/srv/irclogs.ubuntu.com/2009/09/10/#ubuntu-server.txt

=== monteith is now known as monteith_afk
KillMeNowLMAO guntbert00:07
JanCguntbert: well, do you also have a slogan for understanding ternary logic?  ;)00:08
KillMeNowJanC:  isn't that the logic that got us in the economic mess?  hehehehe00:10
JanCstart at http://en.wikipedia.org/wiki/Ternary_computer if you wanna read about it00:10
mdzsmoser, ping00:11
=== erichammond1 is now known as erichammond
uvirtbotNew bug: #404394 in kvm (universe) "qcow2 corruption regression" [Undecided,New] https://launchpad.net/bugs/40439400:25
uvirtbotNew bug: #427075 in php5 (main) "libphp5.so segmentation fault - apache2+mediawiki" [Undecided,New] https://launchpad.net/bugs/42707500:29
smosermdz, here now00:29
Techtronichello , i cant login to nagios ...  PAM: user 'nagiosadmin' - not authenticated: Authentication failure .....00:43
Techtronicwhat i do wrong ? :/00:44
KillMeNowhttp://www.linuxquestions.org/questions/linux-software-2/lost-nagios-admin-password...-help-695402/#post339924000:45
KillMeNowthat shows how to reset the nagios admin user password00:46
Techtronici know pasword00:46
Techtronicnot helped this link00:48
TechtronicPAM authenticate failure :/01:03
Techtronicneed disable mod_auth_pam.c01:04
KillMeNowhttp://ubuntuforums.org/archive/index.php/t-275996.html01:04
KillMeNowgoogle Techtronic01:04
TechtronicKillMeNow thanks you saved my night :D01:08
mm_202Can someone please assist me with an apparmor issue?01:14
mm_202Im trying to start mysqld and I get this lovely error: 090909 20:12:42  InnoDB: Operating system error number 13 in a file operation.01:14
mm_202InnoDB: The error means mysqld does not have the access rights to the directory.01:14
KillMeNowhere is the best assistance i could give you mm:  toss apparmor01:15
mm_202KillMeNow: yes, I fscking hate it.  But the ONLY reason I am reluctant is that it is a public server..01:17
mm_202My first box that isnt behind a firewall01:17
mm_202But I guess if someone gets shell access Im screwed anyways01:17
mm_202How many people here run servers (ubuntu of course) without a firewall?01:18
KillMeNowi have a public facing Ubuntu box, but it's all IPTabled up01:20
KillMeNowand i don't use apparmor01:20
KillMeNowi tried to get it to work, but it's a big stinking pile of poo01:20
KillMeNowaltho i've heard it's easier than SElinux01:21
mm_202Yeah, my ubuntu servers at home, I killed apparmor on them as well01:21
KillMeNowas long as you stay up on your patching and don't run anything that could cause you problems like IRC or something01:22
KillMeNowor if you do i suppose you could run it in a jail01:22
mm_202Yep, remove apparmor and works great now =)01:23
KillMeNowbig pile of stinking poo01:26
KillMeNowi think that's what i called it...  yea..01:26
oh_noesis it possible to remount / as ro from recovery02:53
oh_noesor do i have to boot a live CD?02:53
twboh_noes: sudo mount -o ro,remount /03:05
twbTIAS03:05
qman__I haven't run into any problems with apparmor, but it's worlds better than selinux03:22
qman__since with apparmor, if you're having an issue, you can just remove one profile that's causing it03:22
qman__with selinux you have to disable it altogether, or find and fix the problem03:23
qman__and the error messages aren't very friendly03:23
oh_noestwb: doesnt work ... even after booting into recovery mode it says Device is busy03:23
oh_noesand 'mount' shows . mounted as full rw03:24
oh_noeswhich is where im confused03:24
qman__apparmor is also a pretty nice alternative approach to jailing services03:24
twbqman__: I would trust a jail more...03:24
twboh_noes: dunno, then, sorry.03:25
error404notfoundwhats wrong with this cron: "10 4    * * *           freshclam; clamscan --bell -r --detect-pua=yes --max-dir-recursion=40 --log=/var/log/clamav/$(date +%b%d%Y%H%M%S).log -i /", it says: /bin/sh: Syntax error: end of file unexpected (expecting ")")05:40
=== dendrobates_ is now known as dendrobates
qman__error404notfound, there's no user listed for the job to run as05:42
error404notfoundqman__, no, thats not needed, all crons in root's crontab run without user05:43
error404notfoundthere is something else05:43
error404notfoundwithout user mentioned explicitly*05:43
qman__I use cron.d and friends, not root's crontab05:43
qman__makes management easier05:43
error404notfoundi use one crontab :D05:43
foob12does anyone software based mp3 player that supports socks 5 proxy client funtion05:44
maxagazhi05:45
qman__error404notfound, I think I see it05:45
qman__--log=/var/log/clamav/$(date +%b%d%Y%H%M%S).log05:45
qman__because of that space, you need quotes05:46
qman__though I don't know where you need them05:46
qman__also, escaping that space may work05:46
error404notfoundhmmm, lemme check05:47
qman__I thought that should have worked the way you have it05:48
qman__but since it's in --log=, it may not apply normally05:48
qman__that's the only place a missing ) makes sense05:48
qman__I also don't know if dash supports the $() syntax, though I don't see why it shouldn't05:49
=== erichammond1 is now known as erichammond
error404notfoundqman__, even tried date \+... , still same error05:56
error404notfound\ before space05:56
qman__I don't see any notes regarding $() in dash05:59
qman__try using backticks just to see if it's the same error05:59
qman__also, any particular reason you're scanning /?06:03
qman__it's really not necessary, you only need to scan your file shares06:04
twbfoob12: mplayer probably06:04
error404notfoundqman__, i also tried `` and got: /bin/sh: Syntax error: EOF in backquote substitution , and i am scanning because a stupid user uploaded some stuff while i wasnt not around its infected, so just to be safe than sorry i wnat to scan whole "/"06:05
error404notfoundqman__, even if i scan file shares, home dirs, the error in the cron is still there, right?06:05
qman__yes06:06
jmarsdenerror404notfound: man 5 crontab and then escape all the % signs with \ or else cron will turn them into newlines :)06:06
error404notfoundjmarsden, aaaahhhhh :D lemme see06:07
qman__that would do it06:07
error404notfoundand any comments on http://ubuntuforums.org/showthread.php?t=1262527 ?06:09
qman__the keys were copied wrong06:10
qman__it's failing when attempting to parse06:11
jmarsdenerror404notfound: Looks like you put a GPG key in a config file, or something along those lines?06:11
qman__ssh hosts files have just the key, on one line06:11
qman__no ----BEGIN or anything06:11
error404notfoundjmarsden, i removed the config file altogether.06:11
qman__one key per line06:11
jmarsdenerror404notfound: pastebin the output of ls ~/.ssh ; file ~/.ssh/*     so we can see what the files in there are?06:13
error404notfoundokies06:13
error404notfoundqman__, jmarsden,  http://pastebin.ca/156076606:15
qman__waiting for pastebin.ca...06:16
jmarsdenHmm, my browser is having trouble getting a response from pastebin.ca... trying again...06:17
error404notfoundqman__, jmarsden, http://pastebin.com/m3e38d07506:18
qman__sure have a lot of files there06:19
qman__I've only got known hosts files06:19
error404notfound:D06:19
error404notfoundi work in too many places and dont wanna use same keys for more than one office06:19
qman__good plan06:19
jmarsdenYow, there is way too much junk in there to debug.  For testing, can you tar that lot up, save the tarball somewhere safe, then delete all the files from ~/.ssh/ except known_hosts and *one* pair of keys?06:21
jmarsdenProbably id_rsa and id_rsa.pub would be the logical ones to keep06:22
error404notfoundthat's a 100% chance that would fix the issue06:23
error404notfoundthats*06:23
jmarsdenOK, so do it and then we can slowly add stuff back until we find the problem.06:23
jmarsdenThis is called troubleshooting :)06:23
error404notfoundissue fixed...06:24
error404notfound:D06:24
error404notfoundjmarsden, i am too lazy to do this alone, so stick with me, i am sooooooo lonely :P :D06:24
