[00:00] <Bookman> I'm pretty new to this whole remote ssh computing.  How do I copy a file from one computer to another using ssh access in terminal?
[00:00] <domas> scp file computer:
[00:01] <ahe> Bookman: scp file user@computer:/path/where/to/put/the/file
[00:01] <domas> my method is shorter!
[00:01]  * domas giggles
[00:03] <Bookman> Thank you kindly.
[00:03] <Bookman> That is from local to remote, correct?  How about reverse?
[00:04] <Bookman> A simple reverse would work?
[00:04] <Bookman> scp user@computer:/file file
[00:04] <ahe> yes
[00:04] <erichammond> rsync -Paz localfile user@computer:/remotefile
[00:04] <erichammond>  rsync -Paz user@computer:/remotefile localfile
[00:04] <erichammond> :)
[00:04] <Bookman> lots of ways, eh?
[00:05] <erichammond> rsync can do compression and is super-smart about updating files which have minor changes.
[00:11] <Hypnoz1> also rsync is smarter about copying symlinked directories
[00:11] <Bookman> hmmm....having trouble with scp though.
[00:12] <Hypnoz1> probably need to to do -r to have it copy recursively if you're doing directories
[00:12] <Hypnoz1> what issue are you seeing with scp?
[00:13] <Bookman> I'm having trouble copying a file with spaces in the name.
[00:13] <Bookman> I have it between quotes
[00:19] <Bookman> Here is what I tried http://pastebin.ca/1561630
[00:20] <Hypnoz1> ya spaces in scp is a mess, I sometimes end up using *
[00:20] <Bookman> Just a wildcard?
[00:21] <Hypnoz1> I had that same issue a few days ago and never got it figured out, just did the wildcard to get the dir
[00:21] <Hypnoz1> should be able to \ before the space right
[00:21] <Hypnoz1> that would make too much sense though
[00:21] <Bookman> I guess I can rename the file.....
[00:22] <Bookman> Not sure if I have those permissions in that directory though.
[00:22] <Hypnoz1> might try to google a little about scp with a space in the filename
[00:23] <Hypnoz1> or use some wildcards to get it
[00:23] <Hypnoz1> just replace each space with a * it should be ok
[00:23] <Hypnoz1> gotta go, good luck
[00:24] <Bookman> Thanks!
[00:32] <Bookman> Anyone else know how to scp a file with spaces in its name?
[00:35] <KillMeNow> you need to escape the spaces
[00:36] <Bookman> I tried that
[00:36] <KillMeNow> here is a link:  http://www.thingy-ma-jig.co.uk/blog/14-05-2007/how-to-scp-a-path-with-spaces
[00:37] <Bookman> Ah, let me try again.....
[00:38] <Bookman> KillMeNow: Thank you kindly.  Got it.  PITA though.
[00:40] <soren> mdeslaur: C version of HOTP and TOTP done.
[00:40] <KillMeNow> yes it is
[00:40] <qman__> I'm pretty sure you can use quotes, but you have to format it like this
[00:41] <qman__> scp -r user@host:"/path/to/file" user@host:"/path/to/file"
[00:51] <Bookman> No problem, escaping the spaces works.  I just have to remember.
[01:06] <Bookman> Thank you all for your help this evening.  Much appreciated.
[01:35] <mdeslaur> soren: you rock :)
[01:53] <smoser> soren, around ?
[01:54] <smoser> Bookman, other option is probably to use lftp . i dont know why, but recently i'm really high on how nice lftp is (it supports scp)
[01:55] <Bookman> I have to look that up!
[02:00] <pmatulis> smoser: i wonder whether adding an application layer on top of ssh is a good thing
[02:01] <smoser> pmatulis, i dont really understand.
[02:02] <smoser> lftp does some really nice things. tab completion, caching of server side data. it does these things for http, ftp, ftps, https, ssh . really helpful.
[02:02] <pmatulis> smoser: well if you connect with keys you're entrusting them with another program
[02:02] <smoser> the one major benefit of it is 'pget' (parallel get)
[02:02] <smoser> which does multiple opens/concurrent downloads . on high bandwidth and high latency links (like my cable modem) 5 parallel gets scales almost linearly in many cases.
[02:03] <smoser> pmatulis, lftp meerly invokes ssh.
[02:03] <smoser> so i dont think you're entrusting it to the key more than any other app that could potentially read it from ~/.ssh/...
[02:04] <smoser> (at least i know for "fish" support it invokes ssh).
[02:05] <pmatulis> smoser: i guess it's a matter of principle, it's the reason why i don't use gui programs to "help" me with my keys, it's bad enough the ssh-agent invokes some weird sub-process (seahorse-agent?)
[02:06] <pmatulis> but thanks for the info on lftp and scp.  didn't know that
[02:44] <robd> Hey guys
[02:44] <robd> Can I use the default Ubuntu server ISO or the alternate install ISO and define my own boot args?
[02:44] <robd> I'm trying to use my own preseeding file and I'd really rather not have to setup a TFTP server and all that jazz... Can I just use the media you guys provide?
[02:45] <robd> At the moment I'm not sure how to just edit the boot parameters on the cd
[02:45] <robd> Is there an easy way to break out of the retarded isolinux gui?
[03:29] <kahrg> Heya, so I have a mini server play around that I am taking to class and I have only a network card installed on it (eth port burned up) I managed to get the wireless card on, but i do not know how to manage its connection through terminal. Is there a tool to help me do this?
[03:29] <kahrg> Only has a wireless card i mean
[03:36] <twb> kahrg: that depends on what wifi infrastructure you have installed.
[03:36] <twb> If NetworkManager is installed, for example, you must talk to it using XML via dbus.
[03:37] <twb> If only wpa-supplicant is installed, and you have configured it as a "wpa-roam" interface in /etc/network/interfaces as described in wpasupplicant's README.Debian, then you can use the wpa_cli and wpa_action to talk to it like a shell.
[04:24] <aubre> hey , is the vmware support just announced by Eucalyptus only available in their commercial product, or is it coming to UEC as well?
[05:16] <ball> I have a site with a small LAN (about ten workstations give or take a laptop or three).  We pay someone off site to host our Web site and email.  Given suitable hardware, would Ubuntu Server enable us to bring Web hosting and email in-house, as well as hosting our document files?
[05:18] <ScottK> ball: Yes, but suitable also includes, connectivity, backups, offsite storage, and a lot of other stuff too.
[05:18]  * ball nods
[05:18] <ball> rsync is great for off-site backups.
[05:18] <ball> ...also need to replace my tape drive :-/
[05:19] <ball> What about easy administration?
[05:19] <KurtKraut> ball, to host a website or an email server it would be rather important to have a static IP address and low demand on traffic on those services.
[05:19] <ball> KurtKraut: we have that.
[05:20] <KurtKraut> ball, the IP address has a reverse domain?
[05:20] <ball> KurtKraut: Not recently, but in the past I've had a domain pointed to it.
[05:20] <ball> (we would again)
[05:22] <ScottK> soren: python-mhash accepted.  Some packaging improvements can be found in Bug #427692.  Please review and upload if you're good with the changes.
