/srv/irclogs.ubuntu.com/2009/08/26/#ubuntu-server.txt

Bilgederp00:00
jdstrandapache2-mpm-itk is also in universe, so no USN00:11
jbernard__kirkland, mathiaz: i've just uploaded libcgroup to REVU that addresses all of the current issues00:11
jbernard__kirkland, mathiaz: I think it's super solid now, any feedback you've got is much appreciated00:12
mathiazjdstrand: hm - so USN are not published for packages in universe?00:16
jdstrandmathiaz: that is correct00:16
mathiazjbernard__: since the 0ubuntu1 version of libcgroup has been rejected00:25
jbernard__i already bumped it00:25
jbernard__to 0ubuntu200:25
mathiazjbernard__: you should just upload a new version of 0ubuntu1 to revu00:25
jbernard__ahh00:25
jbernard__good call00:25
jbernard__im on it00:25
mathiazjbernard__: package version are only relevant once they're in the archive00:25
mathiazjbernard__: but REVU is used before the archive - and thus should only have 0ubuntu1 versions00:26
jbernard__mathiaz: ok, good to know00:26
mathiazjbernard__: and an changelog entry just stating Initial Release00:27
mathiazjbernard__: once the package is the archive, REVU is not used anymore00:27
mathiazjbernard__: new version should be sponsored via LP bugs(branches soon)00:27
jbernard__mathiaz: ok, upload complete, should show up on the next pulse00:30
mathiazjbernard__: it seems that most of the code is actually licensed under LGPL 2.100:35
jbernard__mathiaz: yes00:35
mathiazjbernard__: while debian/copyright states LGPL 200:35
mathiazjbernard__: COPYING in the src tree is LGPL 2.100:36
jbernard__yeah, as i understood it, LGPL-2 == 2.100:36
jbernard__since it was the first successor to GPL-200:36
mathiazjbernard__: hm - I don't think so00:37
jbernard__mathiaz: i was reading the second para from the top in COPYING00:37
mathiazjbernard__: /usr/share/common-licenses/ has a file for LGPL-2 and another one for LGPL-2.100:38
jbernard__mathiaz: indeed it does, oops ;)00:38
jbernard__ill fix it up, gimme a sec00:38
mathiazjbernard__: right - that paragraph is confusing00:38
jbernard__nothing gets by you guys ;)00:39
mathiazjbernard__: licensecheck00:39
mathiazjbernard__: ^^ help script to figure out the licenses of every file in the src tree.00:39
jbernard__mathiaz: i ran that, but it seems to be very particular about header format00:42
jbernard__mathiaz: so i ended up having to go through most of it by hand00:42
mathiazjbernard__: I usually run this command http://paste.ubuntu.com/259563/00:44
mathiazjbernard__: which is just for loop00:44
jbernard__mathiaz: oh nice00:45
jbernard__mathiaz: ok, upload is done00:47
jbernard__mathiaz: i have to run out for a bit, but leave comments here and I'll pick them up on my return00:47
jbernard__mathiaz: thanks for all the time, I really appreciate it00:47
mathiazkirkland: ^^ - looks good to me now00:53
mathiazkirkland: you can have another look at the packaging - (0ubuntu1 has been rejected from the NEW queue)00:53
Doonzhey guys can someone recommend a program to monitor my network cards. im having connection issues with my server and i beleive i have a bad nic in it but need to justify getting a new one01:13
KillMeNowwireshark maybe?01:16
KillMeNowhrm...  are you getting a bunch of errors when you do a ifconfig?01:16
giovaniwireshark on a server? no ...01:44
giovanitcpdump will work fine -- but it won't tell you if the problem is at the NIC01:45
giovaniyou can run some traffic tests locally on the LAN01:46
giovanibut unless you test the same switch ports, etc -- you can't eliminate all of the variables01:46
KillMeNowhow many times have you seen a NIC fail giovani?01:54
KillMeNowit's pretty rare01:54
oh_noesis it posisble to tell lvextend  "extend to the end of the physical disk" instead of saying "+400M"02:32
twboh_noes: I guess you could just keep extending it until you run out of extents.02:49
twbpvs will tell you how much is left02:49
twbAh, the manpage mentions %FREE02:49
twbSo try --size 100%FREE02:50
twb+100%FREE, rather02:50
oh_noesnice, thanks!! Let me try02:51
twboh_noes: I worked this out by READING THE MANUAL02:51
twbIt's an approach I highly recommend.02:51
oh_noestwb: your right,  I can use 100%FREE which works, however I cant lvextend it because the VG is still the same size03:37
oh_noesany thoughts on how to tell vgextend to "extend to the end of the existing disk you already have"03:37
twboh_noes: that doesn't make sense.03:37
twba VG is a bag of PVs.  PVs are either disks or (more commonly) partitions.03:38
twbPastebin the output of "pvs", "vgs" and "lvs".03:38
oh_noestwb: http://pastebin.com/meeb997403:40
twboh_noes: so you have one PV, /dev/sdb103:40
oh_noestwb: in my example, I have extended the 'end' of an existing disk.  So theres sdb1 which was originally 100% (8GB), then I added another 8GB to sdb, so I want to extend sdb1 to include the new free space at the end of the disk03:41
twboh_noes: if there is space on sdb not allocated to sdb1, you can't use it.03:41
twbYou would either need to extend the PV, or add another partition (sdb2) and make that a second PV, and add that new PV to the VG.03:41
oh_noestwb: hrm, ok thanks.  What Im trying to do is handle a "VMware size increase".  ie. the OS is shutdown, then sdb is brought back with additional space at the end.  I want to be able to handle this and increase /foobar03:43
oh_noesI thought LVM would handle this, but maybe not.  As you said, it appears my problem is that sdb1 isnt associated with that free space.03:43
oh_noescan I use anything to resize and expand sdb1 to take up the free space?03:43
twbYou can delete the partition from the partition table and create a new one in the same place, with a different size.  I do not know if LVM will cope with that.03:44
oh_noesso there isnt a 'proper' way to handle this?03:45
oh_noesI prefer not to create a new partition, because I don't know how many more times it'll be extended (and thus new partitions) will be needed03:45
twbBecause you're running in vmware there's not a lot of point in using LVM anyway03:47
twbYou might as well just make a filesystem directly on /dev/sdb1 and then use resize2fs when you grow it.03:48
oh_noestwb: but wont I have the same problem?  the partition is 8GB with unallocated space at the end of the disk.03:49
oh_noesI will still need to resize the actual partition, right?03:49
twbOh, yeah, I guess.  But I *know* ext3 won't care if you delete and create a new partition03:50
oh_noestheres no GNU tool that can resize a partition into unallocated space?03:52
oh_noesgparted will do it, but I dont want to boot into a live CD.  I was hopign to do it somewhere in rc2.d before applications come up (so they can use the new size)03:53
giovani"resizing" = bad!03:53
giovanioh_noes: you can't resize a normal partition while an OS is running from it03:53
giovaninot even windows can accomplish that03:54
oh_noesmaybe i can manually delete the partition with fdisk and create it again (but bigger)03:55
giovaniyeah ... back up your data first03:55
oh_noesgiovani: whats the definition of a 'normal' partition?  Whats the difference between creating sdb1 on a new unused sdb1 and extending sdb1 when sdb is unused?03:56
giovania "normal" partition is one that isn't LVM03:56
giovaniyour sdb/sdb1 example makes no sense03:56
oh_noesgiovani: yep i get that, in my case the partition in question is /foobar03:56
oh_noesOS is *not* running from it, sdb1 isnt mounted.03:57
giovaniok -- so then why do you need to do it in rc2?03:57
giovaniyou can always modify partitions that don't have the OS on them when the system is fully booted03:57
giovanino need to use a livecd03:57
oh_noesi was hoping i could 'detect' the VMware disk has been increased, then resize it before apps come online03:57
giovaniwhat?03:58
giovanisigh03:58
giovaniI have no idea what you're talking about03:58
oh_noesgiovani: what can I use to modify the existing partition into unallocated space?03:58
giovaniwhat does "modify the existing partition into unallocated space" mean?03:58
