[00:35] re: the ec2 root password/sudo issue - is there a way to not have a password for the ubuntu user, and use the ssh credentials during a sudo to authenticate as root? [00:35] or kerberos, or something? [00:36] * nealmcb hates being logged out and presented with an auto-generated password to manage === espacious_ is now known as espacious [01:10] nealmcb: Please send your EC2 beta feedback to the mailing list so there is a record of it: ec2-beta@lists.ubuntu.com [01:11] erichammond yeah - probably not enough people around now to chat here... [01:12] nealmcb: FWIW, I'm not a fan of the current strategy, but it is difficult to be both secure and easy in the EC2 environment especially if you're trying to do things the Ubuntu way. [01:12] Note that it is (currently) possible to simply ignore the ubuntu user and ssh back in as root :) [01:14] You could also pass in a startup user-data script which modified sudoers to allow sudo without a password (but don't tell the security guys I said so). [01:16] * nealmcb puts on his security hat and looks around with upturned eyes [01:16] :) [01:19] I think I was just asked for a mysql password no fewer than three times on install - a bit rude.... [01:20] (I refused to set one each time) [03:14] aha - sudo via ssh-agent implemented for openbsd: http://www.usenix.org/event/lisa08/tech/full_papers/burnside/burnside_html/index.html [03:16] that's what we need for ec2 === badawi_ is now known as badawi === J_- is now known as J-_ [05:34] deploying a ubuntu server with kvm. :) [05:35] I haven't quite convinced the client of using ubuntu in the guests for some clients who are used to Other Distros(tm), but the host is hardy. [05:36] pretty plesant experience so far. cheers on kvm gui management tooks shaping up since last winter. [05:36] s/tooks/tools [06:12] Can someone help me? [06:13] I can't seem to ssh to my server [06:13] and my website isn't up.... [06:14] Lokin: do you have local access to the box? [06:16] ya [06:16] just grabbed a moniter [06:18] Crap. Ok never mind, How do I make my IP static? [06:19] ropetin ? [06:19] Lokin: did you provide deem the IP static? [06:19] Lokin: http://doc.ubuntu.com/ubuntu/serverguide/C/network-configuration.html [06:20] When I set up the DNS server I set the old ip but It changed... [06:22] Lokin: Do you mean the IP of the Ubuntu server, or your public IP as provided by your ISP? You may need to use a dynamic DNS client if you want a server on a connection that has a dynamically assigned IP from your provider. [06:24] curl whatismyip.org, That is my ISP ip right? and then 192.168.0.7 would be the server IP? [06:28] Probably. So if the answer you are seeing from whatismyip.org is changing, you have an Internet connection from your ISP with a dynamic Ip address... so you need to use a dynamic DNS type solution. [06:29] See http://www.no-ip.org for example. [06:32] jmarsden: I can't use this because my server is command line. Right? [06:34] Are you sure?? I think their linux client doesn't need a GUI... checking... [06:35] The clietn is at http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz and does not seem to need a GUI to me... [06:42] How do I restart apache and ssh again? [06:44] sudo service apache2 restart && sudo service ssh restart [06:46] jmarsden: apache2: Could not reliably determine the server's fully qualified domain name, 127.0.1.1 for ServerName [06:46] Take it thats the dynamic IP messing things up? [06:47] Lokin: That's you changing the internal (LAN) IP of the server, probably. [06:47] Edit /etc/hosts to sort that out. [06:47] erg [06:47] It will probably "work" OK despite the warning, actually. [06:48] Doesn't work at all out side of lynx localhost [06:49] OK, then edit /etc/hosts and put the actual static local IP of the server in there with the FQDN and hostname of the server and restart apache [06:50] The static being an IP of the thing I would sign up for? [06:50] At the moment I didn't think I had a static IP. [06:51] No... hmm, I think you need some basic info on IP and NAT and how the Internet works?? Your server has a local and hopefully static IP address on your LAN. I pointed you to the page of the Ubuntu Server