/srv/irclogs.ubuntu.com/2008/08/26/#ubuntu-server.txt

=== leonel_ is now known as leonel
zulkees: yep it seems to only fail on the builds for that one test on amd6400:16
zulbut it built fine on my ppa00:16
zulkees: its on my todo list :)00:17
keeszul: oop, it just failed on i386 too, I've hit "retry" on it.00:22
zulkees: *sigh* ok ill fix it right now00:22
keeszul: well, I think it might be a transient bug.  :(00:25
zuldid it fail in the samespot?00:25
keeszul: nope, the next test, ironically00:26
zulwtf?00:27
zulkees: can you look at the 60_disabled_test.dpatch?00:37
zuli think its broken00:38
kees?00:38
keesseems okay?00:38
zulits missing the @DPATCH@ part isnt it?00:39
keeshrm, so it is -- does it matter for modern dpatch?00:40
zuldunno thats why I asked you :)00:40
keeslet me check logs00:40
zulanyways I regenerated the patch with disabling the failed test00:41
keesapplying patch 60_disabled_tests to ./ ... ok.00:41
keesseems okay00:41
keesumm... that's not a fix.  :P00:41
zulsec00:41
zulwell its a temporary fix :P00:43
owhSalutations all. vmware-server and kernel modules has been a thorn in my side for some time. I've just found out that there is a vmware-server-kernel-source package. I've just recompiled for gutsy 2.6.22-15, but I don't have a hardy or intrepid install handy to test and was wondering if someone here might be able to help.00:49
excalibashello, I have internet with my wireless connection (wlan0) i want to connect to my wired connection (eth0) at the same time. is there a simple way to do this?00:49
owhThe process is outlined here: https://answers.launchpad.net/ubuntu/+question/3684900:49
owhexcalibas: I would think that you can create a bridge between wlan0 and eth0 and use that for your connection, but I've not done it and I don't know if wlan supports bridging.00:50
=== PrivateVoid is now known as PV_Away
excalibasowh: thanks, and how do i create this bridge?00:52
owhexcalibas: Just to make sure here, you want to have connectivity to the network via both pipes at the same time, or is that not what you're asking?00:53
owhexcalibas: Or are you routing traffic from the LAN to WiFI?00:53
excalibaswell, im not sure what is the difference, i want to have internet from the WiFi and network from Lan on my laptop at the same time.00:56
owhexcalibas: Hmm, so you're not talking about a redundant link on a server then?01:01
excalibasowh: no, i dont want to connect to the same server wifi is for a router and the lan is for a computer (ssh)01:03
owhexcalibas: Sorry, that's not what I meant - this is the ubuntu-server room and I based my advice on that you are running a server which you want to configure - however, that does not seem to be the case - you seem to be talking about a workstation that you want to connect to the 'net twice - via wlan and eth. Is that correct?01:05
MattJIs upgrading 7.04 direct to 8.04 discouraged?01:10
excalibasowh: hehe sorry this is true, I want to do this on a workstation, not a server01:10
MattJdo-release-upgrade goes to download gutsy01:10
owhMattJ: I think that the only "jump" update is from Dapper to Hardy, all the others are incremental, but I may be wrong.01:11
MattJOk, seems to be the case01:11
MattJAny idea how likely things are to break during upgrades? :)01:12
owhMattJ: You know the answer to that already I'm sure -- it depends :)01:13
MattJGuessed so :)01:13
* MattJ crosses his fingers tight01:13
owhMattJ: Make a backup first.01:13
MattJGood idea01:13
owhMattJ: rsync is your friend :)01:13
MattJI have daily incremental ones, but I think I'll make a full one01:14
MattJcustom scripts > rsync :P01:14
owhMattJ: That depends also -- I use the custom script at the rsync server end :)01:14
MattJHeh01:15
owhexcalibas: I've been looking for a GUI way to achieve what you want, but have not found one. Depending on your skill-level there are many ways to create what you're asking for, but I'm not tempted to walk you through that given that it is likely to make you disconnect from the 'net in the middle of the process.01:19
=== PV_Away is now known as PrivateVoid
excalibasowh: ok i was hoping for a GUI way, mabie i try firestarter01:28
vk5fossexcalibas: what you want A. shoul be asked in #ubuntu, and B. requires the other end of teh wifi+ethernet connections to know they are sharing. (option C. involves lots of iptables magic, and other hackery)01:31
jdstrandMattJ: 6.06 -> 8.04 and 7.10 -> 8.04 are supported. any other upgrades are not supported01:32
jdstrandMattJ: anything else and you are on your own.01:33
nxvlor you can make upload by upload01:35
nxvl:p01:35
nxvl6.10 -> 7.06 -> 7.10 -> 8.0401:35
nxvls/upload/upgrade01:35