oh_noesit means, sdb is 0-1000 blocks03:58
oh_noessdb1 is using 0-30003:58
oh_noesI want to make sdb1 take up the entire 0-100003:58
giovaniyou don't03:59
giovaniparticularly if it uses ext304:00
ballgiovani: Is that like spreading peanut butter too thin?04:00
ball(run out of inodes etc?)04:00
giovaniext3 won't resize04:00
giovaniperiod04:01
giovanithe only way to resize a ext3 partition is to convert it to ext204:01
giovaniand then back04:01
giovaniand I would never recommend it04:01
giovanijust move the data off -- make it LVM for future use04:01
giovaniand move the data back04:01
ballhello pw_thirdfloor_04:14
=== pw_thirdfloor_ is now known as pw_thirdfloor
Tim__Reichhartthere anyway that I can configure squirrelmail just accept just the username and not the full email address?04:48
=== johe__ is now known as johe
uvirtbotNew bug: #419053 in samba (main) "package samba 2:3.3.2-1ubuntu3.1 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/41905307:46
martinjh99Is there a package for mod_security for Apache2 on hardy lts?08:48
\shmartinjh99: doesn't look like...libapache2-mod-security occured first time in jaunty (when packages.ubuntu.com is true)08:55
martinjh99poo - Just had someone putting phishing files on my server... Trying to harden it up a bit...08:56
martinjh99setup ufw to allow http08:56
martinjh99and ssh only from local network...08:57
martinjh99Also added a password to root.  Is there anything else I should be doing?08:57
\shmartinjh99: I would fix the application first09:04
martinjh99Everything is updated from ubuntu repos - Updated Joomla from their website to the latest version.09:11
Boohbahmartinjh99: don't use vulnerable web applications09:26
ewooklol09:29
martinjh99yes that might be a good idea...09:29
ewookjoomla is indeed targeted - or, foremost the badly written plugins.09:30
martinjh99Ah ok - suggestions for a CMS then??09:31
martinjh99So might be my choice of cms thats the problem...09:31
\shdrupal is good...typo3 is also having issues mostly plugin wise09:32
martinjh99thanks for those - Could never get my head round Drupal when I tried it before plus there are no examples like the ones in Joomla09:33
\shmartinjh99: drupal has a lot of examples and good books out in the field09:38
martinjh99:) I'll google and have a look... Thanks09:46
dayoanyone has any experience with snort?10:03
jtimbermandayo: you might try #snort :)10:05
dayojtimberman: in there right now. spookily quiet, though10:05
jtimbermandayo: more active during the day in the US, I think.10:06
dayojtimberman: true. forgot the timezome thing lol10:06
jtimbermandayo: me too, its apparently after 3am.10:06
dayoi'll check back later, then10:06
dayolol10:07
alvinAre there known issues when using ext4 filesystems in qcow2 images? I'm seeing a lot of corruption when using a Karmic kvm host.10:13
alvinWhat I actually want is building a stable production system:10:22
alvinWhat Ubuntu version has the most stable version of kvm, what filesystem and what type of images should I use?10:23
a_okI did an release update however the php gd.so lib disapeared. how is this possible? (fixed it by installing the package php-gd)10:28
mattta_ok: the only reason i could think it'd get removed was if gd was now built into the base php package, and not required as a module10:37
mattta_ok: which release are you using?10:37
a_okhardy10:38
a_okmattt: yeah guess that must be it. dangerous though as these kind of changes can break stuff10:39
mattta_ok: hmmm, i don't think that's it :/10:40
mattta_ok: maybe you want to look through /var/log/dpkg.log to see if it offers any insight10:47
a_okmattt: 2009-08-26 07:32:23 upgrade php5-gd 5.2.3-1ubuntu6.3 5.2.4-2ubuntu5.710:49
a_okwhen updating it just removed it and did not install the new one10:49
a_oki checked with apt-cache policy and there simply was no php5-gd installed anymore. i guess something is broken in that package10:50
a_okmattt: or 2009-08-26 07:40:47 remove php5-gd 5.2.4-2ubuntu5.7 5.2.4-2ubuntu5.710:51
a_ok removed a bit to much10:51
cjwatsonsoren: so, if I fix that start-stop-daemon thing (at least on start) can I go ahead and upload that?12:19
sorencjwatson: Yes, please do.12:19
sorencjwatson: Sorry, didn't I say that last night before I passed out?12:20
sorencjwatson: scrollback suggests I did not. Sorry.12:20
cjwatsonno problem, I was beating on RAID this morning anyway12:24
spiekeyHi!12:25
spiekeyif i boot with 8.04 or 9.04 live cd, i get a sda device. If i boot with my own kernel, i have a hda device.12:26
spiekeythis sucks since i want to do automatic cloning :)12:26
spiekeyis there a way to turn off/on this scsi emulation?12:26
cjwatsononly by recompiling the kernel, usually12:37
cjwatsonit's probably CONFIG_ATA plus CONFIG_PATA_WHATEVERDRIVERRUNSYOURCONTROLLER12:37
cjwatsonthe old IDE stuff is decreasingly well maintained so in general it's a good idea to try to switch away from it12:38
spiekeyokay, thanks12:41
sorenspiekey: What exactly are you trying to do?13:09
spiekeysoren: Boot up Ubuntu-Live CD ---> Run a Script that mounts, rsyncs, writes grub, reboots the Cloned PC.13:12
spiekeymy problem: When it boots up i get hda, in the Live CD its sda13:12
spiekeyso my searchand replace script wikk fail...well it works, but then i run into a kernel panic :)13:13
heath|workI need to find a script that has a name in it. So far I have: find / -type f -regex .*\.sh -exec grep smith {} \;13:21
heath|workIt spits out the line the name is on, but not the file name. What do I need to add to view the filename?13:21
pmatulisheath|work: try 'grep -l'13:26
heath|workpmatulis, thanks, I will13:28
szczymHelo all, i have a problem installing ubuntu server on box with no cdrom (i do it from usbstick). install stops on detecting cdrom (demands floppy drivers). could any one help me please ?13:37
pmatulisszczym: does your BIOS support booting from USB?13:38
heath|workpmatulis, Thanks that worked!13:38
pmatulisheath|work: good stuff13:38
szczymyes, i did booted fine from usb13:38
pmatulisszczym: that's strange, what release are you tring to install?13:39
pmatulis*trying13:39
szczym8.04.03 installer works from usb but dont go forward after message "No common CD-ROM drive was detected"13:40
szczymthe failing item is: Detect and mount CD-ROM13:41
pmatulisszczym: maybe add comment to bug 37844213:45
uvirtbotLaunchpad bug 378442 in linux "Error 'No common CD-ROM drive was detected' when installing Ubuntu Server via USB drive" [Undecided,New] https://launchpad.net/bugs/37844213:45
szczymthere are several bugs issued on that topic, but no solution ;(13:46
pmatulisszczym: i know, but commenting to it is the proper thing to do13:51
szczymyes, thanx for info. in my humble opinion its very embarrassing problem given debian/ubuntu excellence ...13:54
pmatulisszczym: agreed13:55
pmatulisszczym: you may want to dig dipper by asking in #ubuntu-installer13:55
pmatulis*deeper13:55
szczymthanx, i will14:02
uvirtbotNew bug: #419191 in php5 (main) "Mailing from php5 module fails when number of Apache VirtualHosts is above +/-1500" [Undecided,New] https://launchpad.net/bugs/41919114:25
giovaniabove +/-1500?14:26
sorengiovani: I'm guessing "+/-" is a poor man's "~".14:27
mattt:)14:27
giovanisoren: ah, it baffled me, honestly14:35
pmatulisszczym: looks like you got some good info over there14:46
szczymyes indeed it helped me partially14:47
szczymbut any way i will tray to install 8.04 on other box into pendrive and then boot from it the machine because on 9.04 i head problems with gphoto214:48
ahasenackis there a command line tool that checks for available security updates and matches them with USNs?15:32
ahasenack /usr/lib/update-notifier/apt-check uses just the repository name. If it ends in -security, the update is considered a security one15:32
ahasenack(and it has to come from "ubuntu")15:32
sgsaxahasenack: I was looking for just such a thing a month or so ago, but never found one15:39
