/srv/irclogs.ubuntu.com/2009/05/20/#ubuntu-server.txt

phaidros	hm, is there an out of the box solution to give users access to certain init scripts?	00:06
yann2	etc/sudoers magic maybe?	00:09
phaidros	yann2: I am looking more for a "config infrastructure" for that purpose, so, creating init scripts for a user/service pair and enable them ..	00:10
phaidros	hm, how do you guys enable users to restart a fastcgi app? (in an ideal world this app is handled by initscripts, so it comes up after a reboot e.g.)	00:11
yann2	ah now thats a different question	00:11
yann2	I'd like the answer to that	00:12
yann2	people usually used killall :)	00:12
phaidros	hm, that sucks somehow :D	00:14
phaidros	yann2: http://www.undefinedfire.com/lab/user-init-scripts/	00:17
phaidros	try that :)	00:17
=== yml_ is now known as yml
=== hggdh is now known as hggdh_
=== hggdh_ is now known as hggdh__
=== hggdh__ is now known as hggdh
jumbers	I'm having issues with rewriting from domain.com/folder to www.domain.com/folder. domain.com to www.domain.com works just fine, but it does not work with any folders. I'm running Apache2	03:33
slestak	hey guys, i am tinkering with libvirt and kvm on jaunty. I have used python-vm-builder to create a jaunty server vm that exists in ~/ubuntu-kvm.	04:00
slestak	i see that the virsh define command is neccesary to register the xm, but there is no xml file with confg for this machine.	04:01
slestak	do i need to make that, or is the xml file a need for a differnt (virt-install) tool?	04:01
sommer	slestak: the xml files should be in /etc/libvirt/qemu	04:03
slestak	ok, i see default.xml. it only specs bridge networking using dhcp. I specified the ip address of my vom on the command line when I built it.	04:06
slestak	i am trying to determine if I need to define the vm in virsh before i can run it?	04:06
slestak	this is how i created it http://pastebin.com/m6eded9ef	04:08
sommer	slestak: do you have a bridge setup on the host?	04:09
sommer	slestak: the vm should be defined by vmbuilder	04:10
slestak	sommer: i dont htin I do yet. It is a new install. Sorry for the elementary questions. I am in a little overload with the multitude of option in the server docs. It is difficult to tell which instruction pertain to which method	04:10
sommer	slestak: in the networking section of the serverguide there is information on setting up a bridge on the vm host	04:12
slestak	sommer: ok, i just made sure kvm waast started, I do have a virbr0 on a 192.168.122.1 network, which is the dhcp range spec'd in the /etc/libvirt/qemu/networks dir	04:12
slestak	yes, i see it for 8.10 here https://help.ubuntu.com/8.10/serverguide/C/jeos-and-vmbuilder.html	04:13
slestak	im going to see if ther eis updated docs for 9.04	04:13
sommer	slestak: there is also information in the 9.04, but it's been rearranged a little	04:14
ScottK	sommer: Comment for you on the mail server section of the server guide: I don't think the smtp auth stuff should have been removed in favor of just using dovecot-postfix as not everyone wants a local delivery agent. Just setting up smtp auth is a useful set of information.	04:32
sommer	ScottK: ya, it's on my list to revisit that section in light of the new dovecot stuff	04:37
sommer	ScottK: I think the dovecot section can actually be merged with the postfix section, but you're right the smtp auth does stand alone at times	04:38
ScottK	Also having the detail about settings is important for troubleshooting.	04:38
ScottK	I was helping someone last night and I had to go read the source to dovecot-postfix to help him.	04:39
sommer	gotcha, I'll update that for karmic	04:39
ScottK	Cool	04:41
daniel010101	how do i make a lamp system with asp	04:41
cef	slestak: you playing with kvm/libvirt too? in virsh, you need to do a 'list --all' to show inactive machines. the python-vm-builder seems to create the vm with an ID of 'ubuntu' by default	04:44
cef	slestak: it actually defines it, but doesn't enable/start it by default 'if' you tell python-vm-builder to register the machine with libvirt for you	04:45
cef	(either the [libvirt] section of your config, or the --libvirt option on the cmdline)	04:46
slestak	cef: thx, yeah, i started looking at vmware-server, but i hate the way they gutted all the shell tools in the free product.	04:56
slestak	cef: so i am now looking at libvirt + kvm for my comanies needs.	04:56
twb	vmware blows	04:57
twb	Especially vmware-server	04:57
slestak	sommer: i have copied the xml file into libvirt/templates the way the wiki mentions, but the example has most of the settings in thre with secions commented out	04:58
slestak	sommer: do i uncomment the line that starts with #if $bridge? the wiki doesnt really specify	05:00
cef	if you're going with a bridge (rather than behind nat), then you should really make a local copy and reference it in your own templates.	05:01
cef	(that way, if the templates get changed thru an upgrade, you don't lose your changes)	05:01
slestak	i did make a local copy to ~/VMBuilder/plugins/libvirt/templates/	05:01
cef	ahh yup yup	05:02
cef	you've since rebuilt the install using vmbuilder?	05:02
slestak	cef: but the template uses $bridge, I assume that may be an arg	05:02
cef	oh and you've created the bridge device?	05:02
slestak	not after changing this, i need to locally cache this stuff, dl it is slow for me. That is actually the first vm I am makign with jeos is an apt-proxy server	05:03
slestak	for my lan	05:03
cef	which webpage are you referencing atm?	05:03
slestak	https://help.ubuntu.com/9.04/serverguide/C/jeos-and-vmbuilder.html	05:03
cef	ok.. yeah that guide is for 8.10.. you can now tell vmbuilder that you want a bridge rather than the default. hold a sec	05:08
slestak	ive updated my pastebin with my vmbuilder command, my ifconfig for virbr0, and the interface ection of VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl	05:09
slestak	its at http://pastebin.com/m31f73c3f	05:09
slestak	beer time	05:10
cef	so either you can change that config and remove the if/else stuff (making it just that entry), or you can use the new commands (which I think go into the .cfg - can't see it in the man page.. time to look at other docs methinks)	05:10
cef	heh	05:10
slestak	is my virbr0 at 192.168.122.1 going to cause a problem, I want to use 192.168.21.35 as a staic ip for this vm, already have a dns pointer to it.	05:13
slestak	i think i need to delete that interface and recreate it maybe?	05:14
cef	you need to create a bridge. look at the link in https://help.ubuntu.com/9.04/serverguide/C/libvirt.html#virtual-networking	05:16
cef	cos the bridge needs to include the 'outside' interface that you want to bridge the clients to (eg: eth0)	05:16
slestak	i take it this is dangerous work remotely, lol. i thinkn i did this a while back and had to drive to the console to fix. At least this machine is sonly 3 miles away, instead of 6 states.	05:18
cef	well, double check things. :D	05:18
slestak	i just upped the ram in my desktop at work so i will be on this machine in about 8 more hours.	05:19
slestak	i am redmond free at my desk, life is good	05:19
cef	:D	05:20
cef	I have too many machines around me (including one machine which is doing kvm, but has no X on it)	05:21
slestak	this is interesting, i have no bridge entries in netowk/interfaces, but i do have brctl installed. I have a virbr0, but this is jaunty desktop, and dhcdbd is not installed	05:22
cef	which is fine, but none of the other machines has the right combo of X and jaunty on it so that I can see a console. made finding a typo in my firstboot script a right pain	05:22
