=== leonel_ is now known as leonel | ||
zul | kees: yep it seems to only fail on the builds for that one test on amd64 | 00:16 |
---|---|---|
zul | but it built fine on my ppa | 00:16 |
zul | kees: its on my todo list :) | 00:17 |
kees | zul: oop, it just failed on i386 too, I've hit "retry" on it. | 00:22 |
zul | kees: *sigh* ok ill fix it right now | 00:22 |
kees | zul: well, I think it might be a transient bug. :( | 00:25 |
zul | did it fail in the samespot? | 00:25 |
kees | zul: nope, the next test, ironically | 00:26 |
zul | wtf? | 00:27 |
zul | kees: can you look at the 60_disabled_test.dpatch? | 00:37 |
zul | i think its broken | 00:38 |
kees | ? | 00:38 |
kees | seems okay? | 00:38 |
zul | its missing the @DPATCH@ part isnt it? | 00:39 |
kees | hrm, so it is -- does it matter for modern dpatch? | 00:40 |
zul | dunno thats why I asked you :) | 00:40 |
kees | let me check logs | 00:40 |
zul | anyways I regenerated the patch with disabling the failed test | 00:41 |
kees | applying patch 60_disabled_tests to ./ ... ok. | 00:41 |
kees | seems okay | 00:41 |
kees | umm... that's not a fix. :P | 00:41 |
zul | sec | 00:41 |
zul | well its a temporary fix :P | 00:43 |
owh | Salutations all. vmware-server and kernel modules has been a thorn in my side for some time. I've just found out that there is a vmware-server-kernel-source package. I've just recompiled for gutsy 2.6.22-15, but I don't have a hardy or intrepid install handy to test and was wondering if someone here might be able to help. | 00:49 |
excalibas | hello, I have internet with my wireless connection (wlan0) i want to connect to my wired connection (eth0) at the same time. is there a simple way to do this? | 00:49 |
owh | The process is outlined here: https://answers.launchpad.net/ubuntu/+question/36849 | 00:49 |
owh | excalibas: I would think that you can create a bridge between wlan0 and eth0 and use that for your connection, but I've not done it and I don't know if wlan supports bridging. | 00:50 |
=== PrivateVoid is now known as PV_Away | ||
excalibas | owh: thanks, and how do i create this bridge? | 00:52 |
owh | excalibas: Just to make sure here, you want to have connectivity to the network via both pipes at the same time, or is that not what you're asking? | 00:53 |
owh | excalibas: Or are you routing traffic from the LAN to WiFI? | 00:53 |
excalibas | well, im not sure what is the difference, i want to have internet from the WiFi and network from Lan on my laptop at the same time. | 00:56 |
owh | excalibas: Hmm, so you're not talking about a redundant link on a server then? | 01:01 |
excalibas | owh: no, i dont want to connect to the same server wifi is for a router and the lan is for a computer (ssh) | 01:03 |
owh | excalibas: Sorry, that's not what I meant - this is the ubuntu-server room and I based my advice on that you are running a server which you want to configure - however, that does not seem to be the case - you seem to be talking about a workstation that you want to connect to the 'net twice - via wlan and eth. Is that correct? | 01:05 |
MattJ | Is upgrading 7.04 direct to 8.04 discouraged? | 01:10 |
excalibas | owh: hehe sorry this is true, I want to do this on a workstation, not a server | 01:10 |
MattJ | do-release-upgrade goes to download gutsy | 01:10 |
owh | MattJ: I think that the only "jump" update is from Dapper to Hardy, all the others are incremental, but I may be wrong. | 01:11 |
MattJ | Ok, seems to be the case | 01:11 |
MattJ | Any idea how likely things are to break during upgrades? :) | 01:12 |
owh | MattJ: You know the answer to that already I'm sure -- it depends :) | 01:13 |
MattJ | Guessed so :) | 01:13 |
* MattJ crosses his fingers tight | 01:13 | |
owh | MattJ: Make a backup first. | 01:13 |
MattJ | Good idea | 01:13 |
owh | MattJ: rsync is your friend :) | 01:13 |
MattJ | I have daily incremental ones, but I think I'll make a full one | 01:14 |
MattJ | custom scripts > rsync :P | 01:14 |
owh | MattJ: That depends also -- I use the custom script at the rsync server end :) | 01:14 |
MattJ | Heh | 01:15 |
owh | excalibas: I've been looking for a GUI way to achieve what you want, but have not found one. Depending on your skill-level there are many ways to create what you're asking for, but I'm not tempted to walk you through that given that it is likely to make you disconnect from the 'net in the middle of the process. | 01:19 |
=== PV_Away is now known as PrivateVoid | ||
excalibas | owh: ok i was hoping for a GUI way, mabie i try firestarter | 01:28 |
vk5foss | excalibas: what you want A. shoul be asked in #ubuntu, and B. requires the other end of teh wifi+ethernet connections to know they are sharing. (option C. involves lots of iptables magic, and other hackery) | 01:31 |
jdstrand | MattJ: 6.06 -> 8.04 and 7.10 -> 8.04 are supported. any other upgrades are not supported | 01:32 |
jdstrand | MattJ: anything else and you are on your own. | 01:33 |
nxvl | or you can make upload by upload | 01:35 |
nxvl | :p | 01:35 |
nxvl | 6.10 -> 7.06 -> 7.10 -> 8.04 | 01:35 |
nxvl | s/upload/upgrade | 01:35 |
uvirtbot | New bug: #261326 in ipsec-tools (main) "racoon init script fairs poorly when using an unpriv user" [Undecided,New] https://launchpad.net/bugs/261326 | 01:36 |