jmarsdenOK, add back new_id_rsa and new_id_rsa.pub and retest06:25
error404notfoundjmarsden, doing it :D06:25
jmarsdenAs in, now you have the error?06:26
jmarsdenOr as in, now you are testing?06:27
error404notfoundmisc* is causing the problem06:27
error404notfoundeven renaming them doesn't solve the problem, and they are valid ssh keys as i cat them06:28
twbNone of those keys will be used unless you have code in .ssh/config or /etc/ssh/ssh_config telling it to.06:30
error404notfoundokay, this is strange, for one host the misc ones give rise to the error, for other hosts its a different pair, strange..06:30
error404notfoundi dont have a ~/.ssh/config and i havent specific anything in ssh_config, lemme pastebin06:31
error404notfoundhttp://pastebin.com/m45eb218406:32
jmarsdenLooks pretty boring to me... nothing in there about using the other keys.  So you have been doing ssh -i whatever    all over the place to get it to use the special keypairs?06:35
error404notfoundjmarsden, i have aliases :P06:43
jmarsdenOK.   I'm doing some testing here... Apparently, if you have lots of keypairs in ~/.ssh, the default is to try all of them... ?  I just did      for i in `seq 1 50` ; do ssh-keygen -f junk$i ; done      and so generated 50 junk keypairs (held down the enter key for all the password prompts).06:44
jmarsdenI have a feeling there was a bug report about this and how to fix it somewhere in Launchpad...06:45
jmarsdenMost likely you can just specify the key for each host in ~/.ssh/config so it only presents one, not all of them?06:46
error404notfoundjmarsden, yup, it tries one by one all keypairs, and thats not what i want, for hosts i dont use "-i" i want it to go to password authentication directly06:46
jmarsdenWell, you should probably set up ~/.ssh/config to tell it that, or something close to that, then.06:47
error404notfoundjmarsden, yes, but for LAN machines, i use passwords, not keys, here at this office i have a 70 node LAN, 5server, for servers=keys, for other = passwords06:47
jmarsdenIf you just put Host * IdentifyFile id_rsa  Host server1 IdentityFile whatever_rsa  and so forth lines in ~/.ssh/config it should work fine.06:48
jmarsdenNo need for the -i nonsense if you configure SSH right :)06:49
jmarsdenThat should be    IdentityFile id_rsa   in there, not IdentifyFile, weird typo06:50
jmarsdenSee https://bugs.launchpad.net/bugs/374427 for a similar kind of issue.06:52
uvirtbotLaunchpad bug 374427 in openssh "doesn't accept multiple keys in id_rsa" [Undecided,Invalid]06:52
error404notfoundjmarsden, okay, what if i want to use same key for multiple hosts? will i need multiple hosts blocks? thats redudant and i will have to add say 30,40 entries :(06:52
jmarsdenI'm not sure, I think as long as you have a Host *  IdentityFile id_rsa in there as a default you can override that with -i if you really want to and like it :)06:54
jmarsdenBut IMO 30 or 40 aliases are at least as bad as 30 or 40 lines in a config file :)06:54
jmarsdenAnd BTW, why do you need 30 or 40 keypairs anyway?06:54
error404notfoundjmarsden, i use one key for 5 servers at this place, one for 8 servers at another, 1 for 3 servers at home and my vps, and etc,06:54
error404notfoundjmarsden, not 30,40 keypairs, 30,40 hosts with which i use keys06:55
jmarsdenI don't know if you can do Host *.somedomain.com in ~/ssh/config, you'd have to experiment.06:55
error404notfoundSay host A and B uses id_rsa, and host C and D id_rsa, would i need 4 hosts blocks?06:55
error404notfoundjmarsden, i can do that.06:55
jmarsdenLooks like you can.  man ssh_config and search for the section titled PATTERNS06:56
k2enhi06:58
k2eni'm running hardy as a file server for about 30 clients , both XP and Ubuntu. It was running fine until a few days ago , now it takes the clients a long time to connect and browse the server.06:59
k2enbut i ran top on the server and nothing seem to slow it down07:00
twbk2en: did you try reading the log files?07:00
k2entwb, which log files should i check specifically ?07:01
twbk2en: /var/log/*07:01
twbk2en: I don't know, specifically.07:01
twbThough for "network is slow" I would often resort to a simple packet sniff, to find out where in the connection the slowness occurs.07:01
k2entwb,  ok what do i need for that? etherape?07:02
twbI normally use tshark (wireshark) or tcpdump.07:02
twbPrimarily because with those I can dump a .pcap file and then analyse it later/elsewhere07:03
jmarsdenk2en: Whatever sniffer you already know how to use.  tcpdump, wireshark, use whatever works for you :)  BTW for "connect and browse", I'd be checking samba log files too... and wondering about DNS/browse master type issues.07:03
twbjmarsden: ooh, good idea re DNS07:03
k2enjmarsden, why should i check DNS?07:03
twbhard-binding name services routinely fuck me w.r.t. that kind of symptom07:03
* twb glares at LDAP07:04
jmarsdenbecause if hosts can't resolve the server name using DNS they may time out and then retry using NETBIOS or whatever... and that all wastes time...07:04
k2enjmarsden, i see.that would be a cleint problem then , no?07:05
jmarsdenNot necessarily.  Maybe your DNS server died?  or your winbindd is doing something bad?  or whatever...  Did anything change regarding DNS or the ISP you use or whatever that could be related to this07:05
k2enjmarsden, no, i'm using different DNS for different boxes, but the problem is with all clients07:06
jmarsdenk2en: Basically, when "connect and browse" is slow, name resolution is a VERY common culprit, so I would suggest you test it instead of telling me it can't possibly be broken.  Just from experience :)07:07
k2enjmarsden, sure07:07
k2enjmarsden, how do i check that on the client?/07:08
jmarsdenUse nslookup07:08
jmarsdenCheck using ipconfig /all that the XP client is using the DNS server(s) you think it is, too.07:08
jmarsdenCheck that the hosts file in C:\WINDOWS\system32\drivers\etc is sane, if you thing someone or something might have messed with that.07:09
k2enjmarsden, ok, thanks07:09
k2enthe reason i thought its a server problem is that suddently all clients reported a slow down07:10
k2enbut i will check the DNS and hists07:10
k2enhosts07:10
k2enalso samba logs07:10
jmarsdenSounds like a network problem of some sort, but may not be the actual SMB service that is the culprit.07:10
jmarsdenI've seen networks go nuts when someone plugs in a Cat5 patch cable ... both ends of it into the same switch :/07:11
k2enjmarsden, `since my server has a fixed IP ,can i set the client to go directly to IP without a need for DNS?07:12
jmarsdenYou can, but that's not really a good idea except for testing.07:12
k2eni'm pretty sure the ubuntu clients do that07:13
jmarsdenWhy, if you have (or *had*) working DNS on this network?07:13
k2enjmarsden, going to checkthe logs, thanks for info, killing the gui now07:14
jmarsdenOK... BTW, Ubuntu server's do not have a GUI07:14
=== imchrislabeard is now known as artillerytx
artillerytxis there a text based aim client for ubuntu ?07:15
henkjanartillerytx: irssi + bitlbee07:18
artillerytxhenkjan: is that better than centericq?07:18
henkjanartillerytx: i've never used centericq.07:25
artillerytxk cool07:25
henkjanartillerytx: irssi is een irc client and bitblee a gateway to jabber/msn/aim/icq07:25
artillerytxi've used irssi07:25
artillerytxdidn't know it has like extensions07:26
jmarsdenartillerytx: bitlbee is not irssi specific, it is a gateway so any IRC client can talk to other kinds of messaging servers.07:32
uvirtbotNew bug: #427190 in php5 (main) "php pages on localhost try to download instead of render in firefox most of the time" [Undecided,Incomplete] https://launchpad.net/bugs/42719007:55
sorenmdeslaur: lp:~soren/+junk/pyotp07:56
twbDid I see something recently about infrastructure to install an arbitrary i386 .deb into an amd64 system (i.e. a biarch workaround)?08:17
