/srv/irclogs.ubuntu.com/2009/08/26/#ubuntu-server.txt

Bilge	derp	00:00
jdstrand	apache2-mpm-itk is also in universe, so no USN	00:11
jbernard__	kirkland, mathiaz: i've just uploaded libcgroup to REVU that addresses all of the current issues	00:11
jbernard__	kirkland, mathiaz: I think it's super solid now, any feedback you've got is much appreciated	00:12
mathiaz	jdstrand: hm - so USN are not published for packages in universe?	00:16
jdstrand	mathiaz: that is correct	00:16
mathiaz	jbernard__: since the 0ubuntu1 version of libcgroup has been rejected	00:25
jbernard__	i already bumped it	00:25
jbernard__	to 0ubuntu2	00:25
mathiaz	jbernard__: you should just upload a new version of 0ubuntu1 to revu	00:25
jbernard__	ahh	00:25
jbernard__	good call	00:25
jbernard__	im on it	00:25
mathiaz	jbernard__: package version are only relevant once they're in the archive	00:25
mathiaz	jbernard__: but REVU is used before the archive - and thus should only have 0ubuntu1 versions	00:26
jbernard__	mathiaz: ok, good to know	00:26
mathiaz	jbernard__: and an changelog entry just stating Initial Release	00:27
mathiaz	jbernard__: once the package is the archive, REVU is not used anymore	00:27
mathiaz	jbernard__: new version should be sponsored via LP bugs(branches soon)	00:27
jbernard__	mathiaz: ok, upload complete, should show up on the next pulse	00:30
mathiaz	jbernard__: it seems that most of the code is actually licensed under LGPL 2.1	00:35
jbernard__	mathiaz: yes	00:35
mathiaz	jbernard__: while debian/copyright states LGPL 2	00:35
mathiaz	jbernard__: COPYING in the src tree is LGPL 2.1	00:36
jbernard__	yeah, as i understood it, LGPL-2 == 2.1	00:36
jbernard__	since it was the first successor to GPL-2	00:36
mathiaz	jbernard__: hm - I don't think so	00:37
jbernard__	mathiaz: i was reading the second para from the top in COPYING	00:37
mathiaz	jbernard__: /usr/share/common-licenses/ has a file for LGPL-2 and another one for LGPL-2.1	00:38
jbernard__	mathiaz: indeed it does, oops ;)	00:38
jbernard__	ill fix it up, gimme a sec	00:38
mathiaz	jbernard__: right - that paragraph is confusing	00:38
jbernard__	nothing gets by you guys ;)	00:39
mathiaz	jbernard__: licensecheck	00:39
mathiaz	jbernard__: ^^ help script to figure out the licenses of every file in the src tree.	00:39
jbernard__	mathiaz: i ran that, but it seems to be very particular about header format	00:42
jbernard__	mathiaz: so i ended up having to go through most of it by hand	00:42
mathiaz	jbernard__: I usually run this command http://paste.ubuntu.com/259563/	00:44
mathiaz	jbernard__: which is just for loop	00:44
jbernard__	mathiaz: oh nice	00:45
jbernard__	mathiaz: ok, upload is done	00:47
jbernard__	mathiaz: i have to run out for a bit, but leave comments here and I'll pick them up on my return	00:47
jbernard__	mathiaz: thanks for all the time, I really appreciate it	00:47
mathiaz	kirkland: ^^ - looks good to me now	00:53
mathiaz	kirkland: you can have another look at the packaging - (0ubuntu1 has been rejected from the NEW queue)	00:53
Doonz	hey guys can someone recommend a program to monitor my network cards. im having connection issues with my server and i beleive i have a bad nic in it but need to justify getting a new one	01:13
KillMeNow	wireshark maybe?	01:16
KillMeNow	hrm... are you getting a bunch of errors when you do a ifconfig?	01:16
giovani	wireshark on a server? no ...	01:44
giovani	tcpdump will work fine -- but it won't tell you if the problem is at the NIC	01:45
giovani	you can run some traffic tests locally on the LAN	01:46
giovani	but unless you test the same switch ports, etc -- you can't eliminate all of the variables	01:46
KillMeNow	how many times have you seen a NIC fail giovani?	01:54
KillMeNow	it's pretty rare	01:54
oh_noes	is it posisble to tell lvextend "extend to the end of the physical disk" instead of saying "+400M"	02:32
twb	oh_noes: I guess you could just keep extending it until you run out of extents.	02:49
twb	pvs will tell you how much is left	02:49
twb	Ah, the manpage mentions %FREE	02:49
twb	So try --size 100%FREE	02:50
twb	+100%FREE, rather	02:50
oh_noes	nice, thanks!! Let me try	02:51
twb	oh_noes: I worked this out by READING THE MANUAL	02:51
twb	It's an approach I highly recommend.	02:51
oh_noes	twb: your right, I can use 100%FREE which works, however I cant lvextend it because the VG is still the same size	03:37
oh_noes	any thoughts on how to tell vgextend to "extend to the end of the existing disk you already have"	03:37
twb	oh_noes: that doesn't make sense.	03:37
twb	a VG is a bag of PVs. PVs are either disks or (more commonly) partitions.	03:38
twb	Pastebin the output of "pvs", "vgs" and "lvs".	03:38
oh_noes	twb: http://pastebin.com/meeb9974	03:40
twb	oh_noes: so you have one PV, /dev/sdb1	03:40
oh_noes	twb: in my example, I have extended the 'end' of an existing disk. So theres sdb1 which was originally 100% (8GB), then I added another 8GB to sdb, so I want to extend sdb1 to include the new free space at the end of the disk	03:41
twb	oh_noes: if there is space on sdb not allocated to sdb1, you can't use it.	03:41
twb	You would either need to extend the PV, or add another partition (sdb2) and make that a second PV, and add that new PV to the VG.	03:41
oh_noes	twb: hrm, ok thanks. What Im trying to do is handle a "VMware size increase". ie. the OS is shutdown, then sdb is brought back with additional space at the end. I want to be able to handle this and increase /foobar	03:43
oh_noes	I thought LVM would handle this, but maybe not. As you said, it appears my problem is that sdb1 isnt associated with that free space.	03:43
oh_noes	can I use anything to resize and expand sdb1 to take up the free space?	03:43
twb	You can delete the partition from the partition table and create a new one in the same place, with a different size. I do not know if LVM will cope with that.	03:44
oh_noes	so there isnt a 'proper' way to handle this?	03:45
oh_noes	I prefer not to create a new partition, because I don't know how many more times it'll be extended (and thus new partitions) will be needed	03:45
twb	Because you're running in vmware there's not a lot of point in using LVM anyway	03:47
twb	You might as well just make a filesystem directly on /dev/sdb1 and then use resize2fs when you grow it.	03:48
oh_noes	twb: but wont I have the same problem? the partition is 8GB with unallocated space at the end of the disk.	03:49
oh_noes	I will still need to resize the actual partition, right?	03:49
twb	Oh, yeah, I guess. But I know ext3 won't care if you delete and create a new partition	03:50
oh_noes	theres no GNU tool that can resize a partition into unallocated space?	03:52
oh_noes	gparted will do it, but I dont want to boot into a live CD. I was hopign to do it somewhere in rc2.d before applications come up (so they can use the new size)	03:53
giovani	"resizing" = bad!	03:53
giovani	oh_noes: you can't resize a normal partition while an OS is running from it	03:53
giovani	not even windows can accomplish that	03:54
oh_noes	maybe i can manually delete the partition with fdisk and create it again (but bigger)	03:55
giovani	yeah ... back up your data first	03:55
oh_noes	giovani: whats the definition of a 'normal' partition? Whats the difference between creating sdb1 on a new unused sdb1 and extending sdb1 when sdb is unused?	03:56
giovani	a "normal" partition is one that isn't LVM	03:56
giovani	your sdb/sdb1 example makes no sense	03:56
oh_noes	giovani: yep i get that, in my case the partition in question is /foobar	03:56
oh_noes	OS is not running from it, sdb1 isnt mounted.	03:57
giovani	ok -- so then why do you need to do it in rc2?	03:57
giovani	you can always modify partitions that don't have the OS on them when the system is fully booted	03:57
giovani	no need to use a livecd	03:57
oh_noes	i was hoping i could 'detect' the VMware disk has been increased, then resize it before apps come online	03:57
giovani	what?	03:58
giovani	sigh	03:58
giovani	I have no idea what you're talking about	03:58
oh_noes	giovani: what can I use to modify the existing partition into unallocated space?	03:58
giovani	what does "modify the existing partition into unallocated space" mean?	03:58