jdstrand | that said (and I am not recommending this ;), I once performed an etch -> gutsy up/sidegrade that was tremendously hairy, but knowing the problems I would likely face and how to fix them, I was able to come out the other end with a 7.10 system | 01:36 |
jdstrand | MattJ: I also performed several 7.04 -> 7.10 -> 8.04 upgrades and they went very smoothely overall (and likely worth the double download time) | 01:38 |
vk5foss | nxvl: 7.04 :p | 01:38 |
nxvl | jdstrand: yeah once i do that and i almost died in using the sistem | 01:39 |
owh | For those contemplating helping me with my vmware-server test -- don't bother, I just realised that Hardy and Intrepid don't even have vmware-server yet :( | 01:45 |
MattJ | jdstrand: Thanks for that | 02:01 |
sommer | mathiaz: I was just wondering if you had an easy way of adding schemas to slapd in cn=config mode? | 02:49 |
sommer | mathiaz: more specifically slapd in cn=config mode configured with n-way replication | 02:49 |
mathiaz | sommer: not yet - as in there isn't any scripts to automate that | 02:50 |
sommer | mathiaz: heh, okay | 02:50 |
mathiaz | sommer: the good news is that you can add the schema with a simple ldap add command | 02:50 |
mathiaz | sommer: to the master, and it should replicate automatically to the slaves | 02:50 |
mathiaz | sommer: althought I've never tested n-way replication of cn=config | 02:51 |
sommer | mathiaz: right, I guess I was thinking more of converting a .schema file to ldif | 02:51 |
sommer | mathiaz: I've documented the n-way in the bzr branch :) | 02:51 |
sommer | I did find some instructions in the openldap mailing list archive, so I can just document those... it's not too bad, but not polished either | 02:52 |
mathiaz | sommer: interesting the idea of converting a .schema file to .ldif | 02:55 |
mathiaz | sommer: may be worth writting a script to do that :) | 02:55 |
sommer | mathiaz: well don't you need to do that before adding a schema to cn=config? | 02:55 |
sommer | mathiaz: http://markmail.org/message/ulxz4gnpzz3eg2md#query:openldap%20cn%3Dconfig%20convert%20schema+page:1+mid:pa3clnnt33ynxlwf+state:results | 02:56 |
mathiaz | sommer: well - it depends how you get the schema | 02:56 |
mathiaz | sommer: right - that's what I was suggesting | 02:56 |
sommer | those are the instructions I found... I guess the other thing would be to convert the schemas to ldif and supply the ldifs with the package? | 02:56 |
mathiaz | sommer: using slaptest to do the conversion | 02:56 |
mathiaz | sommer: right | 02:56 |
sommer | mathiaz: cool, so are you going to add a script to the package? | 02:57 |
mathiaz | sommer: probably not before FeatureFreeze | 02:57 |
sommer | mathiaz: either way, I'm just trying to update the Samba and LDAP section | 02:58 |
mathiaz | sommer: I'm currently testing the nss slapd overlay | 02:58 |
sommer | ah nice, were you thinking a shell script for the ldif conversion? | 02:58 |
mathiaz | sommer: seems that it's simple enough for a shell script | 02:59 |
sommer | I could probably work on something... FF is Friday? | 02:59 |
mathiaz | sommer: thursday | 02:59 |
sommer | mathiaz: doh, well I can just document the process :-) | 03:00 |
mathiaz | sommer: all of our Freezes and other important dates are on Thursday | 03:00 |
mathiaz | sommer: *thursdays* | 03:00 |
* sommer was too lazy to look at a calendar, heh | 03:01 | |
sommer | mathiaz: whoa... did you just talk to someone about the cn=config schema issue? | 03:22 |
mathiaz | sommer: nope ;) | 03:25 |
mathiaz | sommer: I was about to mention the thread on the openldap-pkg-maintainer | 03:25 |
mathiaz | sommer: mailing list that is discussing the same issue | 03:26 |
mathiaz | sommer: discussion is ongoing currently | 03:26 |
sommer | heh, small world :) | 03:26 |
jameswf-home | greetinngs | 06:07 |
jameswf-home | anyone use aiccu | 06:07 |
henkjan | jameswf-home: i'm using it at my home route (wrt54gl) | 07:00 |
lukehasnoname | how would I format the rsync command to use a non-standard ssh port? | 07:54 |
kraut | moin | 08:05 |
skep | henkjan: rsync --port=xyz | 11:00 |
skep | err.. lukehasnoname | 11:01 |
henkjan | np | 11:02 |
slim_ | hello all, | 12:04 |
slim_ | i asked the question in #ubuntu but no answer, then come here, i try to setup a router i search for this and reach to script but it seem that something still needed in this script because it not work, this is the script i'm using > http://phpfi.com/347352 | 12:07 |
macgerhard | when I run sar, I'm getting this error: Cannot open /var/log/sysstat/sa26: No such file or directory | 12:15 |
macgerhard | I'm on 8.04. Any ideas why? Google is clueless... | 12:16 |
ScottK | sommer: I reviewed you MIR and subscribed ubuntu-mir. Good work. Please do more. | 12:50 |
ScottK | sommer: I'd particularly appreciate arj and unzoo. | 12:50 |
soren | ScottK: You consider them essential? Wow. I don't even think I have them installed. | 12:54 |
soren | hm, apparantly, I do. | 12:54 |
ScottK | soren: They're recommends for clamav, so they need MIR to support that one. | 12:55 |
sommer | ScottK: you're talking about the clamav MIRs? those are due thursday, correct? | 13:30 |
ScottK | sommer: Yes. | 13:31 |
ScottK | They all are. | 13:31 |
