[00:21] <Damm> stupid question i'm sure, virsh is giving me an error 'network not found br0'... failed to start
[00:21] <Damm> yet ifconfig br0 shows the right stats
[00:23] <unblessedTurnip> how did you define your bridge in /etc/network/interfaces ?
[00:24] <Damm> lemme pastie
[00:24] <Damm> http://gist.github.com/86461
[00:24] <Damm> not using nat here, just regular routing
[00:24] <Damm> hopefully that doesn't complicate things.
[00:24] <Damm> and eth0 is manual static with no settings
[00:25] <Damm> iface eth0 inet manual
[00:25] <Damm> running jaunty (apt-get update current)
[00:27] <unblessedTurnip> what is giving you the 'failed to start' ?
[00:28] <Damm> virsh start 'dev'
[00:28] <Damm> or virsh start 'ubuntu'
[00:28]  * Damm obviously will dig in the docs more
[00:28] <Damm> because clearly my network isn't what it's expecting
[00:30] <unblessedTurnip> so I'm assuming you want it to connect to a bridged interface of some defined name?
[00:30] <Damm> yep
[00:31] <Damm> ideally eth0
[00:31] <unblessedTurnip> well, you're only bridge port is eth0; you don't want another one?
[00:31] <unblessedTurnip> as in:  bridge_ports eth0 virtual0?
[00:32] <unblessedTurnip> so there are two interfaces both using the defined address, netmask, etc\
[00:33] <Damm> nope not another
[00:33] <Damm> unless you can give me a reason
[00:34]  * Damm has gone over the Ubuntu KVM docs quite well, and it's just not giving me the details i'm trying to find sadly.
[00:34] <unblessedTurnip> ok so you want it for virtualization
[00:34]  * Damm nods
[00:35] <unblessedTurnip> well, the second port on the bridge will allow the virtualized OS to connect to the network as it's own entity
[00:35] <unblessedTurnip> no NAT traversal through the host
[00:35] <Damm> so basically, doing bridge_ports eth0 virtual0 virtual1/etc
[00:35] <Damm> would be better
[00:35] <Damm> your saying
[00:35] <twb> Would you also want proxy ARP?
[00:35] <unblessedTurnip> well, it's how you make a second port on your bridge0
[00:35] <unblessedTurnip> besides eth0
[00:35] <Damm> ah right
[00:36] <twb> Damm: obviously a bridge of only one thing doesn't make much sense
[00:37] <Damm> twb, well then please by all means point me somewhere I can fill in the blanks... because I don't want a 'answer'
[00:37] <Damm> I want to learn.
[00:40] <unblessedTurnip> I set up virtualbox (open source edition) through https://help.ubuntu.com/community/VirtualBox#Networking
[00:40] <unblessedTurnip> it documented setting up the bridge, with the second or more bridge point creation
[00:40] <unblessedTurnip> it's followed by virtualbox-specific stuff after that though
[00:51] <Damm> interesting, yes.
[00:57] <Damm> I guess I wasn't thinking that way when I read it, I was thinking it would attach to br0 (kvm) and like vmware allow multiple 'guests' to read that.
[00:57] <unblessedTurnip> so link helped?
[00:58] <unblessedTurnip> i need to find better documentation on configuring /etc/network/interfaces
[00:58] <Damm> that's what I was thinking.
[00:58] <Damm> I see a ton of arbitrary settings in these examples with no information on what they are related to
[00:59] <Damm> like bridge_fd 9, bridge_hello 2
[00:59] <Damm> bridge_stp makes sense to me thankfully
[00:59] <unblessedTurnip> where did you get those from anyhow?
[01:00] <Damm> https://help.ubuntu.com/community/KVM/Networking
[01:01] <Damm> I am reading this now
[01:01] <Damm> and laughing at myself for following it
[01:02]  * Damm shakes his head
[01:02] <Damm> unblessedTurnip, my error has nothing to do with what you linked at all.
[01:02] <Damm> but thank you for trying :)
[01:02] <unblessedTurnip> I thought it might be because the virtualizer expected a seperate bridge interface beyond br0, but oh well
[01:03] <Damm> no
[01:03] <Damm> the instructions in that wiki tell you to modify the network 'name' to br0
[01:03] <Damm> the problem is we then do not define the network 'br0' in kvm
[01:03] <Damm> it's not looking for ifconfig br0, or eth0, or /dev
[01:03] <Damm> it's looking for an xml config for the network 'br0'
[01:03] <unblessedTurnip> oh
[01:03] <Damm> and thus the utter failure begins
[01:04] <unblessedTurnip> alright then :|
[01:04] <Damm> it's funny now yes?
[01:04] <unblessedTurnip> yea
[01:05] <unblessedTurnip> best of luck with KVM
[01:05] <Damm> well, once this is done and I document it... it's something for my company to go forward
[01:05] <Damm> and it's nice padding on the resume
[01:05] <Damm> designed and deployed a mixed architecture using kvm in a production enviroment, built monitoring systems around it, blah blah
[01:06] <unblessedTurnip> interesting; i hope the monitoring tools are good :P
[01:06] <Damm> They will be.
[01:06] <Damm> as long as you can handle a wrapper to read the JSON
[01:06] <Damm> and that's trivial with perl or ruby or python
[01:07] <unblessedTurnip> i'll probably be the only guy at our network ops centre that could do that :P
[01:07] <Damm> but now i'm going to shower feeling accomplished because I defeated a wiki!
[01:07] <unblessedTurnip> haha
[01:07] <Damm> oh I feel that way all the time
[01:08] <Damm> only reason i'm looking at KVM right now is because Xen is on the deprecated list
[01:08] <Damm> we're going to use Xen for a year or two, but I'd like to have all the tools and migration path for KVM set once we feel KVM is ready to use.
[01:08] <twb> Damm: do you have specific problems with kvm?
[01:08] <Damm> twb, not anymore
[01:08] <Damm> :)
[01:09] <twb> Damm: I'm looking at migrating from vmware to openvz (for unix guests) and kvm (for windows guests).
[01:09] <Damm> pardon my french as i say this.
[01:09] <twb> So if KVM "isn't ready" I'm very interested :-)
[01:09] <Damm> are you fucking insane about openvz?
[01:09] <twb> Damm: what's wrong with openvz?
[01:10] <Damm> Unless you work for Cameron (spry) there's really no reason to use openvz
[01:10]  * unblessedTurnip gooogle.com/search?q=openvz
[01:10] <Damm> Xen is a HUGE step up from Openvz
[01:10] <Damm> and going from vmware to openvz is like... a downgrade
[01:10] <Damm> majorly
[01:11] <twb> IME vmware breaks everything.
[01:11] <Damm> openvz failure 1, you cannot swapon a 'file' to add any swap other then was booted with.
[01:11] <giovani3> openvz is a mess
[01:11] <giovani3> memory management failure
[01:11] <Damm> that's very painful and stupid, can't dd if=/dev/zero of=swap count=500;mkswap swap;swapon swap
[01:11] <twb> As I control the dom0, I have no need to add swapfiles within a domu
[01:11] <Damm> right, but with openvz the memory management is fail
[01:11] <Damm> and I/O performance is fail
[01:12] <Damm> so unless you know who Cameron is or Sprynet
[01:12] <Damm> ... I don't know why you'd touch openvz for a million dollars
[01:12] <Damm> (that's the company that started using openvz/championed it or whatever)
[01:13] <unblessedTurnip> does virtualbox still not provide 64-bit host virtualization?
[01:14] <unblessedTurnip> disregard last;  Damm: what made you choose KVM as an upgrade path in particular?
[01:16] <Damm> unblessedTurnip, based on kernel support and it being maintained by the 'mainline' kernel tree
[01:17] <Damm> So Ideally I won't have to worry much about tainted drivers, or drivers not working in kvm because of 'x' reason...
[01:17] <Damm> so only thing I need is qemu, kvm package, and libvirt or another way to manage the guests
[01:18] <unblessedTurnip> so the kqemu kernel module is included then?
[01:18] <unblessedTurnip> or is it required with KVM?
[01:19] <Damm> not sure on that
[01:19] <Damm> but it's in jaunty's repos
[01:19] <Damm> and for me I look for what's being supported by companies in the next 6months-1year.
[01:19] <unblessedTurnip> alright.  last time I played with it was like 7.10, and had to be built by hand
[01:19] <Damm> nah with jaunty it's insanely easy
[01:20] <unblessedTurnip> I'm back one step for the LTS
[01:20] <Damm> install the meta package, and make sure you can load the kernel module kvm-intel
[01:20] <Damm> and configure networking and go
[01:20] <Damm> yeah i'm using the LTS with Xen
[01:20] <Damm> but i'm also deploying couchdb + Chef for Management
[01:20] <unblessedTurnip> kqemu might be depricated in favor of kvm-intel module now
[01:21]  * unblessedTurnip must research
[01:21] <Damm> so I made my chef server jaunty, and i'm gonna give my coworkers a taste of it while we test it
[01:21] <Damm> i believe so
[01:21] <Damm> kvm-intel is in the regular kernel images
[01:21] <unblessedTurnip> alright, interesting
[01:22] <twb> AFAICT kqemu is only for people who can't use VT -- either because the CPU doesn't support it, or because some other virtualization system on the same host is hogging it
[01:23] <unblessedTurnip> that makes sense
[01:23] <twb> And kqemu has some annoying bugs -- like making qemu segfault regularly when you switch to the (qemu) console (alt+2), or making it impossible to allocate 2GiB of memory to the VM, or making any d-i image segfault shortly after it starts with an "unhandled opcode".
[01:24] <unblessedTurnip> fun times
[01:24] <Damm> interesting
[01:25] <Damm> so yeah I'm just trying to learn this and make it go
[01:26] <unblessedTurnip> best of luck.  I gotta jet.
[01:29] <Damm> it's all using libvirt so that's always a win
[01:30] <twb> Last time I looked at libvirt was when it first entered Debian, and it was an alpha joke
[01:32] <Damm> twb, i think it still is really.
[01:32] <Damm> and it really is a huge joke, but someone decided to take the joke seriously.
[01:32] <Damm> so now the joke is really on debian
[01:33] <twb> I expect libvirt will go nowhere until someone decides to sink money into it
[01:34] <Damm> twb, sadly people are starting to support it in a joke way.
[01:35] <twb> Shrug
[01:35] <twb> Not my problem.
[01:44] <Damm> See, that's where I differ.  It is your problem, my problem, anyone who ends up using it in the next 2-3 years should care.
[01:44] <Damm> the problem is we are programmed to 'not care'.  I call it the Conditioning of Society.
[01:45] <twb> You might as well call it the bystander effect.
[01:46] <Damm> I call it being a cow in a herd.
[01:46] <Damm> You don't have to blend in, and accept things as they are.  Some of us do it because it's easier then the alternative.
[02:08] <zoopster> so Damm what are you doing about the "joke" as you call it besides complaining about it on a public forum?
[02:29] <Damm> zoopster, myself? well one can start with documenting the experience, and providing the resulting configuration that worked for you so others can learn from your experience.
[02:29] <Damm> that's for starters
[02:30] <Damm> not document in 'in the drama' way like oh my god the horror... just improve on the documentation and the experience for the user (even if the user is a sysadmin)
[02:31] <drewmeigs1> hey, could anyone give me a little help with nagios?
[02:32] <twb> !anyone > drewmeigs1
[02:34] <drewmeigs1> i am trying to set up nrpe, but after typing "./configure", the guide says to type "make all" but there is no "make" nor are there rules for all. i was wondering how to get beyond this.
[02:34] <Damm> apt-get install nrpe
[02:35] <Damm> you absolutely do not need to build nrpe from source, just nagios-plugins and nrpe from apt and then configure /etc/nagios/nrpe.cfg
[02:36] <drewmeigs1> ok, thank you so much. i guess i didn't realize it was in the repos. i really appreciate it.
[02:37] <Damm> aptitude can search, so does apt-cache
[02:38] <drewmeigs1> thank you
[02:44] <Damm> so
[02:44] <Damm> vnc-viewer working
[02:44] <Damm> got my kvm running with networking via bridged
[02:44] <Damm> amazing what a little weed can do to fix your brain to finish the job
[02:44]  * jmedina agree
[02:57] <Sam-I-Am> Damm: are you... the damm i know?
[02:57] <Damm> Sam-I-Am, OH my blessed bosum of love.
