gletobbillybigrigger_, yes why?00:00
billybigrigger_is it installing?00:02
billybigrigger_9.04 wouldn't install on my old p 166mhz, isolinux was giving me problems, i had to eventually do a netboot, but if you got to the installer you got farther than me00:03
gletobIt's at 22% Loading additional components00:05
=== hggdh_ is now known as hggdh
billybigrigger_you should be good to go then00:09
gletobUh oh! Bad burn! "There was a problem reading data from the CD-ROM.00:16
Pirate_Hunterhow do i find my domain, setting up ISPConfig?00:24
quentusrexIs anyone here familiar with x509 certs?00:43
hggdhquentusrex: shoot01:06
quentusrexhggdh: ok, I have had major issues with my certs for over a week... Everything I do to diagnose the issue is fruitless....01:07
quentusrexI use TinyCA2 to manage my x509 certs.01:07
quentusrexIt has worked well for apache, openvpn, and a few other apps.01:07
quentusrexBut it flat out will not work with openldap01:07
hggdhquentusrex: so you have your own private CA01:07
hggdhso far so good01:08
hggdhwhat happens with LDAP?01:08
quentusrexI have confirmed the issue is with MY certs, because I can generate local certs and it works fine.01:08
quentusrexhere is the bug: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/39836601:08
hggdhhold on. what is the difference between "MY certs" and "local certs"?01:08
uvirtbotLaunchpad bug 398366 in openldap "Certs generated with TinyCA2 and openssl cause errors in openldap and gnutls" [Undecided,New]01:09
quentusrexhggdh: I have my real certs,01:09
quentusrexgenerated on my workstation, and I have fake certs generated locally on the server.01:09
quentusrexmy workstation, and the backups are responsible for generating the companies certs.01:09
hggdhoh, OK. My certs == officially issued certs01:09
quentusrexwe can use real and fake01:09
quentusrexto describe them...01:09
quentusrexreal ones = fail to start, fake ones work just fine.01:10
quentusrexI have tried on both ubuntu 8.04 and 9.04 versions of openldap01:10
quentusrexI can recreate the issue by creating a new fake CA on my workstation, and it still fails.01:11
hggdhOK. Have you checked the certs for similar options -- for starter, by 'openssl x509 -text -in a.cert.file01:11
hggdhand comparing both real and fake for differing options01:12
quentusrexso, it's either something with the way TinyCA2 generates certs(but doesn't effect openvpn or apache), or I have forgotten a step and repeatedly miss the same step in the cert generation.01:12
quentusrexI'll check...01:12
hggdhas far as I can remember, TinyCA2 uses openssl to actually do the work01:12
ScottKIt does.01:13
* hggdh also uses tinyca2, but no ldap01:13
infinityquentusrex: Well, OpenVPN and Apache both use openssl, while openldap uses gnutls, so it's entirely possible that the way TinyCA2 is doing the reqs is just missing a field (or something) that OpenSSL is forgiving about, but gnutls is grumpy about.01:13
ScottKPretty much all the CA packages are front ends for openssl.01:13
quentusrexRight, I am aware that tinyCA2 uses openssl, and openldap uses gnutls,01:14
quentusrexbut I'm unable to figure out which field causes the issues...01:14
hggdhyes. TLS is also more picky on the options you specify01:14
hggdhwhat would work on SSL may fail on TLS01:14
quentusrexbut I have tls setup with openvpn01:15
quentusrexand it works.01:15
infinityquentusrex: Well, as suggested, you should compare the text dump of the "real" and "fake" certs, and go from there.01:15
infinityquentusrex: Anything "different" is suspect.01:15
pixlboxneed help installing joomla01:15
hggdhfor example, when you specify Netscape options, and do them wrong. SSL wouls swallow them, TLS will spit them out01:15
quentusrexinfinity: can you suggest a command to dump all the cert info? (I have a command, but I've been stuck for a week. So I might be using the wrong one...)01:15
hggdhthe easy way: openssl x509 -text -in <PEM>01:16
hggdhjust the public cert, no private key here01:16
quentusrexeverything that openldap seems to say, points to the issue being with the cacert,01:16
quentusrexbut there is almost no documentation and even less info on the actual error...01:17
quentusrexjust says tls fails with error code -101:17
infinityAre you doing chain bundling?01:17
quentusrexI have one CA, and that is the only thing signing the certs.01:17
quentusrexonly two levels, no sub CA's.01:17
hggdhquentusrex: if a real and a fake cert are the, er, same, and one works and one not, then there is something different on them01:17
hggdhyou can also dump ASN1 (and I do not remember the opessl command for that, but it is there) the certs. Be prepared to get some sore eyes.01:19
quentusrexhggdh: I have compared the two certs01:19
quentusrexthere are many more fields filled out with the tinyca2 ones...01:20
quentusrexthe real ones.01:20
quentusrexthe fake ones have almost no fields set...01:20
hggdhso now you have a start01:20
hggdhthey *are* different01:20
quentusrexis there a way to diff them by fields?01:20
hggdhno, not really. You will have to do it by hand01:21
infinityDon't forget content of the fields.01:21
infinityYou may have characters gnutls is unhappy with, who knows?01:21
infinityMaybe you're breaking an RFC, which openssl is notorious for not caring about. :P01:21
quentusrexthis will be 'fun'01:21
quentusrexcheck this out:01:22
quentusrex    Data:01:22
quentusrex        Version: 1 (0x0)01:22
quentusrex    Data:01:22
quentusrex        Version: 3 (0x2)01:22
infinity(openssl is the most liberally forgiving software in the world when it comes to sloppy input, which explains why your certs are happy with openssl-using apps, but not gnutls)01:22
quentusrexreal one is version 301:22
quentusrexgreat... so now I have to regen all my certs to make gnutls happy.... :(01:22
hggdhwow, from V1 to V3... how old is this V1 cert?01:23
quentusrexI just generated it with openssl01:23
quentusrexthat's the fake one that works.01:23
infinityV1 is the default with an openssl req with no options, IIRC.01:23
infinityBut gnutls should be happy with V3, I suspect that's a red herring.01:23
quentusrexis there a paste bin that you prefer?01:24
quentusrexI'll paste the cert dumps01:24
hggdhyes, it would be good01:24
infinityhttp://pastebin.ubuntu.com/ even01:24
quentusrexthose are both the cacerts.01:25
quentusrexI hadn't considered that the problem could be with a field in the cert01:25
quentusrexI thought it had something to do with corruptions, or not actually being signed or something... but all the verify commands I could find passed.01:26
hggdhquentusrex: what time is it now at your locale?01:26
quentusrexwest coast, USA01:26
hggdhof July 12th, right?01:27
quentusrexI see an issue... :)01:27
hggdhlook at the Not Before timestamps01:27
quentusrexright, but the real one you're looking at was just generated to pose as the real one01:28
quentusrexboth generated with tinyca2 and both fail for the same reasons.01:28
quentusrexJust with random information in there01:28
infinityWell, does the real real one have that same timestamp? :)01:28
hggdhyes. The point is both of these should *NOT* be valid to begin with01:28
quentusrexit was generated in March of 0701:28
quentusrexthat is GMT01:29
quentusrexI'm -8 from there.01:29
quentusrexso it is valid.01:29
hggdhso a red herring01:29
quentusrexI'd rather have false positives that turn out to be red herrings, than a false negative and never get a working ldap server... :(01:30
quentusrexI'm working on a script that will allow me to tweak the cert generation parameters01:30
