[00:00] jmedina: Do you understand what I mean, though? Right now my machine is c-68-82-187-97.hsd1.de.comcast.net. But I own server.com and have my domain pointing to my IP address. I want my machine to be machinename.server.com. [00:00] Zombie_Gaz, You need to speak to the owner of the netblock to get reverse DNS setup.. as they'll need to do it on their DNS servers.. in this case, comcast to see if they'll do it for you. === jjesse_ is now known as jjesse [00:01] Ah. So this isn't something I can do on my machine. It's via my ISP? [00:01] you can't set RR for your IP address, unless your ISP delegate it to you, which they do rarely [00:01] Zombie_Gaz, yes, the owners of the IP. [00:01] Got it. [00:01] Zombie_Gaz, and providing your own forward zone (domain.com -> Your IP) matches the reverse zone (Your IP -> domain.com), it'll show as domain.com on your IRC hostmask for example. [00:02] Zombie_Gaz, but really, you'll need to speak to comcast in the first instance to see if they can help. [00:02] 98.0.105.78.in-addr.arpa domain name pointer home.magicalforest.net. [00:02] :-) [00:02] :) [00:02] I was lucky in that my ISP will delegate reverse DNS to me, or, now.. (which is easier) they give me a web panel to change it myself.. :) [00:03] * jmedina hates in-addr.arpa [00:03] dazman: ha. nice. [00:05] Any familiar with comcast's feelings towards this? [00:05] erp (Anyone) [00:06] * Zombie_Gaz has a feeling it is not positive. [00:06] Zombie_Gaz: Do you have a business account or a residential one? [00:06] residential ;( [00:06] Comcase no haz reverse DNS for you. [00:06] hah [00:06] You're violating your terms of service running a server. [00:06] Yeah. [00:07] Boo. [00:07] For business accounts they have it no problem. [00:19] hey all, anyone running mysql with master -> slave replication [00:19] ? [00:23] nephish: yeah why [00:24] anyone got drbd0.7 to run under hardy? [00:24] well, i am wanting to set up master slave replication on our backup server. The trick is, we are going to move our backup computer to another location. [00:24] so whats your question [00:25] i am wondering if that is going to present a problem. [00:25] who is the master and who is the slave? [00:25] i would have to change the slaves host name on the main, etc. [00:25] master is our main server. [00:26] just that our database is almost 8 GIG, so it will be very difficult to move the copy over once we move the system [00:27] nephish: stop the server, note the binlog position [00:27] move the server [00:27] change the configuration on the master [00:27] I live in the heart of Tornado Alley, so we just cannot have our main and backup server in the same place [00:27] if you still need it you would have to double check [00:27] ok [00:27] then start replication server again [00:28] check if it automatically rolls all transactions from the master to the slave [00:28] is there some kind of option to load the slave computer from scratch? [00:28] i can't do a mysqldump because of how long it will lock up the database [00:28] otherwise tell the master from which last transaction (the number you noted down) the transaction log should be replicated [00:28] that should be it [00:29] ok [00:29] nephish: maybe you can do mysqlhotcopy [00:30] turn on binlog on the master [00:30] lock the master [00:30] write down the transaction number [00:30] do mysqlhotcopy [00:30] unlock the master [00:31] copy everything to the slave [00:31] get it up and running [00:31] tell the master from which numer on the transactions should be replicated [00:31] ok [00:31] and please make sure to read http://dev.mysql.com/doc/refman/5.1/en/replication.html [00:31] maybe my info is outdated because it has been a while [00:32] ok. [00:32] looks good [00:32] thanks for the link [00:32] nephish: google mysql replication -> first hit ;) [00:33] yeah, kinda bypassed it for some how-to and tutorial websites [00:34] nephish: it is always better to clearly understand what you are doing. Stay away from howto and tutorials if you have good documentation at hand. Which is the case with mysql [00:34] thanks [00:56] will scst be included in ubuntu ? [02:25] New bug: #316957 in mysql-dfsg-5.1 (universe) "package mysql-server-5.1 5.1.30-2ubuntu1 failed to install/upgrade: 子进程 post-installation script 返回了错误号 1" [Undecided,New] https://launchpad.net/bugs/316957 [03:51] New bug: #316974 in mysql-dfsg-5.1 (universe) "Mysql dead after update" [Undecided,New] https://launchpad.net/bugs/316974 [03:55] Hey guys How can i change the repositories from a local one to the main one. the local one is horribly slow [03:56] /etc/apt/sources.list [03:57] ok but where can i get the list of main servers [03:58] Everything is something.archive.ubuntu.com [03:58] something.archive.ubuntu.com [03:58] k thanx [03:59] Um, not literally. [03:59] oh [03:59] cause the canadian ones are brutally slow [03:59] If you're in Australia you would use au.archive.ubuntu.com [03:59] usa = us [04:10] <_Cid> evening peeps [04:12] can I run fsck command for NTFS partition ? [04:13] i means is it safe to run fsck command in NTFS partition, I am newbie. [04:13] How to i check & repair NTFS partition in Linux CLI ? [04:13] <_Cid> beats me :/ [04:15] what are the letters in the repositories for usa [04:16] http://ca.archive.ubuntu.com intrepid-updates <-- thats canada whats the usa one? [04:16] <_Cid> us? [04:16] hey all, needed to setup a SOHO server for basica file/print sharing and authentication. it seems like samba + ldap is the solution, however apparently samba has limitations [04:17] i was trying to figure out what setup would work best. any help is much appreciated [04:17] <_Cid> pardon my ignorence ...SOHO? [04:17] small office/home office [04:17] <_Cid> !soho [04:17] Sorry, I don't know anything about soho [04:17] <_Cid> ahhh, ok [04:17] yup [04:17] anyone alive? [04:17] <_Cid> what limitations you looking at? [04:18] * ScottK finds a HP JetDirect box sitting on the network plenty for SOHO print serving. [04:18] <_Cid> I mean ...I run that setup, works fine [04:18] well, apparently it _has_ limitations. i was trying to figure out what exactly [04:18] For SOHO I doubt you will run into any [04:19] How big is this office, do you really need central authentication? [04:19] basically what i'm looking for is a file server to host the files used to run a couple windows-only apps (GoldMine & QuickBooks) [04:19] <_Cid> no limitations so far :P [04:20] and was hoping I could have it work like a domain controller for central auth [04:20] about 5 employees, however it can gro [04:20] w [04:20] <_Cid> I done a setup like that once for a 8 man company - worked fine with samba [04:20] i needed everything on the server (except that the apps could run locally -- esp since most clients will be windows) [04:21] _Cid: your experience would be greatly appreciated if shared :) [04:22] <_Cid> uzair: I dont know what to say really :) I spend an afternoon, started witht he samba.conf which is pretty well documented, and a few google hits ... and had it up and running in pretty much no time [04:22] i'm a relatively advanced user w/ windows and maybe intermediate (although that may be pushing it) on linux, but i'm quite new to system admin. i have a large understanding of various parts of it, but never setup a whole network like this before [04:23] <_Cid> uzair: I seem to recall having the most trouble with getting windows to detect it as a domain server ...oh..and some issue about home directory replication I accidently set up ..and couldnt figure out how to turn of (whenever you logged in to a enw machine, bunch of files got copied over, woops) [04:23] _Cid: did you use samba for central auth? were people logging onto a domain or were they just mapping drives? [04:23] <_Cid> uzair: you can do both with samba [04:24] <_Cid> uzair: a starting point would be /etc/samba/samba.conf - there are commented out examples in there that pretty much does it for you :-) [04:24] <_Cid> err smb.conf, sorry [04:24] what about the use of ldap? [04:25] tdb? [04:25] <_Cid> err..was on a fedora box...think it was called FDS [04:26] http://doc.ubuntu.com/ubuntu/serverguide/C/samba-ldap.html [04:27] <_Cid> and/or: http://www.majen.net/smbldap/ [04:27] thanks hads. i had found these two as well: http://www.howtoforge.com/ubuntu-gutsy-samba-domaincontroller [04:27] and, http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10 [04:27] <_Cid> uzair: Its not that