garymcsorry guys, forgot the command to add a user in the terminal is it "sudo aduser john" ?15:47
garymc "sudo adduser john" ?15:48
sommergarymc: yeppers15:49
garymcthanks15:50
sgsaxuseradd is the "classic" tool15:50
sgsaxbut adduser is the kinder gentler interactive debian tool15:50
traemccombshey guys... morning.16:04
traemccombsAnyone use clonezilla  and know if there is a problem with doing 4 machines @ once over a network?16:05
traemccombsI've got a single image on a box... and I want to get said image down to 4 machines.  But wouldn't think there'd be a problem with accessing the same file from 4 machines16:05
josephpicheI was wondering if could have someone look at ubuntu bug 396632. I filed it because I feel like I should be able to run `service lighttpd status` as an unprivileged user, but I'm not familiar enough with init scripts to know what to modify in order to write a patch.16:09
uvirtbotLaunchpad bug 396632 in lighttpd "lighttpd init file should not chown or chmod on status check" [Undecided,Incomplete] https://launchpad.net/bugs/39663216:09
sgsaxtraemccombs: accessing the image file shouldn't be a problem, but iirc, clonezilla uses udp broadcast, which could conceivably cause your network to get real slow16:12
traemccombssgsax: yeah.... that could be bad. :)16:16
traemccombsmaybe I'll just take them off the network and stick em' on a solo switch16:16
frojndHello there.16:24
frojndI desperetally need someone that has experience with linux16:25
frojndI've done some "terrible" things16:25
frojndFirst I've removed my primary rtorrent 0.8.016:25
frojndAnd I've installed it with ./configure and make commands16:25
frojndAll fine and well but I excidentally removed the source dir :S16:26
frojndSo I thought why not download again and ./configure and make again..16:26
frojndall good and fine only that I missed the stable  versioninstaead I've selected development version :S16:26
frojndI tried to make uninstall16:26
frojndbut I couldn't16:26
frojndi kept getting errors like: make: *** No rule to make target `uninstall'.  Stop.16:27
frojndand if that wasn't enough I've tried to install svn and from it rtorrent16:27
=== Authority is now known as Guest21595
frojndhttp://www.howtoforge.com/compile-rtorrent-from-svn-ubuntu-8.04-hardy-heron <- I follewed that guide16:27
frojndall good and fine, only that know I have not working 0.8.0 version that only sudo user is allowed to run it :S16:28
frojndIs there anyone brave enough to help me solve this mess? I need to remove newest version of rtorrent which is 0.8.416:28
frojndand possible the svn lateset version 0.8.516:28
frojndand maybe even version 0.8.016:29
frojndany brave ppl here?16:30
frojndI guess not :S16:31
ilowefrojnd: give people a chance to respond.... we are all multi-tasking16:32
frojndilowe: ok I'm myself so I'll wait hope someone response.16:33
ilowefrojnd: I take it the version in the repos is no good for you?16:33
=== Faust-C is now known as virtualdisaster
mushroombluehas anyone actually successfully set up OpenLDAP using the server guide?16:34
virtualdisastermushroomblue, no :)16:35
virtualdisastermushroomblue, but i got a book that helped16:35
frojndilowe: no16:35
frojndilowe: I have 8.04 LTS and it is only 0.8.016:35
mushroombluevirtualdisaster: wait. so the book helped you _not_ set up openldap?16:35
mushroombluevirtualdisaster: what'd you end up doing to set it up?16:36
virtualdisastermushroomblue, one sec16:36
ilowefrojnd: what version do you *require*?16:37
matttmushroomblue: i just set it up on lenny :)16:37
mushroombluehah.16:37
mushroombluedoesn't lenny also require GnuTLS?16:37
mattti do have libgnutls26 installed16:38
frojndilowe: 0.8.416:38
frojndilowe: it has features that I need16:38
frojndilowe: well 0.8.4+16:38
mushroombluemattt: didja use a howto, or are you merely strong with the force and set it up from memory?16:39
virtualdisastermushroomblue, mastering openldap16:39
virtualdisastergood book16:39
mushroombluevirtualdisaster: relevant to 9.04?16:40
virtualdisastershould be16:40
mushroombluehmm. seems most books on openldap I found require modifying a deprecated slapd.conf16:40
matttmushroomblue: i know nothing about ldap, used some guides online16:41
matttmushroomblue: what problem are you running into?16:41
matttmushroomblue: i want to use ldap for vsftpd authentication -- used these two (fortunately book-marked them): http://www.howtoforge.com/linux_ldap_authentication http://www.debuntu.org/ldap-server-and-linux-ldap-clients16:41
matttmushroomblue: it's working from what i can tell, i managed to use libpam_ldap to connect ldap and vsftpd16:42
mushroombluemattt: that might solve it.16:42
mushroomblueI think my first mistake was using the ubuntu server guide16:42
mushroombluemy first issue was trying to figure out GnuTLS in order to set up a certificate authority. documentation was slim16:44
mushroombluenow slapd seems to be working with it16:44
mushroombluebut I can't log in as a user from the directory.16:44
mushroomblueI'll stop talking and RTFM a bit more. thanks for the links.16:45
frojndilowe: I'm doing programming myself just out of curiousity, u still with me despite multi-tasking stuff? :P16:45
iloweyup; just checked out the SVN trunk, I want to see if I can throw together a quick deb for you16:46
matttmushroomblue: you're trying to log in via what?16:46
mushroombluessh.16:46
matttmushroomblue: you took care of /etc/nsswitch.conf?16:46
frojndilowe: great, just wannt u to know that I appreciate this.16:46
mushroomblueI think so.16:47
ilowefrojnd: you got it :)16:47
mushroomblueshould ldap be before files?16:47
mushroombluein nsswitch.conf?16:47
matttyeah16:47
mushroombluemmkay.16:47
matttmushroomblue: when you installed libldap on the client, did you specify the ldap server correctly?16:51
mushroomblueit appears not.16:51
mushroomblueI haven't even gotten to clients yet.16:52
mushroomblueI'm still trying to get the server to auth.16:52
mushroomblueturns out, nss-ldap is spitting out a ton of errors on startup.16:52
mushroomblueapparently, ldaps//127.0.0.1 doesn't exist16:52
mushroomblueit's also trying to find these things long before slapd starts16:52
mushroombluemattt: out of curiosity, did you just create a slapd.conf file?16:53
matttmushroomblue: i'd start without the SSL stuff first, and then move on to that :/16:53
mushroombluefair enough.16:53
garchotronhello16:54
matttmushroomblue: nope, i had one in /etc/ldap, provided by the ldap server ... you don't have that file?16:54
matttmushroomblue: the only thing i can't figure out is when you configure libldap, where it stores that info about the server (as my /etc/ldap/ldap.conf file on the client isn't updated)16:54
garchotroni'm having trouble using refresh-ims directive in squid refresh patterns in ubuntu server 8.0416:55
garchotronwhy isn't the directive supported?16:55
cPFis there anyone experiencing this issue? ctrl+c not interrupting processes and various zombies https://bugs.launchpad.net/ubuntu/+bug/40297316:59
uvirtbotLaunchpad bug 402973 in ubuntu "ssh terminal on Jaunty doesnt process ctrl-C ctrl-D ctrl-Z and so on (dup-of: 317948)" [Undecided,New]16:59
uvirtbotLaunchpad bug 317948 in gnome-terminal "ctrl+c doesn't interrupt running process" [Low,Triaged]16:59
matttcPF: thankfully not :)17:00
cPFit's totally driving me nuts.. been like that for 2 months now17:00
cPFhmm, seems like i just found a duplicate bug getting more attention https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/40742817:03
uvirtbotLaunchpad bug 407428 in openssh "sshd zombie processes and strange behavior after karmic upgrade" [High,Confirmed]17:03
mushroombluematt: slapd.conf is deprecated as of 8.10. 9.04 uses cn=config by default.17:03
mushroombluemattt: is it storing it in /etc/ldap/cn=config ?17:04
matttmushroomblue: nope, al i have in there is a default ldap.conf file17:04
kirklandmathiaz: hey, you noticed that libcgroup was rejected too....17:07
