/srv/irclogs.ubuntu.com/2009/06/24/#ubuntu-server.txt

luckyone	hello all, does a default server install not load modules needed to playback sound?	00:23
luckyone	I built a NAS out of an MSI wind pc, now I want to also be able to use the onboard sound card to play music from it	00:23
MatBoy	I need to check when or @ what time a process in the ps falls away... how can I do this /	00:24
luckyone	I installed cmus via apt-get, but when I try to play a track it says "error: opening audio device: No such file or directory"	00:24
diffra	luckyone: http://ubuntuforums.org/showthread.php?t=205449 that should get you where you need to go!	00:30
diffra	check out moc if you want to access it via ssh... or if you want a web based solution, jinzora is great. you can use the web interface, hit play, and it plays on your server box.	00:32
luckyone	diffra: I am using cmus right now - pretty slick, I will check out moc	00:33
luckyone	cmus may have to load the entire directory structure every time (which isn't good)	00:34
luckyone	diffra: I was missing linux-sound-base, that is probably a pretty important package	00:35
dinger1986	hello, has anyone ever had a problem on ubunttu server 8.04.2 when it cant ping hosts, it is resolving dns	00:50
bc	to whitelist a sender domain (using this set up: https://help.ubuntu.com/9.04/serverguide/C/mail-filtering.html), do I use the DKIM whitelist or an amavisd whitelist?	01:02
bc	(I don't fully understand DKIM yet)	01:02
diffra	depends on what you're wanting to whitelist.	01:03
diffra	basically, short answer is both.	01:03
bc	diffra: to clarify, I just want to prevent several addresses from being marked as spam, ever.	01:04
bc	for amavis, 1) is the read_hash for the whitelist file valid syntax, and 2) where do I put that directive since there is no /etc/amavis.conf in ubuntu? -> http://flakshack.com/anti-spam/wiki/index.php?page=Installing+and+configuring+Amavisd-new	01:06
diffra	then, yeah, both. the page says that it's passing to dkim/spf seperately from amavis, so they'll each need to be whitelisted	01:06
diffra	FTA: "Amavisd-new can be configured to automatically Whitelist addresses from domains with valid Domain Keys. There are some pre-configured domains in the /etc/amavis/conf.d/40-policy_banks"	01:07
diffra	not sure about dkim.. never used it.	01:07
bc	diffra: thanks, looking	01:07
bc	diffra: the author_to_policy_bank_maps made me unsure; thanks, I'll give this a try	01:09
diffra	Sure. Check the sectino in the guide you linked... it gives several examples how to whitelist in amavisd.	01:10
diffra	section even.	01:10
bc	diffra: I did notice that section, but the DKIM heading made me think it was tied solely to DKIM, while being unsure if DKIM and amavis are not the same thing, or closely connected, etc etc.. :D confusing	01:12
bc	jeebus crisp, 125 processes with only 4 ports open. I guess this is teh new internets.	01:23
bc	err, 131	01:23
diffra	bc: yeah, i'm not really a fan of big configs like that.	01:35
diffra	I rock lighttpd, postfix/dovecot with RBLs, and run spamassassin client side.	01:35
bc	diffra: I run spamassassin client side as well, but the other users were screaming halp before I put in a new server.	01:37
bc	diffra: the server is about the size of a hard back book. I guess in about 5 years they'll be the size of a RJ45 plug or something.	01:38
diffra	bc: those exist you know. one second.	01:38
bc	diffra: see, i'm already behind the curve	01:39
diffra	http://www.digi.com/products/embeddedsolutions/digiconnectme9210.jsp	01:41
bc	diffra: sheesh, that's insane	01:42
diffra	sure, it's not x86 or anything, but you could probably make a passable static http server out of it.	01:43
ScottK	diffra: Did you get your policy_banks question sorted out?	02:20
VinchenzO	H ALL	02:40
VinchenzO	есть кто русский	02:41
VinchenzO	?	02:41
foxbuntu	VinchenzO, english in here	02:41
=== mobi-sheep__ is now known as mobi-sheep_
diffra	ScottK: that was bc with the question, i was just trying to help	03:56
bc	ScottK: thanks; yes, problem solved	04:16
ar_	Anyone can tell me how to make the server download vcards?	04:29
ar_	right not its just displaying in page	04:30
=== mobi-sheep_ is now known as kinja-sheep
ar_	right now Im linking to vcard but it opens in html file	04:36
diffra	are you using .vcf?	04:37
diffra	or .vcard?	04:37
ar_	I'm using .vcf	04:37
ar_	should I use vcard?	04:37
diffra	either way, this should work in your apache config: http://dpaste.com/59037/plain/	04:38
ar_	Thank you diffra!	04:39
diffra	you could also do this in php/perl if you were so inclined, but i think this is the prettiest way to go about it.	04:39
diffra	np. i just googled something like "apache force download by file extension", found a page about doing the same thing for .pdf files, and changed the regex to match your .vcard files :)	04:40
ar_	diffra should I add this to the directory the vcards are held in?	04:40
ar_	in a .htaccess file?	04:40
diffra	that would work.	04:41
diffra	or under a <directory> tag in apache2.conf	04:41
ar_	man Ive been trying to do this for 3 days now :)	04:41
ar_	thank you!	04:41
diffra	np. let me know if it doesn't work...	04:41
ar_	will do :)	04:41
=== s_markow_ is now known as s_markow
ar_	You rock dude, it worked!	04:43
ar_	thank you diffra!	04:43
diffra	sa-weet	04:43
ar_	lol	04:43
MrPockets	quiet in here 'eh?	04:58
MrPockets	Does Ubuntu Server have a GUI Installer?	05:01
diffra	MrPockets: no. It's CLI only. The installer has a text-based 'gui' of sorts: http://images.howtoforge.com/images/samba_setup_ubuntu_5.10/img_22.gif	05:06
MrPockets	mhmm	05:06
MrPockets	I'm just having issues with this machine, and would like to revert back to a GUI noob-friendly install to try and sort out some issues. Might just put 8.10 Desktop version on and run as a server	05:07
diffra	MrPockets: there's really nothing too wrong with that. You lose some RAM to the gui, and there's the security risks entailed with all the extra software.	05:09
twb	neologistically speaking, d-i is a "TUI", which basically means a GUI on a charcell display.	05:09
MrPockets	right. I'm only looking to use this box as somewhat of a security-camara server that i can term=service into and creep on whats going on in the data center via webcam	05:09
MrPockets	and download torrents	05:09
qman__	a desktop version with a firewall should be exactly what you want	05:10
MrPockets	Jesus. you are the nicest linux guys i've ever seen.	05:12
MrPockets	All of the linux guys (usually myself included) are all, BAH! you don't need a GUI on a server! HUmbug!	05:12
twb	MrPockets: that's because most of the channel is newbie like you ;-P	05:13
diffra	under most circumstances, sure, you don't need it. but it's not like if you apt-get install ubuntu-desktop Canonical kills a kitten.	05:13