[05:23] <error404notfound> is there a way i can log all commands executed by any user on shell and then email those to a certain email address at the end of day, delete the log?
[05:28] <ScottK> soren: I acceptedt the binaries that were done too.
[06:11]  * ball thinks about giving up
[06:19] <twb> IMO it's not worth the hassle of maintaining your own hardware in your own office.
[06:20] <twb> Particularly here in .au, where bandwidth is expensive.
[06:20] <twb> If I had a company, I'd stick the website and MTA on a VPS in .us, that I have root on.
[06:21] <giovani> twb: depends on who your web audience is, right?
[06:21] <twb> giovani: yes
[06:21] <giovani> clearly if 99% of your visitors are .au -- then you won't want to be hosting in .us
[06:21] <twb> Mainly I just hate dealing with read hardware :-)
[06:21] <twb> *real
[06:22] <giovani> abstractionist!
[06:22] <giovani> vpses are evil
[06:22] <twb> Certainly most VPS technology I've seen has been evil
[06:23] <giovani> and it's all totally insecure
[06:23] <giovani> I mean, I wouldn't trust any security-sensitive server on a virtualized system at this point
[06:23] <twb> giovani: web and mail are sensitive now? ;-)
[06:23] <cef> also depends on where the majority of your mail is going. if it's predominantly internal, having a mail server at your office makes sense (esp. given how expensive bandwidth is here)
[06:23] <giovani> twb: depends on what they're hosting, right?
[06:23] <twb> giovani: yep
[06:24] <giovani> for us, mail is critical security-wise
[06:24] <twb> end-to-end s/mime? ;-)
[06:24] <giovani> depends on the individual
[06:24] <giovani> but yes
[06:24] <giovani> and everything is tlsed with client certs
[06:25] <giovani> mail is only accessible from within the network, no webmail, etc
[06:25] <giovani> vpn in is your only option
[06:25] <giovani> and only authorized devices can vpn in
[06:25] <twb> Local hosting is also a lot nicer if you have a dedicated machine room with a rack, proper ac, proper case, hot-swappable drives, etc.
[06:26] <cef> volume is what kills it for us.. and why we host our own mail. that said, we've thought about hosting the primary MX outside and having it do the main grunt of spam/whatever (and face the brunt of DDOS), and then forward stuff to the real server here at the office
[06:26] <twb> As opposed to a lot of what I am exposed to, which is an ATX tower stuck under someone's desk
[06:26] <giovani> haha
[06:26] <giovani> yeah, that would suck, twb
[06:26] <cef> heh.. ours are ATX towers stuck on desks next to the rack cos the rack is full. ;)
[06:27] <twb> It's hard to justify rack mounting when your client only has a dozen staff
[06:27] <giovani> twb: I've rack mounted for companies of 2
[06:27] <ball> twb: I dunno, it's nice to keep things tidy
[06:27] <twb> giovani: yeah, but in YOUR rack, or their rack?
[06:27] <giovani> theirs
[06:27] <ball> ...same rack-mount UPS are expensive though
[06:27] <ball> s/same/shame/
[06:27] <giovani> I had them buy a 22U half-height locking APC cab
[06:27] <giovani> and we installed 2 servers, 1 router, 1 switch, 1 patch panel
[06:27] <twb> giovani: yeah, that could work
[06:27] <giovani> fully locked, and controlled
[06:28] <giovani> environmental monitoring, etc
[06:28] <giovani> I've never visited the site since
[06:28] <giovani> it's all IPMI managed
[06:28] <twb> A lot of our customers are also running FC3 or CentOS4.2 still, too :-/
[06:28] <giovani> yeah, that company I have running ubuntu
[06:28] <twb> Set up by the previous generation of sysadmins
[06:29] <giovani> yeah, at my day job ... we have a shitton of that
[06:29] <giovani> 1,100 servers
[06:29] <giovani> set up over the past 10 years
[06:29] <twb> I tell myself "at least it's not solaris"
[06:29] <giovani> 90% of it from the past 3 years
[06:29] <twb> Or AIX
[06:30] <ball> Is there some way to make Ubuntu Server easy to manage?
[06:30] <giovani> heh
[06:30] <ball> (for my successor?)
[06:30] <giovani> yeah, learn to use linux
[06:30] <twb> ball: document what you're doing
[06:30] <twb> esp. etckeeper
[06:31] <ball> twb: I don't know what an etckeeper is.
[06:31] <twb> ball: apt-get install etckeeper
[06:31] <twb> It keeps a history of /etc in version control
[06:32] <ball> I don't have Ubuntu Server installed on a production machine.  I've thought about it, but I'm worried about the people who come after me.
[06:32] <twb> ball: what are you using instead?
[06:33] <ball> NetBSD.  Need to replace that, obviously.
[06:33] <twb> Heh.
[06:33] <twb> One of our customers has half a dozen staff... each has a FreeBSD workstation, which is also running part of their core services
[06:33] <giovani> awesome
[06:34] <giovani> we do that too
[06:34] <twb> e.g. one is running NFS, one is running NIS, etc.
[06:34] <giovani> we have desktops that trade a few million dollars
[06:34] <giovani> it's horrific
[06:34] <twb> And their last admin compiled stuff from source, with his own patches, "to make it more secure"
[06:34] <giovani> twb: ... sure ... why wouldn't you?
[06:34] <ball> twb: did he leave you the source?
[06:34]  * JanC wants to know IPs to blacklist certain companies  :P
[06:35] <twb> ball: I dunno, I'm not directly involved with those poor bastards
[06:35] <giovani> JanC: blacklist for what reason?
[06:35] <ball> twb: that seems like something to be thankful for.
[06:36] <twb> Yeah... mostly I work on building desktop SoEs for use by remanded prisoners in DoJ gaols.  Requirements elicitation and security analysis is FUN.
[06:36] <giovani> how do you do your "security analysis"?
[06:36] <twb> As is getting new copies of the SoE onto their airgapped network
[06:37] <twb> giovani: mainly by proactively adding layers and layers of cruft
[06:37] <giovani> how is that analysis?
[06:37] <giovani> analysis isn't action ... it's passive
[06:37] <twb> Like removing gettys and xterms and gedit to make it harder to write sh scripts.
[06:37] <giovani> oh god
[06:37] <twb> giovani: yeah, OK, so not analysis
[06:38] <giovani> I'm so going to break into a prison network just to prove a point
[06:38] <twb> You can still write sh scripts using oowriter and putting "exec >output" at the top, saving them in /tmp (which isn't mounted -o noexec), and then chmodding and executing them in nautilus.
[06:39] <JanC> well, if you have a mail client, you can always mail scripts and save them  ;-)
[06:39] <giovani> twb: why would I have oowriter or nautilus on a server?
[06:39] <twb> giovani: this is on the desktop
[06:39] <giovani> oh, why do you care if people write shell scripts?
[06:39] <twb> The server I have managed to prevent them putting x on at all, thank the gods.
[06:39] <twb> giovani: like I said, layers and layers of cruft
[06:40] <giovani> but why do you care?
[06:40] <twb> If they can write their own sh scripts, they are one step closer to getting root on the local desktop.
[06:40] <giovani> what is the shell script going to do?
