[00:06] <phaidros> hm, is there an out of the box solution to give users access to certain init scripts?
[00:09] <yann2> etc/sudoers magic maybe?
[00:10] <phaidros> yann2: I am looking more for a "config infrastructure" for that purpose, so, creating init scripts for a user/service pair and enable them ..
[00:11] <phaidros> hm, how do you guys enable users to restart a fastcgi app? (in an ideal world this app is handled by initscripts, so it comes up after a reboot e.g.)
[00:11] <yann2> ah now thats a different question
[00:12] <yann2> I'd like the answer to that
[00:12] <yann2> people usually used killall :)
[00:14] <phaidros> hm, that sucks somehow :D
[00:17] <phaidros> yann2: http://www.undefinedfire.com/lab/user-init-scripts/
[00:17] <phaidros> try that :)
=== yml_ is now known as yml
=== hggdh is now known as hggdh_
=== hggdh_ is now known as hggdh__
=== hggdh__ is now known as hggdh
[03:33] <jumbers> I'm having issues with rewriting from domain.com/folder to www.domain.com/folder. domain.com to www.domain.com works just fine, but it does not work with any folders. I'm running Apache2
[04:00] <slestak> hey guys, i am tinkering with libvirt and kvm on jaunty.  I have used python-vm-builder to create a jaunty server vm that exists in ~/ubuntu-kvm.
[04:01] <slestak> i see that the virsh define command is neccesary to register the xm, but there is no xml file with confg for this machine.
[04:01] <slestak> do i need to make that, or is the xml file a need for a differnt (virt-install) tool?
[04:03] <sommer> slestak: the xml files should be in /etc/libvirt/qemu
[04:06] <slestak> ok, i see default.xml.  it only specs bridge networking using dhcp.  I specified the ip address of my vom on the command line when I built it.
[04:06] <slestak> i am trying to determine if I need to define the vm in virsh before i can run it?
[04:08] <slestak> this is how i created it http://pastebin.com/m6eded9ef
[04:09] <sommer> slestak: do you have a bridge setup on the host?
[04:10] <sommer> slestak: the vm should be defined by vmbuilder
[04:10] <slestak> sommer: i dont htin I do yet.  It is a new install.  Sorry for the elementary questions.  I am in a little overload with the multitude of option in the server docs.  It is difficult to tell which instruction pertain to which method
[04:12] <sommer> slestak: in the networking section of the serverguide there is information on setting up a bridge on the vm host
[04:12] <slestak> sommer: ok, i just made sure kvm waast started, I do have a virbr0 on a 192.168.122.1 network, which is the dhcp range spec'd in the /etc/libvirt/qemu/networks dir
[04:13] <slestak> yes, i see it for 8.10 here https://help.ubuntu.com/8.10/serverguide/C/jeos-and-vmbuilder.html
[04:13] <slestak> im going to see if ther eis updated docs for 9.04
[04:14] <sommer> slestak: there is also information in the 9.04, but it's been rearranged a little
[04:32] <ScottK> sommer: Comment for you on the mail server section of the server guide: I don't think the smtp auth stuff should have been removed in favor of just using dovecot-postfix as not everyone wants a local delivery agent.  Just setting up smtp auth is a useful set of information.
[04:37] <sommer> ScottK: ya, it's on my list to revisit that section in light of the new dovecot stuff
[04:38] <sommer> ScottK: I think the dovecot section can actually be merged with the postfix section, but you're right the smtp auth does stand alone at times
[04:38] <ScottK> Also having the detail about settings is important for troubleshooting.
[04:39] <ScottK> I was helping someone last night and I had to go read the source to dovecot-postfix to help him.
[04:39] <sommer> gotcha, I'll update that for karmic
[04:41] <ScottK> Cool
[04:41] <daniel010101> how do i make a lamp system with asp
[04:44] <cef> slestak: you playing with kvm/libvirt too? in virsh, you need to do a 'list --all' to  show inactive machines. the python-vm-builder seems to create the vm with an ID of 'ubuntu' by default
[04:45] <cef> slestak: it actually defines it, but doesn't enable/start it by default 'if' you tell python-vm-builder to register the machine with libvirt for you
[04:46] <cef> (either the [libvirt] section of your config, or the --libvirt option on the cmdline)
[04:56] <slestak> cef: thx, yeah, i started looking at vmware-server, but i hate the way they gutted all the shell tools in the free product.
[04:56] <slestak> cef: so i am now looking at libvirt + kvm for my comanies needs.
[04:57] <twb> vmware blows
[04:57] <twb> Especially vmware-server
[04:58] <slestak> sommer: i have copied the xml file into libvirt/templates the way the wiki mentions, but the example has most of the settings in thre with secions commented out
[05:00] <slestak> sommer: do i uncomment the line that starts with #if $bridge?  the wiki doesnt really specify
[05:01] <cef> if you're going with a bridge (rather than behind nat), then you should really make a local copy and reference it in your own templates.
[05:01] <cef> (that way, if the templates get changed thru an upgrade, you don't lose your changes)
[05:01] <slestak> i did make a local copy to ~/VMBuilder/plugins/libvirt/templates/
[05:02] <cef> ahh yup yup
[05:02] <cef> you've since rebuilt the install using vmbuilder?
[05:02] <slestak> cef: but the template uses $bridge, I assume that may be an arg
[05:02] <cef> oh and you've created the bridge device?
[05:03] <slestak> not after changing this, i need to locally cache this stuff, dl it is slow for me.  That is actually the first vm I am makign with jeos is an apt-proxy server
[05:03] <slestak> for my lan
[05:03] <cef> which webpage are you referencing atm?
[05:03] <slestak> https://help.ubuntu.com/9.04/serverguide/C/jeos-and-vmbuilder.html
[05:08] <cef> ok.. yeah that guide is for 8.10.. you can now tell vmbuilder that you want a bridge rather than the default. hold a sec
[05:09] <slestak> ive updated my pastebin with my vmbuilder command, my ifconfig for virbr0, and the interface ection of VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl
[05:09] <slestak> its at http://pastebin.com/m31f73c3f
[05:10] <slestak> beer time
[05:10] <cef> so either you can change that config and remove the if/else stuff (making it just that entry), or you can use the new commands (which I think go into the .cfg - can't see it in the man page.. time to look at other docs methinks)
[05:10] <cef> heh
[05:13] <slestak> is my virbr0 at 192.168.122.1 going to cause a problem, I want to use 192.168.21.35 as a staic ip for this vm, already have a dns pointer to it.
[05:14] <slestak> i think i need to delete that interface and recreate it maybe?
[05:16] <cef> you need to create a bridge. look at the link in https://help.ubuntu.com/9.04/serverguide/C/libvirt.html#virtual-networking
[05:16] <cef> cos the bridge needs to include the 'outside' interface that you want to bridge the clients to (eg: eth0)
[05:18] <slestak> i take it this is dangerous work remotely, lol.  i thinkn i did this a while back and had to drive to the console to fix.  At least this machine is sonly 3 miles away, instead of 6 states.
[05:18] <cef> well, double check things. :D
[05:19] <slestak> i just upped the ram in my desktop at work so i will be on this machine in about 8 more hours.
[05:19] <slestak> i am redmond free at my desk, life is good
[05:20] <cef> :D
[05:21] <cef> I have too many machines around me (including one machine which is doing kvm, but has no X on it)
[05:22] <slestak> this is interesting, i have no bridge entries in netowk/interfaces, but i do have brctl installed.  I have a virbr0, but this is jaunty desktop, and dhcdbd is not installed
[05:22] <cef> which is fine, but none of the other machines has the right combo of X and jaunty on it so that I can see a console. made finding a typo in my firstboot script a right pain
[05:22] <slestak> i guess the bridge that is running was purely from the vmbuilder defaults and is not fiunctional
[05:27] <cef> well libvirt sets it up by default I think
[05:27] <slestak> now, this is where it gets tricky, my desktop is on our desktop subnet, 192.168.20.0, however, I want this server to respond to 192.168.21.35.  THink that looks questionable?
[05:27] <slestak> my dom0 is 192.168.20.207
[05:27] <cef> it's useful for testing stuff if you don't want it to be contactable from remote (eg: if you don't care if it's behind a firewall
[05:28] <slestak> all of this is for internal use, i have to vpn in to see any of this
[05:28] <cef> as long as the upstream router will allow it on that network interface, shouldn't be an issue
[05:28] <slestak> but I do want this to be reachable by any team member
[05:29] <cef> what's the netmask? /24? /23 or less?
