=== chuck_ is now known as zul
ziggles1Anyone know what this error means? libvir: QEMU error : internal error QEMU quit during monitor startup01:12
ziggles1cant find anything useful in my logs :/01:12
kansanhow do i set the sudo password?01:24
mathiazkansan: it's your normal user password.01:31
mathiazkansan: there isn't such thing as a sudo password.01:31
kansanhow do i change a user's password?01:34
mathiazkansan: using the passwd command01:35
kansansay i want to change user 'admin'01:35
kansanif i'm logged in from 'root'01:36
mathiazkansan: passwd admin01:36
kansancan i make it so that the admin user doesnt need to type a password when doing sudo tasks01:37
kansanhow do i list all user accounts enabled?01:37
jmarsden|workkansan: users]01:38
kansanif i log in from a private key... what user will i be01:38
kansanwhen i log in?01:38
jmarsden|workType   who am i               to find out who you are.01:38
kansanoh it actually works01:39
jmarsden|workOf course!01:39
kansani thoguth you were jokin01:40
kansandidnt seem to be a unix command01:40
jmarsden|workI wouldn't do that to a newcomer to Linux/Unix.01:40
jmarsden|workYou can type    man who   to find out more about the who command01:41
PC_NerdHi,  I dont have an 8.04LTS iso, but I have 8.10 and 7.10.  Can I downgrade/upgrade to 8.04 from those easily.  does 7.10 upgrade defualt to the most recent (8.10) etc, and will 8.10 let me downgrade. ?01:43
storrgiehey quick question, i have a server setup on a T1 currently using A records for my domain to point to the servers address.... would it be better to figure out01:43
jmarsden|workkansan: To make the admin user be able to use sudo without every typing a pw you *can* edit /etc/sudoers to do that... but it's probably a bad idea.01:43
jmarsden|workstorrgie: You never really finished your question, I think, or it was truncated?  Last words you posted were "would it be better to figure out" -- were there more?01:47
storrgieDNS i meant01:47
jmarsden|workFigure out DNS how?  If you have A records you already have DNS, A records are one kind of DNS record...?01:48
storrgiewell ok I am very new to this idea01:49
storrgiefrom what I understand it might be better for me to do a reverse lookup from my server01:49
storrgiebecause right now if i tracerout my domain01:49
storrgieit gets stuck at the reverse dns that my ISP has in place01:49
storrgieit doesnt go all the way home to my webserver01:50
cjwatsonPC_Nerd: downgrading between releases isn't supported (you can downgrade individual packages if you know what you're doing, but I've been working with Debian-based systems for ten years and I wouldn't attempt a downgrade across releases ...)01:50
storrgiebut since the A-record is set to hit the IP the webserver is on... my website works01:50
cjwatsonPC_Nerd: you can upgrade from 7.10 to 8.04 easily01:50
cjwatsonPC_Nerd: the upgrader should default to 8.04, since it would have to go via that to upgrade to 8.10 anyway01:50
PC_Nerdok - and ( Im about to put the 7.10 iso on my usb for booting)   do I have to make any specific changes... ?01:50
PC_Nerdsorry:  any changes in order to stop it from upgrading to 8.1001:51
cjwatsonit'll tell you what it's about to upgrade to, anyway01:51
cjwatsonso you can check to make sure01:51
storrgiejmarsden|work: get what I am saying?01:52
jmarsden|workstorrgie: So your real question is "how can I make traceroute work all the way to my server?"01:52
PC_Nerdok fantastic. - thats cleared up that.. jsut in time for me to finally ( and right at the most inopportune time:P)  to find the 8.04 DVD for server edition      :P     thanks!01:52
storrgiejmarsden|work: yes that would be the question... because right now apache says that it doesnt know its full domain name and just says its listening on
jmarsden|workThat may actually be a totally different thing from traceroute...!01:53
storrgiejmarsden|work: want me to get the exact thing?01:53
jmarsden|workstorrgie: To get the apache warning to go away... you may need to edit /etc/hosts file... can you pastebin that file for me?01:55
storrgiejmarsden|work: yes I can, one moment. And thank you for the assistance01:55
storrgiejmarsden|work: one issue, just checked my logs and i am seeing CRITICAL: cannont initialize libpolkit01:58
kansanjmarsden, how would i i change it so that admin user can do anything without typing passwd?01:58
jmarsden|workstorrgie: That's probably a different issue (are you trying to use selinux?)01:59
storrgiejmarsden|work: nope, i am not01:59
jmarsden|workkansan: read the file, the info is in there, also man sudoers01:59
kansanadmin   ALL=(ALL) NOPASSWD: ALL01:59
jmarsden|workkansan: Looks right; did it work?02:00
storrgiejmarsden|work: check PM02:01
cjwatsonstorrgie: I'd like to see that /etc/hosts as well, since I'm currently working on the bug on that subject02:02
storrgiecjwatson: sure02:03
cjwatsonand more data wouldn't hurt02:03
jmarsden|workstorrgie: OK, let's get the Apache/ hosts file/DNS thing sorted first and then look at libpolkit.02:03
storrgiecjwatson: do you have a bug filed in launchpad?02:03
storrgiejmarsden|work: sure thing02:03
kansanits frankly ridiculous:  sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... doesnt require a passwd when i do it on the box; but when i use capistrano, it prompts me for a password02:03
cjwatsonstorrgie: bug 898002:03
uvirtbot`Launchpad bug 8980 in network-manager "hostname -f does not return a proper FQDN" [Medium,Confirmed] https://launchpad.net/bugs/898002:03
jmarsden|workstorrgie: I'd suggest you remove lines 3 and 4 from that file, and also it might be good to pick ONE domain name and only have one entry for in there?02:04
cjwatsonso far I've identified a definite bug in network-manager (but not active with current code) and a confusing UI in netcfg that still remain02:04
cjwatsonoh, that /etc/hosts was clearly written by hand?02:05
cjwatsonthe installer definitely never writes anything like that02:05
cjwatsonyes, you should only have any given name in one line of /etc/hosts. I agree with jmarsden|work02:05
jmarsden|workcjwatson: Agreed.  I am glad to see this getting fixed at that level though; I'd given up on the tools long ago and just always edit /etc/hosts!02:05
storrgiejmarsden|work: i have blacklisted ipv6 so should I also just comment all the ipv6 info out?02:06
cjwatsonjmarsden|work: if you know of anything more than the network-manager bug and the confusing UI in netcfg (i.e. it isn't clear that you can give it a FQDN when it asks for a hostname), I'd like to hear it02:06
cjwatsonstorrgie: shouldn't matter02:06
jmarsden|workstorrgie: Not necessary.  See http://pastebin.com/d40a64e4b for my suggested fix02:07
jmarsden|workcjwatson: I'm not sure exactly how it gets there, but I see the line in there when I have a static IP far too often.  I've not tried to dupliocate the bug, always jsut edited the file and moved on.02:07
cjwatsonjmarsden|work: is intentional and not a bug02:08
cjwatsonoh, but when you have a static IP?02:08
cjwatsonhmm, that is a bit odd02:08
jmarsden|workWell, it is when you use DHCP, but not for static IP machines... right?02:08
storrgiejmarsden|work: change anything in apache? or just do a reboot now?02:08
cjwatsonright, sorry, I have a knee-jerk reaction to people complaining about :-)02:08
cjwatsonstorrgie: shouldn't need to do anything more than restart apache, at most02:08
jmarsden|workstorrgie: Now just restart apache02:08
kansanwhat would: /etc/sudoers.full_access  do?02:09
storrgierestarted, no issues it seems.02:09
jmarsden|workstorrgie: Good, so that's that taken care of.02:09
cjwatsonjmarsden|work: if you *can* reproduce that, I'd like to get copies of: /etc/hosts /etc/resolv.conf /var/log/installer/syslog /var/log/installer/cdebconf/questions.dat02:09
jmarsden|workkansan: Nothing unless you move it to /etc/sudoers as far as I know!02:10
storrgiejmarsden|work: i believe so, thank you and cjwatson. now for my question about the tracert... and there is one more after that :D02:10
jmarsden|workcjwatson: Ok, I'll let you know if I can reproduce it.02:10
cjwatsonI don't see any way in the current code in which you could get for a static-IP setup, although I believe you when you say you've seen it02:10
jmarsden|workcjwatson: Is it possible for a machine that was initial DHCP and then changed to static to accidentally keep that entry, maybe??02:11
cjwatsonjmarsden|work: changed when?02:12
jmarsden|workstorrgie: OK, can you pastebin me traceroute output from somewhere else to your server that shows the problem?02:12
jmarsden|workcjwatson: By an admin configuring the machine a few hours later?02:12
cjwatsonjmarsden|work: depends how it was done, and would be entirely up to the admin, so certainly possible02:13
jmarsden|workOK, that might be it.02:13