MrPockets	Wouldn't say I'm a noob. Just tired and wanna get this at least on the network so i can leave this god forsaken dungon and go home :-(	05:13
twb	That's why I keep a sleeping bag and a pillow in the office...	05:14
MrPockets	LOL	05:14
MrPockets	...no joke?	05:14
twb	Once I was up all night fixing a server for deployment, then I spent the whole next day out at the prison deploying the damn thing	05:15
twb	Though that's a pathological case.	05:15
MrPockets	WTF. I get a BusyBox v1.1.3 Built-in Shell enter Help for a list of commands	05:16
twb	Now that I have a bicycle, I tend not to sleep in the office anymore -- back when I took public transport, I'd have to wait until 6am for the trains to start again anyway.	05:16
twb	MrPockets: you have messed up bootstrapping somehow	05:16
twb	MrPockets: busybox is part of the ramdisk; you get dumped there if it can't find your root partition.	05:16
MrPockets	I just reformatted both drives	05:16
MrPockets	but i just booted live to the Ubuntu CD..	05:16
diffra	twb: been there. Spent the night in a not-really-cold-enough room triaging a win2k machine that got pwned.	05:17
diffra	one of those boxes that's always been around, deployed before my time, i had no idea half the shit that was on there.	05:18
twb	Bleh, at least I don't have to touch Windows	05:18
MrPockets	hah	05:18
MrPockets	all but two of the servers we administrate are windows	05:18
MrPockets	administer?	05:18
twb	MrPockets: "admin" vt.	05:18
MrPockets	Any of you have experience imaging machines with Acronis?	05:19
LiraNuna	Hi, I can't seem to be able to remove the package doc-base	05:20
LiraNuna	I keep getting circular dependencies and errors about removal	05:20
LiraNuna	seems like the post removal script wants to use install-docs and that file was just removed	05:22
LiraNuna	http://pastie.org/522520	05:27
MrPockets	This isn't fun any more.	05:29
MrPockets	I wanna go home.	05:29
diffra	LiraNuna: this is a hack, but maybe just drop a bash script in /usr/local/bin/install-docs that returns true and exits to satisfy apt?	05:31
diffra	i'm sure that install-docs is supposed to do something, but if it's already being removed, i don't see that it could be that important.	05:32
LiraNuna	diffra, that was my last resort	05:32
LiraNuna	google doesn't come up with anything too	05:32
LiraNuna	I guess it's bug filing time	05:33
oh_noes	When a 8.04 server boots, what happens between "Starting" and "Loading, please wait"?	05:50
oh_noes	on one box I have it on, I've found if I dont have the VGA monitor cable plugged in, it stops at "Starting" and doesnt continue	05:55
oh_noes	Even adding debug to kernal doesnt help .. because it hasnt loaded it yet	05:55
tech404	I am building a network for a class that needs to be a secure as possible and still provide a few basic services (http,smtp,imap,dns). I have only one computer that can be used to provide these services. I want to seperate them into VM's but while the computer has ok hw it doesn't have any intel-VT. I was thinking about using xen but I wanted to see what others thought.	06:24
tech404	A little more info. Right now it is running 2k3 with dns and virtual server on the host and 2k3 with http, smtp, and imap in a guest. I don't need to keep the same os's I just need to provide the same services on the same "public" ip's.	06:26
nick125	Xen would probably work for what you need.	06:27
nick125	But as far as security goes, avoid running any kind of services on the dom0/host.	06:28
nick125	I mean, I'd probably only go as far as running SSH with password logins disabled	06:28
tech404	nick125, I was planning on leaving the host as empty as possible. I would really like to be running something baremetal but I think that xenserver is the only baremetal hyperviser that will support linux guests without hvm. I don't have any previous experiance with that product.	06:34
nick125	I know ESXi will support without HVM (I believe), but it's missing a lot of features compared to Xen.	06:34
tech404	nick125, yes but ESXi is VERY picky about what hw it runs on. Will ubuntu's current set of tools for KVM host jeos without hvm?	06:38
nick125	yeah, true...not to mention the lack of swraid, which is why I ultimately decided against ESXi.	06:38
nick125	I'm not too familiar with JeOS.	06:39
nick125	It appears that JeOS's vmbuilder supports Xen without issues	06:41
LiraNuna	how do I configure postfix's root redirection?	07:23
LiraNuna	^ ignore that please, I should've google	07:24
uvirtbot	LiraNuna: Error: "ignore" is not a valid command.	07:24
twb	Is there any point in trying to do SMARTd on a SATA disk?	07:24
twb	They seem to hate one another (smart and sata)	07:24
=== maxb_ is now known as maxb
uvirtbot	New bug: #391540 in mysql-dfsg-5.0 (main) "mysql client at x86_64 cannot find /etc/mysql/my.cnf" [Undecided,New] https://launchpad.net/bugs/391540	12:22
uvirtbot	New bug: #391551 in openssh (main) "package openssh-server 1:5.1p1-5ubuntu1 failed to install: sub process post-installation script returned error code 1" [Undecided,New] https://launchpad.net/bugs/391551	12:41
heath\|work	Anyone using KVM?	13:44
sommer	heath\|work: yes	13:46
heath\|work	sommer, I am torn between going xen or kvm. It looks like Ubuntu choose kvm over xen?	13:46
sommer	heath\|work: yep, kvm is great	13:46
heath\|work	sommer, do you use opennebula ?	13:47
sommer	heath\|work: I've done some testing with it, and worked on some documentation, but I've never used it in production	13:47
sommer	heath\|work: mostly because I don't currently have a shared storage solution... if I did I'd probably use opennebula	13:48
heath\|work	We have a NFS ready to go, it looks like KVM encourages nfs use which is attractive. So far I like everything I have seen. Our biggest fear is choosing something that dies out, but if Conical is behind it, it makes for an easier decision.	13:50
andol	heath\|work: Not to mention the fact that RHEL is behind it.	13:50
heath\|work	That sounds good as well. I see that Citrix is running with Xen, but there OS support is limited.	13:51
sommer	heath\|work: ya, I don't think KVM is going to die out anytime soon	13:52
sommer	heath\|work: but really the hypervisor isn't as important as being able to access the VM image, as long as future virt technology can migrate, read, etc the VM is the important thing	13:52
sommer	least in my view ;-)	13:53
heath\|work	It also looks like OpenNebula can control KVM, Xen, and Amazon servers. What I want to know is if it is possible to migrate between the different hosts.	13:53
heath\|work	That would be total freedom and rid any fear of support dieing out for one.	13:53
sommer	I wouldn't think so... at least not automatically	13:53
sommer	and at this time... maybe in the future	13:54
heath\|work	Thanks for the input... We really didn't want to stray away from Ubuntu and I think we are going to try the KVM route.	13:55