[02:57] <Damm> oh how I have missed you
[02:57] <Sam-I-Am> haha
[02:57] <Sam-I-Am> guess so...
[02:57] <twb> Surely you mean bosom.
[02:57] <Damm> nope I don't
[02:58] <Damm> he's not my type
[02:58] <Sam-I-Am> haha
[02:58] <twb> Damm: you've never had a bosom-friend?
[02:58] <twb> Kids in this century are so tame.
[02:58] <Sam-I-Am> so... really... you?
[02:58] <Damm> twb, he's just so hairy.
[02:58] <Damm> j/k
[02:58] <Sam-I-Am> ha
[02:58] <Damm> Sam-I-Am, really me yep
[02:58] <Sam-I-Am> wow
[02:58] <Damm> how's Fort Collins treating you
[02:58] <Sam-I-Am> thats two people from the past i've met today
[02:58] <Sam-I-Am> pretty good
[02:59] <Sam-I-Am> except for the snow today
[02:59] <Damm> I haven't seen / heard from Brian in ages
[02:59] <twb> FWIW google doesn't know what a "bosum" is.
[02:59] <Damm> twb, you should teach it.
[02:59] <twb> Damm: I don't know what it is, either.
[02:59] <Damm> I see yazzy now and then but he still ignores me
[02:59] <Sam-I-Am> ha, another name from the past
[02:59] <Damm> twb, let's just make it a fictional name and stop here.
[02:59]  * Damm nods to Sam-I-Am.
[03:00] <twb> Shrug.
[03:00] <Sam-I-Am> still in #cisco ?
[03:00]  * Damm is just showing off his KVM love to my boss
[03:00] <Damm> he's digging it
[03:00] <Damm> nah, I still deal with cisco crap
[03:00] <Damm> oh brian? no clue
[03:00] <Damm> i get email from him randomly
[03:00] <Sam-I-Am> ah
[03:00] <Sam-I-Am> what are you doing these days?
[03:01] <Damm> Systems + Network Administrator for one of the most hated companies on the internet lately.
[03:01] <Sam-I-Am> hmm... level3?
[03:01] <Damm> my company runs myluvcrush.com and iqquizapp and a fwe other sites
[03:01] <Damm> that facebook junkies loathe and hate
[03:01] <Sam-I-Am> ahh
[03:01] <twb> I was going to guess IANA
[03:02] <Sam-I-Am> heh
[03:02] <Damm> twb, no... my woman works for a company that does phone calls for mobile messenger (which is the company behind those websites)
[03:02] <Damm> and they get roughly 15-25 death threats a day
[03:02] <Damm> seriously
[03:02] <twb> I expect the WTO gets more
[03:02] <Sam-I-Am> wow
[03:03] <Damm> We're just a banner company, if you have *.tattomedia.com in your block list for adblock or otherwise
[03:03] <Damm> well you can thank me.
[03:03] <twb> I wouldn't know; my browsers don't implement iframes or images.
[03:03] <Damm> mainly because I had a discussion with a coworker about how we were loosing hits from adblock plus and such
[03:04] <Damm> so we worked around it, so that no matter what you get to see our ad.
[03:04] <Sam-I-Am> twb: elinks person? :)
[03:04] <Damm> well except twb.
[03:04] <twb> Sam-I-Am: emacs-w3m
[03:04] <Damm> ahh yeah he's safe.
[03:04] <Damm> we have elinks customers
[03:04] <twb> I hate how the UI isn't consistent across pages in a GUI browser
[03:04] <twb> And I hate using the mouse
[03:04] <Sam-I-Am> do you have foot pedals for emacs?
[03:04] <Damm> you can blame the consistency crap on MS
[03:05] <twb> Sam-I-Am: nope
[03:05] <Sam-I-Am> i'm an opera user... its not bad.
[03:05] <twb> Damm: no, I mean things like websites changing the colour of links
[03:05] <twb> Damm: or putting images on top of buttons so you can't tell they're buttons
[03:05] <Damm> twb, well good news... web 2.0 has gotten rid of most of those annoying traits
[03:05] <twb> Apart from Opera still using qt3 on Debian.
[03:05] <Damm> it has replaced it with more annoying traits
[03:06] <twb> Damm: oh yeah
[03:06] <twb> Damm: like I saw a router yesterday that draws the ENTIRE PAGE using ajax
[03:06] <Damm> oh that's easy
[03:06] <twb> Damm: for its management console, I mean
[03:06] <Damm> you should see the pile of shit that Sun is trying to sell with their 'Unified Storage Solution'
[03:06] <twb> Damm: my point is that's pretty annoying if you don't implement js
[03:06] <Damm> it's a very annoying Tomcat webapp
[03:06] <Damm> that has very little to offer.
[03:06] <twb> haha, tomcat
[03:07] <Damm> why do I want to spend 68k on a Solaris 10 server
[03:07] <Damm> really sun
[03:07] <Damm> get a new clue
[03:07] <twb> Those OWA clones are funny
[03:07] <Damm> Zimbra
[03:07] <twb> Damm: the smart people in sun work on zfs and stuff, not the wanky web space
[03:07] <Damm> yeah i had a job doing that once
[03:07] <Damm> ... every time someone calls me up and asks if I want to do Zimbra
[03:07] <Damm> I tell them unless your offering 100k to start, screw off.
[03:08] <Sam-I-Am> heh
[03:08] <Sam-I-Am> i've read a little about that
[03:08] <twb> Damm: which do you hate more: zimbra or scalix? ;-)
[03:08] <Damm> zimbra
[03:08] <Damm> twb, friend of mine just decomissioned one of his ldap servers... to find out it was promoted as the ldap master and had 3 accounts still left on it
[03:09] <Damm> oh the horror of that when ldap replication suddenly broke on a cronjob on the weekend
[03:09] <twb> The ubuntu partners team contacted me about getting zimbra packaged properly in Ubuntu
[03:09] <Damm> and then email stopped working
[03:09] <twb> I said "maybe, if I don't have to use launchpad"
[03:09] <twb> :-)
[03:10] <Sam-I-Am> i just posted some ldap-related bugs to launchpad
[03:11] <twb> I think I can safely say that I have *never* had a good experience with ldap.
[03:12] <Sam-I-Am> its definitely not the most straightforward thing
[03:12] <twb> It's like domestic abuse
[03:12] <twb> Everyone hates it, and knows it's terrible, but we keep going back to it
[03:12] <twb> Because the only alternatives are, like, NIS
[03:12] <Damm> the problem with LDAP is what it is, and how people use it.
[03:13] <Damm> nss_ldap is horrible, you should use nss_ldapd if you don't... please shoot yourself now
[03:13] <twb> They're both horrible
[03:13] <Damm> i can't say i have started to use launchpad yet... I'm sure i'll hate it
[03:13] <Damm> I was hoping to get a landscape trial
[03:13] <Damm> ... but I haven't gotten squat from registering for a trial
[03:13] <twb> You can't even log into launchpad unless you are using a GUI browser :-/
[03:13] <twb> Yeah, I think canonical forgot to set a budget for landscape
[03:14] <Sam-I-Am> heh, libnss on centos/rhel .. you know, "enterprise" .. causes the system to hang indefinitely if you configure it to use ldap.
[03:14] <twb> Or maybe it's just some intern that made the stub package :-)
[03:14] <twb> Sam-I-Am: you probably want soft binding, then
[03:14] <Sam-I-Am> yeah, even then it hangs
[03:14] <Sam-I-Am> its a bug
[03:14] <twb> Ow
[03:15] <twb> RHEL should just cash in their chips and tell people to use Ubuntu
[03:15] <Sam-I-Am> rh was like... yeah, we might fix that... been about 1.5 years since i think it was reported.  quick solution is downgrading libnss
[03:15] <twb> Sorry guys, it's not 1995 anymore
[03:15] <Sam-I-Am> i'm trying to convince my boss we should go to ubuntu server from centos/rhel
[03:16] <Sam-I-Am> rhel is like the aix of linux
[03:16] <twb> Sam-I-Am: you should point him at the policy manual and ask "so where is the equivalent quality assurance infrastructure on RHEL?"
[03:16] <Sam-I-Am> hmm, havent heard of that
[03:16] <twb> FFS, there isn't even any post-2000 documentation about the RPM format
[03:16] <Sam-I-Am> lol, rpm
[03:17] <twb> Sam-I-Am: the policy manual is what allows us users to report bugs like "don't put shit in /opt you fucking idiot" to package maintainers
[03:17] <twb> And the policy manual means they can't argue.  Their package is just plain wrong
[03:17] <twb> Cf. fedora directory server (har har).
[03:18] <Sam-I-Am> i havent tried fds
[03:18] <twb> It is funny
[03:18] <Sam-I-Am> smells like ldap with some twists
[03:18] <twb> Like a road accident
[03:18] <twb> Sam-I-Am: it's a fork of openldap
[03:18] <twb> Er, I think
[03:18] <twb> It might be a pure-java thing, I am confusing the two.
[03:19] <ajmitch> FDS is the old netscape directory server
[03:20] <twb> Fair enough
[03:20] <ajmitch> previously AOL, etc
[03:20] <ajmitch> some old stuff in there
[03:26] <Damm> ah back
[03:26] <Damm> Sam-I-Am, i'm coming from RHEL
[03:26] <Damm> so having Landscape shuts up people
[03:26] <Sam-I-Am> heh
[03:27] <Damm> sigh, so no mysql 5.1 in jaunty
[03:27] <Damm> damn i am not get any respect tonight
[03:27] <Damm> I might as well just giveup and finish up some stupid xen crap
[03:27] <twb> Damm: you need to carry a broadsword
[03:27] <twb> Nobody gives you shit then
[03:28] <twb> Well, maybe one guy does, but the rest learn from his mistake
[03:28] <Sam-I-Am> lol
[03:28] <Damm> twb, oh rest assured no one in their right mind fucks with me.
[03:28] <Damm> sam has met me, he could prolly attest to my insanity atleast.
[03:28] <Sam-I-Am> ha
[03:28] <Sam-I-Am> sure...
[03:28] <twb> "Hey, you in that tree up there!  Are you a motorcar?"
[03:28] <twb> "Yes, I am!"
[03:29] <twb> "What luck, so am I!"
[03:30] <mrwes> How often does freshclam -d check for updates?
[03:30] <Damm> my coworkers leave me alone
[03:30] <Damm> which is nice
[03:30] <twb> mrwes: too often?
[03:30] <Damm> mrwes, do you really depend on your freshness that much?
[03:30] <Damm> of your clams
[03:30] <Damm> I suggest you to use some bleach on your clams
[03:30] <twb> clamav exists AFAICT to use up all your RAM and I/O
[03:31] <mrwes> well.... I looked in /etc/clamav/freshclam.conf and it appears to say 24 times a day
[03:31] <twb> mrwes: that wouldn't surprise me
[03:31] <mrwes> why?
[03:31] <mrwes> heh
[03:31] <Damm> twb, pretty much yep
[03:31] <twb> mrwes: because it sucks
[03:31] <mrwes> sigh...
[03:31] <Damm> only way to deal with clamav is to nuke it's databases every 50000 emails
[03:31] <Damm> otherwise it gets too bloated
[03:31] <Damm> and slow
[03:31] <twb> Rather than deploying clamav, the "right" solution would be to scrap all your Windows workstations
[03:32] <mrwes> twb, I don't have that option
[03:32] <twb> But that tends to cause a zombie rampage
[03:32] <twb> Only wobbly windows will soothe them
[03:32] <mrwes> so...can I change that or not?
[03:32] <twb> mrwes: dunno, actually.  I don't have much direct experience with clamav (except for kill -9, of course.)
[03:33] <Damm> mrwes, buy some macs
[03:33] <twb> haha
[03:33] <Damm> <-- is a machead now
[03:33] <twb> Damm: then install Ubuntu on them.  Woo!
[03:33] <Damm> sam would be so proud
[03:33] <Sam-I-Am> haha
[03:33] <mrwes> twb: so why the smart ass comments then?
[03:33] <mrwes> :)
[03:33] <twb> mrwes: because I'm a smartass.
[03:33] <mrwes> blah
[03:33] <twb> And I'm bloody bored
[03:33] <Damm> mrwes, seriously you can't update clamav enough to protect you from the stupidity of windows users
[03:33] <Damm> mrwes, so updating the datafiles 24hours a day is excessive to most of us
[03:34] <Damm> perhaps it's not enough for you
[03:34] <mrwes> yah I need more
[03:34] <mrwes> 48 hours a day maybe
[03:34] <mrwes> so...I take it I don't need a cron for freshclam...heh
[03:35] <Damm> you do
[03:35] <twb> Put it in cron.hourly?