cjwatsonif they just edited a bunch of files by hand, entirely plausible02:13
cjwatsonI thought you meant it was a machine you'd installed yourself02:13
PC_Nerddoes ubuntu server have a basic graphic output (terminal to a vga screen?)   Im wanting to install it instead of desktop to mirror my VDS setup, but I also want ot be able to sit in front of it and use the terminal instead of ssh through another computer (its a tower server) ?02:13
jmarsden|workBut using the tools it shouldn't happen?  OK.02:13
cjwatsonjmarsden|work: well, we don't provide any server-oriented tools to make that change, as far as I'm aware02:14
cjwatsonon the desktop, goodness knows what gnome-system-tools and/or network-manager do02:15
cjwatsonPC_Nerd: yes, text-only consoles by default02:15
jmarsden|workcjwatson: Yes... those may have been desktop installs now I think about it.02:15
PC_Nerdfantastic thanks (didnt want to install just to find i have to do the other :))     thanks!02:15
jmarsden|workstorrgie: Ok, so you would like the last entry to read aether.storrgie.net or something like that?02:18
storrgiejmarsden|work: yea that would be ideal... instead it just keeps going and going with * *02:18
jmarsden|workAh, you didn't show me any of those :)  That is because a router is blocking the traceroute packets, not much you can do to change that unless you are the admin of that router.  So is *not* your server's public IP address?02:20
storrgienope, thats the DNS02:20
storrgiei am admin of the router02:20
PC_Nerdok..... unetbootin to create a bootable USB drive with ubuntu 8.04 server.  It wont install because it cant find a CD drive, however the server has no CD drive.  How can I install ubuntu server from a USB?02:20
storrgie113 is the DNS02:20
jmarsden|workYou admin the computer/router/box that has IP address  Is it a Ubuntu box?02:21
storrgienope the machine that is 113 is the DNS controlled by my ISP... im sure I could request something... what should I be asking for?02:21
storrgiewait, let me explain02:22
storrgie113 is the DNS02:22
storrgiehowever, the IP i am using is 11402:22
jmarsden|workI'm confused... what traceroute command did you type to get the output you pastebinned?02:22
storrgietracerout storrgie.net02:22
jmarsden|workOK, let me try that from here...02:22
storrgiethe A-record is pointing towards
storrgiethe router that I control has that IP assigned to it02:22
storrgieand the webserver, this ubuntu box is behind that router02:23
jmarsden|workOK.  You would need to ask the admin of to configure it to that traceroute packets for .114 are allowed through it; then you would need to ask whoever manages DNS for 250.178.66.in-addr.arpa. to set the PTR record for .114 to say storrgie.net02:24
jmarsden|works/to that/so that/02:25
storrgiewhy? 250.178.66.in-addr.arpa.02:25
jmarsden|workThat is now reverse DNS works, basically.  dig -x looks up the PTR record for
storrgieso how do I make contact there? I can get ahold of my ISP... but the in-addr.arpa i am confused about02:28
jmarsden|workIt is probably your ISP who controls that part of the address space.02:28
storrgieok my last question for the night is this, when I ssh into this machine there is a 30-40 second wait until I get the prompt02:30
storrgieif i ping the address, its like 30-40ms, so its not high latency02:30
jmarsden|workIt is doing some sort of lookup that is failing and timing out.  Possibly a DNS lookup of some sort.02:31
jmarsden|workWhat is in /etc/resolv.conf and does whatever is there do the right thing for the hostname of your server?02:31
jmarsden|workOK, I would change domain and search to have sane values, perhaps both storrgie.net in your case.02:33
jmarsden|workThen I would check that the DNS servers at and are both reachable and can resolve storrgie.net02:33
storrgieso like02:34
jmarsden|workNo, just domain storrgie.net   and search storrgie.net02:35
storrgieok, doing a reboot after all the settings02:35
jmarsden|workNo need.02:35
jmarsden|workReboots are for Windows :)02:35
storrgiejmarsden|work: :D i know, its just such old habit02:36
storrgiejmarsden|work: ever use webmin?02:36
jmarsden|workYes... amd I now going to another whole set of questions? :)02:36
kansanwhy in the world does: sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... via capistrano prompt me for a password when its simply not needed?  /etc/sudoers file:  admin   ALL=(ALL) NOPASSWD: ALL02:37
storrgiejust one02:37
jmarsden|workBut webmin on Ubuntu is officially not recommended any more.02:37
storrgiejmarsden|work: would u suggest anything else?02:37
jmarsden|workThe official Ubuntu equivalent is ebox but I have not used that.  I use webmin/virtualmin on some non-Ubuntu servers.02:38
storrgiequestion: i noticed when i was doing a netstat -tlup that the port my webmin was running on was taking a long time to check. So i went into the webmin interface and told it not to listen to UDB 10000 anymore.... and now as you can guess I have no webmin02:38
jmarsden|workYes, port 10000 is where it runs the admin UI by default.02:39
storrgieyeppers, i just didnt want it to be on UDP anymore so i set it to listen on tcp
storrgiehowever, that would be the box its running on... so i was wondering if there is a config file some place i can fix02:40
jmarsden|workUDP?  It shouldn't be listening on a UDP port, as far as I know...02:40
storrgiei could rip it out and try ebox02:40
jmarsden|workThere is, let me check on a RHEL server I have that runs webmin...02:40
storrgiei have ben cat'ing files for about 10 minutes with no luck02:41
jmarsden|workTry /etc/webmin/miniserv.conf02:41
jmarsden|workFirst line in mine is port=1000002:41
storrgiewhats the bind parameter set to?02:42
storrgieok its back up, thanks!02:43
jmarsden|workI don't see a bind param, I probably just listen on all interfaces. ... Good!  No problem.02:44
storrgieshould I try ebox?02:44
jmarsden|workSure, if you are in a position to switch now (when the server is new) is a good time to do so.  You'll find more Ubuntu folks who can help with ebox than with webmin.02:45
jmarsden|workDid the ssh delay issue go away too?02:46
storrgieyes it did, which is great02:48
rdw200169storrgie, if you really want webmin, you can still install it from the sources on their website02:48
storrgiei have been using it, i dont mind it.... i just would like to see if ebox is nicer02:49
rdw200169storrgie, personally, i dislike ebox, it does too much to the inner workings of a system, but that's just me, i like control ;)02:49
jmarsden|workstorrgie: OK, well I think we've answered all your questions... I'm going home to eat :)02:49
storrgiejmarsden|work: thanks bud, I will start sticking around here and helping people out too02:50
rdw200169storrgie, just keep in mind that even if you uninstall it, there's still a little left: it doesn't quite get rid of all the changes it makes, i.e. there's cruft left in the ifup / ifdown scripts (grr...)02:50
storrgierdw200169: talking about ebox?02:50
storrgierdw200169: i wouldnt mind it really, as long as things work OK02:50
storrgiewebmin is fine02:50
storrgiei really only use webmin for apache stuff anyway02:51
rdw200169it is very good at setting up the virtual servers!02:51
storrgierdw200169: should i try it? im kinda scared... haha02:52
rdw200169ebox or webmin?02:52
storrgieim runnng webmin now02:52
storrgiei was talking about trying ebox02:52
storrgieim not sure how i installed webmin02:52
storrgieit was a month or so ago02:53
rdw200169well, it should't cause any major issues02:53
storrgiedoes it do apache well02:53
rdw200169but it's been a while since i tried it02:53
rdw200169i don'02:53
rdw200169't think so02:53
rdw200169my initial impression of it was: "this does everything i want it to do, if i don't want to do anything my way"02:53
rdw200169but that's just *my* impression ;)02:54
storrgieso maybe stick with webmin02:54
rdw200169you can check out ebox-platform.com to learn more about it02:54
PC_NerdHi,  attempted to use unbootin to create a bootable usb for server 8.04.  but it refuses to run without a CD drive (and pressumably the CD).  the server doesnt have an optical drive.  Ive also tried the "create bootable usb" from teh system adminstration menu on desktop 8.10 (using the 8.04 server iso).   any ideas on installing ubuntu server via usb without an optical drive?02:54
philsfI'd like some suggestions on what to use for backing up a live system to a removable  HD02:55
philsf I eliminated rsync because I'd like the backups to be encrypted02:55
philsf          (afraid of HD theft). I'm currently using dar manually, and am in the process of making a02:55
rdw200169i just didn't care to much for the fact that it uses *so* many services to do it's job...02:55