hggdhOK. Next one. fake one that works has a 1024 key, real one that fails has a 4096 key. Have you tried a fake one with 4096?01:30
quentusrexand test it on an openldap server01:30
quentusrexyup, and a real one with 102401:30
quentusrexred herring.01:30
hggdhquentusrex: the real one is a CA cert01:31
hggdhI thought it was an user cert01:32
hggdhlike the first one01:32
quentusrexboth should be ca certs01:32
quentusrexyou're right...01:33
hggdhfirst one should be refused, it does not have 'CA: True" critical constraint01:33
quentusrexthat's right... I've been using a self signed cert for the fake ones, thinking I had built ca certs.01:34
infinityquentusrex: So, some random googling suggests that you need to tell openldap where to find the path to the CA cert.01:35
quentusrexbrb afk01:35
quentusrexinfinity: I do, I specify it.01:35
quentusrexI think my test case is wrong...01:35
quentusrexbrb though...01:35
infinityquentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?01:35
quentusrex_had to change computers for a moment01:37
infinityquentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?01:38
quentusrex_infinity, I tried that, but I did not get anything more from it01:38
quentusrex_the same one line error. failed to start tls, with the error code -101:38
infinityAnd I'll assume, since you have a testcase and all, that it's not file permissions?01:38
quentusrex_nope, not file permission problem01:38
quentusrex_but we've just proved that my test case was flawed.01:39
quentusrex_I am not sure I was actually generating a ca cert,01:39
quentusrex_but possibly a self signed cert,01:39
hggdhwell, if you were using the CA cert as an LDAP "user" cert, then ldap would most probably barf01:39
quentusrex_so it could have been working because the cert was self signed it didn't need to look for the CA, so it didn't run into the same issue.01:39
quentusrex_nope, not an ldap user cert. as the server cert.01:40
quentusrex_the ldap server has nothing but default data in it...01:40
hggdhyes, server cert == user cert; there are CA certs, and "user" certs01:40
infinityYeah, you need both here in your case...01:41
infinityTLSCertificateFile /etc/openldap/currentcert.pem01:41
infinityTLSCertificateKeyFile /etc/openldap/currentkey.pem01:41
infinityTLSCACertificateFile /etc/openldap/demoCA/cacert.pem01:41
hggdhyou do not usually run *ON* a CA cert. You deploy a cert signed by the CA01:41
infinityThe last one needs to be your CA, the first two are the server "user" cert.01:41
quentusrex_hggdh, right. that is what I'm doing.01:41
quentusrex_but you have to distribute the ca cert along with the client cert and key01:42
quentusrex_for tls.01:42
hggdhyes, you always have to distribute the CA certs.01:42
hggdhor, better saying, the real user should check on the CA cert, ideally out-of-band01:43
infinityYes.  Lots of software out there explodes when you try to use "chained" certs, which is what I was driving at before.01:43
hggdhso. when you put the real CA cert (the one in the pastebin) as TLSCACertFile it fails01:43
infinity(ie: when your CA is bundled in the cert, rather than being an out-of-band check)01:44
hggdhbut, when you put the real CA in the TLSCACertFile, you have to change the TLSCertFile accordingly. Did you do it?01:45
* hggdh BTW asks for pardon on asking dumb questions, but one needs to be sure...01:45
quentusrex_yes, I did that... I think I'm on to something...01:47
quentusrex_I changed the order of the cert file includes.01:47
quentusrex_it changed the error code...01:47
quentusrex_if the CAcert line isn't first the error is -3401:47
quentusrex_with ca cert first it's -101:47
quentusrex_I finally get an interesting error message:01:49
quentusrex_ gnutls-serv --x509keyfile ./ssl/server.pem --x509certfile ./ssl/server.pem01:49
quentusrex_Set static Diffie Hellman parameters, consider --dhparams.01:49
quentusrex_Error reading './ssl/server.pem' or './ssl/server.pem'01:49
quentusrex_Error: Base64 decoding error.01:49
quentusrex_I get this when I install gnutls-bin01:49
quentusrex_and run that first line....01:49
JordiGHGot a problem with two Ubuntu boxen not being able to relay email to one another.01:50
JordiGHThe problem: http://erxz.com/pb/1872101:50
JordiGHweb2 is running exim4. I am guessing I need to tweak stuff in web2's exim.conf, but I don't know what.01:51
quentusrex_hggdh and inifinity, you were right. It's a bad header.01:52
quentusrex_with the real keys I get this error:  gnutls-serv --x509keyfile ./key.pem --x509certfile ./cert.pem01:53
quentusrex_Set static Diffie Hellman parameters, consider --dhparams.01:53
quentusrex_Error reading './cert.pem' or './key.pem'01:53
quentusrex_Error: Base64 unexpected header error.01:53
quentusrex_Now, if only there were a way to find how which header..01:53
ScottKJordiGH: You need to authorize the other one to relay mail.  I could tell you how for Postfix, but Exim, I have no idea.01:55
JordiGHScottK: Yeah, I have "host_accept_relay = : ::::1 :" in exim.conf, which seems a bit cryptic.01:56
ScottKJordiGH: I'd try adding the IP of the other mail server to that.01:56
JordiGHScottK: You mean the specific one instead of the netmasked IP network?01:57
ScottKJordiGH: Is it in
JordiGHweb4 from which I telnetted is
ScottKOK, then I'm confused.  I'd have expected that to work.02:01
* ScottK looks around for someone who knows something about Exim.02:01
JordiGHUnless those streams of colons don't do what I expect them to.02:02
infinityJordiGH: The stream of colons is the IPv6 localhost.02:02
infinityJordiGH: Are you using exim's split config, or monolithic?02:03
infinityJordiGH: (Maybe you edited the monolithic config, but you're actually using split?)02:03
twbScottK: #debian is full of exim weenies :-)02:04
ScottKYet another reason not to go there.02:04
JordiGHHey, I'm a Debian weenie. :-(02:05
twbYou have to tiptoe around them02:05
infinityJordiGH: Also, if this is exim4, I suspect you want "relay_from_hosts", not "host_accept_relay"02:05
JordiGHinfinity: /etc/exim only has exim.conf and exim.conf.002:05
twbScottK: having said that, IME #debian (on OFTC, at least) is more helpful than #ubuntu.02:05
ScottKWell I don't go there either.02:05
twb#ubuntu is like a preschool full of screaming toddlers trying to configure compiz02:05
infinityJordiGH: Eww, and no it's not, you're using exim3... Stop that. :)02:05
JordiGHinfinity: dapper drake.02:06
twbJordiGH: remind us why postfix isn't allowed?02:06
infinityJordiGH: exim4 is on dapper.02:06
infinityJordiGH: exim3 is in universe and entirely unsupported, no?02:07
JordiGHAh, you're right, exim4 is available.02:07
JordiGHtwb: It isn't unallowed. You want me to use it instead?02:07
infinitytwb: Don't get into an MTA flamewar. :P02:07
infinitytwb: We support both for a reason.02:07
twbEh, sorry.02:08
twbI should have added a ";-)"02:08
JordiGHI really have no preference.02:08
ScottKThe reason being infinity likes Exim.02:08
infinityScottK: And elmo. :P02:08
ScottKThat too02:08
JordiGHMTAs are like toasters to me. They should toast, and exactly how they toast and which one should toast, I don't really care.02:08
twbJordiGH: then probably best to use whatever people around here will provide support for.02:08
infinityJordiGH: Anyhow.  exim4 should "just work" when you configure it out of the box.02:08
infinityJordiGH: Alternately, switch to postfix, which will also "just work" when configured with the help of people like twb.02:08
