[00:00] <Tom_Ass> slap: I guess you can use NM to edit a static connection too
[00:01] <slap> That's what I did. But I wanted to set up a static DNS. And after reboot, the /etc/resolv.conf is reset ?
[00:02] <Tom_Ass> slap: hmm, that's kind of my experiences too, but now I just use dynamic... :(
[00:02] <slap> I wanted a primary nameserver to look at (my server at home), then the second (my ISP)
[00:04] <Tom_Ass> Hint Auto created connections are not editable. Modifying them without changing names will not be saved
[00:04] <Tom_Ass> does that help you, slap?
[00:08] <slap> Hum, it looks like there's another interface that use DHCP (eth1). I think it reset the resolv.conf. I'll check that...
[02:00] <qman__> I pit a script in /etc/dhcp3/dhclient-exit-hooks.d/ to modify my resolv.conf after it's regenerated
[02:00] <qman__> put*
[02:00] <qman__> so I can make use of the dynamic information while still ensuring the correct order and search domains for my local DNS
[02:37] <roxy09> i there somebody know if ubuntu 9.04 support hotswap hard drives?
[03:12] <ball> hello MunkyJunky
[03:12] <MunkyJunky> Hey again ball
[03:13] <MunkyJunky> Right everyone - my server just seemed like it got attacked (I'm thinking DDoS). Which logs do i look at to find out what happened?
[03:21] <roxy09> Hi there somebody know if ubuntu 9.04 support hotswap hard drives and double processor?
[03:23] <ball> roxy09: I don't see why it wouldn't.
[03:26] <jmarsden> MunkyJunky: Why are you "thinking DDoS"?  What specifically are the symptoms of the issue you are dealing with?  Did you already have a network auditing tool such as argus in place before this happened?
[03:26] <roxy09> well i am purchasing HP but they dont give me warranty that it work with ubuntu, so i would like to know if somebody have experience
[03:26] <roxy09> with this kind of servers
[03:27] <nick125> Does it work with any Linux distro? If so, then it's likely (but not 100%) that it'll work with Ubuntu.
[03:28] <ball> roxy09: ML110 ?
[03:28] <MunkyJunky> jmarsden: I don't run the security of the server, the guy who does is sleeping. I'm just trying to learn a bit atm. All websites hosted on the server were inaccessible, and the server was inaccessible except for ssh
[03:28] <jmarsden> MunkyJunky: Is the httpd running? :)
[03:29] <jmarsden> That does not sound like a DDoS to me.
[03:30] <MunkyJunky> Well, I was going on that by what a friend sugested. All I know is the server wen't pretty kaput, and id like to find out what happened sooner rather than later
[03:30] <jmarsden> Don't guess.  Is httpd running, yes or no?
[03:30] <MunkyJunky> yes it is
[03:30] <ball> MunkyJunky: wake up your server geek.
[03:31] <MunkyJunky> I can't, ball. I have no way of reaching him right now :(
[03:32] <ball> He doesn't sleep with a pager under his pillow?
=== lamont` is now known as lamont
[03:33] <MunkyJunky> Sadly no
[03:34] <ball> I wish pagers were cheaper here.
[03:34] <MunkyJunky> I wish Jam was awake to guide me :/
[03:35] <jmarsden> MunkyJunky: A cellphone would work too :)    Is the server running normally now (you said "was" in your problem description)?  if it is, leave it alone until your guy wakes up.
[03:35] <MunkyJunky> Yea, I rebooted it and its working fine
[03:36] <jmarsden> Then your work is done, wait for your server guru.
[03:36] <MunkyJunky> I thought id end up having to leave it, im just trying to learn a bit about where i should be looking to see what went wrong
[03:38] <jmarsden> It's hard to say where to look, and rebooting may have destroyed some of the evidence anyway... but since a DDoS is extremely unlikely to end exactly at the moment you happened to reboot the server, chances are high that your diagnosis was incorrect.  You can look in all the httpd logs and in /var/log/messages if you want to do some boring reading :)
[03:40] <MunkyJunky> haha ty
[03:41] <MunkyJunky> I'll have a poke about, and I _might_ earn something
[04:01] <roxy09> hi, sorry about the delay it is a DL360 and DL185 G6
[04:01] <ball> roxy09: Nice machines.
[04:05] <roxy09> thanks :)
=== root is now known as Guest89086
=== Guest89086 is now known as imchrislabeard
[04:08] <imchrislabeard> Hey guys, I've been working on this for awhile and it works and then it stops working... A subdomain that is
[04:56] <Guest35625> hi i have absolutely no idea how to use ubuntu server. i want to turn my old laptop into a server. can anyone point me in the right direction to learn how to do that?
[05:00] <qman__> Guest35625, first you need to decide what you want to use it for
[05:00] <PhotoJim> Guest35625: decide what you want to do with it... and then do some googling to see what the packages are that will do that.
[05:00] <Guest35625> okay, so.
[05:00] <PhotoJim> Guest35625: e.g. if you want to do file sharing... you might want NFS for sharing with Linux/BSD machines, and Samba for windows machines.
[05:00] <PhotoJim> Guest35625: if you want it to be a mail server... you might want to use postfix or exim or sendmail.
[05:01] <qman__> he probably doesn't want to use sendmail
[05:01] <Guest35625> i don't know what my options are. i definitely want to use it for sharing files, especially torrents, but also things that could be downloaded from websites.
