/srv/irclogs.ubuntu.com/2009/01/23/#ubuntu-server.txt

=== chuck_ is now known as zul
ziggles1	Anyone know what this error means? libvir: QEMU error : internal error QEMU quit during monitor startup	01:12
ziggles1	cant find anything useful in my logs :/	01:12
kansan	how do i set the sudo password?	01:24
mathiaz	kansan: it's your normal user password.	01:31
mathiaz	kansan: there isn't such thing as a sudo password.	01:31
kansan	ok	01:34
kansan	how do i change a user's password?	01:34
mathiaz	kansan: using the passwd command	01:35
kansan	say i want to change user 'admin'	01:35
kansan	if i'm logged in from 'root'	01:36
mathiaz	kansan: passwd admin	01:36
kansan	can i make it so that the admin user doesnt need to type a password when doing sudo tasks	01:37
kansan	how do i list all user accounts enabled?	01:37
jmarsden\|work	kansan: users]	01:38
kansan	if i log in from a private key... what user will i be	01:38
kansan	when i log in?	01:38
jmarsden\|work	Type who am i to find out who you are.	01:38
kansan	hahahah	01:39
kansan	oh it actually works	01:39
jmarsden\|work	Of course!	01:39
kansan	i thoguth you were jokin	01:40
kansan	didnt seem to be a unix command	01:40
jmarsden\|work	I wouldn't do that to a newcomer to Linux/Unix.	01:40
jmarsden\|work	You can type man who to find out more about the who command	01:41
PC_Nerd	Hi, I dont have an 8.04LTS iso, but I have 8.10 and 7.10. Can I downgrade/upgrade to 8.04 from those easily. does 7.10 upgrade defualt to the most recent (8.10) etc, and will 8.10 let me downgrade. ?	01:43
storrgie	hey quick question, i have a server setup on a T1 currently using A records for my domain to point to the servers address.... would it be better to figure out	01:43
jmarsden\|work	kansan: To make the admin user be able to use sudo without every typing a pw you can edit /etc/sudoers to do that... but it's probably a bad idea.	01:43
jmarsden\|work	storrgie: You never really finished your question, I think, or it was truncated? Last words you posted were "would it be better to figure out" -- were there more?	01:47
storrgie	DNS i meant	01:47
jmarsden\|work	Figure out DNS how? If you have A records you already have DNS, A records are one kind of DNS record...?	01:48
storrgie	well ok I am very new to this idea	01:49
storrgie	from what I understand it might be better for me to do a reverse lookup from my server	01:49
storrgie	because right now if i tracerout my domain	01:49
storrgie	it gets stuck at the reverse dns that my ISP has in place	01:49
storrgie	it doesnt go all the way home to my webserver	01:50
cjwatson	PC_Nerd: downgrading between releases isn't supported (you can downgrade individual packages if you know what you're doing, but I've been working with Debian-based systems for ten years and I wouldn't attempt a downgrade across releases ...)	01:50
storrgie	but since the A-record is set to hit the IP the webserver is on... my website works	01:50
cjwatson	PC_Nerd: you can upgrade from 7.10 to 8.04 easily	01:50
cjwatson	PC_Nerd: the upgrader should default to 8.04, since it would have to go via that to upgrade to 8.10 anyway	01:50
PC_Nerd	ok - and ( Im about to put the 7.10 iso on my usb for booting) do I have to make any specific changes... ?	01:50
PC_Nerd	sorry: any changes in order to stop it from upgrading to 8.10	01:51
PC_Nerd	?	01:51
cjwatson	no	01:51
cjwatson	it'll tell you what it's about to upgrade to, anyway	01:51
cjwatson	so you can check to make sure	01:51
storrgie	jmarsden\|work: get what I am saying?	01:52
jmarsden\|work	storrgie: So your real question is "how can I make traceroute work all the way to my server?"	01:52
PC_Nerd	ok fantastic. - thats cleared up that.. jsut in time for me to finally ( and right at the most inopportune time:P) to find the 8.04 DVD for server edition :P thanks!	01:52
storrgie	jmarsden\|work: yes that would be the question... because right now apache says that it doesnt know its full domain name and just says its listening on 127.0.0.1	01:52
jmarsden\|work	That may actually be a totally different thing from traceroute...!	01:53
storrgie	jmarsden\|work: want me to get the exact thing?	01:53
jmarsden\|work	storrgie: To get the apache warning to go away... you may need to edit /etc/hosts file... can you pastebin that file for me?	01:55
storrgie	jmarsden\|work: yes I can, one moment. And thank you for the assistance	01:55
storrgie	jmarsden\|work: one issue, just checked my logs and i am seeing CRITICAL: cannont initialize libpolkit	01:58
kansan	jmarsden, how would i i change it so that admin user can do anything without typing passwd?	01:58
jmarsden\|work	storrgie: That's probably a different issue (are you trying to use selinux?)	01:59
storrgie	jmarsden\|work: nope, i am not	01:59
jmarsden\|work	kansan: read the file, the info is in there, also man sudoers	01:59
kansan	admin ALL=(ALL) NOPASSWD: ALL	01:59
jmarsden\|work	kansan: Looks right; did it work?	02:00
storrgie	jmarsden\|work: check PM	02:01
cjwatson	storrgie: I'd like to see that /etc/hosts as well, since I'm currently working on the bug on that subject	02:02
storrgie	cjwatson: sure	02:03
cjwatson	and more data wouldn't hurt	02:03
jmarsden\|work	storrgie: OK, let's get the Apache/ hosts file/DNS thing sorted first and then look at libpolkit.	02:03
storrgie	cjwatson: do you have a bug filed in launchpad?	02:03
storrgie	jmarsden\|work: sure thing	02:03
kansan	its frankly ridiculous: sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... doesnt require a passwd when i do it on the box; but when i use capistrano, it prompts me for a password	02:03
cjwatson	storrgie: bug 8980	02:03
uvirtbot`	Launchpad bug 8980 in network-manager "hostname -f does not return a proper FQDN" [Medium,Confirmed] https://launchpad.net/bugs/8980	02:03
jmarsden\|work	storrgie: I'd suggest you remove lines 3 and 4 from that file, and also it might be good to pick ONE domain name and only have one entry for 192.168.0.4 in there?	02:04
cjwatson	so far I've identified a definite bug in network-manager (but not active with current code) and a confusing UI in netcfg that still remain	02:04
cjwatson	oh, that /etc/hosts was clearly written by hand?	02:05
cjwatson	the installer definitely never writes anything like that	02:05
cjwatson	yes, you should only have any given name in one line of /etc/hosts. I agree with jmarsden\|work	02:05
jmarsden\|work	cjwatson: Agreed. I am glad to see this getting fixed at that level though; I'd given up on the tools long ago and just always edit /etc/hosts!	02:05
storrgie	jmarsden\|work: i have blacklisted ipv6 so should I also just comment all the ipv6 info out?	02:06
cjwatson	jmarsden\|work: if you know of anything more than the network-manager bug and the confusing UI in netcfg (i.e. it isn't clear that you can give it a FQDN when it asks for a hostname), I'd like to hear it	02:06
cjwatson	storrgie: shouldn't matter	02:06
jmarsden\|work	storrgie: Not necessary. See http://pastebin.com/d40a64e4b for my suggested fix	02:07
jmarsden\|work	cjwatson: I'm not sure exactly how it gets there, but I see the 127.0.1.1 line in there when I have a static IP far too often. I've not tried to dupliocate the bug, always jsut edited the file and moved on.	02:07
cjwatson	jmarsden\|work: 127.0.1.1 is intentional and not a bug	02:08
cjwatson	oh, but when you have a static IP?	02:08
cjwatson	hmm, that is a bit odd	02:08
jmarsden\|work	Well, it is when you use DHCP, but not for static IP machines... right?	02:08
storrgie	jmarsden\|work: change anything in apache? or just do a reboot now?	02:08
cjwatson	right, sorry, I have a knee-jerk reaction to people complaining about 127.0.1.1 :-)	02:08
cjwatson	storrgie: shouldn't need to do anything more than restart apache, at most	02:08
jmarsden\|work	storrgie: Now just restart apache	02:08
kansan	what would: /etc/sudoers.full_access do?	02:09
storrgie	restarted, no issues it seems.	02:09
jmarsden\|work	storrgie: Good, so that's that taken care of.	02:09
cjwatson	jmarsden\|work: if you can reproduce that, I'd like to get copies of: /etc/hosts /etc/resolv.conf /var/log/installer/syslog /var/log/installer/cdebconf/questions.dat	02:09
jmarsden\|work	kansan: Nothing unless you move it to /etc/sudoers as far as I know!	02:10
storrgie	jmarsden\|work: i believe so, thank you and cjwatson. now for my question about the tracert... and there is one more after that :D	02:10
jmarsden\|work	cjwatson: Ok, I'll let you know if I can reproduce it.	02:10
cjwatson	I don't see any way in the current code in which you could get 127.0.1.1 for a static-IP setup, although I believe you when you say you've seen it	02:10
jmarsden\|work	cjwatson: Is it possible for a machine that was initial DHCP and then changed to static to accidentally keep that entry, maybe??	02:11
cjwatson	jmarsden\|work: changed when?	02:12
jmarsden\|work	storrgie: OK, can you pastebin me traceroute output from somewhere else to your server that shows the problem?	02:12