I dont want to help btw, sorry if it comes across like that ..I just dont recall a lot of issues ...kinda..just..worked [04:28] np. people are often busy as well, etc. i was hoping if you had a guide or something you used, you could pass it along. if you just went at it raw, then i wouldn't really expect someone to teach me everything on the spot [04:28] <_Cid> in terms of limitations, I cannot think of any you will run into with 5 users :-) [04:28] what are some limitations that these people talk off [04:29] <_Cid> who are these people...windows people? [04:29] specifically in the intro of this article: http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10 [04:29] "Please note that you do not have a fully comparable Windows domain controller at this time. Do not kid yourself, this guide only gets you a server with LDAP authentication." [04:29] <_Cid> yeah, well..its not a fully featured domain server [04:30] <_Cid> [04:30] <_Cid> dont think you can set up cross domain trust ..as an example (or at least, I dont know how to) [04:30] hmm. now ldap seems to be quite a bit of a hassle, i was considering just using tdb. would it be a pain to switch to ldap later on? [04:31] <_Cid> with 5 users, I would go as light as I could - LDAP does seem a bit like overkill, unless you have a need for it [04:31] well, there is potential for growth [04:31] <_Cid> you hiring? :D [04:31] i don't expect it to go beyond 20ish [04:31] lol, you don't wanna work for me just yet ;) [04:32] but seriously, as the business grows, we're going to need people [04:32] <_Cid> what you going to do? [04:33] business-wise or server-wise? [04:33] server-wise [04:33] <_Cid> well, since we are in ubuntu-server .... I was curious as to your business idea :) [04:33] i was hoping to basically have a file server for centralized storage of files as well as the data for a couple of windows-only apps [04:34] <_Cid> uzair: you will have that part up in minutes [04:34] lol, business idea doesn't really have much to do with ubuntu, or linux. besides, my dad takes runs that part -- i'm supposed to play the IT guy [04:34] right [04:35] <_Cid> uzair: take it in phases, get file share up and running first - again, check out smb.conf [04:35] now secondly, those special apps need to be run on win machines, so they'll be there local. however all their info will be on the server [04:36] <_Cid> assuming there is support for that in the windows client [04:36] there is, checked that part out [04:36] <_Cid> you good then [04:36] <_Cid> (cause I tried that with quicken once, and it did not, heh) [04:37] no huh? too bad... [04:37] <_Cid> just make the same share avaliable to all windows users ... so they all know ..oh, the data is on the I Drive...or whatever [04:38] <_Cid> iDrive has a nice ring to it ...very Mac'ish [04:38] lol [04:38] yeah, i'm sick of seeing the z drive everywhere :S [04:38] <_Cid> :) [04:39] alright. i guess i'll get to work on doing this one step at a time. [04:39] so just to get a final answer, you advise for/against ldap? [04:40] <_Cid> for 5 users? against - your call if you want to position yourself for growth [04:40] alright then. i'll ponder over that some more. thanks for your help [04:41] <_Cid> sure thing, good luck with it :) [04:41] you as well hads [04:41] thx [05:26] Can anyone help me with this thread? http://ubuntuforums.org/showthread.php?p=6545446#post6545446 [05:46] does anyone run sendmail with ssl on intrepid with outlook clients? [05:48] Pain all around. No. === antdedyet_ is now known as antdedyet [06:55] how can i set sshd to only allow a set amount of connections from any one ip? [06:58] /etc/hosts.{allow,deny} ? [06:59] Jeeves_, that would allow me to block a host, what i would like to do is limit a host's amount of connections [07:00] can sshd limit the max connections from an ip? [07:02] AnRkey: Not that I know of [07:03] Haven't heard [07:03] Maybe iptables can do it [07:03] Jeeves_, i have denyhosts running every minute to stop dictionary attacks but some of these kids have large amounts of bandwidth. I end up getting 6000+ attempts before denyhosts has a chance to block them [07:03] AnRkey: use iptables with limits [07:03] henkjan, could you push a little harder,almost there [07:03] AnRkey: http://www.debian-administration.org/articles/187 [07:06] henkjan, thanks very much! that seems to be exactly what i was looking for but could not get in to words to google successfully [07:06] i looooove this os and it's team [07:07] AnRkey: I googled for "ssh connection limit" :) [07:09] fail2ban may also be interesting [07:12] i almost dont believe you :) [07:12] trying that [07:12] i tried max connections and so on [07:13] fail2ban has broken 3 times on me [07:13] the lists keep getting messed up for some reason [07:21] i remember why we wanted to use it, it can check more services than the other denyhosts script [08:03] henkjan: Jij googler! [08:16] Jeeves_: respect my google skills! [08:18] :) [08:44] moin [08:45] help [08:46] apache didn't shut down cleanly or something [08:46] and the address is still in use? [08:46] how can i fix this [08:46] (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 [08:46] sudo invoke-rc.d apache2 stop [08:47] hads: still doesnt work [08:48] what gives? [08:50] I have no idea what gives. Sounds like you'll need to kill it yourself. [08:50] hads: how do i do that/ [08:53] killall -v apache2 -9 [08:54] http://www.google.com/search?q=linux+kill+process [08:54] Jeeves_: not pkill -v ? ;) [08:54] -9 is pretty rough to start out :) [08:55] Jeeves_: it says no process killed [08:56] i would love to fix this :/ [08:56] like soon [08:56] hah [08:56] there are no apache processes [08:56] but the socket is still there [08:56] or whatever [08:58] <\sh> stiv2k: find out the processes with : sudo fuser -n tcp 80 [08:58] \sh: no results, there is no processes of apache [08:58] henkjan: pff. You funny guy! [08:58] stiv2k: netstat -lnp | grep 80 [08:58] What does that say? [08:59] tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - [08:59] <\sh> then there is also a process [08:59] <\sh> the fuser stuff should give it to you... [08:59] wtf [09:00] the fuser command returns nothing... [09:00] add a sudo to that netstat [09:03] it still looks the same [09:06] wtf is going on [09:06] why is it doing this [09:10] stiv2k: If you run 'netstat -lnp' [09:10] as root [09:10] Than you see which process is using port 80 [09:10] Jeeves_: and? [09:11] oh [09:11] tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - [09:12] stiv2k: You're running that as root? [09:12] yes [09:12] Jeeves_: sudo [09:13] hmm [09:13] ps uax | grep .pl ? [09:14] Hmm [09:14] there is something open on my port 443 too [09:15] Jeeves_: nothing comes back from that [09:16] stiv2k: sudo apt-get install rkhunter chkrootkit [09:16] Run both [09:16] Jeeves_: what do those do [09:17] They check for rootkits and unwanted running software [09:17] apt-cache show rkhunter [09:18] hey btw [09:18] the damn init script for BOPM is broken [09:18] Jeeves_: i get this [09:18] /usr/sbin/unhide [ Warning ] [09:18] /usr/sbin/unhide-linux26 [ Warning ] [09:18] everything else is for the most part [ OK ] [09:21] Jeeves_: no root kits here [09:24] telnet localhost 80 [10:35] I know this isn't really the right place, could someone help me out with regards to sbs2k8, IIS & Exchange2k7 ? [10:35] it would be nice to have some docs about a scst installation :) [10:36] or direct me to a channel with windows kiddies [10:36] nmzan: #windows-server [10:37] hax, didn't find that in the # list [10:37] thanks [10:52] I wonder why there is not that much infor about open-iscsi and scst [11:01] hi, hi would like to find a tool to monitor file system change rates, any idea? [11:02] inotify-tools may be of interest to you [11:04] Deeps: thx [12:16] mhh, there are really no good howto's about iscsi :S [12:36] hello, im having problem with mercurial on ubuntu [12:36] its webserver is launched on port 8000 and im not sure where to look how to disable or reconfigure it [12:43] what is the best filesystem for iscsi luns ? [13:08] MatBoy: Uh? [13:15] Jeeves_: ? [13:15] mhh [13:15] but I don't know what FS is best for that disk [13:15] I use iscsitarget to make luns using files on a disk [13:16] MatBoy: Why would an iscsidisk differ from a normal disk in terms of you choosing a filesystem? [13:18] Jeeves_: so ext3 should be fine ? [13:19] it seems it does [13:26] MatBoy: Yups, it is [13:29] Jeeves_: but what about lvm ? [13:30] how is that managed with iscsi ? [13:31] MatBoy: Never used lvm [13:32] k ! [13:34] not sure I understand why ubuntu server insists on installing apparmor [13:36] and it really bugs me canonical will not release their control panel thing a jig [13:38] apparmour provides application security, and is enabled by defaultl, but it easily disabled and/or removed [13:38] ya [13:38] control panel thing a jig? landscape? yeah. agreed. [13:38] I know [13:38] just comparing debian and ubuntu [13:39] I understand using ubuntu for the desktop as it takes care of all the piddly little desktop issues that you would battle with under debian [13:41] but the server release kinda bugs me. I ended up writing my own preseed to setup a custom firewall installation [13:42] i cant speak for the devs or even state with any kind of merit or backing that this is true, but it appears to me that the approach of "linux for humans" on the desktop (ie. linux desktops without needing to know much about linux) has been carried over to the server [13:42] and that ubuntu server is designed to try and make things as easy as possible for people with minimal command line experience [13:43] not sure how I see how it helps manage most services [13:43] Deeps, that may be the intent, I'm not sure its been a success though [13:43] I do like the ltsp integration though [13:43] whether it's a success or not, i'd personally think it's a bad idea [13:44] i tend to agree [13:44] I had to battle through that with debian [13:44] ya [13:44] I like the package manager they took from debian and the kernel patch set seems to be pretty clean [13:45] i like the up-to-date packages, it's great for non-critical multifunctional servers [13:46] the trouble I have is I am partnered with a windows guru who knows little about linux and insists on using crappy web front ends ie webmin etc [13:46] oh dear [13:46] ya [13:46] mean while I have compiled os's from scratch [13:46] well windows admins will have to learn command lines soon, i hear the windows server 2008 can be built command line only [13:46] LFS and gentoo [13:47] cor3: I don't know if your firewall preseeding is for ufw or not, but ufw will have basic preseeding support in jaunty [13:47] all the serious 'doze admins i've met use cli anyway [13:47] LOL ya its kinda like bash actually [13:47] LOL [13:47] cor3: also, the apparmor stuff isn't so much 'for human beings' as to keep important services as safe as possible [13:48] it's easy to update for one's needs, or to simply put in complain mode [13:48] ya I would prefer a full chroot and perhaps grsecurity patched kernel [13:48] with chroot restrictions [13:48] jdstrand, and drive sysadmins insane trying to work out why their ldap servers wont read the SSL certs ;) [13:48] Kamping_Kaiser: if apparmor is not working for you in a default installation, please file a bug [13:49] Kamping_Kaiser: or a common configuration [13:49] cor3: dont ask for much do you ;) [13:49] lol [13:49] no [13:49] haha [13:50] cor3: apparmor effectively chroots your application [13:50] kees: One thing your blog post about Sendmail/Outlook had me thinking about was that we dropped SSLv2 in Intrepid. Dunno if that was getting used before somehow. [13:50] jdstrand, no idea how common the setup was, but for the first time ever i had services unable to read /etc/ssl// because apparmour didnt consider the path legit :) [13:51] Kamping_Kaiser: this was in slapd? [13:52] jdstrand, the service in question? yes. I dont remember if Apache had the same hissy fit or if slapd was the only one. [13:52] Kamping_Kaiser: apache doesn't have an apparmor profile by default. I can fix slapd if you file a bug [13:52] anyone successfully integrate openldap, and spamassassin/amavisd-new? [13:52] (we can't fix these annoying problems if people don't report them) [13:53] I registered my own oid space for custom ltsp and snmp development work [13:53] oh, and made props for apparmor, the more i use it the more i like it [13:54] jdstrand, would it be considered bug worthy? While it seems a logical place to put the file for me, I dont know if its a standard path at all [13:54] :) [13:55] I want to build the equivilant to zimbra minus the ajax front end and other nasties [13:55] Kamping_Kaiser: it seems fairly reasonable to me to have SSL aware applications able to read file in /etc/ssl. if you file a bug, it can be discussed [13:55] jdstrand, ok, I'll do so. [13:56] Kamping_Kaiser: thanks! [13:56] Any one using the oem configuration support? [13:57] Not me [13:58] I found preseeding works well enough but the oem-config-server looks like it could be useful [13:59] one thing i found funny is the minimal debian installation is larger than the minimal ubuntu installation [13:59] if installed with the 'alternate' cd [14:00] netbase doesn't include inetd either which I like because I rarely use it for most installations [14:01] still have my reservations regarding canonical though [14:02] especially them refusing to release their support software for what is after all a free OS [14:03] the folks at debian would NEVER even consider doing that [14:03] jdstrand, its been a while since i worked on teh system in question, but heres a report https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/317109 [14:03] Launchpad bug 317109 in apparmor "Apparmour doesnt support use of /etc/ssl/" [Undecided,New] [14:06] its one thing to provide commercial support but its a completely different thing to write software specifically for something completely open and not release it. Not to mention I doubt I would want a closed source support package installed cause who knows what they do with it. [14:06] Seems like something old billy would do [14:07] * ScottK <-- Does not work for Canonical [14:07] cor3: Then don't buy their support, just use it. [14:07] It shouldn't affect your decision whether or not to use the distro. [14:08] Kamping_Kaiser: thanks for the report :) [14:08] it just makes me question the relationship between the 2. [14:08] jdstrand, no worries. HIH. [14:08] canonical != ubuntu is what people tell me [14:09] cor3: That's absolutely true. [14:09] And ubuntu != canonical. [14:09] but they seem to scratch each others back [14:09] any who [14:09] no worries I will continue to use ubuntu server [14:10] I should get more involved with the distros I use [14:10] I came here from opensuse after experiencing too much "If you want it to work, buy SLES/D licenses" from Novell/SuSE. [14:10] ya [14:11] I started with RH7 then debian then gentoo then debian again and now a mix of debian/ubuntu [14:12] cor3: if the landscape bits bother you, I suggest you take it up on the mailing lists [14:12] its come up before iirc, but i'd be interested to se it come up again [14:12] red hat, debian, freebsd, ubuntu, debian+fbsd+ubuntu mix now [14:12] (even if it does come up while i'm afk :() [14:14] ubuntu server needs some better docs [14:15] still use gentoo docs for setting up a lot of stuff [14:15] cor3: If you're interested in getting more involved, that's an excellent way to do it. [14:15] New bug: #317109 in openldap2.3 (main) "Apparmour doesnt support use of /etc/ssl/" [Undecided,Confirmed] https://launchpad.net/bugs/317109 [14:15] cor3: sommer <-- Also doens't work for Canonical does the Ubuntu Server guide and is always looking for new inputs. [14:16] I have been thinking about it. One of the common servers I put together is a debian/ubuntu firewall/openvpn and spam filter [14:17] I'm sure I could put together some docs on that process but thats more of specific deployment type doc than anything else [14:17] What configuration do you use for spam filter? [14:18] speaking of spam... [14:18] ScottK: do you use greylisting with postfix, and if so, what software? [14:18] up until recently I have been using exim4 + spamassassin + clamav + razor + dcc + pyzor but I have been working on a postfix + amavisd + postgrey setup [14:19] jdstrand: No. I actually have my mx at a commercial host. They use Postfix with greylisting, but I don't know which one. [14:19] ScottK: or rather, what is the recommended greylisting package for integration with postfix on Ubuntu [14:19] k [14:19] I don't think we have one. [14:19] use postgrey [14:19] I hear good things about postgrey. [14:19] its simple and effective [14:19] I started using postgrey, and it was *super easy* to setup [14:19] jdstrand: None in Main IIRC. [14:19] ScottK: no, I checked [14:20] postgrey seems to work pretty well [14:20] cor3: Also if you have feedback about the default Ubuntu amavisd-new configuration, I'd like to hear that. [14:20] Obviously it has to be somewhat generic, but I want it to be useful. [14:21] I'll have to get back to on it. I am testing the solution before making use of it for my clients but so far it seems to perform better than my previous exim4 setup [14:23] Of course. It has postfix. [14:23] ya big time [14:23] I started using exim4 while working for a previous employer [14:23] they were a debian heavy shop and used exim4 exclusively [14:24] so you go with what you know but I wanted to slim out the install [14:24] spam filtration can be resource intensive [14:25] one of the LTSP devs lives in my city [14:25] we got together for lunch a few years back [14:25] he worked on the ubuntu ltsp integration [14:25] Scott Balneavs is his name if I recall [14:27] Looks like https://launchpad.net/~sbalneav [14:28] thats him [14:28] he was largely responsible for ltspfs too [14:28] * ScottK detatches to experiment with new IRC cilent builds. See you later. === _jmedina is now known as jmedina [16:14] hi! :) [16:14] if i install 8.04 server, where can i tell on what disk it should install grub? [16:14] just askign to make sure i dont miss it [16:15] Ward1983: iirc, you won't be offered that [16:15] ivoks, so can i do that anyway? [16:16] ivoks, else i need to open up my PC, unplug the harddisks except the one i want to install on, afterwards plug them back in and fix my menu.lst :s [16:16] a ton of work [16:16] hm [16:17] its going to install grub where you tell it to partition the fs [16:17] ivoks, i know its possible with ubuntu desktop [16:17] you can, of course, preesed all that [16:17] i think MianoSM is right [16:17] So when you go through the partition manager if you have sda and sdb, if you install on sdb, it should install grub on sdb [16:17] and vice versa [16:17] MianoSM, are you sure? ubuntu allways takes the first disk by default unless you tell it where to install to [16:17] i meant ubuntu desktop [16:17] Right, you are going to have to dictate the partitioning. [16:17] Ward1983: first disk in grub isn't the first disk on OS [16:18] You can change the listing in grub so far as disk order. [16:18] ivoks, i know i did not say that [16:18] ivoks, it allways takes the first disk of the system [16:18] ok thats chinese [16:19] Ward1983: i really haven't been thinking about this [16:19] so, i don't know for sure [16:19] it does (desktop) [16:19] If you set your bios to boot from a maxtor and a seagate hard drive, they will both have an mbr. Ubuntu will label then sda and sdb [16:19] i always installed ubuntu server on first disk :) [16:20] Use the manual partition choice, and select the correct disk, and be sure to have a SuperGrubDisk on hand in the case of error. [16:20] MianoSM, i just want both ubuntu-server and grub on the third disk on my system, grub would call it (hd2,0) or /dev/sdc1 [16:21] Ward1983: that's absolutely possible. [16:21] ok never mind ill just unplug the other disks.... [16:21] jesus [16:21] You found JC? [16:21] MianoSM, ah ok so how do i do that please? [16:22] preseed it [16:24] MianoSM, ah ok so how do i do that please? installing on (hd2) [16:24] Ward1983: if you would wait for an hour, i could try that scenario in my VM and let you know results [16:24] that service would cost you $500 [16:24] :D [16:25] ivoks, nah ill try it myself then lol [16:25] I'm telling you, the drive you choose to install the OS to will carry the GRUB installation. [16:25] ivoks, i assumed you knew how to do it since you said its possible [16:25] i told you [16:25] you can preseed it [16:25] MianoSM, and i asked you if you are absolutely sure :) [16:25] http://wiki.debian.org/DebianInstaller/Preseed [16:25] MianoSM, its not that important, i can restore the bootloaders of the other disks if needed [16:26] In my experience, I haven't seen it happen otherwise. [16:26] ivoks, aaaaaah ok sorry i didnt understand lol [16:26] http://www.nabble.com/Preseeding-Grub-td3267439.html [16:26] MianoSM, because you allways used the first disk? :p [16:27] No, not always. I had a RAID 0 set up over 2 disks (hd0), and then a third drive (hd1) that I installed on. [16:27] ivoks, so can i preceed only grub? [16:27] Hi, this is the output of a line of top: 15924 www-data 20 0 32228 6972 1292 R 100 0.2 147:40.99 perl. I want to know which script is running, it just displays "perl". How do I do that? [16:28] ivoks, sorry i dont understand that second link [16:28] dinsdale07: c [16:29] Jeeves_, you mean top -c? [16:29] MianoSM, maybe it has something to do with the raid [16:29] dinsdale07: No [16:29] in top [16:29] type c [16:29] ok, iscsi seems to be nice :) [16:29] MianoSM, well ill jsut try it since preceeding doesnt seem to get explained anywhere [16:29] which will show the entire commandline [16:29] debian people allways presume everyone gets born knowing everything [16:29] bah [16:30] Not "everything", but most of it. ;) [16:30] Jeeves_, yes it works, thanks - now it shows httpds, that looks like the ssh deamon [16:30] dinsdale07: Ehm, httpd or sshd are not perl scripts :) [16:31] MianoSM, well gonna reboot, wish me luck [16:31] fauxhawk: please send me that picture again [16:31] Jeeves_, that's what concerns me... it shouldn't show as perl in the first place. [16:31] fauxhawk: you're that girl from the other night right? [16:31] MianoSM : wat [16:32] * fauxhawk not a chick [16:32] fauxhawk: oh, do you have a gf that could have been talking to me or a wife maybe? [16:33] MianoSM : sure let me get on that for you [16:33] MianoSM, tyring to make it into bash.org? [16:33] dinsdale07: what is bash.org? [16:33] something for scripting? [16:34] not really, check it out :-) [16:34] dinsdale07: is it work safe? [16:35] MianoSM: no, it will steal your soul [16:35] kewl ! Il like iscsi [16:35] MianoSM, unless you look up quotes of bloodninja [16:35] ha, I know bloodninja [16:36] nice site, I get it now ;) [16:36] I could have sworn I was helping fauxy the other night though. :( [16:37] :-) [16:38] MianoSM: you helped me install ubuntu [16:38] it was a swell time [16:38] nice [16:41] in top - how can "perl" and "httpds" be related. they show under the same PID if I toggle "c" in top [16:42] can we see the full line from top please? [16:43] root 5292 0.0 0.6 10040 6268 ? Ss Jan10 0:10 /usr/bin/perl /usr/local/webmin/miniserv.pl /etc/webmin/miniserv.conf [16:44] That's webmin being run by perl. If you have a web server that is being run by perl, you could see both in the command under top. [16:44] Using htop and sorting by tree might help you visualize it as well (sudo apt-get install htop). [16:45] these are the two lines when I toggle. http://pastebin.com/d4132ddf2 [16:45] htop should really replace top [16:45] I haven't installed webmin - but ispconfig. [16:46] I think ispconfig mainly consists of perl scripts, that could explain it. [16:47] ah - nice: htop. how colorful :-) [16:49] dinsdale07: htop with treeview is much better at showing how processes are related [16:51] yes, it's very nice - how do I get the F5, F10 etc commands to work though. They are bind to my local machine [16:51] s/bind/bound [16:51] T also acts as F5 [16:52] and Q = F10 [16:52] * MianoSM afk2 eat bbl. [16:53] I see, it's smallcaps t and q for my console btw. Very tidy. [16:54] hey all, back with another master-slave replication question. [16:55] do you have to wipe out the current bin log on the master and reset it before starting replication? [16:57] reset master; [16:57] mathiaz: ping [16:57] nephish: you don't have to do that [16:57] * ScottK waves at mathiaz too. [16:57] nephish: when setting replication, you have to dump master and import on slave [16:57] nephish: then set slave to start replication from current master record [16:58] right, i used mysqlhotcopy to get a shot of the server database while under a flush with readlock [16:58] then restarted the master. [16:58] sorry, i don't know what myslhotcopy is [16:58] i do everything with mysql client [16:58] am i supposed to wait untill the slave has everything squared away before releasing the lock on the master? [16:59] mathiaz: Instead of not building mysql-server, mysql-client, mysql-common for 5.1 at all, we need something like mysql-server5.1, mysql-client5.1, mysql-common5.1. [16:59] vorian: That's right, isn't it? [16:59] nephish: import DB, set the replication from master [16:59] ... or zul? [16:59] ScottK: right [16:59] nephish: you can then release master [16:59] nephish: and start slave replication [16:59] we also need all the libs [17:00] ScottK: there is mysql-server-5.1, mysql-client-5.1 [17:00] nephish: you just have to have replication logs [17:00] vorian: ^^ [17:00] ScottK: for now they still depend on mysql-common from 5.0 though [17:00] vorian: So what else do we need? [17:00] hmmm [17:00] mathiaz: vorian has been doing the amarok packaging ... [17:00] i have the log bin and position written down, but when i load the db into slave i am supposed to wait till the slave is replicating to release the master? [17:00] ScottK: vorian: mysql-server and mysql-client a just empty packages that depends on the latest version from mysql [17:01] so, amarok depends on mysql? [17:01] ivoks: it does now [17:01] ivoks: Yes. Even better it uses embedded so it needs 5.1. [17:01] i tought amarok is meedia player [17:01] It is. [17:01] ivoks: yes, but it stores collections :) [17:01] not a wanna-be everything app :) [17:02] haha [17:02] ivoks, i thought amarock used sqlite [17:02] nephish: That's Amarok 1. We're talking Amarok 2. [17:02] ah, ok [17:03] imagine evolution, installing postfix and dovecot :) [17:03] Ivoks, i just can't get it to work, does the relay log have something to do with the replication? [17:03] This should be so simple. [17:03] nephish: there was a nice howto, wait a minute [17:04] http://www.howtoforge.com/mysql_database_replication [17:04] both computers are running ubuntu 8.10, and useing latest mysql-server from the ubuntu repositories [17:04] ivoks: yup, but amarok 2.0 use mysql embedded from 5.1 as databse [17:04] it used it in the 1.x serie (KDE3) [17:05] smarter: i have 'server' perspective [17:05] Ivoks, yes, that is the exact how to that got me here, i just can't tell if i am missing a step [17:05] smarter: why was sqlite dumped and mysql used instead? [17:05] 5.1 is not ready for production [17:06] mathiaz: let me find you the blog post about that... [17:06] Well it's 'released' and we pretty well have to jump to Amarok 2 for Kubuntu. [17:06] this is a loose-loose situation :/ [17:06] mathiaz: http://amarok.kde.org/blog/archives/812-MySQL-in-Amarok-2-The-Reality.html [17:06] lose-lose even [17:06] lose-lose :D [17:06] right [17:07] if i hear another one about 'ubuntu not supporting KDE'... :) [17:07] ivoks: This one we are actually working together on reasonably well. It's a hard one. [17:08] ScottK: mysql 'stable' releases are versioned 5.x.4x :) [17:08] * ScottK notes that Kubuntu still has no bluetooth in Intrepid or Jaunty thanks to Ubuntu. [17:08] ScottK: this is #ubuntu-server :p [17:08] Sure thing. [17:09] we don't have bluetooth :D [17:09] ivoks: I think that for the type of usage and workload amarok is going to put on mysql, 5.1 could be consider stable [17:09] mathiaz: i agree, but i'm not sure that's the case for servers [17:09] well, as i said, this is a lose-lose [17:10] hopefully, 5.1 will became stable before 10.02 [17:10] 10.04 [17:10] ivoks: oh yes. That's why from a server perspective, we just wanna provide mysql-5.1 in universe [17:10] mathiaz: oh, we'll have both? [17:10] ivoks: from the server POV, mysql 5.0 should be in main and 5.1 in universe [17:10] ivoks: we *already* have both. [17:10] i agree [17:11] mathiaz: eh, sorry, i'm still out of sync with jaunty :/ [17:11] ivoks: the target would to get 5.1 in main for the next LTS. [17:11] right [17:11] Unfortunately, Amarok is normally in Main. We've had to demote it because of 5.1. [17:11] Not having it on the CD will be a not good thing. [17:11] So no easy answer. [17:12] ah well... [17:13] nephish: do you have anything in DB already? [17:13] nephish: best thing would be to start with empty db [17:13] slave is empty, or can be [17:14] main server is running for last three years [17:14] and master is full? [17:14] ok, so, in production? [17:14] our old backup cratered, yes master is full 8 GB [17:14] ok, open two terminals [17:14] ok [17:15] connect to master and slave [17:16] nephish: connect to mysqls [17:16] ok [17:16] nephish: and run 'show slave status\G' on slave [17:16] there should be: [17:16] Slave_IO_Running: Yes [17:16] Slave_SQL_Running: Yes [17:17] have io = yes, running = no [17:17] ok [17:17] now lock tables on master [17:17] and run 'show master status;' [17:17] * smarter wonders how the other distros will manage this amarok dependency... [17:18] flush tables with read lock? [17:18] yes [17:18] lock it, you have to put some downtime :( [17:18] 10-4 [17:19] did you lock it? [17:19] on master, dump the database to a file [17:19] yes, and show master status [17:19] ok [17:20] run 'snow master status;' again [17:20] position shouldn't be different then before [17:21] you've created replication user with read privileges on master? [17:21] dumping [17:23] yes, replication user is good [17:23] did you dump it? [17:23] (the database) [17:24] making copy with mysqlhotcopy. takes a bit because it is a large db [17:24] mysqldump would take hours [17:25] hours? [17:25] 8GB right? [17:25] yes [17:25] anyway... once you dump it [17:25] write down position from master [17:25] wait, maybe the import into the slave would take that long, dump itself may not [17:26] and it will be different? [17:26] it should be the same [17:26] since you've locked tables [17:26] ok [17:26] but, write it down after you dump it [17:26] ok [17:26] then unlock master and leave it to work as before [17:27] import that database on slave [17:27] ok [17:27] and set up replication on slave: [17:27] slave shoud be running ? drop the db on slave, right? do i need to stop slave? [17:27] before i import the database? [17:28] change master to master_host="[ip of master]", master_user="[replication user]", master_password="[replication password]", master_log_file="[master log file]", master_log_post="[position you wrote]" [17:28] yes, slave should be running [17:29] dump the db on the slave right? [17:29] right [17:29] gotcha [17:29] mysql log file has all the logs of everything done on mysql [17:29] so, you create a duplicate from one position [17:29] import that copy on slave [17:29] and replicate all the changes from that position [17:30] after 'change master' [17:30] start slave; [17:30] so slave should not be running now? [17:30] yes it should [17:30] it should be empty [17:30] then import that dump [17:31] run that change master... [17:31] and start slave; [17:31] start slave; is a command in mysql that starts replication [17:31] not the mysql it self [17:31] ok, dump is finished, will copy to backup machine [17:32] log position was the same after dump [17:32] :) [17:32] write it down and unlock tables [17:32] you don't need master anymore [17:32] great [17:33] i guess you set up everything in /etc/mysql/conf.d/blabla.cnf? [17:33] like server-id [17:33] master-host and all those variables [17:33] yes, got that stuff [17:33] ok [17:33] anything i need to do with the relay log? [17:33] on the slave? [17:33] nothing now [17:34] ok [17:36] hotcopy basically copies all the files in /var/lib/mysql/db_name over to a new directory that can be placed in another database [17:36] errr [17:36] that's not what we want [17:36] ok. [17:36] we want dump of single database [17:36] not everything [17:37] oh, db_name [17:37] sorry :) [17:37] so it should be cool? [17:37] yes [17:38] there are three files per table, all MyISAM [17:38] ok, move that to slave [17:39] in transit now [17:39] hey thanks for taking your time on this [17:39] right, i'll provide you a bank account at the end :) [17:40] he he [17:46] so, what's the status? [17:47] nephish: you have replication log name from 'show master status;' on master? [17:47] mathiaz: would you be so kind as to take a peek at http://dpaste.com/109036/ ? [17:50] in the my.cnf on slave, there is the statement log-bin=mysql-bin and on the master when show master status, the log name is mysql-bin.000004 [17:51] ok [17:51] so, replication log is mysql-bin.000004 [17:51] in the my.cnf/ [17:51] ? [17:51] and replication position is... the on you know [17:51] in my.cnf you define the name [17:51] but logs rotate [17:51] that's why you have 000004 [17:52] so what i have is cool [17:52] ? [17:52] yes, everything is ok [17:52] did you transfer the detabase? [17:53] on the slave, since i did a drop