heath\|work	VMware pricing is crazy and I am didn't like having to search for fixes for Ubuntu and xen every 10 minutes	13:56
sommer	np, I've been very happy with KVM... well KVM+libvirt and friends	14:00
heath\|work	Ubuntu has documented it very well. I will run through those and get my virts up!	14:01
oakbox	Hi all I need some help with postfix and dynamic IPs, i get a DNS fwd/rev mismatch...	14:06
=== genii_ is now known as genii
oakbox	im trying to set up mail with a dynamic ip using no-ip.com but currently get a DNS mismatch can someone point me in the right direction please?	14:17
giovani\|work	oakbox: sounds like a configuration problem? ask no-ip.com?	14:31
Sam-I-Am	oakbox: you're not going to be able to reverse something on no-ip because they don't control the reverse zones	14:38
Sam-I-Am	dynamic dns providers simply do A records	14:38
oakbox	giovani, thanks for a reply	14:38
oakbox	Sam-I-Am, Hi no-ip,com gives me MX records	14:39
Sam-I-Am	they can do MX too	14:39
Sam-I-Am	but not PTR	14:39
oakbox	:( sorry you will have to forgive me, im still new to this :) PTR?	14:39
Sam-I-Am	ptr is the reverse record	14:40
Sam-I-Am	a.b.c.d -> name	14:40
oakbox	ok, so does that mean that I will never be able to get a mail server with no-ip.com? Im trying to set up a play by email server....	14:41
Sam-I-Am	well, thats not what i mean	14:41
oakbox	:) well thats good news	14:41
Sam-I-Am	it sounds like something (perhaps postfix) notices that your A record points to your IP, but that IP doesnt point to the same PTR	14:41
Sam-I-Am	so it gripes	14:41
Sam-I-Am	you just have to tell it to ignore that... or you can try putting your IP and no-ip hostname in /etc/hosts	14:42
oakbox	ok let me give you some more details, I can connect to postfix through netcat localhost but when i try the same thing with my domain name i get the mismatch.	14:43
Sam-I-Am	where are you connecting from?	14:45
Sam-I-Am	and what host does postfix think its using?	14:45
oakbox	connecting from the local machine on port 25 so im assuming it thinks its SMTP	14:46
Sam-I-Am	no...	14:47
Sam-I-Am	so you're connecting to localhost:25 and it works, but blah.no-ip.com:25 and it doesnt?	14:48
oakbox	correct	14:48
Sam-I-Am	what error does it return on the latter?	14:48
oakbox	DNS fwd/rev mismatch: blah.no-ip.com != 80-47-161-104.come_more_garbage.com	14:49
Sam-I-Am	and thats returned by postfix?	14:50
oruwork	how can i enable IMAP support in php ?	14:50
oakbox	thats returned by netcat (the program im using to test if its working)	14:50
Sam-I-Am	oakbox: btw, you might want to use "swaks" to test your mail server... very useful utility over telnet/netcat	14:50
Sam-I-Am	what happens if you telnet to no-ip:25 ?	14:50
oakbox	i will try 1 sec	14:51
oakbox	Trying 80.47.xx.xx...	14:52
oakbox	and then just waits	14:52
sgsax	it's possible your ISP is blocking the SMTP port	14:53
oakbox	humm, not thought of that, suppose its possible. let me see if i can dig up anything on their site. I will get back to you in a bit if you dont mind???	14:54
sgsax	someone will be here :)	14:55
Sam-I-Am	heh	14:56
Sam-I-Am	most isps block 25 incoming	14:56
Sam-I-Am	and often outgoing to !their smtp servers	14:56
soren	ScottK: Do you happen to know if the "Local only" config option in postfix lets you send mail out?	14:59
soren	ScottK: I.e. does the "local only" part only refer to its not listening for outside connections?	15:00
ScottK	soren: I do not. I've never used it.	15:00
lamont	soren: a little, mayber	15:00
lamont	depends on the release	15:00
soren	lamont: Jaunty?	15:01
oakbox	humm looks like port 25 is blocked, damn, so no way i can set myself up a play be email server then...	15:01
lamont	should set default_transport=error	15:01
soren	lamont: So not delivery to the outside world?	15:02
lamont	oakbox: most ISPs block port 25 outbound these days	15:02
lamont	soren: right.	15:02
lamont	at least until you tweak the config at all	15:02
soren	lamont: Sure, sure.	15:02
soren	lamont: This used to be different?	15:02
lamont	soren: fixed in 2.5.1~rc1-1	15:03
lamont	* postinst: also set relay_transport=error on Local Only systems	15:03
soren	So since Hardy?	15:03
soren	postfix \| 2.5.1-2ubuntu1 \| hardy \| source, amd64, i386	15:03
lamont	yep	15:03
soren	Lovely. thanks.	15:04
=== TeLLuS_ is now known as TeLLuS
oruwork	how can i enable IMAP support in php ?	15:12
Sam-I-Am	what kind of imap support?	15:12
Sam-I-Am	theres some libraries for accessing imap, or you can install something like horde/imp to serve as a php-based webmail client	15:13
sgsax	oakbox: you can use a different port, you just need to have your client use that port instead of the standard one	15:14
oakbox	sgsax, cool :) but will i need to change something on my MX record for that?	15:15
Sam-I-Am	no	15:15
sgsax	no, DNS is for Ips only, not ports	15:16
oakbox	fantastic	15:16
Sam-I-Am	and you probably dont need an MX record either since your no-ip thing just points to a single host	15:16
Sam-I-Am	if you had a domain thats another story	15:16
oakbox	:)	15:16
oakbox	1 story is enough for now	15:17
oakbox	so I think I have found out how I can use my ISP's smarthost to send mail, (or is there a way for people to recieve mail from another port no (i think not))	15:18
Sam-I-Am	oakbox: that'll work for sending mail from your box... but not receiving... it'll need to go to your isps mail server.	15:19
Sam-I-Am	at that point theres really no reason to run your own :/	15:19
sgsax	I pay for hosting for that	15:19
oakbox	humm, my budget doesn't know what 'pay for' is hehehe	15:20
sgsax	$5/mo aint bad	15:21
Sam-I-Am	hosting has become quite cheap	15:21
sgsax	or is it $8, I forget, it's on autopay for theyear	15:22
sandstrom	I have problems with ufw not allowing outbound traffic (I have tried ufw allow from 127.0.0.1 to any)	15:31
jdstrand	sandstrom: ufw does not support egress filtering via the cli	15:31
jdstrand	(it is planned)	15:32
jdstrand	sandstrom: is this for routing or host-based firewall?	15:32
sandstrom	firewall for webserver	15:32
jdstrand	sandstrom: by default, it will allow all outgoing connections with connection tracking	15:33
sandstrom	ufw, iptables or ubuntu?	15:33
jdstrand	sandstrom: did you change /etc/default/ufw?	15:33
jdstrand	sandstrom: uf	15:33
jdstrand	ufw	15:33
sandstrom	no, but my vps provider may have	15:33
jdstrand	sandstrom: verify /etc/default/ufw has DEFAULT_OUTPUT_POLICY="ACCEPT"	15:34
oakbox	ok, very embarrassed now.... I didn't have port 25 pointing to my server in my router..... I can receive email from the outsite world at last! I'm 1/3 of the way there	15:34
sandstrom	jdstrand: it has	15:34
sgsax	oakbox: good find	15:35
jdstrand	sandstrom: if you do 'sudo ufw disable' are you able to connect to what you want to?	15:35