[05:01] <PhotoJim> qman__: he could.  I agree he wouldn't want to :)
[05:01] <qman__> Guest35625, those are jobs for a desktop, not a server
[05:02] <qman__> for torrents, you might look into torrentflux
[05:02] <Guest35625> ugh
[05:02] <Guest35625> i'm so sorry but
[05:02] <Guest35625> what really is the difference between a desktop and a server
[05:03] <qman__> the pieces of software you install
[05:03] <qman__> server does not have a GUI
[05:03] <qman__> so browsing websites and downloading files is not for a server
[05:03] <qman__> storing files is a server job
[05:03] <Guest35625> right, for sure
[05:04] <qman__> torrentflux is a website that downloads torrents for you
[05:04] <qman__> so you access it from your desktop
[05:04] <qman__> I'm not sure if that's what you want, so read up on it
[05:05] <qman__> servers do things for clients, they provide functions that would be inconvenient on a client machine, and functions that require 24/7 operation, where you would not want your client running
[05:06] <qman__> they provide centralization for other types of functions like mail and file storage
[05:06] <Guest35625> right
[05:06] <qman__> they provide services like DHCP and DNS, and can be routers
[05:06] <qman__> and host web sites
[05:08] <qman__> laptops are suited to a particular type of home server, ones that don't need a lot of disk space but need uptime and battery-backup
[05:08] <qman__> such as a print server
[05:08] <qman__> laptops generally have small hard drives, so they're not good for file servers
[05:08] <qman__> and generally can't handle high CPU applications, due to heat
[05:10] <Guest35625> oh
[05:10] <Guest35625> well
[05:10] <Guest35625> i'm kinda learning, and its what i got
[05:10] <qman__> well, what you should do
[05:10] <Guest35625> and really the biggest need right now is to up my ratio on a private tracker
[05:10] <qman__> is instead of setting out to install "a server", you should first figure out what functions you need
[05:10] <PhotoJim> an older desktop would make a better 24/7 server than a laptop
[05:10] <Guest35625> thats why i'm here :)
[05:11] <PhotoJim> but frankly you just need a desktop you can leave on 24/7
[05:11] <qman__> seeding torrents can be done on a server, but that's not really the type of thing you get a server for
[05:12] <qman__> unless you need a setup like torrentflux, to create user accounts and manage an entire network's torrents together on one machine
[05:12] <Guest35625> hmmm interesting
[05:12] <Guest35625> so are you saying i'd do better to install ubuntu desktop on my laptop, leave it on 24/7 and seed?
[05:13] <qman__> probably not, because laptops aren't designed to run 24/7
[05:13] <qman__> if you do that, make sure you take precautions for extra cooling
[05:13] <Guest35625> but i'm a student with no money and this old laptop
[05:13] <Guest35625> will do
[05:13] <PhotoJim> what you want to do is kind of like running a dirt-hauling business with a hatchback :)
[05:13] <PhotoJim> you can do it but it will kind of suck :)
[05:14] <PhotoJim> you don't need a good desktop.
[05:14] <PhotoJim> my server was a Pentium II for years.
[05:14] <PhotoJim> right now it's a Pentium III.
[05:14] <qman__> if you're going to do it, I suggest standing it up slightly open, like an A shape
[05:14] <qman__> and if it runs particularly hot, get a fan
[05:14] <PhotoJim> if you run it on a server distribution you don't need a GUI.
[05:14] <Guest35625> what does that mean
[05:15] <qman__> you should choose the operating system based on the role
[05:15] <PhotoJim> I'm saying that I have two jobs and I have money and I have a server that cost $50.
[05:15] <qman__> if you want to run something like torrentflux, server is appropriate, but if you just want to run a GUI torrent client, desktop is better
[05:15] <PhotoJim> and you could probably get someone to give you a Pentium III system for nothing.
[05:15] <Guest35625> ah i gotcha
[05:15] <PhotoJim> so being a student isn't an issue.
[05:15] <PhotoJim> you don't need a Core 2 Quad to run a home server.
[05:16] <qman__> my shell server is a 200MHz K6
[05:16] <Guest35625> well i mean
[05:16] <qman__> I probably couldn't give it away
[05:16] <Guest35625> i just want to get started with a server
[05:16] <PhotoJim> a Pentium II or III won't be fast, but it will do fine for what you want.  and it will be cheap.
[05:16] <Guest35625> its like what i did with linux
[05:16] <Guest35625> i was like
[05:16] <Guest35625> TODAY I WILL LEARN LINUX
[05:16] <Guest35625> and i did
[05:16] <qman__> to "get started with a server"
[05:16] <PhotoJim> my first Linux machine was a 486sx25 :)
[05:16] <qman__> you have to first start with a role to fill
[05:16] <Guest35625> im no pro, but i can work my way through it competently
[05:16] <PhotoJim> I still have it.  it still runs.  I just don't do anything useful with it anymore. :)
[05:16] <Guest35625> lol
[05:17] <PhotoJim> get the best machine you can get for free or cheap.  disk space and RAM are more important than CPU speed.
[05:17] <PhotoJim> I had 400 GB of disk space in my PII server.  it was fine.
[05:17] <PhotoJim> the only reason I upgraded was because I fell into an opportunity.
[05:17] <qman__> yes
[05:17] <qman__> you choose the hardware based on the role as well
[05:17] <qman__> a file server, a slow CPU is fine
[05:18] <PhotoJim> it ran my file server and web server and DNS and it barely worked.
[05:18] <PhotoJim> it was fine with 256 MB of RAM, but I maxed it out to 768 when I had the chance and a few bucks.
[05:18] <qman__> 256 is plenty for that grade of machine
[05:19] <qman__> my shell server can only hold 256, it's maxed out
[05:19] <qman__> the main problem with that machine
[05:19] <qman__> it's only i586
[05:19] <qman__> so I can't use i686 kernels
[05:20] <PhotoJim> not that that's a huge issue
[05:20] <qman__> no, just annoying
[05:20] <qman__> I once installed gentoo on that
[05:20] <qman__> took three weeks
[05:21] <PhotoJim> compile a custom kernel :) that way you'll have optimized performance.