[06:40] <giovani> uh
[06:40] <giovani> that's just false
[06:40] <twb> Once they get root on the local desktop, they can remove the local firewall
[06:40] <giovani> this is a disconnected chain of events
[06:41] <giovani> anything you can write in a shell script file can be written directly into a bash shell -- trying to prevent them from writing to a file is foolish and simply security theater
[06:41] <giovani> there's nothing in a shell script that's dangerous
[06:41] <twb> They have no tty, so they can't run bash interactively.
[06:41] <giovani> it's just a series of commands they can type manually
[06:41] <giovani> twb: they don't have a shell? that's unlikely if they can start x
[06:42] <twb> They have a *shell*, they don't have a terminal to run it in.
[06:42] <giovani> this is a windows-like view on security
[06:42] <giovani> there is nothing dangerous in a shell
[06:42] <giovani> please stop this silliness
[06:42] <twb> That's just one layer.
[06:42] <giovani> no, it's not a layer
[06:42] <giovani> it's theater
[06:42] <giovani> "if they can't -see- the command line, then they clearly can't use it!"
[06:42] <giovani> it's absurd
[06:43] <twb> No, it just means it takes them longer to see the output
[06:43] <giovani> no, it doesn't
[06:43] <giovani> anyway, why can't I single-user the machine?
[06:43] <twb> eh?
[06:43] <giovani> reboot it and place it into single user
[06:43] <giovani> change the root password, and now I own the box
[06:43] <twb> Because you'd need to open the case to reset the BIOS password
[06:43] <giovani> period
[06:44] <twb> Or to boot it off local media
[06:44] <giovani> the bios is not related to single user mode
[06:44] <giovani> the boot manager is
[06:44] <giovani> most bioses have generic passwords anyway
[06:44] <twb> The bootloader (pxelinux) does not allow you to change anything on the client side.
[06:44] <giovani> ok, so I either use a generic bios password, or I pop the jumper
[06:44] <giovani> now what?
[06:44] <giovani> I still own the box
[06:44] <twb> You can't open the case without a torx screwdriver.
[06:45] <giovani> right, because I can't buy those at any hardware store
[06:45] <twb> giovani: not if you're in prison
[06:45] <giovani> you've placed all the wrong security measures
[06:45] <giovani> oh this is a prisoner-accessed computer?
[06:45] <giovani> I thought it was just a regular computer in the prison
[06:45] <twb> As I said initially, this SOE is for remanded prisoners.
[06:45] <giovani> I don't know what SOE is
[06:46] <twb> SOE just means a standardized environment
[06:46] <JanC> twb: considering that prisoners succeed in getting knives, files, mobile phones, drugs, etc., why not a torx screwdriver?  ;-)
[06:47] <giovani> you don't even need a torx screwdriver to take off a torx screw
[06:47] <twb> JanC: OK, so smuggle in a torx screwdriver AND a hard disk with an OS on it
[06:47] <ball> Do you use ltsp terminals?
[06:47] <giovani> a flat piece of metal of the right size will work fine
[06:47] <twb> ball: no, but something broadly similar
[06:48] <ball> Sun Ray? ;-)
[06:48] <twb> ball: custom x86 hardware and a netbootized version of the LTS desktop live CD
[06:49] <ball> twb: Ah, there you go.
[06:49] <ball> I'm thinking of rolling out ltsp, but I'm worried about ongoing support.
[06:49] <twb> ball: I would like to switch to LTSP, but right now it's a little too much effort.
[06:50] <JanC> twb: honestly, I'm sure this setup is 99.9% secure, but I won't bet any money on it unless it's never used without supervision...
[06:50] <giovani> heh
[06:50] <giovani> 99.9%?
[06:50] <giovani> are you smoking crack?
[06:50] <JanC> no, I'm just making up a number  :P
[06:51] <giovani> it sounds very inadaquately secure
[06:51] <JanC> and I think it's mostly secure considering most users probably don't know the difference between IE & the internet
[06:52] <twb> Certainly the system we *replaced* was a bunch of Windows desktops
[06:52] <twb> Where some guy's entire job was to go around opening them up, checking for contraband, putting them back together, reinstalling Windows
[06:52] <JanC> lol
[06:53] <twb> I would *like* to spend more time locking it down more, but what we've rolled out is orders of magnitude tighter than what they had
[06:54] <JanC> and it's probably possible to automaticly detect tampering if you want too
[06:55] <twb> Yeah, that'd be good.
[09:35] <PecisDarbs> How to change a limit of UNIX sockets within Ubuntu system?
[09:35] <PecisDarbs> googling it, but can't find it
[09:47] <twb> PecisDarbs: man limits?
[09:48] <twb> man limits.conf, rather.
[09:48] <twb> But that doesn't seem to cover it, so I guess it's an option in the kernel?
[09:52] <PecisDarbs> yes
[09:52] <PecisDarbs> but I can't find it
[09:52] <PecisDarbs> twb: limits.conf is for files
[09:53] <twb> Well, it also specifies core size and fork count, for example
[09:53] <twb> Doesn't matter
[09:53] <PecisDarbs> it specifies amount of memory how much you can use on socket messages
[09:54] <PecisDarbs> I think you can create as much sockets as you want
[09:55] <twb> btw, HOW do you create sockets?
[09:55] <twb> I couldn't work it out the other day
[09:56] <PecisDarbs> in application or from command line?
[09:56] <soren> twb: You just start listening on them.
[09:56] <twb> soren: I mean when the socket file doesn't exist yet
[09:56] <soren> So do I
[09:56] <twb> qemu didn't like that
[09:57] <twb> e.g. qemu -serial unix:/tmp/x
[09:59] <soren> twb: It tries to /connnect/, not listen.
[09:59] <soren> qemu -serial unix:/tmp/x,server
[09:59] <soren> is what you ant.
[09:59] <soren> want, even.
[09:59] <twb> soren: oh, duh, thanks
[10:00] <twb> As it happens, I found -serial pty was more awesome
[10:00] <twb> Then connect to it with "screen pts/27"
[11:25]  * soren lunches
[11:35] <stas> hi, anybody knows about how can i obtain stats from an apt mirror?
[11:35] <stas> I have an apt mirror, and would like to see the monthly hits
[12:35] <Jeeves_> stas: awstats?
[12:35] <Jeeves_> wc ?
[12:38] <stas> Jeeves_: I got it nevermind. I used visitors :)
[12:58] <ahasenack> Sam-I-Am: hey
[12:58] <ahasenack> Sam-I-Am: are you still having problems with sudo+ldap in karmic?
[13:22] <mdeslaur> kirkland: thank you for your manpages.ubuntu.com...I use it every week.
[13:22] <kirkland> mdeslaur: :-)  awesome!
[13:23] <kirkland> mdeslaur: i have a new one for you, in case you're interested ...
[13:23] <kirkland> mdeslaur: linuxsearch.org
[13:23] <kirkland> mdeslaur: helps find resources across several linux distributions
[13:23] <kirkland> mdeslaur: ie, you can search for a bug, and then narrow that search to ubuntu, fedora, debian, gentoo, etc
[13:24] <kirkland> mdeslaur: really helps me as upstream maintainer of projects, and ubuntu maintainer of certain packages
[13:24] <mdeslaur> kirkland: wow...that is _so_ cool
[13:26] <kirkland> mdeslaur: :-)
[13:26] <mdeslaur> kirkland: your site?