database, should i create database? or should i just copy the database files to the /var/lib/mysql ? [17:53] they are in a folder with the same name as the database. [17:53] create database first [17:53] then copy the files [17:56] copying [18:03] still copying? [18:04] just done [18:06] ok, now connect to mysql on slave [18:06] as root, of course [18:06] change master to master_host="[ip of master]", master_user="[replication user]", master_password="[replication password]", master_log_file="[master log file]", master_log_post="[position you wrote]" [18:07] ok [18:07] nijaba: ping [18:09] kirkland: pong [18:09] nijaba: http://blog.dustinkirkland.com/2009/01/ubuntu-jaunty-testing-screen-profiles.html [18:09] nijaba: screenshots of your tool [18:09] (well, that sounds bad...) [18:10] \o/ [18:10] nijaba: screenshots of screen-profiles-helper [18:10] not as long as you don't say my BIG tool ;) [18:10] nijaba: :-D [18:10] nijaba: it's a python tool [18:10] ivoks, is it master_log_pos ? not master_log_post [18:10] :D [18:10] ? [18:10] nijaba: :-P [18:10] nijaba: okay, so, do you have time to put together the MIR? [18:11] pos [18:11] nijaba: i think i'd like to try to get it into the server cd seed by the next alpha [18:11] nephish: my bad [18:11] its cool [18:11] ok [18:11] done [18:11] nijaba: i was thinking we could make 'screen' depend on screen-profiles [18:11] no errors? [18:12] query ok, 0 rows affected (0,40 sec) [18:12] kirkland: as you know, we are in meetings all day, I'll try to skeeze it in some time in the evenings [18:12] nephish: ok, now run 'show slave status\G' [18:12] nephish: and check Exec_Master_Log_Pos [18:12] * nijaba goes have some food [18:12] nijaba: and nudge the screen-owned /etc/screenrc to /etc/screenrc.orig, and dh_installlink the /usr/share/screen-profiles/profiles/ubuntu -> /etc/screenrc [18:12] er... 'Relay_Log_Pos' [18:12] nijaba: that's just a thought at this point, but it shouldn't be too hard [18:13] nijaba: possibly controversial [18:13] nephish: it should be the same as the position from master [18:13] ok Exec_Master_Log_Pos is same as the position [18:13] kirkland: hmmm that's an interesting thought [18:13] so far so good [18:13] nephish: 'start slave;' [18:13] hi [18:14] nijaba: just a thought at this point [18:14] is anyone here familiar with init script? [18:14] this init script that came with the bopm package does *not* work at all [18:14] ok [18:14] nijaba: it would avoid forcing every user to run select-screen-profile on every machine [18:14] New bug: #317187 in samba (main) "Samba server does not work in Ubuntu 8.10" [Undecided,New] https://launchpad.net/bugs/317187 [18:14] nephish: now 'show slave status\G' [18:14] nephish: and check the output [18:14] nephish: like Slave_IO_State [18:15] nephish: and Slave_IO_Running & Slave_SQL_Running [18:15] looks good, Slave_IO_Running = yes [18:15] nijaba: anyway, we need to get it into main first [18:15] and Slave_SQL_Running Yes [18:15] no errors [18:15] how about Slave_IO_State? [18:15] the first one [18:16] should be 'Waiting for master to send event' [18:16] waiting for master to send event [18:16] great [18:16] now, last check [18:16] in another terminal, connect to master mysql [18:16] vorian: looks good to me. [18:16] and, at the same time run 'show slave status\G' on slave and 'show master status;' on master [18:16] vorian: I'll get more work done on the 5.1 package as it doesn't work for now. [18:17] ok [18:17] mathiaz: ok, i'll upload it once i'm done building it [18:17] nephish: Relay_Log_Pos on slave and Position on master should be the same [18:17] vorian: sorry for breaking libmysqlclient-dev - but I had to fix the libmysqlclient15-dev first as it broke things in main (ooo) [18:17] sure, it's no big deal :) [18:18] on show master status? [18:18] nephish: Position on master (from show master status;) and Relay_Log_Pos on slave (from show slave status\G) [18:19] yes they are the same [18:19] nephish: congrats, evertyhing is ok [18:19] cool, thanks ! [18:19] np [18:19] i am dumping the transcript of this [18:20] to have for next time [18:20] * jmedina wants that script [18:20] * ivoks wants money :) [18:20] * jmedina wants beer and money [18:20] and the script [18:21] ok, take care people [18:21] i'm done for today [18:21] thans again ivoks, [18:21] no problem [18:21] hello, this init script that came with the bopm package does *not* work at all... can anyone take a look at it? [18:32] vorian: ok wfm. your diff would just fix libmysqlclient16-dev so that you can build against it. [18:33] vorian: it doesn't fix mysql-server-5.1 not starting correctly. [18:33] hmmm [18:34] vorian: fixing the server would require more work. [18:34] vorian: I'm looking into that. [18:34] mathiaz: ok [18:34] vorian: but at least you should be able to work on amarok2 and make it work [18:35] vorian: IIUC amarok uses the embeded server which shouldn't require a working server process (which doesn't work right now in 5.1) [18:35] mathiaz: ok, so you are ok with me making this upload then? [18:35] vorian: ^^ this is just an assumption though. I'm not really familiar with the embeded version. [18:35] vorian: yes - if that can help you move forward on amarok. [18:36] vorian: make sure that libmysqlclient16-dev has all the files - that's what your diff fixes. [18:36] mathiaz: great, that will help out tremedously [18:37] mathiaz: i'm testing that now, i have a nice hook that will show me any missing files [18:38] nice isntalling the xen kernel means getting a bridge with the name of my networkcard..... [18:39] my networking was screwed up, even my router started tripping [18:39] so how do i undo trhis? not i presume [18:39] ? [18:45] ScottK: yeah, good point. I think that wasn't it, though, since msmtp choked too. seems like the cafile list was the culprit. === lamont` is now known as lamont [19:17] nijaba: https://wiki.ubuntu.com/MainInclusionReportScreenProfiles [19:19] I have two ubuntu servers and can connect to a samba share on one server but not the other. both servers are running intrepid, configured identically except for one of them also having apache installed. trying to connect from windows XP and vista. any clue as to what the problem could be? [19:23] firecrotch: what do logs say [19:24] Faust-C: Nothing at all [19:24] firecrotch: firewall? [19:25] firecrotch: logs on the server have to say something [19:25] either turn off fw [19:30] New bug: #317216 in mysql-dfsg-5.1 (universe) ""/etc/init.d/mysql start" fails, so package can't be configured" [Undecided,New] https://launchpad.net/bugs/317216 [19:31] Faust-C: there's nothing in /var/log/samba/log.(hostname of machine connecting from), and it can't be a firewall issue if the other server works just fine [19:31] firecrotch: did you check the other logs [19:31] messages, warn, etc [19:31] brb [19:34] Faust-C: nothing in the other logs either related to this [19:36] Faust-C: trye with smbclient locally [19:36] smbclient //localhost/share -U username [19:36] or anonymous smbclient -N //localhost/share [19:43] which is better cat5e or cat6 if you going to wire up 3 servers? [19:44] hi [19:44] I would like to know how to set up a VPN with ubuntu server ? === mcasadevall is now known as NCommander [19:50] nadley_: the easyiest way is to openvpn [19:51] Or use a DD-WRT router. [19:51] I think there is vpn howto in the community docs, but is for a bridged setup, for routed setup you better follow the official openvpn howto [19:51] Tim__Reichhart: it doesn't matter Cat5e would be fine. [19:52] jmedina: oki thx but how I use it [19:52] nadley_: just install openvpn create a config file in /etc/openvpn/server.conf according to the openvpn howto [19:52] well there are clients for linux, mac, windows (including vista) [19:52] jmedina: what is the difference between a bridged and a routed ? [19:53] nadley_: I can't explaint it right now, it is documented in the howto [20:06] Hey, I'm having problems with amavis+spamassassin. It doesn't deliver spam messages to .Junk and it doesn't mark them as spam (rewrite subject( [20:06] * ) [20:06] http://ubuntuforums.org/showthread.php?t=1038936 [20:26] kirkland: https://wiki.ubuntu.com/screen-profiles-mir. I think we (I) forgot to use gettext for screen-profiles-helper. Do you think we should wait til it is done before submitting the MIR bug? [20:35] I have a server (Drapper with 2.6.15-51 kernel) that when I boot it up it acts like it's going to