slestak	i guess the bridge that is running was purely from the vmbuilder defaults and is not fiunctional	05:22
cef	well libvirt sets it up by default I think	05:27
slestak	now, this is where it gets tricky, my desktop is on our desktop subnet, 192.168.20.0, however, I want this server to respond to 192.168.21.35. THink that looks questionable?	05:27
slestak	my dom0 is 192.168.20.207	05:27
cef	it's useful for testing stuff if you don't want it to be contactable from remote (eg: if you don't care if it's behind a firewall	05:27
slestak	all of this is for internal use, i have to vpn in to see any of this	05:28
cef	as long as the upstream router will allow it on that network interface, shouldn't be an issue	05:28
slestak	but I do want this to be reachable by any team member	05:28
cef	what's the netmask? /24? /23 or less?	05:29
slestak	as long as dom0 is still functional, I can adjust or move the dom1 later to that othe rsubnet.	05:29
slestak	cef: im not sure, sorry. networkign is not my strong point	05:29
cef	slestak: ok, 255.255.255.0 or something else?	05:29
slestak	i can start my vm's on the desktop subnet, and move them to my production server an reconfigure them	05:30
slestak	255.255.255.0, yep	05:30
cef	ok.. cos it's a mask. 192.168.20.x masked with 255.255.255.0 means that you can only communicate with machines that the last number (x) differs. otherwise it has to go through a router somewhere	05:31
cef	ipcalc is a useful tool for finding out that sort of thing btw	05:31
cef	so you can put it on the same network card, but nothing will be able to talk to it	05:32
cef	but hey, it should boot, and as long as you can do console, it'll be fine	05:32
slestak__	i missed the last thing you said I think. restarting networkign lost my remote session	05:33
cef	ipcalc is a useful tool for finding out that sort of thing btw	05:33
cef	so you can put it on the same network card (using a bridge), but nothing will be able to talk to it	05:33
cef	(and then what I just said)	05:33
slestak__	* Reconfiguring network interfaces...	05:33
slestak__	Ignoring unknown interface eth0=eth0.	05:33
cef	pastebin your /etc/network/interfaces file	05:34
slestak__	well, its 12:30am, i'll pick it up tomorrow. thx for your help. I cant righ tnow, that machine is not available until i can reach the console	05:34
slestak__	i can recreate it though	05:35
cef	no probs..	05:35
cef	got a few hrs before I head home (.au here)	05:35
slestak__	do you have my oastebin url still?	05:36
slestak__	http://pastebin.com/m6730b2a4	05:37
slestak__	and eth0 = 192.168.20.207 <-- different subnet from guest.	05:37
slestak__	what is the biggest, baddest kvm machine you guys have ever built?	05:38
slestak__	we have an olap tool (MITS) that currently runs on our aix box with our erp system. I am entertaining the idea of running this on a rhel dom0 with kvm dom1.	05:39
ajmitch	a hefty 512MB guest windows XP install in kvm	05:39
ajmitch	yes, I barely use kvm	05:39
slestak__	the data needs are trmendous, (for me) 32G of db, and 136G of indexes and cubes.	05:40
cef	ahh yeah.. you need to set it up as 192.168.20.x (the bridge replaces the 'eth0' address)	05:41
cef	then when you 'add' ip's to the bridge, they aare their own (ie: defined in each vm)	05:41
slestak__	i wonder if virtualization can scale up to that? I have my eye on a fiber channel jbod from a friend that has 5.6Tb (14 x 400g sata) that i can stripe some and use lvm snapshots onto another set nightly.	05:42
slestak__	cef: so each vm will redefine its own br0, or will i need br0, br1, br2 for 3 vm's?	05:43
cef	I'm still playing.. the issue is data movement.	05:43
cef	slestak: each machine will create another ip and add it to br0 (eg: br0:0, br0:1)	05:44
slestak__	im not super concerned with performance. My other choices beside virtualization are to use either one of our two older prod boxes, two aix machines, 1x800Mhz or 2x450Mhz, At least the dom0 is a modern poweredge that can take 4 Xeon's. Hopefully it can hang	05:45
cef	main issues (IMO) are going to be disk speed access and network speed. you might need to look at virtio to improve the network access	05:46
slestak__	i need one of those ip kvm switches (other definition of kvm) so when I do this to my poweredge, I can reach the console from Michigan. the server is in Maryland	05:46
cef	yeah.. always a pain..	05:47
slestak__	Can I use a ramdisk in a virtual machine?	05:47
slestak__	My plans is twofold. I plan on striping this data only, no mirror, no parity. Set up it with max read/write speed. I can alway rebuild my cubes from source data if I suspect them. Use an lvm snaphot nightly to another set of disks in the jbod, so I basically mirror it once per day, instead of on every write	05:49
slestak__	s/is/are	05:50
slestak__	i need to cruise. ty for your help cef	05:51
ivoks	RoAkSoAx: hi	05:54
RoAkSoAx	ivoks, heya master, how's it going	05:54
ivoks	RoAkSoAx: sorry, i couldn't come yesterday	05:54
RoAkSoAx	ivoks, it's ok :)	05:55
RoAkSoAx	ivoks, do you have time now?	05:58
ivoks	yes :)	05:58
ajmitch	hi ivoks	05:58
ivoks	ajmitch: hi	05:58
RoAkSoAx	ivoks, this is the FTBFS: https://launchpad.net/~andreserl/+archive/ppa/+sourcepub/634425/+listing-archive-extra	05:59
ivoks	RoAkSoAx: let me boot the karmic server and check that ftbs	05:59
RoAkSoAx	ivoks, i think it would have been a sync, but it FTBFS	05:59
ivoks	RoAkSoAx: what time is it in your timezone?	06:02
RoAkSoAx	ivoks, midnight	06:02
ivoks	so, 7 hours diff	06:02
RoAkSoAx	oh really.. what are you doing up so early :)??	06:03
ivoks	documentation for one project :D	06:03
ivoks	i hate writting documentation :/	06:03
RoAkSoAx	ivoks, i hate to getting up so early.. i can get up before 9 :) hahaha and yes.. i hate documentation too	06:04
RoAkSoAx	s/can/cant/	06:04
ivoks	i'm grabing paraview	06:04
* ajmitch prefers those easy merges :)		06:04
ivoks	ajmitch: well, RoAkSoAx is my student and we are at the leason 'How to fix FTBFS' :)	06:05
RoAkSoAx	indeed :)	06:05
ajmitch	heh	06:06
ajmitch	ivoks: I'm at the stage of 'deciphering libtool changes' :)	06:06
* ajmitch needs to finish off, test & upload the php5 merge		06:07
ivoks	ajmitch: what do you think about having PPA for PHP5 packages?	06:07
ivoks	tested and approved newer versions of php for older releases	06:08
al_paun	do you know if it's complicate to install a pci serial in ubuntu?	06:08
ajmitch	I think it'd certainly be useful to have them	06:08
ivoks	some web devs complain all the time about old php5	06:08
ivoks	al_paun: with most of them it's just plug and play	06:08
ajmitch	I don't think it should be too hard to arrange a PPA for it either	06:08
ivoks	al_paun: some, otoh, require binary driver which kills linux's native serial driver and, basicaly, renders your system unusable	06:09
ivoks	ajmitch: i'll try creating backported php packages for hardy, just to see how it works	06:09
ajmitch	there aren't too many things in PHP dependencies that should stop that from just working	06:10
ivoks	that's right; that's way i had that idea...	06:10
ivoks	RoAkSoAx: i'm pulling required packages to build paraview	06:11
RoAkSoAx	ivoks, k :)	06:11
ivoks	RoAkSoAx: it was a clean merge...	06:11
* ajmitch is merging 5.2.9.dfsg.1-4 at the moment, nothing jumps out as unbackportable		06:11
al_paun	I plan to install a fax modem on a server. Since the computer doesn't have any serial what do you suggest?. I've tried with a usb-modem and the modem couldn't be recognized.	06:11
al_paun	maybe a hardware modem on pci?	06:12
RoAkSoAx	ivoks, i thought that too, but having taking a better look... seems like a sync...	06:12
al_paun	I already have a serial modem	06:12