[13:26] <kirkland> mdeslaur: yeah
[13:26] <mdeslaur> cool
[13:43] <rtg> kees, lool - can one of you guys gimme some MIR review for linux-ec2? bug #427658
[13:56] <ScottK> soren: Thanks for quickly following up on my suggestions about mhash.  You're correct that the XS-foo doesn't make a practical difference in this case, but from a python packaging best practices case it is preferred to have it there.
[14:10] <lool> rtg: not even in the archive!
[14:11] <lool> rtg: And I dont see it in NEW
[14:35] <Sam-I-Am> ahasenack: not particularly with ldap, but sudo itself... that weird permission denied issue
[14:35] <ahasenack> Sam-I-Am: ah, so you narrowed it down. I ask because I was just messing around with sudo-ldap yesterday and it's working
[14:35] <ahasenack> at least for my test case
[14:35] <Sam-I-Am> yeah
[14:36] <Sam-I-Am> the things i've found broken with ldap enabled in nsswitch.conf (but not necessarily used) are su, sudo, and passwd
[14:36] <Sam-I-Am> so whether or not i have sudoers: ldap doesnt seem to matter... but passwd: ldap does
[14:37] <ahasenack> Sam-I-Am: you still using "compat" there? Tried changing it to "files"?
[14:37] <Sam-I-Am> tried both
[14:38] <Sam-I-Am> ordering sometimes fixes one or the other
[14:38] <Sam-I-Am> spent most of last friday banging my head on the desk trying to figure out why my PAM passwd stack wasnt working... turns out passwd could not write /etc/.pwd.lock
[14:38] <Sam-I-Am> unless i called passwd as root
[14:39] <Sam-I-Am> which is strange since passwd is suid root
[14:39] <soren> ScottK: No worries. Thanks for pointing it out.
[14:39] <smoser> soren, ping.
[14:40] <smoser> uec/ec2 images failed last night.
[14:41] <smoser> package dependency problems
[14:41] <smoser> http://pastebin.com/f6e968b36
[14:42] <soren> smoser: We should be shipping the euca2tools anyway.
[14:42] <smoser> well the issues are greater than that
[14:43] <smoser> ruby is not able to be installed? curl? upstart?
[14:44] <soren> I would't worry that much about it. Archive inconsistencies are not rare in development releases.
[14:45] <smoser> i will agree that we should ship euca2ools
[14:45] <smoser> i wouldn't have noticed other than i was hoping to put a new set of images up with the new kernels
[14:48] <ScottK> smoser: You can always check http://people.canonical.com/~ubuntu-archive/testing/karmic_probs.html and if you see the same issues there (e.g. upstart in this case) you know this issue isn't unique to your images.
[14:49] <smoser> ScottK, thanks for that link
[14:52] <soren> I don't believe that's the issue we're seeing, really. I don't think only main is enabled at that point of the ubild.
[14:52] <soren> build,even.
[14:58] <soren> smoser: I can't see what else it would be, though.
[14:58] <smoser> soren, i'm going to re-try here in a bit from my account
[14:59] <soren> smoser: alright. chances are it will just work.
[14:59] <smoser> yeah.
[14:59] <smoser> soren, please look at that bug i requested sponsorship of . it currently is marked as alpha6 milestone
[15:01] <soren> smoser: Can you push them as branches on Launchpad? That makes my life so much easier.
[15:02] <smoser> soren, yeah, easy enough
[15:02] <smoser> let me do that.
[15:05] <soren> smoser: ta
[15:15] <ruben23> hi anyone used zimbra opensource email system.
[15:18] <smoser> soren, branches for karmic and trunk attached to bug 420581
[15:18] <smoser> well pfft to you uvirtbot
[15:18] <niemeyer> Morning guys
[15:19]  * ball waves
[15:19] <niemeyer> soren: Does this ring any bells:
[15:19] <niemeyer> $ euca-describe-images
[15:19] <niemeyer> Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
[15:19] <niemeyer> EC2ResponseError: 403 Forbidden
[15:22] <smoser> niemeyer, what do you have for EC2_URL ?
[15:23] <niemeyer> smoser: Some background: this was working fine, and it suddenly stopped working
[15:23] <niemeyer> smoser: No changes in the configuration or anything
[15:25] <niemeyer> If I login to the admin interface, it works..
[15:25] <niemeyer> I then ask for a credentials zip file, and it returns a 0 bytes file
[15:25] <rtg> lool, its never been clear to me that you're supposed to upload a package prior to MIR review. will do so now.
[15:26] <smoser> niemeyer, so this is not ec2. i didn't know if you were talking ec2 or uec/eucalyptus
[15:26] <niemeyer> smoser: Oh, yeah, it's Eucalyptus indeed
[15:27] <lool> rtg: The process is a) upload source b) NEW source and binary c) MIR d) seed e) promotion
[15:28] <lool> rtg: The problem with MIRing stuff in NEW or out of archive is that the uploaded thing can differ and we cant even compare them
[15:28] <rtg> lool, ok, it'll be uploaded in a bit
[15:28] <lool> What did you expect me to review exactly?   :-)
[15:29] <rtg> lool, well, slangasek wanted an MIR before I uploaded the ec2 kernel package. pro forma?
[15:29] <lool> Odd
[15:29] <lool> slangasek: ^ I dont understand how we're supposed to review such a MIR
[15:31] <rtg> lool, linux-ec2 uploaded
[15:31] <lool> rtg: I prefer getting to it when it's through NEW in case it gets rejected + reuploaded
[15:32] <lool> I dont think there's any hurry anyway; we can promote before MIRing
[15:32] <rtg> ok, its the server dudes taht are hot for this
[15:33] <lool> Yeah the server team certainly knows how to keep us busy with MIRs   ;-)
[15:34] <zul> lool: sorry
[15:34] <zul> my bad
[15:35] <lool> zul: Eh I'm just kidding
[15:35] <lool> It's certainly right to file MIRs
[15:35] <zul> lool: yeah so am i
[15:42] <KRyPTyK> Good morning all! Does anyone have experience with FOG imaging on Ubuntu Server?
[15:48] <smoser> soren, i'm hitting the same error now as the nightly hit earlier
[15:48] <soren> smoser: Interesting.
[15:48] <smoser> or a bummer, depends on how you look at it
[15:50] <smoser> its definitely not a universe/multiverse-not-enabled issue
[15:50] <smoser> ec2-ami-tools is in multiverse
[15:50] <soren> Precisely.
[15:50] <smoser> ruby is in main
[15:50] <soren> Oh!
[15:50] <soren> I know what's wrong.
[15:50] <soren> Look further up in the build log
[15:50] <soren> 2009-09-11 05:12:42,243
[15:51] <smoser> yep
[15:52] <soren> It's the upstart thing.
[15:53] <soren> It'll get fixed shortly. No doubt.
[15:53] <slangasek> lool: you're supposed to decide whether it's reasonable to add another kernel source package to main, because I don't want that on me :)
[15:55] <lool> A trap.