[05:29] <slestak> as long as dom0 is still functional, I can adjust or move the dom1 later to that othe rsubnet.
[05:29] <slestak> cef: im not sure, sorry.  networkign is not my strong point
[05:29] <cef> slestak: ok, 255.255.255.0 or something else?
[05:30] <slestak> i can start my vm's on the desktop subnet, and move them to my production server an reconfigure them
[05:30] <slestak> 255.255.255.0, yep
[05:31] <cef> ok.. cos it's a mask. 192.168.20.x masked with 255.255.255.0 means that you can only communicate with machines that the last number (x) differs. otherwise it has to go through a router somewhere
[05:31] <cef> ipcalc is a useful tool for finding out that sort of thing btw
[05:32] <cef> so you can put it on the same network card, but nothing will be able to talk to it
[05:32] <cef> but hey, it should boot, and as long as you can do console, it'll be fine
[05:33] <slestak__> i missed the last thing you said I think.  restarting networkign lost my remote session
[05:33] <cef> ipcalc is a useful tool for finding out that sort of thing btw
[05:33] <cef> so you can put it on the same network card (using a bridge), but nothing will be able to talk to it
[05:33] <cef> (and then what I just said)
[05:33] <slestak__>  * Reconfiguring network interfaces...
[05:33] <slestak__> Ignoring unknown interface eth0=eth0.
[05:34] <cef> pastebin your /etc/network/interfaces file
[05:34] <slestak__> well, its 12:30am, i'll pick it up tomorrow.  thx for your help.  I cant righ tnow, that machine is not available until i can reach the console
[05:35] <slestak__> i can recreate it though
[05:35] <cef> no probs..
[05:35] <cef> got a few hrs before I head home (.au here)
[05:36] <slestak__> do you have my oastebin url still?
[05:37] <slestak__> http://pastebin.com/m6730b2a4
[05:37] <slestak__> and eth0 = 192.168.20.207  <-- different subnet from guest.
[05:38] <slestak__> what is the biggest, baddest kvm machine you guys have ever built?
[05:39] <slestak__> we have an olap tool (MITS) that currently runs on our aix box with our erp system.  I am entertaining the idea of running this on a rhel dom0 with kvm dom1.
[05:39] <ajmitch> a hefty 512MB guest windows XP install in kvm
[05:39] <ajmitch> yes, I barely use kvm
[05:40] <slestak__> the data needs are trmendous, (for me) 32G of db, and 136G of indexes and cubes.
[05:41] <cef> ahh yeah.. you need to set it up as 192.168.20.x (the bridge replaces the 'eth0' address)
[05:41] <cef> then when you 'add' ip's to the bridge, they aare their own (ie: defined in each vm)
[05:42] <slestak__> i wonder if virtualization can scale up to that?  I have my eye on a fiber channel jbod from a friend that has 5.6Tb (14 x 400g sata) that i can stripe some and use lvm snapshots onto another set nightly.
[05:43] <slestak__> cef: so each vm will redefine its own br0, or will i need br0, br1, br2 for 3 vm's?
[05:43] <cef> I'm still playing.. the issue is data movement.
[05:44] <cef> slestak: each machine will create another ip and add it to br0 (eg: br0:0, br0:1)
[05:45] <slestak__> im not super concerned with performance.  My other choices beside virtualization are to use either one of our two older prod boxes, two aix machines, 1x800Mhz or 2x450Mhz, At least the dom0 is a modern poweredge that can take 4 Xeon's.  Hopefully it can hang
[05:46] <cef> main issues (IMO) are going to be disk speed access and network speed. you might need to look at virtio to improve the network access
[05:46] <slestak__> i need one of those ip kvm switches (other definition of kvm) so when I do this to my poweredge, I can reach the console from Michigan.  the server is in Maryland
[05:47] <cef> yeah.. always a pain..
[05:47] <slestak__> Can I use a ramdisk in a virtual machine?
[05:49] <slestak__> My plans is twofold.  I plan on striping this data only,  no mirror, no parity.  Set up it with max read/write speed.  I can alway rebuild my cubes from source data if I suspect them.  Use an lvm snaphot nightly to another set of disks in the jbod, so I basically mirror it once per day, instead of on every write
[05:50] <slestak__> s/is/are
[05:51] <slestak__> i need to cruise.  ty for your help cef
[05:54] <ivoks> RoAkSoAx: hi
[05:54] <RoAkSoAx> ivoks, heya master, how's it going
[05:54] <ivoks> RoAkSoAx: sorry, i couldn't come yesterday
[05:55] <RoAkSoAx> ivoks, it's ok :)
[05:58] <RoAkSoAx> ivoks, do you have time now?
[05:58] <ivoks> yes :)
[05:58] <ajmitch> hi ivoks
[05:58] <ivoks> ajmitch: hi
[05:59] <RoAkSoAx> ivoks, this is the FTBFS: https://launchpad.net/~andreserl/+archive/ppa/+sourcepub/634425/+listing-archive-extra
[05:59] <ivoks> RoAkSoAx: let me boot the karmic server and check that ftbs
[05:59] <RoAkSoAx> ivoks, i think it would have been a sync, but it FTBFS
[06:02] <ivoks> RoAkSoAx: what time is it in your timezone?
[06:02] <RoAkSoAx> ivoks, midnight
[06:02] <ivoks> so, 7 hours diff
[06:03] <RoAkSoAx> oh really.. what are you doing up so early :)??
[06:03] <ivoks> documentation for one project :D
[06:03] <ivoks> i hate writting documentation :/
[06:04] <RoAkSoAx> ivoks, i hate to getting up so early.. i can get up before 9 :) hahaha and yes.. i hate documentation too
[06:04] <RoAkSoAx> s/can/cant/
[06:04] <ivoks> i'm grabing paraview
[06:04]  * ajmitch prefers those easy merges :)
[06:05] <ivoks> ajmitch: well, RoAkSoAx is my student and we are at the leason 'How to fix FTBFS' :)
[06:05] <RoAkSoAx> indeed :)
[06:06] <ajmitch> heh
[06:06] <ajmitch> ivoks: I'm at the stage of 'deciphering libtool changes' :)
[06:07]  * ajmitch needs to finish off, test & upload the php5 merge
[06:07] <ivoks> ajmitch: what do you think about having PPA for PHP5 packages?
[06:08] <ivoks> tested and approved newer versions of php for older releases
[06:08] <al_paun> do you know if it's complicate to install a pci serial in ubuntu?
[06:08] <ajmitch> I think it'd certainly be useful to have them
[06:08] <ivoks> some web devs complain all the time about old php5
[06:08] <ivoks> al_paun: with most of them it's just plug and play
[06:08] <ajmitch> I don't think it should be too hard to arrange a PPA for it either
[06:09] <ivoks> al_paun: some, otoh, require binary driver which kills linux's native serial driver and, basicaly, renders your system unusable
[06:09] <ivoks> ajmitch: i'll try creating backported php packages for hardy, just to see how it works
[06:10] <ajmitch> there aren't too many things in PHP dependencies that should stop that from just working
[06:10] <ivoks> that's right; that's way i had that idea...
[06:11] <ivoks> RoAkSoAx: i'm pulling required packages to build paraview
[06:11] <RoAkSoAx> ivoks, k :)
[06:11] <ivoks> RoAkSoAx: it was a clean merge...
[06:11]  * ajmitch is merging 5.2.9.dfsg.1-4 at the moment, nothing jumps out as unbackportable
[06:11] <al_paun> I plan to install a fax modem on a server. Since the computer doesn't have any serial what do you suggest?. I've tried with a usb-modem and the modem couldn't be recognized.
[06:12] <al_paun> maybe a hardware modem on pci?
[06:12] <RoAkSoAx> ivoks, i thought that too, but having taking a better look... seems like a sync...
[06:12] <al_paun> I already have a serial modem
[06:12] <al_paun> which I know it's working on linux
[06:12] <ivoks> al_paun: try with pci serial ports
[06:13] <al_paun> ok tks
[06:13] <ivoks> al_paun: and, leason learned, newer ever buy another server without serial port
[06:13] <al_paun> the new mainboards removed serial port
[06:13] <al_paun> motherboard
[06:13] <ivoks> maybe desktop boards...
[06:13] <al_paun> yeah but I
[06:14] <al_paun> yeah but it's already bought
[06:14] <RoAkSoAx> ivoks, my debdiff does not show any changes... because 1. ubuntu-use-ffmpeg-swscaler has been included in debian, so we drop that patch, then debian has dropped gcc4.3.patch and ffmpeg_writer.patch, and it has also dropped ffmpeg from Build-Depends and I'm taking debian changes on mpi... so after that.. no ubuntu change...