uvirtbotNew bug: #261326 in ipsec-tools (main) "racoon init script fairs poorly when using an unpriv user" [Undecided,New] https://launchpad.net/bugs/26132601:36
jdstrandthat said (and I am not recommending this ;), I once performed an etch -> gutsy up/sidegrade that was tremendously hairy, but knowing the problems I would likely face and how to fix them, I was able to come out the other end with a 7.10 system01:36
jdstrandMattJ: I also performed several 7.04 -> 7.10 -> 8.04 upgrades and they went very smoothely overall (and likely worth the double download time)01:38
vk5fossnxvl: 7.04 :p01:38
nxvljdstrand: yeah once i do that and i almost died in using the sistem01:39
owhFor those contemplating helping me with my vmware-server test -- don't bother, I just realised that Hardy and Intrepid don't even have vmware-server yet :(01:45
MattJjdstrand: Thanks for that02:01
sommermathiaz: I was just wondering if you had an easy way of adding schemas to slapd in cn=config mode?02:49
sommermathiaz: more specifically slapd in cn=config mode configured with n-way replication02:49
mathiazsommer: not yet - as in there isn't any scripts to automate that02:50
sommermathiaz: heh, okay02:50
mathiazsommer: the good news is that you can add the schema with a simple ldap add command02:50
mathiazsommer: to the master, and it should replicate automatically to the slaves02:50
mathiazsommer: althought I've never tested n-way replication of cn=config02:51
sommermathiaz: right, I guess I was thinking more of converting a .schema file to ldif02:51
sommermathiaz: I've documented the n-way in the bzr branch :)02:51
sommerI did find some instructions in the openldap mailing list archive, so I can just document those... it's not too bad, but not polished either02:52
mathiazsommer: interesting the idea of converting a .schema file to .ldif02:55
mathiazsommer: may be worth writting a script to do that :)02:55
sommermathiaz: well don't you need to do that before adding a schema to cn=config?02:55
sommermathiaz: http://markmail.org/message/ulxz4gnpzz3eg2md#query:openldap%20cn%3Dconfig%20convert%20schema+page:1+mid:pa3clnnt33ynxlwf+state:results02:56
mathiazsommer: well - it depends how you get the schema02:56
mathiazsommer: right - that's what I was suggesting02:56
sommerthose are the instructions I found... I guess the other thing would be to convert the schemas to ldif and supply the ldifs with the package?02:56
mathiazsommer: using slaptest to do the conversion02:56
mathiazsommer: right02:56
sommermathiaz: cool, so are you going to add a script to the package?02:57
mathiazsommer: probably not before FeatureFreeze02:57
sommermathiaz: either way, I'm just trying to update the Samba and LDAP section02:58
mathiazsommer: I'm currently testing the nss slapd overlay02:58
sommerah nice, were you thinking a shell script for the ldif conversion?02:58
mathiazsommer: seems that it's simple enough for a shell script02:59
sommerI could probably work on something... FF is Friday?02:59
mathiazsommer: thursday02:59
sommermathiaz: doh, well I can just document the process :-)03:00
mathiazsommer: all of our Freezes and other important dates are on Thursday03:00
mathiazsommer: *thursdays*03:00
* sommer was too lazy to look at a calendar, heh03:01
sommermathiaz: whoa... did you just talk to someone about the cn=config schema issue?03:22
mathiazsommer: nope ;)03:25
mathiazsommer: I was about to mention the thread on the openldap-pkg-maintainer03:25
mathiazsommer: mailing list that is discussing the same issue03:26
mathiazsommer: discussion is ongoing currently03:26
sommerheh, small world :)03:26
jameswf-homegreetinngs06:07
jameswf-homeanyone use aiccu06:07
henkjanjameswf-home: i'm using it at my home route (wrt54gl)07:00
lukehasnonamehow would I format the rsync command to use a non-standard ssh port?07:54
krautmoin08:05
skephenkjan: rsync --port=xyz11:00
skeperr.. lukehasnoname11:01
henkjannp11:02
slim_hello all,12:04
slim_i asked the question in #ubuntu but no answer, then come here, i try to setup a router i search for this and reach to script but it seem that something still needed in this script because it not work,  this is the script i'm using > http://phpfi.com/34735212:07
macgerhardwhen I run sar, I'm getting this error: Cannot open /var/log/sysstat/sa26: No such file or directory12:15
macgerhardI'm on 8.04. Any ideas why? Google is clueless...12:16
ScottKsommer: I reviewed you MIR and subscribed ubuntu-mir.  Good work.  Please do more.12:50
ScottKsommer: I'd particularly appreciate arj and unzoo.12:50
sorenScottK: You consider them essential? Wow. I don't even think I have them installed.12:54
sorenhm, apparantly, I do.12:54