[03:35] <Damm> put it in cron.hourly
[03:35] <Damm> but it won't save you from the windows users
[03:35] <Damm> as long as you can accept that, your fine.
[03:35] <mrwes> hrmmm
[03:35] <Damm> last time I used Zimbra my ClamAV process was sucking up 500-1024meg
[03:35] <Damm> minimum
[03:35] <Damm> resident.
[03:35] <twb> hehe
[03:36] <mrwes> why do I need an hourly cron, when there is freshclam daemon running?
[03:36] <twb> Does zimbra include clamav in it huge /opt mess?
[03:36] <twb> mrwes: ah, fair enough
[03:36] <Damm> yes twb
[03:36] <twb> Damm: yuk
[03:36] <Damm> mrwes, hrm, then i wonder why it's there
[03:36] <Damm> oh well
[03:36] <twb> I wish those jackasses would just use the stock postfix and such
[03:37]  * Damm twitches
[03:37]  * Damm takes his postfix-cure shots.
[03:37] <Sam-I-Am> lol
[03:37] <twb> haha
[03:37] <Damm> next time please warn me before you say that word.
[03:37] <twb> Damm: you are an exim4 weenie? ;-P
[03:37] <Damm> and no i'm not a sendmail man
[03:37] <Damm> yes I'm a exim weenie
[03:37] <twb> Haha
[03:38] <Damm> exim4 > *
[03:38] <Damm> and you know it
[03:38] <Damm> and exim doesn't cause STI's (massive dirty writes)
[03:39] <Damm> I really feel sorry for anyone who uses *warning* Postfix... I mean look at Fastmail.fm
[03:39] <Damm> I remember when they went from Sendmail to Postfix because of the dirty writes that postfix forces... their load went from 3.0 to 115.0
[03:39] <Damm> with the same amount of traffic
[03:39] <Damm> and we all know why postfix does it too, which doesn't make it any better.
[03:40] <Sam-I-Am> i havent had too much trouble with postfix
[03:43] <Damm> Sam-I-Am, postfix doesn't trust ext3/ext2
[03:43] <twb> That's good, cos ext4 has a default commit interval of 30 minutes :P
[03:44] <Sam-I-Am> i use xfs
[03:44] <Damm> twb, the problem with ext4 is that even with ext4... unless you have NVRAM and a BBU hooked up, it's still fail
[03:44] <Damm> if you don't understand why I'll save you from the rant... because you'll only make your ears bleed
[03:44] <twb> Yeah, ext4 is funny
[03:45] <Damm> the truth is all filesystems in linux are in the same fail
[03:45] <Damm> once we can get to the VM and fix that hurdle
[03:45] <Damm> filesystems can be stable again
[03:45] <twb> Though I can't remember when I last saw someone spell UPS as BBU
[03:45] <zoopster> Damm, twb - you guys are fairly stupid apparently
[03:45] <Sam-I-Am> except xfs :)
[03:45] <zoopster> telling a guy to put freshclam in cron?
[03:45] <zoopster> wtf?
[03:46] <Damm> zoopster, I haven't touched clamav in years
[03:46] <Damm> so really
[03:46] <Damm> no thanks
[03:46] <twb> zoopster: actually, I asked a question.
[03:46] <Damm> and I always left a ? on it...
[03:47] <Damm> Sam-I-Am, unless you have a BBU with 512meg of cache hooked up to XFS... I wouldn't trust it
[03:47] <Damm> althought XFS is better if you store the journal on another disk...
[03:47] <zoopster> so that ? protects your id10t-ness?
[03:47] <Damm> zoopster, do you have a reason to be calling me an idiot?
[03:48] <zoopster> Yes
[03:48] <Damm> zoopster, I think the freenode gods would like it if you stfu already with your 'flaming idiot' comments.
[03:48] <Damm> however, if you'd like I'll give you a flash light and a plunger
[03:48] <Damm> you know how to use those right?
[03:48] <zoopster> and they don't care for your attitude and language either
[03:49]  * Damm smiles
[03:49] <Damm> It's nice knowing that no matter where I go, I can find someone like that :)
[03:49] <zoopster> you always keep those tools around for your use, I take it
[03:49] <zoopster> with an attitude like that...it's no wonder
[03:59] <ScottK> zoopster: Your communication style is really inappropriate here.
[04:00] <zoopster> Mine? Scrollback a bit.
[04:03] <ScottK> zoopster: I think I read back enough.
[04:03] <ScottK> zoopster: There are better ways to communicate someone is not correct than calling them an idiot.
[04:03] <zoopster> ScottK: sorry, but after they lambasted several asking simple questions I had enough.
[04:04] <ScottK> OK.  Maybe then I need to go back farther then.
[04:04] <Damm> perhaps it was inappropriate to talk badly about ClamAV...
[04:04] <zoopster> It went on for several hours
[04:06] <Damm> okay then I clearly was not here then.
[04:07] <zoopster> I'm not going to argue about it, I was wrong for calling Damm an idiot and I can tell that several were not too keen on the commentary that went on since I came in nearly 2.5 hours ago
[04:18] <twb> ScottK: it would be reasonable to point out that Damm and I wandered wildly off-topic and were generally grumbling instead of helping people.
[04:19] <Damm> twb, i'm guessing that was pretty unrelated.
[04:19] <Damm> his anger seemed more pointed at something else
[04:20] <twb> Damm: granted.
[04:20] <Damm> twb, usually when someone goes off like that... there's a reason, he was upset because of someone's behavior towards him.
[04:20] <Damm> doesn't make his behavior any more justifiable
[04:20] <Damm> just puts it in better perspective.
[04:27] <ScottK> twb and Damm: I did just go back and read the last several hours of scrollback and you're both about 90% off topic for this channel.
[04:27] <ScottK> This channel is for development and support of Ubuntu server.
[04:27] <Damm> ScottK, I presume then KVM and Ubuntu server is OT?
[04:28] <Damm> because that's how I joined
[04:28] <ScottK> Damm: Not at all.
[04:28] <Damm> as far as ClamAV I tried to be more factual then personal hatred of it.
[04:29] <Damm> as far as the other OT that's taken out of channel
[04:29] <Damm> :)
[04:29] <ScottK> Also freshclam doesn't need a cron job.  Freshclam runs a daemon and the number of times per day it checks is managed via /etc/clamav/freshclam.conf.
[04:30] <Damm> I wasn't aware of that, last time I was in Ubuntu LTS it did :(
[04:30] <ScottK> So if you were aiming for factual, that didn't make it.
[04:30] <Damm> nah, that was wrong.
[04:30] <Damm> I can admit that, and I wasn't positive if it did work in cron or otherwise.
[04:30] <ScottK> Damm: Oddly enough we've never made an LTS release that did that.
[04:30] <Flannel> Damm: One of the guidelines in Ubuntu channels is "When helping, be helpful."  Comments that aren't only contribute to noise, and make you seem pretentious.
[04:31] <Damm> Flannel, thank you for that.  However one person at a time please :)
[04:32] <Damm> ScottK, well this release enabled it both in cronjob and otherwise.  I believe it had a dialog that asked me if i wanted to run Freshclam and said yes, and it shoved that in also.
[04:32] <Damm> but that is over 2 years ago, so I just know I had both running from Ubuntu, nothing more.
[04:32] <Damm> so trying to pull facts out of 2 years ago when the servers are no more, is pointless.
[04:32] <Damm> and I will stop here.
[04:33] <ScottK> Fair enough.  I don't want to run anyone off.
[04:33] <Damm> Nor do I, I just had my battle and won with KVM on Jaunty so I was glowing a little so it was my semi-celebration.
[04:35] <Damm> which is on my list now to help out with that documentation on the wiki
[04:35] <Damm> :)
[04:36] <ScottK> That's good.  Docs always need updating.
[04:36] <Damm> Well documenting libvirt/kvm is always a challenge as it seems different situations permitting it can vary on configuration
[05:13] <Dei> Hello, anyone here familiar with ISPCONFIG?
[05:30] <Dei> Hello, anyone here familiar with ISPCONFIG?
[05:30] <oh_noes> how do I increase the number of open files a non root user can have?  Currently it's 1024
[05:31] <twb> oh_noes: ulimit?
[05:32] <twb> oh_noes: a.k.a /etc/limit, I think
[05:35] <jmarsden_> oh_noes: /etc/security/limits.conf.  Add a line that says    *   hard   nofiles    2048
[05:36] <jmarsden_> Then start a new login shell for the user concerned and ulimit -n should then say 2048.
[05:37] <oh_noes> thanks I added it but instesd of *, it was for a specific
[05:37] <oh_noes> user*
[05:38] <jmarsden> Sure, that should work too :)
[05:38] <oh_noes> I also needed to add a pam line to /etc/pam.d/common-session to actually make it work.  Which I found interesting
[05:38] <oh_noes> didnt work without session required pam_limits.so
[05:39] <Dei> anyone just familiar with DNS?
[05:40] <Dei> I want to run name servers under the same domain I will be hosting a website
[05:40] <Dei> cant quite figure out what to do
[05:41] <jmarsden> Dei: what you call your nameserver hosts is pretty much irrelevant... ns1.example.com and ns2.example.com naming is common, but not needed... what are you really stuck on?
[05:43] <Dei> well.. with my domain registrar, I added the two aliases i would be using for the name servers
[05:44] <Dei> i was able to ping them previously.. but for some reason now I cant
[05:44] <Dei> that wouldnt be dependant on my system settings though, would it?
[05:45] <jmarsden> Wait... you told the registrar DNS for your domain is at ns1.whatever.com and ns2.whatever.com and you provided Ip addresses for each of them, right?  And you set up the server at the first IP as a master DNS server, and the other one as a slave?  and now you can't ping eitehr of them?
[05:46] <jmarsden> Can you still ping them by IP address?  ping 1.2.3.4 or similar?
[05:46] <Dei> yeah. I just cleared out my configuration now...
[05:46] <Dei> I used bserv and cserv.loyalreliable.com
[05:46] <Dei> and they actually both pointed to the same IP Address
[05:47] <Dei> but since cserv and bserv are glued by my domain registar... it seems like it should still be pingable
[05:47] <Dei> i can still ping the ip
[05:48] <Dei> what!!! weird...
[05:48] <Dei> i just cleared my configuration 2 minutes ago
[05:48] <Dei> and now they are pinging again..
[05:49] <jmarsden> I was about to say, dig bserv.loyalreliable.com works for me from here...
[05:49] <Dei> well I cant be mad.
[05:49] <Dei> I was using this ISPCONFIG program... but I think i am going to abandon it
[05:49] <jmarsden> dig @cserv.loyalreliable.com bserv.loyalreliable.com.  gets me a REFUSED back...
[05:50] <Dei> i just cleared my config when I uninstalled ISPconfig
[05:50] <jmarsden> so cserv is not really giving out info to the general public (me) for the loyalreliable.com domain yet.
[05:51] <Dei> hm
[05:51] <jmarsden> OK, so now just create working /etc/named.conf files for each DNS server and a zone file for loyalreliable.com on the master, and you're all set... right?
[05:51] <Dei> i suppose
[05:51] <Dei> I dont know how to do that yet though
[05:52] <jmarsden> Then why are you trying to run DNS servers?  Learn on a test LAN, not on the public Internet :)  Until you learn, let your ISP handle DNS duties...
[05:52] <Dei> lol
[05:52] <Dei> no time to learn
[05:52] <Dei> only time to make it work
[05:53] <Dei> would I have to edit my named.conf from /var/named/chroot/etc/named.conf?
[05:55] <jmarsden> Read http://www.langfeldt.net/DNS-HOWTO/BIND-9/ and http://www.howtoforge.com/traditional_dns_howto and that should help.  And no, you can edit /etc/named/named.conf unless you have done something odd.
[05:56] <Dei> i dont think i'm too odd
[06:00] <jmarsden> Hmmm, I just installed bind9 on Intrepid 8.10 desktop here and it is using /etc/bind/named.conf ...
[06:04] <Dei> yeah
[06:04] <Dei> I'm actually running fedora lol
[06:04] <Dei> but having trouble finding people to help
[06:04] <Dei> ubuntu is on my laptop though ;]
[06:05] <jmarsden> Fedora is not recommended as a server OS... use CentOS if you must go the way of RPM on your servers...