[05:21] <qman__> I did a stage 2 with the 2004 release
[05:21] <qman__> back when they still supported that
[05:21] <qman__> it was a great learning experience
[05:22] <qman__> gentoo is too much hassle for the real world, though
[05:22] <qman__> ubuntu gets it done, and quick
[05:22] <Guest35625> okay
[05:23] <Guest35625> what if i want to run a web cms like dnn
[05:23] <qman__> a web cam?
[05:23] <qman__> oh
[05:23] <qman__> cms
[05:23] <qman__> you will first need a web server stack
[05:24] <qman__> you can do LAMP, or go with something more lightweight like nginx or lighttpd
[05:25] <qman__> that depends on the needs of the web software you choose and your personal preferences
[05:25] <jmarsden> qman__: Do you know what dnn stands for in the context of CMSes?  if not, why are you advising Guest35625  about it?
[05:25] <qman__> I don't know what dnn is, but I know plenty of other CMSes
[05:25] <jmarsden> DNN is DotNetNuke which uses the .Net framework...
[05:26] <Guest35625> lol
[05:26] <qman__> oh
[05:26] <Guest35625> which means no lamp
[05:26] <qman__> that means no linux
[05:26] <qman__> unless it somehow works on mono?
[05:26] <qman__> but I wouldn't advise that even if it does work
[05:26] <Guest35625> okay
[05:27] <Guest35625> so i should install 8.10 desktop 64 on my lappy
[05:27] <Guest35625> then use a web gui for torrents or a remote desktop connection?
[05:27] <qman__> well
[05:27] <Guest35625> to manage the computer
[05:27] <qman__> you should not install 8.10
[05:27] <jmarsden> Why 8.10?  9.04 exists...
[05:27] <qman__> you should install 8.04 or 9.04
[05:27] <Guest35625> jk 9.04
[05:27] <Guest35625> i forgot what today was
[05:27] <Guest35625> :)
[05:28] <qman__> also, when you said old laptop, I assumed older than that
[05:28] <Guest35625> no, its just not my new laptop
[05:29] <Guest35625> my old laptop is running a T5200 intel core duo
[05:29] <Guest35625> which i think is 1.6
[05:29] <qman__> I have a PII thinkpad as a print server
[05:29] <Guest35625> 2 gb ram, 120 gb hard drive
[05:29] <Guest35625> some gosu gpu that i'll never use D:
[05:29] <Guest35625> but run 9.04 64 bit desktop and use remote desktop to access it?
[05:30] <Guest35625> would be more advantageous to me than a server?
[05:30] <qman__> you couldn't use remote desktop, since that's a windows thing
[05:30] <qman__> but you could use VNC or XDMCP
[05:31] <Guest35625> i thought ubuntu had a built in remote login
[05:31] <qman__> it does, VNC and XDMCP
[05:31] <qman__> but that's different from Remote Desktop, which is a windows software
[05:32] <Guest35625> sorry
[05:32] <Guest35625> could i still use my lappy to host a file and access it through its ip address?
[05:32] <simplexio> or run ubuntu-desktop in vbox to in win machine to acces remote desktop to server like i do, i get native  win for games (HOI3) and real production desktop on same computer
[05:33] <jmarsden> Ahem... Ubuntu includes an RDP client called rdesktop, but no RDP server component.  But all of this discussion of graphical UIs is off topic for #ubuntu-server.
[05:33] <qman__> yes, it is
[05:34] <Guest35625> well, could i still use my laptop to host a file and access it throug the ip address on ubuntu desktop? or is that a server only thing?
[05:34] <qman__> yes, you can install samba on a desktop
[05:34] <Guest35625> good stuff
[05:34] <simplexio> Guest35625: yeah. samba/nfs and all other file server thingies still can be installed
[05:35] <Guest35625> any ideas for getting started with servers?
[05:35] <Guest35625> forreal, server talk is sexy
[05:35] <Guest35625> you take a girl out for dinner and you tell her all about how big your SQL server is and they get all hawt
[05:36] <qman__> like I've said before, you have to come up with a task or purpose first
[05:36] <Guest35625> i don't have one, but certainly its possible to learn about something without needing it quite yet
[05:36] <Guest35625> in programming you program the euclidean algorithm to calculate primes--as if you're ever going to use that...
[05:37] <qman__> system administration and programming are two very different fields
[05:37] <qman__> even if you're not in a production environment, you still need to decide on a task to perform
[05:37] <Guest35625> so what kinds of tasks are good for beginniners? charge me with one
[05:39] <qman__> we've gone through plenty already
[05:39] <qman__> mail, file servers, web servers
[05:39] <Guest35625> but which is the one i've been charged with?
[05:39] <qman__> DNS, DHCP
[05:39] <Guest35625> whats a web server, exactly?
[05:39] <qman__> a server which hosts a website or web application
[05:40] <qman__> you could do something like oscommerce or phpbb
[05:41] <Guest35625> interesting
[05:41] <Guest35625> thats a really cool idea
[05:41] <Guest35625> thanks for the info
[07:53] <imchrislabeard> Hey guys i'm not sure what i did but when i restart apache i get this message - http://pastebin.org/13577
[08:19] <Auckla> Hi.
[08:20] <Auckla> I just installed Ubunutu server to try it out. I was hopeing for some kind've graphical interface like Redhat or something. Ehehe. I come form a BSD enviroment. Is there somewhere other then, " https://help.ubuntu.com/9.04/serverguide/C/index.html " <--- Hear to start with?