ScottK | clamav is just a lot closer to done. | 13:31 |
sommer | ScottK: cool, I may have some time tonight | 13:33 |
ScottK | Great. | 13:33 |
sommer | ScottK: I have a quick question for you... I've packaged up the latest release of ldapscripts, and wanted to make sure that the next step is to get it sponsored? | 13:34 |
ScottK | yes. | 13:34 |
sommer | cool, I've also updated the debian package, and the original maintainer has orphaned it... so maybe they'll let me be that guy :) | 13:35 |
BUGabundo | hello | 14:10 |
BUGabundo | does anyone as the build link for 2.6.27 ? | 14:10 |
zul | for the kernel? | 14:10 |
BUGabundo | yes | 14:11 |
zul | http://kernel.ubuntu.com/pub | 14:11 |
BUGabundo | can't find it on https://edge.launchpad.net/ubuntu/+builds?build_text=2.6.27&build_state=all | 14:11 |
BUGabundo | didn't it get upload on Saturday? | 14:11 |
zul | still hasnt built yet probably | 14:13 |
BUGabundo | but I can't find it on LP builds | 14:14 |
zul | BUGabundo: it probably hasnt been accepted yet | 14:19 |
BUGabundo | I guess | 14:19 |
BUGabundo | https://edge.launchpad.net/ubuntu/+source/linux | 14:19 |
BUGabundo | but its there zul | 14:19 |
BUGabundo | any md5sum for http://kernel.ubuntu.com/pub/next/2.6.27-rc3/intrepid/linux-image-2.6.27-1-generic_2.6.27-1.1_amd64.deb ? | 14:34 |
BUGabundo | my came corrupt | 14:34 |
CrummyGummy | Hi all, I've noticed now that HP supports Debian. Has anyone here gotten their hpasm software to run on Ubuntu? | 14:34 |
CrummyGummy | I'm soooo glad I found this I almost installed Centos *shiver* | 14:37 |
Fenix|work | Greetings | 14:51 |
=== hessml|away is now known as hessml|away|away | ||
* delcoyote hi | 15:42 | |
zul | mathiaz: ping | 15:49 |
nijaba | Server Team meeting in #ubuntu-meeting in 10min | 15:49 |
mathiaz | zul: hello | 15:50 |
zul | mathiaz: so mysql everything builds except it fails for one test on 386 but it doesnt fail anywhere else | 15:50 |
zul | I talked to kees about this last night and he thought I shouldnt disable the test because he thinks it is a timing error but according to the buildlogs the mysql server is timing out when doing the test | 15:51 |
zul | and im not sure what to do about it | 15:52 |
mathiaz | zul: does it also fail in your local build environment ? | 15:52 |
zul | mathiaz: no I cant reproduce it here | 15:52 |
mathiaz | zul: could you try to increase the timeout ? | 15:52 |
zul | yeah I could do that, thats in the mysql-test suite perl program isnt it? | 15:53 |
zul | ill just double it | 15:55 |
mathiaz | zul: not sure - I'd guess it's in the test definition somewhere | 15:55 |
zul | mathiaz: gotcha | 15:55 |
Adakos | hey, anyone here good with NIC bonding? My attempts have lead to fatal kernel errors | 16:19 |
incorrect | i've had it working for years | 16:20 |
incorrect | i wrote a page on it sometime ago | 16:20 |
Adakos | incorrect: i have tried three times in the past 24 hours on my test system and all have ended in kernel errors | 16:20 |
Adakos | you dont have the link do you? | 16:20 |
incorrect | give me a sec | 16:21 |
Adakos | alright. I appreciate it | 16:21 |
Adakos | ls | 16:21 |
Adakos | wrong window, sorry ! | 16:22 |
lukehasnoname | thanks skep | 16:23 |
nxvl | good morning! | 16:40 |
Adakos | morning | 16:40 |
zul | nxvl: do you want to split up the ufw list? | 16:50 |
Xetrov` | i have a dual quad core xeon server i need to run vmware server on. my plan is to load ubuntu 6.06.2 as the base os. will vmware run on the x64 kernel or should i use the x86? | 16:51 |
nxvl | zul: ok | 16:51 |
nxvl | zul: i was going to start now | 16:51 |
zul | nxvl: i was too after the meeting | 16:51 |
nxvl | zul: ok, lets start after the meeting | 16:51 |
nxvl | :D | 16:51 |
nxvl | jdstrand: a profile is just what's describen under "Package Integration" at w.u.c/UbuntuFirewall, didn't it? | 17:00 |
jdstrand | nxvl: profiles are technically entries in files located in /etc/ufw/applications.d | 17:02 |
jdstrand | nxvl: so if you look at https://wiki.ubuntu.com/UbuntuFirewall#Package%20Integration | 17:02 |
jdstrand | nxvl: the apache bits might be in /etc/ufw/applications.d/apache and the samba ones in /etc/ufw/applications.d/samba | 17:03 |
nxvl | jdstrand: yep, but i mean, the contents of those files | 17:03 |
jdstrand | nxvl: /etc/ufw/applications.d/apache has 3 profiles in it, and samba has one | 17:04 |
soren | macd: Put the output of "apt-cache policy fail2ban" on pastebin. | 17:04 |
jdstrand | nxvl: each stanza is a profile | 17:04 |
nxvl | as it is under package integration | 17:04 |
nxvl | ok | 17:04 |
nxvl | that was the question | 17:04 |
nxvl | :D | 17:04 |
nxvl | jdstrand: thank you | 17:04 |
jdstrand | nxvl: np :) | 17:04 |
jdstrand | nxvl: and thanks for working on it! | 17:04 |
didrocks | (hi ;)) | 17:04 |
jdstrand | nxvl: I should mention that didrocks is aready doing apache and openssh-- be sure to check ServerTeam/Roadmap for available applications, and assign yourself accordingly | 17:05 |
nxvl | jdstrand: yes, i'm doing that | 17:05 |
jdstrand | \m/ | 17:06 |
jdstrand | hi didrocks :) | 17:06 |
didrocks | hi jdstrand \o/ | 17:06 |