kirklandmathiaz: i couldn't find any specific feedback, or who did the rejection17:07
kirklandmathiaz: could you?17:07
mathiazkirkland: hm - no. I usually don't know why it has been rejected.17:08
mathiazkirkland: I just ask the AA of the day17:08
ilowefrojnd: will rtorrent work with latest repo libtorrent or does it depend on more recent versions?17:09
mathiazkirkland: hm - the last karmic kernel update broke my karmic vms.17:12
mathiazkirkland: the block device is not found anymore - have you heard of something similar17:12
kirklandmathiaz: hrm, not really17:12
kirklandmathiaz: dpkg -S `which kvm`17:13
frojndilowe: it needs more recent libraries17:13
frojndilowe: but to tell you the truth I don't know which ones since I have a mess here17:13
mathiazkirkland: kvm17:13
mathiazkirkland: the host is running hardy17:13
frojndilowe: I would need someone that can fix my problems.. becouse to tell you the truth  I don't know where to begin17:13
frojndilowe: I can give you sudo user and you can fix it17:14
mathiazkirkland: is was working correctly until today when I saw a kernel upgrade17:14
ilowefrojnd: LOL.... that's a little familiar for a first date17:14
kirklandmathiaz: interesting;  hardy kernel too?17:14
frojndilowe: under screen x :)17:14
kirklandmathiaz: and your host is using the kvm-84 dkms module?17:14
kirklandmathiaz: so the problem is clearly in the karmic guest?17:14
mathiazkirkland: kvm on the host: 1:84+dfsg-0ubuntu12.1~rc5ppa117:15
mathiazkirkland: yes - I think so17:15
mathiazkirkland: my first guess is that virtio block device are no longer recognized by the kernel17:16
mathiazkirkland: the guest is running karmic17:16
kirklandmathiaz: interesting ... the latest kernel busted my desktop too17:16
kirklandmathiaz: something about crypto swap it doesn't like17:16
mathiazkirkland: hm - block device related too?17:17
kirklandmathiaz: maybe so...17:17
kirklandmathiaz: can you confirm that booting the older kernel allows you to boot?17:17
kirklandjbernard__: ping17:17
mathiazkirkland: it was working correctly yesterday  - let me try with an old kernel17:18
lssdhello guys! I just setup my ubuntu 64bit server as following: 2 disk 160each same partiotions.. 1 20gb 1 1gb 139gb rest ...the first 2 x20gb made md0 and they are / filesystem the other 2x139 are lvm and the 2x1gb swap... Is there a way to check they work properly ?17:19
mathiazkirkland: yes - it works17:19
mathiazkirkland: 2.6.31-6-server works17:20
mathiazkirkland: 2.6.31-6-server boots17:20
lssdi ask because i think when i first booted it gave me an error :(17:20
lssdis there a way to check my server errors during booting ?17:22
kirklandmathiaz: let's talk to rtg in -devel17:23
mathiazkirkland: right - I won't have so much time to debug this today though17:23
mathiazkirkland: I need my karmic vms working correctly for package testing before FF17:24
kirklandmathiaz: right, i'm very swamped as well17:24
kirklandmathiaz: we need the kernel team to get -7 into shape17:24
ilowefrojnd: you still with me?17:26
garchotroni tried to use reload-ims with the default squid (oooooold 2.6) in 8.04 -- to no avail, since it is not implemented in that version. now i've installed a "squid3" package from the official repos, and it seems to work with my previous config. It hasn't replaced squid2 tho...should i uninstall it? or expect any problems?17:27
kirklandmathiaz: one more question ....17:27
kirklandmathiaz: can you try booting with -7 kernel, and virtio off?17:27
kirklandmathiaz: to see if it's a virtio problem specifically?17:27
garymcanyone know the command to uninstall?17:31
garymcIm trying to uninstall or remove twinkle from the server17:31
garymci tried sudo remove twinkle17:31
garymcit doesnt work17:31
virtualdisastergarymc, sudo apt-get remove twinkle17:31
garymcthanks17:32
virtualdisastergarymc, i suggest you consult the handbook on items such as this17:32
garymcok sorry17:32
virtualdisastergarymc, no biggie we all are learning :P17:32
virtualdisasteri just learned how to "pin" packages17:32
garymc:)17:32
frojndilowe: yes still with u17:35
frojndilowe: I just went out to check on workers...17:36
ilowefrojnd: OK, I have a bunch of debs for you17:36
frojndilowe: can't wait :)17:36
ilowefrojnd: where can I put them?17:36
frojndilowe: rapidshare, firewire, u can put em on my server via ssh17:36
ilowefrojnd: ssh is cool17:37
frojndilowe: ok let me create user for ya17:37
mathiazkirkland: I'll give it a try later today17:37
cjwatsoncPF: I intend to look into that, but only in a few days once I've done the feature work I have to get done first for karmic17:39
cPFcjwatson: nice to know.. but just guess what, it started working normally after aptitude reinstall openssh-server :o17:41
cjwatsonthanks for erasing the evidence ;-)17:42
josephpicheI was wondering if could have someone look at ubuntu bug 396632. I filed it because I feel like I should be able to run `service lighttpd status` as an unprivileged user since I can run `service mysql status` unprivileged, but I'm not familiar enough with init scripts to know what to do17:43
uvirtbotLaunchpad bug 396632 in lighttpd "lighttpd init file should not chown or chmod on status check" [Undecided,Incomplete] https://launchpad.net/bugs/39663217:43
cPFmaybe i'll reboot and see what happens17:43
cjwatson*shrug* don't worry too much, I'm not going to be able to investigate today anyway and there's already a bunch of information on the bug17:43
cPFi had it go away for a while in the past too17:43
thefishanyone know the difference between an IDC insertion tool and a punchdown tool?17:44
cPFbut last time i thought it was related to bash or pam upgrades17:44
cjwatsonentirely possible17:44
cjwatsonit'll be something to do with the precise nature of the environment in which the daemon is started17:44
cjwatsonrestarting the daemon in a different environment will make it go away17:45
cPFi checked the signalmask bits before the miracle happened (as shown in the bug info) but they were all zeroes, as they should be17:46
cPFhmm, that could be it17:46
aubre<aubre> well I got my machines racked and powered, I'm setting up the cloud/cluster controller now and will be setting up the node controllers shortly. Now just awaiting the networking folks to tell me how to lay out my private network and bridge and we'll be ready to start testing the cloud at Auburn University!17:52
aubrehoping to help test and help debug the karmic UEC instances17:53
kinnazpacemaker ?17:55
kinnazor whats controlling them17:55
aubrethey aren't up just yet, I'm going to try a few things, maybe RightScale, Cohesive17:56
aubremaybe I should look at pacemaker17:56
aubreI'm formatting 1.5 tb of disk space so I am taking a lunch break17:57
cPFcjwatson: it works after reboot no matter what i do... crazy18:00
cjwatsoncPF: sure, it's probably the automatic restart from networkmanager when new interfaces appear18:00
cjwatsonI doubt you needed to reinstall - just restarting the daemon from a console (not an ssh session) should have done the trick18:00
cPFhmm, launcing pptp vpn shouldn't trigger that?18:01
cjwatsondunno tbh, sorry, no time to look now.18:02
cPFok, vpn doesn't seem to make a difference... i'm now pretty confident it's fixed by the reinstall18:07
rtg_kirkland, 'sudo ecryptfs-setup-swap' gets me 'ERROR: Please'. Perhaps it should be "Please sir, may I have another?"18:38
rtg_clean A4 install with full upgrade18:39
kirklandrtg_: hrm18:41
kirklandrtg_: it should say:18:41
kirklandrtg_: Please install cryptsetup18:42
rtg_kirkland, how come its not a depends?18:42
rtg_rtg@xps1330:~$ sudo ecryptfs-setup-swap18:43
rtg_dm_task_set_name: Device /dev/sda5 not found18:43
rtg_Command failed18:43
rtg_kind of scary.18:44
kirklandrtg_: do you not have a /dev/sda5 ?18:53
kirklandrtg_: it's not a Depends because ecryptfs doesn't actually depend on you having encrypted swap18:53
kirklandrtg_: merely strongly recommended18:53