oh_noes	it means, sdb is 0-1000 blocks	03:58
oh_noes	sdb1 is using 0-300	03:58
oh_noes	I want to make sdb1 take up the entire 0-1000	03:58
giovani	you don't	03:59
giovani	particularly if it uses ext3	04:00
ball	giovani: Is that like spreading peanut butter too thin?	04:00
ball	(run out of inodes etc?)	04:00
giovani	ext3 won't resize	04:00
giovani	period	04:01
giovani	the only way to resize a ext3 partition is to convert it to ext2	04:01
giovani	and then back	04:01
giovani	and I would never recommend it	04:01
giovani	just move the data off -- make it LVM for future use	04:01
giovani	and move the data back	04:01
ball	hello pw_thirdfloor_	04:14
=== pw_thirdfloor_ is now known as pw_thirdfloor
Tim__Reichhart	there anyway that I can configure squirrelmail just accept just the username and not the full email address?	04:48
=== johe__ is now known as johe
uvirtbot	New bug: #419053 in samba (main) "package samba 2:3.3.2-1ubuntu3.1 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/419053	07:46
martinjh99	Is there a package for mod_security for Apache2 on hardy lts?	08:48
\sh	martinjh99: doesn't look like...libapache2-mod-security occured first time in jaunty (when packages.ubuntu.com is true)	08:55
martinjh99	poo - Just had someone putting phishing files on my server... Trying to harden it up a bit...	08:56
martinjh99	setup ufw to allow http	08:56
martinjh99	and ssh only from local network...	08:57
martinjh99	Also added a password to root. Is there anything else I should be doing?	08:57
\sh	martinjh99: I would fix the application first	09:04
martinjh99	Everything is updated from ubuntu repos - Updated Joomla from their website to the latest version.	09:11
Boohbah	martinjh99: don't use vulnerable web applications	09:26
ewook	lol	09:29
martinjh99	yes that might be a good idea...	09:29
ewook	joomla is indeed targeted - or, foremost the badly written plugins.	09:30
martinjh99	Ah ok - suggestions for a CMS then??	09:31
martinjh99	So might be my choice of cms thats the problem...	09:31
\sh	drupal is good...typo3 is also having issues mostly plugin wise	09:32
martinjh99	thanks for those - Could never get my head round Drupal when I tried it before plus there are no examples like the ones in Joomla	09:33
\sh	martinjh99: drupal has a lot of examples and good books out in the field	09:38
martinjh99	:) I'll google and have a look... Thanks	09:46
dayo	anyone has any experience with snort?	10:03
jtimberman	dayo: you might try #snort :)	10:05
dayo	jtimberman: in there right now. spookily quiet, though	10:05
jtimberman	dayo: more active during the day in the US, I think.	10:06
dayo	jtimberman: true. forgot the timezome thing lol	10:06
jtimberman	dayo: me too, its apparently after 3am.	10:06
dayo	i'll check back later, then	10:06
dayo	lol	10:07
alvin	Are there known issues when using ext4 filesystems in qcow2 images? I'm seeing a lot of corruption when using a Karmic kvm host.	10:13
alvin	What I actually want is building a stable production system:	10:22
alvin	What Ubuntu version has the most stable version of kvm, what filesystem and what type of images should I use?	10:23
a_ok	I did an release update however the php gd.so lib disapeared. how is this possible? (fixed it by installing the package php-gd)	10:28
mattt	a_ok: the only reason i could think it'd get removed was if gd was now built into the base php package, and not required as a module	10:37
mattt	a_ok: which release are you using?	10:37
a_ok	hardy	10:38
a_ok	mattt: yeah guess that must be it. dangerous though as these kind of changes can break stuff	10:39
mattt	a_ok: hmmm, i don't think that's it :/	10:40
mattt	a_ok: maybe you want to look through /var/log/dpkg.log to see if it offers any insight	10:47
a_ok	mattt: 2009-08-26 07:32:23 upgrade php5-gd 5.2.3-1ubuntu6.3 5.2.4-2ubuntu5.7	10:49
a_ok	when updating it just removed it and did not install the new one	10:49
a_ok	i checked with apt-cache policy and there simply was no php5-gd installed anymore. i guess something is broken in that package	10:50
a_ok	mattt: or 2009-08-26 07:40:47 remove php5-gd 5.2.4-2ubuntu5.7 5.2.4-2ubuntu5.7	10:51
a_ok	removed a bit to much	10:51
cjwatson	soren: so, if I fix that start-stop-daemon thing (at least on start) can I go ahead and upload that?	12:19
soren	cjwatson: Yes, please do.	12:19
soren	cjwatson: Sorry, didn't I say that last night before I passed out?	12:20
soren	cjwatson: scrollback suggests I did not. Sorry.	12:20
cjwatson	no problem, I was beating on RAID this morning anyway	12:24
spiekey	Hi!	12:25
spiekey	if i boot with 8.04 or 9.04 live cd, i get a sda device. If i boot with my own kernel, i have a hda device.	12:26
spiekey	this sucks since i want to do automatic cloning :)	12:26
spiekey	is there a way to turn off/on this scsi emulation?	12:26
cjwatson	only by recompiling the kernel, usually	12:37
cjwatson	it's probably CONFIG_ATA plus CONFIG_PATA_WHATEVERDRIVERRUNSYOURCONTROLLER	12:37
cjwatson	the old IDE stuff is decreasingly well maintained so in general it's a good idea to try to switch away from it	12:38
spiekey	okay, thanks	12:41
soren	spiekey: What exactly are you trying to do?	13:09
spiekey	soren: Boot up Ubuntu-Live CD ---> Run a Script that mounts, rsyncs, writes grub, reboots the Cloned PC.	13:12
spiekey	my problem: When it boots up i get hda, in the Live CD its sda	13:12
spiekey	so my searchand replace script wikk fail...well it works, but then i run into a kernel panic :)	13:13
heath\|work	I need to find a script that has a name in it. So far I have: find / -type f -regex .*\.sh -exec grep smith {} \;	13:21
heath\|work	It spits out the line the name is on, but not the file name. What do I need to add to view the filename?	13:21
pmatulis	heath\|work: try 'grep -l'	13:26
heath\|work	pmatulis, thanks, I will	13:28
szczym	Helo all, i have a problem installing ubuntu server on box with no cdrom (i do it from usbstick). install stops on detecting cdrom (demands floppy drivers). could any one help me please ?	13:37
pmatulis	szczym: does your BIOS support booting from USB?	13:38
heath\|work	pmatulis, Thanks that worked!	13:38
pmatulis	heath\|work: good stuff	13:38
szczym	yes, i did booted fine from usb	13:38
pmatulis	szczym: that's strange, what release are you tring to install?	13:39
pmatulis	*trying	13:39
szczym	8.04.03 installer works from usb but dont go forward after message "No common CD-ROM drive was detected"	13:40
szczym	the failing item is: Detect and mount CD-ROM	13:41
pmatulis	szczym: maybe add comment to bug 378442	13:45
uvirtbot	Launchpad bug 378442 in linux "Error 'No common CD-ROM drive was detected' when installing Ubuntu Server via USB drive" [Undecided,New] https://launchpad.net/bugs/378442	13:45
szczym	there are several bugs issued on that topic, but no solution ;(	13:46
pmatulis	szczym: i know, but commenting to it is the proper thing to do	13:51
szczym	yes, thanx for info. in my humble opinion its very embarrassing problem given debian/ubuntu excellence ...	13:54
pmatulis	szczym: agreed	13:55
pmatulis	szczym: you may want to dig dipper by asking in #ubuntu-installer	13:55
pmatulis	*deeper	13:55
szczym	thanx, i will	14:02
uvirtbot	New bug: #419191 in php5 (main) "Mailing from php5 module fails when number of Apache VirtualHosts is above +/-1500" [Undecided,New] https://launchpad.net/bugs/419191	14:25
giovani	above +/-1500?	14:26
soren	giovani: I'm guessing "+/-" is a poor man's "~".	14:27
mattt	:)	14:27
giovani	soren: ah, it baffled me, honestly	14:35
pmatulis	szczym: looks like you got some good info over there	14:46
szczym	yes indeed it helped me partially	14:47
szczym	but any way i will tray to install 8.04 on other box into pendrive and then boot from it the machine because on 9.04 i head problems with gphoto2	14:48
ahasenack	is there a command line tool that checks for available security updates and matches them with USNs?	15:32
ahasenack	/usr/lib/update-notifier/apt-check uses just the repository name. If it ends in -security, the update is considered a security one	15:32
ahasenack	(and it has to come from "ubuntu")	15:32
sgsax	ahasenack: I was looking for just such a thing a month or so ago, but never found one	15:39