[08:25] <qman__> ubuntu server does not include a GUI, since it is generally considered a security risk on servers
[08:26] <qman__> if you want a GUI, look into ubuntu desktop
[08:32] <qman__> imchrislabeard, that message means apache couldn't determine the FQDN of the server, a DNS issue
[08:33] <imchrislabeard> qman__: ahh okay so thats located somewhere in the hosts directory
[08:34] <qman__> apache is a little more picky, it won't just take the system hostname
[08:34] <imchrislabeard> what do i need to make it my systems name is longhornpc the primary domain is longhornpcrepair.com
[08:34] <qman__> it wants an FQDN
[08:36] <imchrislabeard> oo okay ... does the server need to have a primary domain just for it
[08:36] <qman__> well
[08:36] <qman__> your FQDN in that case is longhornpc.longhornpcrepair.com
[08:36] <qman__> so, in /etc/hosts
[08:36] <qman__> you should have something like
[08:36] <qman__> 127.0.0.1 localhost
[08:36] <qman__> 12.34.56.78 longhornpc longhornpc.longhornpcrepair.com
[08:37] <qman__> where 12.34.56.78 is your listening IP address
[08:37] <imchrislabeard> well the way i have it set up right now is server is http://longhornpc pointing at the /home directory and then longhornpcrepair.com is home/longhornpc
[08:38] <qman__> this doesn't have to do with the sites themselves
[08:38] <qman__> this is a systemwide configuration
[08:38] <imchrislabeard> oh alright well it seems like all this happend once i tried to set up my RNDC key
[08:38] <qman__> for each domain name you're listening on, it must resolve to an IP for the system, and the quickest way is to add it to /etc/hosts
[08:39] <qman__> the other way is to set up full DNS
[08:39] <qman__> which it looks like you did, and it broke
[08:39] <imchrislabeard> yeah i have a dns set up on this server
[08:39] <qman__> well, if it's broken
[08:40] <qman__> I would back up your zone file and remove bind with the --purge option to clear the config
[08:40] <qman__> and then reinstall bind
[08:40] <imchrislabeard> well all of my domains are working fine it seems but my subdomain will work for a little while in then stop working
[08:43] <imchrislabeard> but i just get that warning from apache .. so i was kinda curious what was goin on
[08:43] <qman__> yeah, that just means there's a DNS problem
[08:43] <qman__> and apache can't determine the FQDN of the system
[08:43] <Auckla> I am sorry, I have ran bsd for so long, I was lookng for something I could be lazy about hear for the local network. Excuse me if that sounds offending.
[08:44] <Auckla> hear, here. Poor me another screwdriver. :P Hah! :P
[08:44] <qman__> Auckla, I'm not sure what you mean, but the Ubuntu Server Guide is the best place to start off in building a new server
[08:45] <qman__> you can skip the parts not relevant to your application, of course
[08:45] <Auckla> Ag, I'm horrible length wireless hear at my new house, and I guess I am going to have to download another cd at 150k\s a second.
[08:45] <imchrislabeard> qman__: alright so you said earlier the FQDN would be longhornpc.longhornpcrepair.com
[08:45] <Auckla> God I keep mispelling that word. :P
[08:45] <qman__> imchrislabeard, yes
[08:46] <imchrislabeard> qman__: would i add this to my named.conf ?
[08:46] <Auckla> I would like to install x on this system, so I could then install synergy.
[08:46] <qman__> Auckla, you would only need ubuntu desktop if you want a GUI, though that won't help much in setting up a server, since there aren't any GUI server apps
[08:46] <Auckla> If anyone is framiliar with that.
[08:46] <qman__> imchrislabeard, no
[08:47] <Auckla> Gah, I just care about php,mysql and apache. :)
[08:47] <qman__> imchrislabeard, you just need to make the system resolve that name to your IP in some way, either by adding it to your zone file, or adding it to /etc/hosts
[08:47] <qman__> Auckla, then you want LAMP
[08:48] <Auckla> I installed it, but where is my gui to boot? :P
[08:48] <qman__> Auckla, there is none
[08:48] <Auckla> I have seen a lot of linux distros. Hehe, not use to one being real I guess.
[08:48] <qman__> Auckla, you can install a GUI package, but that's not supported in this channel
[08:48] <qman__> since ubuntu server is designed to be used console only
[08:48] <Auckla> Hehe, thank you for your conversation.
[08:49] <imchrislabeard> qman__: alright so in "longhornpcrepair.com.hosts" i would add longhornpc.longhornpcrepair.com and give it the public ip or the internal ip...
[08:49] <Auckla> Word, dig it. I got it np. :D
[08:49] <qman__> if all you want is remote administration, install ssh
[08:49] <imchrislabeard> qman__: sorry if im asking too many questions
[08:49] <qman__> imchrislabeard, I don't know what that file is, is that your DNS zone file?
[08:50] <qman__> that name should point to whatever IP apache is listening on
[08:50] <qman__> be it public or internal
[08:50] <imchrislabeard> qman__: i have a zone file for each domain... and my dns server is on the longhorn
[08:51] <qman__> that naming is confusing
[08:51] <qman__> a DNS zone file and a hosts file are completely different
[08:52] <qman__> zone files contain records formatted a certain way
[08:52] <qman__> but in any case
[08:53] <qman__> if you are doing this in DNS, the zone for longhornpcrepair.com should contain an A record pointing longhornpc.longhornpcrepair.com to whichever IP that apache server is listening on
[08:53] <cef> qman__: afaik, he's using webmin, which does uses that sort of silly convention
[08:53] <cef> err does use even.. damn brain
[08:54] <qman__> hah
[08:54] <cef> been a long day. :/
[08:54] <qman__> been there :)
[08:54] <imchrislabeard> i was using webmin but i have been creating the dns hosts files without using webmin
[08:55] <imchrislabeard> i like having them separate
[08:59] <imchrislabeard> yeah well it looks like my FQDN is "longhornpc" which isn't qualified so i need to just change that
[09:06] <imchrislabeard> why is that the only web panel that is supported for ubuntu is the worst one ?
[10:11] <acalvo> anyone know if profile acls samba directive works with xp sp3?