load and then I see, "Okay boot the kernel" as the last line. The screen flickers a little before this and a little after this. If I boot up into recovery mode I can boot right up. Any ideas on what this could be or any logs I should check? I've checked /var/log/messages and /var/log/demsg and didn't see anything that screamed there was an issue. An [20:42] stormblue: It could be screen mode lines in grub. Espically if your getting screen flicker. [20:44] agentk: Can you explain further? Doesn't the line, "Okay boot the kernel" mean I'm outside of GRUB? [20:44] stormblue: When you have to option of booting the recovery kernel, go to the main kernel and press E to edit it then go to the kernel line and press E to edit that too. And remove a different option on that line and test it until you find the option that is causing it. [20:45] stormblue: Yes, but if the recovery option is booting ok, then the problem is the difference in kernel options between recovery and normal. [20:45] Oh, okay. [20:45] That makes sense. [20:46] stormblue: The only difference between my normal and recovery kernel is a word at then end of the kernel line: splash [20:46] Okay. I'll check it out. [20:47] Are you on ubuntu? [20:47] stormblue: Yes. 8.04 and 8.10 servers and 8.10 desktops [20:49] How do I save from the edit screen CTRL + O ? [20:59] stormblue: To save the changes you will need to edit the grub file once booted. /boot/grub/menu.lst [21:00] Okay. I took splash and quiet out and it was fixed. [21:02] Thanks! [22:36] does the name "httpds" tells someone something. I see this process stuck on my webserver since hours and I'm quite suspicious. [22:36] why don't you strace it [22:37] or figure out the full path to the binary and use dpkg -S /path/to/httpds to show the package it belongs to [22:38] I don't even find a binary by that name on my server. under top it shows up as perl unless with the "c" option [22:39] got the process id? [22:39] nijaba: do you mind if i rename screen-profiles-helper to screen-profiles-configurator (and make all the necessary updates)? [22:40] mdf1, yes, [22:40] kann I link the process ID to the exact binary executed somehow? [22:40] s/kann/can [22:41] believe you can. under /proc [22:42] file /proc//exe [22:43] example... [22:43] root@mdf-vostro-1500:~# file /proc/32702/exe [22:43] /proc/32702/exe: symbolic link to `/usr/sbin/rsyslogd' [22:45] I didn't know that - that's excellent. [22:45] it says symbolic link to /usr/bin/perl [22:45] dinsdale07, you can also see the process listing from 'ps -aux' which might provide more information than top [22:46] Oh my dear - that doesn't sound too good... It's all owned by www-data so it seems to be a perl script started by the apache. [22:46] or created by, which also isn't good [22:46] so: sudo /etc/init.d/apache restart [22:46] Done. [22:47] mdf1, I think the process is masking itself by the name of "httpds", there is no path to the exact perlscript. [22:47] MianoSM, if someone can start a perlscript via the web on my server I need to investigate this and get to the bottom [22:48] dinsdale07: Sweet! let us know what you dig up. [22:58] dinsdale07, you can strace the process or just kill it. Also netstat -nap | grep PID to see if there are any network sockets open to/from it [22:58] I had a look which files the process has opened - this is the result: http://paste.org/4844 [23:02] scary [23:02] mdf - your command returns: tcp 0 0 $myip:53978 87.118.108.117:7000 VERBUNDEN 15924/[httpds] [23:02] this is definately nothing that should be running here ... [23:03] lotta error logs open, and a connection to ns.km23337.keymachine.de:afs3-fileserver looks suspicious [23:03] but thanks so much for your commands - that's going at least in the right direction [23:03] This machine is still online/connected to the Internet? [23:04] chkrootkit etc. [23:04] yes - I can't take it offline though ... [23:04] You may need to :| [23:04] I wouldn't, not yet [23:05] and rkhunter [23:05] dinsdale07: dinsdale07 have you looked at /tmp, usually when someone install a script via http it stores it in /tmp [23:05] I'd use tcpdump to capture the network traffic to the other system [23:05] sometimes in a hiden directory like /tmp/\ .\ . \ /tmp or like that [23:05] It must have been going on for some time now so I hope I can at least leave it online to investigate. [23:06] That's slightly inconsiderate. [23:08] MianoSM, if I shut it down I don't know what it is doing [23:08] That's what logs are for. [23:09] I'm just saying, if you do find that it is a rootkit. Hopefully it's just some bad code. [23:09] ebox is pretty rocking when it works. [23:10] wasabi: do you like it better then webmin? [23:10] Yes. [23:10] unless webmin has changed substantially since last I looked at it [23:10] Nope, still ugly as heck. [23:11] I just find webmin extremely easy to use, being one package that works with less then five commands. [23:11] And geared towards hard core admins. [23:11] !webmin | MianoSM [23:11] MianoSM: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead. [23:11] !ebox [23:11] mind you, ebox is broken in intrepid [23:11] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox [23:11] Should add it's broken in intrepid. :0 [23:11] In two ways. [23:11] 2311.21 < Deeps> mind you, ebox is broken in intrepid [23:11] I've worked with ebox, and do not care for it after working with webmin. [23:11] got cha [23:11] ebox isn't really meant for total box admin, as far as I can tell. [23:12] also noted on the wiki too [23:12] it's meant for a targetted set of devices. [23:12] it's still fairly new too [23:12] But, with it being on Ubuntu now... I really like it. [23:12] webmin's been around a lot longer [23:13] eitherway, it's a bad idea to be dependant on a web/graphical ui to manage your server, you should be able to use the command line comfortably [23:13] I disagre. [23:13] But thanks. :) [23:13] Deeps: I completely agree. [23:15] wasabi: you think command line knowledge is superfluous, and it's acceptable to be a server admin that's dependant on web/graphical front ends? [23:15] Everyone has to start somewhere though. [23:15] New bug: #316849 in mysql-dfsg-5.1 (universe) "mysql-server-5.1 doesn't start - skip-bdb option unsupported" [High,Confirmed] https://launchpad.net/bugs/316849 [23:15] indeed, it's an easy way to start, but bad to be dependant on [23:15] In that regard webmin/ebox can help ease the transition over time, and still allow administration. [23:16] Just like many will argue that admins shouldn't use ufw, and instead learn IPTables. [23:16] well, if you're transitioning home stuff, sure. if it's anything business critical, YDIW, and will probably suffer more in the long run [23:17] oh i think ufw is great, i'm starting to use it now too [23:17] * jdstrand wonders why an admin shouldn't use ufw [23:17] it's a wonderful front end, just like webmin/ebox/whatever [23:17] I mean, it has sane defaults and one could argue it will help prevent mistakes [23:18] but, different strokes... [23:18] but i'd still reckon it'd be bad to be entirely dependant on, without knowledge of how iptables works [23:18] At present the latest LTS does not support ufw with port ranges... [23:18] well, you need to know iptables to do the fancy stuff anyway [23:19] indeed. [23:19] indeed [23:19] MianoSM: there will be a backport [23:19] OOMH! [23:19] Deeps: No? Why assume the polar? [23:19] Deeps: I madea statement that I disagreed with what you said, not that I agreed with the polar opposite. [23:19] test [23:19] wasabi: i wasnt making any assumptions, i was asking a question, hoping you'd expand on your statement :) [23:20] maybe i should have prefixed it with 'do' [23:20] I think deep knowledge of a command line should not be required to do a whole lot of tasks on a server. [23:20] but, if I may say, ufw works exceddingly well for a desktop user [23:20] I think being able to point and click to configure a firewall and NAT, and some users, is great. [23:20] exceedingly even [23:20] And I don't think it's shameful. [23:20] aye, ufw's great for a desktop OS [23:20] :) [23:21] And more pragmatically, whether it is or is not desired is besides the point. [23:21] People want it. [23:21] And if they don't get it with us, they'll find it elsewhere. [23:21] I'd prefer they find it with us. [23:21] wasabi: i totally agree with you, deep knowledge of a command line should not be required to do a whole lot of