jmarsden\|work	cjwatson: By an admin configuring the machine a few hours later?	02:12
cjwatson	jmarsden\|work: depends how it was done, and would be entirely up to the admin, so certainly possible	02:13
jmarsden\|work	OK, that might be it.	02:13
cjwatson	if they just edited a bunch of files by hand, entirely plausible	02:13
cjwatson	I thought you meant it was a machine you'd installed yourself	02:13
PC_Nerd	does ubuntu server have a basic graphic output (terminal to a vga screen?) Im wanting to install it instead of desktop to mirror my VDS setup, but I also want ot be able to sit in front of it and use the terminal instead of ssh through another computer (its a tower server) ?	02:13
jmarsden\|work	But using the tools it shouldn't happen? OK.	02:13
cjwatson	jmarsden\|work: well, we don't provide any server-oriented tools to make that change, as far as I'm aware	02:14
cjwatson	on the desktop, goodness knows what gnome-system-tools and/or network-manager do	02:15
cjwatson	PC_Nerd: yes, text-only consoles by default	02:15
jmarsden\|work	cjwatson: Yes... those may have been desktop installs now I think about it.	02:15
PC_Nerd	fantastic thanks (didnt want to install just to find i have to do the other :)) thanks!	02:15
jmarsden\|work	storrgie: Ok, so you would like the last entry to read aether.storrgie.net or something like that?	02:18
storrgie	jmarsden\|work: yea that would be ideal... instead it just keeps going and going with * *	02:18
jmarsden\|work	Ah, you didn't show me any of those :) That is because a router is blocking the traceroute packets, not much you can do to change that unless you are the admin of that router. So 66.178.250.113 is not your server's public IP address?	02:20
storrgie	nope, thats the DNS	02:20
storrgie	i am admin of the router	02:20
PC_Nerd	ok..... unetbootin to create a bootable USB drive with ubuntu 8.04 server. It wont install because it cant find a CD drive, however the server has no CD drive. How can I install ubuntu server from a USB?	02:20
storrgie	113 is the DNS	02:20
jmarsden\|work	You admin the computer/router/box that has IP address 66.178.250.113? Is it a Ubuntu box?	02:21
storrgie	nope the machine that is 113 is the DNS controlled by my ISP... im sure I could request something... what should I be asking for?	02:21
storrgie	wait, let me explain	02:22
storrgie	113 is the DNS	02:22
storrgie	however, the IP i am using is 114	02:22
jmarsden\|work	I'm confused... what traceroute command did you type to get the output you pastebinned?	02:22
storrgie	tracerout storrgie.net	02:22
jmarsden\|work	OK, let me try that from here...	02:22
storrgie	the A-record is pointing towards 66.178.250.114	02:22
storrgie	the router that I control has that IP assigned to it	02:22
storrgie	and the webserver, this ubuntu box is behind that router	02:23
jmarsden\|work	OK. You would need to ask the admin of 66.178.250.113 to configure it to that traceroute packets for .114 are allowed through it; then you would need to ask whoever manages DNS for 250.178.66.in-addr.arpa. to set the PTR record for .114 to say storrgie.net	02:24
jmarsden\|work	s/to that/so that/	02:25
storrgie	why? 250.178.66.in-addr.arpa.	02:25
jmarsden\|work	That is now reverse DNS works, basically. dig -x 1.2.3.4 looks up the PTR record for 4.3.2.1.in-addr.arpa.	02:27
storrgie	so how do I make contact there? I can get ahold of my ISP... but the in-addr.arpa i am confused about	02:28
jmarsden\|work	It is probably your ISP who controls that part of the address space.	02:28
storrgie	ok my last question for the night is this, when I ssh into this machine there is a 30-40 second wait until I get the prompt	02:30
storrgie	if i ping the address, its like 30-40ms, so its not high latency	02:30
jmarsden\|work	It is doing some sort of lookup that is failing and timing out. Possibly a DNS lookup of some sort.	02:31
jmarsden\|work	What is in /etc/resolv.conf and does whatever is there do the right thing for the hostname of your server?	02:31
jmarsden\|work	OK, I would change domain and search to have sane values, perhaps both storrgie.net in your case.	02:33
jmarsden\|work	Then I would check that the DNS servers at 192.168.0.1 and 192.168.1.1 are both reachable and can resolve storrgie.net	02:33
storrgie	so like	02:34
storrgie	storrgie.net.invalid	02:34
jmarsden\|work	No, just domain storrgie.net and search storrgie.net	02:35
storrgie	ok, doing a reboot after all the settings	02:35
jmarsden\|work	No need.	02:35
jmarsden\|work	Reboots are for Windows :)	02:35
storrgie	jmarsden\|work: :D i know, its just such old habit	02:36
storrgie	jmarsden\|work: ever use webmin?	02:36
jmarsden\|work	Yes... amd I now going to another whole set of questions? :)	02:36
kansan	why in the world does: sudo -p 'sudo password: ' cp /tmp/roles.yml /etc/ec2onrails .... via capistrano prompt me for a password when its simply not needed? /etc/sudoers file: admin ALL=(ALL) NOPASSWD: ALL	02:37
storrgie	just one	02:37
jmarsden\|work	But webmin on Ubuntu is officially not recommended any more.	02:37
jmarsden\|work	OK.	02:37
storrgie	jmarsden\|work: would u suggest anything else?	02:37
jmarsden\|work	The official Ubuntu equivalent is ebox but I have not used that. I use webmin/virtualmin on some non-Ubuntu servers.	02:38
storrgie	question: i noticed when i was doing a netstat -tlup that the port my webmin was running on was taking a long time to check. So i went into the webmin interface and told it not to listen to UDB 10000 anymore.... and now as you can guess I have no webmin	02:38
jmarsden\|work	Yes, port 10000 is where it runs the admin UI by default.	02:39
storrgie	yeppers, i just didnt want it to be on UDP anymore so i set it to listen on tcp 192.168.0.4	02:40
storrgie	however, that would be the box its running on... so i was wondering if there is a config file some place i can fix	02:40
jmarsden\|work	UDP? It shouldn't be listening on a UDP port, as far as I know...	02:40
storrgie	i could rip it out and try ebox	02:40
jmarsden\|work	There is, let me check on a RHEL server I have that runs webmin...	02:40
storrgie	i have ben cat'ing files for about 10 minutes with no luck	02:41
jmarsden\|work	Try /etc/webmin/miniserv.conf	02:41
jmarsden\|work	First line in mine is port=10000	02:41
storrgie	whats the bind parameter set to?	02:42
storrgie	ok its back up, thanks!	02:43
jmarsden\|work	I don't see a bind param, I probably just listen on all interfaces. ... Good! No problem.	02:44
storrgie	should I try ebox?	02:44
jmarsden\|work	Sure, if you are in a position to switch now (when the server is new) is a good time to do so. You'll find more Ubuntu folks who can help with ebox than with webmin.	02:45
jmarsden\|work	Did the ssh delay issue go away too?	02:46
storrgie	yes it did, which is great	02:48
rdw200169	storrgie, if you really want webmin, you can still install it from the sources on their website	02:48
storrgie	i have been using it, i dont mind it.... i just would like to see if ebox is nicer	02:49
rdw200169	storrgie, personally, i dislike ebox, it does too much to the inner workings of a system, but that's just me, i like control ;)	02:49
jmarsden\|work	storrgie: OK, well I think we've answered all your questions... I'm going home to eat :)	02:49
storrgie	jmarsden\|work: thanks bud, I will start sticking around here and helping people out too	02:50
rdw200169	storrgie, just keep in mind that even if you uninstall it, there's still a little left: it doesn't quite get rid of all the changes it makes, i.e. there's cruft left in the ifup / ifdown scripts (grr...)	02:50
storrgie	rdw200169: talking about ebox?	02:50
rdw200169	yes	02:50
storrgie	rdw200169: i wouldnt mind it really, as long as things work OK	02:50
storrgie	webmin is fine	02:50
storrgie	i really only use webmin for apache stuff anyway	02:51
rdw200169	it is very good at setting up the virtual servers!	02:51
storrgie	rdw200169: should i try it? im kinda scared... haha	02:52
rdw200169	ebox or webmin?	02:52
storrgie	im runnng webmin now	02:52
storrgie	i was talking about trying ebox	02:52
storrgie	im not sure how i installed webmin	02:52
storrgie	it was a month or so ago	02:53
rdw200169	well, it should't cause any major issues	02:53
storrgie	does it do apache well	02:53
rdw200169	but it's been a while since i tried it	02:53
rdw200169	i don'	02:53
rdw200169	't think so	02:53
rdw200169	my initial impression of it was: "this does everything i want it to do, if i don't want to do anything my way"	02:53
rdw200169	but that's just my impression ;)	02:54
storrgie	so maybe stick with webmin	02:54
rdw200169	you can check out ebox-platform.com to learn more about it	02:54
PC_Nerd	Hi, attempted to use unbootin to create a bootable usb for server 8.04. but it refuses to run without a CD drive (and pressumably the CD). the server doesnt have an optical drive. Ive also tried the "create bootable usb" from teh system adminstration menu on desktop 8.10 (using the 8.04 server iso). any ideas on installing ubuntu server via usb without an optical drive?	02:54