philsf          personalized script for automation of differential encrypted backups with dar, but maybe there are02:55
philsf          similar stuff already done out there02:55
philsfwhat are people here using?02:55
storrgiephilsf: i would like to know too, thats something interesting to do02:56
rdw200169philsf, well, you could try something like etckeeper, or a version control system, like bzr, svn, cvs, etc...02:56
rdw200169etckeeper is a tool for easily backing up /etc using a version control system, using either mercurial or bzr02:56
* hads uses rdiff-backup02:57
rdw200169b/c you don't need to back up *everything*, just your configurations, and personal directories, like /var/www02:57
philsfrdw200169: no, I'm asking for a backup solution of files of a whole system, including user files02:57
hadsIf you want it encrypted, encrypt the disk.02:57
rdw200169philsf, again, a comprehensive svn setup, for example, could make that very easy02:57
rdw200169philsf, this is what i prefer anyway02:58
rdw200169philsf, just have the svn repo (for example) exist on the external source, whatever that may be02:58
storrgierdw200169: question regarding virtual servers... Do i need to create a virtual server for TEST.net and www.TEST.net02:58
storrgieif i want them both to resolve to the same place on my machine02:58
rdw200169PC_Nerd, did you make sure your BIOS supports booting via USB02:59
rdw200169storrgie, well, i'm not *great* with apache, but i use a couple virtual servers, mostly for my 2 domains, randywallace.com and greamin.com which run on the same IP02:59
storrgieso if i type in randywallace.com03:00
storrgieit will go there03:00
rdw200169storrgie, yes03:00
storrgiebut what if i type www.randywallace.com03:00
rdw200169storrgie, of course03:00
rdw200169storrgie, the same,03:00
rdw200169storrgie, i use a ServerAlias like hads suggests03:00
storrgierdw200169: did u have to add a virtual server for both of those names, www.randywallace.com and randywallace.com?03:00
storrgiehads: hows that work?03:01
rdw200169storrgie, no, just a Server Aliasw03:01
rdw200169for example, here's my entry03:01
PC_Nerdit supports booting usb, goes through detecting keyboard (all from after booting usb in bios.... running the serve rinstallation)   and the next step after keyboard and language is to detect a CD drive.... from there it wont work because of a lack of optical drive :P03:01
rdw200169DocumentRoot /var/www/randywallace.com03:01
rdw200169ServerName www.randywallace.com03:01
rdw200169ServerAlias randywallace.com03:01
rdw200169PC_Nerd, oh, i see!03:01
hadsServerAlias *.example.com03:01
rdw200169yeah, that'll do it too, i didn't want to do that, so i can have ldap.example.com for other things, etc... etc...03:02
rdw200169storrgie, if you didn't know, you can use zoneedit.com to manage your DNS, it's really powerful and has ALL the DNS related features you want, for free!@03:02
rdw200169storrgie, that, and they support 'dynamic dns' for changing the IP address for those out there (like me) that recieve dhcp from their internet provider03:03
storrgiei have my domains through register.com03:03
storrgiethey have great services03:03
storrgiewhat i was wasking about was03:03
storrgieat register.com03:03
PC_Nerdrdw200169:  so any suggestions on getting around the "required" optical drive?03:03
rdw200169just throwing that out there ;) i really like it03:03
storrgiei setup A-records to point to my servers IP03:03
rdw200169PC_Nerd, Well, you can try skipping that step, by using debconf in expert mode03:04
storrgiebut my server needs to know what to do with those requests when they come in, thats wuat virtual servers are for right?03:04
philsf I was thinking if I encrypted through gpg, I could automate the backup without03:04
rdw200169PC_Nerd, well, the debian-installer03:04
philsfentering a password into config files, comments?03:04
hadsEncrypt the disk03:04
rdw200169PC_Nerd, that, and i don't know if you're aware of this, it's pretty obscure, but when that step presents it self, you can actually switch TTY's to see the actual console output from the installation03:05
rdw200169PC_Nerd, i think it's tty4 so Ctrl+alt+f403:05
PC_Nerdtty's ?03:05
philsfhads: do you have any personal recommendation on wether to use ecrypt, or encfs (or something else)?03:05
rdw200169PC_Nerd, the debian installer actually uses several tty's during the installation03:05
rdw200169PC_Nerd, you can get a console from a couple of them i believe while it's installing.03:05
PC_Nerdtty's?  Im aware they exist in /dev but I havent a clue on what they do.03:06
storrgierdw200169: are you running 5 nics in your server? hahaha awesome03:06
rdw200169PC_Nerd, i generally switch tty's during the package update to make sure there aren't any timeouts (i've had some very bad internet over the years)03:06
rdw200169storrgie, actually, 603:06
storrgierdw200169: why so many?03:06
rdw200169storrgie, they were cheap, 15$ per gig-ethernet card03:07
rdw200169storrgie, and the application required 4 internet connections03:07
hadsphilsf: I've used dm-crypt03:07
storrgierdw200169: what is it used for?03:07
rdw200169storrgie, instead of using a switch, and dealing with that routing problem, i built the server w/several nics so routing would be easy and reliable03:07
rdw200169storrgie, the situation was: i deployed to iraq about a 2 years ago, and we planned on setting up a ISP using satellite connections03:08
storrgieoh really03:08
storrgiewait, your own ISP? through sat cons?03:08
rdw200169storrgie, we needed to figure out how to provide internet to ONE network using several internet connections03:08
rdw200169storrgie, yes, HughesNet, it was hell ;)03:09
storrgieso load balance between several03:09
storrgiethat box sat there and mitigated multiple satelite connections?03:09
rdw200169storrgie, we decided against that because of the https problem03:09
PC_Nerdok.... ive "skipped" the cd part to  "Load debconf preconfiguration file"     "The file needed for preconfiguration could not be retreived from file:///cdrom/pressed/ubuntu-server.seed The installation will procceed in non-automated mode. "  how can i make that select it from the usb drive?03:09
rdw200169that file doesn't do anything except install the package linux-server, the kernel for the server03:10
storrgierdw200169: well i bookmaked your notes, ill check this out... its pretty awesome03:10
rdw200169so, you may want to just install that post-installation03:10
rdw200169storrgie, from greamin.com/server, you may want to check the file for the UbuntuGateway project03:10
rdw200169storrgie, that's where all the routing, firewalling, and traffic shaping took place03:11
cjwatsonPC_Nerd: you could try putting the netboot installer image on a USB stick and booting it03:11
rdw200169the logfile is most useful, for understanding how i did it03:11
storrgierdw200169: what do you use to draw your topology diagrams?03:11
rdw200169from RichNet?03:11
cjwatsonPC_Nerd: 8.04 didn't have the necessary bits to support the stuff you're trying to do properly, I'm afraid03:11
PC_Nerdnetboot?  is that to boot over a network?03:11
rdw200169i used inkscape, and i've also used OmniGraffle03:12
rdw200169i love OmniGraffle, it's the best outliner, but it requires me to use MacOS, which I *rarely* do03:12
storrgieinkscape for linux?03:12
PC_Nerdthe server bios ( i think its the bios?) has a boot PXE option... and I know the network settings like the back of my hand.... so can I "boot" the server from a live CD or live USB on a laptop on the network? (basic 3 computer network) ?03:12
cjwatsonPC_Nerd: normally, but you can boot the same images by any method you like - the key is that they'll fetch all their bits over the network later rather than relying on local storage like CD or USB03:12
rdw200169storrgie, yup, it's there03:12
cjwatsonPC_Nerd: you don't need to pxeboot in order to use the netboot images; you just need to be able to tell a bootloader to boot them03:13
rdw200169PC_Nerd, seriously, there's not a problem skipping the ubuntu.seed file03:13
PC_Nerdok.... ill skipp it.03:13
storrgiewas this:http://greamin.com/server/_images/RichNet6.png done in inkscape?03:13
cjwatsonrdw200169: sure, but it isn't going to get much further if it doesn't have /cdrom03:13
PC_Nerdhang on ill continue on.03:13
rdw200169storrgie, yes03:13
cjwatsonit'll just fail again03:13
storrgierdw200169: awsome,03:13
rdw200169cjwatson, i don't know, i've never tried...03:13
cjwatsonrdw200169: I know03:13
rdw200169cjwatson, seems like that's a major problem with the installer!03:14
cjwatsonwhat, that the CD installer needs a CD?03:14
rdw200169cjwatson, if only they would enable serial access *by default*03:14
rdw200169cjwatson, i find it *so* irritating having to rebuild the CD just for Serial Access03:14
rdw200169cjwatson, for headless setups03:14
