[01:05] Hi, I trying move my servers from fedora to ubuntu, and am looking for advice on setting up the disks, each machine has 2tb. [01:07] I have currently partioned as follows: 250mb /boot raid 1, 4gb swap raid 0, 40gb /tmp raid 0 nosuid, noexec, 200gb / raid 0, 1.2 tb /data [01:08] i'd like to use the /data as storage pool and was wondering if there is some way of sub-allocating it to /var and /home === orudie___ is now known as orudie [01:17] zzz2009: why no have 1.5 tb in raid0 and use lvm? [01:17] *not [01:20] jagged: as far as I can see LVM is not an option when etting up 9.04 [01:20] jagged etting = setting [01:20] it is [01:20] go into manual partitioning [01:20] jagged: doesn't show up in my setup [01:21] after you dedicate your boot and swap md devices, you should be able to create the last md and specify "LVM" for "Use as" [01:22] that will in turn give you another option for setting up your lvm [01:24] jagged: Of course he says hitting forhead on ground, forgot the use as LVM, back to drawing board [01:24] jagged: thanks [01:24] Anytime :D [01:25] quit [01:26] How does one exit IRc politly [01:27] #bye [01:28] /quit [01:28] /quit So long and thanks for all the fish! === dendro-afk is now known as dendrobates === dendrobates is now known as dendro-afk [02:13] I know that the linux gurus generally disapprove of GUIs on servers, however I would like to install a GUI at least until i hae fully configured this server. ? which GUI would the peole here recommend? === dendro-afk is now known as dendrobates === Jagged_ is now known as Jagged [02:56] !ops [02:56] Help! Channel emergency! infinity, soren, lamont, mathiaz or tom [02:56] Ban me [03:00] oh good. === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [03:14] smoser: ill upload your ec2-ami-tools patch tomorrow [04:47] how to cat a file and color a given word in the output ? [04:49] maxagaz: egrep --color=auto word afile [04:49] grep [04:52] jmarsden, egrep cuts my output [04:53] Sure it does. Oh, you want to see all lines of output? I guess you could use sed and put the escape sequences for color around the word that way? [04:53] jmarsden, good idea [05:03] bold=$(tput smso); nobold=$(tput rmso) ; sed -e "s/WORD/${bold}WORD${nobvold}/" filename [07:31] does someone know how to set the color of searched strings with the command less ? [07:40] maxagaz: It uses whatever your termcap entry does for smso (enter standout mode) I think... so you could create a custom termcap entry if you really had to :) Or if the term is a terminal emulator such as xterm or exvt you can probably do something appropriate in the .Xresources file to change what color standout mode is displayed as... [07:40] Seems weird to care that much.. as long as standout mode stands out, does it *really* matter what color it is? [07:42] less +/word filename # should highlight word in the file filename ... [07:42] maxagaz: ^^ [07:45] jmarsden, i wanted some customized colors [07:47] maxagaz: A little googling found: http://nion.modprobe.de/blog/archives/572-less-colors-for-man-pages.html [07:48] Which basically does it by setting the termcap entries in variables... should be workable for you? [07:54] jmarsden, that's exactly what i needed, thanks a lot! [07:54] No problem. [07:54] jmarsden, how did you google that ? [07:55] I searched for less colors and it was the first entry returned :) [07:56] jmarsden, ok, i tried "less color" it was in 3rd, i missed it ;) === dendrobates is now known as dendro-afk [08:58] How can I make the kernel modules stuff work? [08:58] /proc/modules doesn't exist [08:58] After running depmod, modprobe -l returns nothing [09:00] Bilge: Is your /proc filesystem mounted? What does mount -t proc output? === Axims_ is now known as Axims [09:11] jmarsden: good heavens, I never knew of that usage. [09:11] jmarsden: I always just cat or grep /proc/mounts (or mtab, if proc isn't available). [09:11] twb: Learn something new every day :) I sometimes do mount -t ext3 if I only care about "real" filesystems... in this instance it is the reverse... [09:13] I also don't trust /etc/mtab because on some of my systems where chroots are used heavily, it regularly lies. [09:13] dammit, security.ubuntu.com is stuck again [09:14] curse that samba bug :) [09:18] Seemed like a pretty severe bug [09:29] Hello! [09:30] i need to bridge eth0 and tap0 ...so i get br0: http://pastebin.com/da6f917 [09:31] is there a way to rename eth0 to peth0 and to keep eth0 as a bridge? [09:31] problem: if eth0 changes to br0 i need to adjust iptables, configs...all based on "eth0" [09:32] Fortunately you keep those under version control, so it is not difficult. [09:36] New bug: #440440 in samba (main) "On regular system update, samba asked what to do with different smb-conf files. I cliked the last option ("open ??? with external application"(?)) and it hanged up." [Undecided,New] https://launchpad.net/bugs/440440 [09:43] Hi all! [09:44] can