Guide which describes that earlier... [06:51] I said: Lokin: http://doc.ubuntu.com/ubuntu/serverguide/C/network-configuration.html [06:51] K i'll... [06:51] ya read that [06:51] did you do what that says to get a static IP for your server?? [06:53] I need to get better in Unix.... [06:53] One sec I'm working on it [06:55] does the Static IP matter? and it has to be local right 192.168.x.x? [06:57] It has to be on your LAN. It has to be unique within your LAN. [06:57] Other that that you get to pick what number you want; if it was 192.168.0.7 dynamically, you can use that... [06:58] ok [06:58] so thats set [06:58] iface eth1 inet static [06:59] OK, so edit /etc/hosts to match that and then restart apache [06:59] k [07:00] 192.168.0.107 UbuntuServer [07:00] OK, now does apache restart cleanly? [07:01] same error but instead of 127.0.11 it now uses 192.168.0.107..... [07:01] What is the fully qualified domain name?? [07:02] servername.mydomain.com (or whatever it really is!) [07:02] You write UbuntuServer in /etc/hosts, is that your hostname? [07:03] I mean I log into to alex@UbuntuServer [07:03] so yes [07:04] OK, so the FQDN is UbuntuServer.yourdomain.com (if your domain name is yourdomain.com) [07:04] UbuntuServer.truehelix.com [07:05] Where should the DNS be pointing to from the Domain registrar? [07:06] OK. So now as long as your router has port 80 open from the outside redirected to 192.168.0.107, you should be set. [07:06] Lokin: ? I don't understand your question. DNS host record for ubuntuserver.truehelix.com should point to whatever whatismyip.com says your public IP is. [07:07] But since you can't edit it every time it changs, you can use no-ip.org, sign up, and automatically update the DNS. [07:07] I set the DNS record from ixwebhosting [07:07] OK. You can do that. As long as you chaneg ti every time your ISP changes your public IP :) [07:08] :/ OK well how do I install somthing on a webpage via command line? [07:09] because no-ip needs a download(of course) and I only have command line on my server [07:09] Lokin: wget is your friend [07:09] man wget [07:09] :) [07:09] thanks [07:09] NP! [07:09] lol [07:10] OK now on to ssh :( [07:10] I can't connect anymore [07:10] even via the new ip [07:11] used to be able just not anymore [07:12] if you ssh from the local box can you access? [07:13] no... [07:13] but wait [07:13] the eth1 address is 192.168.0.107 [07:13] whereas the port fowarding is .1.107 [07:13] that may be a problem.... [07:13] Yes, it would be. [07:14] You can remove the word may from that [07:14] indeeed, that be a problem. [07:14] Better? [07:15] More accurate, less gramatically correct ;) [07:15] :P [07:18] lol [07:18] Sorry, needed a scon [07:18] var hungry [07:20] Damn this is really starting to piss me off [07:21] Then it might be good to stop, do something else, and come back to it later? [07:22] I would but I need to sleep soon. School in the morning. [07:23] Your call. You could leave it for 24 hours... I doubt your web server is earning you $millions/hour or anything? :) [07:23] lol [07:24] This is true [07:24] http://thar.us/view/1440 [07:24] Have you edited the Ip addresses so the ones in your server agree with the router regarding your subnet? [07:24] but I want ssh working at least [07:24] I do a fair bit on it at school [07:24] I'm just wondering where else I would have to change then to 192.168.1.107 [07:24] btw, Don't browse thar [07:25] its Var dangerous. [07:25] edit /etc/network/interfaces and /etc/hosts [07:25] ya got those [07:25] Is that for ssh also? [07:25] Yes. Now restart networking, ssh and apache [07:25] networking? [07:25] ok [07:25] (or just reboot the server) [07:26] k [07:26] all restarted [07:26] ssh alex@76.204.30.102 [07:26] and nothin [07:27] ya just timed out [07:27] Are you sure that is your current public IP? [07:28] Ya... [07:28] I started iptables with the startup prints [07:28] how do I disable them? [07:28] Turn that back off [07:29] Did you use ufw or something else ? [07:29] service iptables stop? [07:29] halt? [07:29] Sure. [07:29] stop [07:29] k [07:29] iptables is unrecognized... [07:30] How did you start up your firewall on the server? [07:30] What did you