JordiGHinfinity: alright... it's a debconf config, right? At least it is in Debian.02:09
infinityJordiGH: I couldn't care less what anyone other than me uses. :)02:09
infinityJordiGH: Same as the Debian debconf config, yeah.02:09
JordiGHHmmm... alright, what do I want here? I already don't know what to answer for the first question.02:09
JordiGHinternet site?02:10
JordiGHconvert exim v3 config?02:10
JordiGHOkay, internet site.02:10
twbI don't provide support for postfix, either.  HAND.02:10
quentusrex_hggdh, alright. I've build the test system for the fake certs. I'm actually useing ca certs now...02:10
quentusrex_hggdh Any guess as to which of the headers are more likely to cause problems?02:11
JordiGHMan, SMTP sounds like LOLcatese to me.02:12
JordiGH"HELO web2"02:12
JordiGH"Why, hello there, web5".02:12
JordiGH"MAIL FROM: <jordigh@gmail.com>"02:12
JordiGH"Ah, yes, I see, and who is the recipient?"02:13
JordiGH"RCPT TO: <jordigh@gmail.com>"02:13
JordiGH"I'm afraid I can't let you do that, Bob..."02:13
JordiGHAlright, so is the default the monolithic or the modular exim4 config?02:13
infinityNo idea anymore.  It used to be a debconf question, I suspect someone's nixed it.02:14
infinityProbably defaults to monolithic now to avoid upstream getting grumpy about stupid Debian users and their bad bug reports.02:14
infinity(I use split)02:14
infinityJordiGH: If you have an exim.conf in /etc/exim4, you're using monolithic.  If not, it's in /var/lib/exim4, and you're using split.02:15
JordiGHI have a exim.conf.template...02:17
infinitygrep dc_use_split_config /etc/exim4/update-exim4.conf.conf02:18
infinity(I knew it was a debconf question)02:18
infinityMust just have not been shown at your priority.02:18
infinityJordiGH: Anyhow, assuming you're using split, just edit dc_relay_nets in /etc/exim4/update-exim4.conf.conf, re-run "update-exim4.config", and restart exim.02:20
JordiGHinfinity: It is a debconf question, but wasn't asked at install. It's asked with dpkg-reconfigure, though.02:20
infinityJordiGH: That's because dpkg-reconfigure defaults to priority=low02:20
infinityJordiGH: Your system's probably set to high or critical.02:20
JordiGHHm... it still thinks that relaying to gmail.com is prohibited.02:22
JordiGHYeah, identical SMTP session. :-/02:23
infinityThat's with lucifer's IP ( in dc_relay_nets02:24
JordiGHWait, I think I had the wrong answer..02:24
JordiGH"Domains to relay mail for" that should be *, right?02:26
infinityWow, linking the paste would have been helpful there to prove my point. :P02:26
infinityNo, no, no.02:26
infinity* would be an open relay.02:26
infinityYou only relay for the domains you accept mail for as an MX.02:27
infinityWhereas the relaying you want is allowing privileged hosts to relay through you.02:27
JordiGHWhat's the difference between "domains to relay mail for" and "machines to relay mail for"?02:28
infinity"machines" is what turns into "relay_nets".02:29
infinityMachines is who you will accept mail FROM, to send to anywhere.02:29
infinityDomains is who you will accept mail TO, from anywhere.02:29
infinityIf you're not a secondary MX, relay_domains should be empty.02:29
infinityJordiGH: Here's a simple config: http://pastebin.ubuntu.com/216566/02:31
JordiGHOkay, so I did tell debconf to use monolithic config.02:31
infinityJordiGH: It accepts mail for all those domains listed, it doesn't forward/relay mail for any other domains, and it accepts mail to ANYWHERE from the IPs listed.02:31
infinityJordiGH: (Of course, mine's a split config, so translate as required)02:32
JordiGHinfinity: Kay... dc_other_hostnames is the machines from which I accept incoming SMTP connections?02:33
JordiGHinfinity: dc_relay_domains is blank because those machines can send anywhere in the world, right?02:33
infinityJordiGH: other_hostnames is all the hostnames/domains that you accept mail FOR.02:34
infinityJordiGH: So, my config accepts mail for loki.0c3.net, szeretlek.net, etc...02:34
infinityJordiGH: (By default, you'd only accept mail for you actual hostname, without that line there)02:34
JordiGHinfinity: Oh, so I can't email gmail.com from your machine?02:34
infinityJordiGH: But that's for local delivery.02:34
infinityJordiGH: You can email gmail.com from my machine if you're listed in relay_nets.02:35
infinityJordiGH: relay_nets defines the people who are allowed to send mail ANYWHERE.02:35
JordiGHAh, ok, ok...02:35
infinityJordiGH: Anyone not in that list can only send mail to other_hostnames and relay_domains.02:35
infinityJordiGH: Note that while the options have different names (obviously), every MTA has this exact concept.  You're filtering on two sets:  "People who can send mail to anyone", and "Anyone can send mail to a specific small set of addresses".02:36
JordiGHinfinity: Interesting.02:37
ubottuUbuntu releases a new version every 6 months. Each version is supported for 18 months to 5 years. More info at http://www.ubuntu.com/ubuntu/releases & http://wiki.ubuntu.com/TimeBasedReleases02:43
ubottuEnd-Of-Life is the time when security updates for an Ubuntu release stop. See https://wiki.ubuntu.com/Releases02:44
JordiGHYes, I know DD is dead.02:45
JordiGHSo is my website, kinda, but not because of DD.02:45
twbJordiGH: sorry, that was for me.02:47
twbI was too lazy to /msg ubotu, sorrry.02:47
ScottKDapper is not dead for this channel, just weaklings who need X.02:51
ScottKActually my desktop is still Dapper.  I haven't ever bothered to upgrade it.02:58
JordiGHinfinity: http://pastebin.ubuntu.com/216574/02:59
JordiGHinfinity: Still full of fail. :-(02:59
infinityJordiGH: You're running update-exim4.conf and restarting exim after changes, right?03:01
JordiGHinfinity: ayup. "/etc/init.d/exim4 restart"03:02
ajmitchScottK: you're even worse than me03:02
twbMy laptop runs Sid because otherwise how can I test that my bugs have ACTUALLY been fixed when maintainers close them? ;-)03:02
infinityJordiGH: Oh, but you're still not using split config either.03:02
infinityJordiGH: So, editing that probably doesn't buy you much.03:02
infinityJordiGH: (Just find relay_from_hosts in your actual config and edit it)03:02
ScottKajmitch: The smaller the computer it seems the newer I use.  Desktop is Dapper, laptop is Jaunty, netbook is Karmic.03:03
JordiGHinfinity: How about I just use a split config?03:03
* JordiGH doubts it makes a difference, but whatever.03:03
infinityJordiGH: Up to you. :)03:03
* infinity needs to run off.03:04
infinityJordiGH: Ultimately, however you do it, you need exim to think that network is in relay_nets, and you win.03:04
slestakn external python package?  I am having import name resolution problems and dont see what is accuring03:20
slestaknetbook ate my first line03:20
slestakis /usr/local/lib/python2.6/dist-packages/ a typical location for an external package?03:20
JordiGH/usr/local is stuff not managed by dpkg.03:23
slestaki used the modules setup.py03:25
slestakit is not in apt03:25
ScottKslestak: More likely site-packages, but that may be OK.03:32
ScottKslestak: import sys and then print sys.path to see if it's in your path.03:32
slestakScottK: good idea03:32
slestakScottK: last key in path is '/usr/local/lib/python2.6/dist-packages'03:33
ScottKThen that should be a fine location.03:34
slestakevery .py in examples for package xlwt fails with the same error03:34
slestak  File "/usr/local/lib/python2.6/dist-packages/xlwt/Worksheet.py", line 52, in __init__03:35
slestak    self.Row = Row.Row03:35
slestakAttributeError: 'module' object has no attribute 'Row'03:35