[06:05] <Dei> hm
[06:05] <Dei> maybe i'll put Ubuntu Server on
[06:05] <Dei> start with a fresh pallet
[06:05] <jmarsden> That would make this a better place to ask your questions :)
[06:05] <Dei> lol
[06:09] <jmarsden> https://help.ubuntu.com/8.10/serverguide/C/ is a good starting point if you are new to Ubuntu Server.  And be sure you select the "DNS Server" task from the task list during the install... so you'll have the relevant software installed for you.
[06:09] <Dei> yeah
[06:09] <Dei> I might go ahead and put Ubuntu Server on there
[06:09] <Dei> you know how you set the host name
[06:10] <Dei> does that actually have any affect
[06:10] <Dei> i.e. am I required to have that matching
[06:12] <jmarsden> Not for DNS service to work, no.
[06:12] <Dei> what cases would that be necessary?
[06:12] <Dei> if you had a large internal network?
[06:13] <Dei> with an internal DNS
[06:14] <jmarsden> Web hosting with virtual web hosts, email unless you mess in extra detail with config files... DNS requests go to an IP address and a well known port number, so you can name the server host(s) whatever legal hostname you choose.
[06:15] <Dei> hm
[06:15] <Dei> I'm going to be doing vhosts
[06:15] <jmarsden> Most people name the host whatever fits their naming scheme, but register aliases like ns1 and ns2 for DNS server names, so they can move DNS around among their servers if they want to.
[06:16] <Dei> im going to run my primary and secondary dns on the same system ;o
[06:16] <Dei> and then hopefully host 100 sites
[06:18] <jmarsden> You are nuts.  Or your customers are, to trust you, if you only run one DNS server... at minimum use a free secondary DNS host like editdns or granitecanyon or whatever...!
[06:19] <Dei> thats what ive seen recommended
[06:19] <Dei> i'll check editdns
[06:19] <Dei> I mean..
[06:20] <Dei> I would run 2 servers.. but we would be  behind the same internet connection
[06:20] <Dei> so I didnt see a purpose.. baring Hardware failure
[06:23] <jmarsden> Your two DNS servers are supposed to be on separate subnets on different upstream connections...
[06:23] <jmarsden> You can get a small virtual private server for this kind of use for about US$15/month if you don't want to use a free secondary.
[06:24] <Dei> I'm taking a look at opendns here now
[06:25] <Dei> i just assumed
[06:25] <Dei> if dns and web are on the same server
[06:25] <Dei> DNS wouldnt be down unless Web is down
[06:25] <Dei> and if Web is down... then why would DNS still need to be up
[06:25] <Damm> It's fairly easy and inexpensive to keep a DNS server on a secondary server
[06:26] <Damm> I'm not sure if I share the same views as a different subnet/upstream.  However, I do share the views about having a secondary DNS server that's not running on your main websites box
[06:26] <Damm> I know certain NIC's love to make you do crazy things (like DENIC)
[06:26] <Dei> i kind of get it
[06:27] <Dei> but if Web is down, then what benefit would it be to keep DNS working
[06:27] <Dei> unless we had backup webservers
[06:27] <jmarsden> Dei: So you can quickly get a VPS from somewhere else and change your DNS to point all your customers to the new host!
[06:27] <Dei> hm
[06:28] <Dei> ok ok
[06:28] <Damm> Dei, mainly it's nice to have DNS on a secondary server so that when your website is getting pounded, your dns does not suffer.
[06:28] <Damm> that's one of the biggest benefits, a low TTL to move it to another IP is also good
[06:28] <Damm> :)
[06:28] <Dei> now i think im getting it
[06:28] <Dei> for instance
[06:29] <Dei> if we had a disaster
[06:29] <Dei> and web would be down for a week
[06:29] <Damm> Dei, I always plan for failure... and hope for success.
[06:29] <Dei> yeah
[06:29] <Damm> that way when the worst happens, you know what to do and handle it.
[06:30] <Dei> i'll start doing the same
[06:30] <Dei> sounds like good practice
[06:30] <Dei> do you guys know of any shell providers
[06:30] <Damm> to stray OT a little, It's better to realize your failure points, and address them now when your smaller.  Then when your trying to grow leaps and bounds, and you can't get ahead because you didn't spend the time earlier.
[06:31] <Dei> or VPS... if thats the same thing or not I do not know
[06:31] <Damm> Honestly, I'm lazy.  I use Akamai for my DNS Needs.  I have Powerdns setup using MySQL for a backend, it just transfers my zone every 30minutes and deploys it on their DNS servers.
[06:31] <Damm> not exactly cheap
[06:31] <Damm> but you can get a Slicehost.com account for 10$/month
[06:31] <Damm> and they're okay.  There's some latency issues at odd hours, but overall it's been reliable.

[06:31] <Dei> lol
[06:31] <Dei> we are the topic
[06:32] <jmarsden> Dei: slicehost, linode, johncompanies ... and yes this is all OT for #ubuntu-server
[06:32] <twb> jmarsden: is there a channel for that?
[06:33] <jmarsden> I'm not sure, on freenode... which is basically all about open source software...
[06:33] <Dei> hm... Akamai with PowerDNS?
[06:35] <Dei> it seems like bind might be easier initially, since I wont have to bother with SQL
[06:36] <Damm> Dei, it's OT... if you wish to discuss that conversation further you can /query me.
[06:36] <twb> jmarsden: well, is there an #ubuntu-offtopic or -chat or something?
[06:36] <twb> jmarsden: my point is it's better to direct people elsewhere for OT than just to tell them to shut up (paraphrasing).
[06:37] <jmarsden> There is #ubuntu-offtopic, yes.
[06:38] <jmarsden> I do not see any channels specifically about finding good VPS or shell host providers here on Freenode, which is what I thought you were asking.
[06:43] <twb> jmarsden: that was my initial question, yes
[06:43] <twb> Failing that, directing people to a generic "noise" channel seems advisable
[06:44] <jmarsden> True... in this instance, by the time I had searched the channel list for a few appropriate keywords, they'd apparently already taken it to private messages :)
[06:46] <Dei> :)
[06:54] <_law_> hi guys i wanna ask that how to list the package that installed in ubuntu server
[06:56] <friartuck> _law_ dpkg -l | grep ii | grep foo
[06:57] <_law_> friartuck, ii  n foo r the name of the package?
[06:57] <friartuck> _law_ dpkg -l | grep ii  #to list all installed pakages. make sense?
[06:58] <_law_> ooo
[06:58] <_law_> ok i try it now
[06:58] <friartuck> foo is case sensitive
[06:58] <friartuck> ^whatever your package name...foo is example :)
[06:59] <_law_> thx friartuck
[06:59] <_law_> :)
[06:59] <_law_> now i have another question
[07:01] <_law_> in my box i have libtomcat6-java, tomcat6, tomcat6-common installed , but when i tried to deploy  a war file in the tomcat webapps it won't be deployed, is there any other tomcat package that i have to install, to make it works?
[07:02] <_law_> in my box i have libtomcat6-java, tomcat6, tomcat6-common installed , but when i tried to deploy  a .war file in the tomcat webapps it won't be deployed, is there any other tomcat package that i have to install, to make it works?
[07:03] <friartuck> _law_ I'm not tomcat pro...have you looked here? https://help.ubuntu.com/8.10/serverguide/C/tomcat.html
[07:03] <_law_> ok friartuck, thx
[07:07] <_law_> hmm i think i already installed the needed tomcat package , but still i can't deploy the hudson.war
[07:14] <_law_> XD
[07:16] <_law_> guys i want to deploy a .war file in tomcat n i have installed java, libtomcat6-java, tomcat6, tomcat6-common. but the war file can't be deployed. what should i do?
[07:17] <twb> _law_: is there any error message?
[07:18] <_law_>  The requested resource (/hudson) is not available.
[07:18] <twb> Bummer.
[07:18] <twb> I don't do tomcat, so that's about all I can suggest, sorry.
[07:18] <_law_> it seems the hudson.war not deployed
[07:18] <_law_> Bummer?
[07:19] <_law_> what's that?
[07:19] <twb> It's a surfer term meaning "bad"
[07:19] <_law_> twb
[07:19] <ttx> _law_: what release ? intrepid ?
[07:19] <_law_> that's ok
[07:20] <_law_> ttx it's intrepid
[07:20] <kraut> moin
[07:20] <jmarsden> _law_: You might want to try asking in #tomcat ?
[07:20] <_law_> oh thx jmarsden
[07:20] <ttx> _law_: what are you doing exactly to deploy
[07:21] <_law_> just as usual put the war file in the webapps folder then restart tomcat
[07:21] <ttx> _law_: it may well be related to our way of doing things... so better ask here (to me) first
[07:21] <ttx> which webapps folder
[07:21] <_law_> tomcat
[07:21] <ttx> /var/lib/tomcat6/webapps ?
[07:21] <ttx> /usr/share/tomcat6/webapps ?
[07:21] <_law_> '/usr/share/tomcat6/webapps '
[07:22] <ttx> _law_: CATALINA_BASE is /var/lib/tomcat6/webapps
[07:22] <ttx> _law_: so you should deploy webapps there
[07:22] <ttx> _law_: otherwise you should have a deploy descriptor in /etc/tomcat6/Catalina/localhost
[07:22] <Damm> _law_, if you can't deploy a WAR you should find out why you can't deploy it
[07:22] <_law_>  in my box i only install libtomcat6-java, tomcat6, tomcat6-common
[07:22] <Damm> because more then likely tossing it in there, will not guarantee it working
[07:23] <_law_> ttx i'll try it now
[07:23] <Damm> ... if you go to the /manager ui, and you can't deploy a WAR that way, shoving it in /var/lib/tomcat6/webapps won't make it run
[07:23] <Damm> but ensure you restart tomcat6 after you put the WAR there
[07:23] <Damm> and best of luck :)
[07:24] <ttx> Damm: in fact we do autodeploy in Jaunty, so he wouldn't really need to restart :)
[07:25] <ttx> with Intrepid... I think it would work as well.
[07:25] <Damm> ttx, neat.  Well gosh dangit it's been awhile sinc eI ran tomcat6
[07:25] <ttx> (for war dropped in /var/lib/tomcat6/webapps)
[07:25] <Damm> thanks for letting me know though so i know in the future :)
[07:26] <Damm> but I promise I'll never install tomcat ever again in my life.. </OT>
[07:26] <ttx> Damm: never say never...
[07:26] <_law_> great ttx i put the war in '/var/lib/tomcat6/webapps' n it's deployed :D
[07:28] <Damm> ttx, although to be more on topic... i'm kinda suprised that it's not suggested to use jetty
[07:28] <Damm> or tomcat6 being deprecated for jetty
[07:28] <_law_> hmm i thought i must put in '/usr/share/tomcat6/webapps'
[07:28] <Damm> _law_, nope, that's different spot
[07:28] <Damm> :)
[07:28] <ttx> _law_: we are using a CATALINA_HOME / CATALINA_BASE deployment, like descibed in tomcat RUNNING.txt doc
[07:28] <ttx> CATALINA_HOME (/usr/share/tomcat6) contains binaries
[07:28] <_law_> so to deploy must pit in 'var/lib/tomcat6/webapps' i got it now
[07:28] <_law_> put
[07:28] <ttx> CATALINA_BASE (/var/lib/tomcat6) contains instance-specific stuff
[07:28] <_law_> thx ttx, Damm
[07:28] <ttx> you can use package tomcat6-user to deploy more (private) instances
[07:29] <ttx> different CATALINA_BASE, same CATALINA_HOME
[07:29] <ttx> Damm: why jetty ? We don't even have jetty6 packaged ?
[07:30] <_law_> ttx after i put in the '/var/lib/tomcat6/webapps ' i must restart thr tomcat 1st , if not it won't deploy  any war
[07:30] <ttx> _law_: possible, autodeploy is a new feature in Jaunty
[07:31] <_law_> oo
[07:32] <_law_> ic
[07:32] <_law_> hmmm ttx
[07:33] <_law_> u ever use hudson
[07:33] <ttx> sorry, no. My knowledge stops at tomcat6 packaging.
[07:34] <_law_> now i'm trying to deploy the hudson.war then it deployed n created the folder named hudson but when iwant to acces it via http://localhost:8080/hudson
[07:34] <_law_> i get http 404
[07:34] <_law_> description The requested resource () is not available.