ScottKsoren: They're recommends for clamav, so they need MIR to support that one.12:55
sommerScottK: you're talking about the clamav MIRs?  those are due thursday, correct?13:30
ScottKsommer: Yes.13:31
ScottKThey all are.13:31
ScottKclamav is just a lot closer to done.13:31
sommerScottK: cool, I may have some time tonight13:33
ScottKGreat.13:33
sommerScottK: I have a quick question for you... I've packaged up the latest release of ldapscripts, and wanted to make sure that the next step is to get it sponsored?13:34
ScottKyes.13:34
sommercool, I've also updated the debian package, and the original maintainer has orphaned it... so maybe they'll let me be that guy :)13:35
BUGabundohello14:10
BUGabundodoes anyone as the build link for 2.6.27 ?14:10
zulfor the kernel?14:10
BUGabundoyes14:11
zulhttp://kernel.ubuntu.com/pub14:11
BUGabundocan't find it on https://edge.launchpad.net/ubuntu/+builds?build_text=2.6.27&build_state=all14:11
BUGabundodidn't it get upload on Saturday?14:11
zulstill hasnt built yet probably14:13
BUGabundobut I can't find it on LP builds14:14
zulBUGabundo: it probably hasnt been accepted yet14:19
BUGabundoI guess14:19
BUGabundohttps://edge.launchpad.net/ubuntu/+source/linux14:19
BUGabundobut its there zul14:19
BUGabundoany md5sum for http://kernel.ubuntu.com/pub/next/2.6.27-rc3/intrepid/linux-image-2.6.27-1-generic_2.6.27-1.1_amd64.deb ?14:34
BUGabundomy came corrupt14:34
CrummyGummyHi all, I've noticed now that HP supports Debian. Has anyone here gotten their hpasm software to run on Ubuntu?14:34
CrummyGummyI'm soooo glad I found this I almost installed Centos *shiver*14:37
Fenix|workGreetings14:51
=== hessml|away is now known as hessml|away|away
* delcoyote hi15:42
zulmathiaz: ping15:49
nijabaServer Team meeting in #ubuntu-meeting in 10min15:49
mathiazzul: hello15:50
zulmathiaz: so mysql everything builds except it fails for one test on 386 but it doesnt fail anywhere else15:50
zulI talked to kees about this last night and he thought I shouldnt disable the test because he thinks it is a timing error but according to the buildlogs the mysql server is timing out when doing the test15:51
zuland im not sure what to do about it15:52
mathiazzul: does it also fail in your local build environment ?15:52
zulmathiaz: no I cant reproduce it here15:52
mathiazzul: could you try to increase the timeout ?15:52
zulyeah I could do that, thats in the mysql-test suite perl program isnt it?15:53
zulill just double it15:55
mathiazzul: not sure - I'd guess it's in the test definition somewhere15:55
zulmathiaz: gotcha15:55
Adakoshey, anyone here good with NIC bonding? My attempts have lead to fatal kernel errors16:19
incorrecti've had it working for years16:20
incorrecti wrote a page on it sometime ago16:20
Adakosincorrect: i have tried three times in the past 24 hours on my test system and all have ended in kernel errors16:20
Adakosyou dont have the link do you?16:20
incorrectgive me a sec16:21
Adakosalright. I appreciate it16:21
Adakosls16:21
Adakoswrong window, sorry !16:22
lukehasnonamethanks skep16:23
nxvlgood morning!16:40
Adakosmorning16:40
zulnxvl: do you want to split up the ufw list?16:50
Xetrov`i have a dual quad core xeon server i  need to run vmware server on.  my plan is to load ubuntu 6.06.2 as the base os.  will vmware run on the x64 kernel or should i use the x86?16:51
nxvlzul: ok16:51
nxvlzul: i was going to start now16:51
zulnxvl: i was too after the meeting16:51
nxvlzul: ok, lets start after the meeting16:51
nxvl:D16:51
nxvljdstrand: a profile is just what's describen under "Package Integration" at w.u.c/UbuntuFirewall, didn't it?17:00
jdstrandnxvl: profiles are technically entries in files located in /etc/ufw/applications.d17:02
jdstrandnxvl: so if you look at https://wiki.ubuntu.com/UbuntuFirewall#Package%20Integration17:02
jdstrandnxvl: the apache bits might be in /etc/ufw/applications.d/apache and the samba ones in /etc/ufw/applications.d/samba17:03
nxvljdstrand: yep, but i mean, the contents of those files17:03
jdstrandnxvl: /etc/ufw/applications.d/apache has 3 profiles in it, and samba has one17:04
sorenmacd: Put the output of "apt-cache policy fail2ban" on pastebin.17:04
jdstrandnxvl: each stanza is a profile17:04
nxvlas it is under package integration17:04
nxvlok17:04
nxvlthat was the question17:04
nxvl:D17:04
nxvljdstrand: thank you17:04
jdstrandnxvl: np :)17:04
jdstrandnxvl: and thanks for working on it!17:04
didrocks(hi ;))17:04
jdstrandnxvl: I should mention that didrocks is aready doing apache and openssh-- be sure to check ServerTeam/Roadmap for available applications, and assign yourself accordingly17:05
nxvljdstrand: yes, i'm doing that17:05
jdstrand\m/17:06