macd | soren, I goofed, I was looking for the intrepid version in hardy, but there is an SRU filed against the package in hardy to backport from intrepid, looks like it has some SRU acks just needs upload: bug 222804 | 17:07 |
uvirtbot | Launchpad bug 222804 in fail2ban "[SRU] fail2ban fails to start after reboot" [Undecided,Confirmed] https://launchpad.net/bugs/222804 | 17:07 |
soren | macd: Mkay. | 17:09 |
macd | having hostnames with the release in them might help me ;) | 17:09 |
nxvl | didrocks: is there any package already with profile? | 17:10 |
nxvl | jdstrand: ? | 17:11 |
jdstrand | nxvl: not yet, but didrocks submitted a debdiff for apache I believe | 17:11 |
didrocks | nxvl: see bug #261198 | 17:11 |
uvirtbot | Launchpad bug 261198 in apache2 "Add UFW profile integration with apache2" [Undecided,Confirmed] https://launchpad.net/bugs/261198 | 17:11 |
didrocks | but it has to be checked :) | 17:11 |
nxvl | that's what i was looking for | 17:11 |
nxvl | :D | 17:11 |
=== RoAkSoAx_ is now known as RoAkSoAx | ||
nxvl | didrocks: shouldn't apache use Apache full profile instead of just Apache? | 17:18 |
nxvl | oh! i forgot that apache doesn't come with ssl out-of-the-box | 17:19 |
didrocks | nxvl: you have your answer :) | 17:20 |
Xetrov` | do any of you have experience with vmware server atop ubuntu? | 17:21 |
zul | nxvl: it does for intrepid | 17:29 |
nxvl | zul: generates the certificate and runs https? | 17:32 |
zul | nxvl: think so | 17:33 |
nxvl | zul: i doubt it, for generating the certificate you need a lot of information | 17:36 |
foolano | snake oil certificates are not that picky :) | 17:38 |
mathiaz | nxvl: as of intrepid, apache2 comes with ssl ootb | 17:48 |
mathiaz | nxvl: apache2 depends on ssl-cert and uses the snake-oil-cert IIRC | 17:48 |
nxvl | didrocks: then my comment is valid | 17:49 |
didrocks | mathiaz, nxvl: ok, I will update my package so :) | 17:55 |
didrocks | mathiaz: are you sure? | 18:07 |
didrocks | oh yes, got it, sorry :) | 18:08 |
didrocks | nxvl: new version of the patch uploaded | 18:10 |
didrocks | soren: I think you are a little bit nervous regarding Michael's mail (and that's understandable…) :) | 18:21 |
nxvl | didrocks: i'm not a core-dev so you need to find other to sponsor it :P | 18:21 |
zul | mathiaz: increasing the timeout doesnt help, im going to disable the test for now | 18:21 |
mathiaz | zul: have you looked into MySQL upstream bug tracker to see if there is a bug report about this issue ? | 18:22 |
didrocks | nxvl: yes, I know (I saw your application for MOTU). It just to keep you inform :) | 18:22 |
nxvl | :D | 18:22 |
zul | mathiaz: im looking there as well | 18:22 |
=== mgdm is now known as mgd | ||
=== mgd is now known as mgdm | ||
nxvl | jdstrand: if i install a package and then install ufw i won't get the profile added, will i? | 18:31 |
jdstrand | nxvl: well, ufw will know about it, but nothing else will happen. | 18:32 |
zul | mathiaz: cant find anything about it :9 | 18:33 |
jdstrand | nxvl: however, ufw is Recommended by ubuntu-standard, so it is installed by default | 18:33 |
nxvl | jdstrand: yeah, that part i know, just checking | 18:33 |
nxvl | :D | 18:33 |
nxvl | samba complete and tested | 18:33 |
nxvl | btw | 18:34 |
nxvl | how do i check it's enabled? | 18:34 |
jdstrand | \o/ -- can you file a bug with the debdiff? | 18:34 |
didrocks | nxvl: with my current behavior, the profile is added in /etc/ufw/applications.d/ but no rule has been added to ufw (as it has not been installed) | 18:34 |
nxvl | jdstrand: yep i will now | 18:34 |
jdstrand | nxvl and didrocks: there is a 'Testing' section under 'Integrating UFW with Packages' | 18:35 |
didrocks | jdstrand: do you want me to continue to work on it even if the first debdiff is not ack yet ? | 18:35 |
didrocks | jdstrand: yes, I tried that on my VM (plus some home added tests) :) | 18:35 |
jdstrand | didrocks: oh yes, keep going-- it looks like you followed my directions, so keep going | 18:35 |
didrocks | ok, so, OpenSSL here we go :) | 18:35 |
nxvl | mm | 18:36 |
nxvl | i seems wrong | 18:36 |
nxvl | :S | 18:36 |
nxvl | jdstrand: http://paste.ubuntu.com/40710/ | 18:36 |
nxvl | jdstrand: that's not what i expect, doesn't it? | 18:36 |
jdstrand | nxvl, didrocks: you can also use 'ufw app default allow', then do 'dpkg-reconfigure <package>' and then do 'ufw status' and 'ufw status verbose' to see if the rule got added | 18:37 |
jdstrand | nxvl: something is not right there. can you post the output of 'ufw app list'? | 18:38 |
nxvl | http://paste.ubuntu.com/40712/ | 18:38 |
nxvl | mm now it works | 18:38 |
zul | mathiaz: can you have a look at this when you get a chance? | 18:38 |
nxvl | for some reason after i do 'ufw app default allow' it was skipping profiles | 18:39 |
nxvl | jdstrand: http://paste.ubuntu.com/40713/ | 18:39 |
jdstrand | nxvl: what you pasted seems correct to me | 18:40 |
jdstrand | am I missing something? | 18:40 |
mathiaz | zul: sure | 18:41 |
nxvl | jdstrand: at the end, read it complete | 18:41 |
nxvl | jdstrand: first i runn status and it doesn't show me anything | 18:41 |
nxvl | but after running 'app default allow' started work | 18:42 |
nxvl | that's the expected behavior? | 18:42 |
jdstrand | nxvl: what I see from your paste, is that you did 'status', it showed nothing. that is correct. then you changed the default application policy to 'allow', then did status and no rules. that is correct | 18:43 |