[06:15] <ivoks> RoAkSoAx: we'll see :)
[06:17] <ivoks> well, there's a quite big diff
[06:17] <ivoks> ubuntu uses ffmpeg, debian doesn't
[06:18] <ivoks> RoAkSoAx: anyway, that's for ubuntnu-motu :)
[06:21] <billybigrigger_> hey all
[06:22] <billybigrigger_> does anyone here use godaddy??? i registered a domain through them and can't figure out for the life of me how to setup a subdomain, i want forums.mydomain.com to point to mydomain.com/forums (ie. /var/www/forums)
=== rascov_ is now known as rascov
[07:01] <ivoks> does anyone uses latex|tetex|texlive|*ex* for writing documentation?
[07:19] <twb> ivoks: nope; I prefer python-docutils and rst2pdf now.
[07:20] <twb> !anyone
[07:20] <ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
[07:26] <ivoks> twb: hehehe
[07:27] <ivoks> i'm interested in editors people use for tex
[07:33] <twb> ivoks: #emacs
[08:40] <stanman1> df
[08:41] <stanman1> hi
[08:44] <cef> can you get vmbuilder to build images directly onto an lvm lv in raw format? everything I've seen says to use qemu-img to convert the default file from qcow2 to raw after the fact, which is just a pain.
[08:48] <stanman1> how can i install a broadcom netextreme nic with ubu?
[08:49] <stanman1> the installer doesn't see the embedded nics.. :(
[08:52] <henkjan> cef: on intrepid building images to lvm failed for me
[08:57] <kgoetz> stanman1: your NICs require non-free firmware. Not sure if your release of Ubuntu ships with it
[09:00] <stanman1> kgoetz: somehow ifconfig eth0 up worked and i could set a static ip, etc
[09:00] <stanman1> strangely the installer didn't recogize the nics...
[09:01] <stanman1> now it's working
[09:01] <kgoetz> stanman1: the kernel used during isntall may not have the firwmare loaded. I'd agree its trange though
[09:02] <stanman1> i must say, i did an install off an usb stick (no cd in the box), later after booting off the hdd's it worked
[10:36] <alterlaszlo> hi, i'm giving eucalyptus a try but i have problems handling user registration mails. Where are the mails gone?
[10:36] <ulel> hi
[10:36] <ulel> anyone running clusters here
[10:37] <ulel> needed soem advice on hardware
[11:14] <celephais> Hi, how do you control log on multiple servers?
[11:18] <ddoom_> I have 3 1TB sata drives, ubuntu server is intalled on a partition of 1 of them. If i unplug one of the non-boot drives, it works fine.but if i have all 3 connected it comes up with raid45: unknown target type errors and drops to EasyBox (I think its called). My bios has fakeraid which I have turned off, any ideas?
[11:22] <alterlaszlo> celephais: i use syslog-ng and centralize all logs on a log-server
[11:22] <celephais> alterlaszlo, and how do you parse the logs?
[11:23] <celephais> alterlaszlo, i mean how do you know if something is going wrong?
[11:23] <alterlaszlo> celephais: with syslog-ng it-s quite easy to create filters
[11:23] <celephais> alterlaszlo, ok thank you , i'll check the documentation
[11:24] <alterlaszlo> celephais: that's a great question: it dipends on how much time you have to check them ;) if you have few time just parse errors and warnings
[11:27] <celephais> alterlaszlo, is there a program that automatic parse log and look for ad-hoc pattern such , a.e, brtue forcing on ssh?
[11:28] <alterlaszlo> celephais: for brute-force attacks i use another package called fail2ban, it's him that check logs and creates autoamtically iptables rules to ban the attacker ip
[11:28] <alterlaszlo> it-s great against script kiddies
[11:29] <celephais> mm ok i'll check
=== gaveen_ is now known as gaveen
[13:47] <LMJ> Hi
[13:57] <LMJ> I'm modify my syslog and now, no more email activities are logged  :-/  Here is my conf : http://pastebin.com/db1c69d3 and you will see file priviledges too
[14:02] <ivoks> -?
[14:02] <ivoks> -/var/log/mail.log
[14:02] <LMJ>  - means not sync or something like this
[14:03] <ivoks> right, without it, syslog won't buffer logs
[14:03] <LMJ> I don't want to log in /var/log/mail.log but in /var/log/mail/mail.(err|log)
[14:04] <ivoks> those files exist?
[14:04] <ivoks> owned by syslog:adm?
[14:04] <LMJ> yes, look below in my pastebin
[14:05] <ivoks> oh, sorry
[14:05] <LMJ> np
[14:05] <LMJ> don't really understand what it doesn't work
[14:05] <LMJ> no errors in syslog just in case
[14:05] <ivoks> did you check syslog?
[14:05] <ivoks> ok... :)
[14:06] <LMJ> I've broken something somewhere but I don't know what
[14:07] <LMJ> let's double check if postfix handle syslog facilities
[14:08] <ivoks> how about:
[14:08] <ivoks> mail.info -/var/log/mail/mail.log
[14:08] <ivoks> mail.warn -/var/log/mail/mail.log
[14:09] <ivoks> mail.err /var/log/mail/mail.err
[14:09] <LMJ> ok, let's try
[14:09] <LMJ> hold on
[14:10] <ivoks> make that mail.warning
[14:10] <LMJ> ho
[14:10] <ivoks> so, you don't want errors in the same file as other?
[14:10] <LMJ> no
[14:11] <LMJ> syslog and postfix restarted and I can see the postfix restart notification in mail.log
[14:11] <LMJ> nice ;)
[14:11] <LMJ> mail sent
[14:11] <LMJ> and log'ed
[14:11] <LMJ> damned, thanks you bro
[14:11] <ivoks> np
[14:12] <ivoks> ubuntu's default syslog.conf had that example
[14:12] <ivoks> :D
[14:12] <LMJ> yes
[14:12] <LMJ> I removed it
=== asac_ is now known as asac
[14:48] <billybigrigger_> does anyone here use godaddy??? i registered a domain through them and can't figure out for the life of me how to setup a subdomain, i want forums.mydomain.com to point to mydomain.com/forums (ie. /var/www/forums)
=== hessml is now known as hessml|away
=== hessml|away is now known as hessml
[15:10] <giovani> billybigrigger_: this is very much not the place to ask -- godaddy has technical support
[15:10] <giovani> however, forwarding a subdomain to a url is not typically done at the DNS provider
[15:13] <kees> ivoks: sweet, I see you're trying to get xattr tar working sanely upstream.  how's that going?
[15:17] <stickystyle> billybigrigger_:  once you figure out the godaddy subdomain issue, your going to want to learn about mod_rewrite to handle the forums.mydomain.com -> mydomain.com/forums transition.
[15:17] <billybigrigger_> eh?
[15:18] <billybigrigger_> what do i need to know?
[15:19] <billybigrigger_> well i got it working, it only took 48 hours to update...so if i visit forums.mydomain.com now, its just a redirect and the address bar shows mydomain.com/forums
[15:19] <billybigrigger_> so all that effort was pointless :P i thought the address bar would show the subdomain as forums.mydomain.com
[15:20] <ivoks> kees: it's basicaly redhat's patch
[15:20] <ivoks> kees: upstream did some changes to it
[15:21] <ivoks> kees: debian maintainer pushed it there
[15:21] <ivoks> kees: to be honest, i didn't check how are things going now, but i do know that fedora is interested in that too
[15:22] <ivoks> kees: http://lists.gnu.org/archive/html/bug-tar/2009-03/msg00036.html - that's the last news :/
=== hessml is now known as hessml|away
[15:28] <kees> ivoks: yeah, that's what i was reading.  Jorg is totally right, btw.
[15:29] <kees> i.e. the memcpy vs strcpy bit.
[15:29] <kees> I don't know about the DIR part
[15:31] <orudie> is there a way to hide the whois information of the domain ?
=== hessml|away is now known as hessml
[15:31] <jpds> orudie: Whois guard at best.
[15:34] <stanman1> hi, i installed ubuntu 8.04 LTS off an usb stick, but now when i remove the usb stick I get an error 15 at grub, how can i solve this?
[15:35] <ivoks> stanman1: remove grub from hard disk
[15:38] <stanman1> ok, apt-get remove grub?
[15:38] <stanman1> then reboot?