some one help me with ubuntu server? [09:44] please? [09:48] New bug: #437014 in eucalyptus/1.6 "excessive number of CLC sockets to the backend cause the system to stop updating state" [High,Fix committed] https://launchpad.net/bugs/437014 [09:50] <_ruben> !ask [09:50] Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) === Visigoth_ is now known as Visigoth [09:57] jmarsden: sure it's mounted [09:57] _ruben: !anyone would've been more appropriate [09:59] jmarsden: proc on /proc type proc (rw,noexec,nosuid,nodev) [09:59] There's just no /modules [09:59] Come to think of it, I think my hosting provider builds a custom kernel [10:00] Bilge: I'm guessing at this point... Did you compile your own kernel without module support?? [10:00] Ah, did the provider do that? :) [10:00] I'm with OVH who may mod the distro [10:00] :( [10:00] So what are my options? [10:01] I'd ask them about it. If they really gave you a kernel with no module support, you can't load modules, period, running that kernel. [10:01] Can I not rebuild the kernel remotely [10:02] Sure, but if they did that they probably did other things... so there is little guarantee your new kernel will run in their (virtual hosting?) environment... [10:02] It's a dedicated server [10:03] OK. And do you have remote access to the console or serial port, or a way to do remote reboots? if so you can try installing the default Ubuntu server kernel and booting that, and see what happens... [10:03] I can do remote deboots [10:03] reboots [10:03] Only access to the server is via SSH though [10:04] There's a web interface to administer hard reboots to the hardware [10:04] Um... so how would you recover from an attempt to boot a bad kernel? I think you may be stuck... [10:04] I might order a new box and migrate to that [10:05] So that flagrant errors won't be a problem [10:05] Just so long as I know remote kernel deployment is possible [10:05] Oh sure, you can compile or install a new kernel and set up grub to use it and reboot. [10:05] drac for the win [10:06] or some other decent remote admin card [10:06] via what you can install op sys :) [10:10] jmarsden: OK I'm ordering a new box [10:10] How do I actually build the stock Ubuntu kernel [10:12] Easier to just apt-get install it, I would think. [10:14] Well sure, whatever works [10:14] I'm not looking to make things more difficult than they need to be [10:15] So just do that. [10:15] I am, however, looking for how to do it, because I really have no clue when it comes to kernel swapping [10:15] sudo apt-get install linux-image-server [10:15] It's no different from installing other packages... [10:16] New bug: #440457 in samba (main) "when updating to jaunty i couldn't j keep my current version of samba" [Undecided,New] https://launchpad.net/bugs/440457 [10:16] Then check /boot/grub/menu.lst to see which kernel will boot by default, and edit it if necessary. [10:17] No doubt, but I don't know how I'm supposed to find out the package name [10:18] It strikes me as being one of those things that you either know or you don't [10:19] apt-cache search linux-image [10:19] Same as for other packages too: dpkg -S /boot/vml* will display the name of the package that contains the file... sounds like you need to learm a lot more about apt and dpkg [10:19] or dpkg -l | grep linux-image ;) [10:20] atomic_1: As I said ... apt and dpkg :) In other words, this is package management, not anything super kernel-specific. [10:21] yeah, its easy as pie [10:21] Pie is more tasty :) [10:21] You're not actually telling me anything I didn't already know, there, but I still wouldn't know to server for linux-image or /boot/anything because I know nothing about the kernel or booting [10:21] funny behaviour though, regular apt-get upgrade does not upgrade to a newer kernel, its kept back [10:21] but once you do it manually [10:22] server = search [10:22] every other upgrade will include a newer kernel build, if there is one in the repo [10:24] Bilge: So, did it work? Have you rebooted yet? I need to go to bed, it is 2:24am here... [10:26] I thank you for your help, but you have no responsibility to assist further ;) [10:26] By which I mean, don't let me keep you [10:26] OK... do you need to backup a ton of data from one server to the new spare one first? [10:26] I don't know yet because the delivery of the box takes time [10:26] Few hours, but more than you can spare I'm sure [10:26] I will need to migrate a lot of settings [10:27] Ah, OK. Then yes, I should get some sleep. Goodnight all. [10:27] Thanks again [10:27] No problem. [10:27] I'm sure it will be fine [10:33] any default support for saving and restoring iptables? [10:36] <_ruben> iptables-save > /some/file ... iptables-restore < /some/file [10:37] is there nothing for /etc/init.d? [10:37] <_ruben> !ufw [10:37] Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist [10:37] <_ruben> ufw does have an init script [10:38] ufw did not