rdw200169cjwatson, that, or build and ISO for usb03:15
rdw200169cjwatson, *an03:15
cjwatsonerr, surely you just need to pass the right console= for serial access?03:15
storrgierdw200169: quick question, how do u draw out the switches hubs etc... did u have to go get those images or are they in the software?03:15
cjwatsonrdw200169: yes, that's improved in 8.10, but in the meantime he can use the netboot images03:15
PC_Nerdok.... so i need to look up a netboot tutorial then... ok03:15
rdw200169cjwatson, yes, change the special line in the grub file to add serial access, then there's the03:16
rdw200169cjwatson, upstart file that also needs to start the serial tty03:16
cjwatsonthe installer ought to do that already03:16
rdw200169cjwatson, nope03:16
cjwatsonI definitely remember writing a deal of code for that03:16
rdw200169cjwatson, in 8.10, which i've recently rebuilt, does not do serial, at all, post installation03:17
cjwatsonmy changelog says April 200703:17
PC_Nerdurgh :P why does it have to be so complicated. lol    ill look up a tutorial/discussion online.  bbs03:17
cjwatsonrdw200169: I would like you to file a bug report about that with full details and logs. It's meant to work.03:17
rdw200169cjwatson, i also have had to change the bootloader for the cd to allow serial access03:17
cjwatsonThat would be a lot more helpful than quietly rebuilding the CD for yourself!03:17
rdw200169cjwatson, here, i've got what i did here: http://greamin.com/server/server_guide.html03:17
cjwatsonalso, the CD bootloader is supposed to fall back to something serial-friendly on serial console. If that isn't working, I need a bug report.03:17
cjwatsonbug report, please03:18
cjwatsonit's 3:20am here, I'm not going to remember something you tell me on IRC03:18
rdw200169cjwatson, i posted a bug report on upstart not having a serial access, but i don't think anything has come about from it03:18
storrgierdw200169: where did u get the images for these diagrams?03:18
cjwatsonfinish-install has had code to deal with upstart's event files for nearly two years03:18
rdw200169cjwatson, it's not that big of a deal for me, i do a lot of other stuff from rebuilding too, like installing a bunch of packages post-install03:19
cjwatsonrdw200169: please. file a bug. I need to know.;03:19
cjwatsondon't just quietly sit and suffer (even if it isn't that big a deal)03:19
rdw200169cjwatson, for what? upstart?03:19
cjwatsonlaunchpad.net/ubuntu/+source/debian-installer, that is03:19
rdw200169cjwatson, ah, but the problem is 4-fold03:19
cjwatsonthen file four bugs03:20
rdw200169cjwatson, well, 1/4 !03:20
cjwatsonI'll send them off to the right places as appropriate03:20
cjwatsonthe only bug I can find about serial console handling not working right now is ia64-specific03:20
rdw200169cjwatson, i'm talking about adding it to isolinux.txt, so it will boot headless03:21
rdw200169cjwatson, debian-installer never had a problem running serial, it's getting isolinux to do it from the start03:21
cjwatsonyou made comments above about e.g. grub/upstart configuration that are supposed to be handled by debian-installer. If those aren't working out of the box then they're d-i bugs.03:22
cjwatsonisolinux configuration is obviously trickier since it needs to work headful as well03:22
rdw200169cjwatson, exactly03:23
rdw200169the debian-installer things can be fixed post-installation, but isolinux, obviously, cannot03:23
cjwatsonI'm not so worried about that (there's always the netboot option), but I *do* need and want to know about the d-i bugs. I maintain d-i in Ubuntu.03:23
rdw200169cjwatson, OH!03:23
cjwatsonwhy did you think I was repeatedly asking for bug reports? :-)03:24
rdw200169cjwatson, is there any way you can also add an option for SSH post boot?, i.e. after a timeout?03:24
cjwatsonok, so not attempting to think about feature requests at 3:25am ;-)03:24
rdw200169i'm just curious... would that be a launchpad blueprint?03:25
cjwatsonwishlist bug03:25
rdw200169cjwatson, ah, ok, i will do these things you suggest03:25
cjwatsonblueprints are heavyweight things and are design documents to be created by developers only03:25
rdw200169i can't write one?03:25
cjwatsonyou generally shouldn't03:25
rdw200169hence, the 'wishlist but'03:26
cjwatsonyou *can* - but it is unlikely to be more helpful than filing a wishlist bug03:26
cjwatsonthe point of blueprints is to be software design documents, and those need to be written by software designers03:26
rdw200169sounds good, thank you for the help!03:26
cjwatsonno problem, it'll be worth it to get it working better out of the box03:27
cjwatsoneven though it's thoroughly weird that it doesn't already03:27
cjwatson('apt-get source finish-install' and poke around there and you'll see the code)03:27
cjwatsonI'm not sure what an option for SSH post-boot would be. Surely that's just installing the openssh-server package, having configured a user?03:28
rdw200169cjwatson, it's an obscure debian-installer feature i found from some obscure place in the debian dungeon03:29
cjwatsonI know what you're talking about before the first reboot (network-console)03:29
storrgierdw200169: hey, where did u get those images for your diagrams?03:29
cjwatsonbut I interpreted "post boot" to mean "after the first reboot, once the installer is done"03:29
rdw200169cjwatson, it was really difficult to get right, but i was pretty proud when i did03:30
cjwatsonyou know it's documented in the Ubuntu installation guide?03:30
rdw200169cjwatson, what it does, is start a ssh server really early in the debian-installer, so you can continue installation over ssh03:30
rdw200169cjwatson, this works really well for headless setup03:30
cjwatsonyes, I know about it and have contributed to it03:30
rdw200169ppend file=/cdrom/preseed/ssh.seed initrd=/install/initrd.gz03:31
rdw200169    console=tty0 console=ttyS0,38400n1 priority=critical quiet -- console-setup/ask-detect=false console-setup/layoutcode=en_US.UTF-8 auto-install/enable=true03:31
cjwatsonauto-install is not supported on Ubuntu03:31
cjwatsonby that I mean the auto-install/enable bit, not automatic installation in general03:31
rdw200169but it requires something like this, in isolinux.txt03:32
rdw200169then the seed file sets up some really basic things, including netcfg, then anna sets up network-console03:32
rdw200169and gives it a password,03:32
rdw200169cjwatson, well, it's always worked for me, incl. 8.1003:33
cjwatsonyou just aren't in fact using auto-install :-P03:33
rdw200169yes, i am!03:33
cjwatsonit's in universe, it can't possibly be used by the installer03:33
cjwatsonI don't believe you, unless you're rebuilding the installer initrd03:33
rdw200169nope, it works03:33
cjwatsonauto-install is not even in our installer initrds03:33
rdw200169i've tested it about 1000 times in virtual box03:33
rdw200169i stopped unpacking init.rd when i figured out how to do preseed/late_command for all the other crazy stuff, like adding ttyS0 to upstart03:34
cjwatsonauto-install/enable does have some effect on localechooser and possibly other components, but the guts of it are not present and I will not deal with bug reports from people attempting to use the half-broken bits that exist03:35
cjwatsonI tried to make sure to rip out all the documentation of it from the Ubuntu installation guide until such time as we support it properly03:36
rdw200169cjwatson, that's understandable03:36
cjwatson(which involves figuring out how to make it work properly with console-setup and the like - I'm not just being capricious here)03:36
rdw200169oh no, i understand completely03:36
rdw200169*for me* it works, i use all the defaults for console-setup, so i never run into issues03:37
cjwatsontherefore, I recommend *removing* auto-install/enable=true and finding out whether your problems with serial console access are still reproducible without it03:37
cjwatsonbecause other people have told me that that stuff works03:37
cjwatson(I don't own the relevant hardware myself)03:37
rdw200169auto-install is only for SSH installation03:37
cjwatsonanna/choose_modules=network-console is the key thing to enable SSH installation03:38
rdw200169it get's past all the locale stuff, so it will run the ssh server for debian-installer *without user intervention over serial*03:38
cjwatsonyes, I am aware of that, but that doesn't make it only for SSH installation03:38
rdw200169that option, still necessary, does not get you past the locale stuff03:38
cjwatsonyou could just preseed the locale stuff03:38
cjwatsonyou don't need auto-install to do that03:38
rdw200169i tried that desperately, but i could never get it right03:39
cjwatsonI am happy to help with that, as it is not hard03:39
rdw200169the installer was stubborn about asking those questions no matter what03:39