[15:38] <ivoks> no
[15:38] <ivoks> grub is installed on MBR of your hard disk
[15:38] <RoAkSoAx> ivoks, heya master i'm back :)
[15:38] <ivoks> you have to clear hard disk; install another boot loader there
[15:38] <ivoks> RoAkSoAx: hi
[15:39] <kees> ivoks: should we carry the xattr patch in Ubuntu, you think, to give it a wider audience?
[15:39] <ivoks> kees: that was my idea; that's why i asked debian dev about that
[15:39]  * kees nods
[15:39] <ivoks> kees: he said he won't introduce changes that aren't from upstream
[15:40] <kees> we'd want jorg's patches too.
[15:40] <ivoks> kees: so, we could do it... but we would be alone there :)
[15:40] <kees> ivoks: sure, but we do that in other places too.  :)
[15:40] <ivoks> kees: note that 'my' patch was extracted from redhat's tar
[15:40] <kees> ivoks: right, sure.  we'd want Jorg's fixes, though, too.
[15:40] <ivoks> kees: right
[15:41] <kees> I'm surprised RH hasn't run into more problems with it -- the strdup vs memcpy issue is rather nasty.
[15:41] <ivoks> if we do that for tar, we could enable acl by default on all partitions
[15:41] <kees> ivoks: it seems that acls work already, but that useracl is what's non-default currently.  is that right?
[15:42] <ivoks> acls don't work
[15:42] <kees> hm, ok
[15:42] <ivoks> you can't set acl on files
[15:42] <ivoks> but (almost) all programs are compiled with support for it
[15:42] <kees> yeah
[15:43] <kees> I'm curious about it for fscaps, which uses xattrs
[15:43] <ivoks> don't know what's that :)
[15:43] <RoAkSoAx> ivoks, when we are dropping a patch, should I just remove it from the debdiff or should i delete it from debian/patches?
[15:44] <ScottK> RoAkSoAx: Why are we dropping it?
[15:44] <ivoks> RoAkSoAx: debdiff is diff between debian and ubuntu
[15:44] <RoAkSoAx> ScottK, because debian merged it
[15:44] <ivoks> RoAkSoAx: if ubuntu is droping patch, then it exist in debian
[15:44] <ivoks> RoAkSoAx: therefor, it's not in debdiff
[15:45] <ivoks> RoAkSoAx: but if your debdiff removes patch that debian did, then you are probably doing something wrong
[15:45] <ivoks> do you understand what i'm trying to explain? :)
=== hessml is now known as hessml|away
[15:47] <RoAkSoAx> ivoks, in paraview.. i need to drop ubuntu-use-ffmpeg-swscaler becuase debian has merged it (use-ffmpeg-swscaler.patch) so I need to drop the ubuntu patch.
[15:47] <RoAkSoAx> ivoks, i remove it from the debian/patches/series file, and when I do the debdiff.. it still appears on the debdiff... know what i mean?
[15:47] <ivoks> all you have to do is note in changelog explaining that you droped a patch cause debian include it
[15:47] <ivoks> RoAkSoAx: don't remove it
[15:48] <ivoks> RoAkSoAx: you don't quite understand whole concept, i'm affraid...
[15:49] <RoAkSoAx> ivoks, i mean in the diff i'm trying to remove the patch that ubuntu did.. let me show you just a aset
[15:49] <RoAkSoAx> sec
[15:50] <ivoks> RoAkSoAx: i'll be back in 20 minutes
=== hessml|away is now known as hessml
[16:07] <duvnell> any idea how to get new dmesg message to go to a tty so I can what what was happening just before this box became unresponsive?
[16:07] <duvnell> s/message/messages/
[16:10] <Ash-Fox> How do I disable ssh's stupid check on file permissions on certificates? - I am trying run backups under a specific user and I use ACLs to grant it read access to everything and SSH refuses to work when the ACLs are set on the files.
[16:43] <ivoks> RoAkSoAx: cluster stack session got approved for UDS
[16:43] <RoAkSoAx> ivoks, awesome.. has it been scheduled yet?
[16:43] <jpds> Probably not.
[16:44] <ivoks> not yet
[16:48] <RoAkSoAx> ivoks, hopefully they scheduled on of the lasts sessions so that I can attend :)
[16:49] <ivoks> RoAkSoAx: i was thinking of that... what's the time you would like it to be?
[16:50] <ScottK> RoAkSoAx: If you subscribe to the spec and tell LP when you will be there, that does bias the scheduling algorithm.
[16:50] <RoAkSoAx> ivoks, do you know what's the timezone there?
[16:51] <ivoks> same as here
[16:51] <ivoks> that's -7 for you
[16:51] <ivoks> CEST
[16:52] <ivoks> sommer: rain on sunday in barcelona...
[16:53] <RoAkSoAx> ivoks, at what time is the last session?
[16:53] <jpds> 4:00pm
[16:53] <RoAkSoAx> jpds, 4 to 5 right?
[16:54] <RoAkSoAx> ivoks, yep, I guess it will need to be at 4pm, since it will be 9 am for me
[16:54] <jpds> Yes.
[16:54] <RoAkSoAx> k
[16:55] <jpds> RoAkSoAx: You lazy thing! I wake up at 6am.
[16:55] <RoAkSoAx> jpds, hahahaha i usually wake up at 9.30
[16:59] <ivoks> RoAkSoAx: still teenager? :)
[16:59] <RoAkSoAx> ivoks, almost 24 :P
[16:59] <RoAkSoAx> ivoks, just "unemployed"
[17:00] <jpds> ivoks: What do you mean by that? :P
[17:01]  * jmedina is 26 and also wakes up at 9:30 :)
[17:01] <ivoks> lol i'm old
[17:01] <jmedina> ivoks: RoAkSoAx where can I find info about proposed cluster stack
[17:02] <ivoks> jmedina: we have to discuss it
[17:02] <RoAkSoAx> jmedina, that's what is going to be discussed during the UDS
[17:02] <jmedina> Im learning about HA setups
[17:03] <ivoks> jmedina: stop right there
[17:03] <ivoks> ups
[17:03] <jmedina> O_O
[17:03] <ivoks> never mind
[17:05] <RoAkSoAx> ivoks, should I report it like this: http://pastebin.ubuntu.com/176497/ ?
[17:05] <jmedina> I need to setup a few services in a HA setup, I already have SAN(FC) shared storage, multipath and bonding/vlans for the setup
[17:05] <RoAkSoAx> jmedina, i've already added howto's for heartbeat: https://wiki.ubuntu.com/UbuntuHighAvailabilityTeam/Heartbeat I've to review them
[17:06] <ivoks> but don't use hearbeat
[17:06] <ivoks> it's dead
[17:06] <jmedina> :S
[17:06] <RoAkSoAx> ivoks, there's going to be a heartbeat version 3.x
[17:06] <ivoks> RoAkSoAx: yeah, it's ok; but debian might not accept it
[17:06] <jmedina> RoAkSoAx: thanks
[17:06] <ivoks> RoAkSoAx: there will be 3.0, since 2.99 is out for some time
[17:06] <ivoks> RoAkSoAx: but there are no intentions to continue with it
[17:07] <RoAkSoAx> ivoks, who's the upstream developer, horms?
[17:07] <jmedina> ivoks: I need to use hardy for the setups, so what is the choise for hardy lts?
[17:07] <RoAkSoAx> jmedina, heartbeat or rhcs
[17:08] <jmedina> One of the things still confuse me is shared storage and cluster filesystem
[17:08] <jmedina> do I need gfs clvm?
[17:09] <jmedina> this HA setup is going to run under  a virtualized setup in bladecenter
[17:10] <RoAkSoAx> jmedina, you need to use cluster filesystem when you have master / master configs... such as 2 file servers serving as active / active
[17:10] <ivoks> gfs and ocfs are clustered filesystems
[17:10] <ivoks> they enable you to write at the same time to same filesystem from different machines
[17:11] <ivoks> if you want that, i'd suggest using gfs, and thus rhcs
[17:11] <ivoks> you might try ocfs too
[17:12] <jmedina> Im not doing active/active only active/standby
[17:12] <ivoks> then you can use 'normal' linux filesystems
[17:13] <RoAkSoAx> jmedina, yes.. check out my tutorials.. they will give you and insight of how active / passive works with heartbeat... btw... if you want to have data replicated between two nodes in active / passive, you can use DRBD...