philsf	I'd like some suggestions on what to use for backing up a live system to a removable HD	02:55
philsf	I eliminated rsync because I'd like the backups to be encrypted	02:55
philsf	(afraid of HD theft). I'm currently using dar manually, and am in the process of making a	02:55
rdw200169	i just didn't care to much for the fact that it uses so many services to do it's job...	02:55
philsf	personalized script for automation of differential encrypted backups with dar, but maybe there are	02:55
philsf	similar stuff already done out there	02:55
philsf	what are people here using?	02:55
storrgie	philsf: i would like to know too, thats something interesting to do	02:56
rdw200169	philsf, well, you could try something like etckeeper, or a version control system, like bzr, svn, cvs, etc...	02:56
rdw200169	etckeeper is a tool for easily backing up /etc using a version control system, using either mercurial or bzr	02:56
* hads uses rdiff-backup		02:57
rdw200169	b/c you don't need to back up everything, just your configurations, and personal directories, like /var/www	02:57
philsf	rdw200169: no, I'm asking for a backup solution of files of a whole system, including user files	02:57
hads	If you want it encrypted, encrypt the disk.	02:57
rdw200169	philsf, again, a comprehensive svn setup, for example, could make that very easy	02:57
rdw200169	philsf, this is what i prefer anyway	02:58
rdw200169	philsf, just have the svn repo (for example) exist on the external source, whatever that may be	02:58
storrgie	rdw200169: question regarding virtual servers... Do i need to create a virtual server for TEST.net and www.TEST.net	02:58
storrgie	if i want them both to resolve to the same place on my machine	02:58
hads	Apache?	02:59
rdw200169	PC_Nerd, did you make sure your BIOS supports booting via USB	02:59
rdw200169	storrgie, well, i'm not great with apache, but i use a couple virtual servers, mostly for my 2 domains, randywallace.com and greamin.com which run on the same IP	02:59
storrgie	so if i type in randywallace.com	03:00
storrgie	it will go there	03:00
rdw200169	storrgie, yes	03:00
storrgie	but what if i type www.randywallace.com	03:00
rdw200169	storrgie, of course	03:00
hads	ServerAlias	03:00
rdw200169	storrgie, the same,	03:00
rdw200169	storrgie, i use a ServerAlias like hads suggests	03:00
storrgie	rdw200169: did u have to add a virtual server for both of those names, www.randywallace.com and randywallace.com?	03:00
storrgie	hads: hows that work?	03:01
rdw200169	storrgie, no, just a Server Aliasw	03:01
rdw200169	for example, here's my entry	03:01
PC_Nerd	it supports booting usb, goes through detecting keyboard (all from after booting usb in bios.... running the serve rinstallation) and the next step after keyboard and language is to detect a CD drive.... from there it wont work because of a lack of optical drive :P	03:01
rdw200169	DocumentRoot /var/www/randywallace.com	03:01
rdw200169	ServerName www.randywallace.com	03:01
rdw200169	ServerAlias randywallace.com	03:01
rdw200169	PC_Nerd, oh, i see!	03:01
hads	ServerAlias *.example.com	03:01
rdw200169	yeah, that'll do it too, i didn't want to do that, so i can have ldap.example.com for other things, etc... etc...	03:02
rdw200169	storrgie, if you didn't know, you can use zoneedit.com to manage your DNS, it's really powerful and has ALL the DNS related features you want, for free!@	03:02
rdw200169	storrgie, that, and they support 'dynamic dns' for changing the IP address for those out there (like me) that recieve dhcp from their internet provider	03:03
storrgie	i have my domains through register.com	03:03
storrgie	they have great services	03:03
storrgie	what i was wasking about was	03:03
storrgie	at register.com	03:03
PC_Nerd	rdw200169: so any suggestions on getting around the "required" optical drive?	03:03
rdw200169	just throwing that out there ;) i really like it	03:03
storrgie	i setup A-records to point to my servers IP	03:03
rdw200169	PC_Nerd, Well, you can try skipping that step, by using debconf in expert mode	03:04
storrgie	but my server needs to know what to do with those requests when they come in, thats wuat virtual servers are for right?	03:04
philsf	I was thinking if I encrypted through gpg, I could automate the backup without	03:04
rdw200169	PC_Nerd, well, the debian-installer	03:04
philsf	entering a password into config files, comments?	03:04
hads	Encrypt the disk	03:04
rdw200169	PC_Nerd, that, and i don't know if you're aware of this, it's pretty obscure, but when that step presents it self, you can actually switch TTY's to see the actual console output from the installation	03:05
rdw200169	PC_Nerd, i think it's tty4 so Ctrl+alt+f4	03:05
PC_Nerd	tty's ?	03:05
philsf	hads: do you have any personal recommendation on wether to use ecrypt, or encfs (or something else)?	03:05
rdw200169	PC_Nerd, the debian installer actually uses several tty's during the installation	03:05
philsf	*ecryptfs	03:05
rdw200169	PC_Nerd, you can get a console from a couple of them i believe while it's installing.	03:05
PC_Nerd	tty's? Im aware they exist in /dev but I havent a clue on what they do.	03:06
storrgie	rdw200169: are you running 5 nics in your server? hahaha awesome	03:06
rdw200169	PC_Nerd, i generally switch tty's during the package update to make sure there aren't any timeouts (i've had some very bad internet over the years)	03:06
rdw200169	storrgie, actually, 6	03:06
storrgie	rdw200169: why so many?	03:06
rdw200169	storrgie, they were cheap, 15$ per gig-ethernet card	03:07
rdw200169	storrgie, and the application required 4 internet connections	03:07
hads	philsf: I've used dm-crypt	03:07
storrgie	rdw200169: what is it used for?	03:07
rdw200169	storrgie, instead of using a switch, and dealing with that routing problem, i built the server w/several nics so routing would be easy and reliable	03:07
rdw200169	storrgie, the situation was: i deployed to iraq about a 2 years ago, and we planned on setting up a ISP using satellite connections	03:08
storrgie	oh really	03:08
storrgie	wait, your own ISP? through sat cons?	03:08
rdw200169	storrgie, we needed to figure out how to provide internet to ONE network using several internet connections	03:08
rdw200169	storrgie, yes, HughesNet, it was hell ;)	03:09
storrgie	so load balance between several	03:09
storrgie	that box sat there and mitigated multiple satelite connections?	03:09
rdw200169	storrgie, we decided against that because of the https problem	03:09
PC_Nerd	ok.... ive "skipped" the cd part to "Load debconf preconfiguration file" "The file needed for preconfiguration could not be retreived from file:///cdrom/pressed/ubuntu-server.seed The installation will procceed in non-automated mode. " how can i make that select it from the usb drive?	03:09
rdw200169	that file doesn't do anything except install the package linux-server, the kernel for the server	03:10
storrgie	rdw200169: well i bookmaked your notes, ill check this out... its pretty awesome	03:10
rdw200169	so, you may want to just install that post-installation	03:10
rdw200169	storrgie, from greamin.com/server, you may want to check the file for the UbuntuGateway project	03:10
rdw200169	storrgie, that's where all the routing, firewalling, and traffic shaping took place	03:11
storrgie	awesome	03:11
cjwatson	PC_Nerd: you could try putting the netboot installer image on a USB stick and booting it	03:11
rdw200169	the logfile is most useful, for understanding how i did it	03:11
storrgie	rdw200169: what do you use to draw your topology diagrams?	03:11
rdw200169	from RichNet?	03:11
cjwatson	PC_Nerd: 8.04 didn't have the necessary bits to support the stuff you're trying to do properly, I'm afraid	03:11
PC_Nerd	netboot? is that to boot over a network?	03:11
rdw200169	i used inkscape, and i've also used OmniGraffle	03:12
rdw200169	i love OmniGraffle, it's the best outliner, but it requires me to use MacOS, which I rarely do	03:12
storrgie	inkscape for linux?	03:12
PC_Nerd	the server bios ( i think its the bios?) has a boot PXE option... and I know the network settings like the back of my hand.... so can I "boot" the server from a live CD or live USB on a laptop on the network? (basic 3 computer network) ?	03:12
cjwatson	PC_Nerd: normally, but you can boot the same images by any method you like - the key is that they'll fetch all their bits over the network later rather than relying on local storage like CD or USB	03:12
rdw200169	storrgie, yup, it's there	03:12
cjwatson	PC_Nerd: you don't need to pxeboot in order to use the netboot images; you just need to be able to tell a bootloader to boot them	03:13
rdw200169	PC_Nerd, seriously, there's not a problem skipping the ubuntu.seed file	03:13
PC_Nerd	ok.... ill skipp it.	03:13
storrgie	was this:http://greamin.com/server/_images/RichNet6.png done in inkscape?	03:13