slestakRow.py is on the dir, and it has a class name Row03:36
ScottKTry to append xlwt to sys.path03:38
slestakwhere is that adjusted?03:39
ScottKslestak: FYI, xlwt is packaged in Karmic, so you could ask for a backport of the package for whatever release you're using.03:39
slestakim supposed to present this at a PUG tomorrow :)03:40
ScottKslestak: It's something like sys.path.append("pathyouwanttoadd")03:40
slestakdont think backport will be quick enough03:40
ScottKslestak: What release are you using?03:40
slestakim about the least exp guy in the group03:40
ScottKslestak: What timezone are you in?03:41
JordiGHinfinity: If you're still there, the problem was that exim3 was still running even though I removed the package and /etc/init.d/exim stop didn't stop the daemon either. I killdashnined the process and restarted exim4 and now it works.03:41
* JordiGH has spent maybe 4 hours on this today.03:41
ScottKslestak: If you don't get it figured out tonight, we can probably manage a backport in the morning.03:42
* ScottK would likely have to mangle some rules to get it done tongiht.03:42
slestakthat would be awesome.  i used pyExcelerator, maybe I should just present that, its in Jaunty.  I just know xlwt and xlrd have replaced it03:42
JordiGHWhen is sysadmin day? I think I'm gonna demand lots of ice cream for it.03:42
ScottKJordiGH: sysadmin day is on the horizon.03:43
slestakbofh day?03:43
* JordiGH wonders if he could also demand sexual favours on July 31st.03:43
JordiGHInteresting sysadmin day is the day before my birthday.03:43
ScottKThe horizon being an imaginary place you can walk towards, but never reach.03:43
JordiGHIt's actually in a few weeks.03:43
ScottKJordiGH: This is probably going to sound silly to you, but we work very hard here to create an environment where everyone will be confortable, so it's not a huge deal, but talking about demanding sexual favors probably isn't the best idea for here.03:44
slestakScottK: I'll try it on another workstation, see if it is consistent03:44
JordiGHI guess sex is going to make someone uncomfortable.03:45
JordiGHFine, fine.03:45
ScottKslestak: sys.path.append("/usr/local/lib/python2.6/dist-packages/xlwt/")03:49
slestakScottK: i just installed pyExclearator from repo. it works fine.  xlwt is a fork, so I'll just explain that the package imshowing is a lottledated03:49
slestaki can wait for karmic03:49
ScottKslestak: OK.  I'd try sys.path.append03:49
slestakbut that will not help me when running a .py in bash?03:50
slestakor can i run the exampkles easily from the python shell, after touching up sys.path?03:50
ScottKOr edit the start of the example to do it for you.03:53
slestakno joy03:57
slestakI alsotried adding from xlwt.Row import *03:58
slestakwell, im done for the night, thx for the help04:00
quentusrexhggdh: ScottK: infinity: are you still around?04:18
quentusrexI've narrowed the limitations for gnutls...04:18
quentusrexI've removed almost all of the cert attributes04:18
quentusrexdown to the fewest04:19
quentusrexbut gnutls still can't handle it...04:19
=== s_markow_ is now known as s_markow
ScottKCan gnutls generate certs like openssl does?04:26
ScottKIf it can, maybe generate a cert from it and see what's in it.04:27
=== Kyon0 is now known as Kyon`Away
=== Kyon`Away is now known as Kyon0`Away
=== ircd is now known as Guest18724
zpotonaatorhey, can anybody tell me wher's the default logrotate conf for mail.log, currently it's rotating between 06:0 -07:0009:05
zpotonaatorand only keeping 6 days of log09:05
zpotonaatorbut mail.log is not defined for logrotate to rotate09:06
zpotonaatorfound the solution, it's sysklogd that's rotating the logs by default, /etc/cron.daily/sysklogd, not logrotate09:13
_rubenwhich is a nice default solution, but very managable in the long run, imo09:14
_rubenadd "not" somewhere in that line :)09:14
DavieyHi, Can someone sponser an apache related SRU for Hardy to -proposed for me?09:40
Davieybug #39469609:40
uvirtbotLaunchpad bug 394696 in apache2-mpm-itk "Please rebuild apache2-mpm-itk [Hardy] to handle updated apache source" [High,Confirmed] https://launchpad.net/bugs/39469609:40
j0nrHi all... running spamd seems to be a none starter for me on my 256MB RAM server. Is there any other ways to begin to control spam thats not too heavy on RAM? thanks09:57
henkjan_j0nr: greylisting09:59
_rubentho from what i've read, greylisting is becoming less effective rapidly10:06
_rubenrbl checks remain fairly effective10:07
_rubenor just upgrade the server :)10:07
RoyKI use greylisting and the built-in bayes-filter in OS X mail. The greyfiltering takes out some 90-95% or so and most of the rest is taken by the OS X mailfilter10:29
Davieyj0nr: Or switch to a VPS provider that provides a spamd server :)10:59
* Daviey knows of at least two in the UK that does this.11:00
j0nrDaviey: maybe they do... I will enquire11:12
* j0nr is googleing greylisting11:12
_rubenthat's one implementation of it, yes11:14
* Daviey uses postgrey.. Doesn't stop that much tbh.. Mainly due to alias email addresses which formward to my smtp server11:22
Davieyj0nr: What sort of mail volume do you have?11:22
=== Kyon0`Away is now known as Kyon0
j0nrDaviey: very little... but enough to want some sort of spam filter... (i dont need a male member enlargement!)11:45
j0nrprobably <50 a day unwanted emails11:47
Davieyj0nr: How many mails in total?11:47
j0nr< 60 probably a day inc. spam (11:47
j0nroh actaully.. i am on ubuntu-uk mailing list so more11:48
Davieyj0nr: It's just that i have a dedicated spamd server in the same datacentre..  You can use it for a while?11:48
j0nrstill probably <10011:48
j0nrwhat datacentre?11:48
DavieyThe same one as you :)11:48
NafalloDaviey: what data centre?11:50
j0nrDaviey: oo sounds good....11:51
j0nrwhat are implications?11:51
DavieyNafallo: RHC North11:52
SarthorHi, there was 2 lan cards in my ubuntu 9.04 i386, (eth0, eth1), i removed one lan card and put other, now my linux gave the name as eth2 to the new lan card, How can i change this eth2, back to eth1,11:52
NafalloDaviey: doesn't sound like London...11:52
DavieyNafallo: Oh, Is it only London that had datacentres? :)11:53
\shSarthor: vi /etc/udev/rules.d/70-persistent-net-rules.*11:53
\shSarthor: change the new eth2 to eth1 and remove the old entry11:53
NafalloDaviey: well. that matters anyway ;-)11:53
acalvoHi! I'm making a script to move an LDAP tree to a new one, but I'm having troubles with accents. In the command-line I can see that everything is right, but when it is stored to the LDAP it's all mix up...11:54
j0nrDaviey: what about this spam filter then?12:48
Davieyj0nr: Ok.. let me add your IP to my firewall12:56
Davieyj0nr: -> PM12:56
awmcclainI've looked for a while on google for this and I couldn't find it... anyone know how to set up ssh so that files created over ssh are automatically group writable?13:19
henkjan_awmcclain: man umask13:22
awmcclainhenkjan_: No man entry. Also, for some reason  I was under the impression that setting a umask for a user didn't work over ssh, but that makes no sense.13:24
awmcclainThat gives me enough.13:24
awmcclainHrm, umask 022, but directories are g-w. Maybe it's an issue with bzr over ssh.13:31
awmcclainOh never mind.13:31
uvirtbotNew bug: #398733 in dovecot (main) "Dovecot Plain auth broken in 1.1.1, fixed in 1.2.1" [Undecided,New] https://launchpad.net/bugs/39873313:34
maxbawmcclain: umask 022 explains directories being g-w13:40
maxbumask 002 is what would be required13:40