kirklandrtg_: though, I think you're probably right ... I could probably, at this point, depend on it18:54
kirklandrtg_: when the error message prints correctly, it should tell you exactly what you need to install to get it working18:54
rtg_kirkland, it does have a /dev/sda5, and its marked as a swap partition.18:54
kirklandrtg_: cat /proc/swaps18:54
rtg_kirkland, nothing in it, but I answered yes to 'Do you want to proceed with encrypting your swap? [y/N]: y', and its been running awhile now.18:55
rtg_INFO: Setting18:55
rtg_WARNING: Commented out your unencrypted swap from /etc/fstab18:55
rtg_ * Stopping remaining crypto disks...                                                                                  * cryptswap1 (stopped)...                                                                                     [ OK ]18:55
rtg_ * Starting remaining crypto disks...                                                                                  * cryptswap1 (starting)18:55
kirklandrtg_: right, i'm hanging there too18:56
kirklandrtg_: only with the -7 kernel18:56
rtg_kirkland, hmm, this is with a 2.6.31-7 kernel.18:56
kirklandrtg_: with the -6 kernel, it starts fine18:56
kirklandrtg_: let me strace that18:58
kirklandrtg_: anything in dmesg interesting while you're hanging at *starting*18:58
rtg_kirkland, just complaints about the various encryption engines no starting.18:59
kirklandrtg_: still think those are red herrings ?18:59
rtg_kirkland, yeah, but I'm gonna have to prove it.18:59
kirklandrtg_: if you reboot at this point, you will hang there, waiting for cryptdisks to finish19:01
rtg_kirkland, think I'll go get some brain food before wrecking this thing.19:01
kirklandrtg_: it's hanging on the cryptsetup call19:04
kirklandrtg_: i'll try to get an strace19:04
SockPantshello19:09
SockPantsi have an older machinet to which i can't connect a cd-drive or external harddrive, and wont boot from USB.19:09
giovaniSockPants: ok, so?19:09
sgsaxSockPants: got a floppy drive?19:09
giovaniPXE boot, or floppy19:10
SockPantsi installed ubuntu server 8.04 on a virtual machine on my mac, and copied the virtual drive to the older machine's internal drive using a usb adapter and DD19:10
giovaniit has to have ONE of the above19:10
SockPantsthat seems to work19:10
SockPantsthe system boots19:10
SockPantsbut now it doesn't detect the computers NIC19:10
giovaniyeah, I wouldn't have done that19:10
SockPantsis there any way i can make it re-scan stuff like that19:10
SockPantsits the only thing that really matters, the rest seems to work already19:11
SockPantsits listed in lspci19:14
SockPantsi just dont know how to make it work19:14
giovaniSockPants: do you know that it's a supported chipset?19:15
giovanii.e. what's the driver that it should be using?19:15
SockPantsummm19:15
SockPantsits a 3com 3c905c-tx/tx-m19:15
giovaniumm ... find the driver name19:16
SockPants"Works fine with the standard 3c59x kernel driver19:16
SockPants"19:16
giovaniok, so try modprobing that drive19:16
giovanidriver19:16
giovaniand see if it works19:16
SockPantsso19:20
SockPantsin modprobe19:21
SockPantsit lists the 3c59x.ko19:21
sgsaxSockPants: that's right19:22
sgsaxnow you should be able to do "ifconfig -a" and see eth0 listed19:22
=== MenZa_ is now known as MenZa
sgsaxit's probably not configured, but should be listed19:22
kirklandrtg_: do you see any crypt changes in the diff between -6 and -719:22
rtg_kirkland, I surveyed commits yesterday, but none (of the several hundred) lept out at me.19:23
SockPantsit lists eth119:23
SockPantsand lo19:23
SockPantsbut no eth019:23
SockPantsthat would probably be the virtual one then19:23
SockPantsthat isnt present now19:24
SockPantsright?19:24
kirklandrtg_: is it worth building a few and bisecting?19:24
sgsaxok, so udev has probably reserved eth0 for whatever was in the box you copied the drive image from19:24
SockPantsok19:24
sgsaxyou need to edit /etc/udev/rules.d/70-persistent-net.rules19:24
rtg_kirkland, well, I'm starting to look at the code a bit. kcryptd seems to be active, so I wanna figure out what its doing19:24
sgsaxremove any lines referring to the old interface19:24
sgsaxthen when you reboot, udev should discover the new card and update that file for you19:25
kirklandrtg_: k19:25
rtg_kirkland, cryptsetup is running 100%, so its likely something there.19:25
kirklandrtg_: you can strace -p $PID to see what it's doing19:25
sgsaxalternative to a full reboot, restarting the udev service may be sufficient, but I cant' say for sure19:26
SockPantsok, i'll reboot and see19:26
SockPantsthere was already a line for the other nic in that file though19:27
SockPantsshould i have deleted that too?19:27
sgsaxyeah, it was probably eth119:27
SockPantsyeah19:27
SockPantsshould i have deleted both or kept the eth119:27
sgsaxyou can probably just change it to eth0, but you'll have to either reboot again, or probably just "rmmod 3c59x" and "modprobe 3c59x" again19:28
uvirtbotNew bug: #419398 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subproces post-installation script gaf een foutwaarde 255 terug" [Undecided,New] https://launchpad.net/bugs/41939819:31
SockPantsand all is good19:32
SockPants:D thanks19:32
SockPantsnow, how can i change the system time19:32
SockPantsoh, no need19:35
SockPantshaha, anyway, great :)19:35
guntbertSockPants: have you seen https://help.ubuntu.com/9.04/serverguide/C/NTP.html ?19:36
guntbertand he left... :-)19:36
sgsaxgiovani: sorry if I stomped on you there, I just jumped in without looking at the scrollback19:36
kirklandmathiaz: fyi, i can boot karmic guest on virtio okay19:49
kirklandmathiaz: using kvm directly (no libvirt)19:49
giovanisgsax: not at all -- I come and go -- being at work and such -- I appreciate the assistance :)19:50
sorenkirkland, mathiaz: What's the problem you're discussing?19:54
mathiazsoren: after upgrading to 2.6.31-7 today my vms no longer boot19:55
uvirtbotNew bug: #419400 in mysql-dfsg-5.1 (main) "[Karmic] MySQL security problem" [Undecided,New] https://launchpad.net/bugs/41940019:55
mathiazsoren: the block device is not recognized by the kernel anymore19:56
sorenmathiaz: In the guest?19:56
mathiazsoren: yes19:56
sorenmathiaz: How far do you get?19:56
mathiazsoren: booting the guest with 2.6.31-6 works correclty19:56
mathiazsoren: I get dropped to the ramdisk19:56
mathiazsoren: with a message stating that /dev/by-uuid/kXXXX is not found19:57
kirklandsoren: i'm also having block device issues with the new -7 kernel, specifically encrypted swap is busted, won't boot19:57
* soren looks around19:58
sorenmathiaz: Which of the virtio modules do you have in the initramfs?19:59
mathiazsoren: how can I tell?19:59
rtg_soren, kirkland: I'm installing mainline -rc7 just to make sure, then I'm gonna have to start bisecting (I think). It happens on bare metal as well.19:59
sorenmathiaz: find /lib/modules/ -name 'virtio*'19:59
kirklandrtg_: yes, i saw it first on my laptop, bare metal20:00
sorendevice mapper problems?20:01
mathiazsoren: nothing20:01
sorenmathiaz: Umm... Ok.20:01
sorenmathiaz: There's your problem :)20:02
mathiazsoren: http://people.canonical.com/~mathiaz/karmic-2.6.31-7.fail.png20:02
sorenmathiaz: uname -a20:03
mathiazsoren: refresh the image above20:04
rtg_kirkland, when you boot -rc7, do you get _any_ swap device?20:05
kirklandrtg_: it never finishes the boot20:06
kirklandrtg_: or drops to busybox20:06
kirklandrtg_: it just hangs on startup, trying to cryptsetup the device20:06
sorenmathiaz: ta20:06
sorenmathiaz: Is this a freshly installed system or an upgraded one?20:06
rtg_kirkland, I'm not getting a swap device on an unencrypted platform.20:07
mathiazsoren: upgraded one20:07
sorenmathiaz: Alright.20:07
kirklandrtg_: do you have a swap partition?20:07
mathiazsoren: 2.6.31-6 is booting correctly20:07
kirklandrtg_: a non-encrypted swap?20:07
rtg_kirkland, used to20:07
rtg_trying -rc6 next20:07
kirklandrtg_: right, ecryptfs-setup-swap converted your swap to be encrypted to protect your data20:07