jdstrandhi didrocks :)17:06
didrockshi jdstrand \o/17:06
macdsoren, I goofed, I was looking for the intrepid version in hardy, but there is an SRU filed against the package in hardy to backport from intrepid, looks like it has some SRU acks just needs upload: bug 22280417:07
uvirtbotLaunchpad bug 222804 in fail2ban "[SRU] fail2ban fails to start after reboot" [Undecided,Confirmed] https://launchpad.net/bugs/22280417:07
sorenmacd: Mkay.17:09
macdhaving hostnames with the release in them might help me ;)17:09
nxvldidrocks: is there any package already with profile?17:10
nxvljdstrand: ?17:11
jdstrandnxvl: not yet, but didrocks submitted a debdiff for apache I believe17:11
didrocksnxvl: see bug #26119817:11
uvirtbotLaunchpad bug 261198 in apache2 "Add UFW profile integration with apache2" [Undecided,Confirmed] https://launchpad.net/bugs/26119817:11
didrocksbut it has to be checked :)17:11
nxvlthat's what i was looking for17:11
nxvl:D17:11
=== RoAkSoAx_ is now known as RoAkSoAx
nxvldidrocks: shouldn't apache use Apache full profile instead of just Apache?17:18
nxvloh! i forgot that apache doesn't come with ssl out-of-the-box17:19
didrocksnxvl: you have your answer :)17:20
Xetrov`do any of you have experience with vmware server atop ubuntu?17:21
zulnxvl: it does for intrepid17:29
nxvlzul: generates the certificate and runs https?17:32
zulnxvl: think so17:33
nxvlzul: i doubt it, for generating the certificate you need a lot of information17:36
foolanosnake oil certificates are not that picky :)17:38
mathiaznxvl: as of intrepid, apache2 comes with ssl ootb17:48
mathiaznxvl: apache2 depends on ssl-cert and uses the snake-oil-cert IIRC17:48
nxvldidrocks: then my comment is valid17:49
didrocksmathiaz, nxvl: ok, I will update my package so :)17:55
didrocksmathiaz: are you sure?18:07
didrocksoh yes, got it, sorry :)18:08
didrocksnxvl: new version of the patch uploaded18:10
didrockssoren: I think you are a little bit nervous regarding Michael's mail (and that's understandable…) :)18:21
nxvldidrocks: i'm not a core-dev so you need to find other to sponsor it :P18:21
zulmathiaz: increasing the timeout doesnt help, im going to disable the test for now18:21
mathiazzul: have you looked into MySQL upstream bug tracker to see if there is a bug report about this issue ?18:22
didrocksnxvl: yes, I know (I saw your application for MOTU). It just to keep you inform :)18:22
nxvl:D18:22
zulmathiaz: im looking there as well18:22
=== mgdm is now known as mgd
=== mgd is now known as mgdm
nxvljdstrand: if i install a package and then install ufw i won't get the profile added, will i?18:31
jdstrandnxvl: well, ufw will know about it, but nothing else will happen.18:32
zulmathiaz: cant find anything about it :918:33
jdstrandnxvl: however, ufw is Recommended by ubuntu-standard, so it is installed by default18:33
nxvljdstrand: yeah, that part i know, just checking18:33
nxvl:D18:33
nxvlsamba complete and tested18:33
nxvlbtw18:34
nxvlhow do i check it's enabled?18:34
jdstrand\o/ -- can you file a bug with the debdiff?18:34
didrocksnxvl: with my current behavior, the profile is added in /etc/ufw/applications.d/ but no rule has been added to ufw (as it has not been installed)18:34
nxvljdstrand: yep i will now18:34
jdstrandnxvl and didrocks: there is a 'Testing' section under 'Integrating UFW with Packages'18:35
didrocksjdstrand: do you want me to continue to work on it even if the first debdiff is not ack yet ?18:35
didrocksjdstrand: yes, I tried that on my VM (plus some home added tests) :)18:35
jdstranddidrocks: oh yes, keep going-- it looks like you followed my directions, so keep going18:35
didrocksok, so, OpenSSL here we go :)18:35
nxvlmm18:36
nxvli seems wrong18:36
nxvl:S18:36
nxvljdstrand: http://paste.ubuntu.com/40710/18:36
nxvljdstrand: that's not what i expect, doesn't it?18:36
jdstrandnxvl, didrocks: you can also use 'ufw app default allow', then do 'dpkg-reconfigure <package>' and then do 'ufw status' and 'ufw status verbose' to see if the rule got added18:37
jdstrandnxvl: something is not right there. can you post the output of 'ufw app list'?18:38
nxvlhttp://paste.ubuntu.com/40712/18:38
nxvlmm now it works18:38
zulmathiaz: can you have a look at this when you get a chance?18:38
nxvlfor some reason after i do 'ufw app default allow' it was skipping profiles18:39
nxvljdstrand: http://paste.ubuntu.com/40713/18:39
jdstrandnxvl: what you pasted seems correct to me18:40
jdstrandam I missing something?18:40
mathiazzul: sure18:41
nxvljdstrand: at the end, read it complete18:41
nxvljdstrand: first i runn status and it doesn't show me anything18:41
nxvlbut after running 'app default allow' started work18:42