awmcclainmaxb: Yeah, i just realized that, I changed to 0002 but I'm still seeing the same issue.13:40
awmcclainOh.... let me check the user's profile and see if it's being overwritten13:40
maxbprofile will not be involved in a bzr-over-ssh session13:41
maxbYou will likely want to consider setting the umask via pam13:41
maxbDo be aware that umask 002 is an insecure configuration for any user whose primary group is not one private to themselves13:42
awmcclainmaxb: Ah, that explains a lot. Understood. I'm guessing a google search of 'umask pam' is in order.13:43
maxbSpecifically pam_umask.so13:44
maxband man pam_umask13:45
maxbespecially the usergroups option13:46
ruben23hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?13:51
ruben23particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..13:51
ruben23anyone have idea14:58
pirxhi! has anyone used linux-ha (high availability)? looking for a good tutorial/howto...15:31
jmarsdenpirx: Using Google gets me: http://www.linux-ha.org/HeartbeatTutorials16:10
shivekSo what's your website url16:58
shivekI want to check it out16:59
ballooozawell... right now I have a photo gallery16:59
shivekGive me the url16:59
ballooozashivek: http://balloooza.homelinux.com/gallery316:59
shivekmysql ??17:00
ballooozashivek: ? what are you asking17:00
shivekdoes the speed depends on my computer specifications or bandwidth or both?17:00
ballooozashivek: my bandwith is slow, depending where you are17:01
shivekI'm in India17:01
ballooozashivek: illinois17:01
ballooozashivek: usa17:01
shivekmy bandwidth is 215kbps17:01
shivekwhat's your bandwidth17:02
ballooozashivek: ouch, you will never load my site, but I can still help you17:02
shivekyeah help me17:02
shivekits not loading17:02
ballooozashivek: so, what kind of site, for a buisnuiss17:02
firecrotchwow I'm in Wisconsin and I can't even load your site, balloooza17:02
ballooozashivek: it will be slow, has to go around the world17:02
ballooozamaby it is not running?17:03
shivekno I'm a student I want a personal website17:03
ballooozamaby the site is closed, I did some maintnence, and maby messed up the firewall17:03
shivekballoooza: yeah its not running17:04
ballooozaso a personal site, like reseme (sorry I cannot spell)17:04
shivekballoooza: yeah I'm just 14 and I've developed a site for me. what's reseme?  " D17:05
ballooozashivek: same age, that is a thing that you make to get a job (I thought you ment university)17:06
shivekballoooza: should I use MySQl or something else17:06
shivekAre u also 14 ??17:06
ballooozashivek: mysql is a database17:06
ballooozashivek: yes 1417:07
shivekso do u also wanna become a hacker ?17:07
ballooozashivek: ya17:07
shivekwho are u insipired from17:07
shivekI think we should work together17:08
shivekWorking together we will be masters17:08
shivekWhat all languages do u know??17:08
shivekballoooza: Are you there ?17:09
ballooozashivek: that is a little off topic, but no languages yet, but I want to get a little development board for my birthday, so I will learn17:09
shivekyou don't even know html ?17:09
ballooozayes, html17:10
ballooozashivek: that is a markup language, what you will most likly use for the website17:10
shivekI know17:10
shivekI know html17:11
shivekand I'm learning python 317:11
shivekDo you have an orkut account ?17:11
ballooozaThat is what I will use to program, second q: no17:11
=== so is now known as simon-o
shivekWhat do u mean . I didn't get u17:12
ballooozashivek: hu, no orkut, and also if we start bugging people (none here) we should move to pm17:12
shivekpm ?17:13
ballooozashivek: Private Message17:13
ballooozabut only if we are bugging somone17:13
shiveki just want that we should stay in touch.17:14
shivekballoooza: Because I've never found anyone of my age who wants to become a hacker!17:14
ballooozaOK, how wold I do that? I have gmail, I think that is related to orkut?17:15
ballooozabtw, mw website is not working, have to figure that out17:15
shivekballoooza: yeah it is17:15
shivekjust give me your email id17:15
shivekI'll add you17:15
=== obstriege is now known as obst
=== dazman is now known as Guest26280
ballooozashivek: it is in my info for irc17:16
shivekballoooza: and you should get an orkut account17:16
ballooozashivek: did you get it?17:16
shivekballoooza: no it isn't displayed17:17
ballooozaoh, let me take off the hide...17:17
ballooozanow try17:17
shivekballoooza: sure and you should also get an orkut account because hackers also need to know moron mentality .17:18
=== maxb_ is now known as maxb
ballooozajust signing up...17:18
shivekballoooza: take mine<shivekk@gmail.com> .yeah cool add me as ypur friend .Search shivek khurana17:19
shivekballoooza: What's your full name ?17:19
ballooozaaccualy I put in my birthday, and it said 1817:20
spectoI hope you guys know that this chat is logged.17:20
ballooozashivek: yes, do not say stuff personal, that is why I have not said stuff personal17:20
shivekballoooza: Ok. You can still create  one , add any year that it accepts17:21
shivekballoooza: it doesn't really matters.17:22
shivekspecto : thanks for warning :D17:22
spectoshivek: no problem.17:22
shivekballoooza: done ?17:22
ballooozaok shivek, I have added you, have you added me?17:23
ubottu#ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics. Thanks!17:23
shivekwait let me see.17:23
shivekubottu: thanks for your advice.17:24
ubottuError: I am only a bot, please don't think I'm intelligent :)17:24
ballooozashivek: lets move this to gmaail chat :)17:24
shivekballoooza: I'm coming there17:24
Pirate_Hunteranyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?17:38
Pirate_Hunteranyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?17:44
ruben23hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?17:45
ruben23particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..17:45
firecrotchPirate_Hunter: I myself haven't used ISPConfig, but maybe I can help you troubleshoot...17:46
firecrotchPirate_Hunter: From what I know, it uses Apache? is apache running?17:46
=== iulian is now known as Guest22306
Pirate_Hunterfirecrotch, should be, how do i check (sorry i am very new to the server side of linux)17:47
firecrotchPirate_Hunter: ps -e | grep apache17:47
firecrotchit should print out a line with a number, a question mark (or pts/#), a timestamp, and then the word apache17:48
Pirate_Hunterfirecrotch, http://paste.ubuntu.com/217104/17:49
Pirate_Hunterfirecrotch, yah i think that is correct so it is working17:49
firecrotchPirate_Hunter:  Ok, apache is running, so the next step is to check apache's error log, which is located at /var/log/apache2/error.log17:50
Pirate_Hunterfirecrotch, http://paste.ubuntu.com/217106/ no errors there that i noticed17:52
Pirate_Hunterfirecrotch, i think it could be ispconfig itself, even so it did successfully compile and give me the login details just doesnt work in browser :s17:53
firecrotchPirate_Hunter:  What is the error you get when you try to access the ISPConfig page?17:53
Pirate_Hunterfirecrotch, one sec let me check on the actual box but its something like not accessible, temporary down or soemthing17:53
Pirate_Hunterfirecrotch, xyz.de refused connection - the server might be busy or you may have network connection problem try again later17:56
Pirate_Hunterfirecrotch, that is all i get nothing more specific17:57
firecrotchPirate_Hunter: Are you trying to connect to it via https ?17:59
Pirate_Hunterfirecrotch, yup that is what i chose, how come?17:59
firecrotchPirate_Hunter: I think it is a problem with ISPConfig itself, or apache's configuration, since it's refusing the connection18:00