do? [07:30] Never had... [07:30] How did you start up iptables? [07:30] Well... I may have trying to ste up ip fowarding [07:30] start* [07:31] What command(s) did you type to start iptables/ip forwarding? [07:32] Not a clue. [07:32] Sigh... you did something on your server but you have no clue what you did?? [07:32] Can't I just kill iptables [07:33] It is a kernel module not a service... [07:33] damnit [07:33] what does service ufw status say [07:33] Well It's vary likely when setting it up I just copy pasted shit off the interwebzzz... [07:33] Well stop doing that. Read and learn and take notes, you are now a server admin! [07:34] *Firewall is not running [07:34] blurgg [07:35] OK. Try iptables -L (and pastebin the output somewhere so I can look at it) [07:35] I once again need to point out It's command line... [07:36] There are command line pastebin scripts... [07:36] But never mind... I don't have time for that right now... [07:37] Chain INPUT (Policy ACCEPT) \n target prot opt spurce destination [07:37] 3 of them but the other 2 instead of INPUT there is FOWARD and OUTPUT [07:37] Sounds like youy have no actual rules, so that's unlikely to be the issue. [07:37] k [07:38] CAn you ssh to 192.168.1.107 from anotehr PC on your local LAN? [07:38] mac but I'll try [07:39] doesn't look like it [07:39] just timing out... [07:40] OK, what does netstat -ntl | grep :22 output (should be just 2 lines) [07:40] ... k one sec [07:41] tcp 0 0 0.0.0.0:22 0.0.0.0:* Listen [07:41] and [07:42] tcp6 0 0 :::22 :::* Listen [07:42] That's all good. [07:43] ? [07:45] ergg comp died [07:45] my bad [07:46] Welcome back... OK. What does ifconfig eth1 | grep addr: | head -1 say? [07:46] BTW why are you using eth1... what is on eth0? [07:47] not sure [07:47] Just said use eth1 [07:47] on that link you sent one sec [07:48] OK... we'd better check... you only have one wired network interface on the server, right? [07:49] ya [07:49] it's old [07:49] no wireless either [07:49] OK. So does ifconfig | grep ^eth output just one line about eth1 ? Or a line about eth0 ? [07:50] one about eth0 [07:50] Then that is the name of your interface. So edit your config to to use that, not eth1 [07:50] eth0 Link encap:Ethernet HWaddr 00:40:ca... [07:50] k [07:50] Most likely just edit /etc/network/interfaces [07:52] k [07:53] Now do service networking restart and then see what ifconfig |grep ^eth says [07:55] Hrmmmm duplicate files [07:55] there is now 2 things declaring eth0 [07:55] auto eth0 [07:56] and then iface [07:56] one sec I'm gogin to comment out the old one [07:56] k that worked... and ssh.... [07:56] damn [07:57] still not going [07:58] Time out [07:58] OK. So now ifconfig eth0 | grep addr: outputs a line containing 192.168.1.107 ? [07:58] no... [07:58] first line is inet addr:192.168.1.100 [07:59] Bcast is 192.168.1.255 [07:59] and mask is default [07:59] 255.255.255.0 [07:59] Then your server is at .100 not .107, so you misconfigured something somewhere! [07:59] * Lokin screams [07:59] !!! [07:59] ok well should I just change the port fowarding to .1.100 [07:59] for tonight at least [07:59] OK, sure... [08:00] will you be on tomorow? [08:01] jmarsden: ssh guest@76.204.30.102 [08:01] Possibly... depends on real life stuff... OK... [08:01] lol [08:01] go for it [08:02] yay [08:02] so far everyone has guessed the pass successfully. [08:03] You logged out of the server? [08:03] OK, well, it works... go to sleep :-) [08:03] am now I'm goign to bed [08:04] but just for if your on tomorow you can help me without me copying stuff over [08:04] hi [08:04] HELLO! [08:04] * Lokin wanders off to sleep [08:06] hello someone who can help me with a problem with my mail server? [08:07] miguel1234: Ask the question and find out ;) [08:07] thanks jmarsden :) [08:08] There's a bot command about that... [08:08] !ask | miguel1234 [08:08] miguel1234: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) [08:08] now I have a server with postfix + + sasl2 dovecot postfixadmin + + clamsmtp + spamassasin [08:09] sucede q [08:09] apparently the smtpd-auth does not work [08:11] OK. Did it work when you first installed postfix? Are you using postfix virtual domains, or...? [08:11] jmarsden, I