al_paun	which I know it's working on linux	06:12
ivoks	al_paun: try with pci serial ports	06:12
al_paun	ok tks	06:13
ivoks	al_paun: and, leason learned, newer ever buy another server without serial port	06:13
al_paun	the new mainboards removed serial port	06:13
al_paun	motherboard	06:13
ivoks	maybe desktop boards...	06:13
al_paun	yeah but I	06:13
al_paun	yeah but it's already bought	06:14
RoAkSoAx	ivoks, my debdiff does not show any changes... because 1. ubuntu-use-ffmpeg-swscaler has been included in debian, so we drop that patch, then debian has dropped gcc4.3.patch and ffmpeg_writer.patch, and it has also dropped ffmpeg from Build-Depends and I'm taking debian changes on mpi... so after that.. no ubuntu change...	06:14
ivoks	RoAkSoAx: we'll see :)	06:15
ivoks	well, there's a quite big diff	06:17
ivoks	ubuntu uses ffmpeg, debian doesn't	06:17
ivoks	RoAkSoAx: anyway, that's for ubuntnu-motu :)	06:18
billybigrigger_	hey all	06:21
billybigrigger_	does anyone here use godaddy??? i registered a domain through them and can't figure out for the life of me how to setup a subdomain, i want forums.mydomain.com to point to mydomain.com/forums (ie. /var/www/forums)	06:22
=== rascov_ is now known as rascov
ivoks	does anyone uses latex\|tetex\|texlive\|ex for writing documentation?	07:01
twb	ivoks: nope; I prefer python-docutils and rst2pdf now.	07:19
twb	!anyone	07:20
ubottu	A large amount of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out?	07:20
ivoks	twb: hehehe	07:26
ivoks	i'm interested in editors people use for tex	07:27
twb	ivoks: #emacs	07:33
stanman1	df	08:40
stanman1	hi	08:41
cef	can you get vmbuilder to build images directly onto an lvm lv in raw format? everything I've seen says to use qemu-img to convert the default file from qcow2 to raw after the fact, which is just a pain.	08:44
stanman1	how can i install a broadcom netextreme nic with ubu?	08:48
stanman1	the installer doesn't see the embedded nics.. :(	08:49
henkjan	cef: on intrepid building images to lvm failed for me	08:52
kgoetz	stanman1: your NICs require non-free firmware. Not sure if your release of Ubuntu ships with it	08:57
stanman1	kgoetz: somehow ifconfig eth0 up worked and i could set a static ip, etc	09:00
stanman1	strangely the installer didn't recogize the nics...	09:00
stanman1	now it's working	09:01
kgoetz	stanman1: the kernel used during isntall may not have the firwmare loaded. I'd agree its trange though	09:01
stanman1	i must say, i did an install off an usb stick (no cd in the box), later after booting off the hdd's it worked	09:02
alterlaszlo	hi, i'm giving eucalyptus a try but i have problems handling user registration mails. Where are the mails gone?	10:36
ulel	hi	10:36
ulel	anyone running clusters here	10:36
ulel	needed soem advice on hardware	10:37
celephais	Hi, how do you control log on multiple servers?	11:14
ddoom_	I have 3 1TB sata drives, ubuntu server is intalled on a partition of 1 of them. If i unplug one of the non-boot drives, it works fine.but if i have all 3 connected it comes up with raid45: unknown target type errors and drops to EasyBox (I think its called). My bios has fakeraid which I have turned off, any ideas?	11:18
alterlaszlo	celephais: i use syslog-ng and centralize all logs on a log-server	11:22
celephais	alterlaszlo, and how do you parse the logs?	11:22
celephais	alterlaszlo, i mean how do you know if something is going wrong?	11:23
alterlaszlo	celephais: with syslog-ng it-s quite easy to create filters	11:23
celephais	alterlaszlo, ok thank you , i'll check the documentation	11:23
alterlaszlo	celephais: that's a great question: it dipends on how much time you have to check them ;) if you have few time just parse errors and warnings	11:24
celephais	alterlaszlo, is there a program that automatic parse log and look for ad-hoc pattern such , a.e, brtue forcing on ssh?	11:27
alterlaszlo	celephais: for brute-force attacks i use another package called fail2ban, it's him that check logs and creates autoamtically iptables rules to ban the attacker ip	11:28
alterlaszlo	it-s great against script kiddies	11:28
celephais	mm ok i'll check	11:29
=== gaveen_ is now known as gaveen
LMJ	Hi	13:47
LMJ	I'm modify my syslog and now, no more email activities are logged :-/ Here is my conf : http://pastebin.com/db1c69d3 and you will see file priviledges too	13:57
ivoks	-?	14:02
ivoks	-/var/log/mail.log	14:02
LMJ	- means not sync or something like this	14:02
ivoks	right, without it, syslog won't buffer logs	14:03
LMJ	I don't want to log in /var/log/mail.log but in /var/log/mail/mail.(err\|log)	14:03
ivoks	those files exist?	14:04
ivoks	owned by syslog:adm?	14:04
LMJ	yes, look below in my pastebin	14:04
ivoks	oh, sorry	14:05
LMJ	np	14:05
LMJ	don't really understand what it doesn't work	14:05
LMJ	no errors in syslog just in case	14:05
ivoks	did you check syslog?	14:05
ivoks	ok... :)	14:05
LMJ	I've broken something somewhere but I don't know what	14:06
LMJ	let's double check if postfix handle syslog facilities	14:07
ivoks	how about:	14:08
ivoks	mail.info -/var/log/mail/mail.log	14:08
ivoks	mail.warn -/var/log/mail/mail.log	14:08
ivoks	mail.err /var/log/mail/mail.err	14:09
LMJ	ok, let's try	14:09
LMJ	hold on	14:09
ivoks	make that mail.warning	14:10
LMJ	ho	14:10
ivoks	so, you don't want errors in the same file as other?	14:10
LMJ	no	14:10
LMJ	syslog and postfix restarted and I can see the postfix restart notification in mail.log	14:11
LMJ	nice ;)	14:11
LMJ	mail sent	14:11
LMJ	and log'ed	14:11
LMJ	damned, thanks you bro	14:11
ivoks	np	14:11
ivoks	ubuntu's default syslog.conf had that example	14:12
ivoks	:D	14:12
LMJ	yes	14:12
LMJ	I removed it	14:12
=== asac_ is now known as asac
billybigrigger_	does anyone here use godaddy??? i registered a domain through them and can't figure out for the life of me how to setup a subdomain, i want forums.mydomain.com to point to mydomain.com/forums (ie. /var/www/forums)	14:48
=== hessml is now known as hessml\|away
=== hessml\|away is now known as hessml
giovani	billybigrigger_: this is very much not the place to ask -- godaddy has technical support	15:10
giovani	however, forwarding a subdomain to a url is not typically done at the DNS provider	15:10
kees	ivoks: sweet, I see you're trying to get xattr tar working sanely upstream. how's that going?	15:13
stickystyle	billybigrigger_: once you figure out the godaddy subdomain issue, your going to want to learn about mod_rewrite to handle the forums.mydomain.com -> mydomain.com/forums transition.	15:17
billybigrigger_	eh?	15:17
billybigrigger_	what do i need to know?	15:18
billybigrigger_	well i got it working, it only took 48 hours to update...so if i visit forums.mydomain.com now, its just a redirect and the address bar shows mydomain.com/forums	15:19
billybigrigger_	so all that effort was pointless :P i thought the address bar would show the subdomain as forums.mydomain.com	15:19
ivoks	kees: it's basicaly redhat's patch	15:20
ivoks	kees: upstream did some changes to it	15:20
ivoks	kees: debian maintainer pushed it there	15:21
ivoks	kees: to be honest, i didn't check how are things going now, but i do know that fedora is interested in that too	15:21
ivoks	kees: http://lists.gnu.org/archive/html/bug-tar/2009-03/msg00036.html - that's the last news :/	15:22
=== hessml is now known as hessml\|away
kees	ivoks: yeah, that's what i was reading. Jorg is totally right, btw.	15:28
kees	i.e. the memcpy vs strcpy bit.	15:29
kees	I don't know about the DIR part	15:29
orudie	is there a way to hide the whois information of the domain ?	15:31
=== hessml\|away is now known as hessml