jdstrand | nxvl: then did dpkg-reconfigure, which added a rule, and status showed it worked | 18:43 |
jdstrand | that is all correct | 18:43 |
nxvl | ok | 18:44 |
nxvl | then it's correct | 18:44 |
jdstrand | nxvl: if the default application policy is 'skip' no new rules are added with '-add-new' | 18:44 |
jdstrand | nxvl: the first status shows it was indeed skip | 18:44 |
nxvl | jdstrand: yep, and skip is the default policy for applications then | 18:45 |
jdstrand | nxvl: yes, because ufw shouldn't set the policy for application integration | 18:45 |
nxvl | ok then | 18:46 |
nxvl | Bug 261544 | 18:46 |
uvirtbot | Launchpad bug 261544 in samba "Please add UFW profile integration with Samba" [Undecided,New] https://launchpad.net/bugs/261544 | 18:46 |
jdstrand | nxvl: 'ufw allow Samba ; ufw status verbose' should have worked though | 18:46 |
jdstrand | nxvl: did that not work, or did I misinterpret things? | 18:46 |
nxvl | mmm | 18:46 |
* nxvl checks | 18:46 | |
jdstrand | (all this after the package was installed, of course) | 18:46 |
nxvl | jdstrand: http://paste.ubuntu.com/40717/ | 18:47 |
nxvl | jdstrand: here it is the complete history (after installing the package) | 18:47 |
jdstrand | nxvl: can you purge both and start over? | 18:48 |
nxvl | yep | 18:48 |
nxvl | is a chroot | 18:48 |
nxvl | so i just need to restart it | 18:48 |
nxvl | :D | 18:48 |
jdstrand | nxvl: ie, purge both, then install both, then do 'ufw disable ; ufw enable ; ufw allow Samba ; ufw status verbose' | 18:49 |
uvirtbot | New bug: #260687 in samba (main) "pam_smbpass.so segfaults" [Undecided,New] https://launchpad.net/bugs/260687 | 18:49 |
jdstrand | nxvl: it is highly possibly that the chroot is grabbing your firewall configuration from your host | 18:50 |
jdstrand | (hence the disable and enable) | 18:50 |
nxvl | jdstrand: is pbuilder | 18:50 |
nxvl | it doesn't even has ufw installed | 18:50 |
uvirtbot | New bug: #261544 in samba (main) "Please add UFW profile integration with Samba" [Undecided,New] https://launchpad.net/bugs/261544 | 18:51 |
jdstrand | nxvl: do you have ufw running on your host? (sudo ufw status) | 18:51 |
jdstrand | (outside the chroot) | 18:51 |
nxvl | yep | 18:51 |
nxvl | http://paste.ubuntu.com/40718/ | 18:51 |
jdstrand | nxvl: pbuilder doesn't have it's own kernel, so when ufw does its querying, it is from your live firewall | 18:52 |
nxvl | mmm | 18:52 |
nxvl | will try on a vm | 18:52 |
jdstrand | nxvl: that would be best, yes | 18:52 |
jdstrand | nxvl: you may want to do 'sudo /etc/init.d/ufw force-reload' on your host to make sure it is in a consistent state | 18:53 |
nxvl | jdstrand: not enabled (i'm on hardy) | 18:55 |
jdstrand | nxvl: well, hardy does have ufw-- but if you don't want it enabled, just do 'sudo ufw disable' and you are good to go | 18:56 |
jdstrand | nxvl: if using another firewall tool, restart it | 18:56 |
didrocks | jdstrand: I have a weird behavior with reconfigure the package: http://ubuntu.pastebin.com/d4f46009f | 18:56 |
nxvl | jdstrand: i don't really use it, or any other | 18:57 |
jdstrand | didrocks: you did 'ufw default deny', not 'ufw app default deny' | 18:57 |
didrocks | oupsss | 18:57 |
didrocks | sorry ;) | 18:57 |
didrocks | jdstrand: surprinsingly, it works better :) | 18:58 |
jdstrand | np-- there are two different policies-- one for the default policy of the firewall if no matching packets are found, and one for newly added application rules | 18:58 |
nxvl | jdstrand: ok installes | 18:59 |
nxvl | installed | 18:59 |
nxvl | new profiles: skip | 18:59 |
didrocks | jdstrand: the services discovered in "/etc/services" and "protocol:port" relies on the default policy? | 19:00 |
nxvl | same behavior as chroot | 19:00 |
jdstrand | nxvl: please post the entire history for this | 19:01 |
jdstrand | didrocks: I don't understand your question | 19:01 |
nxvl | after sudo ufw disable; sudo ufw enable it worked | 19:02 |
didrocks | jdstrand: I made some tests and it's ok. I found my answers :) | 19:02 |
nxvl | i think we should add that into the postinst | 19:02 |
jdstrand | nxvl: I am thoroughly confused-- can you post your complete command history? | 19:03 |
nxvl | mm | 19:03 |
nxvl | complicated, but i can try | 19:03 |
jdstrand | you didn't ssh into the vm? | 19:03 |
nxvl | nop | 19:03 |
nxvl | :D | 19:03 |
jdstrand | nxvl: we should not disable and enable the firewall in postinst-- people may not have ufw enabled so we shouldn't enable it | 19:04 |
nxvl | mm | 19:04 |
nxvl | right | 19:04 |
didrocks | nxvl: for me, everything's fine. The new rule is added for the profile corresponding to the default app policy after installing it or reconfiguring it | 19:05 |
nxvl | restarting the process in my -desktop vm to post the history | 19:05 |
jdstrand | nxvl: I need to see the command history to determine if there is a bug, or something else | 19:05 |
nxvl | jdstrand: yep, restarting the process | 19:06 |
jdstrand | nxvl, didrocks: I updated the application integration testing section to clarify some things. please refresh it and use the new procedures (if needed) | 19:10 |
jdstrand | (in UbuntuFirewall) | 19:10 |