twbCan it be generalized into unpacking debs from one arbitrary arch into another arbitrary arch?  (Running the postinst is not necessary.)  Plan B is to try dpkg -x.08:17
mushroomblueno.08:24
mushroombluewell, maybe.08:25
mushroombluethe reason it works with x86/x64 is because of a binary compatibility library that AMD released08:25
mushroomblueI suppose something could be done for other archs, provided someone's written the glue.08:26
mushroomblueotherwise, no.08:26
mushroomblueit's a shame the crusoe didn't take off; it might've brought this sorta thing automatically.08:27
twbmushroomblue: I intend to combine it with qemu's CPU emulators08:33
twbIn the imaginary scenario where my I won't be distracted from this goal by the end of the day08:34
k1enhi, can anyone take a look at my samba log, i'm running a file server and recently clients have been complaining about a slow down08:46
k1enhttp://pastebin.ubuntu.com/268431/08:47
k1enthe main error is " getpeername failed. Error was Transport endpoint is not connected"08:47
jmarsdenk1en: There is a somewhat inconclusive thread at http://lists.samba.org/archive/samba/2005-April/thread.html#104000 which might be relevant?08:54
k1eni'll try "smb ports = 445"08:56
k1enanother error i get is : "call_trans2qfsinfo: not an allowed info level (0x102) on IPC$"08:56
k1eni read here that an ugrade might solve it : http://forums.opensuse.org/network-internet/391249-samba-problem-after-upgrade-opensuse-11-a.html#post184734908:57
k1eni havent updated my server in months so i'll try it08:58
=== Ng_ is now known as Ng
acalvoHi09:36
acalvowhen using winbindd, if I want to use it from another server, I need to install the winbindd program to be able to "talk" to the winbindd server?09:36
cocoa117is there any NAS appliance available on ubuntu-server? i can just run11:56
twbcocoa117: you want to buy a NAS unit that ships with Ubuntu pre-installed?12:00
cocoa117twb, no, i have old machine lying around, want to put ubuntu on it with NAS software (Samba, web management, NFS...)12:03
cocoa117don't like the NAS hardware, it have limited features12:03
twbIME all web management blows.12:03
twbTheoretically ebox is supported, but I wasn't impressed.12:04
cocoa117so the best still ssh then12:05
mdeslaursoren: wow...that is...incredibly simple. cool!13:01
apwkirkland, seems our virutal kernel requires one of grub or lilo to be installed, we are wondering if there is any reason that we cannot also allow grub2 to be an option as we do for all the otehr kernel images13:25
smosersoren, ping13:47
smosergood morning erichammond13:47
erichammondsmoser: 'lo13:47
kirklandapw: i don't know of any reason why not13:50
apwi was pointed a zul, what timezone is he in13:50
apwor are you happy to be definiative on that one13:50
* apw can't see any reason either13:50
apwkirkland, ^^13:51
smosererichammond, i think you answered the question, but just to be sure, you're not aware of anyway to generate a manifest that [re]uses another's "<parts count='15'>"13:51
kirklandapw: zul is in ottawa13:51
kirklandapw: one hour ahead of me13:52
smoserit really seems that this shoudl be acheivable, especially given the existance of euca2ools that generate them13:52
kirklandsoren: smoser, can grub2 be used in the ec2 kernel?13:52
apwthe ec2 kernel is different again, this is -virtual13:53
smoserkirkland, no13:53
smoserec2 doesn't use a bootloader13:53
smosererr, rather they use xen dom0 as the bootloader13:53
apwi am a little confused that it would care at all that you have or do not have a bootloader13:53
erichammondsmoser: I haven't tried tweaking manifests.  I just use the ec2 AMI tools.13:53
smosererichammond, i've tried hacking at the manifest unsuccessfully... but i didn't re-do any of the crypto stuff, so likely the output of mine didn't validate.13:54
apwi would expect that all the normal consumers of -virtual don't need one at all, and its making sure its installed in the host, so ... its not obvious that it should care at all, ie. any should be ok13:54
smoserapw, kirkland, i'm missing something here.13:55
erichammondsmoser: ... Yep, I was about to make a comment about the encryption/signing.  You'd need to use Amazon's public key which I suppose is buried in the compiled Java code.13:55
smosererichammond, well somewhere/somewhow euca2ools can do it13:55
apwthe kernel flavour -virtual has an install depenancy on a bootloader, it requires grub or lilo to be installed when it installed13:55
smoserah.13:56
smoseri'd say *maybe*.13:56
apwwe want to add grub-pc (grub2) to that list.  as far as i understand the use model you install it in the host anyhow13:56
smoserthe user of -virtual could be13:56
smosera.) someone using it on bare metal13:56
smoserb.) someone using it in xen domU13:56
erichammondsmoser: It shouldn't be that difficult to simply recreate the image (ec2-unbundle) and rebundle it (ec2-bundle-image)13:56
smoserc.) someone using it in kvm domU booting a disk/bootloader13:56
smoserd.) someone using int in kvm domU booting with 'kvm -kernel/-initrd'13:57
smoserfor a and c above, you need a bootloader13:57
smosererichammond, correct. thats easy.13:57
apwsmoser, but any bootloader is acceptable, so adding grub2 seems reasonable.  yes?13:57
smoserbut then it you have to use a different prefix (or rename the image) to avoid collision on upload to s313:58
smoserapw, i would think so, yes.  i have no knowledge or reason to believe that grub2 does not work in kvm guest.13:58
apwso that sounds like general 'its not mad, lets go for it' all round then13:58
smosererichammond, my goal in 'hacking' it was to use the same <part> pieces, and thus be obvious that "this is the same AMI but with changed kernel/ramdisk"13:59
smoseri think that would be less obvious with rename13:59
erichammondsmoser: Nobody but the image creator can look at the contents of the manifest.14:00
smoseri wondered how publi that would be. i think i'm old on just re-bundling14:01
smosers/publi/public/14:02
erichammondsmoser: I think anybody who cares to the level you are describing can simply run the old AMI with the new AKI+ARI.14:02
smoseryeah. i think maybe i'm being overly concerned.14:02
smoseri just know that lots of people don't like changing anything once their app is working.14:02
erichammondsmoser: Yep, I know some of those.  They're still running Gutsy on EC2.14:03
smoserand such a change in the ami that its built on would possibly force another round of test14:03
smoserif they could be convinced that the disk contents were identical, but with different kernel, maybe they'd waive those.14:03
erichammondThere's no way for anybody but the creator to know what the AMI contents are or to know that they are the same as any other AMI contents.14:04
erichammondIt's 6am here. I need to grab some sleep.14:05
smosererichammond, good night. thanks.14:06
smoseri'm changing the doc to say we'll rebundle14:06
zulmorning14:12
zulsmoser: i was thinking last night that you might want upload a test image with the kernel modules from the ppa so people can test what they would normally do with an ec2 miage14:17
smoserzul, test image with kernel  modules?14:25
smoseri want to get something together today and send out a request for testing. something that wethink would work.14:26
smoserit would be more useful if "very very soon" was defined with an actual time (as per launchpad's "Launchpad will be going offline for maintenance very very soon." message)14:39
shyam_k`as i connect to my home router(&modem), i can ping to my router but can't access ping an external site.. i can telnet to my home router(&modem that the isp gave me) and can see that it can ping external sites. What can be the problem?14:40
shyam_k`where will be the problem? can it be with the router, or the laptop, or even the isp's external node?14:41
shyam_k`the laptop can ping the router. so i donno if it requires any more than that to get internet that the router has..14:43