jpds	orudie: Whois guard at best.	15:31
stanman1	hi, i installed ubuntu 8.04 LTS off an usb stick, but now when i remove the usb stick I get an error 15 at grub, how can i solve this?	15:34
ivoks	stanman1: remove grub from hard disk	15:35
stanman1	ok, apt-get remove grub?	15:38
stanman1	then reboot?	15:38
ivoks	no	15:38
ivoks	grub is installed on MBR of your hard disk	15:38
RoAkSoAx	ivoks, heya master i'm back :)	15:38
ivoks	you have to clear hard disk; install another boot loader there	15:38
ivoks	RoAkSoAx: hi	15:38
kees	ivoks: should we carry the xattr patch in Ubuntu, you think, to give it a wider audience?	15:39
ivoks	kees: that was my idea; that's why i asked debian dev about that	15:39
* kees nods		15:39
ivoks	kees: he said he won't introduce changes that aren't from upstream	15:39
kees	we'd want jorg's patches too.	15:40
ivoks	kees: so, we could do it... but we would be alone there :)	15:40
kees	ivoks: sure, but we do that in other places too. :)	15:40
ivoks	kees: note that 'my' patch was extracted from redhat's tar	15:40
kees	ivoks: right, sure. we'd want Jorg's fixes, though, too.	15:40
ivoks	kees: right	15:40
kees	I'm surprised RH hasn't run into more problems with it -- the strdup vs memcpy issue is rather nasty.	15:41
ivoks	if we do that for tar, we could enable acl by default on all partitions	15:41
kees	ivoks: it seems that acls work already, but that useracl is what's non-default currently. is that right?	15:41
ivoks	acls don't work	15:42
kees	hm, ok	15:42
ivoks	you can't set acl on files	15:42
ivoks	but (almost) all programs are compiled with support for it	15:42
kees	yeah	15:42
kees	I'm curious about it for fscaps, which uses xattrs	15:43
ivoks	don't know what's that :)	15:43
RoAkSoAx	ivoks, when we are dropping a patch, should I just remove it from the debdiff or should i delete it from debian/patches?	15:43
ScottK	RoAkSoAx: Why are we dropping it?	15:44
ivoks	RoAkSoAx: debdiff is diff between debian and ubuntu	15:44
RoAkSoAx	ScottK, because debian merged it	15:44
ivoks	RoAkSoAx: if ubuntu is droping patch, then it exist in debian	15:44
ivoks	RoAkSoAx: therefor, it's not in debdiff	15:44
ivoks	RoAkSoAx: but if your debdiff removes patch that debian did, then you are probably doing something wrong	15:45
ivoks	do you understand what i'm trying to explain? :)	15:45
=== hessml is now known as hessml\|away
RoAkSoAx	ivoks, in paraview.. i need to drop ubuntu-use-ffmpeg-swscaler becuase debian has merged it (use-ffmpeg-swscaler.patch) so I need to drop the ubuntu patch.	15:47
RoAkSoAx	ivoks, i remove it from the debian/patches/series file, and when I do the debdiff.. it still appears on the debdiff... know what i mean?	15:47
ivoks	all you have to do is note in changelog explaining that you droped a patch cause debian include it	15:47
ivoks	RoAkSoAx: don't remove it	15:47
ivoks	RoAkSoAx: you don't quite understand whole concept, i'm affraid...	15:48
RoAkSoAx	ivoks, i mean in the diff i'm trying to remove the patch that ubuntu did.. let me show you just a aset	15:49
RoAkSoAx	sec	15:49
ivoks	RoAkSoAx: i'll be back in 20 minutes	15:50
=== hessml\|away is now known as hessml
duvnell	any idea how to get new dmesg message to go to a tty so I can what what was happening just before this box became unresponsive?	16:07
duvnell	s/message/messages/	16:07
Ash-Fox	How do I disable ssh's stupid check on file permissions on certificates? - I am trying run backups under a specific user and I use ACLs to grant it read access to everything and SSH refuses to work when the ACLs are set on the files.	16:10
ivoks	RoAkSoAx: cluster stack session got approved for UDS	16:43
RoAkSoAx	ivoks, awesome.. has it been scheduled yet?	16:43
jpds	Probably not.	16:43
ivoks	not yet	16:44
RoAkSoAx	ivoks, hopefully they scheduled on of the lasts sessions so that I can attend :)	16:48
ivoks	RoAkSoAx: i was thinking of that... what's the time you would like it to be?	16:49
ScottK	RoAkSoAx: If you subscribe to the spec and tell LP when you will be there, that does bias the scheduling algorithm.	16:50
RoAkSoAx	ivoks, do you know what's the timezone there?	16:50
ivoks	same as here	16:51
ivoks	that's -7 for you	16:51
ivoks	CEST	16:51
ivoks	sommer: rain on sunday in barcelona...	16:52
RoAkSoAx	ivoks, at what time is the last session?	16:53
jpds	4:00pm	16:53
RoAkSoAx	jpds, 4 to 5 right?	16:53
RoAkSoAx	ivoks, yep, I guess it will need to be at 4pm, since it will be 9 am for me	16:54
jpds	Yes.	16:54
RoAkSoAx	k	16:54
jpds	RoAkSoAx: You lazy thing! I wake up at 6am.	16:55
RoAkSoAx	jpds, hahahaha i usually wake up at 9.30	16:55
ivoks	RoAkSoAx: still teenager? :)	16:59
RoAkSoAx	ivoks, almost 24 :P	16:59
RoAkSoAx	ivoks, just "unemployed"	16:59
jpds	ivoks: What do you mean by that? :P	17:00
* jmedina is 26 and also wakes up at 9:30 :)		17:01
ivoks	lol i'm old	17:01
jmedina	ivoks: RoAkSoAx where can I find info about proposed cluster stack	17:01
ivoks	jmedina: we have to discuss it	17:02
RoAkSoAx	jmedina, that's what is going to be discussed during the UDS	17:02
jmedina	Im learning about HA setups	17:02
ivoks	jmedina: stop right there	17:03
ivoks	ups	17:03
jmedina	O_O	17:03
ivoks	never mind	17:03
RoAkSoAx	ivoks, should I report it like this: http://pastebin.ubuntu.com/176497/ ?	17:05
jmedina	I need to setup a few services in a HA setup, I already have SAN(FC) shared storage, multipath and bonding/vlans for the setup	17:05
RoAkSoAx	jmedina, i've already added howto's for heartbeat: https://wiki.ubuntu.com/UbuntuHighAvailabilityTeam/Heartbeat I've to review them	17:05
ivoks	but don't use hearbeat	17:06
ivoks	it's dead	17:06
jmedina	:S	17:06
RoAkSoAx	ivoks, there's going to be a heartbeat version 3.x	17:06
ivoks	RoAkSoAx: yeah, it's ok; but debian might not accept it	17:06
jmedina	RoAkSoAx: thanks	17:06
ivoks	RoAkSoAx: there will be 3.0, since 2.99 is out for some time	17:06
ivoks	RoAkSoAx: but there are no intentions to continue with it	17:06
RoAkSoAx	ivoks, who's the upstream developer, horms?	17:07
jmedina	ivoks: I need to use hardy for the setups, so what is the choise for hardy lts?	17:07
RoAkSoAx	jmedina, heartbeat or rhcs	17:07
jmedina	One of the things still confuse me is shared storage and cluster filesystem	17:08
jmedina	do I need gfs clvm?	17:08
jmedina	this HA setup is going to run under a virtualized setup in bladecenter	17:09
RoAkSoAx	jmedina, you need to use cluster filesystem when you have master / master configs... such as 2 file servers serving as active / active	17:10
ivoks	gfs and ocfs are clustered filesystems	17:10
ivoks	they enable you to write at the same time to same filesystem from different machines	17:10
ivoks	if you want that, i'd suggest using gfs, and thus rhcs	17:11
ivoks	you might try ocfs too	17:11
jmedina	Im not doing active/active only active/standby	17:12
ivoks	then you can use 'normal' linux filesystems	17:12
RoAkSoAx	jmedina, yes.. check out my tutorials.. they will give you and insight of how active / passive works with heartbeat... btw... if you want to have data replicated between two nodes in active / passive, you can use DRBD...	17:13
jmedina	then I read about locking or corrupted FS when a node a failed node is not fenced or something	17:13
ivoks	ha isn't replacement for backup	17:14
ivoks	if your SAN fails, all you have then is backup	17:14
jmedina	I have 4 redundant paths to the san and using multipath	17:15
ivoks	still, fire in SAN means no data	17:15
jmedina	raid10 in san, and of course backups	17:15
ivoks	error on filesystem means no data	17:15
phreestyle-work	I'm having trouble with eBox and need help. For some reason, I can't update eBox in Ubuntu Hardy. It is holding back the packages and squid and dansguardian won't work because eBox is writing incompatible config files	17:15