nxvl | ok | 19:11 |
didrocks | jdstrand: ok, with the skip policy as ufw default | 19:12 |
jdstrand | didrocks: ah, good point-- updated again to explicitly set the default app policy to 'skip' at the beginning of the tests | 19:14 |
jdstrand | nxvl: ^^ | 19:14 |
nxvl | jdstrand: http://paste.ubuntu.com/40724/ | 19:16 |
nxvl | :( | 19:16 |
nxvl | restarting test | 19:17 |
jdstrand | nxvl: turn that frown upside down, looks good to me-- unless I am missing something | 19:17 |
nxvl | nop | 19:18 |
nxvl | it's good | 19:18 |
nxvl | i just haven't tested the default skip thing | 19:18 |
jdstrand | *phew* ;) | 19:18 |
didrocks | jdstrand: I tried to clean all my rules and the one which has been added by /etc/services seems to not be taken into account (http://ubuntu.pastebin.com/d20743bb6) | 19:18 |
nxvl | moving to next package | 19:19 |
jdstrand | didrocks: yes, this is expected, though a bit of a bug | 19:21 |
nxvl | jdstrand: would you like to sponsor it? Bug #261544 | 19:21 |
uvirtbot | Launchpad bug 261544 in samba "Please add UFW profile integration with Samba" [Undecided,New] https://launchpad.net/bugs/261544 | 19:21 |
jdstrand | didrocks: basically, you added something without specifying a protocol, but then tried to delete something that does specify it | 19:21 |
jdstrand | didrocks: this is treated as two different things by ufw | 19:22 |
soren | didrocks: Nervous? | 19:23 |
nxvl | mm | 19:24 |
didrocks | ok, so I must make sudo ufw delete deny ssh, so that it checks again on /etc/services to see what to update | 19:24 |
nxvl | jdstrand: for dovecot would you recommend just one dovecot-common with all protocols on it, or a profile fro -imap, -pop, etc..? | 19:24 |
jdstrand | didrocks: yes. this happens because /etc/services lists both udp and tcp for 'ssh', so ufw groups those together as one rule | 19:25 |
didrocks | soren: your answer to Michael about "boot from degraded raid" (and I understand from the way he is taking this…) :) | 19:25 |
Adakos | does anyone here use port/nic trunking/bonding ? | 19:25 |
nxvl | just one with multiple profiles described on it, isn't it? | 19:25 |
jdstrand | didrocks: you really want 'ufw allow ssh/tcp' | 19:25 |
soren | didrocks: I just don't understand what you mean by "nervous"? | 19:25 |
didrocks | jdstrand: that makes sense | 19:25 |
jdstrand | (in the first place) | 19:25 |
* soren wanders off for dinner things. | 19:25 | |
didrocks | soren: hum, probably bad word, let's say angry against Michael :) | 19:26 |
jdstrand | nxvl: I have an example in the source for dovecot, that you could use as a template | 19:26 |
jdstrand | nxvl: in the source of ufw for dovecot that is | 19:26 |
nxvl | oh ok | 19:27 |
didrocks | jdstrand: so, for the openssh package, I won't call the profile ssh (it will be a bad idea because of the corresponding service name) | 19:27 |
jdstrand | didrocks: now I understand your question from long ago | 19:28 |
didrocks | hum, which one? :) | 19:28 |
jdstrand | didrocks: the profile name and the 'service' name from /etc/services are completely different | 19:28 |
didrocks | oh ok, one of my last questions :) | 19:29 |
didrocks | yes yes, I see that now | 19:29 |
Adakos | I am using my server as a router, what is the best web interface for a new admin to use ? | 19:29 |
didrocks | jdstrand: all the tests are ok | 19:30 |
jmedina | Adakos: simple routing or advance? | 19:30 |
didrocks | I will work on the packages tomorrow (it's getting late and I want some rest ^^) | 19:30 |
jmedina | Adakos: what do you want to admin via web? | 19:31 |
jmedina | for routing I would recomend VYATTA | 19:31 |
Adakos | jmedina: i dont need VPN support, but I need a basic replacement for a dying router (and i have this box laying around) port forwarding/masquerading, etc | 19:31 |
Adakos | dhcp, that sort of thing | 19:31 |
jmedina | I dont know a good wui, but for that things I prefer doit by hand, if I need more features I would use vyatta | 19:32 |
jmedina | maybe webmin has something | 19:33 |
Adakos | yeah i was looking at webmin | 19:33 |
Adakos | i'll poke around with VYATTA though, thanks :) | 19:34 |
jdstrand | didrocks: there is a chance for collision using the simple syntax. eg, profile uses [ssh] and /etc/services has 'ssh'. In this case, /etc/services wins | 19:35 |
jdstrand | didrocks: I should add a warning when that happens... | 19:35 |
didrocks | jdstrand: do you think I really have to keep the ssh name for the profile? | 19:36 |
jdstrand | didrocks: no-- I recommend you use OpenSSH | 19:37 |
didrocks | jdstrand: we agree :) | 19:37 |
didrocks | also the profiles are case sensitive apparently | 19:37 |
zul | nxvl: the samba ufw profile has been tested? | 19:38 |
jdstrand | didrocks and nxvl: there is also a 'Profile Recommendations' in UbuntuFirewall that may be helpful | 19:38 |
zul | jdstrand: what no one uses telnet anymore? | 19:38 |
didrocks | but "ufw allow apache" or "ufw allow Apache" would be use for me, not regarding the case of the word… | 19:38 |
Adakos | jdstrand: ssh is a much better solution to almost any problem than telnet (unless you are diagnosing mail server woes) iirc | 19:39 |
jdstrand | zul: heh-- if you want to update the package, go for it | 19:39 |