sorenmathiaz: Can you boot into the 2.6.31-6 and run a command for me?20:07
mathiazsoren: sure20:08
kirklandrtg_: if you want a non-encrypted swap, you'll need to comment out one line from /etc/fstab and /etc/cryptsetup20:08
rtg_kirkland, did that already20:08
sorenmathiaz: find /lib/modules/2.6.31-{6,7}-* -name 'virtio*'20:08
kirklandrtg_: and then edit /etc/fstab, copying the line you commented out, and changing the mount point20:08
kirklandrtg_: to be the /dev/sda5 device, or whatever20:08
kirklandrtg_: you'll also need to mkswap /dev/sda520:08
kirklandrtg_: and swapon /dev/sda520:08
kirklandrtg_: after that, you should have swap in /proc/swaps20:09
kirklandrtg_: on reboot, then, you should have workign cleartext swap at boot20:09
kirklandrtg_: i think mkswap was the key bit you're missing20:09
mathiazsoren: http://paste.ubuntu.com/260002/20:09
mathiazsoren: seems like the virtio modules are not included in -720:10
sorenmathiaz: Seems like it. i386 or amd64?20:10
sorenamd64.20:10
mathiazsoren: amd6420:10
rtg_mathiaz, debian.master/config/config.common.ubuntu:CONFIG_VIRTIO_BLK=m. I wonder where they all went?20:12
sorenThe build log also says it's there.20:13
rtg_soren, I have it in the generic image, just about to look in -server20:14
sorenI'm looking at the build logs from launchpad.20:15
rtg_/lib/modules/2.6.31-7-server/kernel/drivers/block/virtio_blk.ko20:15
sorenthe virtio modules are clearly listed as included in linux-image-2.6.31-7-server_2.6.31-7.27_amd64.deb:.20:15
sorenmathiaz: Oh!20:16
sorenHang on, I have a hunch.20:16
sorenYes, got it.20:16
camilojdHello all..  anyone knows how is the best way to install postgresql 8.2 on jaunty server? i cannot use my app with 8.320:16
sorenYou guys are using the -virtual kernel, not the -server one.20:16
mathiazsoren: yes20:16
soren*That20:17
soren* image does not have the virtio modules anymore.20:17
rtg_ah, did I drop some stuff from virt?20:17
sorenrtg_: Lots of stuff, apparantly.20:17
rtg_soren, it must have moved20:17
sorenrtg_: It doesn't look like it.20:18
sorenYou said:20:18
soren/lib/modules/2.6.31-7-server/kernel/drivers/block/virtio_blk.ko20:18
sorenI have:20:18
soren/lib/modules/2.6.31-6-generic/kernel/drivers/block/virtio_blk.ko20:18
rtg_soren, digging...20:19
camilojdJaunty server ships with PostgreSQL 8.3, which breaks my application. How is the best way to replace it with 8.2?20:20
sorenrtg_: Found it.20:22
rtg_soren, wtf ?20:23
rtg_my local builds are fine.20:23
sorenrtg_: ata_generic no longer exists.20:23
sorenrtg_: ...so it bails out when it gets to that one.20:23
soren(it's explicitly listed in virtual.list)20:23
rtg_soren, why on the buildd and not locally?20:24
sorenrtg_: Do you have build logs?20:24
Davieycamilojd: use Ubuntu Hardy server20:24
rtg_soren, no, but I can re-run a build quickly enough and make some logs20:24
sorenrtg_: Really? Launchpad takes three hours to do it :)20:24
rtg_soren, 10-15 minutes20:25
sorens/Launchpad/the buildds/20:25
sorenWhat's your secret?20:25
rtg_sodual quad core nehalem w/18GB RAM20:25
rtg_soren, ^^20:25
sorenSo no cheating involved? No ccache or something?20:25
camilojdDaviey, isn't a better way? Like, recompile from sources?... I don't want to trash someone else's job on the server..20:25
rtg_soren, well, of course I'm using ccache. Its much faster the 2nd time though20:26
sorenrtg_: Wow.20:26
sorenWell, let's seem those build logs, then :)20:26
soren-m20:27
camilojdDaviey, what´s the "ubuntu way" to build and install from source?20:27
rtg_soren, ok, build started. I'll see what I kind find.20:27
sorenrtg_: You don't have a stale ata_generic.ko lying around or something, do you?20:27
Davieycamilojd: well sure, but it's already in Hardy - which is also an LTS..  Sure you could try and bring the old version into Jaunty.. but then you ave the burden of maintaining it yourself.20:27
rtg_soren, I typically scrub and re-clone20:27
sorenYeah, I figured. *shrug*20:28
camilojdDaviey, yeah i understand. Gotta go back to Hardy LTS then :-(20:28
guntbertcamilojd: not exactly what you asked for: but you could have a look at http://www.postgresql.org/docs/8.3/static/release-8-3.html to see why it breaks your app - and the change the app ...20:29
guntbert*then20:29
camilojdguntbert: that looks interesting. I'll check it out!20:30
sorenrtg_: I totally understand why it fails. I completely don't understand why -6 didn't.20:30
guntbertcamilojd: good luck :-)20:31
rtg_soren, it doesn't look like it stopped, even though it couldn't find drivers/ata/ata_generic.ko20:34
* soren has a hunch20:35
sorenrtg_: Is your system completely up-to-date?20:37
rtg_soren, as of this morning20:37
sorenrtg_: Which version of bash?20:38
rtg_GNU bash, version 4.0.28(1)-release (x86_64-pc-linux-gnu)20:38
sorenNew bash was uploaded the day before yesterday. This is in the changelog:20:38
sorenl.  Changed behavior of shell when -e option is in effect to reflect consensus of Posix shell standardization working group.20:38
sorenAre you bulding in an sbuild or something?20:38
rtg_soren, I should have thought of that. I found a find-utils bug early in the karmic cycle that took days to spot.20:39
sorenrtg_: I remember :)20:39
sorenrtg_: This time, though, it seems to be an intended change.20:39
rtg_soren, I'm building in a straight chroot with dbuild20:40
sorenrtg_: And is /that/ completely up-to-date?20:40
rtg_lemme check that the chroots are up to date20:40
sorenNew bash on the 24th.20:40
rtg_soren, check this out: GNU bash, version 3.2.48(1)-release (x86_64-pc-linux-gnu)20:41
sorenThere were go.20:41
rtg_thats my chroot version20:41
sorenThere /we/ go, I mean.20:41
rtg_ok, I'll update and see what happens.20:41
sorenI'm sure it'll fail. It makes sense :)20:41
sorenThere's a non-zero return code in a subshell of a shell with -e enabled.20:41
rtg_soren, thats a theory, or you have spotted it?20:42
sorenI've spotted it.20:43
soren20 minutes ago :)20:43
rtg_in scripts/sub-flavour20:43
sorenThe sub-flavour script has -e enabled. It fails ..20:43
sorenright.20:43
soren..to find ata_generic in a subshell.20:43
rtg_remind me what -e does?20:43
sorenIt bails out if anything has a non-zero return code.20:44
rtg_I don't think thats what I want in this case.20:44
sorenPerhaps.20:44
sorenWell...20:44
sorenI guess what you really want is for the entire build to fail if this fails.20:44
soren...so that you'll notice that the module list is out of date.20:45
* soren takes a half hour break20:45
rtg_soren, I guess thats fine too. why doesn't the make bail out?20:45
ewooksoren: in the middle of the night? :)20:46
martinjh99How do I stop denyhosts from denying 192.168.0.0/24 ip addresses and how do I get into my server again..?21:06
KillMeNowummm console?21:07
sgsaxmartinjh99: login as a different user21:07
sgsaxdenyhosts blocks per IP *and* userid21:07
martinjh99Killmenow I might have to do that21:07
KillMeNowsgsax, i think he just did a block deny on class C IP range21:08
sgsaxthen you have to delete lines from the denyhosts database files21:08
KillMeNowwhich locks anyone from that IP subnet21:08
sgsaxdidn't even realize you could do that, I just use it to block brute-force ssh attacks21:08
martinjh99Killmenow got a report saying it just blocked my local network desktop ip 192.168.1.221:08
martinjh99I want to stop it from denying those ips...21:09
aubreI have a dhcp server, its clients don't seem to be able to talk to the outside world21:09
KillMeNowaubre:  did you set the router option in DHCP?21:10
sgsaxmartinjh99: I can tell you what to do if it was a dynamic block, but if you specified a block on all IPs in that subnet (as KillMeNow suggested), you'll have to undo the setting somehow21:11
martinjh99sax its only blocked 192.168.1.2 - Found a page that tells me I can keep denyhosts from blocking it by putting that ip in hosts.allow21:11
sgsaxthat's fine, but you'll still need to remove it from the current database files21:12