shyam_k`ah i forgot to say that under such a situtation,.if i reboot the router and reconnect the lap with router, everything works fine14:44
zul_bah..my internet connection is sucking today14:49
=== zul_ is now known as zul
shyam_k`zul: mine too:(14:50
sorenmdeslaur: I almost finished a C implementation as well, but eventually had to slepe.14:53
sorenmdeslaur: sleep, even.14:53
sorensmoser: You pang, sir?14:54
smosersi14:54
smosera couple things, soren14:55
=== monteith_afk is now known as monteith
smosera.) i think i give up on the 're-use image parts' (aka hack a manifest with newer aki/ari)14:55
smoser at least for the moment it doesn't seem to give much benefit14:55
sorensmoser: Alright.14:56
smoserabove, erichammond pointed out that no one othe rthan the author can see the manifest14:56
sorensmoser: By default, yeah.14:56
smoserso it doesn't help "prove" anything or give stronger indication than a promise that the disk image didn't change14:56
smoseri didn't know if there were possibly some keys there or something that you wouldn't want to share it.14:56
smoserbut anyway, i'm not going to bother chasing that right now14:57
sorensmoser: Alright.14:57
mdeslaursoren: now we need to convince someone to buy us some tokens :P14:57
kirklandsoren: is vmbuilder in LP functional yet?14:57
sorenkirkland: Nope, sorry.14:57
smoser(wouldn't hvae thought there were keys, but there are things like 'user_encrypted_key' in the xml14:57
sorenkirkland: Haven't gotten far on my todo list today at all, really.14:57
sorenkirkland: My dentist appointment involved a lot of waiting :(14:58
smoserb.) had you investigated acutally packaging the ec2 kernel builds such that 'apt-get install linux-image-$(uname -r)' would work to get modules for your kernle ?14:58
smoseri think that doing that would give more consistent usage with the rest of ubuntu, even with building private kernel modules (using linux-headers, config and such)14:58
sorensmoser: Not really. I did most of my thinking on the subject back when there were no network drivers in the default kernels, so apt-get was out of the question.14:59
smoseri think we'd still want the initrd to house the network drivers14:59
smoserso they'd be duplicated15:00
sorensmoser: There's also the problem of ABI bumps.15:00
smoserwhat problem ?15:00
sorensmoser: Usually, we nuke packages with the old ABI when there's a new one.15:00
sorensmoser: ...which would render the instances using older kernels less functional.15:00
smoserreally. i was unaware that we took such rude stance on that.15:00
sorensmoser: ...since they can't install their modules anymore.15:01
smoserit definitely would be a show stopper.15:01
kirklandsoren: what can I do to make vmbuilder functional?15:01
sorenkirkland: Install grub1.15:01
sorenkirkland: Or wait >(15:01
kirklandsoren: is there assistance i can offer on vmbuilder?15:01
sorenEr...15:01
* soren switches keyboard layout..15:01
sorenThere. >) should have been :)15:02
kirkland>) looks like a wincing smile15:02
sorenkirkland: I don't think your time would be very well spent trying to work things out in VMBuilder. that part of it is qite  opaque.15:03
smosersoren, so, i still think that we should try to get 'apt-get install linux-image-$(uname -r)' to work inside a ec2 instance15:03
smoserto deal with the deletion of old packages, we should make sure "reasonable" modules are loaded in the initrd (or copied through to the guest).15:04
sorensmoser: You should ask the archive admins, really. It's their decision whether they're willing to keep the binary packages around forever.15:04
smoserbut if we're telling people elsewhere "you really shouldn't use these kernels" then we should be sending that message on amazon too15:04
sorensmoser: I don't think that's good enough.15:04
smosersoren, why not ? as it is right now, there is some limited list of modules that you get. if you want more your on your own15:05
sorensmoser: It will mean that stuff that used to work could suddenly cease to work without any hint or warning.15:05
sorensmoser: Ok, you lost me.15:05
smoserhow is that different from my server system ?15:05
sorensmoser: You server system has the modules *on disk*.15:05
sorensmoser: Restarting it will not remove them.15:05
smoseryes, but maybe it doesn't have linux-headers (so i can't build a module)15:06
smoserand i'm unable to get that for my system now because someone deleted them from the archive for me15:06
sorensmoser: If you haven't built it, you're not using it, and are not dependent on it.15:06
sorensmoser: On EC2, you may have been using the modules happily for a long time, along comes and ABI bump, and your modules go missing.15:06
smosermy documentation on how to do somehing "used to work" and now doesnt15:06
smoser(the something above is 'build a kernel module')15:07
sorenEC2 is really just very different here. It's *designed* to have people start up instances and blow them away *all* the time.15:07
smosermaybe i've scripted all that, so its magic (as the kernel-module packages do ... like kqemu or vmware ... )15:07
sorenAnd if you install a new system in the real world, you'll be using a new kernel.15:08
sorenOn EC2 you don't have the liberty to just go and upgade your kernel like you do on your other systems.15:08
sorenupgrade, even.15:08
smoseri agree that its somewhat different, but not completely.15:09
sorenIn short, there's nothing on your server system that will break that apt-get can't fix.15:09
sorenThere will be on EC2 if the modules package goes missing due to an ABI bump.15:09
smoseryour argument is that you're "helping" users by allowing them to make full use of kernel's we've deleted for security reasons15:09
sorensmoser: Or other reasons.15:10
smoserit seems like we're being less proactive in removal/deprecation of old kernel versions on ec2 than we are elsewhere15:10
kirklandsoren: okay, how do i force it to install grub1?15:10
sorenkirkland: On your *host*.15:11
kirklandsoren: oh, really ...  hmmf15:11
sorensmoser: We don't forcibly remove people's kernels on "regular" systems.15:11
sorensmoser: ...or the modules corresponding to old kernels.15:12
smoserbut they are not able to do anything *new* with that old kernel (like build a new driver/filesystem for it) if they had not previously installed all $(uname -r) packages15:13
sorenNo, but they can just upgrade!15:14
sorenthat's the point.15:14
sorenA quick apt-get, and they're done.15:14
nimrod0!help15:15
ubottuPlease don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)15:15
nimrod0!snmp15:15
ubottuSorry, I don't know anything about snmp15:15
nimrod0!snmpd15:15
ubottuSorry, I don't know anything about snmpd15:15
nimrod0is there any good ubuntu tutorial for snmp and mibs ?15:15
smosersoren, a quick switch of ami would make the ec2 user 'done', no ?15:16
sorensmoser: It's really not necessarily that quick.15:16
sorensmoser: He may have rebundled or whatever.15:16
kirklandsoren: i should be able to run vmbuilder from within a vm (assuming it has enough disk space), right?15:17
sorenkirkland: Sure.15:17
smoserin the re-bundle case, i agree. but then they could have easily installed those modules before rebundling15:17
sorensmoser: True.15:17
smoserthe only thing i have against the ec2 kernel update proposal (of stuffing all modules into initramdisk and then copying that to /) is that it is not consistent with the way ubuntu works other places.15:19
smoseri'd suggest that we take that approach for kernel modules that we expect are highly likely to be used15:19
smoserand for others, provide the package to get the rest, and document that those might go away15:20
smosersoren, one other question i have on that... why not just 'modprobe' all the modules that were in the initrd as opposed to copying them to /lib/modules/$(uname -r)15:21
smoserother than memory usage, it'd seem the same (and if you were concerned about that, the user could remove any modules they didn't need)15:21
sorensmoser: Hmm... I guess that could work.15:22