Pirate_Hunterfirecrotch, ok but how do i go about finding out which is the problem since syslog doesnt say anything18:01
firecrotchPirate_Hunter: If you can paste all of your apache configuration files (/etc/apache2/sites-enabled) I can take a look18:03
spectofirecrotch: pastbin please.18:05
Pirate_Hunterfirecrotch, they are default installed via tasksel havent changed anything was meant to once ispconfig was installed18:05
firecrotchISPConfig changes your apache configs, I think18:05
Pirate_Hunterfirecrotch, :o Oh didnt know that one sec18:06
firecrotchPirate_Hunter: I've come across something that may have something to do with it... is it ISPConfig 2 or ISPConfig 3that you installed?18:07
Pirate_Hunterfirecrotch, http://paste.ubuntu.com/217116/ i installed 2 since i think 3 is still beta18:07
firecrotchPirate_Hunter: I noticed somewhere that you have to change /bin/sh to point to /bin/bash instead of /bin/dash for the install, or else there will be problems18:08
Pirate_Hunterfirecrotch, i set up the server based on this tutorial http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4 might help to know18:09
Pirate_Hunterfirecrotch, i did do that, its in that tutorial18:09
firecrotchPirate_Hunter: haha that's where I saw it ;)18:09
Pirate_Hunterfirecrotch, yup that is what i used for my setup the problem is ispc can only be unninstalled from the browser interface i think otherwise i would do it again18:10
firecrotchPirate_Hunter:  And you are trying to access it via port 81, right?18:11
Pirate_Hunterfirecrotch, yup just how the online manual states i havent really changed much except the host and a few bits18:12
firecrotchPirate_Hunter: Well, you've got me stumped18:13
firecrotchNote to self: don't bother with ISPConfig18:13
Pirate_Hunteri will try to unninstall it again, can you at least provide me with a tut for a good server setup?18:14
firecrotchPirate_Hunter: I've used EBox before, but I don't know if it does everything that ISPConfig does18:16
Pirate_Hunterebox will check it out now, what are you using now?18:16
firecrotchWell currently I don't have any need for anything other than a simple web server, so I just have a ubuntu 8.10 box running apache and mysql right now18:17
=== zoopster1 is now known as zoopster
Pirate_Hunterfirecrotch,  sorry system went down19:03
ballIs there a way I can ask an Ubuntu Server box to enter "standby" mode?19:04
firecrotchPirate_Hunter: welcome back :)19:05
Pirate_Hunterfirecrotch, np well checking out ebox I think just about does what ispconfig does just in a different way still what do i know (all i want is to host my own site(s))19:08
Pirate_Hunter\np\*\no problem\19:08
Pirate_Hunterfirecrotch, what you up to since i got time to spare19:09
firecrotchPirate_Hunter: If it's just going to be a standalone webserver, I personally don't see the need for something like ISPConfig or ebox.  It's pretty easy to host your own websites on a server with just apache, mysql and php installed.  Look into apache virtual hosts19:09
firecrotchI'm currently configuring Kubuntu on my boss's laptop19:10
Pirate_Hunterfirecrotch, oh didnt know i am quite new to this, I think i am ready to start using ubuntu for serious stuff without the desktop feature and wow your boss i can't even persuade anyone to try ubuntu or any linux OS19:11
Pirate_Hunterfirecrotch, why kubuntu isn't that too bloated (in my opinion)19:13
firecrotchPirate_Hunter: Well, we use ubuntu server for our servers, and Xubuntu on computers that we use to display videos and stuff on digital signage, and I use Kubuntu on my workstation since it's what I prefer, and he likes it :)19:13
Pirate_Hunterfirecrotch, i bet he likes the eyecandy which is what made me try it in the first place, I have to admit it is neater more like being in an alternate version of windows19:15
jon_high9000I am configuring Postfix. mainly, to use postfix as an alternate smtp server in place of gmail. my question is this; i selected internet site and for mail name entered mail.gmail.com. based on what i have described does this sound correct?19:15
firecrotchPirate_Hunter: Yeah, I've always found KDE to be more... Windows-like, and gnome to be more Mac-like19:16
ballI like Blackbox19:17
ball...but Gnome and Xfce4 are both things I could put in front of civilians19:17
firecrotchKDE seems to be more intuitive to new users who are used to Windows, in my opinion19:18
Pirate_Hunteryeah i agree on the kde part except the Mac bit since i havent used OSX :'(19:18
Pirate_Hunterball, the civilians i know run from linux, some find it too hard even knowing the menu is right at the frigging top19:19
ballPirate_Hunter: people are animals and animals fear change19:19
firecrotchPirate_Hunter: Change the menu name to "Start" and put it at the bottom left corner and they'll have no trouble :)19:20
Pirate_Hunteri agree most users will be right at home with kde and koqueror needs some praising19:20
jon_high9000sorry about this folks. double checked my research and it is correct. my bad.19:21
Pirate_Hunteri did, i did they complained on the way they had to do things, if not the apps they wanted are not there even firefox was weird (it has been around for a long time :/)19:21
howiei just made the the switch from windows to full ubuntu like 2 weeks ago and i gotta say i couldnt be happier..19:21
firecrotchI think this discussion would be better suited for #ubuntu-offtopic  btw19:21
Pirate_Huntertrue say however im doing something in another box19:24
Pirate_Hunterthanks for earlier on firecrotch19:24
firecrotchno problem :)19:25
* ball sighs19:26
sleepsterI am looking for a patch for my kernel?  It is currently configured for 100HZ and I would like it to be set to 1000HZ.   the I/O performance is terrible when CONFIG_HZ is set to 100 which is the default I believe for ubuntu server kernel19:36
ballooozais it possible to dump all the apache configuration, I just want to start over (I realy messed it up, durring an upgrade, did not make backups of the working state, shoot me)19:40
bogeyd6balloooza, which ubuntu version?19:51
ballooozanice, my version, or what I did :)19:52
bogeyd6baffle, https://help.ubuntu.com/8.04/serverguide/C/httpd.html19:55
bogeyd6sorry im at office so im in and out19:55
ballooozabogeyd6: yes?19:55
bogeyd6balloooza,  https://help.ubuntu.com/8.04/serverguide/C/httpd.html19:56
bogeyd6start all over with that link19:56
mathiazsommer: do you know where a copy of the ubuntu server guide for 7.10 could be found?19:57
mathiazMagicFab: ^^19:57
bogeyd6mathiaz, http://ubuntuguide.org/wiki/Ubuntu:Gutsy19:59
bogeyd6specifically http://ubuntuguide.org/wiki/Ubuntu:Gutsy#Servers19:59
MagicFabbogeyd6, tx!20:00
bogeyd6is there a compelling reason to be using 7.10?20:00
MagicFabbogeyd6, no, which is why i am helping upgrade / recover data from it :)20:07
ballooozanow I have a new problem, there are no files in /etc/apache2, yes I doo have a backup of them, but how do I get the original factory files20:09
balloooza(ie all I have is httpd.conf)20:10
ballooozabogeyd6: why do you say the name20:16
bogeyd6sudo apt-get remove apache2 && sudo apt-get install apache220:17
ballooozarunning now...20:18
bogeyd6i always had a problem with it not putting init files back20:18
ballooozabogeyd6: still, nothing in the /etc/apache folder20:18
alexmyou should add --purge to remove for apt to remove config files20:19
bogeyd6just thought of that20:19
ballooozaok, doing...20:19
ballooozastill nothing20:19