garymc	sorry guys, forgot the command to add a user in the terminal is it "sudo aduser john" ?	15:47
garymc	"sudo adduser john" ?	15:48
sommer	garymc: yeppers	15:49
garymc	thanks	15:50
sgsax	useradd is the "classic" tool	15:50
sgsax	but adduser is the kinder gentler interactive debian tool	15:50
traemccombs	hey guys... morning.	16:04
traemccombs	Anyone use clonezilla and know if there is a problem with doing 4 machines @ once over a network?	16:05
traemccombs	I've got a single image on a box... and I want to get said image down to 4 machines. But wouldn't think there'd be a problem with accessing the same file from 4 machines	16:05
josephpiche	I was wondering if could have someone look at ubuntu bug 396632. I filed it because I feel like I should be able to run `service lighttpd status` as an unprivileged user, but I'm not familiar enough with init scripts to know what to modify in order to write a patch.	16:09
uvirtbot	Launchpad bug 396632 in lighttpd "lighttpd init file should not chown or chmod on status check" [Undecided,Incomplete] https://launchpad.net/bugs/396632	16:09
sgsax	traemccombs: accessing the image file shouldn't be a problem, but iirc, clonezilla uses udp broadcast, which could conceivably cause your network to get real slow	16:12
traemccombs	sgsax: yeah.... that could be bad. :)	16:16
traemccombs	maybe I'll just take them off the network and stick em' on a solo switch	16:16
frojnd	Hello there.	16:24
frojnd	I desperetally need someone that has experience with linux	16:25
frojnd	I've done some "terrible" things	16:25
frojnd	First I've removed my primary rtorrent 0.8.0	16:25
frojnd	And I've installed it with ./configure and make commands	16:25
frojnd	All fine and well but I excidentally removed the source dir :S	16:26
frojnd	So I thought why not download again and ./configure and make again..	16:26
frojnd	all good and fine only that I missed the stable versioninstaead I've selected development version :S	16:26
frojnd	I tried to make uninstall	16:26
frojnd	but I couldn't	16:26
frojnd	i kept getting errors like: make: *** No rule to make target `uninstall'. Stop.	16:27
frojnd	and if that wasn't enough I've tried to install svn and from it rtorrent	16:27
=== Authority is now known as Guest21595
frojnd	http://www.howtoforge.com/compile-rtorrent-from-svn-ubuntu-8.04-hardy-heron <- I follewed that guide	16:27
frojnd	all good and fine, only that know I have not working 0.8.0 version that only sudo user is allowed to run it :S	16:28
frojnd	Is there anyone brave enough to help me solve this mess? I need to remove newest version of rtorrent which is 0.8.4	16:28
frojnd	and possible the svn lateset version 0.8.5	16:28
frojnd	and maybe even version 0.8.0	16:29
frojnd	any brave ppl here?	16:30
frojnd	I guess not :S	16:31
ilowe	frojnd: give people a chance to respond.... we are all multi-tasking	16:32
frojnd	ilowe: ok I'm myself so I'll wait hope someone response.	16:33
ilowe	frojnd: I take it the version in the repos is no good for you?	16:33
=== Faust-C is now known as virtualdisaster
mushroomblue	has anyone actually successfully set up OpenLDAP using the server guide?	16:34
virtualdisaster	mushroomblue, no :)	16:35
virtualdisaster	mushroomblue, but i got a book that helped	16:35
frojnd	ilowe: no	16:35
frojnd	ilowe: I have 8.04 LTS and it is only 0.8.0	16:35
mushroomblue	virtualdisaster: wait. so the book helped you _not_ set up openldap?	16:35
mushroomblue	virtualdisaster: what'd you end up doing to set it up?	16:36
virtualdisaster	mushroomblue, one sec	16:36
ilowe	frojnd: what version do you require?	16:37
mattt	mushroomblue: i just set it up on lenny :)	16:37
mushroomblue	hah.	16:37
mushroomblue	doesn't lenny also require GnuTLS?	16:37
mattt	i do have libgnutls26 installed	16:38
frojnd	ilowe: 0.8.4	16:38
frojnd	ilowe: it has features that I need	16:38
frojnd	ilowe: well 0.8.4+	16:38
mushroomblue	mattt: didja use a howto, or are you merely strong with the force and set it up from memory?	16:39
virtualdisaster	mushroomblue, mastering openldap	16:39
virtualdisaster	good book	16:39
mushroomblue	virtualdisaster: relevant to 9.04?	16:40
virtualdisaster	should be	16:40
mushroomblue	hmm. seems most books on openldap I found require modifying a deprecated slapd.conf	16:40
mattt	mushroomblue: i know nothing about ldap, used some guides online	16:41
mattt	mushroomblue: what problem are you running into?	16:41
mattt	mushroomblue: i want to use ldap for vsftpd authentication -- used these two (fortunately book-marked them): http://www.howtoforge.com/linux_ldap_authentication http://www.debuntu.org/ldap-server-and-linux-ldap-clients	16:41
mattt	mushroomblue: it's working from what i can tell, i managed to use libpam_ldap to connect ldap and vsftpd	16:42
mushroomblue	mattt: that might solve it.	16:42
mushroomblue	I think my first mistake was using the ubuntu server guide	16:42
mushroomblue	my first issue was trying to figure out GnuTLS in order to set up a certificate authority. documentation was slim	16:44
mushroomblue	now slapd seems to be working with it	16:44
mushroomblue	but I can't log in as a user from the directory.	16:44
mushroomblue	I'll stop talking and RTFM a bit more. thanks for the links.	16:45
frojnd	ilowe: I'm doing programming myself just out of curiousity, u still with me despite multi-tasking stuff? :P	16:45
ilowe	yup; just checked out the SVN trunk, I want to see if I can throw together a quick deb for you	16:46
mattt	mushroomblue: you're trying to log in via what?	16:46
mushroomblue	ssh.	16:46
mattt	mushroomblue: you took care of /etc/nsswitch.conf?	16:46
frojnd	ilowe: great, just wannt u to know that I appreciate this.	16:46
mushroomblue	I think so.	16:47
ilowe	frojnd: you got it :)	16:47
mushroomblue	should ldap be before files?	16:47
mushroomblue	in nsswitch.conf?	16:47
mattt	yeah	16:47
mushroomblue	mmkay.	16:47
mattt	mushroomblue: when you installed libldap on the client, did you specify the ldap server correctly?	16:51
mushroomblue	it appears not.	16:51
mushroomblue	I haven't even gotten to clients yet.	16:52
mushroomblue	I'm still trying to get the server to auth.	16:52
mushroomblue	turns out, nss-ldap is spitting out a ton of errors on startup.	16:52
mushroomblue	apparently, ldaps//127.0.0.1 doesn't exist	16:52
mushroomblue	it's also trying to find these things long before slapd starts	16:52
mushroomblue	mattt: out of curiosity, did you just create a slapd.conf file?	16:53
mattt	mushroomblue: i'd start without the SSL stuff first, and then move on to that :/	16:53
mushroomblue	fair enough.	16:53
garchotron	hello	16:54
mattt	mushroomblue: nope, i had one in /etc/ldap, provided by the ldap server ... you don't have that file?	16:54
mattt	mushroomblue: the only thing i can't figure out is when you configure libldap, where it stores that info about the server (as my /etc/ldap/ldap.conf file on the client isn't updated)	16:54
garchotron	i'm having trouble using refresh-ims directive in squid refresh patterns in ubuntu server 8.04	16:55
garchotron	why isn't the directive supported?	16:55
cPF	is there anyone experiencing this issue? ctrl+c not interrupting processes and various zombies https://bugs.launchpad.net/ubuntu/+bug/402973	16:59
uvirtbot	Launchpad bug 402973 in ubuntu "ssh terminal on Jaunty doesnt process ctrl-C ctrl-D ctrl-Z and so on (dup-of: 317948)" [Undecided,New]	16:59
uvirtbot	Launchpad bug 317948 in gnome-terminal "ctrl+c doesn't interrupt running process" [Low,Triaged]	16:59
mattt	cPF: thankfully not :)	17:00
cPF	it's totally driving me nuts.. been like that for 2 months now	17:00
cPF	hmm, seems like i just found a duplicate bug getting more attention https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/407428	17:03
uvirtbot	Launchpad bug 407428 in openssh "sshd zombie processes and strange behavior after karmic upgrade" [High,Confirmed]	17:03
mushroomblue	matt: slapd.conf is deprecated as of 8.10. 9.04 uses cn=config by default.	17:03
mushroomblue	mattt: is it storing it in /etc/ldap/cn=config ?	17:04
mattt	mushroomblue: nope, al i have in there is a default ldap.conf file	17:04
kirkland	mathiaz: hey, you noticed that libcgroup was rejected too....	17:07