cjwatson	rdw200169: sure, but it isn't going to get much further if it doesn't have /cdrom	03:13
PC_Nerd	hang on ill continue on.	03:13
rdw200169	storrgie, yes	03:13
cjwatson	it'll just fail again	03:13
storrgie	rdw200169: awsome,	03:13
rdw200169	cjwatson, i don't know, i've never tried...	03:13
cjwatson	rdw200169: I know	03:13
rdw200169	cjwatson, seems like that's a major problem with the installer!	03:14
cjwatson	what, that the CD installer needs a CD?	03:14
cjwatson	hardly.	03:14
rdw200169	cjwatson, if only they would enable serial access by default	03:14
rdw200169	cjwatson, i find it so irritating having to rebuild the CD just for Serial Access	03:14
rdw200169	cjwatson, for headless setups	03:14
rdw200169	cjwatson, that, or build and ISO for usb	03:15
rdw200169	cjwatson, *an	03:15
cjwatson	err, surely you just need to pass the right console= for serial access?	03:15
storrgie	rdw200169: quick question, how do u draw out the switches hubs etc... did u have to go get those images or are they in the software?	03:15
cjwatson	rdw200169: yes, that's improved in 8.10, but in the meantime he can use the netboot images	03:15
PC_Nerd	ok.... so i need to look up a netboot tutorial then... ok	03:15
rdw200169	cjwatson, yes, change the special line in the grub file to add serial access, then there's the	03:16
rdw200169	cjwatson, upstart file that also needs to start the serial tty	03:16
cjwatson	the installer ought to do that already	03:16
rdw200169	cjwatson, nope	03:16
cjwatson	I definitely remember writing a deal of code for that	03:16
rdw200169	cjwatson, in 8.10, which i've recently rebuilt, does not do serial, at all, post installation	03:17
cjwatson	my changelog says April 2007	03:17
PC_Nerd	urgh :P why does it have to be so complicated. lol ill look up a tutorial/discussion online. bbs	03:17
cjwatson	rdw200169: I would like you to file a bug report about that with full details and logs. It's meant to work.	03:17
rdw200169	cjwatson, i also have had to change the bootloader for the cd to allow serial access	03:17
cjwatson	That would be a lot more helpful than quietly rebuilding the CD for yourself!	03:17
rdw200169	cjwatson, here, i've got what i did here: http://greamin.com/server/server_guide.html	03:17
cjwatson	also, the CD bootloader is supposed to fall back to something serial-friendly on serial console. If that isn't working, I need a bug report.	03:17
cjwatson	bug report, please	03:18
cjwatson	it's 3:20am here, I'm not going to remember something you tell me on IRC	03:18
rdw200169	cjwatson, i posted a bug report on upstart not having a serial access, but i don't think anything has come about from it	03:18
storrgie	rdw200169: where did u get the images for these diagrams?	03:18
cjwatson	finish-install has had code to deal with upstart's event files for nearly two years	03:18
rdw200169	cjwatson, it's not that big of a deal for me, i do a lot of other stuff from rebuilding too, like installing a bunch of packages post-install	03:19
cjwatson	rdw200169: please. file a bug. I need to know.;	03:19
cjwatson	don't just quietly sit and suffer (even if it isn't that big a deal)	03:19
rdw200169	cjwatson, for what? upstart?	03:19
cjwatson	debian-installer	03:19
cjwatson	launchpad.net/ubuntu/+source/debian-installer, that is	03:19
rdw200169	cjwatson, ah, but the problem is 4-fold	03:19
cjwatson	then file four bugs	03:20
rdw200169	cjwatson, well, 1/4 !	03:20
cjwatson	I'll send them off to the right places as appropriate	03:20
cjwatson	the only bug I can find about serial console handling not working right now is ia64-specific	03:20
rdw200169	cjwatson, i'm talking about adding it to isolinux.txt, so it will boot headless	03:21
rdw200169	cjwatson, debian-installer never had a problem running serial, it's getting isolinux to do it from the start	03:21
cjwatson	you made comments above about e.g. grub/upstart configuration that are supposed to be handled by debian-installer. If those aren't working out of the box then they're d-i bugs.	03:22
cjwatson	isolinux configuration is obviously trickier since it needs to work headful as well	03:22
rdw200169	cjwatson, exactly	03:23
rdw200169	the debian-installer things can be fixed post-installation, but isolinux, obviously, cannot	03:23
cjwatson	I'm not so worried about that (there's always the netboot option), but I do need and want to know about the d-i bugs. I maintain d-i in Ubuntu.	03:23
rdw200169	cjwatson, OH!	03:23
cjwatson	why did you think I was repeatedly asking for bug reports? :-)	03:24
rdw200169	cjwatson, is there any way you can also add an option for SSH post boot?, i.e. after a timeout?	03:24
cjwatson	ok, so not attempting to think about feature requests at 3:25am ;-)	03:24
rdw200169	i'm just curious... would that be a launchpad blueprint?	03:25
cjwatson	wishlist bug	03:25
rdw200169	cjwatson, ah, ok, i will do these things you suggest	03:25
cjwatson	blueprints are heavyweight things and are design documents to be created by developers only	03:25
rdw200169	i can't write one?	03:25
cjwatson	you generally shouldn't	03:25
rdw200169	hence, the 'wishlist but'	03:26
cjwatson	you can - but it is unlikely to be more helpful than filing a wishlist bug	03:26
rdw200169	right.	03:26
cjwatson	the point of blueprints is to be software design documents, and those need to be written by software designers	03:26
rdw200169	sounds good, thank you for the help!	03:26
cjwatson	no problem, it'll be worth it to get it working better out of the box	03:27
cjwatson	even though it's thoroughly weird that it doesn't already	03:27
cjwatson	('apt-get source finish-install' and poke around there and you'll see the code)	03:27
cjwatson	I'm not sure what an option for SSH post-boot would be. Surely that's just installing the openssh-server package, having configured a user?	03:28
rdw200169	cjwatson, it's an obscure debian-installer feature i found from some obscure place in the debian dungeon	03:29
cjwatson	I know what you're talking about before the first reboot (network-console)	03:29
storrgie	rdw200169: hey, where did u get those images for your diagrams?	03:29
cjwatson	but I interpreted "post boot" to mean "after the first reboot, once the installer is done"	03:29
rdw200169	cjwatson, it was really difficult to get right, but i was pretty proud when i did	03:30
cjwatson	you know it's documented in the Ubuntu installation guide?	03:30
rdw200169	cjwatson, what it does, is start a ssh server really early in the debian-installer, so you can continue installation over ssh	03:30
rdw200169	cjwatson, this works really well for headless setup	03:30
cjwatson	yes, I know about it and have contributed to it	03:30
rdw200169	ppend file=/cdrom/preseed/ssh.seed initrd=/install/initrd.gz	03:31
rdw200169	console=tty0 console=ttyS0,38400n1 priority=critical quiet -- console-setup/ask-detect=false console-setup/layoutcode=en_US.UTF-8 auto-install/enable=true	03:31
cjwatson	auto-install is not supported on Ubuntu	03:31
cjwatson	by that I mean the auto-install/enable bit, not automatic installation in general	03:31
rdw200169	but it requires something like this, in isolinux.txt	03:32
rdw200169	then the seed file sets up some really basic things, including netcfg, then anna sets up network-console	03:32
rdw200169	and gives it a password,	03:32
rdw200169	cjwatson, well, it's always worked for me, incl. 8.10	03:33
cjwatson	you just aren't in fact using auto-install :-P	03:33
rdw200169	yes, i am!	03:33
cjwatson	it's in universe, it can't possibly be used by the installer	03:33
cjwatson	I don't believe you, unless you're rebuilding the installer initrd	03:33
rdw200169	nope, it works	03:33
cjwatson	auto-install is not even in our installer initrds	03:33
rdw200169	i've tested it about 1000 times in virtual box	03:33
rdw200169	i stopped unpacking init.rd when i figured out how to do preseed/late_command for all the other crazy stuff, like adding ttyS0 to upstart	03:34
cjwatson	auto-install/enable does have some effect on localechooser and possibly other components, but the guts of it are not present and I will not deal with bug reports from people attempting to use the half-broken bits that exist	03:35
cjwatson	I tried to make sure to rip out all the documentation of it from the Ubuntu installation guide until such time as we support it properly	03:36
rdw200169	cjwatson, that's understandable	03:36
cjwatson	(which involves figuring out how to make it work properly with console-setup and the like - I'm not just being capricious here)	03:36
rdw200169	oh no, i understand completely	03:36
rdw200169	for me it works, i use all the defaults for console-setup, so i never run into issues	03:37
cjwatson	therefore, I recommend removing auto-install/enable=true and finding out whether your problems with serial console access are still reproducible without it	03:37
cjwatson	because other people have told me that that stuff works	03:37
cjwatson	(I don't own the relevant hardware myself)	03:37