telnet localhost to 25 and shows me the following [08:11] jmarsden, http://pastebin.com/m2cbfee [08:12] jmarsden, [08:12] No I look at the 250-AUTH PLAIN LOGIN [08:12] [08:12] apparently I do not support [08:13] I think you need to tell postfix to support that... what is your backend user database going to be? [08:13] jmarsden, my config postfix http://pastebin.com/m50f30bb5 [08:15] So... that's not the Ubuntu default... where did this config come from, and how do you know it works? [08:16] jmarsden, [08:16] If you already defined in my smtpd.conf here http://pastebin.com/m6b0b12da [08:17] jmarsden, here http://doc.ubuntu-es.org/Postfix/configuraci%C3%B3n_de_un_servidor_incluyendo_Postfixadmin,_Mysql,_Spamassassin_y_ClamAv [08:18] I can't easily debug a fully tweaked postfix config... you just plucked it off the Internet? Do you understand it? [08:19] mmm [08:19] If you follow a guide like that and it fails, you can either get help from the person who wrote that guide, or understand every little detail of what they did... [08:21] I can receive emails but my problem is that I can not send them to other destinations such as external servers because the SMTP authentication does not work for me [08:23] OK. The whole way the guide does auth is not one I am familiar with; it would take me too long to debug this... it can probably be made to work... but not by me in any reasonable amount of time. [08:24] Do you know someone else who has used this guide and got it fully working? Maybe they can help you? [08:30] no === jmarsden is now known as jmarsden-the-mag === jmarsden-the-mag is now known as jmarsden-magicia === jmarsden-magicia is now known as jmarsden [09:41] hello server admins, i was wondering the latest php for ubuntu is 5.2.4 but that seems to be affected by several buffer overflow exploits, does that suhosini patch protect from them or i should compile php from src to get them fixed ? [09:41] ( compile from src to get 5.2.5 [09:53] anybody have experience with setting up a 2 system cluster with a few VPS's on each machine? [09:54] curious about how to setup the mysql databases... either we could use a mysql db on each VPS or is it better to have mysql on the main installation instead of each VPS and sharding it to the other machine? [09:56] you could do mysql replication [09:56] mysql "cluster" [09:57] yeah i am aware of that, i plan on replicating between the VPS's as well [09:57] ah misread your question [09:57] a little [09:57] IF each VPS has mysql on it [09:57] if you have ip for every vps then why not [09:57] have diffrent mysqls [09:58] thou running one should be better performance wise i think [09:58] dunno, looking at the performance i am not sure what would be better.. that's the problem a bit [09:58] thou no real exp talking here, just logic [09:58] although i guess having seperate mysql servers on each vps would be a bit more secure in terms of availability & taking care of system load [09:58] yeah [09:59] in that terms indeed [09:59] but i think having alot of mysqls servers wont hurt you much [09:59] because the mysql proccess itself doesnot take up much [09:59] the load makes it resource hungry [09:59] but if you have alot of mysql servers [10:00] it's harder/impossible [10:00] to replicate them all [10:00] hmm ok, will have to look into that before i suggest the new setup [10:00] thou i dont know how many mysql servers you would be running [10:00] but if you like 10 [10:01] it will be kind of pain in the ass [10:01] to manage them all [10:01] hmm i think it would be about 4 or 5 vps's.. mirrored to a 2nd machine [10:02] btw, is Xen supported by Hardy? or is another package recommended? [10:02] need to be able to give each vps each own amount of ram & cpu cycles [10:05] snek you need xen kernel for hardy i think [10:05] otherwise it would be running okey [10:05] Hi, i'm planning on setting up a file server in a virtual machine. The question i'm facing is wether to use a simple file or a raw partition for the samba shares. One one hand i#d like to keep it simple and have a simple file (which can easily be backed up by the hosting OS), OTOH i fear the performance