[15:56] <lool> I'll pretend I dont know what linux-ec2 til I'm forced to keep my eye lids open
[15:56] <smoser> ec2 is a trap. there is no doubt about that
[15:57] <smoser> jjohansen1, are we to have the karmic-kernel/ec2 status meeting in 3 minutes here?
[15:57] <jjohansen1> smoser: yes
[15:57] <zul> succobus
[15:58] <zul> hey rtg
[15:59] <rtg> zul, dude
[16:00] <soren> smoser: I thought those were at 1700 UTC?
[16:00] <jjohansen1> it is 16:00 UTC shall we begin the EC2 kernel status meeting
[16:01] <soren> jjohansen1: No,it'snot.
[16:01] <jjohansen1> soren: no, I messed up the mail, and put 16:00 GMT but we are doing 16:00 UTC
[16:01] <soren> That's an hour from now.
[16:01] <soren> Really
[16:01] <jjohansen1> ah, my bad.  I am messed up
[16:01] <smoser> well i helped
[16:01] <smoser> sorry
[16:01] <soren> Who's representing the server team at the release team meeting?
[16:02] <jjohansen1> np.
[16:02] <apw> 16:00 GMT == 16:00 UTC by definition
[16:02]  * smoser lifts soren's hand
[16:02] <jjohansen1> we should just do the meeting now, so it doesn't conflict with the release team meeting
[16:02] <soren> smoser: Gah, I hate that.
[16:02] <apw> th release meeting is now
[16:03] <soren> jjohansen1: Hahah.
[16:03] <soren> jjohansen1: Dude.
[16:03] <soren> jjohansen1: The release team meeting is now.
[16:03] <jjohansen1> apw: hrmm, for some reason I thought that was an hour later
[16:03] <jjohansen1> ah the joys of pain
[16:03]  * soren puts "A UTC clock for jjohansen1" on his shopping list for christmas
[16:03] <jjohansen1> and still being half asleep
[16:03] <apw> nope they are both the same, we are however on BST right now, which means 16:00 GMT/UTC re now +1
[16:04] <jjohansen1> apw: right, that is part of what messed me up
[16:05] <smoser> apw, strictly UTC is an atomic time scale which only approximates GMT with a tolerance of 0.9 second.
[16:05] <smoser> just to be a jerk
[16:05] <apw> they are however in the same timezone :)
[16:05] <jjohansen1> hehe
[16:06] <apw> and utc is of course french so we have to hate it
[16:06] <tarvid> vsftpd 530 Login incorrect. problem
[16:06] <tarvid> jaunty
[16:07] <tarvid> user has a local account with shell /bin/false
[16:08] <tarvid> is this a pam problem?
[16:09] <zul> yes
[16:09] <zul> apw: the french hate everything
[16:09] <apw> very true
[16:10] <tarvid> any way to use local auth?
[16:14] <soren> smoser: I actually haven't tested whether we can boot now with no user-data. Have you?
[16:15] <smoser> no. its on the list today to publish a karmic nightly and use new karmic kernels also
[16:15] <soren> smoser: I've tested the bits and pieces unit test style,but not a full "intregration test".
[16:15] <smoser> yeah
[16:17] <smoser> soren, you have suggestions on http://pastebin.com/f33bc2571
[16:17] <smoser> thats from a attempt at a hardy build
[16:18] <soren> smoser: The hardy builds need the ppa to work.
[16:19] <smoser> i hate nectarine
[16:19] <smoser> i knew it needed the ppa, but didn't think about the fact that it couldn't get there
[16:21] <smoser> soren, maybe you can explain to me why (back to the karmic build failure)
[16:21] <smoser> ['/usr/sbin/debootstrap', '--arch=i386', 'karmic', '/tmp/vmbuilderxwUgID/root', 'http://archive.ubuntu.com/ubuntu']
[16:21] <smoser> would return success, after "Failure while configuring base packages."
[16:21] <smoser> seems like that is wrong
[16:21] <soren> Because debootstrap only pulls from main, and right now, upstart has a dependency in universe.
[16:22] <smoser> i didn't ask why it would fail
[16:22] <soren> oh,sorry :)
[16:22] <smoser> i asked why it would fail and return success
[16:22] <soren> Oh,sorry, started typing after your first line :)
[16:22] <smoser> does debootstrap have general issues like that ?
[16:22] <soren> I'm not sure. I'd ask Colin.
[16:23] <soren> Well, no, I would probably stare at code for a few hours, but I /should/ ask Colin :)
[16:23] <smoser> the scary thing is if apt is returning success to debootstrap
[16:23] <smoser> as thats a largeer problem
[16:29] <soren> smoser: debootstrap does not use apt.
[16:29] <smoser> oh. wow.
[16:29] <soren> smoser: It's the thing that installs apt :)
[16:29] <smoser> i figured it installed apt, then started using it
[16:30] <soren> No. Once apt works, debootstrap is done.
[16:30] <soren> (de facto, not de jure)
[16:50] <niemeyer> ARGH
[16:50] <niemeyer> Eucalytpus stopped again.. :-(
[16:50] <soren> Which part of it?
[16:51] <niemeyer> soren: The same error I mentioned about euca-describe-images
[16:51] <niemeyer> soren: I can't manage to bring it back to a usable state after this
[16:52] <soren> niemeyer: How'd you fix it last time? Reinstall?
[16:52] <niemeyer> soren: Yeah, remove, rip everything off, reinstall
[16:53] <soren> niemeyer: All components or only cloud controlleR?
[16:53] <soren> niemeyer: Can you check if your cluster controller is running?
[16:53] <soren> niemeyer: And node controller?
[16:55] <niemeyer> soren: Hmm
[16:55] <niemeyer> soren: Only cloud controller.. I've only got it running
[16:55] <niemeyer> soren: Or rather, only what /etc/init.d/eucalyptus-cloud starts
[16:56] <soren> niemeyer: Oh.
[16:56] <soren> niemeyer: Then I'm not sure, really.
[16:56] <niemeyer> soren: They continue running, but wedged
[16:57] <niemeyer> soren: I can login to the admin interface, for instance
[16:57] <soren> niemeyer: They?
[16:57] <macrocosm> Anyone have a tip on the safest way to email blast my leads without getting my IP blacklisted?  I have a legitimate cleaned list but still precautions are always good with email ..something that breaks it over multiple cron runs would be nice too.  Googling came up with a bunch of junk
[16:57] <niemeyer> soren: But if I ask for my credentials, it returns an empty file
[16:57] <niemeyer> soren: Yeah, there are multiple things running (ports 8443, 8773, 9001)
[16:58] <niemeyer> soren: Ok, I'll try to capture someone from Eucalyptus to see if they want to debug it, next time it wedges
[17:01] <clusty> any of you using puppet to manage confs?
[17:02] <clusty> i am getting a hell of a time trying to get it running on server 9.04
[17:02] <clusty> godamn certs are killing me
[17:03] <soren> clusty: I use it a little bit.
[17:04] <clusty> soren, i am getting cert not trusted
[17:04] <clusty> on client
[17:04] <clusty> cannot even get the barindead sudoes example running
[17:04] <soren> Haven't seen that, sorry.