zul | jdstrand: no no no :) | 19:39 |
jdstrand | Adakos: yes, zul was just kidding around | 19:39 |
Adakos | oh , hah | 19:39 |
jdstrand | (I hope) | 19:40 |
jdstrand | ;P | 19:40 |
zul | maybe.. | 19:40 |
jdstrand | didrocks: well, the main point of the profile name is to uniquely identitify the profile, and using upstream's capitalization or first letter capitalized seems to be the easiest way to stay consistent | 19:42 |
jdstrand | didrocks: currently it is case sensitive. if you feel strongly about it being case insensitive, I'll take your patch :) | 19:43 |
didrocks | jdstrand: ok :) The guidelines are clear enough so that there is no derivative from them | 19:43 |
jdstrand | s/take/consider, review and possibly use/ | 19:43 |
didrocks | jdstrand: in which langage is ufw written? | 19:43 |
jdstrand | python | 19:44 |
didrocks | ok, I will give an eye so :) | 19:44 |
didrocks | first update some packages and then look at it. | 19:44 |
didrocks | good night everyone ;) | 19:47 |
jdstrand | goodnight didrocks | 19:47 |
nxvl | zul: yep, check the changelog | 20:00 |
nxvl | err | 20:01 |
nxvl | check the backlog | 20:01 |
nxvl | jdstrand: for dovecot, i will need to add the ufw line to dovecot-$service.postinst, don't it? | 20:12 |
=== hessml|away is now known as hessml|away|away | ||
nxvl | since i want a different profile to be added depending on the package i install | 20:12 |
nxvl | btw is dovecot ssled by default? | 20:13 |
jdstrand | nxvl: it is not ssl'd by default last I checked... | 20:15 |
zul | jdstrand: it does both now | 20:16 |
nxvl | yep | 20:16 |
nxvl | it does | 20:16 |
nxvl | using snakeoil | 20:16 |
nxvl | just checked | 20:16 |
jdstrand | nxvl: dovecot-common should probably add the file to /etc/ufw/applications.d, and then both dovecot-imapd and dovecot-pop3d should each do 'ufw app update --add-new ...' | 20:19 |
nxvl | that's what i meant | 20:19 |
nxvl | :D | 20:19 |
nxvl | thank you | 20:19 |
soren | didrocks: He's not exactly famous for being easy to work with.. | 20:26 |
* soren reads his response and concludes that not much has changed *sigh* | 20:27 | |
slim_ | hello all, i have ubuntu server with two NiC eth0 that connect to internet and eth1 for internal network , how can i enable internal network to connect to internet , after search i find the script > http://phpfi.com/347516 but still not working, anyone can tell me what is missing ? | 20:34 |
zul | soren: and thats why you use hardware raid | 20:34 |
* soren doesn't like hardware raid at all | 20:39 | |
slim__ | back , sorry disconnected, i asked a question before disconnect :) | 20:40 |
slim__ | is about that i want to use ubuntu-server as a router | 20:41 |
=== hessml|away|away is now known as hessml|away | ||
sommer | slim__: you might take a look at: https://help.ubuntu.com/8.04/serverguide/C/firewall.html#ip-masquerade-ufw | 20:43 |
slim__ | thanks sommer | 20:43 |
sommer | np | 20:43 |
=== hessml|away is now known as hessml|away|away | ||
=== hessml|away|away is now known as hessml|away | ||
=== hessml|away is now known as hessml|away|away | ||
nxvl | zul: Chuck | 22:18 |
nxvl | zul: your last revision of mysql FTBFS on AMD64 due an issue with a test | 22:18 |
nxvl | zul: and it's making courier FTB also | 22:19 |
nxvl | zul: did you know the issue or have plans for it? | 22:21 |
mathiaz | nxvl: yes - one of the test fails on i386 | 22:21 |
mathiaz | nxvl: it seems related to a timeout in the ndb test | 22:21 |
nxvl | mathiaz: failed: 157: Could not connect to storage engine | 22:22 |
nxvl | mathiaz: it seems that it's trying to connect to the server, or something :S | 22:23 |
mathiaz | nxvl: right - the test should have a sleep somewhere so that the storage server can start | 22:23 |
mathiaz | nxvl: the timeout may not be long enough - zul reported it was correctly for his local builds | 22:24 |
mathiaz | nxvl: could you try to build it on your local machine and see if the test fails ? | 22:24 |
nxvl | mathiaz: i can't right now, i'm at the university on a windows machine | 22:24 |
nxvl | mathiaz: i will on the recess (in an hour maybe) | 22:25 |
nxvl | mathiaz: it's also odd that they are completely different tests | 22:25 |
nxvl | and they seem to be architecture independent | 22:26 |
nxvl | zul: have you retried the build? | 22:26 |
nxvl | maybe is a random issue | 22:27 |
nxvl | oh! i love FF, it makes things funnier and my brain to blow | 22:28 |
nxvl | :D | 22:28 |
=== hessml|away|away is now known as hessml|away | ||
Xetrov` | might there be a list of standardized server hardware that ubuntu itself supports? im having an issue with there being no support for hardware raid with an intel server board we are attempting to turn into a vmware server | 23:11 |
nxvl | there is a wiki page | 23:12 |
* nxvl searchs | 23:12 | |
ivoks | khm... no support for on-board hardware raid? | 23:12 |
nxvl | https://wiki.ubuntu.com/Hardware | 23:12 |
ivoks | there's no such thing as on-board hardware raid :) | 23:12 |
ivoks | nxvl: wazup? :) | 23:13 |
nxvl | ivoks: i think he is refering to a hardware raid + an intel board | 23:13 |
nxvl | ivoks: at the university in the only interesting course i have this period | 23:13 |
ivoks | oh, nice... | 23:13 |
nxvl | yep | 23:14 |