[13:20] <acalvo> hi
[13:21] <acalvo> I'm trying to manage all my network printers using CUPS in a SAMBA server, so I'm looking for a good tutorial that covers this area
[13:21] <acalvo> I've looked in the ubuntu community and didn't find anything useful
=== bogey2 is now known as bogeyd6
[14:09] <clusty> how can I prevent a service from ever starting?
[14:10] <clusty> somehow avahi found it's way into my sys :D
[14:15] <sub> clusty: I forget the exact usage, but update-rc.d should do what you need it to do
[14:15] <clusty> sub, thanks
[14:16] <sub> update-rc.d -f remove avahi-daemon perhaps
[14:29] <slacker_nl> i would just chmod -x the init.d script
[14:34] <giovani> slacker_nl: that's not a proper solution
[14:35] <slacker_nl> giovani: you are right, just remove the rc?.d/[SK] scripts
[14:36] <slacker_nl> but, when you want them again, you need ro recreate the rc?.d symlinks, and chmod +x is easier
[14:50] <PhotoJim> slacker_nl: I tend to just rename scripts I don't want to run.  that way it's obvious why they're not working.  -x isn't obvious.
[14:52] <sub> slacker_nl, PhotoJim - update-rc.d handles creating and removing of the symlinks and is used by debian packaging
[15:05] <bunny> ow do i make an extended partition from the partitioner in the installer?
[15:06] <slacker_nl> sub: i know, but if you also maintain solaris boxes, you want a way which is the same on all platforms
[15:12] <VirtualDisaster> slacker_nl, there is no "universal" way except to write a wrapper around the native tools
[15:13] <VirtualDisaster> especially w/ solaris....
[15:47] <clusty> hey
[15:47] <clusty> what tool would you suggest to automate system configuration?
[15:48] <clusty> currently i am looking at puoppet and maybe cfengine
[15:49] <aubre> some people say chef is good , I don't know much about it personally
[15:53] <clusty> aubre, looks quite complicated to setup
[15:54] <aubre> clusty: yeah
[16:02] <jtimberman> clusty: Chef :-)
[16:03]  * jtimberman works for the company that wrote Chef.
[16:03] <jtimberman> Pop into #chef if you have any questions.
[16:03] <clusty> :D
[16:03] <clusty> lool
[16:03] <jtimberman> I also packaged Chef for Ubuntu Karmic :)
[16:03] <clusty> jtimberman, bad idea divulging that
[16:03] <jtimberman> Why?
[16:03] <jtimberman> Its not a secret.
[16:03] <clusty> now if i decide to go for chef you will be machine gunned with questions
[16:04] <clusty> :D
[16:04] <jtimberman> yeah but thats my job.
[16:08] <aubre> I'm looking forward to finishing up my UEC install, just can't work on it at the moment
[16:10] <clusty> jtimberman, chef feels a very big gun for what i need. basically we got a new computational cluster: 20 machines conected over the network. I want to keep the conf across these machines homogenous
[16:10] <jtimberman> clusty: you don't need the server part of chef, you can run just solo mode.
[16:11] <clusty> jtimberman, so how does it work then: not like configure 1 machine and use some framework to propagate the confs ?
[16:13] <jtimberman> clusty: no, each client is an autonomous unit. the client is 'fat'. it gets the configuration (cookbooks with recipes) from a server (client/server mode), or from a remote url or a local directory (solo mode). then the client / solo parses the recipes and takes the actions appropriate.
[16:14] <clusty> jtimberman, i see. so is good enough to mount the same file over NFS and just edit the file
[16:15] <clusty> file=cookbook/recipes
[16:15] <clusty> ..gotta love the depths to which the analogy was pushed D:
[16:16] <jtimberman> clusty: that's certainly possible. chef-solo supports retrieving from a URL, a la "chef-solo -r http://opsmaster.int.example.com/cookbooks.tar.gz"
[16:16] <jtimberman> but you could use a directory mounted via NFS instead if thats your preference.
[16:16] <jtimberman> clusty: and yes, the cooking metaphor is highly abused :)
[16:16] <jtimberman> with shoutout to Chef from South Park, The Swedish Chef from the Muppets, and the Lego Chef minifigs.
[16:18] <clusty> that is one thing that makes linux much more full of flavour
[16:18] <clusty> all the g33ky inside jokes
[16:18] <clusty> i guess 50% of a project success comes from it's funky name/icon
[16:18] <clusty> logo
[16:19] <genii> Recursive acronyms, etc
[16:20] <jtimberman> don't forget chef's data gathering counterpart, ohai.
[16:20] <jtimberman> 'ohai, here's some json about your system'
[16:20] <clusty> guess the joke needs to be explained :D
[16:20] <clusty> what is the funny part of ohai ?
[16:21] <clusty> some lolcatz spelling?
[16:21] <uvirtbot> New bug: #418220 in php5 (main) "apache2 crashed with SIGSEGV in pdo_parse_params()" [Undecided,New] https://launchpad.net/bugs/418220
[16:22] <jtimberman> yup
[16:22] <jtimberman> so, geeky inside joke :)
[16:22] <clusty> yeap
[16:24] <clusty> jtimberman, guess chef wins :D
[16:24] <clusty> not as scary as it seemed in the beginning
[16:24] <jtimberman> clusty: It really isn't. The big thing is lots of dependencies.
[16:25] <jtimberman> and with Karmic, you can apt-get install chef and have a functional chef client, or chef-server to get a functional server.
[16:25] <jtimberman> and we're working on backporting to other ubuntu releases back to hardy.
[16:26] <clusty> jtimberman, what about the stable one?
[16:26] <jtimberman> jaunty?
[16:26] <clusty> yes
[16:26] <giovani> slacker_nl: no, that's what update-rc.d is for
[16:26] <jtimberman> karmic packages "should" work there, but there aren't backport packages yet.