RoAkSoAx	jmedina, yes but first you need a technology that allows you to replicate data... this technlogy could be DRBD..., it provides a "fencing" mechanism that tries to prevent from split-braining.. it is called dopd... i'll soon add a howto on how to do that	17:15
ivoks	RoAkSoAx: ha has SAN(FC)	17:15
ivoks	he	17:15
RoAkSoAx	ivoks, I thought that blade centers had that issue resolved already	17:16
RoAkSoAx	i mean data replication and that stuff	17:16
ivoks	RoAkSoAx: http://en.wikipedia.org/wiki/Storage_area_network	17:16
ivoks	RoAkSoAx: there's no need for drbd and replication with san	17:17
RoAkSoAx	ivoks, yes...	17:17
RoAkSoAx	ivoks, that's why i though that blade centers had that issue resolved already since they do not need of a data repliucation technology such as drbd	17:18
jmedina	this blades dont have local disk, im using boot from san	17:20
resno	I am looking for a way to get more information then the webalizer main page will give. I am looking for stats on a specific page.	17:21
ivoks	awstats	17:23
resno	ivoks: my server has webalizer on it speficially.	17:24
ivoks	that's stoping you from using awstats?	17:25
jmedina	the current setup is like this: http://tuxjm.net/wp-content/themes/Ghacks2/images/Esquema_Storage_Fisico_con_redundancia.png	17:25
resno	ivoks: I guess. I dont admin the server, so I dont know of any features installed on it. I was hoping webalizer allowed this type of access by passing it a parameter or something.	17:26
ivoks	resno: awstats doesn't do that either, iirc	17:27
ivoks	resno: you could parse logs :/	17:27
resno	ivoks: I need stats on one page, but its deep within the site and I am not sure how to get those stats. Its not a highly visited page, which creates the problem.	17:28
ivoks	jmedina: right... so, what would you like to achive?	17:28
ivoks	resno: awstats and webalizer are domain-aware, not site-aware	17:29
resno	ivoks: oh I see.	17:29
ivoks	resno: so, if you want something for specific site, you should parse logs	17:29
ivoks	resno: or, with awstats, grep normal apache log, look for specific site	17:30
ivoks	resno: paste that into new file	17:30
ivoks	resno: and tell awstats to check out that file	17:30
ivoks	resno: then it will tell you stats for domain, but since that spcific page is the only page in that log, all stats would be for that page	17:31
jmedina	ivoks: this is going to be a virtualized enviroment with live migration providing kind of manual high availability	17:31
ivoks	jmedina: so shared storage should have a filesystem that all of them can access, but not at the same time	17:32
jmedina	now I want to give some redundancy for services like proxys, fileservers, routers	17:32
ivoks	jmedina: ext3 sounds quite ok for that	17:32
ivoks	jmedina: you could use heartbeat; it should be easier to set up	17:33
ivoks	jmedina: or red hat cluster suite, which is a bit heavier beast	17:33
ivoks	you'll also find more howtos with heartbeat than rhcs	17:33
jmedina	ivoks: I've been playing with heartbeat but for simple setups, only using network resources: routers, firewalls	17:34
ivoks	then again red hat cluster suite is in main, while heartbeat is in universe	17:34
jmedina	my main concert is about storage, I want to avoid two nodes access data at the same time	17:35
ivoks	jmedina: i hope you don't think about doing this in production :)	17:35
ivoks	jmedina: test it somewhere else :)	17:35
jmedina	ivoks: nop I have a bladecenter H with 14 blades to play	17:35
=== RoAk is now known as RoAkSoAx
ivoks	jmedina: if you put ext3 there, they can't access it at the same time	17:35
ivoks	jmedina: kernel will refuse to mount it	17:36
ivoks	jmedina: idea is that service moves from one server to another	17:36
ivoks	jmedina: service can be filesystem or some real service	17:36
jmedina	yeap	17:36
ivoks	so, you can't mount them at the same time	17:37
ivoks	i use gfs just so i could mount and use them at the same time	17:37
ivoks	never had any problems	17:37
sommer	ivoks: rain on sunday... doh	17:42
sommer	ivoks: well I need a new jacket anyway :-)	17:43
RoAkSoAx	ivoks, i paraview has failed to build again	18:04
sluimers	Can someone help me with ispconfig3? My mails get stuck in var/mail/vmail	18:04
RoAkSoAx	ivoks, http://pastebin.ubuntu.com/176542/	18:06
ivoks	RoAkSoAx: so...? you know where the problem is?	18:08
RoAkSoAx	ivoks, no, but i was thinking it was because python needs to be a builddepdns?	18:09
ivoks	RoAkSoAx: it's obvious that's the problem	18:10
RoAkSoAx	ivoks, i did that i'm just waiting to see if it builds	18:10
ivoks	ok	18:10
RoAkSoAx	ivoks, would that be something that will need to be forwarded to debian too?	18:11
ivoks	RoAkSoAx: i'll tell you when i see the debdiff	18:12
RoAkSoAx	ivoks, in debian they use python-dev which install python (2.6) and python2.6-dev, during building it says that python2.5 has not been found.. so there are too possible solutions right? making it use python2.6 or installing python2.5, which one do you think is the best one?	18:15
ivoks	RoAkSoAx: make it depend on python2.5	18:15
RoAkSoAx	ivoks, i did that. I will need to remove python-dev from Build-Depends and add python2.5-dev and python2.5 right?	18:16
ScottK	RoAkSoAx: Make it work with 2.6 is a better answer.	18:16
ScottK	ivoks: Why do you say depend on 2.5?	18:17
ivoks	ScottK: i would leave that to upstream	18:17
ivoks	python2.5 -> python2.6 isn't that simple	18:17
ScottK	Is it 2.5 due to upstream or packaging from Debian?	18:17
ivoks	upstream	18:17
ScottK	Ah.	18:17
ScottK	Well generally it's better to use system default, but maybe not in this case.	18:17
ivoks	if it can work with 2.6, then yes	18:18
ivoks	but that would require some seding all over the place :)	18:18
ScottK	So RoAkSoAx check if it works with 2.6.	18:18
ivoks	RoAkSoAx: you could try that :)	18:18
ivoks	right, 'grep -sr python2.5 *'	18:18
ivoks	:D	18:18
ivoks	RoAkSoAx: it turns out that paraview is great exercise :)	18:19
RoAkSoAx	haha	18:20
RoAkSoAx	indeed	18:20
RoAkSoAx	ivoks, http://pastebin.ubuntu.com/176550/	18:22
ivoks	hm	18:23
ivoks	so, debian's the devil :)	18:23
ivoks	try it	18:24
ivoks	replace python2.5 with python	18:24
RoAkSoAx	ivoks, ok	18:24
RoAkSoAx	ivoks, where? :)	18:25
gene420	anyone have a good website or lead myself in the right direction to setup a redundant web server I have just aquired a second IP address and would like to use it for a redundancy for my existing apache virtual domain system	18:25
giovani	gene420: "redundant" isn't explanatory enough	18:26
ivoks	RoAkSoAx: sed -i -e 's/python2.5/python/g' debian/paraview.lintian*	18:26
giovani	you want them both sharing the load? you want failover when one dies (one is primary, one is secondary)	18:26
giovani	?	18:26
giovani	explain a bit	18:26
gene420	sharing the load	18:26
giovani	gene420: the cheap and simple way is to use round-robin dns	18:26
ivoks	there's even cheaper way :)	18:26
giovani	where you put two A records in for the hostname	18:26
gene420	I have each website with godaddy	18:26
ivoks	apache has mod_proxy_balancer	18:27
ivoks	http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html	18:27
giovani	ivoks: that's not cheaper nor more simple	18:27
giovani	I'm not saying it's a bad solution	18:27
ivoks	hehe	18:27
giovani	but it's hardly the simple method	18:27
gene420	so then just add a second A name record to godaddy and schedule rsync to keep them synced	18:27
giovani	and I wouldn't recommend it to a random new admin	18:27
giovani	gene420: heh, what kind of data are you trying to sync?	18:28