[07:35] <_law_> but the other war works
[07:35] <ttx> _law_: I suppose it needs some more precise URL, like http://localhost:8080/hudson/html/index.jsp
[07:35] <ttx> (wild guess)
[07:39] <Damm> ttx, no clue, I'll be honest it's been about 2years since I ran Ubuntu, and I started running it again this week
[07:39] <Damm> so I have alot of catching up to do
[07:39]  * Damm has been sitting with RHEL for Production and Gentoo for development.
[07:40] <Damm> I believe that is the full yin and yang cycle </OT>
[07:40] <_law_> oo
[07:41] <_law_> i try it now
[07:46] <_law_> hmm it's not working XD
[07:46] <Damm> _law_, yep it's there.  afaik it was basically licensing that forced the tomcat/jetty hand if you were curious.
[07:46] <Damm> it's a bit different of a setup though i believe
[07:46] <_law_> hmmm
[07:48] <_law_> i 've deployed hudson.war in windows tomcat n it just simply put in webapps then when i access it via web browser it can be accessde
[07:49] <_law_> but in ubuntu sever is not working XD
[08:02] <_law_> guys which file in /etc/default to edit if i want to disabled tomcat  security manager?
[08:03] <ttx> /etc/default/tomcat6 -- TOMCAT6_SECURITY=no
[08:03] <_law_> oh thx ttx :)
[08:03] <ttx> _law_: not recommended except for testing/debugging, of course
[08:04] <_law_> hmm the in the hudson webpage tell to do that so i try it now
[08:05] <ttx> _law_: well, it's difficult to get security profiles right and they are an endless source of funky errors.
[08:05] <_law_> ic
[08:06] <_law_> ok now i'm trying to open the deployed hudson again XD
[08:06] <_law_> hmm it works but
[08:07] <Damm> but?
[08:07] <_law_> have other  error XD
[08:07] <_law_> the hudson now canbe accessed but on the page is written
[08:07] <_law_> Unable to create the home directory '/usr/share/tomcat6/.hudson'. This is most likely a permission problem.
[08:08] <Damm> tomcat may not be able to write there
[08:08] <_law_> hmm ya i guess so
[08:08] <ttx> _law_: ah. application makes unreasonable assumptions on how unsecure your setup could be
[08:08] <Damm> that's the common problem with some WARS that fail to install, they do something funky with $datadir
[08:08] <_law_> wat so u mean ttx?
[08:10] <ttx> well, it wants to create a directory under $CATALINA_HOME with the rights of the webapp. We usually confer limited rights to webapps, and those don't include changing stuff in the main directories
[08:10] <_law_> then wat should i do XD
[08:11] <Damm> ttx, i ran into a blog that did something worse... trying to write to /home/tomcat by default :(
[08:11] <ttx> _law_: any way to change that directory location ? If not try creating it manually and make it owned by the tomcat6 user
[08:11] <Damm> ttx, he has to unzip the WAR and modify the xmlfile that defines that location
[08:11] <Damm> and then re-pack it
[08:11] <ttx> Damm: convenient :)
[08:11] <Damm> if you prefer to not do that, unzip the WAR, and modify the xml file
[08:12] <Damm> and then login to the manager and tell it to start it
[08:12] <Damm> and it should start then
[08:12] <_law_> hmmm so  which is te easiest way?
[08:12] <_law_> :D
[08:13] <Damm> _law_, define easy?
[08:13] <Damm> in less then 10 steps? cd /var/lib/tomcat6/hudson
[08:13] <Damm> it should be under WEB-INF
[08:15] <_law_> hmm
[08:16] <Damm> i think
[08:16]  * Damm is looking at the WAR now
[08:17] <Damm> it may be the ${basedir} crud in META-INF/tab/tab/pom.xml
[08:17] <Damm> but doesn't click in the brain
[08:17]  * Damm looks further
[08:18] <Damm> found it
[08:19] <Damm> load up WEB-INF/web.xml
[08:19] <Damm> line 141 or so
[08:19] <_law_> then?
[08:19] <Damm> if HUDSON_HOME is not defined it defaults to your home directory
[08:19] <Damm> and guess what the tomcat users home directory is?
[08:19] <_law_> what?
[08:19] <Damm> ... if you guessed /usr/share/tomcat6 you win a cookie
[08:20] <_law_> oh
[08:20] <Damm>     <env-entry-value></env-entry-value>
[08:20] <Damm> put a value in that.
[08:21] <_law_> wait i open it now
[08:22] <_law_> aaaaaaaa , i'm using nano how to find the line 141 easily XD
[08:22] <jmarsden> nano +141 filename
[08:23] <_law_> oh i just knw that   tips thanx very much
[08:24] <_law_> u want me put wat value ?
[08:24] <_law_> oh
[08:25] <_law_> someone in #tomcat give me the answer
[08:27] <Damm> what was the answer he gave you?
[08:27] <Damm> set HUDSON_HOME?
[08:27] <_law_> still chatt with him XD
[08:31] <_law_> hmmm they tell me to set HUDSON_HOME to the dir that tomcat user have full privillge  in it
[08:32] <ttx> Hm. I would rather create a directory in which the tomcat user has full privilege. a tomcat6:tomcat6 /var/lib/hudson for example
[08:33] <_law_> ttx, how do iknow that some user has full privilege in any dir?
[08:35] <ttx> _law_: by looking at the owner/group of a directory. sudo mkdir /var/lib/tomcat6/hudson && sudo chmod tomcat6:tomcat6 /var/lib/tomcat6/hudson
[08:36] <_law_> oo
[08:36] <_law_> thx
[08:36] <_law_> i try it now
[08:38] <Damm> it's trying to write to /usr/share/tomcat6
[08:39] <Damm> which if you check /etc/passwd should be your homedir in the gecos
[08:39] <_law_>  gecos?
[08:46] <_law_> hmm wat is the corect form for chmod
[08:47] <_law_> i'm getting invalid error mode
[08:47] <Damm> because chmod doesn't change user/group
[08:47] <Damm> that's chown
[08:47] <_law_> ooo
[08:47] <_law_> ok i got it
[08:47] <Damm> chmod only accepts numbers, such as chmod 0740
[08:47] <ttx> ah hm, yes, sorry.
[08:47] <ttx> typo up there
[08:47] <_law_> ok nvm
[08:48] <_law_> ;)
[08:51]  * Damm needs to find his mysql 5.1 debs
[09:01] <_law_> it's not working :(
[09:04] <_law_> hmm i'm  tring to export the hudson home again coz it seems the hudson home is not changing
[09:09] <Damm> it won't because hudson home is tomcat's home directory
[09:10] <_law_> no
[09:10] <_law_> as root
[09:10] <Damm> until you change the file I mentioned, the line I mentioned... you will not win without just doing a horrible chmod -r tomcat:tomcat /usr/share/tomcat6
[09:10] <Damm> you don't run tomcat as root
[09:10] <_law_> i mean  as root i have done  export hudson home to  xxx
[09:11] <_law_> then i restart tomcat an acces via web browser  n it success  w
[09:11] <_law_> but
[09:11] <_law_> when i restart my servere
[09:11] <_law_> my server
[09:11] <Damm> you would have to export HUDSON_HOME in your tomcat startup script
[09:12] <Damm> in the same line that starts the tomcat instance
[09:12] <_law_> n i just go straight access  the hudson wb it gets the same error again
[09:12] <Damm> HUDSON_HOME=/tmp /usr/libexec/tomcat6
[09:12] <Damm> (example, not accurate)
[09:12] <Damm> and i've said my peace and how to fix it, good luck.
[09:13] <_law_> hmm u mean i need to  export hudson home by adding line in /etc/init.d/tomcat6?
[09:13] <Damm> I would rather you just fix web.xml
[09:13] <Damm> and slap the maintainer of hudson for making you do it
[09:14] <_law_> haha
[09:14] <Damm> assuming that CATALINA_HOME is writable is bad dumb, stupid.
[09:14] <_law_> maybe the maintainer only test it on windows
[09:14] <Damm> write to where you install the war, or give it a configuration option to set it... so it doesn't make you do this
[09:14] <Damm> but this is an old java issue
[09:15] <Damm> that won't get fixed by us talking
[09:15] <_law_> hey if wanna edit the web.xml?
[09:15] <_law_> wat should i do?
[09:16] <Damm> usually I just do mkdir -p /var/lib/tomcat6/webapps/hudson/data
[09:16] <Damm> for example
[09:16] <Damm> and then set in that file that folder
[09:16] <Damm> (and make sure tomcat/tomcat owns it)
[09:17] <_law_> ooo
[09:17] <mattt> evening all
[09:17] <_law_> hmm i already done editting the tomcat startup script now try to reboot server
[09:17] <_law_> hello mattt :)
[09:18] <Damm> you do have a pension for punishment _law_
[09:18]  * mattt feels sick at the sound of tomcat
[09:18] <_law_> a pension for punishment? wat do u mean? Damm
[09:19] <Damm> _law_, you are picking the most painful ways of resolving this issue.
[09:19] <Damm> why is that?
[09:19] <_law_> hmm did i?
[09:19] <Damm> editing /etc/init.d/tomcat6 should be your last resort
[09:19] <Damm> very last
[09:20] <_law_> hmm i already done it though
[09:21] <_law_> ohh noooo
[09:21] <twb> Damm: s/pension/penchant/
[09:21] <_law_> my tomcat not starting now
[09:21] <Damm> that's a shocker
[09:22] <_law_> '/etc/init.d/tomcat6: 29: /var/lib/tomcat6/hudson: Permission denied'
[09:22] <_law_> i just at the HUDSON_HOME= xxxx
[09:22] <_law_> XD
[09:23] <Damm> oh how that so fails
[09:23] <Damm> heh
[09:23] <_law_> help
[09:23] <_law_> how to fix it then?
[09:23] <_law_> XD
[09:24] <_law_> i've wasting whole day 4 setting hudson in ubuntu server
[09:24] <Damm> I'd suggest start by scrolling up
[09:25] <_law_> scrolling up?
[09:25] <_law_> u mean undo all i've done?
[09:26] <_law_> what shoul i do then/
[09:32] <_law_> ?
[09:33] <Damm> Not sure what your expecting me to say.
[09:34] <_law_> hmm now i'm trying to set the env variavle in my .bascrh
[09:35] <_law_> u think that will work? Damm?
[09:35] <Damm> nope
[09:35] <Damm> you are so cold it's not even funny.
[09:35] <_law_> why?
[09:36] <_law_> so the last step i need is to set the hudson home permanently
[09:37] <_law_> if i do it by execute export HUDSON_HOME=xxxx
[09:37] <_law_> it oly works 4 that session only XD
[09:37] <Damm> you can export whatever you want
[09:37] <Damm> it only works in that shell, and once setuid or su is called
[09:38] <Damm> that enviroment is not inherited
[09:38] <Damm> (unless you tell it to)
[09:38] <_law_> so what should  ido?
[09:38] <Damm> there's a file I mentioned about 5x if you scroll up
[09:38] <Damm> I even mentioned about what line to edit
[09:38] <shally87> hi..
[09:38] <Damm> and now I'm 100% done.
[09:38] <Damm> hi shally87
[09:39] <_law_> hi too
[09:39] <shally87> I would like to ask hod do i access my lamp server in vbox?
[09:39] <shally87> i do port forward but there is nothing happen
[09:39] <shally87> was using router dlink model dsl-500t
[09:39] <shally87> and i follow  the instruction here http://portforward.com/english/routers/port_forwarding/Dlink/DSL-500T/HTTP.htm
[09:40] <mattt> shally87: IIRC, if you forward the ports while the VM is running you need to reboot?
[09:41] <shally87> reboot the vm..
[09:41] <shally87> ok tq..
[09:41] <mattt> wait!
[09:41] <mattt> sorry
[09:41] <mattt> i thought you meant forward ports using VBoxManage
[09:42] <_law_> Damm u mean edit the line 141
[09:42] <_law_> i'm doing it now
[09:42] <kraut> my open-iscsi daemon is still flooding the filer with message like this: Fri Mar 27 10:36:20 CET [is@iscsi.notice:notice]: ISCSI: New session from initiator iqn.1993-08.org.debian:01:c3f22ca89d75 at IP addr XXX
[09:42] <kraut> does anybody know why?
[09:43] <shally87> ok
[09:44] <shally87> i use router to forward?
[09:44] <shally87> i use router to forward..