sandstrom	yes	15:35
jdstrand	sandstrom: what are you trying to connect to?	15:36
sandstrom	smtp-servers, the apt-get servers	15:36
jdstrand	so port 25 and 80	15:36
sandstrom	yes	15:36
sandstrom	this is my iptables (setup using ufw):	15:37
sandstrom	ACCEPT tcp -- localhost anywhere tcp dpt:smtp	15:37
sandstrom	ACCEPT tcp -- localhost anywhere tcp dpt:www	15:37
sandstrom	ACCEPT all -- localhost anywhere	15:37
sandstrom	(Chain ufw-user-input (1 references))	15:37
sandstrom	(well, it's some of it)	15:37
jdstrand	sandstrom: you don't need allow rules for the localhost by default	15:38
jdstrand	sandstrom: did you modify /etc/ufw/before.rules?	15:38
aptmirror	hi , i've setup my own mirror on a http server and signed the Release file with my own public gpg key	15:38
sandstrom	jdstrand: no, but my vps host may have	15:39
aptmirror	but if I install over the net it can't find my public key...	15:39
jdstrand	sandstrom: diff /usr/share/ufw/before.rules /etc/ufw/before.rules	15:39
jdstrand	sandstrom: if it comes back to the prompt, it wasn't changed	15:39
aptmirror	and to download my key with preseed does not work	15:39
sandstrom	its changed	15:39
jdstrand	sandstrom: those changes may have introduced the issue	15:40
aptmirror	anybody setup a local mirror with preseed?	15:40
sandstrom	jdstrand should I reset things to the defaults?	15:41
jdstrand	sandstrom: that would be by far the easiest thing to do	15:41
sandstrom	I guess I copy from usr/share to /etc/ufw and make a backup. then start/stop the firewall, right?	15:42
jdstrand	sandstrom: yes, that should work fine. make sure that before.rules and after.rules go to /etc/ufw and user*.rules go to /var/lib/ufw. that will completely reset your rulesets	15:43
sandstrom	will do, thanks alot for your time and help!	15:44
jdstrand	np, and good luck!	15:44
sandstrom	Didn't work unfortunately. apt-get update still doesn't work.	15:49
sgsax	while we're talking about email today, can somebody point me in the direction of some good recipes for having postfix bounce spam-tagged messages?	15:52
sgsax	we had something working with sendmail, but since we switched to postfix, that solution doesn't seem to work	15:52
ScottK	sgsax: You mean as in bounce back to the sender?	15:54
sgsax	yes	15:54
ScottK	sgsax: Please don't do that. Virtually all spam has a forged mail from so you're sending it back to the wrong place.	15:55
ScottK	Accept then bounce is a bad strategy.	15:56
sgsax	normally, I would agree, but this is for my RT server	15:56
sgsax	so if I just discard fals positives, it's possible an actual important request would get dropped	15:57
sgsax	and we have been getting literally hundreds of spam message daily	15:57
SuperRoach	Hello. Where can I find the string to add to my sources.list for the karmic repo server?	15:59
jmedina	good morning	16:02
oruwork	hi	16:03
oruwork	how can i enable IMAP support in php ?	16:03
jmedina	aptitude install php5-imap	16:03
oruwork	jmedina-> done, anything i should do to enable it ?	16:06
sgsax	oruwork: just write code that uses the libs	16:06
oakbox	is there any reason why I would not receive and email from postfix (relay) to an outside email address, my logs say the status = sent	16:06
rags45	does vbox support 64 bit emulation?	16:06
rags45	I just downlaoded ubuntu amd64 version but when I load it in vbox it gives an error	16:07
jmedina	rags45: did you install virtualbox for 64bits?	16:07
rags45	hmmm..there are separate vbox for 64bit??..oh..I guess I got the 32 bit then	16:08
rags45	jmedina: thx ..I'll get the 64 bit one	16:08
sandstrom	jdstrand: I tried to move in the new files. Doesn't work unfortunately. apt-get still fails	16:11
oruwork	jmedina-> apt-getin install php5-imap, is that imap2 or imap4 protocol ?	16:11
ScottK	sgsax: My advice would be to deliver them to a spam box and then have some search for a legit request.	16:12
jmedina	oruwork: I eally dont know	16:12
jdstrand	sandstrom: it should work with a default install of ufw and simply doing 'ufw enable'	16:17
sandstrom	and running iptables -L will show all firewall rules in effect?	16:17
jdstrand	sandstrom: perhaps some other files changed. perhaps 'dpkg --purge --force-depends ufw ; apt-get install ufw'	16:18
jdstrand	sandstrom: yes	16:18
sgsax	RT already generates an automatic reply to these addresses	16:19
sandstrom	jdstrand: just did. still don't work	16:22
sandstrom	jdstrand http://pastie.org/523002	16:22
jdstrand	ERROR: problem running init script	16:22
sandstrom	Did throw a few “shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory” during installation too.	16:22
sandstrom	that (or the ERROR: problem…) is the cause perhaps?	16:23
jdstrand	sandstrom: what does ufw --version show you?	16:23
sandstrom	jdstrand ufw 0.16.2.4	16:23
jdstrand	sandstrom: and this is on a non-Ubuntu kernel?	16:24
sandstrom	sorry, I don't know	16:24
jdstrand	sandstrom: uname -a	16:24
sandstrom	Linux k226741 2.6.18-028stab053.17 #1 SMP Mon Jun 9 20:42:43 MSD 2008 x86_64 GNU/Linux	16:24
jdstrand	so that would be a yes	16:25
jdstrand	sandstrom: I have a feeling you are hitting bug #289906	16:26
uvirtbot	Launchpad bug 289906 in ufw "ufw fails when connection tracking is not available" [Medium,Fix released] https://launchpad.net/bugs/289906	16:26
sandstrom	yes, nf_conntrack is not present	16:27
jdstrand	sandstrom: in /etc/ufw/before.rules, adjust this:	16:27
jdstrand	-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT	16:27
jdstrand	to be:	16:28
jdstrand	-A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT	16:28
jdstrand	then adjust -A ufw-before-input -m conntrack --ctstate INVALID -j DROP	16:28
jdstrand	to be:	16:28
jdstrand	-A ufw-before-input -m state --state INVALID -j DROP	16:28
jdstrand	and finally:	16:29
jdstrand	-A ufw-before-input -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW BLOCK INVALID]: "	16:29
jdstrand	to be:	16:29
jdstrand	-A ufw-before-input -m state --state INVALID -j LOG --log-prefix "[UFW BLOCK INVALID]: "	16:29
sandstrom	error running init script still shows, after that edit running stop/start	16:31
sandstrom	but I think that regarding this error running init script we have already checked through something on my system, you told me a bunch of commands that I ran, which helped you to file a bug. This was probably 3-4 months ago.	16:32
sandstrom	So if that is what causes the outbound connections to fail it's the same problem.	16:32
jdstrand	sandstrom: what is the bug #?	16:32
sandstrom	don't remember	16:32
sandstrom	if you have irc history, search yours and my name back in time	16:33
sandstrom	I thought that the outbound connections not working may be something else, which it still may be.	16:33
jdstrand	sandstrom: can you paste the output of '/etc/init.d/ufw stop' and '/etc/init.d/ufw start'?	16:34