nxvlthat's the expected behavior?18:42
jdstrandnxvl: what I see from your paste, is that you did 'status', it showed nothing. that is correct. then you changed the default application policy to 'allow', then did status and no rules. that is correct18:43
jdstrandnxvl: then did dpkg-reconfigure, which added a rule, and status showed it worked18:43
jdstrandthat is all correct18:43
nxvlok18:44
nxvlthen it's correct18:44
jdstrandnxvl: if the default application policy is 'skip' no new rules are added with '-add-new'18:44
jdstrandnxvl: the first status shows it was indeed skip18:44
nxvljdstrand: yep, and skip is the default policy for applications then18:45
jdstrandnxvl: yes, because ufw shouldn't set the policy for application integration18:45
nxvlok then18:46
nxvlBug 26154418:46
uvirtbotLaunchpad bug 261544 in samba "Please add UFW profile integration with Samba" [Undecided,New] https://launchpad.net/bugs/26154418:46
jdstrandnxvl: 'ufw allow Samba ; ufw status verbose' should have worked though18:46
jdstrandnxvl: did that not work, or did I misinterpret things?18:46
nxvlmmm18:46
* nxvl checks18:46
jdstrand(all this after the package was installed, of course)18:46
nxvljdstrand: http://paste.ubuntu.com/40717/18:47
nxvljdstrand: here it is the complete history (after installing the package)18:47
jdstrandnxvl: can you purge both and start over?18:48
nxvlyep18:48
nxvlis a chroot18:48
nxvlso i just need to restart it18:48
nxvl:D18:48
jdstrandnxvl: ie, purge both, then install both, then do 'ufw disable ; ufw enable ; ufw allow Samba ; ufw status verbose'18:49
uvirtbotNew bug: #260687 in samba (main) "pam_smbpass.so segfaults" [Undecided,New] https://launchpad.net/bugs/26068718:49
jdstrandnxvl: it is highly possibly that the chroot is grabbing your firewall configuration from your host18:50
jdstrand(hence the disable and enable)18:50
nxvljdstrand: is pbuilder18:50
nxvlit doesn't even has ufw installed18:50
uvirtbotNew bug: #261544 in samba (main) "Please add UFW profile integration with Samba" [Undecided,New] https://launchpad.net/bugs/26154418:51
jdstrandnxvl: do you have ufw running on your host? (sudo ufw status)18:51
jdstrand(outside the chroot)18:51
nxvlyep18:51
nxvlhttp://paste.ubuntu.com/40718/18:51
jdstrandnxvl: pbuilder doesn't have it's own kernel, so when ufw does its querying, it is from your live firewall18:52
nxvlmmm18:52
nxvlwill try on a vm18:52
jdstrandnxvl: that would be best, yes18:52
jdstrandnxvl: you may want to do 'sudo /etc/init.d/ufw force-reload' on your host to make sure it is in a consistent state18:53
nxvljdstrand: not enabled (i'm on hardy)18:55
jdstrandnxvl: well, hardy does have ufw-- but if you don't want it enabled, just do 'sudo ufw disable' and you are good to go18:56
jdstrandnxvl: if using another firewall tool, restart it18:56
didrocksjdstrand: I have a weird behavior with reconfigure the package: http://ubuntu.pastebin.com/d4f46009f18:56
nxvljdstrand: i don't really use it, or any other18:57
jdstranddidrocks: you did 'ufw default deny', not 'ufw app default deny'18:57
didrocksoupsss18:57
didrockssorry ;)18:57
didrocksjdstrand: surprinsingly, it works better :)18:58
jdstrandnp-- there are two different policies-- one for the default policy of the firewall if no matching packets are found, and one for newly added application rules18:58
nxvljdstrand: ok installes18:59
nxvlinstalled18:59
nxvlnew profiles: skip18:59
didrocksjdstrand: the services discovered in "/etc/services" and "protocol:port" relies on the default policy?19:00
nxvlsame behavior as chroot19:00
jdstrandnxvl: please post the entire history for this19:01
jdstranddidrocks: I don't understand your question19:01
nxvlafter sudo ufw disable; sudo ufw enable it worked19:02
didrocksjdstrand: I made some tests and it's ok. I found my answers :)19:02
nxvli think we should add that into the postinst19:02
jdstrandnxvl: I am thoroughly confused-- can you post your complete command history?19:03
nxvlmm19:03
nxvlcomplicated, but i can try19:03
jdstrandyou didn't ssh into the vm?19:03
nxvlnop19:03
nxvl:D19:03
jdstrandnxvl: we should not disable and enable the firewall in postinst-- people may not have ufw enabled so we shouldn't enable it19:04
nxvlmm19:04
nxvlright19:04
didrocksnxvl: for me, everything's fine. The new rule is added for the profile corresponding to the default app policy after installing it or reconfiguring it19:05
nxvlrestarting the process in my -desktop vm to post the history19:05
jdstrandnxvl: I need to see the command history to determine if there is a bug, or something else19:05
nxvljdstrand: yep, restarting the process19:06