rdw200169	auto-install is only for SSH installation	03:37
cjwatson	false	03:37
cjwatson	anna/choose_modules=network-console is the key thing to enable SSH installation	03:38
rdw200169	it get's past all the locale stuff, so it will run the ssh server for debian-installer without user intervention over serial	03:38
cjwatson	yes, I am aware of that, but that doesn't make it only for SSH installation	03:38
rdw200169	that option, still necessary, does not get you past the locale stuff	03:38
cjwatson	you could just preseed the locale stuff	03:38
cjwatson	you don't need auto-install to do that	03:38
rdw200169	i tried that desperately, but i could never get it right	03:39
cjwatson	I am happy to help with that, as it is not hard	03:39
rdw200169	the installer was stubborn about asking those questions no matter what	03:39
cjwatson	your console-setup/layoutcode is wrong above, to start with	03:39
rdw200169	and documentation on writing preseed files is...	03:39
cjwatson	in the Ubuntu installation guide	03:39
rdw200169	when i started all this, it was with 7.10	03:40
cjwatson	you probably just need 'locale=en_US console-setup/layoutcode=us' on the kernel command line	03:40
cjwatson	the 7.10 installation guide documented preseeding too	03:40
rdw200169	i've tried that, and it still insisted on asking those question	03:40
cjwatson	perhaps you would be better off starting from what the d-i maintainer in Ubuntu tells you is right and debugging from there, rather than starting from somewhere else, though? ;-)	03:41
rdw200169	it was very frustrating	03:41
rdw200169	well, i'll try it again	03:41
cjwatson	note that you MUST put this on the kernel command line	03:41
cjwatson	in your web page, you recommend putting locale/keyboard configuration in a preseed file on the CD, which is totally useless	03:42
rdw200169	that may have been where i failed ;)	03:42
cjwatson	the preseed file is read from the CD well after locale/keyboard configuration takes place in the installer	03:42
rdw200169	yeah...	03:42
cjwatson	the installation guide documents this problem	03:42
rdw200169	hey, it works, right? (yes! amazing!)	03:42
rdw200169	i'm still very proud that I even got it to work!	03:43
cjwatson	you've managed to make a number of mistakes cancel each other out somewhat ;-)	03:43
cjwatson	however, it's still better to do it properly	03:43
rdw200169	of couse	03:44
rdw200169	*course	03:44
cjwatson	documentation of preseed ordering> https://help.ubuntu.com/8.04/installation-guide/i386/preseed-contents.html	03:44
cjwatson	(to be read in context of the rest of that chapter)	03:44
storrgie	later guys, thanks for the help tonight	03:45
cjwatson	given proper preseeding, auto-install isn't necessary; the thing that auto-install is good for is deferring questions until after ssh is up, but if you didn't want the questions asked in the first place then that's kind of the long way round	03:45
cjwatson	well, one thing that auto-install is good for, anyway	03:46
cjwatson	it's actually a much more complex autoinstallation system	03:46
cjwatson	and its behaviour with respect to ssh is really just a side-effect of the way it handles configuration in general	03:47
rdw200169	cjwatson, yes, i much preferred having the questions asked later!	03:47
cjwatson	noted, but there is a good reason those come first	03:48
cjwatson	we ask for locale first so that we can display questions the user will understand; we ask for keyboard after that so that the user can type responses that the installer will understand	03:48
rdw200169	cjwatson, yes, for international setup, i wonder how you could do that with SSH...	03:48
rdw200169	cjwatson, personally, i find this to an incredibly useful feature, considering the applications of a server in a headless environment; for me, the people i help run linux server(s) don't have monitors (they're deployed overseas)	03:50
cjwatson	network-console should pick up the locale from previous configuration, although of course keyboard interpretation is handled at the far end	03:50
cjwatson	oh, certainly, it's great. but it really isn't that hard to set up with the default images :)	03:50
cjwatson	locale=en_US console-setup/layoutcode=us anna/choose_modules=network-console and you should be set, possibly with a bit of network preseeding thrown in there	03:51
cjwatson	anyway, well past bedtime	03:51
rdw200169	alright, goodnight my friend, and thank you for the help!	03:51
cjwatson	thanks in advance for the bug reports :)	03:51
rdw200169	you have NO IDEA how much I've wanted to actually communicate with someone who knows something about debian-installer!	03:52
cjwatson	#ubuntu-installer is happy to take queries	03:53
PC_Nerd	im trying to install the server edition via netboot.... I get to custom DHCP details, and it says "bad archive mirror". im running apache2 from my computer, can access it via the same details. the iso was unzipped to that directory. any suggestions on getting netboot working?	03:56
kansan	how do i run mkfs.xfs on ubuntu hardy server?	03:57
sommer	kansan: do you have the xfsprogs package installed? it should be part of that package	04:15
scunizi	I just loaded 8.10 server into a vm in vbox.. on boot it says that the kernel is wrong and needs pae.. or something like that.. It won't boot into recovery mode either.. Any suggested solutions?	04:21
rdw200169	scunizi, well, virtualbox won't boot the server build of the kernel, i.e. linux-server	04:25
rdw200169	scunizi, reluctantly, it requires a really pain-in-the-butt method of post-install linux-generic	04:26
rdw200169	scunizi, before restart	04:26
rdw200169	scunizi, so, post install, before restart, go to the option to open a shell in the debian-installer menu; then, in the shell, chroot to the /target directory	04:26
rdw200169	scunizi, then, you have to readd the ubuntu-server cd, i.e. apt-cdrom add	04:27
rdw200169	scunizi, then, if there isn't internet access, you have to comment the internet related lines in /etc/apt/sources.list so you can perform another apt-get update	04:27
rdw200169	scunizi, then, you can apt-get install linux-generic	04:28
rdw200169	scunizi, that, or you can just mount the cd, copy the .deb from the cd to the /target directory somewhere, then dpkg -i after you chroot	04:28
scunizi	rdw200169, wow.. first thing.. how do I get to the option to open a shell in the debian installer menu? and by chroot you mean to change directories to /target which would be ??	04:30
rdw200169	scunizi, well, in the installer, you have the main menu, right, for example, the options are 'Partition disks' etc...	04:30
rdw200169	scunizi, there's an option on the very bottom, related to openning a shell	04:31
rdw200169	scunizi, really close to the bottom anyway, after Finish the installation	04:31
scunizi	ah.. in the actual installer.. I had missed tha.	04:31
scunizi	*that	04:31
scunizi	so.. can I get there without reinstalling?	04:31
scunizi	rdw200169, perhaps via "Rescue a broken system?"	04:33
rdw200169	try it	04:33
rdw200169	scunizi, if i remember correctly, that gives the option to open a shell	04:34
scunizi	rdw200169, haven't seen it yet but I'll go through the options and look.. thanks for the tips..	04:34
rdw200169	scunizi, you may have to change the debconf priority to a higher level, i can't remember	04:35
scunizi	rdw200169, that's beyond my level of expertise.. not sure what a debconf priority level is..	04:35
rdw200169	scunizi, there's an option to change it in the menu	04:36
scunizi	rdw200169, I'm at a place to choose "Execute a shell in /dev/sda1" (my choice for root) or "Execute a shell in the installer environment".. shall I throw a dart or pick #1	04:38
rdw200169	yes! the first one	04:38
scunizi	rdw200169, should I be able to initiate apt from here? it's giving me root access	04:39
rdw200169	yes, after a 'chroot /target'	04:39
scunizi	rdw200169, so I want linux-generic?	04:40
rdw200169	yes, do you have internet access already?	04:41
scunizi	yes	04:41
scunizi	used apt-cache search kernel	04:41
rdw200169	scunizi, yes, then apt-get install linux-generic	04:41
scunizi	cool.	04:41
scunizi	should the other kernel be uninstalled?	04:42
rdw200169	scunizi, it already is	04:43
scunizi	ah	04:43
rdw200169	scunizi, linux-server is the default, and it's the one that causes the problems	04:43
scunizi	rdw200169, you'd think that there would be an option on install to let the installer know that it's going into a vm.. :/	04:44
rdw200169	scunizi, it's more of a virtualbox problem than a linux problem	04:44
scunizi	rdw200169, I wonder if they are only peripherally aware of it..	04:45
rdw200169	scunizi, i don't know	04:45
dieselz	hello all - I am trying to figure out why i am getting loads of iptables tracking: any idea of what a call from sport=51879 to dport=22 from my computer to my server is?	04:59
dieselz	i've done a search on google, cant find much of anything	04:59
dieselz	i have an ssh connection up if that helps	05:00