[09:45] <shally87> ok my condition is like this;
[09:45] <shally87> i got 1 cpu which i run a vbox inside...
[09:45] <shally87> and i have lamp server running
[09:45] <shally87> and a router outside with a dynamic ip..
[09:45] <shally87> so i want to access the lamp server by typing the dynamic ip
[09:45] <shally87> how to do that??
[09:46] <shally87> I found the port forward but it is not working
[09:46] <shally87> and my lamp server has it's own ip
[09:46] <shally87> which i not using NAT
[09:47] <Dei> you could enable the DMZ for a second just to test the forwarding
[09:48] <Dei> otherwise it must be an issue with the port forwarding; such as correct port# or tcp/udp
[09:49] <shally87> hmm
[09:49] <shally87> if i allow dmz, this means i only able to forward 1 vm..
[09:50] <shally87> any difference between tcp and udp?
[09:52] <Damm> http?
[09:53] <shally87> hmm
[09:53] <shally87> brb
[09:57] <tjaalton> kirkland: seems that update-motd is racy, sometimes I get motd.tail twice
[10:00] <simplexio> has nayone idea why my server now and then fails to answer ssh.
[10:01] <simplexio> Received disconnect: 2: server_input_channel_req: unknown channel -1
[10:02] <simplexio> usually first connect from remote server fails at morning. second try works. server is "home" server. i have something like 6 connections allways open and i open one at every mornign
[10:03] <simplexio> and connection is coming from "far away", nwer got that when connecting from desktop which is one hop away
[10:05] <kraut> my open-iscsi daemon is still flooding the filer with message like this: Fri Mar 27 10:36:20 CET [is@iscsi.notice:notice]: ISCSI: New session from initiator iqn.1993-08.org.debian:01:c3f22ca89d75 at IP addr XXX
[10:05] <kraut> does anybody know why?
[10:06] <shally87> hi again
[10:06] <shally87> i try but nothing works
[10:06] <shally87> any specific channel for port forwarding?
[10:08] <_law_> ok bye all go home time
[10:08] <_law_> thx 4 helping
[10:19] <kraut> ubuntu and iscsi is teh sucks!
[10:23] <Ethos> it's good
[10:23] <kraut> it's not working
[10:23] <Ethos> it's not hard?
[10:23] <kraut> and if you restart the iscsi intiator, nothing happens
[10:23] <Ethos> install it and connect
[10:23] <kraut> and now my system hangs again
[10:24] <Ethos> user error
[10:24] <Ethos> works perfect for me over ssh
[10:24] <kraut> user error, nice answer... really!
[10:24] <Ethos> It's true
[10:24] <Ethos> I know tonnes of people that use it
[10:24] <kraut> and why the hell is it flooding the filer with messages like this: Fri Mar 27 10:36:20 CET [is@iscsi.notice:notice]: ISCSI: New session from initiator iqn.1993-08.org.debian:01:c3f22ca89d75 at IP addr XXX
[10:24] <Ethos> No idea
[10:24] <Ethos> Sounds like you cocked it up? lol
[10:24] <kraut> we have tons of centos-systems wich are running like a charm
[10:25] <kraut> totally... do you have any other useless comments?
[10:25] <Ethos> Do you?
[12:19] <domas> goddamnit, us.archive.ubuntu.com is soooo slow, people should learn from european mirrors  :)
[12:38] <Jeeves_> domas: The U.S. Should learn from the rest of the world in lots of situations :)
[12:38] <ScottK> Jeeves_: Could we keep this about Ubuntu Servers please?
[12:39] <Jeeves_> ScottK: I was not interested in a useless discussion about the US. it was just a remark.
[12:40] <ScottK> Jeeves_: OK.  I'm not either and I really don't appreciate it.
[12:41] <Jeeves_> ScottK: ok .....
[12:42] <domas> we have local hardy mirror, so I somehow never noticed problems =)
[12:43] <acicula> thought ubuntu already defaulted to a local mirror when installing
[12:44] <domas> well, by "local", I mean "one in LAN"
[12:45] <Jeeves_> domas: Join #ubuntu-mirrors
[12:45] <Jeeves_> we can make jokes about the us there too :)
[12:46] <domas> I just pressed 'ok' too fast when doing netinstall
[12:46] <domas> I'm testing a nehalem box
[12:46] <domas> wanna see how much difference sse4.2 optimized kernels/software can make
[12:49] <acicula> depends on what you are doing iirc
[12:49] <acicula> some benches so little improvement, some show a lot
[12:49] <acicula> *show
[12:50] <acicula> though i'm guessing your playing with the server variant?
[12:50] <domas> ye
[12:50] <acicula> doesnt it come with more cache then the i7?
[12:51] <domas> http://p.defau.lt/?6owFTijFM99gLtSMBDcdqA
[12:51] <acicula> heh that's an awesome domain
[12:52] <giovani> not quite as cool as the cook islands :)
[12:52] <acicula> dual socket system?
[12:52] <domas> ye
[12:52] <acicula> nice
[12:52] <domas> I wanted to get fau.lt though
[12:52] <domas> but some squatters had it :)
[12:53]  * acicula scratches head over what country goes with lt
[12:53] <giovani> Lithuania?
[12:53] <giovani> that's all I can think of without looking it up
[12:53] <domas> thats correct :)
[12:55] <domas> I always like to do-release-upgrade over the atlantic
[12:55] <giovani> getting ready for jaunty? :)
[12:56] <domas> shiiiit, sshd didn't come up after restart
[12:56] <domas> bad part - I didn't set root password
[12:57] <domas> so my ssh keys don't really work
[12:57] <acicula> heu
[12:57] <acicula> dont need a password if you have a key?
[12:58] <domas> who needs passwords
[12:59] <acicula> are you using services from hostex?
[13:00] <domas> some, why?
[13:00] <acicula> just curious about their service, but cant really make heads or tails of their page
[13:00] <acicula> was wondering if you knew of an english version
[13:01] <domas> you need hosting in lithuania? :)
[13:01] <domas> info@hostex.lt would work, I guess
[13:02] <domas> they run main datacenters here
[13:03] <domas> why can't I get into grub :)
[13:03] <quizme> has anybody upgraded to ruby 1.9.1 ?
[13:03] <domas> woo, success
[13:03] <acicula> domas: not specifically in lith, but somewhere in the eu is fine if connection is decent
[13:03] <acicula> domas: gratz :)
[13:03] <quizme> do i have to reinstall ruby gems if i just upgraded to ruby 1.9.1 ?
[13:05] <domas> success was mostly for getting into grub screen
[13:05] <acicula> well you are halfway there then
[13:05] <domas> somewhat difficult with text and background having same color
[13:05] <acicula> :/
[13:06] <domas> damn, missed again
[13:06] <domas> why the heck doesn't ssh come up :)
[13:06] <acicula> network started?
[13:07] <domas> yup
[13:07] <domas> responds to ping :)
[13:07] <acicula> can do a local logon?
[13:07] <domas> no, there's no password
[13:07] <domas> have to reset it :)
[13:07] <acicula> boot in single user mode
[13:08] <domas> I tried init=/bin/sh, probably too old trick
[13:08] <acicula> no user with admin rights set either?
[13:08] <acicula> init=S i think
[13:08] <acicula> not sure
[13:08] <domas> ghm, what is 'recovery mode'
[13:08] <domas> what happens if I boot in 'recovery mode'? :) never tried that
[13:08] <acicula> err that lets you drop to a shell too
[13:08] <acicula> dunno if you need a pass
[13:09] <acicula> hey these guys are pretty cheap too, whats your experience with them
[13:09] <domas> I used to run systems dept. for that company once upon a time :)
[13:10] <acicula> ah
[13:10] <domas> anyway, it has good connectivity to .lt
[13:10] <domas> and as .lt is in europe's ass
[13:10] <acicula> i know :)
[13:10] <domas> it probably isn't good for european hosting
[13:10] <domas> I use server4you.de myself
[13:10] <acicula> well i'm mostly using my vps to dial out, not so much incomming traffic so
[13:12] <acicula> domas: they look pretty nice as well, should've searched better before i guess
[13:13] <domas> arghhhh
[13:13] <domas> http://p.defau.lt/?QjLfEsw_0yGjAp582inyLQ
[13:14] <acicula> root
[13:14] <acicula> drop to shell?
[13:14] <acicula> ohcrap
[13:14] <acicula> :D
[13:14] <acicula> http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/
[13:15] <acicula> tl;dr boot grub edit kernel line, add single
[13:15] <acicula> wait, that also drops you into giving the password
[13:15] <acicula> boot from cd and chroot into the server?
[13:16] <acicula> maybe you can override the init?
[13:17] <domas> thats what I tried at first :)
[13:19] <domas> so sad :)
[13:22] <anelephant> HI, I have a problem with a bin9 server. It seems to resolv internet querys well. However I have some problem with some xp machines that is not able to use it. When I do nslookup it gives error message: server failed
[13:23] <anelephant> anyone have any smart Ideas?
[13:24] <acicula> what does the log say
[13:27] <domas> lol
[13:27] <domas> I just had lots of amusement in #ubuntu
[13:29] <anelephant> I haven't set up a log, I'll do that now.  named-checkzone works out fine on both reverse and forward zones, and there is net access on all machines however some machines are not able to access other machines by name, only by IP. I'll get back to you with the results from the log.
[13:34] <domas> this is epic
[13:34] <domas> http://p.defau.lt/?kuELtwBBr6cZKpr8mR7G2g
[13:39] <acicula> lol, read the first line, dont need to read the rest
[13:40] <acicula> boot something and chroot
[13:40] <acicula> add a user :P
[13:41] <acicula> if you boot in single user mode, wont pressing enter for a password work, since there isnt a root password?
[13:52] <anelephant> so I seem to have been able to find the problem with my bind9 server. when The server tries to load the zone file it gets : permission denied. Now I guess I am sounding noobish but how do I set the permissions for the file so that bind can access it?
[13:53] <zul> anelephant: chown
[13:54] <anelephant> yea, but what permissions should the file have?
[13:56] <acicula> well read as the user or group,
[13:56] <anelephant> ok, thanks acicula!
[13:56] <domas> ok, hahaha, apparently init=/bin/dash is also correct way, it just doesn't print you shell
[13:56] <domas> but listens for commands
[13:57] <acicula> so you gots root back
[13:57] <acicula> t00t
[13:59] <domas> well, it doesn't have terminal initialized, just pure stdin/stdout
[13:59] <domas> so, 'passwd' doesn't work :)
[14:00] <acicula> /sbin/passwd
[14:00] <acicula> probably have no path set?
[14:01] <domas> passwrd uses terminal i/o, not stdin
[14:02] <acicula> can use useradd with options to add a user and add it to the admin group perhaps?
[14:04] <domas> usermod -p works
[14:04] <domas> oh well, it works now
[14:05] <acicula> it's not added to the admin group by default
[14:05] <acicula> so you have to specify or change that
[14:18] <domas> I just set the password :)
[14:25] <incorrect> I am wondering what the best method of setting up samba is,  I feel i should use pam authentication
[14:25] <incorrect> if I use ldap then it seems a use has to maintain two passwords
[14:25] <infinity> Samba can't auth against PAM, but you can go the other direction.
[14:26] <infinity> libpam-smb allows all your other PAM-using services to authenticate against Samba.
[14:26] <incorrect> I am sure i once had use pam to get its user db
[14:26] <infinity> (You can't do it the other way because SMB clients send passwords pre-encrypted, and Samba passing an encrypted password to PAM would do no good)
[14:26] <kirkland> tjaalton: hmm, i just took a quick look at the code, and i don't see the race
[14:27] <kirkland> tjaalton: please file a bug, and give as much information as you can about what situations you see the race
[14:29] <incorrect> ok so what ever protocols can i use to serve home directories to linux,macs and windows?
[14:30] <tjaalton> kirkland: does it run twice at *:00 ?
[14:30] <giovani> incorrect: well ... windows likes SMB/CIFS
[14:30] <tjaalton> kirkland: maybe I'm reading the cronjob wrong, but it appears so
[14:30] <giovani> linux/mac can handle SMB/CIFS with samba
[14:30] <giovani> linux/mac can handle NFS more easily though
[14:30] <giovani> windows can handle NFS with some software
[14:31] <incorrect> is there anything else
[14:31] <giovani> theoretically, sure
[14:31] <giovani> those are the big ones
[14:31] <giovani> unlikely the other options would work well
[14:31] <incorrect> what about webdav?