jdstrandnxvl, didrocks: I updated the application integration testing section to clarify some things. please refresh it and use the new procedures (if needed)19:10
jdstrand(in UbuntuFirewall)19:10
nxvlok19:11
didrocksjdstrand: ok, with the skip policy as ufw default19:12
jdstranddidrocks: ah, good point-- updated again to explicitly set the default app policy to 'skip' at the beginning of the tests19:14
jdstrandnxvl: ^^19:14
nxvljdstrand: http://paste.ubuntu.com/40724/19:16
nxvl:(19:16
nxvlrestarting test19:17
jdstrandnxvl: turn that frown upside down, looks good to me-- unless I am missing something19:17
nxvlnop19:18
nxvlit's good19:18
nxvli just haven't tested the default skip thing19:18
jdstrand*phew* ;)19:18
didrocksjdstrand: I tried to clean all my rules and the one which has been added by /etc/services seems to not be taken into account (http://ubuntu.pastebin.com/d20743bb6)19:18
nxvlmoving to next package19:19
jdstranddidrocks: yes, this is expected, though a bit of a bug19:21
nxvljdstrand: would you like to sponsor it? Bug #26154419:21
uvirtbotLaunchpad bug 261544 in samba "Please add UFW profile integration with Samba" [Undecided,New] https://launchpad.net/bugs/26154419:21
jdstranddidrocks: basically, you added something without specifying a protocol, but then tried to delete something that does specify it19:21
jdstranddidrocks: this is treated as two different things by ufw19:22
sorendidrocks: Nervous?19:23
nxvlmm19:24
didrocksok, so I must make sudo ufw delete deny ssh, so that it checks again on /etc/services to see what to update19:24
nxvljdstrand: for dovecot would you recommend just one dovecot-common with all protocols on it, or a profile fro -imap, -pop, etc..?19:24
jdstranddidrocks: yes. this happens because /etc/services lists both udp and tcp for 'ssh', so ufw groups those together as one rule19:25
didrockssoren: your answer to Michael about "boot from degraded raid" (and I understand from the way he is taking this…) :)19:25
Adakosdoes anyone here use port/nic trunking/bonding ?19:25
nxvljust one with multiple profiles described on it, isn't it?19:25
jdstranddidrocks: you really want 'ufw allow ssh/tcp'19:25
sorendidrocks: I just don't understand what you mean by "nervous"?19:25
didrocksjdstrand: that makes sense19:25
jdstrand(in the first place)19:25
* soren wanders off for dinner things.19:25
didrockssoren: hum, probably bad word, let's say angry against Michael :)19:26
jdstrandnxvl: I have an example in the source for dovecot, that you could use as a template19:26
jdstrandnxvl: in the source of ufw for dovecot that is19:26
nxvloh ok19:27
didrocksjdstrand: so, for the openssh package, I won't call the profile ssh (it will be a bad idea because of the corresponding service name)19:27
jdstranddidrocks: now I understand your question from long ago19:28
didrockshum, which one? :)19:28
jdstranddidrocks: the profile name and the 'service' name from /etc/services are completely different19:28
didrocksoh ok, one of my last questions :)19:29
didrocksyes yes, I see that now19:29
AdakosI am using my server as a router, what is the best web interface for a new admin to use ?19:29
didrocksjdstrand: all the tests are ok19:30
jmedinaAdakos: simple routing or advance?19:30
didrocksI will work on the packages tomorrow (it's getting late and I want some rest ^^)19:30
jmedinaAdakos: what do you want to admin via web?19:31
jmedinafor routing I would recomend VYATTA19:31
Adakosjmedina: i dont need VPN support, but I need a basic replacement for a dying router (and i have this box laying around) port forwarding/masquerading, etc19:31
Adakosdhcp,  that sort of thing19:31
jmedinaI dont know a good wui, but for that things I prefer doit by hand, if I need more features I would use vyatta19:32
jmedinamaybe webmin has something19:33
Adakosyeah i was looking at webmin19:33
Adakosi'll poke around with VYATTA though, thanks :)19:34
jdstranddidrocks: there is a chance for collision using the simple syntax. eg, profile uses [ssh] and /etc/services has 'ssh'. In this case, /etc/services wins19:35
jdstranddidrocks: I should add a warning when that happens...19:35
didrocksjdstrand: do you think I really have to keep the ssh name for the profile?19:36
jdstranddidrocks: no-- I recommend you use OpenSSH19:37
didrocksjdstrand: we agree :)19:37
didrocksalso the profiles are case sensitive apparently19:37
zulnxvl: the samba ufw profile has been tested?19:38
jdstranddidrocks and nxvl: there is also a 'Profile Recommendations' in UbuntuFirewall that may be helpful19:38
zuljdstrand: what no one uses telnet anymore?19:38
didrocksbut "ufw allow apache" or "ufw allow Apache" would be use for me, not regarding the case of the word…19:38