ScottK	Is if from your IP address?	05:01
dieselz	yes	05:01
ScottK	That's your ssh connection.	05:01
ScottK	If it's a modern kernel it uses source port randomization. That's what sport is.	05:02
dieselz	if i have a log entry as the first entry in iptables' INPUT, will that log everything, whether its blocked or not?	05:02
ScottK	It's way too late at night here for me to be thinking about iptables rules.	05:03
dieselz	haha sorry	05:03
dieselz	i think i'm just an idiot and I am logging everything instead of just dropped packets	05:03
dieselz	N00bling things	05:03
rdw200169		05:03
rdw200169		05:03
rdw200169		05:03
ScottK	No problem.	05:03
rdw200169		05:03
rdw200169		05:04
rdw200169	whoops, dieselz i can help	05:04
dieselz	bueno	05:04
scunizi	rdw200169, worked like a champ .. thanks for the advice.. :)	05:04
dieselz	got this: LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: '	05:04
rdw200169	scunizi, hey, no problem	05:04
dieselz	i feel like i shouldn't	05:04
dieselz	i want to only track dropped packets	05:04
rdw200169	dieselz, then, right before your DROP target, put the LOG target	05:05
rdw200169	dieselz, that's the way most firewalls do it, namely firestarter	05:05
dieselz	what about -j LOGDROP ?	05:05
rdw200169	dieselz, yeah, you can do that too i suppose, i prefer the basic targets to prevent me any crazy iptables problems, i used to run into a lot of them when i would add features not in the ubuntu version ;)	05:06
dieselz	hmm, so if i just move that line down to before my DROP line, that'll have the same effect?	05:06
dieselz	(sorry)	05:06
rdw200169	dieselz, yes, if the packet is routed to another chain before the LOG target, it won't get logged	05:07
rdw200169	dieselz, iptables runs step by step, and leaves any particular chain once the packet is matched	05:07
rdw200169	dieselz, if its matched before reaching the LOG target, it won't get logged	05:08
dieselz	ah, great explanation - thanks.	05:08
rdw200169	dieselz, there's a great chart out there of how iptables works, i've got a copy here:	05:08
rdw200169	ftp://greamin.com/Documents/Linux%20Networking/Firewalling/ipTables%20and%20EbTables%20Packet%20Flow%20in%20Linux.png	05:09
rdw200169	dieselz, this helps make the 'packet flow' make a LOT more sense, you kinda have to stare at it for a while, but if you really think about it, it makes brilliant sense	05:10
rdw200169	dieselz, and clears up a lot of confusion about the tables and chains	05:10
dieselz	great - its taking a bit to download, but ill look it over	05:10
dieselz	another question (i'm just getting into server security btw) =>	05:10
rdw200169	shot	05:10
dieselz	i have iptables dropping all except what i need, i have chkrootkit running once daily	05:11
dieselz	and i am trying to setup AIDE	05:11
dieselz	anything im missing without going nuts on security?	05:11
rdw200169	AIDE?	05:11
dieselz	Advanced Intrusion Detection Environment	05:11
rdw200169	ah, yes, i was gonna suggest snort	05:11
dieselz	its not an NSA server, but I do collect Credit Cards, so I don't wanna be an easy target	05:12
rdw200169	i see, its good that you're being careful then!	05:12
dieselz	snort as a replacement to AIDE/chkrootkit? or in addition?	05:12
rdw200169	it's another IDS	05:12
dieselz	okay, i see it is also rule based	05:13
rdw200169	snort.org	05:13
rdw200169	ah, you also found it ;)	05:13
dieselz	reading now, looks like i have some hw to do	05:13
rdw200169	i assume, then, that you're also using https with a real certificate, etc...	05:13
dieselz	btw, check it out: mtooter.com	05:13
rdw200169	how are you managing account information, for your credit card people?	05:15
dieselz	i dont store it at all, it goes through paypal	05:15
rdw200169	oh, nevermind then!	05:15
rdw200169	then, you're not storing credit information at all?	05:16
dieselz	right, just going right through	05:16
dieselz	but if someone were to gain access to my php script, then they could send the data	05:16
dieselz	my server sees the CC info, my hard drive does not	05:17
rdw200169	but isn't paypal a full https redirection?	05:17
dieselz	not paypal pro	05:17
dieselz	https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing/general/PaymentSolutions-outside	05:17
rdw200169	you've baffled me then, you just said you only use paypal!	05:18
rdw200169	oh, i see	05:18
dieselz	paypal processes the CCs, but i take the information on my website	05:18
rdw200169	i didn't know that	05:18
dieselz	yea, its a nice, clean way to do it	05:18
dieselz	more risky, but much more professional	05:18
rdw200169	so, you're storing this information for your clients?	05:19
dieselz	no, i dont store anything =>	05:19
dieselz	user inputs CC info => server send CURL request to Paypal server => paypal server responds YAY or NAY => server shows user success or error message	05:20
rdw200169	well, i suggest that the best way to protect yourself, is by making sure there's not a ssh server (or telnet for that matter) to the outside world	05:20
rdw200169	https only would be the best	05:20
rdw200169	then, make absolute sure that your Apache configuration is rock-solid	05:21
dieselz	i agree, but i need to access my server through ssh	05:21
dieselz	know of any resources on hardening apache?	05:21
rdw200169	dieselz, alright, then make sure there's no root accounts	05:21
rdw200169	dieselz, and that your password is HUGE	05:22
hads	Nothing wrong with having ssh access open	05:22
rdw200169	hads, there is if the password is weak ;)	05:22
rdw200169	hads, on a root account...	05:22
hads	So, don't enable root and have a decent password.	05:22
rdw200169	yes	05:23
rdw200169	which is what i just said ;)	05:23
hads	That's just standard practice.	05:23
rdw200169	thanks for telling me i'm not blowing smoke out my hindquarter ;)	05:23
rdw200169	dieselz, most of that information requires buying a book, for the best explanations, regardless, i did find this: http://xianshield.org/guides/apache2.0guide.html	05:25
rdw200169	dieselz, as far as i know, apache2 is pretty touch on ubuntu already, but you may want to read the section from that link on the configuration	05:26
dieselz	hmmm... looks like it comes down to disabled all unused mods	05:27
rdw200169	that's a good idea	05:27
dieselz	should be fun	05:28
rdw200169	dieselz, there's also some new security features, like selinux	05:28
rdw200169	dieselz, http://www.google.com/url?sa=t&source=web&ct=res&cd=1&url=https%3A%2F%2Fwiki.ubuntu.com%2FSELinux&ei=k1V5SdDsKIH8tgerr_SgDg&usg=AFQjCNEcCgFO0Qa8x5_35mMmLWhRrTae3w&sig2=q53vj7VOgySrljwYGxwUsA	05:29
rdw200169	dieselz, whoops	05:29
rdw200169	dieselz, https://wiki.ubuntu.com/SELinux	05:29
dieselz	reading the NSA page.... very interesting	05:29
dieselz	i wonder if obama's blackberry will have that on it	05:29
dieselz	im willing to go far, but im stickin with ubuntu for now	05:30
rdw200169	dieselz, i think 8.10 has it	05:30
rdw200169	dieselz, i can't remember	05:30
rdw200169	dieselz, there's also PolicyKit	05:31
dieselz	gee	05:31
dieselz	z	05:31
dieselz	lots of stuff to checkout	05:31
rdw200169	dieselz, but i think that requires a GUI	05:32
dieselz	good stuff	05:33
rdw200169	dieselz, regardless, a strong firewall with https/ssh will rectify most of your fears ;)	05:33
dieselz	yea, im not too worried, i just want to learn slowly so that I really understand whats going on as opposed to just through a mote around my back door with my front door unlocked	05:34
rdw200169	dieselz, from there, it's all apache2 vulnerabilities	05:34
dieselz	is lighttpd more secure?	05:34
p_quarles	no, it is not	05:38
p_quarles	and the idea that software X is innately more secure than software Y is an attitude that creates security risks; avoid it	05:39
dieselz	windows vs linux?	05:39
dieselz	:)	05:39
dieselz	okay - well im off, thats for the help all	05:41
p_quarles	lulz	05:42
PC_Nerd	for some reason after I added an iptables restore script to /etc/network/if-pre-up.d/ I can no longer get a DHCP IP address from my router..... etho0 (correct) 255.255.255.255 (the subnet should be 255.255.255.0) port 67 (thats correct isnt it)	08:14
PC_Nerd	any ideas on how to get it working again?	08:14
PC_Nerd	nothing?	08:23
jmarsden	PC_Nerd: Check /var/log/messages to see what the iptables stuff is blocking that is relevant, and adjust your iptables ruleset accordingly?	08:43
kraut	moin	09:22
dnperfors	kraut: moin	09:32
kraut	aloha dnperfors	09:32
dnperfors	You are from a german speaking country?	09:34
=== dnperfors_ is now known as dnperfors
PC_Nerd	any ideas?	11:30
slestak	hey guys, I have a 8.04.1 server install that I am trying to setup for our web developers. initially i had apache2 + mod-jk + tomcat5.5 installed (all from repos) and it was 80% functional for them	13:37
slestak	to try to get back to basics, i was asked to remove apache and mod-jk and just serve up jsp with tomcat (using the internal coyote server)	13:38