smoserit just feels to me that the less different 'ubuntu-on-ec2' is, the better15:22
smoserdifferent than ubuntu-on-otherstuff15:23
sorenCertainly15:23
smoseri was unaware of our stance on deleting things from the archive until yesterday. it just feels rude to me.15:24
smoseri guess you could presumably build from source15:25
sorensmoser: We never delete stuff that was in he archive at release time.15:25
sorensmoser: -updates and -security (and -proposed) are different, though.15:25
smoserright.15:25
sorenAs to making ubuntu-on-ec2 as much like ubuntu-on-everything-else as possible, I'm not completely sure whether having a boatload of modules installed at boot time that are nowhere to be found on the filesystem is more like everything else than an approach that, after ec2-init has done its magic, leaves a filesystem with modules ready to be loaded, just like everywhere else.15:28
sorenI think I could be convinced either way at this point.15:29
smoserfair15:29
smoseri think from a documentation perspective, installing a linux-headers- and linux-image- package is nicely consistent15:29
smoseri really would like for that to "just work" as it does elsewhere.15:30
smoserhopefully existing files (copied from the initrd) to /lib/modules/$(uname -r) wouldn't cause install failure15:30
nimrod0anyone has a good guide to setup snmpd on ubuntu server as the default install generates just a handfull of values and no cpu or memory valuest15:30
nimrod0s/valuest/values15:31
sorensmoser: They won't.15:31
smoserthe 'for x in list-of-modules; do modprobe $x; done' just seemed easier than tmpfs and copying15:31
smoserand would "just work" without the root filesytsem doing anything15:32
smoser(if someone used our kernels/initrd for non-ubuntu ami)15:32
cocoa117is the stricky bit only work for other user? "chmod u=rwx,g=rwxt,o= test2" always give me drwxrwx---. i thought it supports to be drwxrwt---, anyone?15:43
sorencocoa117: replace your t with and s, and you should be good.15:44
sorencocoa117: what are you trying to achieve, exactly?15:44
uvirtbotNew bug: #427236 in eucalyptus (main) "high memory usage by CC" [Undecided,New] https://launchpad.net/bugs/42723615:46
cocoa117soren, so only owner can delete file, while others can still edit it15:48
genii!info eucalyptus15:48
ubottuPackage eucalyptus does not exist in jaunty15:48
geniiHm15:48
sorencocoa117: Then you still want o=t.15:56
sorencocoa117: g=s is something completely different15:56
cocoa117so it has to be chmod u=rwx,g=rwx,o=rwxt test215:56
cocoa117soren, so it has to be chmod u=rwx,g=rwx,o=rwxt test215:57
sorencocoa117: You don't need o=rwx15:58
sorencocoa117: o=t will do.15:58
cocoa117i c15:58
cocoa117soren, does that mean, other user can't read/write/execute the folder15:58
sorencocoa117: Yes.16:00
cocoa117soren, thanx16:00
sorencocoa117: I presume that's what you want given you tried o= to begin with.16:00
cocoa117soren, it is, only owner and group allow to access it16:01
mxzypltkVirtualD:  did you have a chance to load the latest e1000e module last night?16:10
smosererichammond, awake?16:43
thebishopi'm trying to install a telnetd server.  I can access it with "telnet localhost", but when i try to access from a remote server it doesn't connect.  I'm assuming this is a firewall issue, but i'm not sure.  Any ideas?16:48
* soren needs to go and buy food..16:49
twbI hope you have a good reason for installing an insecure service like telnet.16:50
blue-frogthebishop: you certainly need to do some PAT to redirect port 2316:53
thebishoptwb, unfortunately, i do :(16:54
thebishopblue-frog, do I need to redirect?  I just want to open 23 to the outside world16:54
blue-frogyour server is directly on the internet or behind a router?16:55
thebishopit seems to be open to itself16:55
hjmfthe-dude: wouldn't be better to use some kind of ssh tunnel to at least encrypt your telnet traffic16:55
hjmf?16:56
hjmfsorry I meant thebishop ^^16:56
blue-frogthebishop: as twb highlighted I assume that your are either trolling or looking for problems with your server16:56
thebishopit's neither.  I have a legit need for telnet.  I don't have a choice unfortunately, and I know it's a bad idea16:56
blue-frogthebishop: so do you have a router in between internet and your server?16:57
hjmfat least you can tunnel that traffic; it wouldn't be hard to do it16:57
thebishopblue-frog, it has a static ip on the internet.  it's a virtual server running from a web hosting service16:57
thebishopi'd like to get basic functionality working before i try to secure it16:58
blue-frogthebishop: then there is a good chance for your webhoster to refuse any connection to 2316:58
thebishopi've got a ridiculously irrational person breathing down my back about it16:58
thebishopblue-frog, that's an interesting suggestion16:58
thebishopblue-frog, maybe i can bind telnet to another port?16:59
blue-frogif you like to. use netcat16:59
thebishopwell, suppose it's not my host17:01
thebishopi don't have a lot of experience with iptables to diagnose if that's dropping port 23 packages17:01
thebishop*packets17:01
blue-frogthebishop: well.. better asking god than his saints, no?17:01
thebishopblue-frog, this host provides NO live support17:01
thebishopagain, not my decision...17:02
smoserkirkland, maybe you know.  i want to "file a bug against ec2 images" with this url http://bugs.launchpad... that will automatically tag the created bug with 'ec2-images'. is that possible ?17:08
kirklandsmoser: point me to a sample url of a tagged bug17:09
smoserhttps://bugs.launchpad.net/ubuntu-on-ec2/+bug/419306 is tagged with ec2-images and uec-images17:09
uvirtbotLaunchpad bug 419306 in python-boto "boto.utils.get_instance_userdata() hangs for a long time if no userdata is provided" [High,Fix released]17:09
kirklandsmoser: i tried a few things, unsuccessfully17:16
kirklandsmoser: ask in #launchpad17:16
smoseri did17:17
jjohansensmoser: bug #42728817:17
uvirtbotLaunchpad bug 427288 in linux "Karmic i386 EC2 kernel emulating unsupported memory accesses" [Undecided,New] https://launchpad.net/bugs/42728817:17
smoserthen tried you, as launhcpad superfly17:17
smoseri just found : https://bugs.launchpad.net/ubuntu/+filebug?field.tags=ec2-images works17:17
jjohansensmoser: there are 2 ways to deal with this apparently zul's kernel patch that disables xen from setting the cs segment and an alternate libc17:18
smoserjjohansen, you have thoughts ? i dont think we want alternate libc unless there is good/very-good reason17:20
jjohansensmoser: I am trying to asses which is the best route to go with, how objectionable is the alternate libc17:20
jjohansensmoser: the kernel patch essentially disables xen's ability to do segment based protection17:21
smoseri dont think we need to name call (assess)17:21
jjohansenso the kernel patch could be consider as a security issue17:22
smoserthis is so much fun17:23
jjohansenperhaps I should ping kees and get his take as well17:23
mathiazzul_: hi - re bug 42478917:23
uvirtbotLaunchpad bug 424789 in php5 "PHP random segfaults on session_start();" [Undecided,In progress] https://launchpad.net/bugs/42478917:23
mathiazzul_: you don't need to ask for a FFe if there aren't new features17:24
mathiazzul_: if the new upstream revision is just a bug fix release, then you can just upload it17:24
mathiazzul_: if there are new features, they should be documented in the FFe request17:24
RoyKhi. with ufw, can I reorder the rules without removing and re-adding them?17:24
RoyKthis is 8.04.3 LTS17:25
jdstrandRoyK: not via the cli command. later versions of ufw support 'insert' though (not 8.04)17:25
jdstrandRoyK: but you can edit /var/lib/ufw/*rules17:25
jdstrandRoyK: just be careful to move the whole stanze to the right spot17:26
RoyKperhaps time to update to something newer17:26
jdstrandstanza17:26
uvirtbotNew bug: #427141 in mysql-dfsg-5.0 (main) "mysql update does not install" [Medium,Incomplete] https://launchpad.net/bugs/42714117:26