play well on my first foray and I'd just as soon write my rules [10:39] g'morning, [10:39] fwbuilder corrupts display on my workstation, works at home sort of [10:40] i need nat to work and not much else [10:40] I've got 2 servers, 1 of them is dedicated for email and we'd like to use SMTPS/IMAPS - so we need an SSL cert, however - for what domain do I buy this for? The MX records setup for domains is 'mail.example.com' - however the hostname of the mail server is 'mercury.example.com', (mail.example.com is a CNAME to mercury.example.com) [10:41] +1 for iptables-save & iptables-restore [10:41] put it in rc.local and forget about it [10:41] <_ruben> tarvid: if you know how to write scripts for iptables, writing an additional init script would be peanuts [10:42] just surprised that this is overloooked in Ubuntu [10:42] fwbuilder adds a lot of stuff that i dont recognize in its scripts [10:42] and network-manager threatens to mess with iptables [10:42] <_ruben> AlexC_: with any ssl cert (https/imaps/smtps/etc) the name of cert must match the name the client is using to connect to that service [10:43] _ruben, so that would be mail.example.com correct? [10:43] * _ruben is glad there's no default handling of iptables on ubuntu [10:43] <_ruben> AlexC_: if that's what the clients will be using, yes [10:43] _ruben, cool, ok thanks [10:44] 1 more similar question, DKIM - the 'Domain' entry in /etc/dkim-filter.conf, should that be 'mail.example.com' as well? [10:44] instead of mercury. [10:47] could anyone perhaps explain the sandbox mode for do-release-upgrade? [10:49] <_ruben> AlexC_: been a while since i messed with DKIM, but i *think* the domain should be example.com [10:52] *sigh* crap. I'm getting a problem when trying do-release-upgrade. anyone encountered this before? [10:52] http://fpaste.org/k5cg/ [10:52] (googled it but can't seem to find anything useful) [10:54] <_ruben> !info network-manager [10:55] network-manager (source: network-manager): network management framework daemon. In component main, is optional. Version 0.7.1~rc4.1.cf199a964-0ubuntu2 (jaunty), package size 290 kB, installed size 2080 kB [10:55] <_ruben> oh crap .. tarvid already left [10:55] <_ruben> its a desktop thing [10:55] <_ruben> gamla_kossan: tried running apt-get update && apt-get dist-upgrade prior to it? [10:56] _ruben: wait, I want to do that? [10:56] I thought dist-upgrade was something that do-release-upgrade made obsolete =) [10:56] * gamla_kossan doesn't know htough [10:57] <_ruben> dist-upgrade is an old name, its no longer used to upgrade from one version to another, but to make your current version fully up to date [10:57] oh [10:57] what's the difference between it and upgrade then? [10:58] <_ruben> with aptitude they chose better names: upgrade => safe-upgrade and dist-upgrade => full-upgrade [10:58] <_ruben> upgrade doesnt install new packages (new dependencies for instance), dist-upgrade does [10:58] I see [10:58] oh [10:58] thanks a lot, this really clears some stuff up [10:58] * gamla_kossan is used to yum [10:58] muuu [10:59] for example kernel updates [10:59] muuu [10:59] ^_^ [10:59] gamla_kossan: Error: "_^" is not a valid command. [10:59] you only get them with dist-upgrade [10:59] right [10:59] apt-get moo [10:59] apt-moo [10:59] awesome. lunch then upgrade time :> [10:59] lunch! [10:59] -bash: apt-moo: command not found [11:00] oh, right. apt-get moo it is. [11:00] <_ruben> nice .. successfully updated my pxe install setup to include jaunty as well .. tho i should put some effort into creating a boot menu (now i have write out my selections on the boot: prompt) [11:01] <_ruben> aww .. they didnt even include 'moo' in the bash autocomplete ;) [11:09] hey all [11:10] how do i stop the nfs server from borking every time i do something wrong on a client [11:18] SockPants: define `wrong' [11:31] twb: i'm not sure, but for example trying to delete something without having permission [11:31] or deleting a very big file, even if i do have permission [11:31] after that it just keeps saying 'lockd is not responding' [11:38] SockPants: depends on what you mean, but mount it with the option soft instead of hard [11:38] could resolve it [12:40] uh ohh [12:40] this is not good [12:40] I can't boot properly [12:40] did a dist-upgrade, [12:40] now I get this: [12:40] [ 5.480000] devicemapper: table: 254:1: snapshot-origin: unknown target type [12:40] during boot [12:41] and a couple of other errors, then I'm dropped into a busybox [12:41] anyone have a clue what'sup here? [12:43] <_ruben> doesnt ring a bell here [12:44] <_ruben> might wanna ask in #ubuntu-kernel as well [12:50] morning [12:56] _ruben: think I know what it is - I'm missing the dm-snapshot module [12:56] so I guess I need to make a new initrd, right? [12:57] can I do that from a live-cd? [13:05] <_ruben> gamla_kossan: grub should show your previous kernel as well [13:05] oh fsck. the ubuntu live cd doesn't have