sgsaxand hosts.deny21:12
martinjh99thats what I'm going to do... Which other denyhosts files are there?21:12
sgsaxdefault work dir is /var/lib/denyhosts21:13
sgsaxcheck in your denyhosts.conf to see if yours is in a different location21:13
sgsaxremove any lines containing that IP in any files in the work dir21:14
sgsaxbe sure to stop the denyhosts service before making changes to these files21:14
martinjh99Thanks Sax :) Will do that tomorrow!21:14
sgsaxhave fun :)21:14
martinjh99I will...21:14
martinjh99:)21:14
sgsaxI've written a script to do this, I can post it if you're interested21:15
sgsax...or not21:15
qman__what setup do you use for blocking SSH brute force attempts?21:17
qman__I use iptables with the recent module to just slow them down21:17
KillMeNowyea, i use IPtables and a counter21:19
KillMeNowonce it reaches X number of 22 connects, it locks them out for a while21:20
KillMeNowtotally blacklists their IP address21:20
uvirtbotNew bug: #419464 in ec2-api-tools (multiverse) "ec2-monitor-instances, ec2-unmonitor-instances fail with 'EC2_HOME not set'" [Undecided,New] https://launchpad.net/bugs/41946421:21
qman__I'd like to come up with something that blocked anyone who attempted to use "Administrator" or "root" or "test", etc., automatically21:23
qman__without a cron-based log parser21:23
giovaniso you have two log-checking methods21:25
giovanieither inode-notification, or a daemon21:25
giovaniI don't know which fail2ban uses21:25
giovaniI21:25
giovaniI'd prefer to do it on the network level, rather than on the log level21:25
giovanibut that's just met21:25
giovanime*21:25
giovanidenyhosts is another option21:27
giovaniossec as well21:27
qman__I'm not much of a coder, so a daemon might be too much21:27
qman__but I'll look into inode notification21:28
rtg_kirkland, so mainline -rc7 seems to work with encrypted swap. the substantive change that has likely caused this is 'SAUCE: (drop after 2.6.31) Added KSM from mmotm-2009-08-20-19-18' which is a bit of a change from -rc6.21:28
KillMeNowi thought fail2ban parses the log file21:28
qman__I don't have the performance to spare for cron-based log parsing, so it's out of the question, but something that parsed it as it logs would work21:28
kirklandrtg_: okay, what does that patch do?21:28
giovaniqman__: well inode notification just saves you the i/o load of checking the file every X (mili)seconds21:29
giovaniI'm not sure why you think cron is a performance waster in and of itself21:29
rtg_kirkland, its the virtual machine shared memory patch, but it may also have some impact on crypto. I'm gonna revert that and see21:29
qman__well21:29
giovania daemon will keep memory allocated, when a cronjob wouldn't21:29
qman__that's not what I meant, I meant that it has to reread the whole log21:29
giovanino it doesn't21:29
giovanionly a fool would do that21:30
qman__that's where the problem is21:30
giovanithat's unrelated to cron21:30
giovaniand related to how the app is coded21:30
kirklandrtg_: cool, thanks21:30
giovaniyou shouldn't be reading the entire log21:30
kirklandrtg_: oh, duh21:30
kirklandrtg_: yeah, KSM, right21:30
kirklandrtg_: if we have to lose that one, i won't cry about21:30
rtg_kirkland, does KSM in -rc6 work?21:31
kirklandrtg_: good question, i haven't gotten around to it yet21:31
rtg_kirkland, lemme verify first21:31
qman__I just need something to intercept new entries like tail -f, only for a script, not to console output21:32
giovaniqman__: no ...21:32
giovanitail -f is brutal on the disk21:32
giovanithat's the opposite of clean and efficient21:32
qman__regardless of how it collects it, that's the data I need21:33
giovaniheh21:33
giovanibut you're very concerned about performance impact21:34
giovaniso I'm discussing the issues to reduce it21:34
qman__yes21:34
qman__the system is very old and slow, so performance is important21:34
kirklandrtg_: i gotta run for a bit, will be back later21:34
giovanithen consider doing this on the network level21:34
rtg_kirkland, me too, beer night.21:35
kirklandrtg_: oh, that's a lot more fun21:35
rtg_kirkland, biking, then beer.21:35
qman__I have no idea how to intercept that data at the network level, since SSH is encrypted21:35
giovaniqman__: brute forces set up many different connections to SSH21:37
giovanimost IDS/IPS have rules for X number of connections per timeframe from a single host21:38
qman__I already have that set up21:38
giovanithen what's the problem?21:38
qman__I meant for triggering based on which usernames were used as well21:38
giovaniI don't see the need for that21:39
giovaniunless your system isn't catching a specific attack21:39
giovaniin which case you might want to adjust its threshhold21:39
qman__well, it is catching them21:39
qman__but it's really just slowing them down21:39
giovaniwhy isn't it stopping them? it should be blocking that IP at the firewall level21:39
qman__and, if for any reason my iptables gets flushed, the flood gates open21:39
giovani... why are you flushing your iptables of your firewall?21:39
giovanithat's bad21:39
qman__I'm not, but it's happened a few times21:40
nuckablehey everyone, im working on a little ion based ubuntu server, and id really like to put ubuntu server on a usb flash drive and make it boot to ram21:40
giovanialright, well, blocking a handful of countries (presuming you don't have a need to receive legit SSH connections from China, or Brazil, for example) will reduce a large percentage of the attacks21:40
giovanithe rest are mitigated through brute force detection21:40
nuckableso i can fully use the hd space for the samba server21:40
nuckableis that possible/smart?21:40
giovaninuckable: that's a highly custom setup -- look into ramdisks21:41
giovaniit's possible ... smart is another matter21:41
nuckablewhat speaks against it?21:41
giovanilivecds work this way21:41
giovaniit's messy to set up21:41
giovaniit's not standard21:41
nuckablewell sure its messy, but it stays after the initial setup21:41
qman__and without considerable work, it's not persistent21:41
qman__patching is difficult21:41
giovaniright21:41
nuckableyeah, thats the biggest problem im having21:41
giovanithis is not really a way to run a server21:42
giovanipossibly an embedded device21:42
nuckablewhen it loads into ram theres gotta be a way to change the files on the usb flash drive21:42
giovanibut not an active filesystem21:42
giovaninuckable: sure ... many liveusb distros do this21:42
giovanibut it's complex21:42
nuckablei see21:42
giovanicreating a rw filesystem for temp storage, and writing it back out to the ramdisk filesystem, etc21:42
giovaniit's not something I'd ever do on a server21:42
giovaniand it's not something we can really help you with here21:42
giovaniit's highly custom -- and will take a lot of experimentation21:42
nuckablehmmmm21:43
nuckablewell what would you recommend then?21:43
qman__if power consumption is the concern, low-capacity SSDs can be had reasonably cheap21:43
giovaninot doing that ...21:43
giovaninuckable: what's the problem with keeping the OS on a disk?21:43
nuckableqman__, that sounds interesting21:43
nuckablefor the ssd id need a pcie slot, or does pci work too?21:43
giovaniwhat?21:43
giovanino, it's a drive21:43
qman__SSDs connect to regular drive interfaces21:43
qman__usually SATA21:44
giovaniSATA21:44
nuckableoh :/21:44
nuckablewell the mobo only got 4 sata slots21:44
giovani...21:44
giovanithat sounds like more than enough21:44
nuckableand id like to use it as a nas with extras21:44
giovanioh boy21:44
giovanianother nas21:44
qman__a 32/64GB disk can usually be had for about $80, though prices may have changed since I last looked21:44
qman__does the board have IDE?21:45
giovaniif you have a pci slot21:45
nuckableqman__, nope21:45
giovaniyou can add a sata controller21:45
qman__yeah21:45
giovaniwith many more ports21:45
giovanithey can be had for cheap21:45
giovani$2021:45
qman__a four-port SATA controller, non-RAID, is about $40-6021:45