jdstrandRoyK: well, later versions of ufw don't let you reorder then, but you can remove a rule and insert it somewhere else17:26
* jdstrand can't type17:26
jdstrands/reorder then/reorder them/17:27
RoyKjdstrand: I see17:27
RoyKstill, this is a private server, so keeping it on 8.04 isn't really that necessary17:27
jdstrandRoyK: take a look in /var/lib/ufw/user.rules-- it should be pretty straight forward17:27
jdstrandRoyK: back it up first just in case ;)17:27
RoyKjdstrand: is that just iptables stuff?17:27
addisonjhmm, curious about incremental backups, whats the best solution?17:28
jdstrandRoyK: iptables-restore syntax, yes17:28
jdstrandRoyK: with a little accounting via comments17:28
RoyKI see. I've been using iptables for years - I just fell back to ufw of good old laziness17:28
jdstrandRoyK: keep the comment and the rule together and it'll go fine17:28
jdstrandRoyK: laziness or 'smartness'? if ufw does what you need, use it! :)17:29
smoserjjohansen, it appears your kernels have interest beyond ubuntu. one of the users on that bug is using your kernel with fedora user space17:34
jjohansenheh, the more testing the better :)17:35
cocoa117if user belong to admin group, it have privilege to ignore the sticky bit set on the folder?17:38
qman__cocoa117, no, that just allows them to use sudo17:58
qman__if they use sudo, they can override a sticky bit17:58
cocoa117qman__, i found the problem, the folder belong to ower, if i change it to root, the user behaviour same as others17:59
cocoa117qman__, thanx for the help17:59
uvirtbotNew bug: #426968 in kvm (universe) "kvm qemu slow to start first time after boot" [Low,Incomplete] https://launchpad.net/bugs/42696818:38
uvirtbotNew bug: #293361 in samba (main) "not possible to browse or open cifs/smb files from netapp server" [Undecided,Incomplete] https://launchpad.net/bugs/29336118:39
Steve[work]afternoon everyone18:56
KillMeNowhowdy Steve18:56
modeller_wahkor1hello19:06
modeller_wahkor1I have some question abouut proxy.19:06
erichammondsmoser: Just got up; now I'll be offline for a few hours and then online but working.  I can't monitor all the chatter on this channel.  If there's any way you could discuss ec2 things on #ubuntu-ec2 I could keep up with it all and give feedback.19:07
szczymi have problem with no output from lsusb in interepid server - its been working 5 minutes ago19:11
erichammondsmoser, soren, mdz, zul, jjohansen: Remember that we're not just building kernels to work with the AMIs which Canonical builds.  These kernels must also work with Ubuntu AMIs that users build themselves.  It would also make Canonical a hero if the kernels happened to work well with other Linux distros (the current tester is using Fedora 11).  That last is obviously not a requirement, but if a simple decision makes it more possible w19:11
erichammondI saw some talk about copying kernel modules into / from initrd.  At first glance, seems like a cool idea.  I don't know the startup time impact, but remember that seconds count.19:13
smosererichammond, absolutely we want to support re-bundled ubuntu ami images.  and i think we don't want to do things that make other distro use of the kernel/initrds more difficult unless there is some good reason19:14
smosererichammond, startup time probably absolutely trivial19:14
smoseras copy from initrd to tmpfs is memory->memory of something on the order of small number of megabytes19:14
smoserand then in user space, that same copy but to / (whatever sda1 is backed by)19:15
sorensmoser: Well.. I have >100MB of modules on my system.19:15
sorensmoser: But still, copying 100 MB from memory to memory is cheap.19:16
smoseryeah... the -virtual kernel is significantly smaller, though. and thats what we'd be shooting for19:16
sorensmoser: Oh, right, right. My bad.19:16
smoseradditionally you could background the copy, its not terribly likely to fail. anything that needed it could block on waiting for a 'finished' file in /lib/modules/$(uname -r) or whatever. if it happened to be slow19:17
keesmathiaz: did you create the ubuntu-server meeting on The Fridge ?19:18
keesmathiaz: I'm trying to follow the instructions for the security team, but it doesn't show up19:18
erichammondsmoser: I'm not a fan of the background copy idea.  Kernel modules are often needed on boot and boot failures are difficult to debug on EC2.  Background copy could even make the boot failures sporadic based on timing.  Requiring users to wait would require educating users which has a high percentage of failure due to the impossibility of making users find and read documentation.19:21
erichammondgotta run19:21
mathiazkees: hm - a looong time ago19:21
keesmathiaz: I see it in the iCal, but it doesn't show up on the fridge web site19:22
erichammondIn case I haven't mentioned it yet, I am thrilled to see so much progress on the kernel lately. Thanks, folks.19:22
mathiazkees: are you following https://wiki.ubuntu.com/Fridge/Calendar ?19:22
keesyeah19:22
smoserwe'd modprobe modules needed to boot (at least on ubuntu images) from inside the initrd.19:22
keesexcept that I can't find "Check the box that says 'Guests can modify event' "19:22
keesoh nm, I found it.  it's checked19:23
slestakcan someone tell me the rationale for ubuntu including dnsmasq in the desktop package selection?19:26
slestaki mean there is no dnsmasq.conf, so i dont think it is doing anything as a dhcp or dns cache without having some sort of configuration19:27
giovanislestak: since when is it in the desktop metapackage?19:28
slestaki do not know, it is installed on every jaunty machine i have19:28
slestaki didnt install it, so it had to come in with the instal lmedia19:29
giovaniok, first -- #ubuntu is more appropriate19:29
giovanisince this isn't a server discussion19:29
giovanibut dnsmasq is in universe19:29
giovaniI didn't think universe was even enabled by default19:29
slestakgiovani: ok, sorry for being offtopic.  intersting.19:29
szczymaccording to my problem with no output from libusb i upgraded usbutils becouse of that: https://bugs.launchpad.net/ubuntu/+source/usbutils/+bug/159189 and still no output from lsusb, could some one help me please ?19:30
uvirtbotLaunchpad bug 159189 in usbutils "lsusb : Fix or remove -t option" [Low,Fix released]19:30
slestakgiovani: i came here since i considered the product a server oriented choice, I'll check elsewhere.  thx19:30
giovaniszczym: it's not a direct dependency of ubuntu-desktop19:30
keesdnsmasq has been in main since hardy19:31
giovanislestak: well ... but you're asking about the desktop metapackage, not about how to use dnsmasq19:31
giovanikees: no, it's in universe19:31
keesdnsmasq | 2.41-2ubuntu2.2 | hardy-security/main19:31
keesdnsmasq | 2.45-1ubuntu1.1 | intrepid-security/main19:31
keesdnsmasq | 2.47-3ubuntu0.1 | jaunty-security/main19:31
keesdnsmasq | 2.50-1          | karmic/main19:31
szczymgiovani: im running 8.10 server19:31
giovanihttp://packages.ubuntu.com/jaunty/dnsmasq19:31
giovaniit says universe there19:32
giovaniszczym: you said you were talking about the desktop metapackage ... not a server19:32
szczymgiovani: where i could found a fix for server version lsusb ?19:33
giovaniszczym: sorry, I didn't mean to direct that towards you -- you had a similar length name containing nearly random-looking characters starting with s as slestak19:33
keesgiovani: the binary package "dnsmasq" is in universe, yes.  dnsmasq-base is in main, so the source package "dnsmasq" is in main19:33
martinjh99Do I have to do anything else to enable mod_rewrite for things like gallery2 and drupal?  I did a2enmod mod_rewrite and restarted the server and nothing seems to work...19:33
keesgiovani: why it's installed, I'm not sure19:33
giovanikees: ok, that's not dnsmasq though19:33
giovanithat's dnsmasq-base19:33
keesgiovani: try apt-get remove dnsmasq and see what else it tries to remove?19:34