cjwatsonyour console-setup/layoutcode is wrong above, to start with03:39
rdw200169and documentation on writing preseed files is...03:39
cjwatsonin the Ubuntu installation guide03:39
rdw200169when i started all this, it was with 7.1003:40
cjwatsonyou probably just need 'locale=en_US console-setup/layoutcode=us' on the kernel command line03:40
cjwatsonthe 7.10 installation guide documented preseeding too03:40
rdw200169i've tried that, and it still insisted on asking those question03:40
cjwatsonperhaps you would be better off starting from what the d-i maintainer in Ubuntu tells you is right and debugging from there, rather than starting from somewhere else, though? ;-)03:41
rdw200169it was *very* frustrating03:41
rdw200169well, i'll try it again03:41
cjwatsonnote that you MUST put this on the kernel command line03:41
cjwatsonin your web page, you recommend putting locale/keyboard configuration in a preseed file on the CD, which is totally useless03:42
rdw200169that may have been where i failed ;)03:42
cjwatsonthe preseed file is read from the CD well after locale/keyboard configuration takes place in the installer03:42
cjwatsonthe installation guide documents this problem03:42
rdw200169hey, it works, right? (yes! amazing!)03:42
rdw200169i'm still very proud that I even got it to work!03:43
cjwatsonyou've managed to make a number of mistakes cancel each other out somewhat ;-)03:43
cjwatsonhowever, it's still better to do it properly03:43
rdw200169of couse03:44
cjwatsondocumentation of preseed ordering> https://help.ubuntu.com/8.04/installation-guide/i386/preseed-contents.html03:44
cjwatson(to be read in context of the rest of that chapter)03:44
storrgielater guys, thanks for the help tonight03:45
cjwatsongiven proper preseeding, auto-install isn't necessary; the thing that auto-install is good for is deferring questions until after ssh is up, but if you didn't want the questions asked in the first place then that's kind of the long way round03:45
cjwatsonwell, one thing that auto-install is good for, anyway03:46
cjwatsonit's actually a much more complex autoinstallation system03:46
cjwatsonand its behaviour with respect to ssh is really just a side-effect of the way it handles configuration in general03:47
rdw200169cjwatson, yes, i much preferred having the questions asked later!03:47
cjwatsonnoted, but there is a good reason those come first03:48
cjwatsonwe ask for locale first so that we can display questions the user will understand; we ask for keyboard after that so that the user can type responses that the installer will understand03:48
rdw200169cjwatson, yes, for international setup, i wonder how you could do that with SSH...03:48
rdw200169cjwatson, personally, i find this to an incredibly useful feature, considering the applications of a server in a headless environment; for me, the people i help run linux server(s) don't have monitors (they're deployed overseas)03:50
cjwatsonnetwork-console should pick up the locale from previous configuration, although of course keyboard interpretation is handled at the far end03:50
cjwatsonoh, certainly, it's great. but it really isn't that hard to set up with the default images :)03:50
cjwatsonlocale=en_US console-setup/layoutcode=us anna/choose_modules=network-console and you should be set, possibly with a bit of network preseeding thrown in there03:51
cjwatsonanyway, well past bedtime03:51
rdw200169alright, goodnight my friend, and thank you for the help!03:51
cjwatsonthanks in advance for the bug reports :)03:51
rdw200169you have NO IDEA how much I've wanted to actually communicate with someone who knows *something* about debian-installer!03:52
cjwatson#ubuntu-installer is happy to take queries03:53
PC_Nerdim trying to install the server edition via netboot....  I get to custom DHCP details, and it says "bad archive mirror".  im running apache2 from my computer, can access it via the same details.  the iso was unzipped to that directory.   any suggestions on getting netboot working?03:56
kansanhow do i run mkfs.xfs on ubuntu hardy server?03:57
sommerkansan: do you have the xfsprogs package installed?  it should be part of that package04:15
scuniziI just loaded 8.10 server into a vm in vbox.. on boot it says that the kernel is wrong and needs pae.. or something like that.. It won't boot into recovery mode either.. Any suggested solutions?04:21
rdw200169scunizi, well, virtualbox won't boot the server build of the kernel, i.e. linux-server04:25
rdw200169scunizi, reluctantly, it requires a really pain-in-the-butt method of post-install linux-generic04:26
rdw200169scunizi, *before* restart04:26
rdw200169scunizi, so, post install, before restart, go to the option to open a shell in the debian-installer menu; then, in the shell, chroot to the /target directory04:26
rdw200169scunizi, then, you have to *readd* the ubuntu-server cd, i.e. apt-cdrom add04:27
rdw200169scunizi, then, if there isn't internet access, you have to comment the internet related lines in /etc/apt/sources.list so you can perform *another* apt-get update04:27
rdw200169scunizi, then, you can apt-get install linux-generic04:28
rdw200169scunizi, that, or you can just mount the cd, copy the .deb from the cd to the /target directory somewhere, then dpkg -i after you chroot04:28
scunizirdw200169, wow.. first thing.. how do I get to the option to open a shell in the debian installer menu?  and by chroot you mean to change directories to /target which would be ??04:30
rdw200169scunizi, well, in the installer, you have the main menu, right, for example, the options are 'Partition disks' etc...04:30
rdw200169scunizi, there's an option on the very bottom, related to openning a shell04:31
rdw200169scunizi, really close to the bottom anyway, *after* Finish the installation04:31
scuniziah.. in the actual installer.. I had missed tha.04:31
scuniziso.. can I get there without reinstalling?04:31
scunizirdw200169, perhaps via "Rescue a broken system?"04:33
rdw200169try it04:33
rdw200169scunizi, if i remember correctly, that gives the option to open a shell04:34
scunizirdw200169, haven't seen it yet but I'll go through the options and look.. thanks for the tips..04:34
rdw200169scunizi, you may have to change the debconf priority to a higher level, i can't remember04:35
scunizirdw200169, that's beyond my level of expertise.. not sure what a debconf priority level is..04:35
rdw200169scunizi, there's an option to change it in the menu04:36
scunizirdw200169, I'm at a place to choose "Execute a shell in /dev/sda1" (my choice for root) or "Execute a shell in the installer environment".. shall I throw a dart or pick #104:38
rdw200169yes! the first one04:38
scunizirdw200169, should I be able to initiate apt from here?  it's giving me root access04:39
rdw200169yes, after a 'chroot /target'04:39
scunizirdw200169, so I want linux-generic?04:40
rdw200169yes, do you have internet access already?04:41
scuniziused apt-cache search kernel04:41
rdw200169scunizi, yes, then apt-get install linux-generic04:41
scunizishould the other kernel be uninstalled?04:42
rdw200169scunizi, it already is04:43
rdw200169scunizi, linux-server is the default, and it's the one that causes the problems04:43
scunizirdw200169, you'd think that there would be an option on install to let the installer know that it's going into a vm.. :/04:44
rdw200169scunizi, it's more of a virtualbox problem than a linux problem04:44
scunizirdw200169, I wonder if they are only peripherally aware of it..04:45
rdw200169scunizi, i don't know04:45
dieselzhello all - I am trying to figure out why i am getting loads of iptables tracking: any idea of what a call from sport=51879 to dport=22 from my computer to my server is?04:59
dieselzi've done a search on google, cant find much of anything04:59
dieselzi have an ssh connection up if that helps05:00
ScottKIs if from your IP address?05:01
ScottKThat's your ssh connection.05:01
ScottKIf it's a modern kernel it uses source port randomization.  That's what sport is.05:02
dieselzif i have a log entry as the first entry in iptables' INPUT, will that log everything, whether its blocked or not?05:02
ScottKIt's way too late at night here for me to be thinking about iptables rules.05:03
dieselzhaha sorry05:03
dieselzi think i'm just an idiot and I am logging everything instead of just dropped packets05:03
dieselzN00bling things05:03
rdw200169                                                                                                                                                                                                                                                                                                                                                                                                                                                 05:03