kirkland	mathiaz: i couldn't find any specific feedback, or who did the rejection	17:07
kirkland	mathiaz: could you?	17:07
mathiaz	kirkland: hm - no. I usually don't know why it has been rejected.	17:08
mathiaz	kirkland: I just ask the AA of the day	17:08
ilowe	frojnd: will rtorrent work with latest repo libtorrent or does it depend on more recent versions?	17:09
mathiaz	kirkland: hm - the last karmic kernel update broke my karmic vms.	17:12
mathiaz	kirkland: the block device is not found anymore - have you heard of something similar	17:12
kirkland	mathiaz: hrm, not really	17:12
kirkland	mathiaz: dpkg -S `which kvm`	17:13
frojnd	ilowe: it needs more recent libraries	17:13
frojnd	ilowe: but to tell you the truth I don't know which ones since I have a mess here	17:13
mathiaz	kirkland: kvm	17:13
mathiaz	kirkland: the host is running hardy	17:13
frojnd	ilowe: I would need someone that can fix my problems.. becouse to tell you the truth I don't know where to begin	17:13
frojnd	ilowe: I can give you sudo user and you can fix it	17:14
mathiaz	kirkland: is was working correctly until today when I saw a kernel upgrade	17:14
ilowe	frojnd: LOL.... that's a little familiar for a first date	17:14
kirkland	mathiaz: interesting; hardy kernel too?	17:14
frojnd	ilowe: under screen x :)	17:14
kirkland	mathiaz: and your host is using the kvm-84 dkms module?	17:14
kirkland	mathiaz: so the problem is clearly in the karmic guest?	17:14
mathiaz	kirkland: kvm on the host: 1:84+dfsg-0ubuntu12.1~rc5ppa1	17:15
mathiaz	kirkland: yes - I think so	17:15
mathiaz	kirkland: my first guess is that virtio block device are no longer recognized by the kernel	17:16
mathiaz	kirkland: the guest is running karmic	17:16
kirkland	mathiaz: interesting ... the latest kernel busted my desktop too	17:16
kirkland	mathiaz: something about crypto swap it doesn't like	17:16
mathiaz	kirkland: hm - block device related too?	17:17
kirkland	mathiaz: maybe so...	17:17
kirkland	mathiaz: can you confirm that booting the older kernel allows you to boot?	17:17
kirkland	jbernard__: ping	17:17
mathiaz	kirkland: it was working correctly yesterday - let me try with an old kernel	17:18
lssd	hello guys! I just setup my ubuntu 64bit server as following: 2 disk 160each same partiotions.. 1 20gb 1 1gb 139gb rest ...the first 2 x20gb made md0 and they are / filesystem the other 2x139 are lvm and the 2x1gb swap... Is there a way to check they work properly ?	17:19
mathiaz	kirkland: yes - it works	17:19
mathiaz	kirkland: 2.6.31-6-server works	17:20
mathiaz	kirkland: 2.6.31-6-server boots	17:20
lssd	i ask because i think when i first booted it gave me an error :(	17:20
lssd	is there a way to check my server errors during booting ?	17:22
kirkland	mathiaz: let's talk to rtg in -devel	17:23
mathiaz	kirkland: right - I won't have so much time to debug this today though	17:23
mathiaz	kirkland: I need my karmic vms working correctly for package testing before FF	17:24
kirkland	mathiaz: right, i'm very swamped as well	17:24
kirkland	mathiaz: we need the kernel team to get -7 into shape	17:24
ilowe	frojnd: you still with me?	17:26
garchotron	i tried to use reload-ims with the default squid (oooooold 2.6) in 8.04 -- to no avail, since it is not implemented in that version. now i've installed a "squid3" package from the official repos, and it seems to work with my previous config. It hasn't replaced squid2 tho...should i uninstall it? or expect any problems?	17:27
kirkland	mathiaz: one more question ....	17:27
kirkland	mathiaz: can you try booting with -7 kernel, and virtio off?	17:27
kirkland	mathiaz: to see if it's a virtio problem specifically?	17:27
garymc	anyone know the command to uninstall?	17:31
garymc	Im trying to uninstall or remove twinkle from the server	17:31
garymc	i tried sudo remove twinkle	17:31
garymc	it doesnt work	17:31
virtualdisaster	garymc, sudo apt-get remove twinkle	17:31
garymc	thanks	17:32
virtualdisaster	garymc, i suggest you consult the handbook on items such as this	17:32
garymc	ok sorry	17:32
virtualdisaster	garymc, no biggie we all are learning :P	17:32
virtualdisaster	i just learned how to "pin" packages	17:32
garymc	:)	17:32
frojnd	ilowe: yes still with u	17:35
frojnd	ilowe: I just went out to check on workers...	17:36
ilowe	frojnd: OK, I have a bunch of debs for you	17:36
frojnd	ilowe: can't wait :)	17:36
ilowe	frojnd: where can I put them?	17:36
frojnd	ilowe: rapidshare, firewire, u can put em on my server via ssh	17:36
ilowe	frojnd: ssh is cool	17:37
frojnd	ilowe: ok let me create user for ya	17:37
mathiaz	kirkland: I'll give it a try later today	17:37
cjwatson	cPF: I intend to look into that, but only in a few days once I've done the feature work I have to get done first for karmic	17:39
cPF	cjwatson: nice to know.. but just guess what, it started working normally after aptitude reinstall openssh-server :o	17:41
cjwatson	thanks for erasing the evidence ;-)	17:42
josephpiche	I was wondering if could have someone look at ubuntu bug 396632. I filed it because I feel like I should be able to run `service lighttpd status` as an unprivileged user since I can run `service mysql status` unprivileged, but I'm not familiar enough with init scripts to know what to do	17:43
uvirtbot	Launchpad bug 396632 in lighttpd "lighttpd init file should not chown or chmod on status check" [Undecided,Incomplete] https://launchpad.net/bugs/396632	17:43
cPF	maybe i'll reboot and see what happens	17:43
cjwatson	shrug don't worry too much, I'm not going to be able to investigate today anyway and there's already a bunch of information on the bug	17:43
cPF	i had it go away for a while in the past too	17:43
thefish	anyone know the difference between an IDC insertion tool and a punchdown tool?	17:44
cPF	but last time i thought it was related to bash or pam upgrades	17:44
cjwatson	entirely possible	17:44
cjwatson	it'll be something to do with the precise nature of the environment in which the daemon is started	17:44
cjwatson	restarting the daemon in a different environment will make it go away	17:45
cPF	i checked the signalmask bits before the miracle happened (as shown in the bug info) but they were all zeroes, as they should be	17:46
cPF	hmm, that could be it	17:46
aubre	<aubre> well I got my machines racked and powered, I'm setting up the cloud/cluster controller now and will be setting up the node controllers shortly. Now just awaiting the networking folks to tell me how to lay out my private network and bridge and we'll be ready to start testing the cloud at Auburn University!	17:52
aubre	hoping to help test and help debug the karmic UEC instances	17:53
kinnaz	pacemaker ?	17:55
kinnaz	or whats controlling them	17:55
aubre	they aren't up just yet, I'm going to try a few things, maybe RightScale, Cohesive	17:56
aubre	maybe I should look at pacemaker	17:56
aubre	I'm formatting 1.5 tb of disk space so I am taking a lunch break	17:57
cPF	cjwatson: it works after reboot no matter what i do... crazy	18:00
cjwatson	cPF: sure, it's probably the automatic restart from networkmanager when new interfaces appear	18:00
cjwatson	I doubt you needed to reinstall - just restarting the daemon from a console (not an ssh session) should have done the trick	18:00
cPF	hmm, launcing pptp vpn shouldn't trigger that?	18:01
cjwatson	dunno tbh, sorry, no time to look now.	18:02
cPF	ok, vpn doesn't seem to make a difference... i'm now pretty confident it's fixed by the reinstall	18:07
rtg_	kirkland, 'sudo ecryptfs-setup-swap' gets me 'ERROR: Please'. Perhaps it should be "Please sir, may I have another?"	18:38
rtg_	clean A4 install with full upgrade	18:39
kirkland	rtg_: hrm	18:41
kirkland	rtg_: it should say:	18:41
kirkland	rtg_: Please install cryptsetup	18:42
rtg_	kirkland, how come its not a depends?	18:42
rtg_	rtg@xps1330:~$ sudo ecryptfs-setup-swap	18:43
rtg_	dm_task_set_name: Device /dev/sda5 not found	18:43
rtg_	Command failed	18:43
rtg_	kind of scary.	18:44
kirkland	rtg_: do you not have a /dev/sda5 ?	18:53
kirkland	rtg_: it's not a Depends because ecryptfs doesn't actually depend on you having encrypted swap	18:53
kirkland	rtg_: merely strongly recommended	18:53
kirkland	rtg_: though, I think you're probably right ... I could probably, at this point, depend on it	18:54