giovanikees: it's not my question/issue, direct it at slestak19:34
slestaki will try that, im the one obsessing over this19:34
keesslestak: heh, okay19:35
slestaki was about to install dnsmasq on a 9.04 machine, and saw that it was already present.  then i checked some of my other machines and it was installed (although not configured) everywhere19:35
szczymgiovani: ok, sorry, mistake. but do you have any clue about that lsusb issue ? where i could look for help ?19:35
martinjh99never mind - Found a forum post about it...19:35
giovaniszczym: no, I would've replied to your requests for help if I did19:35
szczymgiovani: sorry19:36
martinjh99Followed the instructions here for enabling mod_rewrite and restarted the sever and it hasn't seemed to work... Anyone know how to enable?19:41
martinjh99http://ubuntuforums.org/showthread.php?t=37741019:41
martinjh99anybody here ;)?19:47
smoserjdstrand, you know of a way to replace passwd entry in /etc/shadow with '!' (other than with awk or sed)... more looking for a 'chpasswd' like option that would just allow indication that this users password should be not set20:05
Hypnozyou can set their default shell to /bin/false in /etc/passwd20:06
jdstrandsmoser: would 'passwd -l' fit the bill?20:07
smoseri dont want to prevent login, only password based login, Hypnoz20:07
smoserthats what i need, jdstrand. thanks.20:07
Hypnozah good find20:07
smosera big 'duh' to me for not considering 'passwd'20:07
mushroomblueis there a way to make sudo ask for the root password?20:08
jdstrand:)20:08
jdstrandmushroomblue: rootpw20:08
mushroomblueI really hate having superusers by default.20:08
jdstrandmushroomblue: see 'man sudoers'20:08
smosermushroomblue, really only the first user is superuser, no? default adduser doesn't put the user in admin20:08
jdstrandmushroomblue: you'll of course need to actually set a password for the root user20:09
mushroomblueright.20:09
smoserif the user is not found in sudoers than they'll be prompted for root passwd20:09
jdstrandsmoser: they are prompted for their own password20:09
jdstrandunless you use 'rootpw'20:09
Hypnozhe's right, man sudoers and search for rootpw20:10
smoserah... i thought that default if not found was just to propmt for root passwd20:11
smoserrather than just asking them for their password and then saying "no"20:12
jdstrandsmoser: wait, I think I misunderstood your statement20:12
Hypnozit gives some goofy message like "user not found in sudoers, reported to administrator"20:12
jdstrandsmoser: if the user is not in sudoers (eg not in the 'admin' group), you are prompted for the root password20:13
jdstrandrootpw is for forcing users in sudoers to use a rootpw instead of their own20:13
smoserjdstrand, i think you're wrong.20:14
smoser:)20:14
* jdstrand should have read smoser's comment more closely20:14
smoserat least in my test just now20:14
smoseri have a user 'test', which is not in admin, and not mentioned at all in /etc/sudoers20:14
jdstrandwell, I just tried here20:14
smoserif i become that user, and then type 'sudo ls'20:14
acemovirtualmin gives the error: The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed. should i just disable suexec or move the virtualmin base directory to /var/www?20:14
smoser$ sudo ls20:14
smoser[sudo] password for test:20:14
smosertest is not in the sudoers file.  This incident will be reported.20:14
Hypnozyep. If they're not in the sudoers they aren't allowed to sudo. But I think you can add to sudoers with the "rootpw" option like jdstrand was saying20:16
jdstrandsmoser: wouldn't you know, the user I tested *was* in the sudoers file and had rootpw (even though there isn't a root passwd set). Isn't that goofy... goes to fix that20:16
jdstrandso I was both right and wrong :P20:16
* jdstrand will go back into his hole now20:16
smoserit is kind of silly to prompt the user for their password and then say "ha ha, you cant do it anyway"20:16
jdstrandsmoser: I stand by my first 'rootpw' statement :)20:17
smoseryes. i think that is correct.20:17
smoser(and you verified :)20:17
mushroombluehrm.20:17
jdstrandthat was a truly ancient entry in my sudoers file...20:17
Hypnozsmoser, linux seems like it doesn't like to give away info, so I would guess that it doesn't tell you the account isn't in sudoers until you type the right password, maybe to slow down hackers finding sudo accounts20:18
smoserHypnoz, yeah, that is reasonable.20:19
smoserjdstrand, just fyi, it appears that chpasswd will also take a '!' token to indicate disable20:22
jdstrandsmoser: be careful with that one-- lest you introduce http://www.ubuntu.com/usn/usn-670-120:23
jdstrandbut yes20:23
mushroomblueanother question. is it possible to make a user sudo to another user by default?20:26
mushroombluei.e. I want an unprivileged user able to sudo to another user with admin privs, then sudo to root20:26
pwnguinwhat's that gain?20:26
mdzsmoser, soren, zul, jjohansen: I'm not sure i'm entirely in agreement with erichammond with regard to supporting arbitrary AMIs.  That's not something we should break without consideration, but our first priority should be to provide a complete, official stack20:27
zulmdz: agreed20:27
mushroombluepwnguin: ultra-paranoid. box has been compromised a few times, and I want to make their job as hard as possible.20:27
guntbertmushroomblue: if you want to play with sudo - please read man sudo and man sudoers20:28
mushroomblueI was previously using NX to solve some of this.20:28
mushroomblueguntbert: I am. :)20:28
mushroombluethanks, tho.20:28
smosermdz, i think everyone is in agreement there.20:29
smoserits just "nice to have"20:29
smoser"wishlist"20:29
mdzsmoser, zul, ok, sorry I missed the original discussion. eric seems to have disconnected20:36
mdzsmoser, could you follow up by email to make sure we close the loop?20:36
smosermdz, i thought the above was fairly clear from him20:37
smoser" It would also make Canonical a hero if the kernels happened to work well with other Linux distros (the current tester is using Fedora 11).  That last is obviously not a requirement, but if a simple decision makes it more possible "20:37
smoser'happened to work well' and 'not a requirement'...20:38
mdzsmoser, oh, ok, thanks20:39
mdzsmoser, I had scanned the beginning of my scrollback and it looked like he had left already20:39
mdzthat looks fine20:39
smoserkirkland, do man pages search no longer work at http://people.canonical.com/~kirkland/search.html20:40
smoseror, rather, they dont seem to work for me.20:40
kirklandsmoser: hmm, you're right21:05
kirklandsmoser: i'll have a look at that21:05
qman__mushroomblue, be aware that if you set a root password and you run sshd, you will probably want to change the sshd config to disable root logons21:16
qman__the default setting allows root logons, but since root doesn't have a password, root can't log on21:17
mushroomblueqman__: already done. thanks. :)21:18
erichammondmdz: (scanned the logs)  I agree with smoser that you and I are in agreement :)21:27
erichammondsmozer: When I say "images built by users" I'm not just talking about rebundled Canonical images, but also images built with vmbuilder (and for the time being, with ec2ubuntu-build-ami which many folks are using and which I can update as needed to work short term with the new kernels).21:28
erichammondThere are also some commercial services which let users build Ubuntu images including CohesiveFT's elasticserver.org and rBuilder at rpath.org21:30
=== ajmitch_ is now known as ajmitch
mathiazzul_: these are the dependencis that get pulled in when installing puppet - http://paste.ubuntu.com/268775/21:45
mathiazzul_: are these the one you were looking at when filling the MIR for puppet?21:46
=== palt_ is now known as palt
Hypnoz1Sun has these new NAS arrays, the 7000 series, the firmware on them is awful. Heads on them randomly fail over, disks randomly go offline. Steer clear, they are a good price but you get what you pay for...22:04