[17:04] <clusty> got proper dns working on LAN ?
[17:05] <clusty> curious if that is to be blamed
[17:14]  * soren dinners
[17:14] <smoser> soren, so if we put lib6-xen into ec2 images, i would presume some negative affect on said images as kvm
[17:15] <smoser> i'm guessing conflict with libc6
[17:40] <clusty> do you guys use clusterssh?
[17:41] <cemc> clusty: cssh ? I did a little bit
[17:41] <clusty> cemc, i cannot get it running
[17:41] <cemc> what does it say?
[17:41] <cemc> it needs X
[17:41] <clusty> crap. now i don;t have vnc running
[17:41] <clusty> sec
[17:43] <clusty> cemc, well first of all how do i specify list of machines i want to ssh into?
[17:43] <cemc> clusty: cssh machine1 machine2 ...
[17:43] <cemc> then it will open 1 command window, and one window for every machine
[17:44] <Hypnoz> I'm not sure exactly what clusterssh does, but I use a tool called DSH to run commands on large groups of servers at once
[17:44] <Hypnoz> its easy, $ dsh -f allmachines.list -- 'command'
[17:44] <Hypnoz> then it runs the command on every machine in the list
[17:45] <clusty> Hypnoz, works as you type?
[17:45] <Hypnoz> not sure what that means
[17:45] <clusty> cemc, warning unkown host <IP>
[17:45] <clusty> Hypnoz, i mean is like demultiplexing keyboard
[17:46] <clusty> typeing in 10 windows at once
[17:46] <Hypnoz> oh, no
[17:46] <Hypnoz> its just for sending one time commands to remote machines, its not streaming
[17:47] <cemc> clusty: unknown host? it mean you didn't specify the hostname correctly I guess
[17:48] <ScottK> cemc: You probably saw, the qpsmtpd backport got done, so I think we are all up to date now.
[17:48] <vlazar_> cemc, WARNING: unknown host 192.168.0.201 (see -i switch, or ignore_host_errors in .csshrc) - ignoring
[17:48] <clusty> that is me :D
[17:49] <clusty> this is from both the command line
[17:49] <clusty> and cloicking add host
[17:50] <cemc> clusty: I don't use any .csshrc, I just run the command like this: cssh host1 host2 hostn
[17:50] <clusty> cemc, me neither
[17:51] <clusty> anyways fok it
[17:51] <clusty> my patience is thin today
[17:51] <clusty> thanks for help
[17:51] <cemc> should work and it's really nice, IF you have a bunch of really similar servers
[17:51] <clusty> cemc, they are identical
[17:51] <clusty> :D
[17:51] <clusty> 9 of them
[17:51] <cemc> because every keystroke gets replicated to every server
[17:53] <cemc> ScottK: yep, I saw, nice ;) I'll look at the php stuff this weekend
[17:53] <jmedina> morning
[17:53] <clusty> moin
[17:58] <Hypnoz> would be nice if there was a tool like that for command line
[17:58] <Hypnoz> instead of being a gui tool
[18:00] <cemc> it would be harder to display all the server'
[18:00] <cemc> s terminals ;)
[18:22] <clusty> a small question: what is the permission number for this mode?
[18:22] <clusty> -rw-r--r--
[18:22] <clusty> ?
[18:22] <smoser> jjohansen1, zul either of you have a minute to poke at bug 427288 ?
[18:22] <clusty> u+wr a+r :D
[18:23] <zul> smoser, jjohansen1 was working on it
[18:24] <smoser> well, the plan was for me to test if simply installing libc6-xen fixed it. and it doesn't.  i definitely have it installed, but it appears to not be being picked up.  at least not used by the init process
[18:24] <smoser> wanted to see if either of you wanted to poke at the system and maybe find out why
[18:25] <erichammond> smoser: Did you also remove -i686 and add the nosegneg thing?
[18:25] <erichammond> er, remove libc6-i686
[18:26] <smoser> neither.
[18:26] <smoser> :)
[18:26] <erichammond> I got to the instructions in ec2ubuntu-build-ami through years of research, tips from others, and trial and error.  I don't always remember which statements fix which problems.
[18:28] <smoser> yeah. hopefully we dont have to remove libc6-i686
[18:29] <erichammond> For a long time I used to remove /lib/tls but then one day a simple apt-get upgrade broke the system: http://groups.google.com/group/ec2ubuntu/browse_thread/thread/1a3fd33f04766361/8f82524bd298a4a2
[18:30] <erichammond> Please make sure that the sample perl command in that message works with the solution you end up with or things will be broken.
[18:33] <smoser> erichammond, thats a great post, thanks.
[18:34] <apw> smoser, the divert stuff at the end is also interesting
[18:44] <niemeyer> soren: Do you know where libomxmlsec was moved to (was in librampart in 9.04)
[18:45] <domas> hiii! what is the easiest way to reseed random?
[18:46] <domas> whatever I do, gpg seems to wait for random stuff forever
[18:46] <domas> 'reseed' in a loop doesn't help (it just sets urandom as far as I understand)
[18:46]  * domas looks at sysctls
[18:49] <domas> hmmm, apt-get install rng-tools
[18:50] <domas> rngd -r /dev/urandom \o/
[18:51] <Hypnoz> could you reseed random by tail -f /dev/urandom ?
[18:52] <Hypnoz> hmm doesn't work like I thought it would
[18:52] <Hypnoz> cat /dev/urandom does though
[18:54] <Hypnoz> that rng-tools looks interesting if i used /dev/random for anything
[18:57] <erichammond> apw, smoser: The xen-divert-tls-libc approach requires the user to always use that command to do upgrades which is not an acceptable solution to force on unsuspecting EC2 users.
[18:57] <apw> erichammond, not sure it does, doen't it only go wrong if we add files to libs
[18:57] <apw> libc?  i would expect it to mean when you see the libc files installing shove them over here instead
[18:58] <smoser> that was my understanding (obviosly either my read of it or the doc could be wrong)
[19:00] <erichammond> apw, smoser: The problem is that upgrades to libc6 can restore /lib/tls breaking the system.  The divert approach requires you to know this is going to happen and run a command before and after upgrading libc6.
[19:01]  * apw tries to imaging uvirtbot on #u-k ... it'd be like a torrent
[19:02] <smoser> "But if a libc upgrade contains a new file for /lib/tls"
[19:02] <erichammond> smoser: Fair 'nuff.
[19:03] <erichammond> Still requires the user to know what's going on in a system that is not configured like normal Ubuntu.
[19:05] <smoser> erichammond, the interest in it is because i really dont want to uninstall libc6-i686. right now our ec2 images are identical for ec2 and uec. that would penalize uec (i'm not exaclyt sure of the effects, but at very least, libc6-i686 is part of "ubuntu-minimal" metapackage which the images are installing at the moment
[19:06] <smoser> i'm not sure how likely a libc upgrade including a new file in /lib/tls is over a given release (ignoring change-in-release upgrades at the moment)
[19:06] <smoser> ec2 networking is completely random
[19:07] <smoser> i do a wget of a file, and i get ~ 300k or something. then, using axel, it sustains better than 1.5M for 500M file
[19:08] <erichammond> smoser: A year ago a simple "apt-get upgrade" broke Hardy servers on EC2.  It wasn't my favorite time.