kirkland	rtg_: when the error message prints correctly, it should tell you exactly what you need to install to get it working	18:54
rtg_	kirkland, it does have a /dev/sda5, and its marked as a swap partition.	18:54
kirkland	rtg_: cat /proc/swaps	18:54
rtg_	kirkland, nothing in it, but I answered yes to 'Do you want to proceed with encrypting your swap? [y/N]: y', and its been running awhile now.	18:55
rtg_	INFO: Setting	18:55
rtg_	WARNING: Commented out your unencrypted swap from /etc/fstab	18:55
rtg_	* Stopping remaining crypto disks... * cryptswap1 (stopped)... [ OK ]	18:55
rtg_	* Starting remaining crypto disks... * cryptswap1 (starting)	18:55
kirkland	rtg_: right, i'm hanging there too	18:56
kirkland	rtg_: only with the -7 kernel	18:56
rtg_	kirkland, hmm, this is with a 2.6.31-7 kernel.	18:56
kirkland	rtg_: with the -6 kernel, it starts fine	18:56
kirkland	rtg_: let me strace that	18:58
kirkland	rtg_: anything in dmesg interesting while you're hanging at starting	18:58
rtg_	kirkland, just complaints about the various encryption engines no starting.	18:59
kirkland	rtg_: still think those are red herrings ?	18:59
rtg_	kirkland, yeah, but I'm gonna have to prove it.	18:59
kirkland	rtg_: if you reboot at this point, you will hang there, waiting for cryptdisks to finish	19:01
rtg_	kirkland, think I'll go get some brain food before wrecking this thing.	19:01
kirkland	rtg_: it's hanging on the cryptsetup call	19:04
kirkland	rtg_: i'll try to get an strace	19:04
SockPants	hello	19:09
SockPants	i have an older machinet to which i can't connect a cd-drive or external harddrive, and wont boot from USB.	19:09
giovani	SockPants: ok, so?	19:09
sgsax	SockPants: got a floppy drive?	19:09
giovani	PXE boot, or floppy	19:10
SockPants	i installed ubuntu server 8.04 on a virtual machine on my mac, and copied the virtual drive to the older machine's internal drive using a usb adapter and DD	19:10
giovani	it has to have ONE of the above	19:10
SockPants	that seems to work	19:10
SockPants	the system boots	19:10
SockPants	but now it doesn't detect the computers NIC	19:10
giovani	yeah, I wouldn't have done that	19:10
SockPants	is there any way i can make it re-scan stuff like that	19:10
SockPants	its the only thing that really matters, the rest seems to work already	19:11
SockPants	its listed in lspci	19:14
SockPants	i just dont know how to make it work	19:14
giovani	SockPants: do you know that it's a supported chipset?	19:15
giovani	i.e. what's the driver that it should be using?	19:15
SockPants	ummm	19:15
SockPants	its a 3com 3c905c-tx/tx-m	19:15
giovani	umm ... find the driver name	19:16
SockPants	"Works fine with the standard 3c59x kernel driver	19:16
SockPants	"	19:16
giovani	ok, so try modprobing that drive	19:16
giovani	driver	19:16
giovani	and see if it works	19:16
SockPants	so	19:20
SockPants	in modprobe	19:21
SockPants	it lists the 3c59x.ko	19:21
sgsax	SockPants: that's right	19:22
sgsax	now you should be able to do "ifconfig -a" and see eth0 listed	19:22
=== MenZa_ is now known as MenZa
sgsax	it's probably not configured, but should be listed	19:22
kirkland	rtg_: do you see any crypt changes in the diff between -6 and -7	19:22
rtg_	kirkland, I surveyed commits yesterday, but none (of the several hundred) lept out at me.	19:23
SockPants	it lists eth1	19:23
SockPants	and lo	19:23
SockPants	but no eth0	19:23
SockPants	that would probably be the virtual one then	19:23
SockPants	that isnt present now	19:24
SockPants	right?	19:24
kirkland	rtg_: is it worth building a few and bisecting?	19:24
sgsax	ok, so udev has probably reserved eth0 for whatever was in the box you copied the drive image from	19:24
SockPants	ok	19:24
sgsax	you need to edit /etc/udev/rules.d/70-persistent-net.rules	19:24
rtg_	kirkland, well, I'm starting to look at the code a bit. kcryptd seems to be active, so I wanna figure out what its doing	19:24
sgsax	remove any lines referring to the old interface	19:24
sgsax	then when you reboot, udev should discover the new card and update that file for you	19:25
kirkland	rtg_: k	19:25
rtg_	kirkland, cryptsetup is running 100%, so its likely something there.	19:25
kirkland	rtg_: you can strace -p $PID to see what it's doing	19:25
sgsax	alternative to a full reboot, restarting the udev service may be sufficient, but I cant' say for sure	19:26
SockPants	ok, i'll reboot and see	19:26
SockPants	there was already a line for the other nic in that file though	19:27
SockPants	should i have deleted that too?	19:27
sgsax	yeah, it was probably eth1	19:27
SockPants	yeah	19:27
SockPants	should i have deleted both or kept the eth1	19:27
sgsax	you can probably just change it to eth0, but you'll have to either reboot again, or probably just "rmmod 3c59x" and "modprobe 3c59x" again	19:28
uvirtbot	New bug: #419398 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subproces post-installation script gaf een foutwaarde 255 terug" [Undecided,New] https://launchpad.net/bugs/419398	19:31
SockPants	and all is good	19:32
SockPants	:D thanks	19:32
SockPants	now, how can i change the system time	19:32
SockPants	oh, no need	19:35
SockPants	haha, anyway, great :)	19:35
guntbert	SockPants: have you seen https://help.ubuntu.com/9.04/serverguide/C/NTP.html ?	19:36
guntbert	and he left... :-)	19:36
sgsax	giovani: sorry if I stomped on you there, I just jumped in without looking at the scrollback	19:36
kirkland	mathiaz: fyi, i can boot karmic guest on virtio okay	19:49
kirkland	mathiaz: using kvm directly (no libvirt)	19:49
giovani	sgsax: not at all -- I come and go -- being at work and such -- I appreciate the assistance :)	19:50
soren	kirkland, mathiaz: What's the problem you're discussing?	19:54
mathiaz	soren: after upgrading to 2.6.31-7 today my vms no longer boot	19:55
uvirtbot	New bug: #419400 in mysql-dfsg-5.1 (main) "[Karmic] MySQL security problem" [Undecided,New] https://launchpad.net/bugs/419400	19:55
mathiaz	soren: the block device is not recognized by the kernel anymore	19:56
soren	mathiaz: In the guest?	19:56
mathiaz	soren: yes	19:56
soren	mathiaz: How far do you get?	19:56
mathiaz	soren: booting the guest with 2.6.31-6 works correclty	19:56
mathiaz	soren: I get dropped to the ramdisk	19:56
mathiaz	soren: with a message stating that /dev/by-uuid/kXXXX is not found	19:57
kirkland	soren: i'm also having block device issues with the new -7 kernel, specifically encrypted swap is busted, won't boot	19:57
* soren looks around		19:58
soren	mathiaz: Which of the virtio modules do you have in the initramfs?	19:59
mathiaz	soren: how can I tell?	19:59
rtg_	soren, kirkland: I'm installing mainline -rc7 just to make sure, then I'm gonna have to start bisecting (I think). It happens on bare metal as well.	19:59
soren	mathiaz: find /lib/modules/ -name 'virtio*'	19:59
kirkland	rtg_: yes, i saw it first on my laptop, bare metal	20:00
soren	device mapper problems?	20:01
mathiaz	soren: nothing	20:01
soren	mathiaz: Umm... Ok.	20:01
soren	mathiaz: There's your problem :)	20:02
mathiaz	soren: http://people.canonical.com/~mathiaz/karmic-2.6.31-7.fail.png	20:02
soren	mathiaz: uname -a	20:03
mathiaz	soren: refresh the image above	20:04
rtg_	kirkland, when you boot -rc7, do you get _any_ swap device?	20:05
kirkland	rtg_: it never finishes the boot	20:06
kirkland	rtg_: or drops to busybox	20:06
kirkland	rtg_: it just hangs on startup, trying to cryptsetup the device	20:06
soren	mathiaz: ta	20:06
soren	mathiaz: Is this a freshly installed system or an upgraded one?	20:06
rtg_	kirkland, I'm not getting a swap device on an unencrypted platform.	20:07
mathiaz	soren: upgraded one	20:07
soren	mathiaz: Alright.	20:07
kirkland	rtg_: do you have a swap partition?	20:07
mathiaz	soren: 2.6.31-6 is booting correctly	20:07
kirkland	rtg_: a non-encrypted swap?	20:07
rtg_	kirkland, used to	20:07
rtg_	trying -rc6 next	20:07
kirkland	rtg_: right, ecryptfs-setup-swap converted your swap to be encrypted to protect your data	20:07
soren	mathiaz: Can you boot into the 2.6.31-6 and run a command for me?	20:07
mathiaz	soren: sure	20:08
kirkland	rtg_: if you want a non-encrypted swap, you'll need to comment out one line from /etc/fstab and /etc/cryptsetup	20:08