sandstrom	jdstrand: shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory	16:35
sandstrom	* Stopping firewall: ufw...	16:35
sandstrom	...done.	16:35
jdstrand	sandstrom: feel free to 'cd /'	16:35
sandstrom	jdstrand http://pastie.org/523002	16:37
jdstrand	sandstrom: can you also paste /etc/ufw/before.rules and /etc/ufw/after.rules?	16:38
jdstrand	sandstrom: incidentally, this is all due to running on a non-Ubuntu kernel. later versions of ufw handle this situation better	16:39
sandstrom	jdstrand http://pastie.org/523002	16:40
jdstrand	sandstrom: adjust /etc/default/ufw to have:	16:44
jdstrand	IPT_SYSCTL=	16:44
jdstrand	IPT_MODULES=	16:45
jdstrand	sandstrom: then paste the output of '/etc/init.d/ufw stop ; /etc/init.d/ufw start'	16:45
sandstrom	jdstrand: http://pastie.org/523002	16:48
sandstrom	sry, wrong	16:48
oakbox	hi all, why am I getting Relay access denied when trying to send an email from postfix?	16:49
sandstrom	jdstrand this is it: http://pastie.org/523002	16:49
jdstrand	sandstrom: I found our irc conversation	16:51
jdstrand	(from the past)	16:51
jdstrand	you dropped out and I never heard back	16:51
jdstrand	sandstrom: just recapping for irc logs-- your kernel doesn't support 'state' either	17:09
jdstrand	sandstrom: so you are reduced to stateless packet filtering. You'll need to adjust before.rules and after.rules accordingly or just write your own iptables script	17:10
jdstrand	I'd talk to your vps because stateless filtering is not nearly as useful (or secure) as stateful	17:10
MrPockets	hey guys.	17:14
MrPockets	So i attempted two Ubuntu-server installs last night on a poweredge 2450	17:20
oakbox	I got a relay access denied when trying to email out from postfix, can anyone help?	17:21
ScottK	oakbox: Possibly. If you can provide the output of postconf -n and a log snipped for /var/log/mail.log showing when you attempted to send in a pastebin, I can probably help.	17:23
oakbox	lovely thanks i will get on it :)	17:23
oakbox	ScottK, postconf -n --> http://paste.ubuntu.com/202988/ & log ---> http://paste.ubuntu.com/202990/	17:31
* ScottK looks		17:31
eolo999	hi, i'm trying to connect with virt-manager to a remote xen domain with xen+ssh. I always get a libvirt error: 'server closed connection' and even if i try from the command line i get 'failed to connect to the hypervisor'. Any hints?	17:32
eolo999	i have no problems when connecting to kvm servers.	17:32
MrPockets	damn. ADD. So i attempted this install three times, actually. Once with manually partitioning the drive in Ubuntu's Setup. Seccond time with the guided partitioning, and thirdly I booted to gParted to partition it, and used the pre-existing partition layout to install upon	17:36
MrPockets	all three times, it comes up to a busybox shell	17:36
oakbox	ScottK, typo at end of line 12 of postfix config should be mydomain.org not myftp.org	17:37
MrPockets	Just wondering if someone can help me understand what this shell is, and why I may be continually coming into it	17:37
Sam-I-Am	MrPockets: does this machine have virtual devices? as in... ones connected to a management device like an ILO or DRAC?	17:38
Sam-I-Am	MrPockets: the shell is what comes up when the kernel can't find your root partition... its an initrd thing.	17:39
ScottK	oakbox: You either need to add your IP address (range) to mynetworks if it's a IP address you control or connect with smtp auth.	17:39
ScottK	Did you set up smtp auth?	17:39
MrPockets	Sam, it doesn't. It does, however have two SCSI drives connected with a SCSI controller	17:40
Sam-I-Am	MrPockets: so you see it boot the kernel, then it says can't find root partition? or some other error before dropping you to the shell?	17:41
oakbox	ScottK, yes i have	17:41
MrPockets	Sam-I-Am, yes. IIRC.	17:41
Sam-I-Am	does it give an error or is that it?	17:42
oakbox	ScottK, I can log in with user and passwd fine (using swaks -a)	17:42
Sam-I-Am	mmm swaks	17:42
ScottK	oakbox: OK. If postfix was trying to use smtp auth there would be evidence in the log.	17:42
MrPockets	thats it	17:42
a1fa	grrrr	17:42
a1fa	27mb/s through I/O	17:42
oakbox	Sam-I-Am, thanks for the tip on that app	17:42
a1fa	what a bologne	17:43
Sam-I-Am	MrPockets: how big are the drives? and how are you partitioning them?	17:43
ScottK	oakbox: How about pastebin the relevant smtpd entry from master.cf in a pastebin?	17:43
a1fa	what would cause a scsi drive to read at 28mbs	17:43
MrPockets	Sam-I-Am, 9.8 gig a piece	17:43
oakbox	ScottK, 1 sec	17:43
a1fa	Timing buffered disk reads: 90 MB in 3.27 seconds = 27.56 MB/sec	17:43
a1fa	10K RPM SCSI drive capable of doing 320mb/s	17:44
a1fa	its only doing 27 mb/s	17:44
MrPockets	I partitioned drive 0 with a 8.9 gig / partition and ~1gig swap. Left the seccond drive alone, but its formatted at EXT3	17:44
Sam-I-Am	MrPockets: so no raid?	17:44
a1fa	same hard-drive thats non mounted and no filesystem runs at	17:44
a1fa	Timing buffered disk reads: 186 MB in 3.01 seconds = 61.84 MB/sec	17:44
MrPockets	no raid	17:44
Sam-I-Am	so whats the device it sees on install? sda? sdb?	17:45
MrPockets	sda	17:45
Sam-I-Am	and it also sees sdb? (the other drive)	17:45
MrPockets	i tried pulling the drives out and swapping them around, thinking maybe its setting ubuntu up on one drive, and booting to the other, but it gets a "non system disk"	17:45
MrPockets	but yes, it sees both sda and sdb	17:46
Sam-I-Am	hmm	17:46
Sam-I-Am	and you installed grub to the MBR of sda right?	17:46
MrPockets	Does the install not do that?	17:47
oakbox	ScottK, is this what you mean? http://paste.ubuntu.com/203002/	17:47
MrPockets	or rather, does that need to be done seperatly from the install?	17:47
* ScottK looks		17:47
a1fa	anybody know what could be hindering performance	17:48
a1fa	of SCSI disks?	17:48
a1fa	maybe single scsi raid controller?	17:48
a1fa	damn IBM x345	17:48
Sam-I-Am	MrPockets: the install asks you before its done	17:48
ScottK	oakbox: No. Like http://paste.ubuntu.com:80/203003/ (look in master.cf, not main.cf)	17:49
Sam-I-Am	MrPockets: after it installs all the software	17:49
oakbox	oops sorry 1 sec	17:49
Hecate	a1fa, hw- or sw-raid?	17:50
a1fa	hw raid	17:50
a1fa	raid 1 i think	17:50
a1fa	Primary, Secondary, and Hot Swap	17:50
MrPockets	Sam-I-Am, to my reocllection, it simply said "the install is complete, its time to reboot to your new OS, remove all media and reboot the machine"	17:51
oakbox	ScottK, I have this but its all commented :s http://paste.ubuntu.com/203005/	17:51
Hecate	a1fa, anything suspicious in the kernel log? maybe one of the drives is semi-defunct. that would explain the stall, since iirc hw raids stall easily when the io-ops are out of sync.	17:51
a1fa	Hecate : nothing that stands out	17:52
a1fa	hect: [ 12.376284] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA	17:52
a1fa	only one suspicious thing	17:52