Adakosjdstrand: ssh is a much better solution to almost any problem than telnet (unless you are diagnosing mail server woes) iirc19:39
jdstrandzul: heh-- if you want to update the package, go for it19:39
zuljdstrand: no no no :)19:39
jdstrandAdakos: yes, zul was just kidding around19:39
Adakosoh , hah19:39
jdstrand(I hope)19:40
jdstrand;P19:40
zulmaybe..19:40
jdstranddidrocks: well, the main point of the profile name is to uniquely identitify the profile, and using upstream's capitalization or first letter capitalized seems to be the easiest way to stay consistent19:42
jdstranddidrocks: currently it is case sensitive. if you feel strongly about it being case insensitive, I'll take your patch :)19:43
didrocksjdstrand: ok :) The guidelines are clear enough so that there is no derivative from them19:43
jdstrands/take/consider, review and possibly use/19:43
didrocksjdstrand: in which langage is ufw written?19:43
jdstrandpython19:44
didrocksok, I will give an eye so :)19:44
didrocksfirst update some packages and then look at it.19:44
didrocksgood night everyone ;)19:47
jdstrandgoodnight didrocks19:47
nxvlzul: yep, check the changelog20:00
nxvlerr20:01
nxvlcheck the backlog20:01
nxvljdstrand: for dovecot, i will need to add the ufw line to dovecot-$service.postinst, don't it?20:12
=== hessml|away is now known as hessml|away|away
nxvlsince i want a different profile to be added depending on the package i install20:12
nxvlbtw is dovecot ssled by default?20:13
jdstrandnxvl: it is not ssl'd by default last I checked...20:15
zuljdstrand: it does both now20:16
nxvlyep20:16
nxvlit does20:16
nxvlusing snakeoil20:16
nxvljust checked20:16
jdstrandnxvl: dovecot-common should probably add the file to /etc/ufw/applications.d, and then both dovecot-imapd and dovecot-pop3d should each do 'ufw app update --add-new ...'20:19
nxvlthat's what i meant20:19
nxvl:D20:19
nxvlthank you20:19
sorendidrocks: He's not exactly famous for being easy to work with..20:26
* soren reads his response and concludes that not much has changed *sigh*20:27
slim_hello all, i have ubuntu server with two NiC eth0 that connect to internet and eth1 for internal network , how can i enable internal network to connect to internet , after search i find the script > http://phpfi.com/347516 but still not working, anyone can tell me what is missing ?20:34
zulsoren: and thats why you use hardware raid20:34
* soren doesn't like hardware raid at all20:39
slim__back , sorry disconnected, i asked a question before disconnect :)20:40
slim__is about that i want to use ubuntu-server as a router20:41
=== hessml|away|away is now known as hessml|away
sommerslim__: you might take a look at: https://help.ubuntu.com/8.04/serverguide/C/firewall.html#ip-masquerade-ufw20:43
slim__thanks sommer20:43
sommernp20:43
=== hessml|away is now known as hessml|away|away
=== hessml|away|away is now known as hessml|away
=== hessml|away is now known as hessml|away|away
nxvlzul: Chuck22:18
nxvlzul: your last revision of mysql FTBFS on AMD64 due an issue with a test22:18
nxvlzul: and it's making courier FTB also22:19
nxvlzul: did you know the issue or have plans for it?22:21
mathiaznxvl: yes - one of the test fails on i38622:21
mathiaznxvl: it seems related to a timeout in the ndb test22:21
nxvlmathiaz: failed: 157: Could not connect to storage engine22:22
nxvlmathiaz: it seems that it's trying to connect to the server, or something :S22:23
mathiaznxvl: right - the test should have a sleep somewhere so that the storage server can start22:23
mathiaznxvl: the timeout may not be long enough - zul reported it was correctly for his local builds22:24
mathiaznxvl: could you try to build it on your local machine and see if the test fails ?22:24
nxvlmathiaz: i can't right now, i'm at the university on a windows machine22:24
nxvlmathiaz: i will on the recess (in an hour maybe)22:25
nxvlmathiaz: it's also odd that they are completely different tests22:25
nxvland they seem to be architecture independent22:26
nxvlzul: have you retried the build?22:26
nxvlmaybe is a random issue22:27
nxvloh! i love FF, it makes things funnier and my brain to blow22:28
nxvl:D22:28
=== hessml|away|away is now known as hessml|away
Xetrov`might there be a list of standardized server hardware that ubuntu itself supports?  im having an issue with there being no support for hardware raid with an intel server board we are attempting to turn into a vmware server23:11
nxvlthere is a wiki page23:12
* nxvl searchs23:12
ivokskhm... no support for on-board hardware raid?23:12
nxvlhttps://wiki.ubuntu.com/Hardware23:12
ivoksthere's no such thing as on-board hardware raid :)23:12
ivoksnxvl: wazup? :)23:13