rtg_	kirkland, did that already	20:08
soren	mathiaz: find /lib/modules/2.6.31-{6,7}-* -name 'virtio*'	20:08
kirkland	rtg_: and then edit /etc/fstab, copying the line you commented out, and changing the mount point	20:08
kirkland	rtg_: to be the /dev/sda5 device, or whatever	20:08
kirkland	rtg_: you'll also need to mkswap /dev/sda5	20:08
kirkland	rtg_: and swapon /dev/sda5	20:08
kirkland	rtg_: after that, you should have swap in /proc/swaps	20:09
kirkland	rtg_: on reboot, then, you should have workign cleartext swap at boot	20:09
kirkland	rtg_: i think mkswap was the key bit you're missing	20:09
mathiaz	soren: http://paste.ubuntu.com/260002/	20:09
mathiaz	soren: seems like the virtio modules are not included in -7	20:10
soren	mathiaz: Seems like it. i386 or amd64?	20:10
soren	amd64.	20:10
mathiaz	soren: amd64	20:10
rtg_	mathiaz, debian.master/config/config.common.ubuntu:CONFIG_VIRTIO_BLK=m. I wonder where they all went?	20:12
soren	The build log also says it's there.	20:13
rtg_	soren, I have it in the generic image, just about to look in -server	20:14
soren	I'm looking at the build logs from launchpad.	20:15
rtg_	/lib/modules/2.6.31-7-server/kernel/drivers/block/virtio_blk.ko	20:15
soren	the virtio modules are clearly listed as included in linux-image-2.6.31-7-server_2.6.31-7.27_amd64.deb:.	20:15
soren	mathiaz: Oh!	20:16
soren	Hang on, I have a hunch.	20:16
soren	Yes, got it.	20:16
camilojd	Hello all.. anyone knows how is the best way to install postgresql 8.2 on jaunty server? i cannot use my app with 8.3	20:16
soren	You guys are using the -virtual kernel, not the -server one.	20:16
mathiaz	soren: yes	20:16
soren	*That	20:17
soren	* image does not have the virtio modules anymore.	20:17
rtg_	ah, did I drop some stuff from virt?	20:17
soren	rtg_: Lots of stuff, apparantly.	20:17
rtg_	soren, it must have moved	20:17
soren	rtg_: It doesn't look like it.	20:18
soren	You said:	20:18
soren	/lib/modules/2.6.31-7-server/kernel/drivers/block/virtio_blk.ko	20:18
soren	I have:	20:18
soren	/lib/modules/2.6.31-6-generic/kernel/drivers/block/virtio_blk.ko	20:18
rtg_	soren, digging...	20:19
camilojd	Jaunty server ships with PostgreSQL 8.3, which breaks my application. How is the best way to replace it with 8.2?	20:20
soren	rtg_: Found it.	20:22
rtg_	soren, wtf ?	20:23
rtg_	my local builds are fine.	20:23
soren	rtg_: ata_generic no longer exists.	20:23
soren	rtg_: ...so it bails out when it gets to that one.	20:23
soren	(it's explicitly listed in virtual.list)	20:23
rtg_	soren, why on the buildd and not locally?	20:24
soren	rtg_: Do you have build logs?	20:24
Daviey	camilojd: use Ubuntu Hardy server	20:24
rtg_	soren, no, but I can re-run a build quickly enough and make some logs	20:24
soren	rtg_: Really? Launchpad takes three hours to do it :)	20:24
rtg_	soren, 10-15 minutes	20:25
soren	s/Launchpad/the buildds/	20:25
soren	What's your secret?	20:25
rtg_	sodual quad core nehalem w/18GB RAM	20:25
rtg_	soren, ^^	20:25
soren	So no cheating involved? No ccache or something?	20:25
camilojd	Daviey, isn't a better way? Like, recompile from sources?... I don't want to trash someone else's job on the server..	20:25
rtg_	soren, well, of course I'm using ccache. Its much faster the 2nd time though	20:26
soren	rtg_: Wow.	20:26
soren	Well, let's seem those build logs, then :)	20:26
soren	-m	20:27
camilojd	Daviey, what´s the "ubuntu way" to build and install from source?	20:27
rtg_	soren, ok, build started. I'll see what I kind find.	20:27
soren	rtg_: You don't have a stale ata_generic.ko lying around or something, do you?	20:27
Daviey	camilojd: well sure, but it's already in Hardy - which is also an LTS.. Sure you could try and bring the old version into Jaunty.. but then you ave the burden of maintaining it yourself.	20:27
rtg_	soren, I typically scrub and re-clone	20:27
soren	Yeah, I figured. shrug	20:28
camilojd	Daviey, yeah i understand. Gotta go back to Hardy LTS then :-(	20:28
guntbert	camilojd: not exactly what you asked for: but you could have a look at http://www.postgresql.org/docs/8.3/static/release-8-3.html to see why it breaks your app - and the change the app ...	20:29
guntbert	*then	20:29
camilojd	guntbert: that looks interesting. I'll check it out!	20:30
soren	rtg_: I totally understand why it fails. I completely don't understand why -6 didn't.	20:30
guntbert	camilojd: good luck :-)	20:31
rtg_	soren, it doesn't look like it stopped, even though it couldn't find drivers/ata/ata_generic.ko	20:34
* soren has a hunch		20:35
soren	rtg_: Is your system completely up-to-date?	20:37
rtg_	soren, as of this morning	20:37
soren	rtg_: Which version of bash?	20:38
rtg_	GNU bash, version 4.0.28(1)-release (x86_64-pc-linux-gnu)	20:38
soren	New bash was uploaded the day before yesterday. This is in the changelog:	20:38
soren	l. Changed behavior of shell when -e option is in effect to reflect consensus of Posix shell standardization working group.	20:38
soren	Are you bulding in an sbuild or something?	20:38
rtg_	soren, I should have thought of that. I found a find-utils bug early in the karmic cycle that took days to spot.	20:39
soren	rtg_: I remember :)	20:39
soren	rtg_: This time, though, it seems to be an intended change.	20:39
rtg_	soren, I'm building in a straight chroot with dbuild	20:40
soren	rtg_: And is /that/ completely up-to-date?	20:40
rtg_	lemme check that the chroots are up to date	20:40
soren	New bash on the 24th.	20:40
rtg_	soren, check this out: GNU bash, version 3.2.48(1)-release (x86_64-pc-linux-gnu)	20:41
soren	There were go.	20:41
rtg_	thats my chroot version	20:41
soren	There /we/ go, I mean.	20:41
rtg_	ok, I'll update and see what happens.	20:41
soren	I'm sure it'll fail. It makes sense :)	20:41
soren	There's a non-zero return code in a subshell of a shell with -e enabled.	20:41
rtg_	soren, thats a theory, or you have spotted it?	20:42
soren	I've spotted it.	20:43
soren	20 minutes ago :)	20:43
rtg_	in scripts/sub-flavour	20:43
soren	The sub-flavour script has -e enabled. It fails ..	20:43
soren	right.	20:43
soren	..to find ata_generic in a subshell.	20:43
rtg_	remind me what -e does?	20:43
soren	It bails out if anything has a non-zero return code.	20:44
rtg_	I don't think thats what I want in this case.	20:44
soren	Perhaps.	20:44
soren	Well...	20:44
soren	I guess what you really want is for the entire build to fail if this fails.	20:44
soren	...so that you'll notice that the module list is out of date.	20:45
* soren takes a half hour break		20:45
rtg_	soren, I guess thats fine too. why doesn't the make bail out?	20:45
ewook	soren: in the middle of the night? :)	20:46
martinjh99	How do I stop denyhosts from denying 192.168.0.0/24 ip addresses and how do I get into my server again..?	21:06
KillMeNow	ummm console?	21:07
sgsax	martinjh99: login as a different user	21:07
sgsax	denyhosts blocks per IP and userid	21:07
martinjh99	Killmenow I might have to do that	21:07
KillMeNow	sgsax, i think he just did a block deny on class C IP range	21:08
sgsax	then you have to delete lines from the denyhosts database files	21:08
KillMeNow	which locks anyone from that IP subnet	21:08
sgsax	didn't even realize you could do that, I just use it to block brute-force ssh attacks	21:08
martinjh99	Killmenow got a report saying it just blocked my local network desktop ip 192.168.1.2	21:08
martinjh99	I want to stop it from denying those ips...	21:09
aubre	I have a dhcp server, its clients don't seem to be able to talk to the outside world	21:09
KillMeNow	aubre: did you set the router option in DHCP?	21:10
sgsax	martinjh99: I can tell you what to do if it was a dynamic block, but if you specified a block on all IPs in that subnet (as KillMeNow suggested), you'll have to undo the setting somehow	21:11
martinjh99	sax its only blocked 192.168.1.2 - Found a page that tells me I can keep denyhosts from blocking it by putting that ip in hosts.allow	21:11
sgsax	that's fine, but you'll still need to remove it from the current database files	21:12
sgsax	and hosts.deny	21:12
martinjh99	thats what I'm going to do... Which other denyhosts files are there?	21:12
sgsax	default work dir is /var/lib/denyhosts	21:13