Sam-I-Am	MrPockets: hmm... well, for some reason what grub is seeing is not where your root partition really is	17:54
Sam-I-Am	MrPockets: does it say what partition its trying to use for root?	17:54
ScottK	oakbox: The general recommendation is to submit mail via the submission port (587). If you uncomment the lines associated with submission, postfix stop, postfix start (reload won't pick up new services) and then connect to port 587, it ought to work.	17:54
a1fa	Hecate : resycns is in progress.. but why are other drives getting 60mb/s	17:55
Sam-I-Am	a1fa: is the cable bent? that tends to slow down the 1's	17:55
Hecate	resync is a serious performance bitch	17:55
oakbox	ScottK, thanks I will give it a go.	17:56
ScottK	oakbox: OK. Let me know if there are still problems and we'll keep working on it.	17:56
oakbox	ScottK, thanks very much for your help :)	17:56
ScottK	No problem.	17:56
Hecate	a1fa, if you're still getting the bad performance when the resync's done, disabling the raid and checking on the drives (e.g. read speed) individually might be worth a shot.	17:57
a1fa	Hecate : its IBM's raid.. you cant disable it	17:58
a1fa	Hecate : i guess i can take the drives out	17:58
Hecate	well, i got veeeeery little experience with hw-raids, so i can only recomment, not to offend your raid-controller ;)	17:58
a1fa	[ 9.458637] scsi target2:0:3: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS HMCS (6.25 ns, offset 127)	17:59
a1fa	320mb/s hard drives down to 60mb/s ;(	17:59
Sam-I-Am	if all of the drives are on a single bus it'll divide up the speed quite a bit when building the raid	17:59
a1fa	i am about to go to bios and start disabling crap	17:59
Hecate	a1fa, ehm ... the 320 MB/s denotes the bus-speed, not the drive speed	17:59
Sam-I-Am	not to mention raid building is inherently slow anyway	18:00
Hecate	a1fa, but wait until the resync's over. as i said resyncs tend to be a huge performance killer.	18:00
heath\|work	so can KVM run paravirtualized or is it strictly HVM ?	18:01
MrPockets	Sam-I-Am, I'm not sure. And unfortionatly I don't have the machien in front of me	18:02
Sam-I-Am	MrPockets: that makes troubleshooting a bit hard	18:02
Sam-I-Am	MrPockets: i have a meeting to hit anyway...	18:02
MrPockets	oh right, but at least now i'm awair of what is happening and know what to look at when i go there tonight	18:02
a1fa	ok	18:02
Sam-I-Am	sure	18:02
a1fa	thanks hectate	18:02
Hecate	youre welcome	18:03
a1fa	how long does it take to syncup 32GB?	18:03
a1fa	and is there anyway to check raid status though OS?	18:03
Hecate	can't tell. actually your crontroller should give you some hints on that.	18:03
Hecate	but i really can't tell due to my lack of experience with hw-raids.	18:04
a1fa	:P	18:04
a1fa	ioc0 vol_id 0 type IM, 2 phy, 33 GB, state DEGRADED, flags ENABLED RESYNC_IN_PROGRESS	18:06
a1fa	i wonder if you can force raid sync	18:07
oakbox	ScottK, humm I dont think that has helped :)	18:08
a1fa	scsi_id:0 20%	18:09
a1fa	scsi_id:1 20%	18:09
a1fa	ok	18:09
a1fa	at least i know what i sit on	18:09
a1fa	:)	18:09
a1fa	thanks Hecate	18:09
oakbox	ScottK, I now get a message "*** No acceptable authentication types available	18:09
ScottK	oakbox: OK. You need to look at your smtp auth configuration.	18:10
oakbox	ok	18:11
ScottK	oakbox: Are you using dovecot or cyrus?	18:11
oakbox	ScottK, saslauthd ?	18:12
oakbox	ScottK, from this page https://help.ubuntu.com/community/Postfix	18:13
ScottK	That's cyrus	18:13
thirsteh	If I set an RSS limit for a process/user in /etc/security/limits.conf, will that make that user/process completely unable to use more than e.g. 20MB of RAM, or would swap beyond 20MB still be possible?	18:14
ScottK	oakbox: Please pastebin /etc/postfix/sasl/smtpd.conf	18:14
oakbox	http://paste.ubuntu.com/203019/	18:15
ScottK	oakbox: How about edit /etc/default/saslauthd	18:16
ScottK	Ignore the word edit there.	18:17
oakbox	ScottK, 1 sec	18:17
ScottK	Paste error	18:17
oakbox	ScottK, http://paste.ubuntu.com/203022/	18:18
* jmedina has experience with saslauthd		18:18
ScottK	jmedina: If you could take over then, that would be great. I use auxprop.	18:18
jmedina	ScottK and what is the problem to solve?	18:19
oakbox	ScottK, thank you for your help	18:19
ScottK	jmedina: His smtp auth isn't working. "No suitable mechanisms found" or something similar	18:19
oakbox	jmarsden, I am having trouble sending emails out from postfix	18:19
ScottK	oakbox: My guess would be uncommenting line 48 and restart saslauthd	18:20
jmedina	oakbox: where do you get that message?	18:20
jmedina	the one fro no suitable mechanisms?	18:20
jmedina	do you have libsasl2-modules installed?	18:20
oakbox	from swaks and yes i do	18:21
jmedina	from swaks?	18:23
jmedina	oakbox: are you using system users?	18:23
jmedina	from /etc/passwd?	18:23
oakbox	yes	18:23
oakbox	swaks - SMTP transaction tester	18:24
jmedina	yesterday I configure a system like yours	18:24
jmedina	I use MECHANISMS="pam"	18:24
jmedina	not shadow	18:24
jmedina	did you create /var/spool/postfix/var/run/saslauthd?	18:25
oakbox	what is the difference?	18:25
jmedina	well is the default ubuntu authentication/authorization method	18:25
jmedina	I only use shadow for systems that dont support pam like slacwkare or openbsd :)	18:25
oakbox	oh should i use that instead?	18:26
jmedina	well I know that works	18:26
oakbox	re did you create... there are files there so im assuming so	18:26
jmedina	I use	18:27
jmedina	dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd	18:27
oakbox	ok im now using pam	18:28
jmedina	and then restart saslauthd and the init script will create the directory automatically	18:28
oakbox	i used dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd	18:28
jmedina	it is ok	18:28
jmedina	could you show output from ps aux \| grep saslauthd?	18:29
jmedina	just to be sure	18:29
oakbox	:) http://paste.ubuntu.com/203029/	18:29
jmedina	good	18:31
jmedina	now what about?	18:31
jmedina	cat /etc/postfix/sasl/smtpd.conf	18:31
jmedina	I use	18:31
jmedina	pwcheck_method: saslauthd	18:31
jmedina	mech_list: PLAIN LOGIN	18:31
oakbox	yep exactly what i have here	18:32
jmedina	ok	18:33
jmedina	now postfix	18:33
jmedina	main.cf	18:33
jmedina	you should use at least somthing like this	18:34
jmedina	http://paste.ubuntu.com/203031/	18:34
oakbox	http://paste.ubuntu.com/203032/	18:36
jmedina	ok	18:38
jmedina	thats all	18:38
jmedina	:)	18:38
jmedina	restart postfix and try	18:38
jmedina	you could test with	18:38
jmedina	telnet localhost 25	18:38
jmedina	and see if AUTH is announced	18:38
oakbox	yep auth is announced	18:39
jmedina	now	18:40
jmedina	try to send a mail and keep one eye in your logs	18:40
jmedina	oakbox: just a tip: when you post your postfix configs use: postconf -n	18:40
jmedina	what will show only new configs	18:41
jmedina	we all can get the defaults using postconf -d	18:41