gene420	I have 4 customers with simple drupal websites...	18:28
ivoks	are you certain you need load balancing?	18:29
giovani	you won't be keeping backend DBs consistent with rsync, sorry	18:29
ivoks	he'll need mysql master-master replication	18:30
giovani	if he's using mysql, sure	18:30
ivoks	er...	18:30
ivoks	gene420: do you have 2 servers at all?	18:30
ivoks	or one with 2 IPs?	18:30
gene420	eserver 335 and hp proliant dl-590	18:30
ivoks	ok	18:30
ivoks	so, two of them	18:31
ivoks	which database do you use?	18:31
gene420	two static ips with bell business...in seperate locations	18:31
gene420	mysql...	18:31
ivoks	separate... like couple of miles away or room next door?	18:31
gene420	sorry kinda of new to this side of things	18:31
gene420	same building upper and lower level	18:32
RoAkSoAx	ivoks, i'll have to do the change in debian/rules too right?	18:32
gene420	so I could pull an ethernet cable between them	18:32
J_P	Hi all	18:32
giovani	gene420: you're hosting websites on an office internet connection	18:32
giovani	?	18:32
gene420	yea ....	18:32
ivoks	RoAkSoAx: you didn't paste everything right?	18:32
ivoks	pih...	18:32
RoAkSoAx	ivoks, yes, but in debian/rules they use a PVER = 2.5	18:33
RoAkSoAx	so I just bumped it to 2.6	18:33
ivoks	RoAkSoAx: good catch ;)	18:33
giovani	gene420: why not use some VPSes instead?	18:33
J_P	Is possible Real time linux with the new ubuntu 9.04?	18:33
gene420	just for small business so far things have been working fine...6Mpbs dsl connection	18:33
giovani	you'd get far more bandwidth, far more reliability, at far less hassle	18:33
giovani	not to mention true redundancy, by putting them in totally separate cities/countries/datacenters	18:33
gene420	just trying to keep the cost down ....and figured it would be a good learning experience	18:34
ivoks	gene420: with 6mbit/s your server will serve web site without a sweat	18:34
giovani	the cost will be lower with VPSes, I assure you	18:34
giovani	the power required to run two full servers	18:34
giovani	is far more costly than two VPSes	18:34
giovani	not to mention bandwidth	18:34
giovani	gene420: same learning experience, just physical location is different	18:34
J_P	anyone?	18:35
gene420	power and resources aren't really an issue becaue they need the servers running for other services like network backup and samba domain policy logins with xp	18:35
giovani	heh	18:35
giovani	ok	18:35
gene420	i know what you mean thou I kinda of should just use godaddy to host them would save me some hassle	18:36
giovani	heh, no I wouldn't ever recommend that	18:36
giovani	I'd stay away from godaddy at all costs	18:36
RoAkSoAx	ivoks, ok, so in case it builds, I'll just have to update the changelog saying: Bumped python version from 2.5 to 2.6?	18:37
ivoks	RoAkSoAx: yes	18:37
ivoks	RoAkSoAx: including a list of files where you changed that	18:37
ivoks	RoAkSoAx: rules, control and paraview.lintian-overrides	18:38
RoAkSoAx	ivoks, i would also need to update README.Debian ?	18:38
ivoks	RoAkSoAx: good question...	18:38
ivoks	ScottK: what's your opinion?	18:38
* ScottK reads		18:39
ScottK	RoAkSoAx: Does README.Debian currently say anything about specific Python versions?	18:39
ivoks	ScottK: yes	18:39
ScottK	Then I would update it.	18:40
ivoks	it states that paraview is built with 2.5	18:40
ScottK	Keep in mind that README.Debian is for users and not devs.	18:40
RoAkSoAx	ScottK, it says this: Paraview is built against python2.5 only (it works with python2.4, but you would have to compile it yourself, changing build depends and debian/rules).	18:40
ScottK	RoAkSoAx: Alternatively you could make it build against both 2.5 and 2.6 and remove that bit entirely	18:41
ScottK	2.4 isn't supported Jaunty and later.	18:41
RoAkSoAx	ScottK, doing that will imply modifying debian/rules right?	18:42
RoAkSoAx	since there it specifies which version of python should be used	18:42
RoAkSoAx	in a PVER variable	18:42
ScottK	RoAkSoAx: Alsmost certainly (keep in mind I didn't look at this package)	18:43
ivoks	you have to update both files	18:43
ivoks	and mention that in changelog	18:43
RoAkSoAx	ok i'll first finish building with python 2.6 and create a debdiff so you can see it	18:43
niekie	Greetings..	18:44
niekie	Does anyone know if Ubuntu is currently vulnerable to http://www.theregister.co.uk/2009/05/19/open_ssh_hack/ ?	18:44
niekie	And if a fix is in the works if so?	18:44
ivoks	kees: ^^	18:46
ScottK	Considering the Debian package we're derived from was uploaded in January and there's a later upstream release available, I'm guessing the news isn't good.	18:49
ScottK	I suspect cjwatson_ will be interested too	18:50
ivoks	according to article, it's a design flaw	18:50
kees	niekie: it requires an active MitM attack	18:50
kees	niekie: so, as such, it is a very hard to exploit issue, but does need fixing.	18:50
niekie	kees: I know. But still I'd feel a lot safer if it wouldn't be there ;)	18:51
kees	niekie: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161 no one has released fixes for it	18:51
uvirtbot	kees: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algori	18:51
kees	niekie: yeah, I'd be curious to find out if the 5.2 changes can be backported easily.	18:51
kees	niekie: as a work-around, you can follow the recommendations at the end of http://openssh.org/txt/cbc.adv	18:52
niekie	kees: Ah! Thank you very much.	18:54
ivoks	hip hip... hooray!	18:55
ScottK	kees: Any idea what the downside of the workaround is (i.e. why it's not just made default)?	18:56
niekie	The "workaround" doesn't seem to be a total fix though. In that suggested "Ciphers" list I can still see aes in CBC mode.	18:57
niekie	So it will prefer other non-vulnerable ciphers first, but will fall back to the vulnerable ones.	18:57
kees	ScottK: I don't, but I'd like to understand what they did to fix it in 5.2.	18:57
* ScottK decides not to panic		18:58
niekie	ScottK: I wouldn't worry that much about it.	18:58
kees	yeah, we classified it as "low" when it was announced.	18:58
niekie	I mean, the connection needs to be killed several times apparently for this to work.	19:00
niekie	If you open a SSH session and you're suddenly disconnected, you usually don't try to reconnect another 11355 more times ;)	19:01
niekie	(though automated stuff might, which is where this issue is more serious, AFAIK)	19:01
* ivoks trusts kees and jdstrand with his life, so... no worries		19:03
niekie	Heh.	19:03
ivoks	kees: feeling pressure? :D	19:03
kees	ivoks: yikes!	19:04
niekie	Yeah, I've heard the legends :P	19:04
kees	ivoks: I don't have any real medical skills. :)	19:04
* kees heads to dinner		19:04
niekie	Have a great one! :)	19:04
ivoks	kees: oh, barcelona already? :)	19:04
ivoks	take care, /me goes to a movie	19:04
ivoks	the movie	19:05
ivoks	or whatever	19:05
=== rgreening_ is now known as rgreening
=== isaac_ is now known as isaac
=== hessml_ is now known as hessml\|away
billybigrigger_	how would i go about setting up my mailserver if my isp is blocking port 25????	19:52
billybigrigger_	is there a way i can use a different port? like outbound 700 or something??? cause i can recieve mail inbound but cannot send any mail	19:53
ScottK	billybigrigger_: You would need a server outside your ISP listening on that port to relay to 25.	19:54
billybigrigger_	do you know of any free bounce servers or anything i could use?	19:54
jmedina	billybigrigger_: you can configure your MTA to use submission service	19:54
billybigrigger_	what is submission service?	19:55
jmedina	it is the recommend way, so your server users tcp/25 for receiveing mail and tcp/587	19:55