sgsax	check in your denyhosts.conf to see if yours is in a different location	21:13
sgsax	remove any lines containing that IP in any files in the work dir	21:14
sgsax	be sure to stop the denyhosts service before making changes to these files	21:14
martinjh99	Thanks Sax :) Will do that tomorrow!	21:14
sgsax	have fun :)	21:14
martinjh99	I will...	21:14
martinjh99	:)	21:14
sgsax	I've written a script to do this, I can post it if you're interested	21:15
sgsax	...or not	21:15
qman__	what setup do you use for blocking SSH brute force attempts?	21:17
qman__	I use iptables with the recent module to just slow them down	21:17
KillMeNow	yea, i use IPtables and a counter	21:19
KillMeNow	once it reaches X number of 22 connects, it locks them out for a while	21:20
KillMeNow	totally blacklists their IP address	21:20
uvirtbot	New bug: #419464 in ec2-api-tools (multiverse) "ec2-monitor-instances, ec2-unmonitor-instances fail with 'EC2_HOME not set'" [Undecided,New] https://launchpad.net/bugs/419464	21:21
qman__	I'd like to come up with something that blocked anyone who attempted to use "Administrator" or "root" or "test", etc., automatically	21:23
qman__	without a cron-based log parser	21:23
giovani	so you have two log-checking methods	21:25
giovani	either inode-notification, or a daemon	21:25
giovani	I don't know which fail2ban uses	21:25
giovani	I	21:25
giovani	I'd prefer to do it on the network level, rather than on the log level	21:25
giovani	but that's just met	21:25
giovani	me*	21:25
giovani	denyhosts is another option	21:27
giovani	ossec as well	21:27
qman__	I'm not much of a coder, so a daemon might be too much	21:27
qman__	but I'll look into inode notification	21:28
rtg_	kirkland, so mainline -rc7 seems to work with encrypted swap. the substantive change that has likely caused this is 'SAUCE: (drop after 2.6.31) Added KSM from mmotm-2009-08-20-19-18' which is a bit of a change from -rc6.	21:28
KillMeNow	i thought fail2ban parses the log file	21:28
qman__	I don't have the performance to spare for cron-based log parsing, so it's out of the question, but something that parsed it as it logs would work	21:28
kirkland	rtg_: okay, what does that patch do?	21:28
giovani	qman__: well inode notification just saves you the i/o load of checking the file every X (mili)seconds	21:29
giovani	I'm not sure why you think cron is a performance waster in and of itself	21:29
rtg_	kirkland, its the virtual machine shared memory patch, but it may also have some impact on crypto. I'm gonna revert that and see	21:29
qman__	well	21:29
giovani	a daemon will keep memory allocated, when a cronjob wouldn't	21:29
qman__	that's not what I meant, I meant that it has to reread the whole log	21:29
giovani	no it doesn't	21:29
giovani	only a fool would do that	21:30
qman__	that's where the problem is	21:30
giovani	that's unrelated to cron	21:30
giovani	and related to how the app is coded	21:30
kirkland	rtg_: cool, thanks	21:30
giovani	you shouldn't be reading the entire log	21:30
kirkland	rtg_: oh, duh	21:30
kirkland	rtg_: yeah, KSM, right	21:30
kirkland	rtg_: if we have to lose that one, i won't cry about	21:30
rtg_	kirkland, does KSM in -rc6 work?	21:31
kirkland	rtg_: good question, i haven't gotten around to it yet	21:31
rtg_	kirkland, lemme verify first	21:31
qman__	I just need something to intercept new entries like tail -f, only for a script, not to console output	21:32
giovani	qman__: no ...	21:32
giovani	tail -f is brutal on the disk	21:32
giovani	that's the opposite of clean and efficient	21:32
qman__	regardless of how it collects it, that's the data I need	21:33
giovani	heh	21:33
giovani	but you're very concerned about performance impact	21:34
giovani	so I'm discussing the issues to reduce it	21:34
qman__	yes	21:34
qman__	the system is very old and slow, so performance is important	21:34
kirkland	rtg_: i gotta run for a bit, will be back later	21:34
giovani	then consider doing this on the network level	21:34
rtg_	kirkland, me too, beer night.	21:35
kirkland	rtg_: oh, that's a lot more fun	21:35
rtg_	kirkland, biking, then beer.	21:35
qman__	I have no idea how to intercept that data at the network level, since SSH is encrypted	21:35
giovani	qman__: brute forces set up many different connections to SSH	21:37
giovani	most IDS/IPS have rules for X number of connections per timeframe from a single host	21:38
qman__	I already have that set up	21:38
giovani	then what's the problem?	21:38
qman__	I meant for triggering based on which usernames were used as well	21:38
giovani	I don't see the need for that	21:39
giovani	unless your system isn't catching a specific attack	21:39
giovani	in which case you might want to adjust its threshhold	21:39
qman__	well, it is catching them	21:39
qman__	but it's really just slowing them down	21:39
giovani	why isn't it stopping them? it should be blocking that IP at the firewall level	21:39
qman__	and, if for any reason my iptables gets flushed, the flood gates open	21:39
giovani	... why are you flushing your iptables of your firewall?	21:39
giovani	that's bad	21:39
qman__	I'm not, but it's happened a few times	21:40
nuckable	hey everyone, im working on a little ion based ubuntu server, and id really like to put ubuntu server on a usb flash drive and make it boot to ram	21:40
giovani	alright, well, blocking a handful of countries (presuming you don't have a need to receive legit SSH connections from China, or Brazil, for example) will reduce a large percentage of the attacks	21:40
giovani	the rest are mitigated through brute force detection	21:40
nuckable	so i can fully use the hd space for the samba server	21:40
nuckable	is that possible/smart?	21:40
giovani	nuckable: that's a highly custom setup -- look into ramdisks	21:41
giovani	it's possible ... smart is another matter	21:41
nuckable	what speaks against it?	21:41
giovani	livecds work this way	21:41
giovani	it's messy to set up	21:41
giovani	it's not standard	21:41
nuckable	well sure its messy, but it stays after the initial setup	21:41
qman__	and without considerable work, it's not persistent	21:41
qman__	patching is difficult	21:41
giovani	right	21:41
nuckable	yeah, thats the biggest problem im having	21:41
giovani	this is not really a way to run a server	21:42
giovani	possibly an embedded device	21:42
nuckable	when it loads into ram theres gotta be a way to change the files on the usb flash drive	21:42
giovani	but not an active filesystem	21:42
giovani	nuckable: sure ... many liveusb distros do this	21:42
giovani	but it's complex	21:42
nuckable	i see	21:42
giovani	creating a rw filesystem for temp storage, and writing it back out to the ramdisk filesystem, etc	21:42
giovani	it's not something I'd ever do on a server	21:42
giovani	and it's not something we can really help you with here	21:42
giovani	it's highly custom -- and will take a lot of experimentation	21:42
nuckable	hmmmm	21:43
nuckable	well what would you recommend then?	21:43
qman__	if power consumption is the concern, low-capacity SSDs can be had reasonably cheap	21:43
giovani	not doing that ...	21:43
giovani	nuckable: what's the problem with keeping the OS on a disk?	21:43
nuckable	qman__, that sounds interesting	21:43
nuckable	for the ssd id need a pcie slot, or does pci work too?	21:43
giovani	what?	21:43
giovani	no, it's a drive	21:43
qman__	SSDs connect to regular drive interfaces	21:43
qman__	usually SATA	21:44
giovani	SATA	21:44
nuckable	oh :/	21:44
nuckable	well the mobo only got 4 sata slots	21:44
giovani	...	21:44
giovani	that sounds like more than enough	21:44
nuckable	and id like to use it as a nas with extras	21:44
giovani	oh boy	21:44
giovani	another nas	21:44
qman__	a 32/64GB disk can usually be had for about $80, though prices may have changed since I last looked	21:44
qman__	does the board have IDE?	21:45
giovani	if you have a pci slot	21:45
nuckable	qman__, nope	21:45
giovani	you can add a sata controller	21:45
qman__	yeah	21:45
giovani	with many more ports	21:45
giovani	they can be had for cheap	21:45
giovani	$20	21:45
qman__	a four-port SATA controller, non-RAID, is about $40-60	21:45
nuckable	im eyeing for the nvidia ion board	21:45
qman__	more than four gets expensive	21:45