[17:13] <jmedina> then I read about locking or corrupted FS when a node a failed node is not fenced or something
[17:14] <ivoks> ha isn't replacement for backup
[17:14] <ivoks> if your SAN fails, all you have then is backup
[17:15] <jmedina> I have 4 redundant paths to the san and using multipath
[17:15] <ivoks> still, fire in SAN means no data
[17:15] <jmedina> raid10 in san, and of course backups
[17:15] <ivoks> error on filesystem means no data
[17:15] <phreestyle-work> I'm having trouble with eBox and need help. For some reason, I can't update eBox in Ubuntu Hardy. It is holding back the packages and squid and dansguardian won't work because eBox is writing incompatible config files
[17:15] <RoAkSoAx> jmedina, yes but first you need a technology that allows you to replicate data... this technlogy could be DRBD..., it provides a "fencing" mechanism that tries to prevent from split-braining.. it is called dopd...  i'll soon add a howto on how to do that
[17:15] <ivoks> RoAkSoAx: ha has SAN(FC)
[17:15] <ivoks> he
[17:16] <RoAkSoAx> ivoks,  I thought that blade centers had that issue resolved already
[17:16] <RoAkSoAx> i mean data replication and that stuff
[17:16] <ivoks> RoAkSoAx: http://en.wikipedia.org/wiki/Storage_area_network
[17:17] <ivoks> RoAkSoAx: there's no need for drbd and replication with san
[17:17] <RoAkSoAx> ivoks, yes...
[17:18] <RoAkSoAx> ivoks, that's why i though that blade centers had that issue resolved already since they do not need of a data repliucation technology such as drbd
[17:20] <jmedina> this blades dont have local disk, im using boot from san
[17:21] <resno> I am looking for a way to get more information then the webalizer main page will give. I am looking for stats on a specific page.
[17:23] <ivoks> awstats
[17:24] <resno> ivoks: my server has webalizer on it speficially.
[17:25] <ivoks> that's stoping you from using awstats?
[17:25] <jmedina> the current setup is like this: http://tuxjm.net/wp-content/themes/Ghacks2/images/Esquema_Storage_Fisico_con_redundancia.png
[17:26] <resno> ivoks: I guess. I dont admin the server, so I dont know of any features installed on it. I was hoping webalizer allowed this type of access by passing it a parameter or something.
[17:27] <ivoks> resno: awstats doesn't do that either, iirc
[17:27] <ivoks> resno: you could parse logs :/
[17:28] <resno> ivoks: I need stats on one page, but its deep within the site and I am not sure how to get those stats. Its not a highly visited page, which creates the problem.
[17:28] <ivoks> jmedina: right... so, what would you like to achive?
[17:29] <ivoks> resno: awstats and webalizer are domain-aware, not site-aware
[17:29] <resno> ivoks: oh I see.
[17:29] <ivoks> resno: so, if you want something for specific site, you should parse logs
[17:30] <ivoks> resno: or, with awstats, grep normal apache log, look for specific site
[17:30] <ivoks> resno: paste that into new file
[17:30] <ivoks> resno: and tell awstats to check out that file
[17:31] <ivoks> resno: then it will tell you stats for domain, but since that spcific page is the only page in that log, all stats would be for that page
[17:31] <jmedina> ivoks: this is going to be a virtualized enviroment with live migration providing kind of manual high availability
[17:32] <ivoks> jmedina: so shared storage should have a filesystem that all of them can access, but not at the same time
[17:32] <jmedina> now I want to give some redundancy for services like proxys, fileservers, routers
[17:32] <ivoks> jmedina: ext3 sounds quite ok for that
[17:33] <ivoks> jmedina: you could use heartbeat; it should be easier to set up
[17:33] <ivoks> jmedina: or red hat cluster suite, which is a bit heavier beast
[17:33] <ivoks> you'll also find more howtos with heartbeat than rhcs
[17:34] <jmedina> ivoks: I've been playing with heartbeat but for simple setups, only using network resources: routers, firewalls
[17:34] <ivoks> then again red hat cluster suite is in main, while heartbeat is in universe
[17:35] <jmedina> my main concert is about storage, I want to avoid two nodes access data at the same time
[17:35] <ivoks> jmedina: i hope you don't think about doing this in production :)
[17:35] <ivoks> jmedina: test it somewhere else :)
[17:35] <jmedina> ivoks: nop I have a bladecenter H with 14 blades to play
=== RoAk is now known as RoAkSoAx
[17:35] <ivoks> jmedina: if you put ext3 there, they can't access it at the same time
[17:36] <ivoks> jmedina: kernel will refuse to mount it
[17:36] <ivoks> jmedina: idea is that service moves from one server to another
[17:36] <ivoks> jmedina: service can be filesystem or some real service
[17:36] <jmedina> yeap
[17:37] <ivoks> so, you can't mount them at the same time
[17:37] <ivoks> i use gfs just so i could mount and use them at the same time
[17:37] <ivoks> never had any problems
[17:42] <sommer> ivoks: rain on sunday... doh
[17:43] <sommer> ivoks: well I need a new jacket anyway :-)
[18:04] <RoAkSoAx> ivoks, i paraview has failed to build again
[18:04] <sluimers> Can someone help me with ispconfig3? My mails get stuck in var/mail/vmail
[18:06] <RoAkSoAx> ivoks, http://pastebin.ubuntu.com/176542/
[18:08] <ivoks> RoAkSoAx: so...? you know where the problem is?
[18:09] <RoAkSoAx> ivoks, no, but i was thinking it was because python needs to be a builddepdns?
[18:10] <ivoks> RoAkSoAx: it's obvious that's the problem
[18:10] <RoAkSoAx> ivoks, i did that i'm just waiting to see if it builds
[18:10] <ivoks> ok
[18:11] <RoAkSoAx> ivoks, would that be something that will need to be forwarded to debian too?
[18:12] <ivoks> RoAkSoAx: i'll tell you when i see the debdiff
[18:15] <RoAkSoAx> ivoks, in debian they use python-dev which install python (2.6) and python2.6-dev, during building it says that python2.5 has not been found.. so there are too possible solutions right? making it use python2.6 or installing python2.5, which one do you think is the best one?
[18:15] <ivoks> RoAkSoAx: make it depend on python2.5
[18:16] <RoAkSoAx> ivoks, i did that. I will need to remove python-dev from Build-Depends and add python2.5-dev and python2.5 right?
[18:16] <ScottK> RoAkSoAx: Make it work with 2.6 is a better answer.
[18:17] <ScottK> ivoks: Why do you say depend on 2.5?
[18:17] <ivoks> ScottK: i would leave that to upstream
[18:17] <ivoks> python2.5 -> python2.6 isn't that simple
[18:17] <ScottK> Is it 2.5 due to upstream or packaging from Debian?
[18:17] <ivoks> upstream
[18:17] <ScottK> Ah.
[18:17] <ScottK> Well generally it's better to use system default, but maybe not in this case.
[18:18] <ivoks> if it can work with 2.6, then yes
[18:18] <ivoks> but that would require some seding all over the place :)
[18:18] <ScottK> So RoAkSoAx check if it works with 2.6.
[18:18] <ivoks> RoAkSoAx: you could try that :)
[18:18] <ivoks> right, 'grep -sr python2.5 *'
[18:18] <ivoks> :D
[18:19] <ivoks> RoAkSoAx: it turns out that paraview is great exercise :)
[18:20] <RoAkSoAx> haha
[18:20] <RoAkSoAx> indeed
[18:22] <RoAkSoAx> ivoks, http://pastebin.ubuntu.com/176550/
[18:23] <ivoks> hm
[18:23] <ivoks> so, debian's the devil :)
[18:24] <ivoks> try it
[18:24] <ivoks> replace python2.5 with python
[18:24] <RoAkSoAx> ivoks, ok
[18:25] <RoAkSoAx> ivoks, where?  :)
[18:25] <gene420> anyone have a good website or lead myself in the right direction to setup a redundant web server I have just aquired a second IP address and would like to use it for a redundancy for my existing apache virtual domain  system
[18:26] <giovani> gene420: "redundant" isn't explanatory enough
[18:26] <ivoks> RoAkSoAx: sed -i -e 's/python2.5/python/g' debian/paraview.lintian*
[18:26] <giovani> you want them both sharing the load? you want failover when one dies (one is primary, one is secondary)
[18:26] <giovani> ?
[18:26] <giovani> explain a bit
[18:26] <gene420> sharing the load
[18:26] <giovani> gene420: the cheap and simple way is to use round-robin dns
[18:26] <ivoks> there's even cheaper way :)
[18:26] <giovani> where you put two A records in for the hostname
[18:26] <gene420> I have each website with godaddy
[18:27] <ivoks> apache has mod_proxy_balancer
[18:27] <ivoks> http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html
[18:27] <giovani> ivoks: that's not cheaper nor more simple
[18:27] <giovani> I'm not saying it's a bad solution
[18:27] <ivoks> hehe
[18:27] <giovani> but it's hardly the simple method
[18:27] <gene420> so then just add a second A name record to godaddy and schedule rsync to keep them synced
[18:27] <giovani> and I wouldn't recommend it to a random new admin
[18:28] <giovani> gene420: heh, what kind of data are you trying to sync?