bogeyd6did you do the purge?20:19
alexmare you concerned about /etc/apache or /etc/apache2 ?20:20
ballooozado you know what package the default config is in (I would have guessed apache220:20
bogeyd6balloooza, apt-get --purge remove apache2-common apache220:20
ballooozaaeger /etc/apache220:20
bogeyd6balloooza, apt-get install apache220:20
bogeyd6that will work, i just tried it20:20
ballooozadont wory about the thing in the beginning awrng thing20:21
alexmthen you should purge package apache2.2-common20:21
alexmdpkg -S /etc/apache2 show the package name owning the file or directory20:21
bogeyd6balloooza, sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache220:21
bogeyd6it works20:22
bogeyd6on 8.04.120:22
ballooozaso wait, so far I ran purge remove one, then the install apache2 one, now what do I do?20:22
bogeyd6the command i just gave you20:22
bogeyd6we didnt do the the -common last time20:22
ballooozaI am looking for /etc/apache2/apache.conf20:24
bogeyd6balloooza, if you run that command it will default everything back to square one, just like you wanted.  sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache220:25
ballooozaOK,  it didn't, but I will work on it more, obviously I have a non standered problem20:26
alexmballoooza: it will remove all the files that came or were created during the apache installation, but not those you created afterwards20:27
alexmif you want to make sure that you remove all of them, rm -rf /etc/apache2 after backing it up (just in case) and purging it20:28
alexmmaybe package etckeeper will help you track changes on /etc/apache2 files, it's worth trying20:29
ruben231by default what is the password of root in fresh install ubuntu..?20:33
ballooozathere is none20:33
balloooza"for safty:20:33
ruben231no password..?20:34
ruben231just blank20:34
balloooza(ubuntu uses sudo instead of root, this is annoying somtimes, but I have learned to like it,  I do not have to give put a root password20:34
ballooozaBTW, there is no password, that means you cannot log onto it, this is ubutu security modle, so telling you how-to would be unexceptable, on the forums or here20:35
ubottuWe don't support a root password so don't suggest one unless you are going to be here 24/7 to help someone who has problems as a result of having one, many thanks ;-)20:36
ubottuDo not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo20:36
bogeyd6sage advice ruben20:36
ruben23ok got it20:36
ballooozathose are some new ubottu commands. saves me typing20:37
bogeyd6i wonder20:37
bogeyd6!root @ bogeyd620:37
ubottuSorry, I don't know anything about root @ bogeyd620:37
ballooozabogeyd6: how do I get a list of all ubottu s commands ( I have a feeling he will tell me)20:38
balloooza!connands @ balloooza20:39
ubottuError: I am only a bot, please don't think I'm intelligent :)20:39
ubottuHi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/UbuntuBots20:39
ballooozayay, that was it!!20:40
bogeyd6i dont know20:40
bogeyd6there you go20:40
ballooozaI got it20:40
ubottuUbuntu, like any other linux  distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist20:40
DormantOdenhey Ubuntu people20:46
DormantOdenI seem to have a HUGE memory leakage problem20:46
DormantOdenanyone know of any active memory readers?20:47
ballooozais this an ubuntu problem or ubuntu server20:47
ballooozarun top20:48
ballooozathen sort by memory usage20:49
jbernardDormantOden: once top comes up, hit 'O', then 'n', then <enter>20:49
jbernardDormantOden: that will sort the list by memory usage20:49
DormantOdenwill do =)20:51
DormantOdenhmm, seems steady now20:53
DormantOdenI was restarting apache quite alot.... Ill try that alot again :P20:53
DormantOdenFound it!20:57
DormantOdenDamn you migrate database!20:57
DormantOdenits going to asplode again!20:57
DormantOdenquick, how do i stop somthing 0o20:58
DormantOdenahhh... it died. ='(20:59
firecrotchDormantOden: what are you trying to do?20:59
DormantOdenstop a massive memory leak20:59
DormantOdenat least i found the culprit :P20:59
DormantOdenit used like 2 gigs in 3 minutes 0o21:00
firecrotchDormantOden: whats the cause of the mem leak?21:00
DormantOdena doogy plugin by the looks of it. I tried to migrate some database things and it exploded21:01
DormantOdensome chat plugin for redmine to be specific21:01
DormantOdenHow can I stop ruby, just for future needs?21:02
troglobyteIf I wanted to automate a scp upload to /var/www/dirname (owned by www-data) do I just add the uploading user to the www-data group?21:06
garchonixcould someone give me a hand? i need to sync two dirs, but transferring only files that in IN THE DESTINATION have mtime < some_time21:08
garchonixwhat would be the best way to do that?21:08
jfontan1troglobyte, that and also giving write premissions to group (that must be www-data)21:12
troglobytejfontan1, thanks!21:13
=== jfontan1 is now known as jfontan
quentusrexIs anyone around that is familiar with x509 certs and gnutls?21:25
=== cjwatson_ is now known as cjwatson
BilgeEven though migrating from LTS to 9.04 would require upgrading in several steps, would it be possible, in future, to upgrade directly from an old LTS distro to a new one?21:49
infinityBilge: We support LTS->LTS upgrades, yes.21:52
infinityBilge: (For instance, we support dapper->hardy right now)21:52
docta_vi have some custom packages i've built and i'd like to authenticate them using apt... just wondering what the best method is to deal with trusted.gpg22:04
docta_vi was considering either... making my own package to replace this file wholesale... or running a script on every system to add the new key. there doesn't appear to be an easy way to deal with this issue22:04
majikmandoes anyone else here have issues with ubuntu's default configuration of having tomcat log stuff into syslog?22:10
n8boundsHullo all22:31
n8boundsanyone here handy with bind9?22:32
KillMeNowi'm fairly handy22:33
n8boundsi have a in-addr.arpa zone problem...22:33
KillMeNowwhat' the problem22:33
n8boundsmy bind server hosts a few public zones22:33
n8boundsbut i never set up a reverse lookup zone22:33
n8boundstrying to do that today results in fail22:33
KillMeNowwell, you normally wouldn't22:33
KillMeNowunless the IP range has been swipped to you22:33
n8boundsi have to for our mail server22:34
KillMeNowfor the public side22:34
KillMeNowok, has the IP range been swipped to you?22:34
n8boundsour ISP (AT&T) delegates our public subnet's DNS (including the in-addr.arpa) zones to us22:34
n8boundsright, so the named service restarts fine with the config I have22:34
n8boundsbut it refuses to answer22:35
n8boundswould u mind if i pasted one line from syslog in here?22:35
n8boundsJul 13 17:35:11 mail named[21637]: client view external: query (cache) '' denied22:35
KillMeNowulness you wanted to use pastebin22:35
n8boundsi may have to22:36
KillMeNoware you running bind9 in a chroot jail?22:36
n8boundsthe server's hostname is mail, obviously, and the client ip is an external source--of our network22:36
n8boundsthis is just bind9 apt-got on 8.04.222:36
KillMeNowi'm assuming then you created a in-addr.arpa zone for that IP block?22:37
n8boundsyes: http://pastebin.com/m7b432cde22:38
KillMeNowdo you get any errors when you do your rndc reload?22:40
n8boundsnamed-checkconf & named-checkzone pass fine too22:41
KillMeNowhave you tried using the host command to dig out the reverse pointers locally to the DNS server?22:43
n8boundsno, good idea22:44
n8boundslets see...22:44
n8boundsHost 128- not found: 5(REFUSED)22:44