mkinitrd [13:05] _ruben: yeah - I agree - but it doesn't :/ [13:06] <_ruben> odd [13:06] very [13:06] <_ruben> and you need update-initramfs [13:06] that one's available [13:09] sigh [13:18] can you use dd to replicate compact flash [13:18] <_ruben> kwork: wouldnt know why not :) [13:19] would it work if i first make disk image [13:19] and then write it to other device ? [13:19] i have only one card reader [13:19] but i need to replicate the data structure to other compact [13:22] kwork yes that works, i have doen it before [13:22] however i might suggest o&o disk image for future usage [13:22] o&o whats that ? === dendro-afk is now known as dendrobates [13:29] http://tinyurl.com/ydsgody [13:29] kwork http://tinyurl.com/ydsgody [13:30] lol [13:30] with what you made that video [13:32] bogeyd6, the problem is i have compact flash what has routers operating system on it just wondering will copyng it with dd to diskimage and from there to other compact [13:32] will it work [13:35] <_ruben> sure [13:36] lololol [13:37] yes it works [13:37] :P [13:42] i sure hope so [13:45] hi all.. [13:45] How I disable beep always I use key TAB to completation? [14:05] anyone using dhcpd encountered this in the logs: Abandoning IP address: x.y.z.w; Pinged before offer ? [14:05] atomic_1 the dhcp server is checking to see if the ip address is in use [14:06] Where can I find all the new features for 9.10 on the ubuntu website? [14:06] bogeyd6: i figured that out, but my clients never gets an IP address [14:06] this happens with a few of my clients [14:06] fbc-mx http://www.ubuntu.com/testing/karmic/beta [14:07] Is there a reservation setup atomic_1 [14:07] zul, you have any idea where you would send a patch to ec2-ami-tools ? [14:07] for certain clients, yes [14:07] smoser: not really let me poke around [14:08] all i could see was the forums [14:08] but not the addreses that i can see dhcp pings [14:08] atomic_1 What's most likely happening is that the DHCP server is assigning the [14:08] host an address, the host is verifying that the address is not in use, [14:08] and concluding that it is in use [14:09] atomic_1 Ping one of the addresses in the DHCP range that has not been assigned to any device (try it from each side of the bridge with a different IP address)and make sure you do not see any ARP relies in the ARP cache. [14:10] hmm, good idea [14:10] i should probably check my leases file too [14:10] duplicate lease will cause the same problem [14:10] i kind of messed with it on occasions when dhcp failed [14:10] plus you gotta make sure you configure your leases separately from the pool === dendrobates is now known as dendro-afk [14:11] reser* [14:12] thanks bogeyd6 === dendro-afk is now known as dendrobates [14:12] yw [14:12] running failover dhcp servers will give those problems ALOT [14:13] its only one instance here === genii_ is now known as genii [14:18] sometimes i also have troubles when i change a hostname here and there, because i use dynamic updates with bind [14:18] dhcpd does NOT like that [14:18] :) [14:28] very true atomic_1 but there is an interesting thing in a centos book about dhcp and dns [14:28] For Dynamic DNS to work, both the DHCP server and the DNS server need to be configured [14:28] correctly: they both need to allow the use of Dynamic DNS, and the DNS server [14:28] needs to “trust” the DHCP server. The latter is usually accomplished through the use of a [14:28] cryptographic key. === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [14:51] ttx: when you get a chance can you look at #420639? [14:51] bug 420639 [14:52] Launchpad bug 420639 in php5 "php-pear package problems (Karmic)" [High,Confirmed] https://launchpad.net/bugs/420639 [14:52] just the title doesn't make me want to touch it [14:57] ttx: heh...sometimes you dont have a choice [15:00] bogeyd6: i just read what you wrote, my services are configured correctly, rndc-key and everything [15:01] and it works, only 95% of the time [15:01] :) [15:02] kk === orudie_ is now known as petia [15:11] New bug: #440598 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/440598 [15:26] hi [15:26] how can I repair manually a mysql DB? === kees_ is now known as kees [16:01] hi guys and girls [16:02] looks like one of recent kernel uploads broke drbd [16:02] this is known upstream and there's a new version of drbd that works with 2.6.31 [16:02] but it's in rc3 state [16:03] so, i'd ask for sponsor on uploading new version of drbd, as soon as it gets released [16:03] is that possible? [16:03] is there just a patch for it? [16:04] i'll try isolating the patch, but imho we should move to new version [16:04] except the support for 2.6.31 [16:04] with this new version, upstream supports drbd+pacemaker integration [16:04] any other regressions if we go with rc3? [16:05] so, there are no new files, it's just that they support it now [16:05] i haven't found any [16:05] i've been testing it for couple