[19:08] <smoser> well, for some of the threads at least
[19:08] <smoser> erichammond, zul do you have any ideas why canonicals hardy images do not have this issue ?
[19:09] <zul> because its using libc6-xen
[19:09] <erichammond> smoser: If Xen needs something different from KVM, then you may need different images.
[19:09] <_nofear> Hi guys, does anyone know a good tutorial on what configuration must be done to authenticate a user in an OpenLDAP server?
[19:09] <smoser> erichammond, well, yeah, but thats what we're trying to avoid :)
[19:09] <erichammond> Or different bootup
[19:10] <erichammond> nah, that's probably impossible with libc6
[19:13] <mushroomblue> _nofear: do you have the server already set up?
[19:15] <_nofear> mushroomblue: yes, I can authenticate Windows users with Samba already.
[19:16] <Hypnoz> I forgot which link got me there, but I went through these 4
[19:16] <Hypnoz> http://beginlinux.com/server_training/server-managment-topics/1016-ldap-server-on-ubuntu-804
[19:16] <Hypnoz> http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/
[19:16] <Hypnoz> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS
[19:16] <Hypnoz> http://www.aselabs.com/articles.php?id=246&page=2&asesessid=fb756c0d4961f3f258c9927563f326f84cc89783
[19:16] <mushroomblue> that'll do.
[19:16] <_nofear> Hypnoz: thanks very much :)
[19:16] <Hypnoz> the crappy part is the PAM files
[19:17] <Hypnoz> if you don't set them up EXACTLY right, it fails
[19:17] <_nofear> Hypnoz: That's exactly where I think I'm losing it.
[19:17] <mushroomblue> yeah. that's my current issue.
[19:18] <mushroomblue> you'd think someone would provide an updated LDAP howto that doesn't rely on slapd.conf
[19:18] <Hypnoz> yep, i set up pam over and over in VM's till i got it working clean, it took forever
[19:18] <mushroomblue> since it's now been deprecated.
[19:19] <mushroomblue> "Ubuntu 7.10 was a nightmare when it came to setting up ldap"
[19:19] <mushroomblue> lol. it's still a nightmare.
[19:19] <Hypnoz> truth
[19:20] <_nofear> Actually I gave setting this on Ubuntu, I'm using Debian 5 now.
[19:20] <_nofear> *gave up
[19:23] <domas> hypnoz: I have no idea why 'cat /dev/urandom > /dev/random' didn't work :)
[19:39] <soren> niemeyer: I believe it's built into librampart or some such now.
[19:40] <niemeyer> soren: Hmm.. euca 1.6 seems to depend on it still
[19:41] <smoser> soren, quickliy glance at bug 426424 . you have opposition to that ?
[19:41] <NCommander> anyone here a SPARC wizard :-)?
[19:43] <soren> niemeyer: Upstream, yes.
[19:43] <soren> niemeyer: In Ubuntu, it shouldn
[19:43] <soren> t.
[19:43] <soren> niemeyer: We carry a patch to fix that.
[19:43] <niemeyer> soren: Yeah, sorry, this was me trying to install from source to get a working environment somehow
[19:44] <soren> niemeyer: There's a patch in the ubuntu source package. It uses quilt. Do you know how to find it?
[19:45] <niemeyer> soren: I do, thanks.  I've just grabbed the apt-get source from it
[19:45] <Hypnoz> _nofear:: are you still here, and interested in seeing how I set up my pam.d files for ldap?
[19:45] <zul> NCommander: i used to be but that probably wont help you now
[19:45] <soren> niemeyer: Alright, cool.
[19:45] <niemeyer> soren: I got Neil giving a hand now, so will wait to see how this goes
[19:45] <_nofear> Hypnoz: that sure won't hurt :)
[19:45] <NCommander> zul, you know if a sunfire can be forced into proper TFTP booting?
[19:46] <soren> niemeyer: IIRC, it's the debian/patches/04* one.
[19:46] <NCommander> zul, I just had a kernel panic (or something) occur during a dist-upgrade, and the machine won't boot now
[19:46] <Hypnoz> i'll paste them somewhere and link it to you, one sec
[19:46] <zul> NCommander: stop-a doesnt work anymore?
[19:46] <NCommander> Its a v120
[19:46] <NCommander> zul, I can get into the PROM
[19:46] <NCommander> zul, but it doesn't seem to want to talk to my TFTP server
[19:46] <niemeyer> soren: Btw, I've reported the crazy behavior at #428010, just to keep track of it
[19:46] <zul> NCommander: not sure :(
[19:46] <NCommander> I can't remember how I forced Ubuntu onto it before (I had issues with this sunfire at installation)
[19:46]  * NCommander is trying to fix ubuntu karmic on sun
[19:47] <soren> bug 428010
[19:47] <NCommander> Its a pity I didn't fix it BEFORE my SPARC decided to die
[19:47] <zul> NCommander: i got rid of my sparc's or more specific my wife got me to get rid of them
[19:47] <NCommander> zul, they can be load :-/
[19:48] <NCommander> The problem is my sunfire is the only thing that can do TTL serial, so I need IT to talk to an ARM development board I have
[19:48] <zul> NCommander: especially when I had two sitting on my desk
[19:48] <soren> smoser: Looks good to me.
[19:48] <smoser> i do have one change to make to it
[19:48] <smoser> i really, really hate sh -e
[19:48] <smoser> in sh -e, the following is happily ignored:
[19:48] <smoser> ( false )
[19:49] <smoser> it can be fixed / worked around by:
[19:49] <smoser> ( false ) || false
[19:49] <smoser> so i'll append '|| false' to the end of those 2 gzip lines
[19:51] <soren> smoser: That changed in bash recently, actually.
[19:51] <smoser> changed to doing what it should you mean ?
[19:51] <soren> Yes.
[19:52] <smoser> someday i will fix that script (and others) to not use sh -e, but rather check and give error output themselves.
[19:53] <soren> It happened to stumble upon this when debugging a kernel build issue with rtg last week.
[19:53] <soren> "Last week"? Was it really last week?
[19:53] <soren> It seems like a distant memory.
[19:54] <smoser> i'm surprised they would intentionally change something like that
[19:54] <Hypnoz> _nofear::  http://pastebin.com/d75fdac87
[19:54] <Hypnoz> I know there's some stuff I'm missing, but if you have the server set up right, http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/ should go a long way to getting some stuff resolved
[19:55] <soren> smoser: They decided that the old behaviour was wrong.
[19:55] <soren> smoser: I'm looking up the changelog entry.
[19:56] <smoser> and anyone who depended on it should now be broken :)
[19:56] <_nofear> Hypnoz: alright, thanks very much. I'll take a look, I guess I'm missing something to set on these files.
[19:56] <soren> smoser: l.  Changed behavior of shell when -e option is in effect to reflect consensus of Posix shell standardization working group.
[19:56] <smoser> ah. wow.