[16:27] <clusty> jtimberman, a wee bit of a turn off. will try to see how annoying is it to get it working from repo
[16:27] <clusty> jtimberman, i saw examples to synch conf files. how can I synch list of installed packages?
[16:27] <jtimberman> clusty: sure, join #chef if you have any further questions.
[16:28] <jtimberman> clusty: you can manage packages individually, so if you start from the same base image, you'd have whatever packages installed from chef's recipes that you told it to install. (plus dependencies of those when using apt)
=== cemc1 is now known as cemc
[16:37] <clusty> got a small question about updating a PC: it is running ubuntu 8.04
[16:37] <clusty> should update in one go to 9.04 or pass through each intermediate version? 8.04->8.10->9.04 ?
[16:38] <ScottK> clusty: Yes.
[16:38] <ScottK> Each intermediate version
[16:38] <clusty> ScottK, how likely is it to break stuff ?
[16:39] <clusty> so far I have postgres DNS DHCP and LDAP running on that machine
[16:39] <clusty> ppl will scream if that goes down for a long time :D
[16:39] <ScottK> clusty: running lvm or softraid?
[16:39] <clusty> ScottK, nope. hardware raid
[16:40] <ScottK> They'll scream less that if it goes down long enough for you to reinstall the box.
[16:40] <ScottK> BTW, mostly services stay up during the upgrade.
[16:40] <ScottK> Most of the outage would be for the reboot.
[16:40] <clusty> ScottK, added twist: machine is in germany and i am in canada :D
[16:41] <heath|work> Is there a way to tell kvm to unplug a network cable on a virt?
[16:41] <clusty> there are some half way savvy ppl there
[16:45] <bobg> I want to build a LDAP server for my company. Is ubuntu a decent OS to use for this? Does it have any apps (in the standard repo) to help manage users? Is there much difference between hardy and jaunty in support as an LDAP server?
[16:46] <Sam-I-Am> you'd really want the openldap packages from karmic
[16:46] <Sam-I-Am> if possible
[16:46] <Sam-I-Am> but otherwise, ubuntu is finwe
[16:48] <clusty> bobg, it's as good as any other one
[16:48] <clusty> Sam-I-Am, i just set up ldap user auth with hardy ldap
[16:50] <Sam-I-Am> clusty: ok?
[16:50]  * bobg is googling karmic 
[16:50] <Sam-I-Am> (its the next release)
[16:50] <bobg> oh
[16:50] <Sam-I-Am> or... you can run hardy and use my backports.
[16:51] <Sam-I-Am> which contain most of the fixes since hardy's packages
[16:51] <bobg> so there have been a lot of work done recently on it?
[16:51] <Sam-I-Am> LTS releases are good for servers
[16:51] <clusty> Sam-I-Am, the actual ldap was hard part
[16:51] <clusty> the user auth went very smooth
[16:51] <Sam-I-Am> well, hardy is technically from 04/08... so 1.5 years ago or so.
[16:51] <clusty> took me forever to figure out how to import datas and stuff like that
[16:51] <Sam-I-Am> openldap moves quickly, often faster than ubuntu
[16:52] <bobg> Sam-I-Am: I was trying to stay LTS, but I find if a load up a hardy xen VM it crashes with a "stuck cpu" so I have been migrating to jaunty if a vm experiences that
[16:53] <Sam-I-Am> i havent used xen, but hardy seems fine under vmware and vbox
[16:54] <Sam-I-Am> you could search for bug reports on that... see if theres a fix... if not, try to get a bug report going
[16:54] <bobg> Sam-I-Am: is it the actual openldap that I want a later version of, or is it support  packages that modify the schema or provide tools to manage users?
[16:54] <clusty> Sam-I-Am, so ther eis a high likelihood that updating from 8.04 to 9.04 smething will break?
[16:54] <clusty> as far as ldap goes
[16:56] <Sam-I-Am> clusty: configuration as a client is roughly the same
[16:56] <clusty> Sam-I-Am, i meant on the server side
[16:56] <clusty> once setup in hardy should work in jaunty?
[16:56] <Sam-I-Am> bobg: particularly the openldap packages/libraries... but it might help management tools as well.  i usually just write my own.
[16:57] <clusty> bobg, that is only sucky part
[16:57] <Sam-I-Am> clusty: upgrading *should* work... however, back up the database manually first.
[16:57] <clusty> bobg, importing users
[16:57] <bobg> Sam-I-Am:  I went through a huge. long process with xen + hardy -- it turn out that the xen guys considers hardy's kernel  version to be a problematic  xen kernel.  The problem is only with high, prolonged loads (and maybe agrevated by our internal app)
[16:57] <Sam-I-Am> i usually dont let ubuntu auto-upgrade anything for me
[16:57] <Sam-I-Am> bobg: you could pop another kernel on hardy
[16:58] <bobg> Sam-I-Am: i could not find a compatible alternate xen kerenel for hardy (after much work:)
[16:59] <Sam-I-Am> surely there are people running hardy on xen
[16:59] <bobg> Sam-I-Am: but, I am starting from scratch with this ldap project so I could start with jaunty from th start
[17:00] <Sam-I-Am> sure, but which release you choose depends on how often you want to do forklift upgrade of server-class stuff
[17:00] <bobg> yeah, we have DNS servers, web servers (that are not heavily loaded) and other things taht are working fine with xen - hardy
[17:01] <bobg> so for many things its not problem
[17:02] <bobg> its intersesting to note that amazon ec2 uses xen and their hard images use a modified fedora  8 xen kernel
[17:02] <bobg> s/hard/hardy/
[17:02] <Sam-I-Am> thats amusing
[17:08] <bobg> clusty: thanks for your comments. I setup our first LDAP server 3 years ago and getting teh schema and user data correct was a real PITA
[17:08] <clusty> bobg, some guy from #LDAP gave me his pythin script
[17:09] <clusty> with some modifications i got it to make the right ldif-s
[17:09] <bobg> I was hoping that in the latest ubuntu I could just install some higher level package and have a gui to add, edit and delete users :)
[17:10] <Sam-I-Am> theres phpldapadmin
[17:10] <Sam-I-Am> and a few others
[17:10] <bobg> clusty: hmmm, I will hang out there (#ldap) will I do this and see what tips I can get
[17:10] <Sam-I-Am> luma is a decent gui tool with limited built-in features
[17:11] <clusty> bobg, problem is they are quick to pull the RTFM line :D
[17:11] <clusty> not very understanding with us, mere feable minded mortals that are just starting with LDAP
[17:11] <bobg> :) I probably have a lot of reading to do
[17:12] <jtimberman> phpldapadmin is pretty good. jxplorer is a standalone gui that also works but i don't know if its packaged in ubuntu.