[14:31] <giovani> it's not a filesystem replacement, but it's a way of sharing files, sure
[14:31] <giovani> like ftp is
[14:32] <incorrect> probably samba is the best method
[14:32] <giovani> just depends on your needs
[14:33] <genii> I have to sat that the unix tools for windows really really suck, however
[14:33] <genii> sat -> say
[14:34] <giovani> indeed, but they're not the only solution
[14:34] <giovani> so you're not forced to use them
[14:34] <incorrect> ok i will get samba going
[14:36] <kirkland> tjaalton: can you pastebin your cronjob?
[14:36] <kirkland> tjaalton: i'm running update-motd from HEAD, which isn't in jaunty
[14:36] <kirkland> tjaalton: (inotify-based update-motd :-)
[14:37] <tjaalton> kirkland: it's what's in jaunty
[14:37] <tjaalton> have to go now.. ->
[14:49] <anelephant> Hi I have been struggeling with my bind server giving permission denied on my zone files, Ive tried making root owner and bind owner but it doesn't seem to work.. Any ideas?
[14:55] <sommer> anelephant: check /var/log/syslog for apparmor entries... have you changed the default location of your zone files?
[14:59] <NEWzilla> i love the debian way to manage apache...  thanks guys!
[14:59] <NEWzilla> the sites-enable sites-disable and the a2en* commands. nice..
[15:04] <giovani> NEWzilla: we love it too :)
[15:18] <ScottK> kirkland: I like the packages to be updated count on login in Jaunty.  That was you that did that, right?
[15:19] <kirkland> ScottK: ack ;-)
[15:19] <ScottK> So thanks for that.
[15:20] <kirkland> ScottK: if you want to see that number tracked on an hourly basis, run the fancy new screen-profiles
[15:21] <jpds> kirkland: Is it a known bug that screen-profiles does not work with screen's 'altscreen on' option?
[15:21] <kirkland> jpds: not sure...  i dunno what altscreen does... /me checks the manpage
[15:22] <jpds> kirkland: It clears up any output screen gives on closing/detach.
[15:22] <jpds> So instead of seeing backlog, you just see [screen detached].
[15:23] <kirkland> jpds: so if you put that in your .screenrc
[15:23] <jpds> It doesn't work.
[15:23] <kirkland> jpds: and you're running screen-profiles, that option is not respected?
[15:23]  * kirkland tests
[15:23] <jpds> Yeah. :(
[15:24] <kirkland>         altscreen on|off
[15:24] <kirkland>  
[15:24] <kirkland>         If set to on, "alternate screen" support is enabled in  virtual  termi‐
[15:24] <kirkland>         nals, just like in xterm.  Initial setting is ‘off’.
[15:24] <kirkland> that's a terrible explanation in man
[15:27] <jpds> kirkland: You can test it using my old screenrc: http://ryanak.ca/~jpds/screenrc
[15:27] <kirkland> jpds: yeah, i've reproduced the problem
[15:27] <kirkland> jpds: please open a bug
[15:27] <kirkland> jpds: you can mark it 'confirmed', and priority 'medium'
[15:27] <kirkland> jpds: i'm working on a couple of critical mdadm and kvm issues at the moment, but i'd really like to get this fixed
[15:28] <kirkland> jpds: in the case where you can figure out the problem, i'm definitely all ears, and will gladly merge a fix ;-)
[15:29] <Tuxist1> hi
[15:30] <Tuxist1> I have problem with kerberos ,pam and nfs when I mount the nfs volume I can't login into my kerberos user with pam
[15:33] <jahor> hi anyone know some resource (wiki, web etc) about documenting network infrastructures and server environment ? in last days i create doc for one of our larger deployments with more servers and many services and i could not find a sane way to document dependencies betwen components (my idea is keep all in one wiki)
[15:33] <jpds> kirkland: Bug filed, I'll take a look into the source too.
[15:34] <kirkland> jpds: thanks a lot
[15:34] <jahor> btw anyone know about some tool like lintian for checking server configuration (something like checking all disk partitions are in nagios configuration, regexp based check of some config files etc)
[15:34] <kirkland> jpds: i suggest removing chunks out of your screen-profiles profile
[15:35] <kirkland> jpds: until you get it down to the point where altscreen works again
[15:35] <kirkland> jpds: and then we can identify the conflicting option
[15:35] <kirkland> jpds: does that make sense?
[15:37] <kirkland> jpds: okay, i found the problem-setting
[15:37] <kirkland> jpds: termcapinfo xterm* ti@:te@
[15:37] <jpds> kirkland: Yep, will do... thought it might have been that.
[15:37] <kirkland> jpds: perhaps you can do a bit of research and find out how to get altscreen and termcapinfo compatible with one another?
[15:38] <kirkland> jpds: i would be so appreciative ;-)
[15:38] <jpds> kirkland: Sure.
[15:38] <kirkland> jpds: cheers, dude!
[15:39] <mathiaz> kirkland: I'm running screen-profile 1.40 on my hardy server.
[15:40] <mathiaz> kirkland: the number of updates is incorrect.
[15:40] <mathiaz> kirkland: how can I fix that?
[15:40] <kirkland> mathiaz: \o/
[15:40] <kirkland> mathiaz: hit F5-enter
[15:40] <kirkland> mathiaz: that'll refresh all of your status indicators
[15:40] <mathiaz> kirkland: nope - still wrong
[15:40] <kirkland> mathiaz: okay, then run apt-get update
[15:40] <kirkland> mathiaz: and then F5-enter
[15:40] <mathiaz> kirkland: apt-get update; apt-get dist-upgrade shows nothing
[15:41] <kirkland> mathiaz: oh, hardy ....
[15:41] <kirkland> mathiaz: hardy doesn't have the hook to update /var/run/updates-available on upgrade
[15:41] <kirkland> mathiaz: rm ~/.screen-profiles/updates-available
[15:41] <kirkland> mathiaz: then F5-enter
[15:41] <kirkland> mathiaz: it would pick up the change in an hour
[15:41] <kirkland> mathiaz: within an hour
[15:42] <kirkland> mathiaz: jaunty is basically instant
[15:42] <mathiaz> kirkland: great - thanks.
[15:42] <mathiaz> kirkland: also - in the status bar, Ubuntu 8.04 is written
[15:42] <mathiaz> kirkland: I used to have Ubuntu 8.04.2
[15:42] <kirkland> mathiaz: hmm
[15:42] <kirkland> mathiaz: let me check something
[15:43] <kirkland> mathiaz: that's something to do with lsb-release
[15:43] <mathiaz> kirkland: I was running 1.15 and 8.04.2 was shown
[15:43] <kirkland> lsb_release
[15:43] <mathiaz> kirkland: 1.40 shows 8.04
[15:43] <kirkland> mathiaz: yeah, i used to grep that out of /etc/issue
[15:43] <kirkland> mathiaz: now i'm using lsb_release properly
[15:44] <mathiaz> kirkland: right - you're using -i -r
[15:44] <mathiaz> kirkland: why not using -d for description?
[15:45] <kirkland> mathiaz: i think i got something weird on Debian or elsewhere when i used -d
[15:45] <kirkland> let me check ...
[15:48] <kirkland> mathiaz: had to look it up ....
[15:48] <kirkland> mathiaz: lsb_release -d on debian says: "Debian GNU/Linux 5.0 (lenny)"
[15:48] <kirkland> mathiaz: someone from debian complained that that was too many chars
[15:49] <kirkland> mathiaz: i can special-case it for us
[15:50] <mathiaz> kirkland: hm - it's just cosmetic I think
[15:51] <mathiaz> kirkland: if it requires too much code it may not be worth
[15:51] <kirkland> mathiaz: it'll be trivial to fix
[15:51] <kirkland> mathiaz: if you open a bug, i'll fix it ;-)
[15:54] <sbeattie> kirkland: heh, on my opensuse server (that will get replaced soonish), it shows up as '"openSUSE 10.3 (i586)"' (double-quotes included)
[15:56] <kirkland> sbeattie: yeah, i'm going to special case it
[15:56] <sbeattie> Oh, that was with -d
[15:56] <kirkland> sbeattie: distros that have concise+informative -d, and others that need to be -r -i
[15:56] <kirkland> mathiaz: this status notification does not run frequently, so we can do more work in it
[15:57] <kirkland> mathiaz: as opposed to the load and mem ones, which run every 2 seconds... those have to be *fast*
[16:42] <mathiaz> dantalizing: what's the state of openvz in jaunty?
[16:43] <jpds> kirkland: There doesn't seem to be a way to make termcapinfo and altscreen play together.
[16:43] <kirkland> jpds: bummer ...
[16:44] <jpds> kirkland: Also altscreen only wipes the screen for stuff like vim
[16:44] <kirkland> jpds: is this documented anywhere?
[16:44] <kirkland> jpds: ie, did you find others hitting this issue?
[16:44] <jpds> Removing the termcapinfo wipes the screen on detach/close.
[16:44] <kirkland> jpds: but not stuff like .... what?
[16:44] <kirkland> jpds: i was using "ls -al" in my tests
[16:44] <kirkland> jpds: and it was wiping that
[16:44] <jpds> kirkland: No, I asked in #screen
[16:44] <kirkland> jpds: is there some way we can modify the termcapinfo to play nice?
[16:45] <jpds> Not that they told me of :(
[16:45] <kirkland> jpds: is there an open bug against screen?
[16:45] <kirkland> jpds: can we open one against screen?
[16:45] <kirkland> jpds: or is this "by design"?
[16:46] <kirkland> jpds: we're carrying a couple of trivial patches against screen, both of which have been accepted upstream, i think
[16:48] <jpds> kirkland: My guess is that it's by design.
[16:48] <scope006> can ayone point me in the right direction for some best practices on keeping logs well managed and under control in ubuntu server?
[16:48] <scope006> i want to have some control over how long i keep various old logs files etc
[16:49] <mathiaz> jdstrand: have you tried to use virt-manager + kqemu on jaunty?
[16:50] <kirkland> jpds: okay, leave the bug open, paste your findings or irc log
[16:50] <kirkland> jpds: i'll take a look at the screen source at some point when things settle a little bit
[16:50] <kirkland> jpds: i'll see if i can find something that work s;-)
[16:52] <kirkland> mathiaz: thanks for bringing up the updates-refresh question ...
[16:52] <kirkland> mathiaz: i just verified that it's working properly on jaunty, where apt upgrade is properly hooked to update /var/run/updates-available
[16:57] <jdstrand> mathiaz: not for a while, no
[16:58] <jmedina> scope006: I like to use remote syslog servers, I have used syslog-ng for log rotation and archiving
[16:58] <jmedina> there are some web interfaces for searching in the logs
[16:59] <jmedina> syslog-ng can archivo logs in database so you can use syslog-ng php  or something
[16:59] <scope006> jmedina syslog-ng... ok cool ill look into that
[16:59] <jmedina> I think there is a new syslog daemon, it is used in fedora
[16:59] <scope006> im also looking at the logrotate.conf file atm as well to see what is setup out of the box
[16:59] <jmedina> syslog-ng can rotate logs by itself
[17:00] <scope006> hmmm
[17:00] <scope006> interesting
[17:00] <jmedina> but most important, be sure you understand log facilities and priorities
[17:00] <jmedina> you can use sysklogd to send logs to a remote syslog-ng
[17:01] <jmedina> sysklogd only uses UDP
[17:01] <jmedina> syslog-ng can use udp + tcp
[17:01] <giovani> syslog over tcp typically isn't used
[17:01] <jmedina> I like syslog-ng because has a log of filtering capabilities
[17:01] <scope006> interesting
[17:02] <jmedina> giovani: yeap, it is just an option, some poeple think it is good
[17:02] <scope006> im going to do some reading up on it then
[17:02] <giovani> jmedina: yep, it has its uses -- high-volume logging, where order and delivery are critical, tcp should be used
[17:02] <scope006> right now i haven't tweaked any rotation/pruning
[17:02] <scope006> just using logwatch to email me changes each morning
[17:02] <giovani> but low-volume, or sporadic logging (like say, from a voip handset) should always be udp -- tcp adds too much overhead
[17:02] <jmedina> giovani: that is a a good use
[17:03] <jpds> Anyone know why apparmor is just failing for me? http://paste.ubuntu.com/139077/
[17:03] <scope006> and am using a custom script to rotate my apache logs when i want it to happen and then issue a graceful restart
[17:03] <jmedina> there is good web interface I dont remember, it used to be in sourceforge banners
[17:03] <jmedina> :S forgot the name :S
[17:03] <jpds> Also, I'm getting errors from a null-complain-profile - no idea where that is coming from though.