last two days [16:05] s/couple// [16:05] ok well you know the FFE process, when it gets approved let me know and Ill sponsor it [16:05] sure [16:05] i'll ping you [16:07] k thanks [16:13] ivoks: is drbd still in the karmic kernel? [16:13] it's dkmsed [16:14] ivoks: is it one of the 2.6.31 API that broke drbd? [16:15] ivoks: the current version of drbd in karmic is 2:8.3.2-2 [16:15] basically, 8.3.2 drbd (which we have now) worked with 2.6.31rc1 [16:15] but it doesn't with 2.6.31 [16:15] http://git.drbd.org/?p=drbd-8.3.git;a=blob;f=ChangeLog;hb=HEAD [16:15] ivoks: ok [16:15] ivoks: debian has 2:8.3.2-3 [16:15] ivoks: and 2:8.3.3~rc3-1 in experimental [16:15] 8.3.3 is mostly fixes [16:16] yep [16:16] ivoks: if 8.3.3rc3 is mostly fixes, then a FFe is not needed [16:17] looking at the changelog, only added functionality is support for infiniband [16:17] ivoks: well - there are new features though: Support for Infiniband via SDP (sockets direct protocol) [16:17] since there was no support for that before, i don't expect regressions :D [16:17] ivoks: right [16:17] ivoks: Improvements on the crm-fence-peer Pacemaker integration ? [16:18] that was new in 8.3.2 [16:18] and it was unsupported [16:18] ivoks: well - it depends how SDP support was added [16:18] ivoks: it may break other parts of the code [16:18] 8.3.3 has upstream support for crm integration [16:18] and that's really cool [16:18] i know [16:18] i'll ask for FFE === ivoks_ is now known as ivoks [16:19] ivoks: do you plan to sync from experimental? [16:19] i'll take a look at the package [16:19] ivoks: 2:8.3.2-3 seems to have DKMS dropped [16:19] i used my own package [16:19] ivoks: 'Drop DKMS support for now, to get the package back into testing. [16:19] right, they removed dkms from drbd in testing [16:20] ivoks: is it back in experimental? [16:20] i have to take a look at it [16:20] i was a bit out of development these days [16:21] ivoks: ok - so it seems that we need to have at least 'Following Linux upstream changes 2.6.31' in karmic [16:21] ivoks: since drbd doesn't work for now in karmic [16:21] right [16:21] it would be much easier if we would rush for the latest kernel :) [16:21] ivoks: I'd have a look at the experimental package - if it supports dkms then as a sync [16:21] wouldn't [16:22] ivoks: then *ask* a sync [16:22] ivoks: with a FFe outlining the new features as well as the reason for syncing (2.6.31 broke drbd) [16:24] i'll be presenting pacemaker in ubuntu during oracle conference, here in croatia [16:25] ivoks: awesome! Do you plan to post the slides? [16:25] yes [16:26] but it will be in croatian [16:26] ivoks: well - put pictures in there [16:26] hehe [16:37] bbl === monteith is now known as monteith_afk [16:45] * zul stabs php [16:51] New bug: #440662 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/440662 [17:08] hey all, what is a good command to find out the ip address of all ssh traffic ? [17:09] skrite: I don't understand your question [17:11] well i am logged into another server and i don't want to stop the process, but i need to know the ip to log into that server again, different session [17:18] smoser: did you get a chance to try those akis? [17:18] jjohansen, i've not. other htan i booted a 32 bit with it. not done much testin gon it other than that. [17:19] smoser: okay, thanks. I am going to kick a few more instances again [17:20] so far for you they've been good ? [17:21] and how different are the configs "server" -> ec2, jj [17:21] jjohansen, [17:22] smoser: I saw one instance on 64 bit give cpu lockup errors, so it worries me [17:23] smoser: the configs are fairly close, I had to disable a few things like HIGHPTE to get them to run [17:24] smoser: there were a couple of other things I disabled too, would have to go back and check. It was 4 or 5 config options total === monteith_afk is now known as monteith [17:26] jjohansen, kexec [17:26] :) [17:26] smoser: hehe, no I didn't had that to these ones, but there just might be a need to revise the configs yet ;) [17:28] New bug: #440683 in samba (main) "Samba server upgrade crashed" [Undecided,New] https://launchpad.net/bugs/440683 [17:41] New bug: #440692 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/440692 [18:04] * zul perks up [18:04] ec2 configs? [18:08] kirkland: ive got a byobu plugin for rackspace cloud server cost (like ec2_cost) brewing, you're gonna love it [18:11] jbernard_: nice ;-) [18:27] New bug: #440725 in samba (main) "package samba-common 2:3.3.2-1ubuntu3.2 failed to install/upgrade: subprocess post-installation script returned error exit status 3" [Undecided,Won't fix] https://launchpad.net/bugs/440725 === jsalisbury_ is now known as jsalisbury === georg is now known as kwork [19:06] hm - interesting - shorewall got dropped to universe in karmic [19:07] zul: kirkland: ^^ [19:07] Licensing maybe [19:07] mathiaz: never heard of shorewall [19:07] firewall thing? [19:07] zul: yes [19:07] zul: it used to be in main [19:08] zul: dapper++ [19:08] I wonder why it would have been in Main? [19:08] kees: jdstrand: ^^ [19:08] kees: jdstrand: should shorewall be back in main - or is ufw enough? [19:08] mathiaz, hasnt been updated in 193 in weeks [19:08] ScottK: it's been in main since dapper [19:09] zul: karmic saw a package split [19:09] I just don't know why it would have been. Before ufw, Ubuntu didn't provide a default firewall [19:09] zul: http://packages.ubuntu.com/search?keywords=shorewall [19:12] ufw should be ok i dont see why it should be in main (shorewall) [19:18] what are the chances that when the cluster controller is being installed we can get the opportunity to set up dhcpd on the network that the ncs are connected to? Or at least a reminder to do so? [19:20] zul: does ufw support all of the shorewall features? [19:22] zul: shorewall is still in the supported-network-common seed [19:22] mathiaz: I'm fine with dropping shorewall. [19:22] mathiaz: i dunno i never ran shorewall [19:22] jdstrand: ^^^ [19:22] mathiaz: it was grandfathered in from before I did security work. :) [19:23] kees: you mean that it was move into main before you were doing ubuntu security work? [19:24] is there such a thing? ;) [19:24] mathiaz: correct [19:25] kees: ok - so I'll update the seed then [19:28] I'm here now [19:28] mathiaz: ufw does not support all of shorewall's features [19:28] jdstrand: ok [19:28] ufw is a fully featured *host*-based firewall, with the ability to add any kind of routing you want [19:29] shorewall has a steeper learning curve, but helps with routing/nat/etc [19:29] jdstrand: right [19:29] jdstrand: it supports gateways and zones [19:29] * jdstrand nods [19:29] jdstrand: it was in main since at least dapper [19:30] jdstrand: and is currently in universe in karmic because of a package name change in debian [19:30] ufw can do anything shorewall or netfilter can do via its framework (man ufw_framework), but it doesn't help a lot when you need the FORWARD chain [19:30] jdstrand: kees suggested to really drop shorewall from main [19:31] jdstrand: (it's still in the supported-network-common seed) [19:31] meaning, you need to know about iptables atm to doing useful things with the FORWARD chain (though, there are examples in the man page, etc) [19:31] tbh, it doesn't make a difference. I don't think shorewall has ever had a CVE against it [19:31] jdstrand: right - but you can't easily (as ufw should be) create a gateway system with multiple zones [19:32] jdstrand: which is quite usual when you deal with network gateways [19:33] ufw's target audience has been desktops, servers, and bastion hosts [19:33] a routing firewall has been out of scope until only very recently [19:34] jdstrand: how about keeping shorewall in main until ufw provides these features? [19:36] mathiaz: like I said. I don't care either way, but I will make this point: ufw is easy to getting started with immediately. its framework allows for doing any filtering/routing you want (with supporting documentation for common scenarios). I am not sure a newcomer to both ufw and shorewall would find shorewall easier overall [19:36] mathiaz: meaning, you have to learn all about how to use shorewall in the first place [19:36] * mathiaz nods [19:36] you could likely spend less time learning the couple things you need to get the routing going within ufw [19:37] jdstrand: and support for the FORWARD chain can be done in ufw as well? [19:37] that is not to disrespect shorewall in any way. I am a fan, and think it is very cool. it has a different target audience than ufw though [19:37] mathiaz: yes! (man ufw-framework) [19:38] mathiaz: you edit configuration files and add iptables style rules [19:38] mathiaz: it's the ufw cli command that doesn't have FORWARD support [19:38] jdstrand: right. [19:38] jdstrand: shorewall provides another layer of abstraction [19:38] which is why I say it doesn't help with FORWARD 'much' [19:39] jdstrand: considering that the target audience are *different*, I'd be inclined to keep shorewall in main [19:39] mathiaz: yes, but with ufw you can mix and match cli commands and hand edited rules [19:39] mathiaz: if it fell into universe because of a package name change, and the old package is still in the supported seed, it should probably just follow and stay in main. [19:39] mathiaz: that said, I do like the idea of dropping stuff from main. ;) [19:39] so you can have a host that does NAT and provide services. so use the ufw cli command for the services, and add your few NAT lines to the config file (all detailed, again, in ufw-framework) [19:39] kees: right - that's my current analysis of the reason why it fell in universe [19:40] but I'll say it again, with shorewall, I doubt it'll make any difference === jldugger is now known as pwnguin [19:40] kees: if things keep getting dropped from universe there will less reasons to grow the security team ;) [19:40] mathiaz: believe me, there is more than enough work to go around [19:40] :) [19:41] New bug: #440772 in samba (main) "Problems started occurring when i added 'mediubuntu' to the package sources list: package smbclient 2:3.3.2-1ubuntu3.1 failed to install/upgrade: short read in buffer_copy (backend dpkg-deb during `./usr/bin/rpcclient')" [Undecided,New] https://launchpad.net/bugs/440772 [19:41] mathiaz: in previous releases, I have been asked whether shorewall should be dropped from main. I have said 'no', do to the fact that ufw doesn't help much with routing in your firewall. that has not changed [19:41] s/do/due/ [19:42] jdstrand: ok - I'll update the seed then [19:42] jdstrand: and keep shorewall in main [19:42] that sounds fine [19:42] ufw will be growing routing support. I don't know for lucid, but soon [19:42] jdstrand: I still think it's a useful tool to configure a routing firewall/complex gateway (which is its target use cases) [19:43] jdstrand: kees: thanks for your input [19:43] mathiaz: I agree (like I said, it is a nice application) [20:02] New bug: #415799 in network-manager (main) "dhclient doesn't get any dhcpack" [Undecided,New] https://launchpad.net/bugs/415799 [20:16] FWIW: shorewall is quite easy to use as well as powerful after reading the (very fine!) manual; much easier than learn about "cryptic netfilter rules" (which is what you need for ufw ATM AFAIK), so +1 from me to keep it in main ;) [20:19] test [20:21] * _ruben is tempted to look into shorewall for his ipv6 firewalling needs, see if it might be a decent candidate for our inhouse-developed bash-bashed scripts [20:39] Hi, I'm looking for a kind of user logging system, which can help me create/give an overview of SSH loging and SFTP logings _without_ I have to look through raw logs? Know any? (It's for creating an overview of students activity on a school server) [20:44] jdstrand: ping have you seen this? http://pastebin.ubuntu.com/284064/ === dendrobates is now known as dendro-afk [20:58] heh, sucks for jeiworth [21:15] hey jcastro [21:15] hi adamsweet [21:15] hi, looking at the ec2 stuff, they refer to alpha6, should I concentrate on the beta now instead? [21:16] the instructions refer to alpha6, that is [21:18] adamsweet: yes please [21:19] jcastro: cool, thought I better check [21:19] adamsweet: I'll update the page [21:19] adamsweet: also, it seems that amazon devpay thing isn't working [21:19] so you'll probably end up with a bill of 2 dollars or something [21:19] but I am working to resolve that [21:19] jcastro, :) [21:19] bad timing :) [21:20] well they don't charge you until the end of the month [21:20] I should have it fixed by then. :D [21:20] no problem [21:20] wiki fixed, thanks! [21:43] hi again! got into a problem :P my friend has borrowed my dvd-reader and i need to reinstall ubuntu-server. so i thought that i could install from a usb stick.. but it dont work!! i have tried several methods that ive found on different forums. only desktop-ubuntu.. etc works but not server.. strange. [21:43] any ideas to get it work? [21:43] Break said friend's legs and retrieve property. [21:45] when i tried to boot from usb stick it only told me to insert a bootable disk and press enter.. [21:45] i selected my usb stick as bootup drive in bios [21:46] did you install to the usb stick correctly? [21:49] Orfeous, are you sure your BIOS supports booting from USB? I have machines which don't [21:50] Jagged, yes tried a program called unetbootinf and also followed guides on forums.. :) [21:50] Jagged, got the 1gb fat16 partition om my usb stick.. copied all files from iso to usb stick.. renamed isolinux to syslinux and isolinux.cfg to syslinux.cfg.. [21:51] adamsweet, the usb stick is selectable from bios under boot devices.. [21:51] Asus P5B Premium vista edition is motherboard. [21:52] also tried booting it from my htpc and it not worked.. :P [21:52] i now i have been trying XBMC LiveCD USB and that booted from my usb-stick [21:53] is the size on fat 16 partition important? i mean if its 1gb or if its likw 3gb? [21:53] i can give links to what guide i have followed [21:55] this is one guide: https://help.ubuntu.com/community/UbuntuServerFlashDriveInstaller [21:56] this is another guide: http://www.ubuntugeek.com/how-to-install-ubuntu-linux-from-usb-stick.html [21:59] Orfeous, do you have an existing Ubuntu machine? [22:01] adamsweet, yes i have [22:01] installed ubuntu-server 9.10 on it [22:02] no desktops? [22:02] no, just windows [22:03] but i got a dvd-drive on my laptop [22:03] and can boot up a livecd from that and make a bootable usb-stick from gnome [22:04] but i havent tried that [22:04] yes, try that [22:04] really dont know why it doesnt work [22:04] and why it doesnt work with ubuntu-server version :) [22:04] In the Gnome desktop, System > Administration > USB Startup Disk Creator [22:05] you'll need iso image on your laptop filesystem [22:05] otherwise, I have no idea how