tasks on a server, point and click for firewall/services configuration is great [23:21] I suppose therein lies the opportunity for a "home server"? [23:22] The lower the barrier of entry, the wider the swath of audience you can speak to, and the more jobs you can solve for people. [23:22] The thing is to do so while not pissing off another segment. [23:22] however if you're entirely dependant on these friendly front ends, it's easy to hide bad things going on in the background [23:22] Or at least MY segment. :0 [23:22] Deeps: Great. And? [23:23] Deeps: The vast majority of offices in the world run Microsoft servers internally now for their infrastructure. And they have issues. The cost of those issues is however not greater than the cost of people capable of knowing the nitty gritty of all the systems. [23:23] If they were, they'd not be running them. [23:24] And that's just reality as I see it. :0 [23:24] I'd much rather get those same people using Ubuntu. [23:24] ebox is an awesome step towards that. [23:25] Well, there is a large push for a more friendly GUI/Frontend to the server - but every problem has a tool that will resolve it best. Linux/Ubuntu is a free O/S and as such the cost is in knowledge, not in licensing. [23:25] i've never said it isn't [23:26] Funny enough even MS is starting to make servers without a GUI (available in 2k8 for many roles). [23:28] wasabi: a good & "easy" web or GUI admin is certainly something we need to get into small & medium business [23:33] I think Windows SBS is a pretty good "plug in and go" method of a small business server.. in that, on first boot, you get the nice welcome screen where pretty much the main core functionality is all configured using wizards etc. [23:33] It means people with little knowledge of what anything the server does, can get it up and running to best practices pretty well. [23:34] hmm i wonder if i can use gfs+iscsi to have more than one client connect [23:34] why not? [23:35] it is a common use, like gfs+FC [23:36] jmedina: w/ windows being the client ? [23:36] ive been messing w/ esx so much i didnt realize that there arent many "network" file systems [23:37] * Faust-C has 3 windows servers that need to centrally store files on 1 linux server [23:40] MianoSM: knowledge is always more expensive. [23:42] Faust-C: dont know, I dont use windows [23:43] wasabi: I think that's a big barrier. I spoke to some company the other day who was migrating away from an opensource solution to a Microsoft solution (including Microsoft Exchange for e-mail) because support was much cheaper and more accessible. [23:43] jmedina: i usually dont either [23:43] I did that. [23:43] but since no one else can solve this issue its left up to me [23:43] I run Exchange, AD, and all the Apache stuff is IIS now. [23:43] Faust-C: but iscsi is for block level, I dont kwon if there is gfs support for windows [23:44] jmedina: yeah ive been trying hard to figure this out [23:44] wasabi: Exchange is a big big big selling point for Microsoft - there's nothing, IMO, in terms of what it does available elsewhere. [23:44] Nope. Nothing. [23:44] But AD is the same. [23:44] wasabi: I'm hoping hula project turns into a project which can really start to be a viable alternative. [23:44] MS SQL I think is similar. [23:44] Hula is dead. [23:44] for years [23:44] Novell pulled away from that in 2006 [23:45] It's still being developed, albeit not as quick as I'd hoped. I think they're going for version 1 soon. [23:45] Sorry, not hula [23:45] Bongo. [23:45] If so, it's all volunteer. [23:45] :) [23:45] I've never seen anybody who understood why Exchange rocked. [23:45] bongo-project [23:45] And provided what was good. [23:45] wasabi: You've seen me? :P [23:45] wasabi: it rocks in the specs :D [23:46] It rocks because of the UI. That's about it. [23:46] And the integration into AD. [23:46] And the client. [23:46] *technically* it's not the best implemented. [23:46] But each of those things can be developed independently. [23:46] It could be better.. certainly room for improvement. [23:46] Instead of pretending 'groupware' is important. [23:46] eDir is superior than AD imo [23:46] eDir is idiotic. [23:46] AD is only good at managing windows desktops [23:46] AD is good at setting up authentication. [23:46] However, its the integration with clients, AD, the featureset (altho that is limited in parts too, to point which can cause big problems), etc. [23:47] eDir is good if you want a blank slate LDAP server. [23:47] aside from that AD has no other functionality [23:47] But who WANTS that? [23:47] wasabi: AD is good at setting up windows auth and desktop settings [23:47] AD solves a problem. It gets you an authentication infrastructure immediately. [23:47] aside from that i see no use in it [23:47] Faust-C: Works fine with my Linux desktops and servers. [23:47] edir solves a different problem: it gets you a blank LDAP server. [23:47] AD also stores lots of configuration... for exchange for example. [23:47] It does quite a bit. [23:47] wasabi: im speaking for locking down windows desktop settings [23:48] That's not WHY you buy AD. [23:48] that's a benefit. [23:48] The core is for centralized/distributed authentication and information. [23:48] agree. [23:48] and exchange i was interested in until i saw the price tag [23:48] Exchange is like 1k. [23:48] Which is nothing. [23:49] what about cals [23:49] 25 per user. [23:49] The fact you can install, for example, a mail server (Exchange) and all configuration and infrastructure information is instantly available via the domain, is a pretty big admin benefit. [23:49] Outlook license included with CALs [23:49] wasabi: if you have all that setup already [23:49] dazman: and the domain can have THOUSANDS of DCs, all replicating. [23:49] With automatic site management, least cost pathing. [23:49] unfortunatly i have to fix all the crap here [23:49] brb [23:50] * jmedina thinks wasabi sells exchange and AD [23:50] And it does this automatically. YOu do nothing more than answer 3 questions and enter a username/password. [23:50] :D [23:50] wasabi: Indeed. [23:50] We have most of the technical pieces required for that. [23:50] We have LDAP servers, we have Kerberos KDCs. [23:50] We just don't have a coherent vision to tie them together with a good UI. [23:50] wasabi: etc. etc. exactly ツ [23:51] zivios looks promising [23:51] wasabi: things like, Exchange. You have 10 mailbox servers - mailflow all in AD, knows where to send mail to whichever user.. irrelevent of the mailbox server in use.. move mailbox, all mail is routed to a different server. Things like that, for redundancy, management, usability is a big big big plus.. and it's where opensource solutions need to start looking. [23:51] And the same is true on the Exchange side. We have good IMAP servers. We have good calendar servers. CalDAV stuff. [23:51] But we don't have any coherent vision to tie them together. [23:51] Red Hat & Novell & Apple have some solutions around that though [23:51] *if* we could bring it all together.... well... that's the key thing.. but, possible. [23:53] the unix/linux spirit requires us to come up with a solution that's both easy for mediocre admins and at the same time flexible enough for great admins though :) [23:54] JanC: This is where Microsoft have got it sorted though - one side they have SBS, which is all wizard based, very easy to setup for anyone.. but then they have full products, such as 2008, where you can install server core and that's it.. allowing the admin just a powershell to configure it all. [23:55] JanC: completely different markets, totally different people.. but the same products presented a different way. [23:56] dazman: right, and we *have* the tools to build something similar or even better [23:56] JanC: we do.. yep. It's just, doing it.. and bringing those tools together. [23:56] JanC: and up to now (well, certainly in the 10-12 years I've been around), it's not happened.. lots of tried, projects come, projects disappeared :( [23:57] dazman: AFAIK companies like RedHat, Novell, IBM & Apple have at least some solutions that they use for their clients... [23:58] maybe not complete yet [23:58] They certainly aren't complete, but they do have some sort of solution. [23:58] IBM *has* solutions [23:58] Getting to the point Apple are at, in terms of this stuff, it wouldn't be *that* much work relatively. [23:59] but IBM is a very untransparant company