Hypnoz1Sun is trying though, they're releasing updates constantly. I'm sure in a year or two the things will be solid22:05
Hypnoz1but I feel like a damn beta tester for their product22:05
addisonhmm, what method of backup do you all prefer22:19
KillMeNowHypnoz1:  you actually PAID them to beta test their product22:21
KillMeNowaddison:  depends on your server22:21
KillMeNowwhat types of files you're backing up22:21
KillMeNowetc etc22:21
addisonwell, one server is actually running moodle, mysql db and then just the data frontend22:22
Hypnoz1haha yes we did. I am starting to realize why sun stock is worthless22:22
kirklandjbernard_: howdy22:33
jbernard_kirkland: hey man!22:33
kirklandjbernard_: okay, so you're interested in working on alfresco22:33
kirklandjbernard_: currently, iamfuzz is the canonical engineer who's been working on getting alfresco-community into the canonical partner archive22:34
jbernard_kirkland: yep, im wondering what it takes to get it from the partner archive into universe22:34
kirklandjbernard_: we'd like to get it into multiverse, for karmic, ideally22:34
kirklandjbernard_: gotcha...22:34
kirklandjbernard_: okay, so we're currently waiting on a few licensing clarifications from alfresco, to make sure that we have the rights to redistribute all of the included jars22:34
kirklandjbernard_: i expect we'll get a new tarball from alfresco by monday22:35
kirklandjbernard_: the other thing is sun-jdk has been dropped from karmic22:35
kirklandjbernard_: alfresco says that they need sunjdk, we've asked for a list of issues that they have with openjdk22:35
jbernard_kirkland: do we expect to have the licensing ambiguities clear up in that release?22:35
kirklandjbernard_: we're waiting to hear back on that one22:35
kirklandjbernard_: yes, the licensing issues are relatively straightforward, i don't see a problem22:35
kirklandjbernard_: step two will be ensuring that it builds and runs against openjdk22:36
kirklandjbernard_: step three will probably extend beyond karmic, and into karmic+122:36
jbernard_kirkland: yes, sunjdk is removed for karmic, as i recall22:36
kirklandjbernard_: ideally, alfresco would *not* include all these jars, but instead depend on packaged versions of each in ubuntu, distributed like any other package22:37
kirklandjbernard_: the way we handle this same situation for thousands of C and Python packages ;-)22:37
kirklandjbernard_: see the work ttx did on eucalyptus in the last two cycles22:37
jbernard_kirkland: are the sub-packages required for karmic?22:38
kirklandjbernard_: it's impossible to accomplish by karmic22:38
kirklandjbernard_: this part is a karmic+1 target for delivery22:38
jbernard_kirkland: so just openjdk verification/debugging22:38
kirklandjbernard_: but there's nothing wrong with starting on that after the openjdk task is done22:38
kirklandjbernard_: right22:38
kirklandjbernard_: meet iamfuzz22:38
kirklandjbernard_: iamfuzz  is the canonical engineer who's been working on alfresco up until now22:39
kirklandjbernard_: he's done a good job laying the foundation22:39
iamfuzzjbernard_, Hi there, glad to have someone helping out on testing22:39
kirklandand there's plenty more work to do ;-)22:39
iamfuzzindeed22:39
iamfuzzespecially the JAR work for karmic+122:39
jbernard_iamfuzz: hello, im interested in helping out22:39
iamfuzzI went through all the JARs we don't have and will be sending out a list on Monday22:40
kirklandiamfuzz: i'm hoping jbernard_ can help prune some of those jars out, package them individually, and make runtime dependencies out of them22:40
kirklandiamfuzz: can we start capturing all of this in a wiki page or something?22:40
jbernard_iamfuzz: can you copy me on that list?22:40
kirklandiamfuzz: now that there are a few cooks in the kitchen?22:40
iamfuzzkirkland, will do, Jared is supposed to send me a definitive list to compare against my work22:40
iamfuzzjbernard_, will do, what's your email?22:41
jbernard_iamfuzz: bernardj@gmail.com22:41
iamfuzzjbernard_, I'll go ahead and send a link to the PPA I'm uploading to now (it'll be a bit as my upstream is circa 1996ish)22:41
kirklandiamfuzz: you could create an ubuntu-alfresco team in LP, if you so desire ;-)22:41
iamfuzzkirkland, we have one, it's alfresco-isv22:42
kirklandiamfuzz: ah22:42
jbernard_iamfuzz: so monday the tarball should arive with the licensing cleared up, an we can begin verifying it on openjdk, is that basically the plan?22:43
jbernard_iamfuzz: have you done any openjdk testing with the current partner deb?22:44
iamfuzzjbernard_, basically, I just sent you an email about it.22:45
iamfuzzaside from the licensing stuff, the package should run fine now22:46
jbernard_got it22:46
iamfuzzand no, very little testing against openjdk as I just found out yesterday Sun java is out22:46
iamfuzzI did compile against it and it compiled fine, but would still only run against sun-java-622:46
iamfuzzhowever, this was the openjdk in Hardy, so it could work fine now22:47
jbernard_does there exist any kind of testing framework?22:47
iamfuzzyes, some automated, some not.  We are to receive that on monday as well22:47
jbernard_awesome22:47
iamfuzzwe're ina  bit of scramble mode since I found out about sun-java being booted22:48
jbernard_i can imagine :)22:48
kirklandjbernard_: fyi, openjdk in karmic >> hardy22:48
iamfuzzI was under the impressionw e would just release against it for karmic and then do everything proper like in universe for karmic+122:48
iamfuzzbut that all changed :-)22:48
jbernard_does it make sense to test the current partner deb against openjdk now, or just wait for the release on monday?22:49
iamfuzzkirkland, jbernard_ I'm off all next week as well :-)22:49
iamfuzzjust to add to the fun22:49
kirklandjbernard_: i'd suggest starting with the upload iamfuzz  is pushing to his ppa right now22:50
iamfuzzjbernard_, whichever way you want to do it, but don't test the partner DEB, it bundles swftools, use the one I'm uploading now to my PPA22:50
kirklandiamfuzz: correct me if i'm wrong, but i expect that upload to be more recent than the one in partner22:50
iamfuzzkirkland, yes, mainly just the removing of swftools22:50
jbernard_iamfuzz: ok, will do22:51
kirklandmathiaz: around?22:51
mathiazkirkland: yeeeesss!!!!22:51
mathiazkirkland: are you around?22:51
kirklandmathiaz: what's supposed to provide /etc/mysql/debian.cnf ?22:51
kirklandmathiaz: you bet ;-)22:51
mathiazkirkland: zhee unmissable mysql-zerver-5.1 peickage!22:52
mathiazkirkland: well - it's a generated file22:52
mathiazkirkland: by the post install script22:52
kirklandmathiaz: hrm22:52
mathiazkirkland: there is a special user added to mysql - debian-sys-maint that used by the init script to check the status22:53
mathiazkirkland: and shutdown mysql correctly22:53
kirklandmathiaz: okay22:53
kirklandmathiaz: i'm trying to get wordpress working22:53
mathiazkirkland: /etc/mysql/debian.cnf is used to store the credential of said user22:53
kirklandmathiaz: its setup script is failing, looking for that .cnf file, which doesn't exist22:54
kirklandmathiaz: and mysql-server isn't installed22:54
kirklandmathiaz: i'm trying that now22:54
mathiazkirkland: is mysql-server-5.{0|1} installed?22:54
mathiazkirkland: mysql-server is just a meta-package that pulls in the latest mysql-server22:54
kirklandmathiaz: nope. installing that now22:54
kirklandmathiaz: i'm installing 5.122:55
mathiazkirkland: right - that should help22:55
kirklandmathiaz: okay22:55
mathiazkirkland: are you using the workpress package?22:55
ahei just got curious about the alfresco appliance22:56
ahewhat do you plan to build around alfresco to give it the blackbox feel of an appliance?22:56
KillMeNowdon't forget to install php5-mysql22:57
sorenkirkland: Man, grub2 is complicated!23:06
sorenkirkland: ...for a Xen image it shoudln23:07
sorent matter, though?23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!