[19:56] <smoser> so in theory dash should change too
[19:56] <soren> smoser: dash will likely follow suit given the context.
[19:56] <soren> right.
[19:56] <soren> Eventually.
[19:58] <smoser> change pushed.
[20:17] <J_P> Hi all..
[20:18] <J_P> People, I install ubuntu server 9.04. and after install xorg and icewm. well, startx works ok. But resolutions are there in 1024x768, and I would like 800x600. But /etc/X11/xorg.conf is empty. where are the Xorg configurations ?
[20:20] <J_P> anyone ?
[20:22] <ScottK> J_P: It's off topic for ubuntu-server as we don't ship X.
[20:22] <KillMeNow> http://ubuntuforums.org/showthread.php?t=83973
[20:22] <KillMeNow> check that out
[20:22] <KillMeNow> does that help?
[20:57] <smoser> soren, on nectarine, can you update your automated-ec2-build directory ? you're at revision 5 and current is 7
[20:57] <smoser> 2 things missing are md5sums and --lock-user
[20:57] <soren> Feel free to do so yourself.
[20:58] <soren> I'm about to head out.
[20:59] <soren> Oh, right. You can't really, can you?
[20:59] <soren> smoser: Done.
[20:59]  * soren calls it a day (and week)
[20:59] <smoser> well, i can...
[20:59] <smoser> just have to ask sudo :)
[21:00] <smoser> figured i'd be nice
[21:24] <bobg> i am setting up a ldap server in jaunty and I am not finding much information about the new openldap /etc/slapd.d/ config method that jaunty uses by default.
[21:25] <bobg> does anyone know of a "how to " on configuring openldap in jaunty?
[21:27] <bobg> there are lots of how to's for older Ubuntus but that do not seem to apply any more
[22:02] <ahasenack> mathiaz: fwiw, I just updated openldap-dit to use cn=config
[22:03] <mathiaz> ahasenack: cool - thanks
[22:03] <ahasenack> mathiaz: sample run in karmic: http://pastebin.ubuntu.com/269401/
[22:04] <ahasenack> it was fun
[22:04] <mathiaz> ahasenack: cool
[22:04] <ahasenack> mathiaz: did you know that ldapdelete is not supported in cn=config?
[22:04] <mathiaz> ahasenack: where are the admin tools now?
[22:05] <mathiaz> ahasenack: hm - I thought so
[22:05] <ahasenack> mathiaz: hmm, admin tools...?
[22:05] <ahasenack> mathiaz: yeah, something to keep in mind and document, I may do it
[22:05] <mathiaz> ahasenack: like - how do I add a user to this directory?
[22:05] <mathiaz> ahasenack: a group?
[22:05] <mathiaz> ahasenack: add  a user to a group?
[22:05] <ahasenack> mathiaz: I will use smbldap-tools
[22:06] <ahasenack> mathiaz: the structure is empty, it should be straight forward to use almost any tool out there, bar the "big" ones that want to take over the directory
[22:06] <mathiaz> ahasenack: how would you manage the sudoer entries?
[22:06] <ahasenack> mathiaz: ldapvi, apache directory studio, luma, gq
[22:07] <ahasenack> mathiaz: not sure how a wrapper would look like, given that the official sudo admin tool is visudo
[22:07] <ahasenack> i.e., a plain text editor
[22:12] <bobg> how do you read the .gz files in the /usr/share/doc/... folders?
[22:14] <ahasenack> bobg: less reads them
[22:23] <bobg> ahasenack, thanks. It never ocured to me that less would decompress gz files. Thats a a lot easier that gunzup -> nano -> gzip :)
[22:23] <ahasenack> welcome
[22:23] <ahasenack> bobg: there is also zless in some distributions
[22:31] <tlyng> hmm, i'm reading up on eucalyptus, ubuntu and ec2. I'm pretty new with cloud computing, but do understand some of the terminology :) Amazon offer an EBS storage solution, what is Eucalyptus / Ubuntu's equivalent?
[22:42] <Hypnoz> anyone know if M$ office can open an openoffice drawing file
[22:55] <ahasenack> mathiaz: the karmic bind9 package is using the so called "dlz ldap" implementation/patch?
[22:55] <ahasenack> mathiaz: have you ever used the bind9 ldap backend?
[22:55] <mathiaz> ahasenack: I don't know
[22:56] <mathiaz> ahasenack: I've never used it
[22:56] <ahasenack> ok
[23:12] <clusty> got a small question: how can one install sun-java6-bin unattended?
[23:12] <clusty> cause it bugs me about accepting license
[23:14] <Hypnoz> get one of those rocking things with the water inside, and have it keep falling down and pecking on the Y key
[23:14] <Hypnoz> I guess you would need two, one for Y and one for Enter, slightly staggered of course
[23:14] <erichammond> Not sure who's building the EC2 images these days but had a suggestion for the manifest prefix which is currently: canonical-alphas-us/karmic-i386-alpha5.1.manifest.xml
[23:15] <erichammond> Please include (1) the word "ubuntu" so that folks can find it when they search for that keyword, and (2) the date that the image was built so that folks know how fresh it is.
[23:15] <ahasenack> mathiaz: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/227344 (which has a patch) is needed for ldap support in bind9
[23:16] <mathiaz> lamont: ^^? does it make sense to include the patch?
[23:16] <clusty> Hypnoz, not gonna work :D
[23:17] <clusty> puppet needs to install package remotely
[23:17] <erichammond> Ideally, all of these images would be using exactly the same format so that it is easy to scan down a sorted list and find the appropriate one.  Here's a proposed format: ubuntu-9.10-karmic-20090911-alpha5.1
[23:17] <lamont> mathiaz: I've been waiting for upstream to fix it
[23:18] <mathiaz> ahasenack: seems that poking upstream would get it included in debian/ubuntu
[23:18] <lamont> mathiaz: I suppose I could also push it upstream
[23:18] <ahasenack> mathiaz: the bug history shows that has not been working :)
[23:19] <lamont> ahasenack: upstream refusing to accept it is a reason for me to choose to not diverge from upstream
[23:19] <ahasenack> lamont: is dlz part of upstream? It's in contrib, no?
[23:19] <ahasenack> lamont: and did upstream actually refuse?
[23:19] <lamont> it's in the upstream tarball, in contrib - I didn't pull it from anywhere
[23:19] <lamont> dunno if I've even ever asked
[23:20] <lamont> my presumption being that dlz upstream was, you know, taking care of the code they'd gotten into the ISC distribution
[23:20] <lamont> but yeah, history would tend to indicate that the code is being ignored
[23:20] <ahasenack> lamont: I find it odd anyway. ./configure has an option to use it, but it's in contrib/
[23:21] <ahasenack> lamont: so, it is in the code, but at the same time isn't
[23:21] <lamont> contrib _is_ part of the code.  It's just explicitly not managed by ISC
[23:21] <ahasenack> let me check how the real upstream for dlz is
[23:22] <lamont> anyway, long week, runny nose, tired and almost thinking.  so... --> bed for now
[23:22]  * ahasenack downloads from sourceforge
[23:23] <ahasenack> lamont: fwiw, the *real* upstream didn't apply the patch either, that makes one wonder how well maintained this is