jmedina	it is the same that smtpd but is used for other purposes for example for mail relaying using smtp+auth	19:56
billybigrigger_	ok	19:56
maxb	jmedina: That would not work, and is not recommended.	19:56
jmedina	here in México all ISP block outgoing TCP, so we use tcp/587	19:56
maxb	587 is intended for submission from MUAs, not for MTA to MTA communication	19:56
jmedina	maxb: ok, I tought he wantted submission from MUAS	19:57
billybigrigger_	i just need outgoing port 25	19:57
billybigrigger_	since outbound 25 is blocked	19:57
stickystyle	billybigrigger_: You need to look at setting a smarthost	19:57
stickystyle	the smarthost being your ISP	19:57
billybigrigger_	so use my isp for outbound mail?	19:58
jmedina	for postfix I have this config it uses SMTP-AUTH to auth agains your smart host	19:58
jmedina	http://tuxjm.net/2008/11/26/postfix_como_enviar_correo_a_traves_de_un_servidor_externo_usando_sasl_y_tls/	19:58
billybigrigger_	would my mail come from billy@isp.com or billy@mydomain.com	19:59
billybigrigger_	?	19:59
stickystyle	billybigrigger_: Yes. you basically relay your mail through your ISP.	19:59
J_P	Anyone can tell me if Is possible Real time linux with the new ubuntu 9.04?	19:59
jmedina	billybigrigger_: it depends on how your ISP is configured	19:59
billybigrigger_	jmedina::: do you have an english translation of that page :P	19:59
stickystyle	Since the From: header is set in the MUA, it wont matter what your ISP does.	19:59
jmedina	billybigrigger_: not, probalby google :D	20:00
billybigrigger_	jmedina::: i know thanks :P	20:00
billybigrigger_	jmedina::: actually already have a spanish to english trans plugin in firefox...was looking at moving to mexico :P but the job fell through :( kinda sad about it :(	20:00
ScottK	J_P: There is a RT kernel if that's what you mean?	20:01
jmedina	billybigrigger_: good, what is that trans plugin?	20:01
billybigrigger_	babelfish	20:02
billybigrigger_	just highlight certain words in the page and pop-up comes up with the translation, or you can translate the whole page	20:03
billybigrigger_	pretty useful	20:03
billybigrigger_	works in a ton of languages too	20:03
J_P	ScottK: RT kernel? where I start with RT kernel?	20:03
billybigrigger_	can anyone suggest a good tutorial or package for configuring a turn-key mailserver? i don't need to much fancy stuff, just a simple home mail server	20:04
ScottK	billybigrigger_: Most or all of what you need should be in the Ubuntu Server Guide.	20:04
billybigrigger_	im not too worried about security, i just need something quick and easy, that will let me to setup this smarthost you guys talk of	20:04
billybigrigger_	would dovecot-postfix suffice?	20:05
stickystyle	billybigrigger_: Wrong words to say, you should always think about security.	20:05
stickystyle	dovecot-postfix is a very nice solution.	20:05
* stickystyle runs dovecot + postfix for his company.		20:06
J_P	ScottK: are you tell me about a RTAI for example?	20:06
ScottK	J_P: I know little about it, just that it exists.	20:06
J_P	ScottK: ok.	20:07
W8TAH	for a dual xeon server -- should i be running 32 bit server or 64 bit?	20:08
maxb	I think that isn't enough information to know	20:10
stickystyle	W8TAH: depends if the xeon's are 32 or 64 bit.	20:10
W8TAH	oh -- ok	20:11
W8TAH	i'll keep diggin	20:11
philsturgeon	whats the best approach for installing mod_security in 8.04? seems to be the only version without it in the repo	20:13
jmedina	I would compile mod_security by hand	20:18
philsturgeon	looks like its going to be that way. was wondering if its sat in a different repo anywhere, but no worries	20:18
maxb	Check for a PPA? If not, create a PPA!	20:19
philsturgeon	PAA?	20:22
philsturgeon	PPA*	20:22
maxb	Personal Package Archive, a facility of launchpad.net by which anyone can have their own subsidiary Ubuntu package archive with automatic builds of uploaded source for i386 amd64 and lpia	20:24
philsturgeon	ha, nice	20:26
ScottK	philsturgeon: It had licensing problems and got removed. They got fixed, but not in time for 8.04	20:29
philsturgeon	ScottK: Indeed	20:29
philsturgeon	unfrtunate	20:29
billybigrigger_	stickystyle::: ok, i've setup dovecot-postfix with a smarthost, being my ISP's smtp server...	20:33
billybigrigger_	stickystyle::: which ports do i need forwared? my mailserver is behind a router...just my imap port needs to be forward right? since outbound is handled via my isp?	20:33
billybigrigger_	how do i find out what security postfix was built with in the dovecot-postfix package?	20:43
billybigrigger_	im trying to setup evolution here and i want to use pop3s	20:43
billybigrigger_	or imaps	20:43
hggdh	billybigrigger_, dovecot-postfix does not embed either dovecot or postfix, they are depends	20:44
hggdh	so it is whatever is the current dovecot and postfix packages	20:44
billybigrigger_	so installing dovecot-postfix without anything else doesn't enable tls or ssl?	20:45
hggdh	the dovecot-postfix package carries an upodated dovecot configuration. If you already have one, you will have to match & mix	20:46
hggdh	in my case, I have to update the SSL certificates in use (so that dovecot would use mine)	20:46
billybigrigger_	hmm	20:53
billybigrigger_	bah this is confusing	20:53
billybigrigger_	should a default apt-get install of dovecot-postfix work out of the box?	20:53
billybigrigger_	i think i have my mx record set...and used a relayhost of my isp's smtp server...	20:53
hggdh	billybigrigger_, as long as you do not have any customised dovecot or postfix, yes	20:53
billybigrigger_	i can't seem to login via evolution using either imap or pop3	20:53
billybigrigger_	won't accept plaintext passwords, and i can't find out what authentication type it uses	20:54
billybigrigger_	nmap shows imap, imaps, pop3, and pop3s ports open	20:55
hggdh	make sure you have, in your dovecot configuration, "mail_debug=yes" and "vebose_ssl=yes"; if you do not, add them in, and bound dovecot (sudo service dovecot restart)	20:56
hggdh	s/bound/bounce/	20:56
hggdh	then try again, and look at /var/log/messages for dovecot messages	20:57
hggdh	and go from there	20:57
hggdh	argh! "verbose_ssl=yes", not "vebose_ssl"	20:57
billybigrigger_	looking at /var/log/mail.log messages right now	20:57
billybigrigger_	hmmm	20:59
billybigrigger_	i sent a message out to a hotmail account, and i recieved it	21:00
billybigrigger_	now sending from hotmail to my mailserver isn't working...or hotmail is slow...	21:00
billybigrigger_	or maybe i have something eff'd up somewhere	21:00
billybigrigger_	dig MX mydomain.com doesn't show an MX record...	21:01
billybigrigger_	probably why it's not working yet eh? and that's why i can send out mail, through the isp's smtp	21:01
philsturgeon	trying to install mod_security from source on ubuntu 8.04. run ./configure and get "configure: error: libxml2 library is required".	21:22
philsturgeon	i have libxml2 installed at /usr/lib/libxml2.so.2	21:22
hggdh	philsturgeon, you probably also need to install libxml2-dev	21:23
philsturgeon	done. thanks :)	21:24
philsturgeon	next is ./Makefile right?	21:24
sluimers	Does anyone here have experience with ispconfig?	21:27
sluimers	ispconfig 3?	21:28
hggdh	philsturgeon, you re-ran ,.configure, correct?	21:28
hggdh	(and select whatever options would apply)	21:28
philsturgeon	yes indeed. makefile was a silly guess, but it needs another step i think	21:28
philsturgeon	ahhh... think i need to move the mod_security into apache first. oops	21:30
philsturgeon	im confused :$	21:31
hggdh	philsturgeon, now run "make"	21:31
philsturgeon	ahh there we go	21:32
philsturgeon	not done much compiling without tutorials. not a noob, i consider myself a guru in training :-)	21:32