rdw200169                                                                                                                                                                                                                                                                                                                                                                                                                                                 05:03
rdw200169                                                                                                                                                                                                                                                                                                                                                                                                                                                 05:03
ScottKNo problem.05:03
rdw200169                                                                                                                                                                                                                                                                                                                                                                                                                                                 05:03
rdw200169                                                                                                                                                                                                                                                                                                                            05:04
rdw200169whoops, dieselz i can help05:04
scunizirdw200169, worked like a champ .. thanks for the advice.. :)05:04
dieselzgot this: LOG        all  --  anywhere             anywhere            limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '05:04
rdw200169scunizi, hey, no problem05:04
dieselzi feel like i shouldn't05:04
dieselzi want to only track dropped packets05:04
rdw200169dieselz, then, right before your DROP target, put the LOG target05:05
rdw200169dieselz, that's the way most firewalls do it, namely firestarter05:05
dieselzwhat about -j LOGDROP ?05:05
rdw200169dieselz, yeah, you can do that too i suppose, i prefer the basic targets to prevent me any crazy iptables problems, i used to run into a lot of them when i would add features not in the ubuntu version ;)05:06
dieselzhmm, so if i just move that line down to before my DROP line, that'll have the same effect?05:06
rdw200169dieselz, yes, if the packet is routed to another chain before the LOG target, it won't get logged05:07
rdw200169dieselz, iptables runs step by step, and leaves any particular chain once the packet is matched05:07
rdw200169dieselz, if its matched before reaching the LOG target, it won't get logged05:08
dieselzah, great explanation - thanks.05:08
rdw200169dieselz, there's a great chart out there of how iptables works, i've got a copy here:05:08
rdw200169dieselz, this helps make the 'packet flow' make a *LOT* more sense, you kinda have to stare at it for a while, but if you really think about it, it makes brilliant sense05:10
rdw200169dieselz, and clears up a lot of confusion about the tables and chains05:10
dieselzgreat - its taking a bit to download, but ill look it over05:10
dieselzanother question (i'm just getting into server security btw) =>05:10
dieselzi have iptables dropping all except what i need, i have chkrootkit running once daily05:11
dieselzand i am trying to setup AIDE05:11
dieselzanything im missing without going nuts on security?05:11
dieselzAdvanced Intrusion Detection Environment05:11
rdw200169ah, yes, i was gonna suggest snort05:11
dieselzits not an NSA server, but I do collect Credit Cards, so I don't wanna be an easy target05:12
rdw200169i see, its good that you're being careful then!05:12
dieselzsnort as a replacement to AIDE/chkrootkit? or in addition?05:12
rdw200169it's another IDS05:12
dieselzokay, i see it is also rule based05:13
rdw200169ah, you also found it ;)05:13
dieselzreading now, looks like i have some hw to do05:13
rdw200169i assume, then, that you're also using https with a real certificate, etc...05:13
dieselzbtw, check it out: mtooter.com05:13
rdw200169how are you managing account information, for your credit card people?05:15
dieselzi dont store it at all, it goes through paypal05:15
rdw200169oh, nevermind then!05:15
rdw200169then, you're not storing credit information at all?05:16
dieselzright, just going right through05:16
dieselzbut if someone were to gain access to my php script, then they could send the data05:16
dieselzmy server sees the CC info, my hard drive does not05:17
rdw200169but isn't paypal a full https redirection?05:17
dieselznot paypal pro05:17
rdw200169you've baffled me then, you just said you only use paypal!05:18
rdw200169oh, i see05:18
dieselzpaypal processes the CCs, but i take the information on my website05:18
rdw200169i didn't know that05:18
dieselzyea, its a nice, clean way to do it05:18
dieselzmore risky, but much more professional05:18
rdw200169so, you're storing this information for your clients?05:19
dieselzno, i dont store anything =>05:19
dieselzuser inputs CC info => server send CURL request to Paypal server => paypal server responds YAY or NAY => server shows user success or error message05:20
rdw200169well, i suggest that the best way to protect yourself, is by making sure there's not a ssh server (or telnet for that matter) to the outside world05:20
rdw200169https only would be the best05:20
rdw200169then, make absolute sure that your Apache configuration is rock-solid05:21
dieselzi agree, but i need to access my server through ssh05:21
dieselzknow of any resources on hardening apache?05:21
rdw200169dieselz, alright, then make sure there's no root accounts05:21
rdw200169dieselz, and that your password is HUGE05:22
hadsNothing wrong with having ssh access open05:22
rdw200169hads, there is if the password is weak ;)05:22
rdw200169hads, on a root account...05:22
hadsSo, don't enable root and have a decent password.05:22
rdw200169which is what i just said ;)05:23
hadsThat's just standard practice.05:23
rdw200169thanks for telling me i'm not blowing smoke out my hindquarter ;)05:23
rdw200169dieselz, most of that information requires buying a book, for the best explanations, regardless, i did find this: http://xianshield.org/guides/apache2.0guide.html05:25
rdw200169dieselz, as far as i know, apache2 is pretty touch on ubuntu already, but you may want to read the section from that link on the configuration05:26
dieselzhmmm... looks like it comes down to disabled all unused mods05:27
rdw200169that's a good idea05:27
dieselzshould be fun05:28
rdw200169dieselz, there's also some new security features, like selinux05:28
rdw200169dieselz, http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=https%3A%2F%2Fwiki.ubuntu.com%2FSELinux&ei=k1V5SdDsKIH8tgerr_SgDg&usg=AFQjCNEcCgFO0Qa8x5_35mMmLWhRrTae3w&sig2=q53vj7VOgySrljwYGxwUsA05:29
rdw200169dieselz, whoops05:29
rdw200169dieselz, https://wiki.ubuntu.com/SELinux05:29
dieselzreading the NSA page.... very interesting05:29
dieselzi wonder if obama's blackberry will have that on it05:29
dieselzim willing to go far, but im stickin with ubuntu for now05:30
rdw200169dieselz, i think 8.10 has it05:30
rdw200169dieselz, i can't remember05:30
rdw200169dieselz, there's also PolicyKit05:31
dieselzlots of stuff to checkout05:31
rdw200169dieselz, but i think that requires a GUI05:32
dieselzgood stuff05:33
rdw200169dieselz, regardless, a strong firewall with https/ssh will rectify most of your fears ;)05:33
dieselzyea, im not too worried, i just want to learn slowly so that I really understand whats going on as opposed to just through a mote around my back door with my front door unlocked05:34
rdw200169dieselz, from there, it's all apache2 vulnerabilities05:34
dieselzis lighttpd more secure?05:34
p_quarlesno, it is not05:38
p_quarlesand the idea that software X is innately more secure than software Y is an attitude that creates security risks; avoid it05:39
dieselzwindows vs linux?05:39
dieselzokay - well im off, thats for the help all05:41
PC_Nerdfor some reason after I added an iptables restore script to /etc/network/if-pre-up.d/ I can no longer get a DHCP IP address from my router.....  etho0 (correct) (the subnet should be port 67 (thats correct isnt it)08:14
PC_Nerdany ideas on how to get it working again?08:14
jmarsdenPC_Nerd: Check /var/log/messages to see what the iptables stuff is blocking that is relevant, and adjust your iptables ruleset accordingly?08:43
dnperforskraut: moin09:32
krautaloha dnperfors09:32
dnperforsYou are from a german speaking country?09:34