[17:03] <scope006> giovani that makes sense
[17:04] <sbeattie> jpds: cat /proc/self/attr/confined ; you're likely working under a shell that got an apparmor complain profile attached to it.
[17:04] <sbeattie> (it won't let you load policy in that case)
[17:05] <jpds> sbeattie: Oh, right! That file doesn't exist either..
[17:05] <sbeattie> there's an upstream fix that reports a better error message, but that didn't make it into jaunty.
[17:05] <dantalizing> mathiaz: we werent able to get any focus on jaunty from openvz
[17:05] <sbeattie> jpds: duh, sorry, tired, /proc/self/attr/current
[17:06] <dantalizing> mathiaz: but we're going to have for karmic in prep for the next lts
[17:06] <jpds> sbeattie: "null-complain-profile (complain)"
[17:06] <jpds> sbeattie: Must be the usr.sbin.sshd profile I added.
[17:06] <mathiaz> dantalizing: sounds like a good plan to me.
[17:06] <sbeattie> jpds: yes, that would do it.
[17:07] <mathiaz> dantalizing: any info on whether openvz will be included upstream?
[17:07] <jpds> sbeattie: OK, thanks a lot.
[17:09] <sbeattie> jpds: you should be able to do 'sudo sh -c "echo -n unconfined > /proc/$$/attr/current"' to let your current shell reload policy
[17:10] <scope006> jmedina:  it looks like out of the box logrotate does a lot of default archiving and "pruning" for you with various logs
[17:10] <Pubnum> Howdy
[17:10] <Pubnum> cetan_hota: care to take the floor?
[17:11] <cetan_hota> Afternoon all. Having an issue with 9.04 mounting an iso image from VMware. If I attempt to mount the iso image thats on the host in my 9.04 guest, all that happens is the File Bowser opens over and over..
[17:11] <Pubnum> and over and over...
[17:11] <Pubnum> I am a confirmed second victim of this issue
[17:12] <dantalizing> mathiaz: not that i'm aware of .. iirc the latest kernel they're supporting is 2.6.26
[17:12] <cetan_hota> I can move a iso image into the guest and mount it without issue.
[17:12] <jpds> sbeattie: Does $$ get autoreplaced? Setting it to the shell's PID doesn't let me reload profiles.
[17:13] <sbeattie> $$ should be the shell's pid as well, but hrm.
[17:13] <sbeattie> what does it contain after you do that?
[17:14] <jpds> sbeattie: Same, null- ....
[17:17] <sbeattie> jpds: duh, sorry again; try 'sudo sh -c "echo -n setprofile unconfined > /proc/$$/attr/current"'
[17:17] <sbeattie> (note the added setprofile statement)
[17:19] <jpds> sbeattie: It doesn't seem to be able to write to the file.
[17:53] <lamont> mathiaz_: around?
[19:02] <fevel> hello
[19:03] <fevel> does anyone know the software heartbeat?
[19:07] <RoAkSoAx> felipe_, i do
[19:10] <jmedina> anyone here using openvpn 2.1 with UP/DOWN scripts or plugins?
[19:10] <jmedina> probably using script-security option
[19:11] <jmedina> I think I found a bug in openvpn iniscript in intrepid
[19:13] <RoAkSoAx> jmedina, you could check in launchpad if the bug is reported, or you could report it yourself
[19:14] <jmedina> RoAkSoAx: thanks I'll do
[19:14] <RoAkSoAx> np :)
[21:05] <mattofak> hi all; i'm attempting to setup media wiki to authenticate against my AD server, i think I have it mostly figured out, but does anyone know how to install a new root CA for OpenSSL so that LDAPS works?
[21:40] <mathiaz> mattofak: you wanna look at the ca-certificates package and its update-ca-certificates command
[21:41] <mathiaz> mattofak: once you've added the new root CA to the ca-certificates infrastructure, you'd have to configure you media wiki system to use the ca certificates.
[21:42] <mattofak> mathiaz: I'm in the process of writing those config files now, but wouldnt i just tell it to use an LDAPS bind, and then OpenSSL takes care of the rest so long as i have the root cert installed
[21:43] <mathiaz> mattofak: you have to configure the ldap client to trust the ca certificates ca
[21:43] <mathiaz> mattofak: and starting from hardy, libldap (openldap) is using gnutls rather than openssl.
[21:44] <mathiaz> mattofak: the system-wide configuration file for the ldap client library is /etc/ldap/ldap.conf
[21:44] <mathiaz> mattofak: this is where you set the TLS_CACERT option to the list of ca certificates that should trusted.
[21:45] <mathiaz> mattofak: this is where you set the TLS_CACERT option to point to a file holding all the ca certificates that should be trusted.
[21:46] <mattofak> ok, i see where you're going with that
[21:55] <mattofak> mathiaz: it appears i have some problems in media wiki itself, so i need to work that out before i can see if LDAPS works, but that you for setting on the right path
[21:57] <PotterT|VF> I am trying to use a vpn script created for redhat variants (using if-up/if-down and ifcfg-vpn0)   any one know of any easy changes that could be done to adapt it for ubuntu server?
[21:57] <PotterT|VF> or debian servers in general i guess
[22:01] <jahor> hello, anyone know about some tool like lintian for checking server configuration (something like checking all disk partitions are in nagios configuration, regexp based check of some config files etc)
[22:29] <thierry_> hi, I'm new to the server world, I'd like to know if you could point me some ressource on how to set up a ubuntu server on a home network so that it will be visible from outside this network too
[22:30] <Deeps> www.portforward.com
[22:30] <thierry_> (I already have ubuntu server installed, I'm just clueless on how to make it work with a domain name, ssh, etc...)
[22:32] <friartuck> thierry_ you could start here: https://help.ubuntu.com/8.10/serverguide/C/index.html
[22:33] <thierry_> friartuck : yes I was looking at it before asking my quesion, it seems handy but I also lack the theory to understand stuff like "Why should I need a static IP" or "What is a subnet mask?"
[22:34] <friartuck> thierry_ this is a chat-room chief. you need a book. running a server is not a 5 minute discussion.
[22:35] <thierry_> friartuck : alright, then could you point me any good book?
[22:36] <thierry_> friartuck : I mainly try to set up my server to learn while doing it so reading books on the subject would be great I think
[22:38] <friartuck> thierry_ here's a start http://www.amazon.com/Beginning-Ubuntu-Server-Administration-Professional/dp/1590599233 . that publisher is Apress. another good publisher is http://oreilly.com
[22:40] <thierry_> friartuck : I did a fast search this morning on oreilly and found mainly stuff about windows server... do you have some title related to unix server? I know that at some point I should look at Apache, but before that?
[22:42] <thierry_> friartuck : and by the way the book you first proposed seems awesome, I'll buy it
[22:43] <jmedina> I always recomend read official documentation, then go to you rdistribution and lear here things are located
[22:44] <jmedina> but for background always reading official documentation
[22:44] <jmedina> for DNS bind there is https://www.isc.org/software/bind/documentation
[22:44] <jmedina> with a good howto and good backgrond about DNS system
[22:44] <jmedina> for apache http://httpd.apache.org/docs/
[22:44] <jmedina> with alot of howtos and good references
[22:45] <jmedina> and for other proyects it the same
[22:45] <friartuck> jmedina true, he's asking what a static IP is though...hence pointing to some books
[22:46] <jmedina> I like Oreily TCP/IP Network Administration
[22:46] <jmedina> it is based on linux good example and good tcp/ip background
[22:46] <thierry_> k I'll look at that
[22:46] <jmedina> I learn TCP/IP from that book
[22:46] <jmedina> I think first release was based on solaris and slackware
[22:47] <jmedina> now is more redhat but theory and exercices are very good, good diagrams
[22:47] <thierry_> just so you know, I'm already fluent in C++/C, perl and many other langage (I even did google summer of code last summer) but I'm total newbie concerning servers
[22:49] <thierry_> jmedina , friartuck : thanks a lot for the references, I have to go
[23:26] <PC_Nerd> Hi,  tcpdump to a specified file makes the file an "application/octet-stream", so how can I then open that for reading || what is that file containing? ( I'm trying to "catch" all packets through my local server)
[23:28] <friartuck> PC_Nerd tcpdump uses pcap file format. you can use wireshark to open pcap files.
[23:28] <PC_Nerd> ok thanks!
[23:29] <olcafo> I find it fun to read with vim. ;)
[23:29] <friartuck> olcafo hm, never tried that.
[23:30] <PC_Nerd> of course "cat networklog" tends to screw up doesnt it ( mime)! lol
[23:30] <olcafo> just the other day I made a file and did a search with vim to revael that a client's website login wasnt' secure... worked like a charm.
[23:32] <friartuck> olcafo just tried that...I wouldn't say it "works like a charm".
[23:33] <olcafo> *shrug*
[23:37] <olcafo> a, right. that's right, after tinkering around I used wireshark to create the file and then browsed it with vim.
[23:37] <friartuck> ha ha.
[23:37] <olcafo> things start to slip out of memory these days.
[23:39] <friartuck> anyone do away with tapes? disk-to-disk or sending hdd offsite?
[23:39] <PC_Nerd> is there a good packet sniffer (open source
[23:39] <olcafo> I was just looking into that for a client a few weeks back.
[23:40] <PC_Nerd> that would allow me to write the packet info to a file for other programs to read ( but not in pcap file format) - txt or something similar
[23:40] <PC_Nerd> * want to be able to log how much traffic goes through given ports etc....
[23:41] <friartuck> PC_Nerd um, maybe you should look at cacti for historical trending. paketsniffers aren't really good for that. if I understand you.
[23:41] <olcafo> friartuck, offsite backups over the internet make a lot of sence for small companies who don't change many files during the day.
[23:42] <PC_Nerd> ok, nagios is too "complex" for my liking, and I want to be able to put all the data in my own application (which is graphs etc on a web page).....  does cacti do that and if not what might?
[23:43] <friartuck> PC_Nerd cacti and nagios are not the same animal. nagios is up/down monitoring, cacti is historical trending. mrtg will allow you to put graphs where you want but requires heavy html knowledge.
[23:44] <olcafo> fiartuck, the solution we came up with was quite simple: take a snapshot and send it offsite, after that you just run a script that makes a copy of the changed data during the day, put it all in an encrypted zip file and ftp it to the backup server.
[23:44] <olcafo> and sycn it back up offcourse.
[23:44] <PC_Nerd> I know html very well.... but I want a raw data output ( like a csv or plain text) so that multiple applications can read from the same source.
[23:45] <PC_Nerd> I specifically  dont want to just read a graph into html, because I will be comparing network data/bandwidth to other stats from apache and other server apps.
[23:45] <friartuck> PC_Nerd mrtg and cacti use rrd database. you should look into that.
[23:46] <PC_Nerd> thanks, will do
[23:47] <friartuck> olcafo yeah, I guess that's only a bitch if you have to do a full restore.
[23:49] <olcafo> friartuck: even then, this perticular site only hase about 20GB of data (small office!), we keep the zip files on the server for a couple of weeks for versioning. the only thing I haven't figured out is how to properly backup Exchange (cheaply that is).
[23:51] <friartuck> olcafo nice. I'm looking for a 5-10TB solution. probably go with hot-swap drives and special transport caddy's. just don't like tapes...
[23:54] <olcafo> friartuck: one of my sites has 10TB data storage NASs, the data there is static enought that we only back it up to take quarterly (DLT S4 1.6TB tapes). But yeah, pain in the ass.
[23:54] <olcafo> *tape, not take
[23:55] <olcafo> backing that much data offsite is not really an affordable option without tapes.
[23:55] <Deeps> faster net connection? :D
[23:56] <olcafo> Deeps: haha. this sites' only internet option is 5Mbs!
[23:56] <olcafo> bad location.
[23:57] <friartuck> ha ha...sir...you need a ds3 so I don't have to deal with tapes. heh heh.
[23:58] <jmarsden> olcafo: You can use the old ExMerge program to export Exchange email into PST files and automate that; it's not 100% "proper", but it is definitely "cheap"... combine that with a scheduled ntbackup of the whole Exchange db and you're reasonably OK in a small office setting, I would think?