[18:28] <gene420> I have 4 customers with simple drupal websites...
[18:29] <ivoks> are you certain you need load balancing?
[18:29] <giovani> you won't be keeping backend DBs consistent with rsync, sorry
[18:30] <ivoks> he'll need mysql master-master replication
[18:30] <giovani> if he's using mysql, sure
[18:30] <ivoks> er...
[18:30] <ivoks> gene420: do you have 2 servers at all?
[18:30] <ivoks> or one with 2 IPs?
[18:30] <gene420> eserver 335 and hp proliant dl-590
[18:30] <ivoks> ok
[18:31] <ivoks> so, two of them
[18:31] <ivoks> which database do you use?
[18:31] <gene420> two static ips with bell business...in seperate locations
[18:31] <gene420> mysql...
[18:31] <ivoks> separate... like couple of miles away or room next door?
[18:31] <gene420> sorry kinda of new to this side of things
[18:32] <gene420> same building upper and lower level
[18:32] <RoAkSoAx> ivoks, i'll have to do the change in debian/rules too right?
[18:32] <gene420> so I could pull an ethernet cable between them
[18:32] <J_P> Hi all
[18:32] <giovani> gene420: you're hosting websites on an office internet connection
[18:32] <giovani> ?
[18:32] <gene420> yea ....
[18:32] <ivoks> RoAkSoAx: you didn't paste everything right?
[18:32] <ivoks> pih...
[18:33] <RoAkSoAx> ivoks, yes, but in debian/rules they use a PVER = 2.5
[18:33] <RoAkSoAx> so I just bumped it to 2.6
[18:33] <ivoks> RoAkSoAx: good catch ;)
[18:33] <giovani> gene420: why not use some VPSes instead?
[18:33] <J_P> Is possible Real time linux with the new ubuntu 9.04?
[18:33] <gene420> just for small business so far things have been working fine...6Mpbs dsl connection
[18:33] <giovani> you'd get far more bandwidth, far more reliability, at far less hassle
[18:33] <giovani> not to mention true redundancy, by putting them in totally separate cities/countries/datacenters
[18:34] <gene420> just trying to keep the cost down ....and figured it would be a good learning experience
[18:34] <ivoks> gene420: with 6mbit/s your server will serve web site without a sweat
[18:34] <giovani> the cost will be lower with VPSes, I assure you
[18:34] <giovani> the power required to run two full servers
[18:34] <giovani> is far more costly than two VPSes
[18:34] <giovani> not to mention bandwidth
[18:34] <giovani> gene420: same learning experience, just physical location is different
[18:35] <J_P> anyone?
[18:35] <gene420> power and resources aren't really an issue becaue they need the servers running for other services like network backup and samba domain policy logins with xp
[18:35] <giovani> heh
[18:35] <giovani> ok
[18:36] <gene420> i know what you mean thou I kinda of should just use godaddy to host them would save me some hassle
[18:36] <giovani> heh, no I wouldn't ever recommend that
[18:36] <giovani> I'd stay away from godaddy at all costs
[18:37] <RoAkSoAx> ivoks, ok, so in case it builds, I'll just have to update the changelog saying: Bumped python version from 2.5 to 2.6?
[18:37] <ivoks> RoAkSoAx: yes
[18:37] <ivoks> RoAkSoAx: including a list of files where you changed that
[18:38] <ivoks> RoAkSoAx: rules, control and paraview.lintian-overrides
[18:38] <RoAkSoAx> ivoks, i would also need to update README.Debian ?
[18:38] <ivoks> RoAkSoAx: good question...
[18:38] <ivoks> ScottK: what's your opinion?
[18:39]  * ScottK reads
[18:39] <ScottK> RoAkSoAx: Does README.Debian currently say anything about specific Python versions?
[18:39] <ivoks> ScottK: yes
[18:40] <ScottK> Then I would update it.
[18:40] <ivoks> it states that paraview is built with 2.5
[18:40] <ScottK> Keep in mind that README.Debian is for users and not devs.
[18:40] <RoAkSoAx> ScottK, it says this:  Paraview is built against python2.5 only (it works with python2.4, but you would have to compile it yourself, changing build depends and debian/rules).
[18:41] <ScottK> RoAkSoAx: Alternatively you could make it build against both 2.5 and 2.6 and remove that bit entirely
[18:41] <ScottK> 2.4 isn't supported Jaunty and later.
[18:42] <RoAkSoAx> ScottK, doing that will imply modifying debian/rules right?
[18:42] <RoAkSoAx> since there it specifies which version of python should be used
[18:42] <RoAkSoAx> in a PVER variable
[18:43] <ScottK> RoAkSoAx: Alsmost certainly (keep in mind I didn't look at this package)
[18:43] <ivoks> you have to update both files
[18:43] <ivoks> and mention that in changelog
[18:43] <RoAkSoAx> ok i'll first finish building with python 2.6 and create a debdiff so you can see it
[18:44] <niekie> Greetings..
[18:44] <niekie> Does anyone know if Ubuntu is currently vulnerable to http://www.theregister.co.uk/2009/05/19/open_ssh_hack/ ?
[18:44] <niekie> And if a fix is in the works if so?
[18:46] <ivoks> kees: ^^
[18:49] <ScottK> Considering the Debian package we're derived from was uploaded in January and there's a later upstream release available, I'm guessing the news isn't good.
[18:50] <ScottK> I suspect cjwatson_ will be interested too
[18:50] <ivoks> according to article, it's a design flaw
[18:50] <kees> niekie: it requires an active MitM attack
[18:50] <kees> niekie: so, as such, it is a very hard to exploit issue, but does need fixing.
[18:51] <niekie> kees: I know. But still I'd feel a lot safer if it wouldn't be there ;)
[18:51] <kees> niekie: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5161   no one has released fixes for it
[18:51] <uvirtbot> kees: Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algori
[18:51] <kees> niekie: yeah, I'd be curious to find out if the 5.2 changes can be backported easily.
[18:52] <kees> niekie: as a work-around, you can follow the recommendations at the end of http://openssh.org/txt/cbc.adv
[18:54] <niekie> kees: Ah! Thank you very much.
[18:55] <ivoks> hip hip... hooray!
[18:56] <ScottK> kees: Any idea what the downside of the workaround is (i.e. why it's not just made default)?
[18:57] <niekie> The "workaround" doesn't seem to be a total fix though. In that suggested "Ciphers" list I can still see aes in CBC mode.
[18:57] <niekie> So it will prefer other non-vulnerable ciphers first, but will fall back to the vulnerable ones.
[18:57] <kees> ScottK: I don't, but I'd like to understand what they did to fix it in 5.2.
[18:58]  * ScottK decides not to panic
[18:58] <niekie> ScottK: I wouldn't worry that much about it.
[18:58] <kees> yeah, we classified it as "low" when it was announced.
[19:00] <niekie> I mean, the connection needs to be killed several times apparently for this to work.
[19:01] <niekie> If you open a SSH session and you're suddenly disconnected, you usually don't try to reconnect another 11355 more times ;)
[19:01] <niekie> (though automated stuff might, which is where this issue is more serious, AFAIK)
[19:03]  * ivoks trusts kees and jdstrand with his life, so... no worries
[19:03] <niekie> Heh.
[19:03] <ivoks> kees: feeling pressure? :D
[19:04] <kees> ivoks: yikes!
[19:04] <niekie> Yeah, I've heard the legends :P
[19:04] <kees> ivoks: I don't have any real medical skills.  :)
[19:04]  * kees heads to dinner
[19:04] <niekie> Have a great one! :)
[19:04] <ivoks> kees: oh, barcelona already? :)
[19:04] <ivoks> take care, /me goes to a movie
[19:05] <ivoks> the movie
[19:05] <ivoks> or whatever
=== rgreening_ is now known as rgreening
=== isaac_ is now known as isaac
=== hessml_ is now known as hessml|away
[19:52] <billybigrigger_> how would i go about setting up my mailserver if my isp is blocking port 25????
[19:53] <billybigrigger_> is there a way i can use a different port? like outbound 700 or something??? cause i can recieve mail inbound but cannot send any mail
[19:54] <ScottK> billybigrigger_: You would need a server outside your ISP listening on that port to relay to 25.