uvirtbot	New bug: #389722 in mysql-dfsg-5.0 (main) "skip-name-resolve is not included in default my.cnf" [Wishlist,Triaged] https://launchpad.net/bugs/389722	18:41
oakbox	jmarsden, cool thanks for explaining :)	18:41
jmedina	oakbox: I do this everyday, I know the procedure from memory :)	18:42
jmedina	oakbox: jmarsden thanks for helping oakbox :)	18:43
ivoks	yay for postfix	18:43
oakbox	ok I have tried sending an email and my logs say status=sent..... which is better than i had, but it didnt ask for a user and password and i have not got my test email :'(	18:43
jmedina	shh, dont tell ivoks I help you configuring saslauthd, he is anti cyrus and pro dovecot	18:43
ivoks	hehe	18:43
ivoks	i'm not anti-anything :)	18:43
ivoks	dovecot is just way easier :)	18:44
jmedina	oakbox: show the logs!!!	18:44
ivoks	you see, dovecot as sasl would already work :)	18:44
oakbox	http://paste.ubuntu.com/203038/	18:45
ivoks	more logs	18:45
jmedina	mmm	18:45
oakbox	:s what more do you want	18:45
jmedina	yeap	18:45
ivoks	setting up connection	18:46
jmedina	at leas 10 lines before	18:46
jmedina	yes starting from setting up connection :)	18:46
ivoks	oakbox: all lines containing '2C8ED48341'	18:46
uvirtbot	New bug: #391410 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/391410	18:46
jmedina	the lines from postfix/smtpd	18:46
oakbox	they are the only lines that contain '2C8ED48341'	18:47
jmedina	oakbox: one question? where are you sending mail from?	18:47
jmedina	a cliente? from command line?	18:47
jmedina	*client	18:47
oakbox	command line, same machine	18:47
oakbox	to the outside world	18:47
jmedina	mmm	18:48
jmedina	ok show the logs	18:48
oakbox	ok heres the last so much of my log file http://paste.ubuntu.com/203040/	18:50
ivoks	so, you see	18:51
ivoks	those weren't all the lines with 2C8ED48341	18:51
oakbox	but i did a grep :)	18:51
oakbox	ah sorry 1 line	18:52
oakbox	missing :)	18:52
ivoks	well, you didn't authenticate	18:53
ivoks	which ubuntu is that?	18:53
oakbox	latest	18:53
ivoks	you do know that installing dovecot-postfix would set up everything for you? :)	18:53
ivoks	imap, pop, smtp, smtp-auth	18:53
oakbox	I dont actually need imap or pop, its going to be a play by mail server.... (hopefully)	18:56
oakbox	how do i get it to do authentication?	18:57
oakbox	sorry brb need to check on dinner.... i smell burnt sausages.....	18:57
oakbox	bk	19:02
slestak	hey guys. im using likewise-identity 4 to auth my ubuntu machines to win2k AD domain. everything workes well, except I am trying to set a local root pawword on a worksation, and it is not lettin gme.	19:09
slestak	arrgh. root is an AD user.	19:09
slestak	crap	19:09
slestak	or, more specific, I have an AD user named root	19:10
kirkland	slestak: sorry, i don't know about AD, perhaps ask mathiaz ?	19:14
slestak	kirkland: ok, tyvm	19:15
sgsax	I use krb5 for AD auth	19:16
slestak	sgsax: likewise open uses krb5 as well. it just has a little gtk front end and some other reporting capability. i found out my problem, I have an AD user named "root".	19:17
sgsax	I saw that	19:18
sgsax	we do too	19:18
sgsax	only set up the local root password on initial setup	19:18
sgsax	but if your AD is unreachable, if you setup pam right, auth should fall back on to local	19:18
slestak	sgsax: well, ad is reachable, but I would like to have the ability to use the local root user when needed.	19:23
oakbox	thanks all see you later	19:24
slestak	i setup my vmware admin to be root, and I havent set a password for it yet.	19:24
sgsax	this for the free vmware server?	19:25
slestak	yes	19:26
sgsax	gotcha	19:26
sgsax	last time I set that up, I created a local user account just for that purpose	19:26
slestak	ok, i'll follow suit	19:27
sgsax	seemed easier that way, esp if you have multiple admins	19:27
slestak	id is showing ad user root has uid 0, so its mapping to local user root	19:27
sgsax	could be, and then the password is getting clobbered by AD	19:27
sgsax	unless your AD root user is also gid 0	19:28
sgsax	unix properties are not revealed by default in Windows	19:28
sgsax	there are add-ins to do it, or you can roll your own code	19:28
slestak	i didnt set the user up, so i dont know what server or service needs it.	19:28
slestak	i'll prob end up broking BackupExec or something	19:29
sgsax	don't want that :)	19:29
slestak	actually, i wouldnt mind, its a big pita	19:29
slestak	go office space on it. wtf, pc load letter, bang	19:30
sgsax	I'm planning on moving my backup to amanda	19:31
sgsax	don't have any windows hosts to backup, thankfully	19:31
sgsax	currently using rdiff-backup, makes me want to cry sometimes	19:32
slestak	so to reset the admin user, I have to run the whole vmware-config script again	19:32
sgsax	don't think so	19:32
sgsax	the remote console only needs a valid user to login	19:33
slestak	yeah, i used rdiff-bnackup for some personal stuff. great idea, but ddnt work to well for me	19:33
sgsax	and the dirs that the vm disks live in need to be writable by your vmadmin user	19:33
slestak	the web interface on 8222 is not letting any local or ad users auth	19:33
sgsax	my biggest problem with rdiff-backup is a nearly complete lack of recovery from errors	19:33
sgsax	I only used the remote console, never the web interface	19:34
sgsax	but I would think they would use the same auth mechanism	19:34
slestak	i know its not really sufficeint, but i am moving to kind of a SaaS idea at work, and one majot app per vm, and just getting /var, /etc, sql dump and any app config out nightly. I can get the os reinstalled faster than I can restore.	19:34
rsr	hello	19:34
rsr	How do I extract the contents of a zip file?	19:35
sgsax	rsr: besides unzip?	19:35
rsr	ok	19:35
rsr	sorry for being such a newbie	19:35
sgsax	slestak: same here, I don't have bare-metal backups, and all configs are pushed out via cfengine	19:35
sgsax	rsr: no problem, gotta start somewhere :)	19:36
rsr	yes	19:36
rsr	but unzip isnt a command	19:36
sgsax	unzip or gunzip	19:36
slestak	you can do sudo aptitude install unzip to get unzip	19:36
rsr	ok	19:36
slestak	is it a literal zip file, or a tar.gz?	19:37
sgsax	gzip/gunzip should be able to handle standard zip files	19:37
slestak	sgsax: im having a heck of a time with the admin user. i dont know that i want my vm admin to be an ad user, but it makes sense. i'd basically like anyone who can sudo to be able to admin the vm's	19:53
uvirtbot	New bug: #318679 in net-snmp (main) "snmpd error" [Undecided,Won't fix] https://launchpad.net/bugs/318679	19:56
slestak	hmm. 2.6.28 kernel is gettign a build error for vsock.o	19:56
slestak	found some relevant google hits	19:59
hikenboot	hello anyone know any gui alternatives to system-config-lvm that are currently maintained ..it does work but it lacks features	20:04