nxvlivoks: i think he is refering to a hardware raid + an intel board23:13
nxvlivoks: at the university in the only interesting course i have this period23:13
ivoksoh, nice...23:13
nxvlyep23:14
nxvlnetworking stuff23:14
ivoksXetrov`: which hardware raid do you have?23:14
Xetrov`well its an intel s5000psl23:14
nxvlbut as in electronic communications23:14
ivoksXetrov`: that's fake raid23:14
nxvlivoks: every raid is a fake feeling of security23:15
nxvl:D23:15
ivokseh23:15
nxvlthere no better thing than backups23:15
ivokshardware raids usually cost twice as much MB :)23:16
nxvlthere is*23:16
ivoksnxvl: well, raid and backup are different things23:16
Xetrov`hmmm, i see, software raid on board23:16
nxvlivoks: and lot more of money23:16
nxvlivoks: yep, but at the end they just ensure your data will be ok23:16
ivoksXetrov`: disable that and buy a real hardware raid, or use linux raid23:16
Xetrov`so ive never done software raid with ubuntu, is it simple enough?23:17
nxvlyep23:17
ivoksnxvl: no, raid ensures your server will keep on going in case disk damage23:17
nxvlis the same with every linux distribution23:17
ivoksXetrov`: what kind of raid would you like to setup?23:17
nxvlivoks: mmmm23:17
Xetrov`raid 523:17
nxvlivoks: with a backup server i can do the same23:17
Xetrov`my boss actually jumped the gun and bought a hardware key to unlock raid 5 through the motherboard23:18
ivoksXetrov`: ok, there's a problem with booting from software raid 523:18
nxvlivoks: but what i meant is that they just support bussiness continuity plans23:18
Xetrov`so im trying to figure a way to let the board handle raid just as it would everywhere else23:18
ivoksXetrov`: you need special partition for /boot, outside of raid23:18
nxvlivoks: AND it depends on what raid you use23:18
Xetrov`hmmm23:19
nxvland as /boot it's only used at boot time, it won't hurt23:19
nxvl:D23:19
ivoksXetrov`: how many disks do you have?23:20
ivoks3?23:20
Xetrov`4 if i remember correctly23:20
ivoksok, 423:20
ivoksyou can do this:23:20
ivoksdisk 1 - two partitions - 1GB and the rest, both raid23:21
ivoksdisk 2 - two partitions - 1GB and the rest, both raid23:21
ivoksdisk 3 - two partitions - 1GB and the rest, smaller swap, other raid23:21
ivoksdisk 4 - two partitions - 1GB and the rest, smaller swap, other raid23:21
ivokswith two small partitions from first two disks, create mirror raid and create /boot on it23:22
ivokswith bigger partitions on all disks, create raid 523:22
ivoksthis way you have redundant /boot23:22
ivoksand raid5 for rest of the system23:23
Xetrov`hmmmm23:23
Xetrov`assuming there really isnt any support for the onboard23:24
ivoksthere isn't23:24
ivokscause that's not raid23:24
Xetrov`understood23:24
ivoksif you go and install windows, it will recognize all 4 disks23:24
ivokssame goes with linux23:25
Xetrov`windows sees 1, as i have them configured that way23:25
ivoksand then driver inside the kernel wraps it into one disk23:25
ivoksthat's cause you installed the driver23:25
Xetrov`true.23:25
Xetrov`so its either that or buy a true raid card23:26
ivoksfake raids use processor for all the calculations23:26
ivoksthey don't have raid logic in it self23:26
ivoksthey are just marketing trick23:26
Xetrov`looks like he gets to return the unlocking key  :)23:26
ivoksthose are SATA or SAS disks?23:27
ivokssata i guess23:27
Xetrov`sas23:27
ivoksheh23:27
ivoksi missed :D23:27
ivoks3ware has some really nice raid controllers23:27
ivoksand has more then great support for linux23:28
Xetrov`price is an issue as well hah23:28
Xetrov`oh im sure23:28
Xetrov`i had great success with dell perc as well23:28
ivoksdell perc works, true...23:28
ivoksthere's also intel/LSI logic23:28
Xetrov`hehe23:28
ivoksor whatever it is called these days23:28
ivoksbut those have very poor performance23:29
ivoksi would say that linux raid is better than those lsi logic23:29
Xetrov`well im gonna grab a bite, thanks for the help, ill probably bug you more in a bit  hah23:29
ivokswell, i think not23:30
ivokscause it's midnight over here :)23:30
Xetrov`where is here23:30
ivokscroatia23:30
Xetrov`ahhhh23:30
Xetrov`maybe not then haha23:30
ivokshehe23:31
ivokswell, take care guys...23:31
ivoksumm... Xetrov`23:32
ivoksXetrov`: according to http://www.intel.com/Products/Server/Motherboards/S5000PSL/S5000PSL-specifications.htm23:32
ivoksXetrov`: your MB has a LSI raid controller23:33
ivokswhich should work in ubuntu23:33
=== MajorP47 is now known as majorp
=== majorp is now known as majorp47
Xetrov`odd23:47
Xetrov`it tells me it finds no disk drive and asks which driver to use23:47
=== hessml|away is now known as hessml|away|away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!