=== dnperfors_ is now known as dnperfors
PC_Nerdany ideas?11:30
slestakhey guys, I have a 8.04.1 server install that I am trying to setup for our web developers.  initially i had apache2 + mod-jk + tomcat5.5 installed (all from repos) and it was 80% functional for them13:37
slestakto try to get back to basics, i was asked to remove apache and mod-jk and just serve up jsp with tomcat (using the internal coyote server)13:38
slestakthat has been done, used aptitude to purge apache and tomcat5.5.  reinstalled tomcat5.5, started service, but I cannot see anything listening on 8180 with netstat13:39
slestakps shows tomcat running13:39
spiekeyhey zul :) you there?13:40
Koonslestak: anything in the logs ? I think it might log to syslog13:40
slestaknothing in /var/log/tomcat5.5, let me sheck syslog13:40
spiekeyzul: i have some non-trivial question related to xen :)13:41
ScottKNow you've made him hide.13:41
zulspiekey: yep im here13:42
slestakKoon: interesting, just service stop and startup messages as I restarted tomcat, but do see sth interesting in netstat now, lemm pastebin it13:43
slestakKoon: check out http://pastebin.com/m42d39a5013:44
slestakKoon: the ports 8009 and 8180  are listening to what looks liek "null" addresses13:45
Koonslestak: those are ipv6 localhost addresses13:45
Koonslestak: did you try accessing it using a browser ?13:46
slestakduh, i see the tcp6 now13:46
slestakyes, and I get a 404 trying to get to context /manager13:46
slestaknothing is logged when I try to go to /manager13:46
Koonsounds better :)13:46
spiekeyzul: i am trying to build xen frm source with the 2.6.27-xen.hg image: http://pastebin.com/d4378b3cb13:47
spiekeyany idea why it fails?13:47
Koonslestak: anything in syslog now ?13:47
spiekeyline 98 seems to be intresting :)13:48
slestakKoon: just tomcat startup messages from 10 minutes ago.  nothing new on the failed access13:48
zulspiekey: no idea13:48
Koonand nothing in /var/log/tomcat5.5 ?13:48
spiekey i wonder why i get: select-linux-arch: x86, since i have 64Bit13:49
slestakKoon: same thing in syslog is repeated in catalina-01-23*13:49
slestakmaybe change the logging level to highher than INFO13:50
slestakchecked firewall, its not blocking ports, the machine is inside our lan13:50
Koonslestak: (stupid question) is the manager webapp installed ?13:51
Koon(you need to install tomcat5.5-admin separately)13:51
slestaki will double and triple check13:52
slestakyeah, http://pastebin.com/d5f38d23c13:53
slestaki will reinstall -admin13:54
Koonor maybe...13:55
slestakafter reinstall -admin, still no listener on 8180 for tcpv413:55
* Koon fires up a hardy VM to check something13:55
slestaki setup the tomcat users so someone has the manager role13:56
Koonslestak: what JVM are you using ?13:57
slestaksun jdk 1.6.0_0713:57
slestaki had all of this almost working with apache2 mod-jk, all of it13:57
slestakthee devs just couldnt get their webapp to run,13:58
slestakjavac -version finds the jdk13:58
slestaklet me check /etc/defaults13:58
KoonI'm installing in parallel13:59
slestaki have JAVA_HOME=/usr/lib/jvm/java-6-sun-
Koonwhat URL are you trying to access exactly ? /manager ?13:59
slestakyes, fqdn:8180/manager13:59
slestaki do not have X on this machine, so I have been accessing it from my desktop14:00
Koonjust a sec14:01
slestaki did not uninstall-reinstall libtomcat5.5-java,14:01
slestakthat package is still from the original attempt14:01
slestaki also have tomcat5.5-webapps installed just to get the hello world stuff14:01
Koonyou might need to call a slightly different url, sth like /manager/html, I'm installing to tell you exactly what14:02
slestakgood point14:02
slestaklooking at ps, I see the /usr/bin/jsvc processes are being run as root.  that is surprising14:02
Koonslestak: try http://fqdn:8180/manager/html14:03
Koonthere is also http://fqdn:8180/admin/ but it seems to suck14:03
slestakok, i see the manager page, whew14:04
Koonslestak: tomcat support improved in intrepid, with support for tomcat614:04
=== cateye599 is now known as cateye
slestaki dont understand why netstat -an doesnt show a listener on 818014:04
Koonit does. you get a ipv6 *:8180 there afaict14:05
slestakthe ipv6 handles ipv4 as well?14:06
slestaki am still ramping up ipv6 facts14:06
Koonyes, look at the :::22 line, it's the same for ssh14:06
slestakok, last question, promise :)14:06
slestaktomcat5.5 webapps is installed, but they are not listed in teh Applications14:07
Koonin the manager ? you don't have a "examples" or something ?14:07
slestaknope, I have three webapps for our product, admin and manager14:08
slestaki am going to look for where they are installed and just deploy that context by directory url14:08
Koonmight need reinstallation to deploy the contexts, yes14:08
Koonsleepingyoyo: good luck ;)14:08
Koonslestak, even14:09
slestakreinstall of the webapps?14:09
slestaki have already done that more than once14:09
Koonthen no ;)14:09
Koongot to go, sorry14:10
slestaktyvm for your help14:10
HellsheepHello, i have been trying to set up my Ubuntu server, i have installed everything fine, during the install i pulled the network cable as it kept on hanging on Configuring APT, once i did that, it didn't set up DHCP obviously. Now when i am running ubuntu server, it cannot connect to the net, when i run sudo lshw -C Network it shows: *-Network DISABLED14:16
HellsheepHow do i configure my network to connect to the internet now?14:17
HellsheepOr more correctly, how do i configure Ubuntu to connect to my network?14:18
sorenthe configuration file is /etc/network/interfaces14:19
sorenIt's documented in the interfaces(5) man page.14:20
HellsheepThank you, i found it in: http://tinyurl.com/65jzxw14:20
HellsheepIt seems all i need to add is this: auto eth014:20
Hellsheepiface eth0 inet dhcp14:20
sorenIf you want dhcp on eth0, then yes.14:21
Davedancan anyone recommend a VPS hosting for ubuntu?14:21
Hellsheepsoren, how do i open the file?14:22
sorenHellsheep: With your favourite editor?14:22
HellsheepI am not familiar how to open files using Ubuntu server14:23
HellsheepFirst time setting up a server14:23
HellsheepEspecially a Linux one14:23
henkjanDavedan: slicehost.com, ghandi.net. xlshosting.nl14:23
Davedanhenkjan: thanks, I'll have a look at thouse14:24
sorenHeh... I don't know what the suggested editor for beginners is.14:24
cjwatsonjust say 'editor' and it'll use the default14:25
sorenGood point.14:25
sorenHellsheep: sudo editor /etc/network/interfaces14:25
erichammondDavedan: Amazon EC2 :)14:26
Hellsheepi just used pico /etc/network/interfaces14:26
cjwatsonnano replaces pico and is (a) free (b) better14:26
Hellsheepah kk14:26
cjwatson(free as in free software; pico wasn't quite for various reasons)14:27
cjwatsonactually, when you run pico on Ubuntu you get nano. But still.14:27
HellsheepI used nano instead14:28
DogWaterwhen you use debmirror to create a mirror do you have to use archive.ubuntu ? it seems really slow14:28
HellsheepHow do i save the file?14:28
sorenDogWater: You can use any mirror.14:30
sorenDogWater: archive.ubuntu.com should be quite fast this time of year, though.14:30
Hellsheepcjwatson, how do i save a file in nano?14:32
Davedanerichammond: I'm using EC2 for customers but need a small one for demo. 74$ is too much14:32
sorenHellsheep: There's some help at the bottom of the screen.14:33
soren^ means CTRL.14:33
uvirtbot`soren: Error: "means" is not a valid command.14:33
sorenuvirtbot`: nick uvirtbot14:34
=== uvirtbot` is now known as uvirtbot
=== Riddelll is now known as Riddell
HellsheepI figured it out.14:38
HellsheepAlthough i still have a problem14:39
HellsheepWhen i do sudo lshw -C Network14:39
HellsheepIt still says *-Network DISABLED14:39
HellsheepHow do i fix that?14:39
sorenNot sure what that means. Maybe you just need to set up the interface? "sudo ifup eth0"14:43
orudieinstead of using chown , can i use a command to add another owner instead of changing it ?14:44
Hellsheepsoren, that fixed it. Thank you.14:45
uvirtbotNew bug: #320145 in samba4 (universe) "Please sync samba4 4.0.0~alpha6-1 (universe) from Debian experimental (main)." [Wishlist,Fix released] https://launchpad.net/bugs/32014514:46
dnperforsorudie: no, unless you add the new owner to the same group14:46
cjwatsonorudie: it is actually possible to have multiple owner-like rights, but it gets complicated; you can use setfacl to do it14:47
cjwatsonorudie: you're better off using groups if you can, since they're simpler; however they may be fiddly if you have lots of special cases14:47
dnperforshmm, didn't know that :P14:47
heath|workhow do I view user info like current home dir15:49
cjwatsonheath|work: 'getent passwd USERNAME'15:51
heath|workcjwatson, thanks15:52
Max007Can someone help me with resizing a software raid partition ?15:56