nxvl | networking stuff | 23:14 |
ivoks | Xetrov`: which hardware raid do you have? | 23:14 |
Xetrov` | well its an intel s5000psl | 23:14 |
nxvl | but as in electronic communications | 23:14 |
ivoks | Xetrov`: that's fake raid | 23:14 |
nxvl | ivoks: every raid is a fake feeling of security | 23:15 |
nxvl | :D | 23:15 |
ivoks | eh | 23:15 |
nxvl | there no better thing than backups | 23:15 |
ivoks | hardware raids usually cost twice as much MB :) | 23:16 |
nxvl | there is* | 23:16 |
ivoks | nxvl: well, raid and backup are different things | 23:16 |
Xetrov` | hmmm, i see, software raid on board | 23:16 |
nxvl | ivoks: and lot more of money | 23:16 |
nxvl | ivoks: yep, but at the end they just ensure your data will be ok | 23:16 |
ivoks | Xetrov`: disable that and buy a real hardware raid, or use linux raid | 23:16 |
Xetrov` | so ive never done software raid with ubuntu, is it simple enough? | 23:17 |
nxvl | yep | 23:17 |
ivoks | nxvl: no, raid ensures your server will keep on going in case disk damage | 23:17 |
nxvl | is the same with every linux distribution | 23:17 |
ivoks | Xetrov`: what kind of raid would you like to setup? | 23:17 |
nxvl | ivoks: mmmm | 23:17 |
Xetrov` | raid 5 | 23:17 |
nxvl | ivoks: with a backup server i can do the same | 23:17 |
Xetrov` | my boss actually jumped the gun and bought a hardware key to unlock raid 5 through the motherboard | 23:18 |
ivoks | Xetrov`: ok, there's a problem with booting from software raid 5 | 23:18 |
nxvl | ivoks: but what i meant is that they just support bussiness continuity plans | 23:18 |
Xetrov` | so im trying to figure a way to let the board handle raid just as it would everywhere else | 23:18 |
ivoks | Xetrov`: you need special partition for /boot, outside of raid | 23:18 |
nxvl | ivoks: AND it depends on what raid you use | 23:18 |
Xetrov` | hmmm | 23:19 |
nxvl | and as /boot it's only used at boot time, it won't hurt | 23:19 |
nxvl | :D | 23:19 |
ivoks | Xetrov`: how many disks do you have? | 23:20 |
ivoks | 3? | 23:20 |
Xetrov` | 4 if i remember correctly | 23:20 |
ivoks | ok, 4 | 23:20 |
ivoks | you can do this: | 23:20 |
ivoks | disk 1 - two partitions - 1GB and the rest, both raid | 23:21 |
ivoks | disk 2 - two partitions - 1GB and the rest, both raid | 23:21 |
ivoks | disk 3 - two partitions - 1GB and the rest, smaller swap, other raid | 23:21 |
ivoks | disk 4 - two partitions - 1GB and the rest, smaller swap, other raid | 23:21 |
ivoks | with two small partitions from first two disks, create mirror raid and create /boot on it | 23:22 |
ivoks | with bigger partitions on all disks, create raid 5 | 23:22 |
ivoks | this way you have redundant /boot | 23:22 |
ivoks | and raid5 for rest of the system | 23:23 |
Xetrov` | hmmmm | 23:23 |
Xetrov` | assuming there really isnt any support for the onboard | 23:24 |
ivoks | there isn't | 23:24 |
ivoks | cause that's not raid | 23:24 |
Xetrov` | understood | 23:24 |
ivoks | if you go and install windows, it will recognize all 4 disks | 23:24 |
ivoks | same goes with linux | 23:25 |
Xetrov` | windows sees 1, as i have them configured that way | 23:25 |
ivoks | and then driver inside the kernel wraps it into one disk | 23:25 |
ivoks | that's cause you installed the driver | 23:25 |
Xetrov` | true. | 23:25 |
Xetrov` | so its either that or buy a true raid card | 23:26 |
ivoks | fake raids use processor for all the calculations | 23:26 |
ivoks | they don't have raid logic in it self | 23:26 |
ivoks | they are just marketing trick | 23:26 |
Xetrov` | looks like he gets to return the unlocking key :) | 23:26 |
ivoks | those are SATA or SAS disks? | 23:27 |
ivoks | sata i guess | 23:27 |
Xetrov` | sas | 23:27 |
ivoks | heh | 23:27 |
ivoks | i missed :D | 23:27 |
ivoks | 3ware has some really nice raid controllers | 23:27 |
ivoks | and has more then great support for linux | 23:28 |
Xetrov` | price is an issue as well hah | 23:28 |
Xetrov` | oh im sure | 23:28 |
Xetrov` | i had great success with dell perc as well | 23:28 |
ivoks | dell perc works, true... | 23:28 |
ivoks | there's also intel/LSI logic | 23:28 |
Xetrov` | hehe | 23:28 |
ivoks | or whatever it is called these days | 23:28 |
ivoks | but those have very poor performance | 23:29 |
ivoks | i would say that linux raid is better than those lsi logic | 23:29 |
Xetrov` | well im gonna grab a bite, thanks for the help, ill probably bug you more in a bit hah | 23:29 |
ivoks | well, i think not | 23:30 |
ivoks | cause it's midnight over here :) | 23:30 |
Xetrov` | where is here | 23:30 |
ivoks | croatia | 23:30 |
Xetrov` | ahhhh | 23:30 |
Xetrov` | maybe not then haha | 23:30 |
ivoks | hehe | 23:31 |
ivoks | well, take care guys... | 23:31 |
ivoks | umm... Xetrov` | 23:32 |
ivoks | Xetrov`: according to http://www.intel.com/Products/Server/Motherboards/S5000PSL/S5000PSL-specifications.htm | 23:32 |
ivoks | Xetrov`: your MB has a LSI raid controller | 23:33 |
ivoks | which should work in ubuntu | 23:33 |
=== MajorP47 is now known as majorp | ||
=== majorp is now known as majorp47 | ||
Xetrov` | odd | 23:47 |
Xetrov` | it tells me it finds no disk drive and asks which driver to use | 23:47 |
=== hessml|away is now known as hessml|away|away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!