slestak	that has been done, used aptitude to purge apache and tomcat5.5. reinstalled tomcat5.5, started service, but I cannot see anything listening on 8180 with netstat	13:39
slestak	ps shows tomcat running	13:39
spiekey	hey zul :) you there?	13:40
Koon	slestak: anything in the logs ? I think it might log to syslog	13:40
slestak	nothing in /var/log/tomcat5.5, let me sheck syslog	13:40
spiekey	zul: i have some non-trivial question related to xen :)	13:41
ScottK	Now you've made him hide.	13:41
zul	spiekey: yep im here	13:42
slestak	Koon: interesting, just service stop and startup messages as I restarted tomcat, but do see sth interesting in netstat now, lemm pastebin it	13:43
slestak	Koon: check out http://pastebin.com/m42d39a50	13:44
slestak	Koon: the ports 8009 and 8180 are listening to what looks liek "null" addresses	13:45
Koon	slestak: those are ipv6 localhost addresses	13:45
Koon	slestak: did you try accessing it using a browser ?	13:46
slestak	duh, i see the tcp6 now	13:46
slestak	yes, and I get a 404 trying to get to context /manager	13:46
slestak	nothing is logged when I try to go to /manager	13:46
Koon	sounds better :)	13:46
spiekey	zul: i am trying to build xen frm source with the 2.6.27-xen.hg image: http://pastebin.com/d4378b3cb	13:47
spiekey	any idea why it fails?	13:47
Koon	slestak: anything in syslog now ?	13:47
spiekey	line 98 seems to be intresting :)	13:48
slestak	Koon: just tomcat startup messages from 10 minutes ago. nothing new on the failed access	13:48
zul	spiekey: no idea	13:48
Koon	and nothing in /var/log/tomcat5.5 ?	13:48
spiekey	i wonder why i get: select-linux-arch: x86, since i have 64Bit	13:49
slestak	Koon: same thing in syslog is repeated in catalina-01-23*	13:49
slestak	maybe change the logging level to highher than INFO	13:50
slestak	checked firewall, its not blocking ports, the machine is inside our lan	13:50
Koon	slestak: (stupid question) is the manager webapp installed ?	13:51
Koon	(you need to install tomcat5.5-admin separately)	13:51
slestak	i will double and triple check	13:52
slestak	yeah, http://pastebin.com/d5f38d23c	13:53
slestak	i will reinstall -admin	13:54
Koon	or maybe...	13:55
slestak	after reinstall -admin, still no listener on 8180 for tcpv4	13:55
* Koon fires up a hardy VM to check something		13:55
slestak	i setup the tomcat users so someone has the manager role	13:56
Koon	slestak: what JVM are you using ?	13:57
slestak	sun jdk 1.6.0_07	13:57
slestak	i had all of this almost working with apache2 mod-jk, all of it	13:57
slestak	thee devs just couldnt get their webapp to run,	13:58
slestak	javac -version finds the jdk	13:58
slestak	let me check /etc/defaults	13:58
Koon	I'm installing in parallel	13:59
slestak	i have JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.07	13:59
Koon	what URL are you trying to access exactly ? /manager ?	13:59
slestak	yes, fqdn:8180/manager	13:59
slestak	i do not have X on this machine, so I have been accessing it from my desktop	14:00
Koon	just a sec	14:01
slestak	i did not uninstall-reinstall libtomcat5.5-java,	14:01
slestak	that package is still from the original attempt	14:01
slestak	i also have tomcat5.5-webapps installed just to get the hello world stuff	14:01
Koon	you might need to call a slightly different url, sth like /manager/html, I'm installing to tell you exactly what	14:02
slestak	good point	14:02
slestak	looking at ps, I see the /usr/bin/jsvc processes are being run as root. that is surprising	14:02
Koon	slestak: try http://fqdn:8180/manager/html	14:03
Koon	there is also http://fqdn:8180/admin/ but it seems to suck	14:03
slestak	ok, i see the manager page, whew	14:04
Koon	slestak: tomcat support improved in intrepid, with support for tomcat6	14:04
=== cateye599 is now known as cateye
slestak	i dont understand why netstat -an doesnt show a listener on 8180	14:04
Koon	it does. you get a ipv6 *:8180 there afaict	14:05
slestak	the ipv6 handles ipv4 as well?	14:06
slestak	i am still ramping up ipv6 facts	14:06
Koon	yes, look at the :::22 line, it's the same for ssh	14:06
slestak	ok, last question, promise :)	14:06
slestak	tomcat5.5 webapps is installed, but they are not listed in teh Applications	14:07
Koon	in the manager ? you don't have a "examples" or something ?	14:07
slestak	nope, I have three webapps for our product, admin and manager	14:08
slestak	i am going to look for where they are installed and just deploy that context by directory url	14:08
Koon	might need reinstallation to deploy the contexts, yes	14:08
Koon	sleepingyoyo: good luck ;)	14:08
Koon	slestak, even	14:09
slestak	reinstall of the webapps?	14:09
slestak	i have already done that more than once	14:09
Koon	then no ;)	14:09
Koon	got to go, sorry	14:10
slestak	tyvm for your help	14:10
Koon	np	14:10
Hellsheep	Hello, i have been trying to set up my Ubuntu server, i have installed everything fine, during the install i pulled the network cable as it kept on hanging on Configuring APT, once i did that, it didn't set up DHCP obviously. Now when i am running ubuntu server, it cannot connect to the net, when i run sudo lshw -C Network it shows: *-Network DISABLED	14:16
Hellsheep	How do i configure my network to connect to the internet now?	14:17
Hellsheep	Or more correctly, how do i configure Ubuntu to connect to my network?	14:18
soren	the configuration file is /etc/network/interfaces	14:19
soren	It's documented in the interfaces(5) man page.	14:20
Hellsheep	Thank you, i found it in: http://tinyurl.com/65jzxw	14:20
Hellsheep	It seems all i need to add is this: auto eth0	14:20
Hellsheep	iface eth0 inet dhcp	14:20
soren	If you want dhcp on eth0, then yes.	14:21
Davedan	can anyone recommend a VPS hosting for ubuntu?	14:21
Hellsheep	soren, how do i open the file?	14:22
soren	Hellsheep: With your favourite editor?	14:22
Hellsheep	I am not familiar how to open files using Ubuntu server	14:23
Hellsheep	First time setting up a server	14:23
Hellsheep	Especially a Linux one	14:23
henkjan	Davedan: slicehost.com, ghandi.net. xlshosting.nl	14:23
Davedan	henkjan: thanks, I'll have a look at thouse	14:24
soren	Heh... I don't know what the suggested editor for beginners is.	14:24
cjwatson	just say 'editor' and it'll use the default	14:25
soren	Good point.	14:25
soren	Hellsheep: sudo editor /etc/network/interfaces	14:25
erichammond	Davedan: Amazon EC2 :)	14:26
Hellsheep	i just used pico /etc/network/interfaces	14:26
cjwatson	nano replaces pico and is (a) free (b) better	14:26
Hellsheep	ah kk	14:26
cjwatson	(free as in free software; pico wasn't quite for various reasons)	14:27
cjwatson	actually, when you run pico on Ubuntu you get nano. But still.	14:27
Hellsheep	I used nano instead	14:28
DogWater	when you use debmirror to create a mirror do you have to use archive.ubuntu ? it seems really slow	14:28
Hellsheep	How do i save the file?	14:28
soren	DogWater: You can use any mirror.	14:30
soren	DogWater: archive.ubuntu.com should be quite fast this time of year, though.	14:30
Hellsheep	cjwatson, how do i save a file in nano?	14:32
Davedan	erichammond: I'm using EC2 for customers but need a small one for demo. 74$ is too much	14:32
soren	Hellsheep: There's some help at the bottom of the screen.	14:33
soren	^ means CTRL.	14:33
uvirtbot`	soren: Error: "means" is not a valid command.	14:33
soren	uvirtbot`: nick uvirtbot	14:34
=== uvirtbot` is now known as uvirtbot
=== Riddelll is now known as Riddell
Hellsheep	I figured it out.	14:38
Hellsheep	Although i still have a problem	14:39
Hellsheep	When i do sudo lshw -C Network	14:39
Hellsheep	It still says *-Network DISABLED	14:39
Hellsheep	How do i fix that?	14:39
soren	Not sure what that means. Maybe you just need to set up the interface? "sudo ifup eth0"	14:43
orudie	instead of using chown , can i use a command to add another owner instead of changing it ?	14:44
Hellsheep	soren, that fixed it. Thank you.	14:45
uvirtbot	New bug: #320145 in samba4 (universe) "Please sync samba4 4.0.0~alpha6-1 (universe) from Debian experimental (main)." [Wishlist,Fix released] https://launchpad.net/bugs/320145	14:46
dnperfors	orudie: no, unless you add the new owner to the same group	14:46
cjwatson	orudie: it is actually possible to have multiple owner-like rights, but it gets complicated; you can use setfacl to do it	14:47
cjwatson	orudie: you're better off using groups if you can, since they're simpler; however they may be fiddly if you have lots of special cases	14:47
dnperfors	hmm, didn't know that :P	14:47
orudie	thanx	14:47
fauxhawk	[C	15:37
heath\|work	how do I view user info like current home dir	15:49
cjwatson	heath\|work: 'getent passwd USERNAME'	15:51
heath\|work	cjwatson, thanks	15:52
Max007	Hi	15:56
Max007	Can someone help me with resizing a software raid partition ?	15:56
=== sleepingyoyo___ is now known as sleepingyoyo
jmedina	Max007: what is the problem?	16:01
jmedina	Max007: what kind of raid?	16:02
uvirtbot	New bug: #320509 in samba (main) "winbind crash winbindd_async_request" [Undecided,New] https://launchpad.net/bugs/320509	16:05