[19:54] <billybigrigger_> do you know of any free bounce servers or anything i could use?
[19:54] <jmedina> billybigrigger_: you can configure your MTA to use submission service
[19:55] <billybigrigger_> what is submission service?
[19:55] <jmedina> it is the recommend way, so your server users tcp/25 for receiveing mail and tcp/587
[19:56] <jmedina> it is the same that smtpd but is used for other purposes for example for mail relaying using smtp+auth
[19:56] <billybigrigger_> ok
[19:56] <maxb> jmedina: That would not work, and is not recommended.
[19:56] <jmedina> here in México all ISP block outgoing TCP, so we use tcp/587
[19:56] <maxb> 587 is intended for *submission* from MUAs, *not* for MTA to MTA communication
[19:57] <jmedina> maxb: ok, I tought he wantted submission from MUAS
[19:57] <billybigrigger_> i just need outgoing port 25
[19:57] <billybigrigger_> since outbound 25 is blocked
[19:57] <stickystyle> billybigrigger_:  You need to look at setting a smarthost
[19:57] <stickystyle> the smarthost being your ISP
[19:58] <billybigrigger_> so use my isp for outbound mail?
[19:58] <jmedina> for postfix I have this config it uses SMTP-AUTH to auth agains your smart host
[19:58] <jmedina> http://tuxjm.net/2008/11/26/postfix_como_enviar_correo_a_traves_de_un_servidor_externo_usando_sasl_y_tls/
[19:59] <billybigrigger_> would my mail come from billy@isp.com or billy@mydomain.com
[19:59] <billybigrigger_> ?
[19:59] <stickystyle> billybigrigger_:  Yes.  you basically relay your mail through your ISP.
[19:59] <J_P> Anyone can tell me if Is possible Real time linux with the new ubuntu 9.04?
[19:59] <jmedina> billybigrigger_: it depends on how your ISP is configured
[19:59] <billybigrigger_> jmedina::: do you have an english translation of that page :P
[19:59] <stickystyle> Since the From: header is set in the MUA, it wont matter what your ISP does.
[20:00] <jmedina> billybigrigger_: not, probalby google :D
[20:00] <billybigrigger_> jmedina::: i know thanks :P
[20:00] <billybigrigger_> jmedina::: actually already have a spanish to english trans plugin in firefox...was looking at moving to mexico :P but the job fell through :( kinda sad about it :(
[20:01] <ScottK> J_P: There is a RT kernel if that's what you mean?
[20:01] <jmedina> billybigrigger_: good, what is that trans plugin?
[20:02] <billybigrigger_> babelfish
[20:03] <billybigrigger_> just highlight certain words in the page and pop-up comes up with the translation, or you can translate the whole page
[20:03] <billybigrigger_> pretty useful
[20:03] <billybigrigger_> works in a ton of languages too
[20:03] <J_P> ScottK: RT kernel? where I start with RT kernel?
[20:04] <billybigrigger_> can anyone suggest a good tutorial or package for configuring a turn-key mailserver? i don't need to much fancy stuff, just a simple home mail server
[20:04] <ScottK> billybigrigger_: Most or all of what you need should be in the Ubuntu Server Guide.
[20:04] <billybigrigger_> im not too worried about security, i just need something quick and easy, that will let me to setup this smarthost you guys talk of
[20:05] <billybigrigger_> would dovecot-postfix suffice?
[20:05] <stickystyle> billybigrigger_:  Wrong words to say, you should always think about security.
[20:05] <stickystyle> dovecot-postfix is a very nice solution.
[20:06]  * stickystyle runs dovecot + postfix for his company.
[20:06] <J_P> ScottK: are you tell me about a RTAI for example?
[20:06] <ScottK> J_P: I know little about it, just that it exists.
[20:07] <J_P> ScottK: ok.
[20:08] <W8TAH> for a dual xeon server -- should i be running 32 bit server or 64 bit?
[20:10] <maxb> I think that isn't enough information to know
[20:10] <stickystyle> W8TAH:  depends if the xeon's are 32 or 64 bit.
[20:11] <W8TAH> oh -- ok
[20:11] <W8TAH> i'll keep diggin
[20:13] <philsturgeon> whats the best approach for installing mod_security in 8.04? seems to be the only version without it in the repo
[20:18] <jmedina> I would compile mod_security by hand
[20:18] <philsturgeon> looks like its going to be that way. was wondering if its sat in a different repo anywhere, but no worries
[20:19] <maxb> Check for a PPA? If not, create a PPA!
[20:22] <philsturgeon> PAA?
[20:22] <philsturgeon> PPA*
[20:24] <maxb> Personal Package Archive, a facility of launchpad.net by which *anyone* can have their own subsidiary Ubuntu package archive with automatic builds of uploaded source for i386 amd64 and lpia
[20:26] <philsturgeon> ha, nice
[20:29] <ScottK> philsturgeon: It had licensing problems and got removed.  They got fixed, but not in time for 8.04
[20:29] <philsturgeon> ScottK: Indeed
[20:29] <philsturgeon> unfrtunate
[20:33] <billybigrigger_> stickystyle::: ok, i've setup dovecot-postfix with a smarthost, being my ISP's smtp server...
[20:33] <billybigrigger_> stickystyle::: which ports do i need forwared? my mailserver is behind a router...just my imap port needs to be forward right? since outbound is handled via my isp?
[20:43] <billybigrigger_> how do i find out what security postfix was built with in the dovecot-postfix package?
[20:43] <billybigrigger_> im trying to setup evolution here and i want to use pop3s
[20:43] <billybigrigger_> or imaps
[20:44] <hggdh> billybigrigger_, dovecot-postfix does not embed either dovecot or postfix, they are depends
[20:44] <hggdh> so it is whatever is the current dovecot and postfix packages
[20:45] <billybigrigger_> so installing dovecot-postfix without anything else doesn't enable tls or ssl?
[20:46] <hggdh> the dovecot-postfix package carries an upodated dovecot configuration. If you already have one, you will have to match & mix
[20:46] <hggdh> in my case, I have to update the SSL certificates in use (so that dovecot would use mine)
[20:53] <billybigrigger_> hmm
[20:53] <billybigrigger_> bah this is confusing
[20:53] <billybigrigger_> should a default apt-get install of dovecot-postfix work out of the box?
[20:53] <billybigrigger_> i think i have my mx record set...and used a relayhost of my isp's smtp server...
[20:53] <hggdh> billybigrigger_, as long as you do not have any customised dovecot or postfix, yes
[20:53] <billybigrigger_> i can't seem to login via evolution using either imap or pop3
[20:54] <billybigrigger_> won't accept plaintext passwords, and i can't find out what authentication type it uses
[20:55] <billybigrigger_> nmap shows imap, imaps, pop3, and pop3s ports open
[20:56] <hggdh> make sure you have, in your dovecot configuration, "mail_debug=yes" and "vebose_ssl=yes"; if you do not, add them in, and bound dovecot (sudo service dovecot restart)
[20:56] <hggdh> s/bound/bounce/
[20:57] <hggdh> then try again, and look at /var/log/messages for dovecot messages
[20:57] <hggdh> and go from there
[20:57] <hggdh> argh! "verbose_ssl=yes", not "vebose_ssl"
[20:57] <billybigrigger_> looking at /var/log/mail.log messages right now
[20:59] <billybigrigger_> hmmm
[21:00] <billybigrigger_> i sent a message out to a hotmail account, and i recieved it
[21:00] <billybigrigger_> now sending from hotmail to my mailserver isn't working...or hotmail is slow...
[21:00] <billybigrigger_> or maybe i have something eff'd up somewhere
[21:01] <billybigrigger_> dig MX mydomain.com doesn't show an MX record...
[21:01] <billybigrigger_> probably why it's not working yet eh? and that's why i can send out mail, through the isp's smtp
[21:22] <philsturgeon> trying to install mod_security from source on ubuntu 8.04. run ./configure and get "configure: error: libxml2 library is required".
[21:22] <philsturgeon> i have libxml2 installed at /usr/lib/libxml2.so.2
[21:23] <hggdh> philsturgeon, you probably also need to install libxml2-dev
[21:24] <philsturgeon> done. thanks :)
[21:24] <philsturgeon> next is ./Makefile right?
[21:27] <sluimers> Does anyone here have experience with ispconfig?
[21:28] <sluimers> ispconfig 3?
[21:28] <hggdh> philsturgeon, you re-ran ,.configure, correct?