hit. Experiences? Opinions? [10:05] ... btw... kvm/qemu [10:08] you can use a single file to store all shares? i wasn't even aware of that.. [10:08] personally i setup a raid5 fileserver for a company which gets backed up each night using rsync to an offsite server.. about 700GB of video files & photoshop files.. works fine! [10:10] works with an Areca 8 port sata raid controller, pumps out about 400MB/s now :) === J_- is now known as J-_ [10:12] I plan on simply adding a 300 GB file/partition to the virtual machine as second disk and mount it to serve... pretty straightforward. for rsync/rbackup it would be less hassle to simply use a file which contains all the samba shares, but surfing the net i find opinions that i/o performance is crap for simple file storage. i mean we're talking 30 users here... does it even matter ? [10:16] can't say i have much experience with that, but i know that reading from a single file costs you about 10 - 20% performance.. if that's still acceptable (lets say a hdd does 75MB/s in an ideal situation, then you'd do about 55 - 60MB/s but an 100mbit line can only handle 12MB/s) then i wouldn't worry too much about it) [10:16] your lan connection will most likely be the bottleneck, not the way you setup the share [10:17] stefg: have you looked at this article? http://www.howtoforge.com/virtualization-with-kvm-on-ubuntu-8.10-p4 [10:17] frippz: not yet :-) thx for the link [10:18] stefg: have a look a this one as well. might be interesting regarding backing up LVM Partitions. http://www.howtoforge.com/linux_lvm_snapshots [10:19] I will be doing something similar in january when our new rack server arrives at work, so I've been studying these articles thoroughly :) [10:19] frippz: interesting read, although lvm snapshots are nothing i could use, and actaully i'd try to avoid the extra complexity of lvm... space requiremants are foreseeable, and i'm a fan of the KISS philosophy [10:20] stefg: [10:20] stefg: not familiar with that philosophy [10:21] * frippz hits up Google :) [10:21] Keep It Simple Stupid ... don't use fancy things for their own sake [10:21] stefg: heh, it just hit me :) [10:22] well, that article mentions about I/O problems as well, so there might be something to it [10:24] but snek is probably right... even if 5 users from 5 different 100MB segments access the server they'll not hit more than 50-60 MB/s i/o bandwith... the raid-10 can easily handle that, even if i loose 10-20% i/o performance by having a filesystem on a filesystem [10:24] hola [10:24] alguien que hable español ? === boshhead_ is now known as boshhead [10:51] hi [10:51] because it shows ubuntu 8.10 non 250 AUTH LOGIN ? [11:32] moin [12:25] an I use iptables instead of ufw? [12:26] sure [12:26] ufw is just a frontend for iptables anyway [12:28] ok [13:30] i have a failed lvm volume that im trying to repair but when i run a lvm cmd i get a error about I/O [13:31] "failed lvm volume"? [13:34] hmm how do i explain [13:34] the hdd was in another system but atm im using it as a external hdd to get the data off [13:34] but i cant due to the damn thing complaining about I/O [13:43] brb [13:44] I'm trying to find out how much space BIND is taking up (zone files etc.). is there any other place than /etc/bind that I should look at? [13:45] frippz: /var/cache/bind [13:46] and potentially /var/lib/bind [13:46] lamont: thanks. another 12K there :) [13:47] frippz: the most accurate answer is "see /etc/bind/named.conf et al, and what directories get referenced therein" [13:48] I'm guessing all the essential stuff resides in /etc (will be relocating BIND to another machine next year) [13:56] how do i check if server is having a problem to cope with high cpu demanding process? [13:59] Mal3ko: You look outside your office to see if there's a queue of users who are annoyed with your servers. If there isn't, you're fine. [13:59] * soren is not kidding [13:59] lol [13:59] There's no single metric to check. [13:59] maybe like hard disk load? [14:00] If people are happy with the service you're providing, you're fine. That's the only single, useful metric that always applies. [15:50] hello server admins, i was wondering the latest php for ubuntu is 5.2.4 but that