[17:12] <Sam-I-Am> http://packages.ubuntu.com/hardy/web/gosa
[17:12] <jtimberman> clusty: and the problem with that FM (ldap) is its huge, complicated, and ldap itself is confusing.
[17:12] <Sam-I-Am> might be a thought...
[17:13] <bobg> i use a old version of phpldapadmin now -- it fine to do IT maitainence, but the higher level stuff sucke -- I will check out to see how they have improved
[17:13] <Sam-I-Am> ldap is so diverse and open that its difficult to write an app that handles everyones situation
[17:13] <bobg> Sam-I-Am: gosa looks interesting:)
[17:13] <clusty> jtimberman, well they don't easy you in
[17:13] <Sam-I-Am> you're generally stuck picking something and dealing with its crap, or writing your own
[17:13] <clusty> you get shitloads of switches and funny acronyms that make no sense
[17:14] <clusty> and to top it up the thing that killed me is: querying the wrong base path gives you bad username :D
[17:14] <clusty> so i bashed my head against the wall for a few days to figure that one out
[17:14] <Sam-I-Am> well, duh
[17:15] <Sam-I-Am> it can't find who you're looking for
[17:15] <clusty> should say that LD
[17:15] <clusty> :D
[17:15] <clusty> dunno WTF you are talking about, not invalid credentials
[17:16] <bobg> if it had decent error messages, then what would the ldap guru's do with their secret decoder rings:)
[17:16]  * Sam-I-Am notes he's also in #openldap and #openldap-devel :P
[17:17] <Sam-I-Am> we dont bite that hard...
[17:18] <Sam-I-Am> i'd just make sure you've done some reading first
[17:20] <bobg> Sam-I-Am: I should have guessed that from your earlier comments:)  It was a general comment that could be said for any open source project (and many closed source too:)
[17:21] <bobg> (no offense intended)
[17:23] <Sam-I-Am> i know
[17:24] <bobg> Sam-I-Am: to clarify, if you were building either a hardy or jaunty based ldap server today, you would be looking to get a backported karmic openldap?
[17:24] <Sam-I-Am> yes
[17:25] <bobg> or is the jaunty version up-todate enough?
[17:25] <bobg> ok
[17:25] <Sam-I-Am> its better than intepid/hardy for sure
[17:25] <bobg> thanks
[17:25] <Sam-I-Am> depends on what youre doing with it
[17:25] <Sam-I-Am> for example, multi-master and mirror-mode work much better in 2.4.17 than 2.4.15 and earlier
[17:26] <Sam-I-Am> i use LTS because all of the other packages are supported/updated for longer than intermediate releases... not that i plan to run hardy forever, but potentially longer than other releases would be officially supported
[17:27] <Sam-I-Am> then i backport or custom build newer stuff to work on LTS
[17:28] <bobg> i am looking for a basic master/slave setup  with a pretty full shema -- postfix for ubuntu logins, samba (PDC if will still have too), raduis, various one off ldap web apps
[17:29] <bobg> s/will still.../we still .../
[17:29] <bobg> i think building and maintaining the schema is my major fear
[17:30] <Sam-I-Am> do you need a custom schema?
[17:30] <bobg> our current schema grew into a mess, so I am starting over
[17:30] <Sam-I-Am> otherwise its easy
[17:30] <bobg> is there a standard schem that does posfix + samba?
[17:30] <Sam-I-Am> samba has its own schema
[17:31] <mathiaz> Sam-I-Am: have you tried to pushed the new version of openldap in hardy-backports?
[17:31] <mathiaz> Sam-I-Am: https://help.ubuntu.com/community/UbuntuBackports
[17:31] <mathiaz> Sam-I-Am: ^^ seems like a good place to push new versions of openldap for an LTS
[17:32] <Sam-I-Am> i think theres a postfix-ldap package which contains the ldap stuff
[17:32] <bobg> I am on the fence to try to abandon samba support all together - we are moving from windows clients to linux (for users) but we still have quite a few windows machines that need to access shared file servers
[17:32] <Sam-I-Am> mathiaz: no, not yet... it doesn't backport cleanly due to dependency problems.
[17:33] <Sam-I-Am> mathiaz: i just backported the newer dependencies for my stuff... havent had time to make it work with original hardy stuff
[17:33] <mathiaz> Sam-I-Am: right. Sometimes you'd also need to backport some of the dependencies to hardy too
[17:34] <Sam-I-Am> is there a method to determining which ones are ok to backport?
[17:35] <bobg> woops I realize I was writing postfix when I meant posix  (we need both)
[17:35] <Sam-I-Am> i keep everything in launchpad PPAs... so you could check my PPA dependencies for the openldap packages and see if they work for you... then backporting would be easier since most of the work is done
[17:36] <Sam-I-Am> mathiaz: https://launchpad.net/~ionosphere80/+archive/msk-7
[17:36] <Sam-I-Am> bobg: posix is its own schema too
[17:36] <mathiaz> Sam-I-Am: the wiki page listed above outlines how to get things accepted in backports.