[21:28] <hggdh> (and select whatever options would apply)
[21:28] <philsturgeon> yes indeed. makefile was a silly guess, but it needs another step i think
[21:30] <philsturgeon> ahhh... think i need to move the mod_security into apache first. oops
[21:31] <philsturgeon> im confused :$
[21:31] <hggdh> philsturgeon, now run "make"
[21:32] <philsturgeon> ahh there we go
[21:32] <philsturgeon> not done much compiling without tutorials. not a noob, i consider myself a guru in training :-)
[21:32] <hggdh> :-)
[21:32] <philsturgeon> make & make install were both happy. job done, thanks
[21:33] <hggdh> philsturgeon, good luck now ;-)
[21:36] <maxb> philsturgeon: Have you considered backporting the package from intrepid instead?
[21:37] <philsturgeon> maxb: I asked on here for ideas, people just said to compile my own
[21:37] <philsturgeon> done it now :p
[21:37] <maxb> Yes, well, that's what I meant
[21:37] <maxb> compile your own as a package :-)
=== yml_ is now known as ghost
=== ghost is now known as Guest42890
=== yml_ is now known as yml
[22:20] <phreestyle-work> hey everyone, I was looking at the forums for a way to clear our residual config files left over from removed packages. I found a thread that tells you to use Synaptic, but is there any way to do this from the command line?
[22:21] <jmedina> phreestyle-work: use purge option for dpkg
[22:22] <jmedina> dpkg wont delete config files if they where modified after instalation unless you use purge option
[22:22] <phreestyle-work> jmedina: can u give an example please?
[22:22] <jmedina> dpkg -P packagename
[22:23] <phreestyle-work> but the packages are already gone and I don't know the names of them all
[22:26] <jmedina> mmm probably you can get a list from /var/log/dpkg.log
[22:27] <jmedina> I dont know another way
[22:27] <phreestyle-work> but the purge command from dpkg will work if the packages has already been removed, right? because if I do something like: apt-get purge old-package it won't work because the package is already been removed
=== jes_ is now known as XiXaQ
[22:35] <Ash-Fox> Hi, is there a way I can shut down a system as root without physical access to it without the halt, poweroff, reboot, init, runlevel, shutdown? Why am I asking? Because the server I'm in is suffering numerous drive issues and I can't shut it down via those commands, but many others are workign currently
[22:37] <thirsteh> Ash-Fox, got 'cat'?
[22:38] <Ash-Fox> thirsteh, yep.
[22:40] <jmedina> Ash-Fox: what about ctrl+alt+supr?
[22:40] <jmedina> ohh it is remote
[22:40] <thirsteh> Ash-Fox, I -think- this will work, but it's a long time since I've used this. No matter what, it's temporary anyway;
[22:40] <thirsteh> echo 1 > /proc/sys/kernel/sysrq
[22:40] <thirsteh> echo o > /proc/sysrq-trigger
[22:40] <thirsteh> that will shut down the machine entirely
[22:40] <jmedina> :O
[22:40] <thirsteh> to reboot, echo 'b' instead of 'o'
[22:41] <jmedina> thirsteh: good tip, what does it do>?
[22:41] <Ash-Fox> thirsteh, it didn't like that.
[22:41] <thirsteh> Ash-Fox, how so?
[22:41] <Ash-Fox> "input/output error"
[22:41] <Ash-Fox> I did however find a way around it
[22:42] <jmedina> Ash-Fox: which one?
[22:42] <thirsteh> jmedina, the same as sysrq, o, but without physical keyboard access
[22:42] <Ash-Fox> Mounted /media/cdrom as tmpfs, copied poweroff from my laptop to it, executed ./poweroff -f
[22:42] <thirsteh> you almost definitely need to echo that as root by the way
[22:42] <thirsteh> ah okay
[22:43] <Ash-Fox> That was fun
[23:27] <billybigrigger_> what kind of authentication does dovecot come with?
[23:27] <billybigrigger_> im trying to configure evolution with my mailserver and i just have plaintext passwords setup as of now...
[23:27] <billybigrigger_> which for obvious reasons is no good
[23:28] <giovani> that's all in the documentation
[23:28] <billybigrigger_> yeah but evolution is showing that no auth types are supported
[23:28] <giovani> very easy to find, took me less than 10 seconds on the dovecot site: http://wiki.dovecot.org/Authentication/Mechanisms
[23:29] <giovani> well check your dovecot configuration -- you have to tell it which authentication methods to allow obviously ...
[23:29] <billybigrigger_> and i highly doubt the default ubuntu config for dovecot comes with plain text enabled by default
[23:29] <giovani> you do? why would you highly doubt that?
[23:29] <billybigrigger_> well ya i see that, but why are plain text enabled by default?
[23:29] <XiXaQ> billybigrigger_, what ubuntu and how did you install it?
[23:29] <giovani> because many people use it
[23:29] <billybigrigger_> 9.04
[23:29] <billybigrigger_> sudo apt-get install dovecot-postfix
[23:29] <giovani> XiXaQ: it's not a debate ... it is enabled by default
[23:29] <XiXaQ> billybigrigger_, then the secure protocols should be enabled by default.
[23:30] <billybigrigger_> no, plaintext password authentication is enabled by default
[23:30] <giovani> billybigrigger_: yes, we already discussed this
[23:30] <giovani> that's normal, and expected
[23:30] <billybigrigger_> yes, im talking to XiXaQ
[23:30] <giovani> stop talking about it like it's a bug
[23:31] <giovani> why don't you spend 10 seconds looking at your dovecot config
[23:31] <giovani> to find out which auth mechanisms it's supporting
[23:31] <billybigrigger_> ya thanks tips
[23:31] <billybigrigger_>   #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
[23:31] <billybigrigger_>   #   gss-spnego
[23:32] <giovani> why is there a comment mark there?
[23:32] <billybigrigger_> cause its in the comments maybe?
[23:32] <giovani> then why are you pasting it?
[23:32] <billybigrigger_>   mechanisms = plain
[23:32] <giovani> that's not relevant
[23:32] <giovani> ok, so add the method you'd like to use ...
[23:32] <giovani> and remove plain
[23:32] <billybigrigger_> oh? the list of supported auth types are relevant?
[23:32] <billybigrigger_> ok
[23:32] <billybigrigger_> haha thanks tips
[23:33] <giovani> the list of supported auth types are in the URL I pasted minutes ago
[23:33] <billybigrigger_> [16:28] <billybigrigger_> yeah but evolution is showing that no auth types are supported
[23:33] <giovani> we want to know what's listed in your config as the mechanisms in use
[23:33] <giovani> right, clearly because of your mechanisms line
[23:33] <giovani> why is it that you can't just resolve this?
[23:34] <giovani> clearly you know what the supported auth types are ... you want to show them to me? just select the one(s) you'd like to use
[23:34] <billybigrigger_> i can, thanks
[23:34] <billybigrigger_> i confused myself over something...
[23:35] <billybigrigger_> thanks, sorry to piss you off and waste your time
[23:36] <billybigrigger_> k, now i have a question of opinion, these are something i know nothing of, and have no care about...but what is a better auth method, cram-md5 or digest-md5 for a home mail server?
[23:37] <giovani> if you read the link I pasted: http://wiki.dovecot.org/Authentication/Mechanisms
[23:37] <giovani> you'll see a very simple rundown and comparison of the different auth types
[23:37] <giovani> such as:
[23:38] <giovani> # CRAM-MD5: Protects the password in transit against eavesdroppers. Somewhat good support in clients.
[23:38] <giovani> #
[23:38] <giovani> DIGEST-MD5: Somewhat stronger cryptographically than CRAM-MD5, but clients rarely support it.
[23:38] <billybigrigger_> giovani::: thanks...maybe i should check out your post :P
[23:39] <billybigrigger_> does it have a section in there about setting up MX records? :P i think i have mine screwed up, as im not recieving any mail, but i can send out
[23:40] <billybigrigger_> so upon a quick read, cram-md5 is secure enough for a home server and most likely the most supported...am i correct in assuming this?
[23:45] <giovani> no, dovecot is completely unrelated to MX records
[23:45] <giovani> if you read the dovecot link, you'd know that, yes
[23:45] <billybigrigger_> ya
[23:46] <billybigrigger_> why so serious?
[23:46] <billybigrigger_> :)
[23:46] <billybigrigger_> i know mx and dovecot have nothing to do with each other, it was a joke, hence the smiley face at the end, but thanks
[23:58] <mobi-sheep> I'm a bit confused.  I use a script that add a bunch of blacklisted servers to my /etc/hosts --> redirected to 127.0.0.1 so they would redirect themselves to nowhere.  Useful to ban ads.  However, that do not work as I still see the ads... in Prism.