MadChopr	i have 4 320GB SATA drives configured with the intel raid bios as one raid0+1 partition that's around 570GB; i think dmraid sees it as two seperate partitions that are 640GB each, can someone help me to get the dmraid to see what the BIOS software raid is trying to do? i'm on ubuntu 8.10	16:17
MadChopr	my boot drive is an 80gb drive that has nothing tod o with the raid arraym, but it's on the same sata contrller	16:18
jmedina	MadChopr: and why are you using dmraid, when raid is already done?	16:18
=== smarter_ is now known as smarter
MadChopr	jmedina: yea, it's very confusing to me	16:22
MadChopr	jmedina: i was reading that i have fakeraid or software raid... even though it's through the BIOS	16:22
jmedina	MadChopr: you did the raid in the bios, right? then you dont need to use dmraid	16:22
jmedina	just format the device	16:22
MadChopr	well, i've read differently on several places... one was even in the ubuntu wiki	16:23
jmedina	well, probably, there are some fakeraid chipsets	16:23
MadChopr	https://help.ubuntu.com/community/FakeRaidHowto	16:23
jmedina	its been years since I had those problems	16:23
jmedina	but you need to verify you have one o thoses chipsets	16:23
MadChopr	i have ICH7 this FAQ says it's software raid --> http://linux-ata.org/faq-sata-raid.html	16:27
=== andreas__ is now known as ahasenack
Max007	how can i choose apt mirror from the console ?	16:48
maxb	Max007: Besides "vim /etc/apt/sources.list" ?	17:08
andol	Max007: It will work even better if you use Emacs :-)	17:14
=== NCommander is now known as NC\|Lunch
=== NC\|Lunch is now known as NCommander
Max007	maxb: yeah I know that but I don't know all mirrors	18:24
maxb	https://launchpad.net/ubuntu/+archivemirrors	18:24
crackintosh	Hello, A web application hosted on my ubuntu machine requires me to run a cron job. It doesnt seem to work all the time.	19:59
crackintosh	Is it possible that it is not executing properly because it is not run by www-data	20:00
crackintosh	here is the cron job: * * * * * cd /var/www/sugarcrm; php -f cron.php > /dev/null 2>&1 being run by root	20:01
GreenCult	hi all	20:08
GreenCult	somebody here speak spanish??	20:09
jmarsden\|work	GreenCult: Try #ubuntu-es	20:12
nurmi	yep, this is indeed Dan from eucalyptus-land	21:24
kansan	um i'm about to deploy a LAMP stack over ubuntu + ec2.... we develop on 32 bit ubuntu at work... should i select a 64/32bit ubuntu ami from http://alestic.com/ as my base?	21:41
erichammond	kansan: I build the AMIs listed on http://alestic.com and many folks (including my company) use them in production servers on EC2.	21:51
kansan	what about the 32/64 bit question?	21:51
erichammond	kansan: There are also some official Ubuntu AMIs which are currently in beta. You can join the beta program here: http://ubuntu.com/ec2	21:52
erichammond	kansan: It depends what type of EC2 instance you want to run (32-bit or 64-bit)	21:52
erichammond	kansan: I would also encourage you to join the Ubuntu on EC2 community: http://ec2ubuntu-group.notlong.com	21:53
kansan	anyone know how to solve this: Client.InvalidKeyPair.NotFound: The key pair '/home/david/.ec2/id_rsa-gsg-keypair' does not exist	21:53
kansan	it does though!	21:53
erichammond	Other channels which might be more appropriate for asking EC2 questions: #ubuntu-ec2 ##aws	21:53
kansan	ah cool!	21:54
erichammond	#ubuntu-ec2 has the folks who build the official Ubuntu beta images. ##aws has more general EC2 experts (like the Q you just asked)	21:54
kansan	thanks	21:56
erichammond	kansan: answering over on ##aws	21:56
kansan	mk thx!	21:56
=== cateye is now known as CaTeYe
kaje	is there a way to tell ufw to ignore all broadcast packets and do NOT log them? I have a printer server at work that is cluttering up my logs with its broadcast traffic...	22:29
jdstrand	kaje: just explictly DENY them. 'sudo ufw deny 631'	22:30
jdstrand	kaje: or give the broadcast address: 'sudo ufw deny to <broadcast address> 631'	22:31
jdstrand	oops	22:31
jdstrand	sudo ufw deny to <broadcast address> port 631	22:31
kaje	and that will keep them out of the log?	22:32
jdstrand	kaje: yes. logging is not enabled on a per rule basis (yet), so adding a deny or allow rules means they won't get logged. if you don't like this solution, you may update /etc/ufw/after*.rules	22:33
kaje	no, that solution is fine with me	22:36
ziggles1	hi guys, is it possible to do something similar to NAT port forwarding but based on the hostname?	22:38
andol	ziggles1: In most cases no. The hostname isn't really used on a network level. The only time you can do magic based on hostname is if you use a protocol which sends and listens to the hostname. If I'm not totaly misstaken http is the only one of the major protocolls which handles hostnames.	22:46
kansan	is there a way of searching which packages are avaialble on 8.04 LTS server?	22:47
andol	kansan: http://packages.ubuntu.com/	22:48
andol	kansan: or do you want to know how to do the search on an 8.04?	22:48
kansan	i guess i already have an ec2 instance up	22:49
kansan	running 8.04 lts server	22:49
kansan	so i can just search via it	22:49
andol	kansan: I usually use "apt-cache search foo"	22:49
andol	kansan: Another option might be to start "aptitude"	22:50
=== stiv2k_ is now known as stiv2k
ziggles1	andol: that is what i was thinking	23:28
ziggles1	andol: so does this mean that most commonly webservers should be assigned an external facing IP? ie dont do nat before?	23:29
ziggles1	or i should say, not behind nat	23:29
andol	ziggles1: Well, somewhere along the line there has to be a public facing IP if nothing else. Still, that can be a router, which forwards all http(s) trafik to an internal ip.	23:30
andol	ziggles1: The actual web server can be behind the NAT.	23:30
ziggles1	andol: could you possbily have two webservers behind the nat?	23:31
andol	andol: Kind of	23:31
andol	ziggles1: Kind of	23:31
ziggles1	andol: seems impossible to have 2 unless you have them running on diff ports and forward the ports?	23:31
Nafallo	depends on how configurable the NAT device is.	23:31
andol	ziggles1: You can have a frontend webbserver on the public IP, then you can have it proxy to the other webbservers in the NAT, based on hostname for example	23:32
ziggles1	Nafallo: what do you mean?	23:32
ziggles1	andol: ah that's interesting!	23:32
Nafallo	some could probably send it to the correct internal server based on destination URL.	23:32
Nafallo	another variant would be anycasting, in case both serves the same material.	23:33
andol	ziggles1: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html	23:33
Nafallo	but yea... I should sleep rather than trying to act clever :-)	23:33
andol	ziggles1: reverse proxy	23:33
andol	Nafallo: don't worry, I have the acting clever all covered :)	23:33
ziggles1	Nafallo: thanks for offering your advice man.	23:34
ziggles1	sleeep! :)	23:34
Nafallo	no worries :-)	23:34
ziggles1	hmmm so the issue is that i have 2 VMs setup as webservers	23:35
Nafallo	actually pack bag, shower, sleep 1h 30mins, run around to catch buses so I won't miss the plane :-(	23:35
Nafallo	but thanks ziggles1 :-)	23:35
ziggles1	lol sounds horrible man	23:35
ziggles1	with these two webservers we are trying to figure out how to route traffic to them via one nic... and not expose the whole box	23:36
ziggles1	but i suppose that a webserver should pretty much be exposed..	23:36
genii	ziggles1: You could also create an alias to hae 2 IP running on same adapter	23:38
ziggles1	genii: an alias? like a bridge?	23:45
genii	ziggles1: N o, adapters can have as many IP addresses as you want. Then you bring them up with ifup or ifconfig with names like eth0:0 eth0:1 and so on, each with it's own settings,IP, etc. Then if a name resolves to a specific IP it goes there still	23:47
genii	ziggles1: The thing is you can use the aliased adapters in a vm as well	23:48
jmedina	or, you can simple add for IP address to a single interface without having more alias interfaces like eth0:1	23:48
jmedina	I prefer this way	23:49
jmedina	if you want to do filtering or routing, you only specify the interface with a destination address	23:50
Deeps	aliasing is deprecated	23:50
genii	Deeps: Ah, was not aware. Been a while since I used it	23:52
Deeps	i learnt today that even ifconfig can add multiple addresses to an interface	23:52
jmedina	:D	23:52
Deeps	ifconfig <dev> add <ip>	23:52
genii	Can you add even if on different ranges/segments with different gateways, etc?	23:53
jmedina	genii: yeap	23:53
genii	Cool	23:53
jmedina	it is only a address to a interface, there is no routing, classing involved	23:54
jmedina	after that, routing is your job :D	23:54
ziggles1	thats pretty cool	23:54
jmedina	for example, there is people running one interface connected to two different WAN (ISPs)	23:55
jmedina	with differente classes, different gateways, and so on	23:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!