=== root is now known as Guest26989
[17:37] <bobg> and do the posix and samba schemas coexist well? or would my life be much easier to deal with only posix?
[17:37] <bobg> clusty:
[17:37] <Sam-I-Am> they work fine together
[17:37] <Sam-I-Am> and you can add kerberos without any issues :)
[17:37] <bobg> ok cool
[17:38] <Guest26989> how do ip show the ip addresses 24.249.66.129 - 24.249.66.142 in the format 24.249.166.129/143?
[17:39] <bobg> I have always been fuzy on the role of kerberos in relation to samba / windows pdc / radius
[17:39] <bobg> Guest26989: in what context?
[17:39] <Guest26989> I have the following static ip address and need to put them into the mynetworks section in postfix and need the correct way to do that.
[17:40] <Guest26989> Sorry these are the ips 24.249.66.129 - 24.249.66.142
[17:40] <bobg> oh i see
[17:41] <bobg> if my math is right, thats a range of 12 ips so it can't be expressed as one range
[17:42] <clusty> bobg, i did just the posix stuff
[17:42] <Sam-I-Am> bobg: single-sign-on for unixy hosts... doesnt do crap with windows nt-style domains... but will with samba4
[17:42] <clusty> bobg, i found a lot of howto's that tell you how to install both smb and posix
[17:42] <Guest26989> I the gateway is 24.249.166.129 and my range is 138/142
[17:43] <Guest26989> I only have 5 static ips. Netmask is 255.255.255.240
[17:43] <Sam-I-Am> the openldap server guide tells you how to do posix and samba
[17:45] <bobg> Guest26989: /30 indicates 4 ip adresses, of which 2 of them are usable.  /29 indicates 8 ip addresses of which 6 are usable
[17:46] <Guest26989> My usable addresses according to cox communications is 138 - 142.
[17:47] <Guest26989> Does my configuration say I have 6 usable
[17:48] <Guest26989> The broadcast according to cox is 24.249.166.143
[17:48] <bobg> Guest26989: 138 does not fall on an even  boundary  -- does the config option support a syntax to list a set of ips individually? without doing a range syntax
[17:49] <Guest26989> bobg Let me look
[17:49] <bobg> yes, 24.249.166.143 can be a braoadcast address (its on the right boundary)
[17:50] <Guest26989> _bobg This is the line in my postfix main.cf
[17:50] <Guest26989> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
[17:50] <Guest26989> I am a noobie to linux and trying hard to learn it.
[17:50] <bobg> 24.249.166.140/30 is a 4 ip address block (two useable) with that broadcast IP) and 24.249.166.136/29 is a 8 ip block (6 usable) with that broadcast IP)
[17:51] <Guest26989> _bobg Thanks much, I will try that one.
[17:51] <bobg> the reason the 'usable' is always two less is that the first ip is the (sub)network address and the last is the broadcast address
[17:51] <bobg> Guest26989: glad I could help - good luck
[17:52] <Guest26989> Thank you very much.
[18:42] <kboi> hello channel
[18:50] <uvirtbot> New bug: #422138 in apache2 (main) "Slow memory leak, seen on two machines, appears to be dupe of 224945 even after -updates" [Undecided,New] https://launchpad.net/bugs/422138
=== kirkland` is now known as kirkland
[21:56] <ScottK> mathiaz: Someone from the server team might want to talk with the Full Circle magazine people.  I understand their latest edition has a nice story on using webmin on Ubuntu.
[21:56] <mathiaz> ScottK: hm - good point.
[21:56] <Nafallo> o\
[22:06] <Sam-I-Am> i havent seen this on karmic server yet, but have any of you guys gotten really weird errors from su and sudo on desktop karmic?
[22:06] <Sam-I-Am> like... they're unusable
[22:06] <Sam-I-Am> looks like something is getting in the way near the kernel level... almost like apparmor, but i already ditched that
[22:07] <Sam-I-Am> errors like... setgid operation not permitted
[22:08] <ScottK> Sam-I-Am: Sounds like policykit integration and it's not relevant to -server.
[22:08] <Sam-I-Am> hmmm
[22:09] <Sam-I-Am> could be... thats a new one to me
[22:09] <Sam-I-Am> why do people insist on using this crap
[22:09] <Sam-I-Am> its more irritating than anything
[22:09] <Sam-I-Am> like apparmor
[22:14] <kees> Sam-I-Am: what are the errors?
[22:14] <Sam-I-Am> sudo says "setreuid(ROOT_UID, user_uid): Operation not permitted"
[22:14] <Sam-I-Am> su says "setgid: Operation not permitted"
[22:15] <Sam-I-Am> which is even before theyd get to their usual error messages if i wasnt in sudoers or didnt know the root password
[22:15] <VirtualDisaster> ScottK, i dont like webmin tbch
[22:15] <VirtualDisaster> needs to be redone from scratch
[22:15] <VirtualDisaster> more simpler
[22:15] <ScottK> VirtualDisaster: As a team we don't think much of it here.
[22:15] <VirtualDisaster> oic
[22:16] <VirtualDisaster> i really feel someone (maybe me) needs to make a SIMPLER web management UI
[22:16] <VirtualDisaster> like advanced items that require CLI need to be done via CLI
[22:16] <VirtualDisaster> stop trying to hide the OS from the admin/user
[22:16] <VirtualDisaster> ppl need to be aware of what they are using/doing/etc
[22:16] <VirtualDisaster> and be familiar w/ the required tasks
[22:17] <VirtualDisaster> too much "slap ohhh shiney" on it
[22:17] <VirtualDisaster> is what it seems to be today
[22:17] <VirtualDisaster> p*sses me off when I show client Ubuntu and their like "Windows 7 has that too"
[22:17] <VirtualDisaster> well guess what we had it before they did ...!!!!!