n8bounds@goldrake hiya22:44
KillMeNowalso, the error also says that the query (cache) is denied, i'm not seeing the statement "allow-query-cache" in your named.conf22:45
n8boundswell, if i enable that, it just recurses through and ends up without an answer at the root servers...22:45
KillMeNowcourse you didn't post your named.conf22:45
goldrakegood evening n8bounds22:45
KillMeNowhrm...  if you don't "allow-recursion" i'm not sure it will allow it to go to the root servers22:46
n8boundsbut im trying to be authoritative...22:46
n8boundsi dont want it to recurse to the roots22:46
n8boundsif you dont mind22:47
n8boundsi just enabled query-cache to any22:47
n8boundsfrom your machine, run this command: dig @ns.epescarriers.com -x
n8boundsyou will get NOERROR, but no answer either22:47
KillMeNowhost gives this reply: is an alias for 132.128/
n8boundsnow why would yours be different...22:50
n8boundsanyway, that doesn't make any sense either way22:52
n8boundsas I have as a PTR rr not a CNAME22:52
KillMeNowbut are you still getting the denied error from localhost?22:53
n8boundsi forgot to mention22:55
n8boundsthis is "split"22:55
n8boundsi have two views22:55
n8boundsof which loopback does not fall into the external view22:55
n8boundswhere that reverse zone is configured22:55
KillMeNowfigured when i seen the "view external"22:56
KillMeNowhowever, if it works on the internal side, then we need to look at why it's not allowing it externally22:56
KillMeNowdid you enable IPv6?22:56
majikmananyone know how to reconfigure tomcat so that it stops logging into syslog?22:59
n8boundsi did enable ip623:01
n8boundsi finally got my thread started: http://ubuntuforums.org/showthread.php?p=7611249#post761124923:03
n8boundsthere are almost ALL the config files23:03
n8bounds@majikman, lemme see how I have mine set up23:03
majikmann8bounds, i think i have to modify the /etc/init.d/tomcat6 file. ps shows this option.... -outfile SYSLOG -errfile SYSLOG23:04
n8boundscheck out  /etc/tomcat5.5/logging.properties23:05
n8boundsmine logs to syslog, but only on errors, it seems23:06
n8boundsmostly it logs to a few files in /var/log/tomcat5.5/23:06
n8boundsmy init.d script uses "$CATALINA_BASE/logs" "$CATALINA_BASE/temp23:08
goldrakegood night23:08
majikmann8bounds, thanks for looking. thats interesting to know. my logging.properties isn't set to use syslog and my init.d file is hardcoded to syslog. i just changed it and it should hopefully start working the way i want it to now23:09
n8bounds@majikman, np. make sure you create the tomcat5.5 subdir in /var/log if its not created already23:10
KillMeNoware you running SELinux n8bounds?23:10
n8boundsi have no idea how to add that to ubuntu23:10
KillMeNowapparmor is Ubuntu23:11
KillMeNowand i've never gotten it to work properly23:11
KillMeNowalways caused me more pain23:11
n8boundsyeah, but i know what apparmor looks like (at least) when it complains in syslog23:12
n8boundsand it isnt23:12
n8boundsit did when I tried to use a non-default dir for zone files23:12
n8boundsso i just went back to /var/cache/bind/23:12
jdstrandn8bounds: you could also adjust /etc/apparmor.d/usr.sbin.named23:14
n8boundsyeah, i started to do that, but i'd have to do it on about 10 servers23:14
n8boundsso i just went the easy way ;)23:14
n8boundsit was easier to add one more dir to my /etc/* -R backup script :)23:15
* jdstrand nods23:15
KillMeNowwhen i resolve ns.epescarriers.com i get
n8boundsbut if you try to reverse query you get fail23:17
KillMeNowyea, it fails23:17
n8boundsi have no idea why23:17
KillMeNowhost nx.epescarriers.com gives me fail23:18
n8boundsyou mean ns, not nx, yes?23:18
KillMeNowHost not found: 5(REFUSED)23:19
KillMeNowthat's the exact error23:19
n8boundsme too23:19
KillMeNowok, stop and start the named service then hit the syslog23:20
KillMeNowmake sure everything looks copasetic and all the zone files are actually loaded23:20
n8boundsit is23:23
n8boundsPS, i would have a big problem if it wasnt23:23
n8boundszone 128- loaded serial 200907131523:24
n8boundsthat's the wonky part23:24
KillMeNowyea, WTF over23:24
n8boundsit loads it, but doesnt act authoritative23:24
phaidroshm, after installing hwinfo on a machine i get this:23:25
phaidrosInconsistency detected by ld.so: ../sysdeps/x86_64/dl-machine.h: 416: elf_machine_rela_relative: Assertion `((reloc->r_info) & 0xffffffff) == 8' failed!23:25
phaidrosfor every command ..23:25
phaidrosany hints on that? (I'm not wanting to reboot quick, because it is a xen dom0 instance with 8 virtual machines)23:25
KillMeNowwell, it's not a servfail error, but a refused error23:26
n8bounds@phaidros something is seriously wrong23:30
n8boundscheck your filesystems, you might be full23:30
phaidrosn8bounds: I expected :/23:31
phaidrosn8bounds: !23:31
n8bounds# df -HT23:31
phaidrosgood hint23:31
n8bounds...if you can23:31
n8boundsthat is23:31
phaidrosof course not23:31
n8boundstry to init 1, when u can bring the vms down23:31
phaidrosok, full fs makes sense23:31
n8bounds@KillMeNow I added another post http://ubuntuforums.org/showthread.php?t=1212421 and I think I know the problem, just not the solution23:32
phaidrosso, the whole procedure again, all vms down, write users mails before, repair dom0, bring everything up and fix all which broke on the way :D23:32
n8boundsbind doesnt seem to think it should be authoritative for that zone23:32
n8bounds@phaidros, yeah, might be good to throw an fsck in there somewhere ;)23:33
n8boundsKillMeNow: you must be
KillMeNowyes, that's me23:36
n8boundsI think I've read the zytrax bind book about 20 times now23:37
n8boundsalso, the bv ARM isnt very detailed23:37
KillMeNowok for giggles allow-recursion23:37
n8boundsok, standby23:37
n8boundswide open23:38
KillMeNowyes, the problem is TOTALLY that it's not acting as authority23:39
KillMeNowit punted me to the root servers when you enabled recursion23:39
KillMeNowread that23:40
KillMeNowi think that will clear up your problem23:40
n8boundswhoa... thats written by The Man, himself..23:42
n8boundsthat has to work. trying it now23:43
KillMeNowand the situation sounds just like the one you're experiencing23:43
n8boundsyes it does23:44
n8boundswhy does he write it zone "224-" { intead of zone "224-" IN {23:45
n8bounds(i thot u needed the IN)23:45
KillMeNowit was written in 200423:46
KillMeNowit's the concept however23:46
KillMeNowand it explains WHY when i do just host i get the cname pointer23:47
EASanyone know what the story is about DRBD8 for Jaunty?23:48
EASdo I just need the utils?23:50
KillMeNowno idea EAS23:50
n8boundsnot sure23:52
n8bounds@KillMeNow, I changed this part of the external view23:53
EASok, looks like the drbd module is now part of the linux-image-*-server package...23:54
n8bounds@KillMeNow, I'm getting these now "zone 82.145.12.IN-ADDR.ARPA/IN/external: refresh: non-authoritative answer from master (source" I must have picked a fools master23:56
n8bounds...any clue on how I find the master for that zone?23:56
n8boundsi looks like xbru.br.ns.els-gms.att.net.23:56
n8boundsbut i may be way off23:56
KillMeNowyea, those are the authoriative which CNAME it to you23:56
KillMeNowone second23:56
KillMeNowheh, ok now i get servfail when i try to grab the reverse23:57
n8boundscan you use hostnames as masters?23:58
KillMeNowi wouldn't think23:59
n8boundsheh, ur right23:59
KillMeNowwhat is your resolv.conf pointed to?23:59
KillMeNowor are you doing these queries from a separate machine?23:59
n8boundsthe latter23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!