nuckableim eyeing for the nvidia ion board21:45
qman__more than four gets expensive21:45
nuckablecause its got very low power consumption due to the abscence of the intel chipset21:45
qman__your largest power usage is going to be the disks themselves21:46
qman__a SATA controller doesn't use much21:46
giovaniwhy is the power consumption so critical?21:46
nuckablegiovani, cause its gonna be running 24/721:46
giovaniI mean, tons of machines will run on 50-60W these days21:46
giovanisure ...21:46
qman__unless you're on battery, a sata controller is going to be neglegible21:46
giovaniIon is definitely not the *most* efficient21:46
nuckableqman__, its not the sata controller, more the case xD21:47
giovanithe case uses no power21:47
nuckablegiovani, but for the price it does the trick quite well21:47
nuckablegiovani, i was referring to the problem being there aint that much room in the case xD21:47
giovaninuckable: well you can't have everything ...21:47
qman__sata controllers aren't that big21:47
qman__are you referring to space for disks?21:48
giovanidisks are about 10x the space of PCI cards21:48
nuckablegiovani, sure, at least i can try to get as good as possible no? =)21:48
giovaninuckable: but you're being unrealistic21:48
nuckableqman__, yup21:48
* virtualdisaster tries to remember the name of that ubuntu book that is free21:48
nuckablegiovani, so far i havent even decided anything, im just evaluating possibilities21:48
qman__look into 2.5" hard drive sthen21:48
giovaniok21:48
nuckableso i cant be unrealistic yet xD21:48
qman__you can fit a ton of them in the space21:48
giovaniqman__: not for a NAS ...21:48
giovaniclearly he's trying to maximize disk space21:49
giovanifor the NAS storage21:49
nuckableexactly21:49
nuckable4 drives with as much space as possible21:49
giovaniso don't use such a tiny case21:49
qman__yeah21:49
giovaniyou need enough space for the system21:49
giovania SSD is small21:49
qman__you need a bigger case21:49
giovanias is a PCI card21:49
nuckabletrue21:49
nuckableim gonna have to recheck if the ion has a pci slot21:49
giovaniyou can fit both in less space than you can a single 3.5" HD21:49
qman__my file server is a large mid-tower21:49
nuckablecause afaik it only has pcie21:49
giovaninvidia ion is a chipset21:49
giovaninot a board21:49
nuckablethe boards name is ion something21:50
qman__PCI or PCIe is irrelevant21:50
qman__you can get controllers in either21:50
qman__for roughly the same price21:50
qman__you just need to know which you have21:50
qman__also21:51
qman__make sure you're providing adequate cooling for the hard drives21:51
qman__they don't need much, but if you're not getting any air through, they will have a considerably shorter life21:51
giovaniheh21:51
giovanithat's debatable21:51
giovaniHDs have no air intakes at all21:52
giovaniheat is not an issue for most drives21:52
giovanivibration is21:52
giovaniunless the heat you're talking about is 110+F21:52
qman__it also depends on the drives21:52
nuckableyeah im not penny-pinching with the hdd themselves21:52
qman__in my experience, WD drives run very hot21:52
giovaninuckable: this has nothing to do with drive costs21:52
qman__this is about case airflow21:53
qman__small cases tend to not have any21:53
nuckabletrue21:53
nuckablei guess a midi tower wouldnt hurt21:53
giovanichenbro21:53
giovanimakes a really nice NAS case21:53
* nuckable looks it up21:53
qman__I have some 250GB WD drives that have gotten to 50C before I installed more fans21:53
nuckableqman__, but in general would you recommend wd?21:53
qman__I like seagate21:54
nuckablecause so far i had no problems with wd drives21:54
giovanisegates are awesome21:54
giovaniI've hated WDs I've owned21:54
nuckablei already had 2 seagates failing on me21:54
nuckableduring the years21:54
giovanihttp://usa.chenbro.com/corporatesite/products_detail.php?sku=7821:54
giovanithere's the 4-drive case21:54
giovanithey have 2-drive cases as well21:55
bptk421Has anyone tried WD's Green drives for a NAS?21:55
giovanibptk421: they're awful, stay away21:55
giovanigreen drives are very low-end21:55
bptk421In what way?21:55
qman__yeah21:55
giovaniin that we've had 50% of them fail in our fileserver21:55
giovaniover a 6 month period21:55
bptk421ouch21:55
giovani(24-drive fileserver)21:55
qman__I would never buy a drive marketed that way21:55
qman__performance and reliability are more important21:55
giovanigreen drives are the lowest-end for WD21:55
nuckablegiovani, problem with that case is i wont be able to fit an ssd in it21:55
giovanithey're appropriate for grandma's internet machine21:55
giovaninuckable: ... that's not true21:56
giovaniSSDs are small21:56
giovaniyou can velcro it to the side of the case21:56
giovanithat's what I do21:56
nuckablevelcro?21:56
sorenrtg_: Did you find an answer to your question, or do you want me to look?21:56
giovaniyes ... velcro21:56
nuckable(sorry not english native)21:56
giovanithey're light and small21:56
giovanigoogle it21:56
qman__velcro, double sided tape, even drill your own mounting holes21:56
qman__not up for a little modding?21:57
nuckableoh lol21:57
giovanivelcro is the most portable imo21:57
rtg_soren, which question? I found taht the KSM patches in -rc7 are scrogging encrypted swap.21:57
nuckablethe stuff children use to fasten their shoes21:57
nuckablexD21:57
giovanieasy to take the drive out21:57
qman__yeah21:57
giovaninuckable: yes, it's awesome stuff21:57
nuckablehehe21:57
sorenrtg_: Why make doesn't bail out.21:57
qman__velcro is a good idea, since SSDs don't care about shock or heat21:57
giovaniexactly21:57
giovaniand they're light21:57
sorenrtg_: KSM break encrypted swap? Sounds like fun.21:57
rtg_soren, dunno yet, I'll have to get back to that question later tonight.21:57
giovaniI put velcro in every server I build now21:58
nuckableim gonna have to cheak if chenbro is available in my area21:58
giovaniand stick the SSD on it21:58
sorenrtg_: Alright.21:58
giovaninuckable: in your area? no21:58
giovaniyou order online, from a reseller21:58
rtg_soren, I'm on a beer mission right now.21:58
sorenrtg_: Sounds good. Wish I was too.21:58
nuckablegiovani, nope its available21:58
giovanibtw, nuckable21:58
rtg_soren, why are you up so late?21:58
giovaniif you can only get a minipcie slot on your ion board21:58
sorenrtg_: feature freeze21:58
giovanithere are SSDs that fit into mini-pcie21:58
sorenrtg_: It's not that late yet, really, though.21:58
rtg_11P?21:59
sorenrtg_: 11 PM is not unusually late.21:59
sgsaxbeer misson, I like that21:59
rtg_ah, well I'm usually done by 2P21:59
sgsaxapt-get install beer21:59
sorenrtg_: When do you start?21:59
rtg_060021:59
sorenrtg_: Ah. I don't start until some time between 7 and 9.22:00
rtg_anyways, gots to go.22:00
sorenrtg_: And most of my team is 6 hours behind, so if I want to work just a little bit with them...22:00
nuckableok thank you very much giovani and qman__22:02
gene420good evening everyone, and would anyone be familar with setting up ubuntu snmp as a client .....I seem to need help with snmp.conf since snmpwalk works locally23:18
virtualdisastergene420, make sure firewall allows snmp out etc, also man there is something you need to run to get it to work properly23:20
virtualdisasterthere is a program to make messing snmp simpler but i cant recall atm23:20
gene420hmm I don't have a firewall open and I'm sure there is something missing since I don't see any netstat ports open 161 or services running for snmp23:23
gene420opps that open shouldn't be there...no firewall on the unit.....23:24
=== xorigin_ is now known as xorigin
gene420fyi ahh here is the setup script to run snmpconf -g basic_setup23:38
kirklandScottK: ping23:53
kirklandScottK: i'm processing sync requests23:53
kirklandScottK: i see a stack of yours for new packages from debian23:53
kirklandScottK: new-source doesn't seem to know anything about these23:53
kirklandScottK: do you know what's up?23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!