seems to be affected by several buffer overflow exploits, does that suhosini patch protect from them or i should compile php from src to get them fixed ? [15:56] which version of ubuntu are you using? [15:58] cuz heh, i see 5.2.3 in gutsy and 5.2.6 in intrepid, so i'm not sure where you're getting 5.2.4 from [16:01] Deeps: I think 5.2.4 may be in -backports [16:02] i forgot to look at hardy, heh [16:02] you've still not mentioned which version you're using though [16:04] generally, you'd wanna check the changelog or buglist of the package you're concerned about [16:04] search for it on packages.ubuntu.com [16:04] e.g., this is the changelog for php5 in hardy: http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.2.4-2ubuntu5.3/changelog [16:25] howdy [16:25] is there anyone here who has experience running Xen 3.3 backport in 8.04.1 [16:26] My networking is borked but I can see a peth0 device with a proper IP addres [16:26] address* [16:34] simplexio: so, it's working now. I was using an live Ubuntu environment for the workstation. I just installed it to the hard drive and it worked right away haha [16:44] hi guys, i have an apparmor questions [16:45] *question [16:46] its not server specific but the ubuntu homepage sent me here [16:47] how can i open links sent to me in skype in firefox, i tried to allow skype access to /usr/bin/xdg-open, but now it wants to access firefox.sh [17:33] can anyone help me or point me in the right direction ---> i moved my svn server laptop from college to home. when i try to update or commit, the svn is trying to access the college ip address, is there a way to switch it to point to my home address? --thanks [17:37] mib_zp4tvgxc: svn switch --relocate [17:38] does it take params [17:38] or anything [17:38] mib_zp4tvgxc: svn switch --relocate old-addr new-addr [17:39] thanks alot [17:39] on server box right [17:39] on your svn client [17:39] ooh ok, thanks [17:52] anyone here have experience with xen 3.3 and hardy? [17:52] i have a networking question [17:52] <_jmedina> mgagne: which one? [17:53] _jmedina hardy 8.04.1 with xen 3.3 backport [17:53] <_jmedina> I mean the networking question [17:54] well i got the system to boot with the xen kernel, now i have 2 interfaces in ifconfig, lo and peth0 [17:54] i added eth0 back to interfaces and it gets an ip as well as peth0 [17:54] but i cant ping google.com etc from dom0 [17:55] it does work when i run "ip link set peth0 down" [17:55] but than peth0 grabs an ip again shortly after [17:55] probably because xend is doing something with it? [17:56] <_jmedina> using bridge networking? [17:56] i believe so [17:57] i changed very little about the xen configuration when i installed it [17:57] <_jmedina> peth0 is the real interface, eth0 is a virtual interface attached to the bridge port [17:57] <_jmedina> run [17:57] <_jmedina> brctl show [17:58] ok it lists eth8 with an id, stp not enabled, and interfaces are peth0 [17:58] eth0* [17:58] <_jmedina> mgagne: could you paste bin it? [17:58] _jmedina: sure === _jmedina is now known as jmedina [18:00] jmedina: http://pastebin.com/de79dcbf [18:01] jmedina: I had to type it out because the system with Xen is not able to get on the network reliably [18:01] but its character for character what im seeing [18:02] jmedina: if you need anything else paste binned I can use my usb stick though [18:05] mgagne: ok, then show your xend-config.sxp [18:05] egrep -v '^#|^$' /etc/xen/xend-config.xsp [18:05] your /etc/network/interfaces [18:05] the output of ethtool eth0 and ethtool peth0 [18:06] ok will do, give me a min [18:12] jmedina: here it is http://pastebin.com/m27136fd9 [18:19] jmedina: when i ping google.com it resolves an ip but i get Destination Host Unreachable [18:20] mgagne: I forgot about ifconfig -a and route -n [18:21] DNS and routing is different things :-) [18:21] fwiw [18:21] mgagne: can you ping your default gw? [18:22] jmedina: ok ill paste bin those, lemme check [18:22] mgagne: sounds like lack of a default gw being assigned [18:26] i believe i can ping the gateway [18:26] lemme get the command output [18:30] jmedina: http://pastebin.com/m7f722890 [18:31] mgagne: you have two default gateways [18:31]