to help you :) [22:06] might be easier to go to your friends house and ask for your DVDd rive [22:06] i can try that tomorrow, but are there no other isos that i can boot from and use netinstall for ubuntu-server? [22:08] I don't think the iso image is your problem, rather your creation of bootable USB disks is, but I'm only guessing [22:22] New bug: #440918 in samba (main) "Did todays update, samba failed? can still browse mounted network shares" [Undecided,New] https://launchpad.net/bugs/440918 === nick125_ is now known as nick125 [22:27] hi everyone [22:27] after editing "/etc/udev/rules.d/70-persistent-net.rules" ubuntu server hangs on boot at "configuring network intefaces.." === Pici` is now known as Guest77758 [22:28] how should i skip this? [22:28] I think if you comment the lines out ubuntu will regenerate them [22:29] but how can i edit that file again? [22:30] i'm stuck there... [22:35] is someone there? [22:37] hi [22:38] could anyone tell me how i might figure out why 'netcat localhost 25' returns nothing? [22:39] Why did you expect it too? Default Ubuntu Server doesn't listen on port 25. [22:40] ok I didnt think i'd need to bust it all out.. [22:40] Im running postfix/squirrelmail/dovecot, etc [22:40] so yeah I assumed it would be ;p [22:40] Right, we we aren't mind readers. [22:41] I guess I'd look at postfix logs and see if it's complaining about anything first [22:41] sorry :( i guess nubs flow in here asking tarded questions and what not. my apologies [22:42] the only thing in mail.log, in a repeating fashion, is: [22:42] Oct 2 16:42:00 sputnik postfix/smtpd[8135]: fatal: bad numerical configuration: unknown_client_reject_code = 450-Unknown_Client [22:42] Oct 2 16:42:01 sputnik postfix/master[2846]: warning: process /usr/lib/postfix/smtpd pid 8135 exit status 1 [22:42] Oct 2 16:42:01 sputnik postfix/master[2846]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling [22:43] every 1 minute too.. [22:43] tried googling but crap you get so many conflicting ideas on what the culprit is [22:46] hmmm [22:50] are those entries possibly meaning that something is causing smtpd to term, which its restarting but being killed again in a loop? [22:53] ok so it appears my convo with scott has rendered any further help null here. So much for community. [22:56] Insults are always a good way to get help =\ [22:58] there's a typo on the Ubuntu Server Guide page that I bet was causing that problem allanon had [22:59] I didnt notice till after he left [23:08] Hello, I am going to be installing server edition for the first time. I'm not sure how to do that if I don't have a monitor to hook up to the machine though. Is it possible to ssh from a connected laptop or something to do the install? [23:08] I'm trying to use qemu on jaunty with the 'Virtaul Machine Manager' GUI app and when I try to start up the virtual network I get the error "Error starting network cannot create bridge 'vibr1' : Operation not permitted.. anyone know how to fix this? None of the stuff I found on google works === sgsax_ is now known as sgsax [23:26] Mike_lifeguard: No. [23:28] I suppose I will buy a monitor then :\ [23:28] Once it's set up you can do anything you need via SSH, but not the install [23:28] So perhaps you can just borrow a monitor from another machine. [23:29] I don't have access to hardware that's not a laptop. But I'll just find some cheap shit to use for a day while I get it set up, then dump it :) === erichammond1 is now known as erichammond [23:29] Thanks for your help. [23:35] i will give it a try tomorrow ;) [23:35] the install from usb stick thing :D [23:40] elmo: archive.ubuntu.com has been painfully slow the last couple days and sometimes times out on responses altogether. [23:40] you know I've noticed that too lately takes forever [23:41] This has prevented me from being able to create new Ubuntu images for EC2 using the latest kernel Amazon built to fix the big security bug. [23:43] what's the big bug I don't think I heard about it [23:46] bventura: http://developer.amazonwebservices.com/connect/thread.jspa?threadID=35410 [23:48] Until we have modern, updated kernels for EC2 from Canonical, folks using Ubuntu on EC2 depend on Amazon updating older (2.6.18, 2.6.21) kernels. It means we're not truly running complete "Ubuntu" but it works well enough to get the job done. [23:50] erichammond: I have some new kernels to test if you want [23:53] jjohansen: cool. I'm a bit backlogged right now, but like to keep notes on what's available so I know the development directions to take. [23:54] . [23:54] jjohansen: My first attempt to use a recent 2.6.31 kernel with my own Karmic build resulted in an AMI which didn't boot well. It's obviously my fault since Canonical's Alpha-6 works with it, but I haven't had the time to investigate further yet. [23:55] erichammond: want me to mail you the details, or just post them here === bytor4232 is now known as arthurjohnson