nuckable	cause its got very low power consumption due to the abscence of the intel chipset	21:45
qman__	your largest power usage is going to be the disks themselves	21:46
qman__	a SATA controller doesn't use much	21:46
giovani	why is the power consumption so critical?	21:46
nuckable	giovani, cause its gonna be running 24/7	21:46
giovani	I mean, tons of machines will run on 50-60W these days	21:46
giovani	sure ...	21:46
qman__	unless you're on battery, a sata controller is going to be neglegible	21:46
giovani	Ion is definitely not the most efficient	21:46
nuckable	qman__, its not the sata controller, more the case xD	21:47
giovani	the case uses no power	21:47
nuckable	giovani, but for the price it does the trick quite well	21:47
nuckable	giovani, i was referring to the problem being there aint that much room in the case xD	21:47
giovani	nuckable: well you can't have everything ...	21:47
qman__	sata controllers aren't that big	21:47
qman__	are you referring to space for disks?	21:48
giovani	disks are about 10x the space of PCI cards	21:48
nuckable	giovani, sure, at least i can try to get as good as possible no? =)	21:48
giovani	nuckable: but you're being unrealistic	21:48
nuckable	qman__, yup	21:48
* virtualdisaster tries to remember the name of that ubuntu book that is free		21:48
nuckable	giovani, so far i havent even decided anything, im just evaluating possibilities	21:48
qman__	look into 2.5" hard drive sthen	21:48
giovani	ok	21:48
nuckable	so i cant be unrealistic yet xD	21:48
qman__	you can fit a ton of them in the space	21:48
giovani	qman__: not for a NAS ...	21:48
giovani	clearly he's trying to maximize disk space	21:49
giovani	for the NAS storage	21:49
nuckable	exactly	21:49
nuckable	4 drives with as much space as possible	21:49
giovani	so don't use such a tiny case	21:49
qman__	yeah	21:49
giovani	you need enough space for the system	21:49
giovani	a SSD is small	21:49
qman__	you need a bigger case	21:49
giovani	as is a PCI card	21:49
nuckable	true	21:49
nuckable	im gonna have to recheck if the ion has a pci slot	21:49
giovani	you can fit both in less space than you can a single 3.5" HD	21:49
qman__	my file server is a large mid-tower	21:49
nuckable	cause afaik it only has pcie	21:49
giovani	nvidia ion is a chipset	21:49
giovani	not a board	21:49
nuckable	the boards name is ion something	21:50
qman__	PCI or PCIe is irrelevant	21:50
qman__	you can get controllers in either	21:50
qman__	for roughly the same price	21:50
qman__	you just need to know which you have	21:50
qman__	also	21:51
qman__	make sure you're providing adequate cooling for the hard drives	21:51
qman__	they don't need much, but if you're not getting any air through, they will have a considerably shorter life	21:51
giovani	heh	21:51
giovani	that's debatable	21:51
giovani	HDs have no air intakes at all	21:52
giovani	heat is not an issue for most drives	21:52
giovani	vibration is	21:52
giovani	unless the heat you're talking about is 110+F	21:52
qman__	it also depends on the drives	21:52
nuckable	yeah im not penny-pinching with the hdd themselves	21:52
qman__	in my experience, WD drives run very hot	21:52
giovani	nuckable: this has nothing to do with drive costs	21:52
qman__	this is about case airflow	21:53
qman__	small cases tend to not have any	21:53
nuckable	true	21:53
nuckable	i guess a midi tower wouldnt hurt	21:53
giovani	chenbro	21:53
giovani	makes a really nice NAS case	21:53
* nuckable looks it up		21:53
qman__	I have some 250GB WD drives that have gotten to 50C before I installed more fans	21:53
nuckable	qman__, but in general would you recommend wd?	21:53
qman__	I like seagate	21:54
nuckable	cause so far i had no problems with wd drives	21:54
giovani	segates are awesome	21:54
giovani	I've hated WDs I've owned	21:54
nuckable	i already had 2 seagates failing on me	21:54
nuckable	during the years	21:54
giovani	http://usa.chenbro.com/corporatesite/products_detail.php?sku=78	21:54
giovani	there's the 4-drive case	21:54
giovani	they have 2-drive cases as well	21:55
bptk421	Has anyone tried WD's Green drives for a NAS?	21:55
giovani	bptk421: they're awful, stay away	21:55
giovani	green drives are very low-end	21:55
bptk421	In what way?	21:55
qman__	yeah	21:55
giovani	in that we've had 50% of them fail in our fileserver	21:55
giovani	over a 6 month period	21:55
bptk421	ouch	21:55
giovani	(24-drive fileserver)	21:55
qman__	I would never buy a drive marketed that way	21:55
qman__	performance and reliability are more important	21:55
giovani	green drives are the lowest-end for WD	21:55
nuckable	giovani, problem with that case is i wont be able to fit an ssd in it	21:55
giovani	they're appropriate for grandma's internet machine	21:55
giovani	nuckable: ... that's not true	21:56
giovani	SSDs are small	21:56
giovani	you can velcro it to the side of the case	21:56
giovani	that's what I do	21:56
nuckable	velcro?	21:56
soren	rtg_: Did you find an answer to your question, or do you want me to look?	21:56
giovani	yes ... velcro	21:56
nuckable	(sorry not english native)	21:56
giovani	they're light and small	21:56
giovani	google it	21:56
qman__	velcro, double sided tape, even drill your own mounting holes	21:56
qman__	not up for a little modding?	21:57
nuckable	oh lol	21:57
giovani	velcro is the most portable imo	21:57
rtg_	soren, which question? I found taht the KSM patches in -rc7 are scrogging encrypted swap.	21:57
nuckable	the stuff children use to fasten their shoes	21:57
nuckable	xD	21:57
giovani	easy to take the drive out	21:57
qman__	yeah	21:57
giovani	nuckable: yes, it's awesome stuff	21:57
nuckable	hehe	21:57
soren	rtg_: Why make doesn't bail out.	21:57
qman__	velcro is a good idea, since SSDs don't care about shock or heat	21:57
giovani	exactly	21:57
giovani	and they're light	21:57
soren	rtg_: KSM break encrypted swap? Sounds like fun.	21:57
rtg_	soren, dunno yet, I'll have to get back to that question later tonight.	21:57
giovani	I put velcro in every server I build now	21:58
nuckable	im gonna have to cheak if chenbro is available in my area	21:58
giovani	and stick the SSD on it	21:58
soren	rtg_: Alright.	21:58
giovani	nuckable: in your area? no	21:58
giovani	you order online, from a reseller	21:58
rtg_	soren, I'm on a beer mission right now.	21:58
soren	rtg_: Sounds good. Wish I was too.	21:58
nuckable	giovani, nope its available	21:58
giovani	btw, nuckable	21:58
rtg_	soren, why are you up so late?	21:58
giovani	if you can only get a minipcie slot on your ion board	21:58
soren	rtg_: feature freeze	21:58
giovani	there are SSDs that fit into mini-pcie	21:58
soren	rtg_: It's not that late yet, really, though.	21:58
rtg_	11P?	21:59
soren	rtg_: 11 PM is not unusually late.	21:59
sgsax	beer misson, I like that	21:59
rtg_	ah, well I'm usually done by 2P	21:59
sgsax	apt-get install beer	21:59
soren	rtg_: When do you start?	21:59
rtg_	0600	21:59
soren	rtg_: Ah. I don't start until some time between 7 and 9.	22:00
rtg_	anyways, gots to go.	22:00
soren	rtg_: And most of my team is 6 hours behind, so if I want to work just a little bit with them...	22:00
nuckable	ok thank you very much giovani and qman__	22:02
gene420	good evening everyone, and would anyone be familar with setting up ubuntu snmp as a client .....I seem to need help with snmp.conf since snmpwalk works locally	23:18
virtualdisaster	gene420, make sure firewall allows snmp out etc, also man there is something you need to run to get it to work properly	23:20
virtualdisaster	there is a program to make messing snmp simpler but i cant recall atm	23:20
gene420	hmm I don't have a firewall open and I'm sure there is something missing since I don't see any netstat ports open 161 or services running for snmp	23:23
gene420	opps that open shouldn't be there...no firewall on the unit.....	23:24
=== xorigin_ is now known as xorigin
gene420	fyi ahh here is the setup script to run snmpconf -g basic_setup	23:38
kirkland	ScottK: ping	23:53
kirkland	ScottK: i'm processing sync requests	23:53
kirkland	ScottK: i see a stack of yours for new packages from debian	23:53
kirkland	ScottK: new-source doesn't seem to know anything about these	23:53
kirkland	ScottK: do you know what's up?	23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!