=== sleepingyoyo___ is now known as sleepingyoyo
jmedinaMax007: what is the problem?16:01
jmedinaMax007: what kind of raid?16:02
uvirtbotNew bug: #320509 in samba (main) "winbind crash winbindd_async_request" [Undecided,New] https://launchpad.net/bugs/32050916:05
MadChopri have 4 320GB SATA drives configured with the intel raid bios as one raid0+1 partition that's around 570GB; i think dmraid sees it as two seperate partitions that are 640GB each, can someone help me to get the dmraid to see what the BIOS software raid is trying to do?  i'm on ubuntu 8.1016:17
MadChoprmy boot drive is an 80gb drive that has nothing tod o with the raid arraym, but it's on the same sata contrller16:18
jmedinaMadChopr: and why are you using dmraid, when raid is already done?16:18
=== smarter_ is now known as smarter
MadChoprjmedina: yea, it's very confusing to me16:22
MadChoprjmedina: i was reading that i have fakeraid or software raid... even though it's through the BIOS16:22
jmedinaMadChopr: you did the raid in the bios, right? then you dont need to use dmraid16:22
jmedinajust format the device16:22
MadChoprwell, i've read differently on several places... one was even in the ubuntu wiki16:23
jmedinawell, probably, there are some fakeraid chipsets16:23
jmedinaits been years since I had those problems16:23
jmedinabut you need to verify you have one o thoses chipsets16:23
MadChopri have ICH7 this FAQ says it's software raid --> http://linux-ata.org/faq-sata-raid.html16:27
=== andreas__ is now known as ahasenack
Max007how can i choose apt mirror from the console ?16:48
maxbMax007: Besides "vim /etc/apt/sources.list" ?17:08
andolMax007: It will work even better if you use Emacs :-)17:14
=== NCommander is now known as NC|Lunch
=== NC|Lunch is now known as NCommander
Max007maxb: yeah I know that but I don't know all mirrors18:24
crackintoshHello, A web application hosted on my ubuntu machine requires me to run a cron job. It doesnt seem to work all the time.19:59
crackintoshIs it possible that it is not executing properly because it is not run by www-data20:00
crackintoshhere is the cron job: * * * * * cd /var/www/sugarcrm; php -f cron.php > /dev/null 2>&1 being run by root20:01
GreenCulthi all20:08
GreenCultsomebody here speak spanish??20:09
jmarsden|workGreenCult: Try #ubuntu-es20:12
nurmiyep, this is indeed Dan from eucalyptus-land21:24
kansanum i'm about to deploy a LAMP stack over ubuntu + ec2.... we develop on 32 bit ubuntu at work... should i select a 64/32bit ubuntu ami from http://alestic.com/ as my base?21:41
erichammondkansan: I build the AMIs listed on http://alestic.com and many folks (including my company) use them in production servers on EC2.21:51
kansanwhat about the 32/64 bit question?21:51
erichammondkansan: There are also some official Ubuntu AMIs which are currently in beta. You can join the beta program here: http://ubuntu.com/ec221:52
erichammondkansan: It depends what type of EC2 instance you want to run (32-bit or 64-bit)21:52
erichammondkansan: I would also encourage you to join the Ubuntu on EC2 community: http://ec2ubuntu-group.notlong.com21:53
kansananyone know how to solve this:  Client.InvalidKeyPair.NotFound: The key pair '/home/david/.ec2/id_rsa-gsg-keypair' does not exist21:53
kansanit does though!21:53
erichammondOther channels which might be more appropriate for asking EC2 questions: #ubuntu-ec2 ##aws21:53
kansanah cool!21:54
erichammond#ubuntu-ec2 has the folks who build the official Ubuntu beta images.  ##aws has more general EC2 experts (like the Q you just asked)21:54
erichammondkansan: answering over on ##aws21:56
kansanmk thx!21:56
=== cateye is now known as CaTeYe
kajeis there a way to tell ufw to ignore all broadcast packets and do NOT log them? I have a printer server at work that is cluttering up my logs with its broadcast traffic...22:29
jdstrandkaje: just explictly DENY them. 'sudo ufw deny 631'22:30
jdstrandkaje: or give the broadcast address: 'sudo ufw deny to <broadcast address> 631'22:31
jdstrandsudo ufw deny to <broadcast address> port 63122:31
kajeand that will keep them out of the log?22:32
jdstrandkaje: yes. logging is not enabled on a per rule basis (yet), so adding a deny or allow rules means they won't get logged. if you don't like this solution, you may update /etc/ufw/after*.rules22:33
kajeno, that solution is fine with me22:36
ziggles1hi guys, is it possible to do something similar to NAT port forwarding but based on the hostname?22:38
andolziggles1: In most cases no. The hostname isn't really used on a network level. The only time you can do magic based on hostname is if you use a protocol which sends and listens to the hostname. If I'm not totaly misstaken http is the only one of the major protocolls which handles hostnames.22:46
kansanis there a way of searching which packages are avaialble on 8.04 LTS server?22:47
andolkansan: http://packages.ubuntu.com/22:48
andolkansan: or do you want to know how to do the search on an 8.04?22:48
kansani guess i already have an ec2 instance up22:49
kansanrunning 8.04 lts server22:49
kansanso i can just search via it22:49
andolkansan: I usually use "apt-cache search foo"22:49
andolkansan: Another option might be to start "aptitude"22:50
=== stiv2k_ is now known as stiv2k
ziggles1andol:  that is what i was thinking23:28
ziggles1andol: so does this mean that most commonly webservers should be assigned an external facing IP?  ie dont do nat before?23:29
ziggles1or i should say, not behind nat23:29
andolziggles1: Well, somewhere along the line there has to be a public facing IP if nothing else. Still, that can be a router, which forwards all http(s) trafik to an internal ip.23:30
andolziggles1: The actual web server can be behind the NAT.23:30
ziggles1andol: could you possbily have two webservers behind the nat?23:31
andolandol: Kind of23:31
andolziggles1: Kind of23:31
ziggles1andol: seems impossible to have 2 unless you have them running on diff ports and forward the ports?23:31
Nafallodepends on how configurable the NAT device is.23:31
andolziggles1: You can have a frontend webbserver on the public IP, then you can have it proxy to the other webbservers in the NAT, based on hostname for example23:32
ziggles1Nafallo: what do you mean?23:32
ziggles1andol: ah that's interesting!23:32
Nafallosome could probably send it to the correct internal server based on destination URL.23:32
Nafalloanother variant would be anycasting, in case both serves the same material.23:33
andolziggles1: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html23:33
Nafallobut yea... I should sleep rather than trying to act clever :-)23:33
andolziggles1: reverse proxy23:33
andolNafallo: don't worry, I have the acting clever all covered :)23:33
ziggles1Nafallo: thanks for offering your advice man.23:34
ziggles1sleeep! :)23:34
Nafallono worries :-)23:34
ziggles1hmmm so the issue is that i have 2 VMs setup as webservers23:35
Nafalloactually pack bag, shower, sleep 1h 30mins, run around to catch buses so I won't miss the plane :-(23:35
Nafallobut thanks ziggles1 :-)23:35
ziggles1lol sounds horrible man23:35
ziggles1with these two webservers we are trying to figure out how to route traffic to them via one nic... and not expose the whole box23:36
ziggles1but i suppose that a webserver should pretty much be exposed..23:36
geniiziggles1: You could also create an alias to hae 2 IP running on same adapter23:38
ziggles1genii: an alias? like a bridge?23:45
geniiziggles1: N o, adapters can have as many IP addresses as you want. Then you bring them up with ifup or ifconfig with names like eth0:0 eth0:1   and so on, each with it's own settings,IP, etc. Then if a name resolves to a specific IP it goes there still23:47
geniiziggles1: The thing is you can use the aliased adapters in a vm as well23:48
jmedinaor, you can simple add for IP address to a single interface without having more alias interfaces like eth0:123:48
jmedinaI prefer this way23:49
jmedinaif you want to do filtering or routing, you only specify the interface with a destination address23:50
Deepsaliasing is deprecated23:50
geniiDeeps: Ah, was not aware. Been a while since I used it23:52
Deepsi learnt today that even ifconfig can add multiple addresses to an interface23:52
Deepsifconfig <dev> add <ip>23:52
geniiCan you add even if on different ranges/segments with different gateways, etc?23:53
jmedinagenii: yeap23:53
jmedinait is only a address to a interface, there is no routing, classing involved23:54
jmedinaafter that, routing is your job :D23:54
ziggles1thats pretty cool23:54
jmedinafor example, there is people running one interface connected to two different WAN (ISPs)23:55
jmedinawith differente classes, different gateways, and so on23:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!