sgsax	slestak: seems to me I had trouble using AD accounts/groups and that it had to be a local account	20:06
sgsax	and I also had to create a special pam.d profile for vmware-authd	20:07
slestak	sgsax: tyvm	20:26
sgsax	slestak: np, my new vmware server is ESXi and I plan on moving my previous free server to ESXi later this summer	20:28
sgsax	so it's a different set of problems, but at least I don't have to deal with this one :)	20:28
a1fa	Timing buffered disk reads: 192 MB in 3.03 seconds = 63.33 MB/sec	20:50
a1fa	damn bullshit	20:50
slestak	sgsax: is using lvm inside of vmware a good idea? is thre a best pracice that will allow flexibilty later?	21:05
heath\|work	is there a decent web gui for bind?	21:09
a1fa	tlol	21:11
a1fa	bind is so simple	21:11
sgsax	slestak: don't think I've heard specific reports, but I think I'd stay away from it, myself	21:12
heath\|work	It is, but to edit 4 files every time I need a new zone is madness	21:12
sgsax	bind takes some getting used to	21:13
sgsax	heath\|work: how often do you find yourself having to add zones?	21:13
sgsax	or are you just editing existing zones?	21:13
heath\|work	Withing the next month or so, hopefully a couple every day	21:14
sgsax	starting up a hosting service?	21:14
heath\|work	the thing is, I may not be the only one adding them	21:14
heath\|work	yeah	21:14
heath\|work	well sorta	21:15
heath\|work	I'm a web dev and built a system for some around town businesses and I would like to control there DNS from inhouse	21:16
sgsax	so to add a new zone, you need to edit /etc/bind/bind.conf	21:17
sgsax	and then add forward and reverse zone files	21:17
heath\|work	I have run through the ubuntu server guide and got the concept, I was just wondering if any of youz guyz were using a web tool or just hacking it out	21:18
sgsax	webmin may have plugins for managing dns, but if I were you, I get a copy of the O'Reilly DNS & Bind book and get cozy with it	21:18
heath\|work	I also read through the AppArmor stuff	21:19
sgsax	apparmor is firewall and acl type stuff	21:19
heath\|work	Yeah, but it is time I understand it more.	21:19
sgsax	once you do it a couple-dozen times, it's not so hard :)	21:19
heath\|work	All the tutorials I have run across for bind recommend disabling AppArmor and I would rather become familiar with what it is doing and embrace it	21:20
sgsax	if you read the O'Reilly book from cover to cover (and can comprehend it), you'll know everything there is to know about how bind works	21:20
sgsax	I found that apparmor gets in my way, and I usually disable it anyway	21:21
heath\|work	sgsax, do you run bind chroot?	21:21
sgsax	nope	21:21
sgsax	but I do make sure all my packages are up-to-date and patched	21:21
ScottK	sgsax: We'd really rather you'd file bugs about problems in apparmor profiles than just turn it off.	21:21
jdstrand	why would you disable apparmor for bind?	21:21
jdstrand	just fix the profile and file a bug if it is a problem in the default configuration	21:22
sgsax	iirc, it got in the way of my AD auth	21:22
ScottK	heath\|work: The Ubuntu packages shouldn't require it to be turned off.	21:22
sgsax	the AD boxes were unable to query it for some reason	21:22
heath\|work	ScottK, That's what I figured, there are several complaints about it from Googling. I have read that most of them are people using the wrong dir for cache	21:23
heath\|work	sgsax, ^^	21:23
ScottK	If there are problems, we'd really rather fix the profiles.	21:23
jdstrand	sgsax: file a bug following https://wiki.ubuntu.com/DebuggingApparmor and we can get it fixed if it is a problem in the default profile	21:23
sgsax	I need a way to test that doesn't break my production systems	21:23
jdstrand	heath\|work: if there is a non-default but common directory for cache directories, file a bug and we can get it fixed	21:24
jdstrand	sgsax: complain mode	21:24
jdstrand	sudo aa-complain /usr/sbin/named should do it (assuming apparmor is still running on your system)	21:25
heath\|work	Kudos to the ubuntu server guide. It is looking very strong.	21:25
ScottK	sommer: ^^^	21:25
sgsax	jdstrand: If I run aa-complain, do I need to start the aa service?	21:27
glen1	hey	21:28
glen1	anyone ever set up a vpn	21:28
sommer	heath\|work: thanks\	21:29
sommer	ScottK: hey I'm about to expire from the clamav team	21:29
jdstrand	sgsax: apparmor needs to be running, yes. if apparmor profiles are keeping you from doing your work, disable the profile but not all of apparmor	21:29
jdstrand	sgsax: see https://help.ubuntu.com/8.04/serverguide/C/apparmor.html for details	21:29
heath\|work	sommer, you are responsible for the guide?	21:29
jdstrand	sgsax: the short answer is 'yes' it needs to be started	21:29
sommer	heath\|work: I've been working on it for the past few releases	21:30
heath\|work	wow...	21:30
sommer	heath\|work: along with help/input from others	21:30
ScottK	sommer: Fixed.	21:30
sommer	ScottK: cool, thanks :)	21:30
heath\|work	that's impressive	21:31
work\|dana	i'm having trouble getting my mediawiki install configured. i'm trying to replace the alias with a virtualhost, but the virtual host doesn't seem to work.	21:31
sommer	work\|dana: do you have a seperate vhost file in /etc/apache2/sites-available? and if so did you enable the vhost with a symlink to /etc/apache2/sites-enabled, or with a2ensite?	21:33
work\|dana	sommer, no i just edited my mediawiki.conf	21:33
work\|dana	http://pastebin.com/d7605a60c	21:33
jmedina	you can check loaded vhosts with apache2ctl -D DUMP_VHOSTS	21:33
work\|dana	http://pastebin.com/d17ad4f9d	21:35
work\|dana	vhost seems to be loaded	21:35
heath\|work	work\|dana, do you get an error when apache is reloaded?	21:35
work\|dana	heath\|work: no	21:37
heath\|work	You guys are kinding when you say JeOS is stripped down	21:44
work\|dana	heath\|work: i use jeOS almost exclusively, it can be annoying depending on what you're doing	21:46
heath\|work	Now that I realize not even nano is installed I will be ok	21:46
heath\|work	Just started on KVM today, so far so good	21:47
heath\|work	Where is bind's error logs?	21:47
sgsax	grep named /var/log/syslog	21:51
sgsax	or /var/log/messages, depening on your setup	21:51
heath\|work	thanks sgsax . Looks like typo city	21:54
sgsax	heath\|work: once you get your basic zone layout figured out, I'd strongly recommend creating templates	21:56
sgsax	so when you add a new zone, just copy your templates over with the basic info, and edit as necessary	21:56
heath\|work	I will, I'm thinking about scripting it out with some reads already	21:56
=== asac__ is now known as asac
=== mcasadevall is now known as NCommander
=== erichammond1 is now known as erichammond
=== erichammond1 is now known as erichammond
=== asac_ is now known as asac
=== tain is now known as tainspam
=== tainspam is now known as io

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!