hggdh	:-)	21:32
philsturgeon	make & make install were both happy. job done, thanks	21:32
hggdh	philsturgeon, good luck now ;-)	21:33
maxb	philsturgeon: Have you considered backporting the package from intrepid instead?	21:36
philsturgeon	maxb: I asked on here for ideas, people just said to compile my own	21:37
philsturgeon	done it now :p	21:37
maxb	Yes, well, that's what I meant	21:37
maxb	compile your own as a package :-)	21:37
=== yml_ is now known as ghost
=== ghost is now known as Guest42890
=== yml_ is now known as yml
phreestyle-work	hey everyone, I was looking at the forums for a way to clear our residual config files left over from removed packages. I found a thread that tells you to use Synaptic, but is there any way to do this from the command line?	22:20
jmedina	phreestyle-work: use purge option for dpkg	22:21
jmedina	dpkg wont delete config files if they where modified after instalation unless you use purge option	22:22
phreestyle-work	jmedina: can u give an example please?	22:22
jmedina	dpkg -P packagename	22:22
phreestyle-work	but the packages are already gone and I don't know the names of them all	22:23
jmedina	mmm probably you can get a list from /var/log/dpkg.log	22:26
jmedina	I dont know another way	22:27
phreestyle-work	but the purge command from dpkg will work if the packages has already been removed, right? because if I do something like: apt-get purge old-package it won't work because the package is already been removed	22:27
=== jes_ is now known as XiXaQ
Ash-Fox	Hi, is there a way I can shut down a system as root without physical access to it without the halt, poweroff, reboot, init, runlevel, shutdown? Why am I asking? Because the server I'm in is suffering numerous drive issues and I can't shut it down via those commands, but many others are workign currently	22:35
thirsteh	Ash-Fox, got 'cat'?	22:37
Ash-Fox	thirsteh, yep.	22:38
jmedina	Ash-Fox: what about ctrl+alt+supr?	22:40
jmedina	ohh it is remote	22:40
thirsteh	Ash-Fox, I -think- this will work, but it's a long time since I've used this. No matter what, it's temporary anyway;	22:40
thirsteh	echo 1 > /proc/sys/kernel/sysrq	22:40
thirsteh	echo o > /proc/sysrq-trigger	22:40
thirsteh	that will shut down the machine entirely	22:40
jmedina	:O	22:40
thirsteh	to reboot, echo 'b' instead of 'o'	22:40
jmedina	thirsteh: good tip, what does it do>?	22:41
Ash-Fox	thirsteh, it didn't like that.	22:41
thirsteh	Ash-Fox, how so?	22:41
Ash-Fox	"input/output error"	22:41
Ash-Fox	I did however find a way around it	22:41
jmedina	Ash-Fox: which one?	22:42
thirsteh	jmedina, the same as sysrq, o, but without physical keyboard access	22:42
Ash-Fox	Mounted /media/cdrom as tmpfs, copied poweroff from my laptop to it, executed ./poweroff -f	22:42
thirsteh	you almost definitely need to echo that as root by the way	22:42
thirsteh	ah okay	22:42
Ash-Fox	That was fun	22:43
billybigrigger_	what kind of authentication does dovecot come with?	23:27
billybigrigger_	im trying to configure evolution with my mailserver and i just have plaintext passwords setup as of now...	23:27
billybigrigger_	which for obvious reasons is no good	23:27
giovani	that's all in the documentation	23:28
billybigrigger_	yeah but evolution is showing that no auth types are supported	23:28
giovani	very easy to find, took me less than 10 seconds on the dovecot site: http://wiki.dovecot.org/Authentication/Mechanisms	23:28
giovani	well check your dovecot configuration -- you have to tell it which authentication methods to allow obviously ...	23:29
billybigrigger_	and i highly doubt the default ubuntu config for dovecot comes with plain text enabled by default	23:29
giovani	you do? why would you highly doubt that?	23:29
billybigrigger_	well ya i see that, but why are plain text enabled by default?	23:29
XiXaQ	billybigrigger_, what ubuntu and how did you install it?	23:29
giovani	because many people use it	23:29
billybigrigger_	9.04	23:29
billybigrigger_	sudo apt-get install dovecot-postfix	23:29
giovani	XiXaQ: it's not a debate ... it is enabled by default	23:29
XiXaQ	billybigrigger_, then the secure protocols should be enabled by default.	23:29
billybigrigger_	no, plaintext password authentication is enabled by default	23:30
giovani	billybigrigger_: yes, we already discussed this	23:30
giovani	that's normal, and expected	23:30
billybigrigger_	yes, im talking to XiXaQ	23:30
giovani	stop talking about it like it's a bug	23:30
giovani	why don't you spend 10 seconds looking at your dovecot config	23:31
giovani	to find out which auth mechanisms it's supporting	23:31
billybigrigger_	ya thanks tips	23:31
billybigrigger_	# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey	23:31
billybigrigger_	# gss-spnego	23:31
giovani	why is there a comment mark there?	23:32
billybigrigger_	cause its in the comments maybe?	23:32
giovani	then why are you pasting it?	23:32
billybigrigger_	mechanisms = plain	23:32
giovani	that's not relevant	23:32
giovani	ok, so add the method you'd like to use ...	23:32
giovani	and remove plain	23:32
billybigrigger_	oh? the list of supported auth types are relevant?	23:32
billybigrigger_	ok	23:32
billybigrigger_	haha thanks tips	23:32
giovani	the list of supported auth types are in the URL I pasted minutes ago	23:33
billybigrigger_	[16:28] <billybigrigger_> yeah but evolution is showing that no auth types are supported	23:33
giovani	we want to know what's listed in your config as the mechanisms in use	23:33
giovani	right, clearly because of your mechanisms line	23:33
giovani	why is it that you can't just resolve this?	23:33
giovani	clearly you know what the supported auth types are ... you want to show them to me? just select the one(s) you'd like to use	23:34
billybigrigger_	i can, thanks	23:34
billybigrigger_	i confused myself over something...	23:34
billybigrigger_	thanks, sorry to piss you off and waste your time	23:35
billybigrigger_	k, now i have a question of opinion, these are something i know nothing of, and have no care about...but what is a better auth method, cram-md5 or digest-md5 for a home mail server?	23:36
giovani	if you read the link I pasted: http://wiki.dovecot.org/Authentication/Mechanisms	23:37
giovani	you'll see a very simple rundown and comparison of the different auth types	23:37
giovani	such as:	23:37
giovani	# CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients.	23:38
giovani	#	23:38
giovani	DIGEST-MD5: Somewhat stronger cryptographically than CRAM-MD5, but clients rarely support it.	23:38
billybigrigger_	giovani::: thanks...maybe i should check out your post :P	23:38
billybigrigger_	does it have a section in there about setting up MX records? :P i think i have mine screwed up, as im not recieving any mail, but i can send out	23:39
billybigrigger_	so upon a quick read, cram-md5 is secure enough for a home server and most likely the most supported...am i correct in assuming this?	23:40
giovani	no, dovecot is completely unrelated to MX records	23:45
giovani	if you read the dovecot link, you'd know that, yes	23:45
billybigrigger_	ya	23:45
billybigrigger_	why so serious?	23:46
billybigrigger_	:)	23:46
billybigrigger_	i know mx and dovecot have nothing to do with each other, it was a joke, hence the smiley face at the end, but thanks	23:46
mobi-sheep	I'm a bit confused. I use a script that add a bunch of blacklisted servers to my /etc/hosts --> redirected to 127.0.0.1 so they would redirect themselves to nowhere. Useful to ban ads. However, that do not work as I still see the ads... in Prism.	23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!