MIR for ecryptfs-utils got approved	23:40
mathiaz	kirkland: well - if it goes into adduser as a dependency it will pulled into main anyway	23:41
kirkland	mathiaz: agreed, but in case that adduser change were controversial, i wanted to make sure it was in the server	23:42
kirkland	jdstrand: you still around?	23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!