[00:04] I installed a ubuntu server into vmware. Everytime I power if up, I have to run sudo dhclient to make it get ip to work with my net. How to automatize it? [00:11] afeijo what vmware you used? [00:13] sorry, it is virtualbox 3 [00:13] I use vmware at office, I'm used to say vmware lol [00:14] lol i never couldnt make ubuntu-server work in vbox [00:14] pretty simple, no problem there. I installed ubuntu 9.04 x64 [00:15] so, can I add dhclient to init.d or something? === freeflyi1g is now known as freeflying [01:06] New bug: #452655 in thunderbird (main) "Mozilla Thunderbird Presents Gap in Subject - Thunderbird does not compact /t into a space" [Undecided,New] https://launchpad.net/bugs/452655 [01:30] New bug: #452665 in eucalyptus (main) "eucalyptus-cloud runs without any option set" [High,Triaged] https://launchpad.net/bugs/452665 [01:46] New bug: #452669 in php5 (main) "cacti" [Undecided,New] https://launchpad.net/bugs/452669 [03:09] Halo, has anyone known a way to avoid conflict between configuration interfaces file & network-manager? [03:11] Anyone here? [03:12] By purging network manager [03:12] you won't get much help with GUI tools here, try #ubuntu [03:12] qman__: NM is a daemon, not a GUI [03:13] IME NM is the single biggest cause of outages on Ubuntu systems, so I always make damn sure it is purged. [03:13] I only ever use it on desktops, because it's convenient for wireless [03:13] otherwise, it's gone [03:13] I would only ever CONSIDER using it on a roaming host (i.e. laptop) with wifi. [03:14] For my own machine, I use wpa-cli. For end users, I might consider wifi-radar as an alternative -- I haven't had a chance to investigate wifi-radar properly, but I hear good things about it (better than NM, anyway). [03:16] Incidentally, NM isn't installed by default if you use the ubuntu-server install media, which is what you should be using for servers. [03:16] Before, I have NW working properly. After I figure out interfaces configuration file then NW is not work but network still available :( [03:17] I see on Ubuntu's community document have notice conflict between them [03:20] tiger2wander: When you configure network by manually editing interfaces file, networkmanager sees it is previously configured and does not do anything with it. [03:21] This is the normal and proper behaviour [03:21] New bug: #452718 in bacula (universe) "Bacula cdrashed on install" [Undecided,New] https://launchpad.net/bugs/452718 [03:22] genii, Can I avoid this check from NW? [03:24] tiger2wander: As twb said, networkmanager is not the default for ubuntu-server installs and so not supported here. [03:26] genii, ah, ok thanks! [03:27] genii: well, stuff like postfix isn't installed by default either, so that metric isn't too accurate :-) [03:32] Difference between of Ubuntu Server & UEC are: UEC plus eucalyptus? any difference remain? [04:06] Neither reload nor force-reload causes udev to update /dev/by-uuid; RESTARTING udev does. [04:06] Is there a less brute-force way to update by-uuid? [04:08] people [04:09] how can i connect to mysql from WAN? [04:09] wizardslovak, you have to tell mysql to listen on an IP [04:09] by default it listens on a local unix socket [04:09] oo [04:10] can you point me how to do it? [04:13] it's in the main config, commented out [04:14] /etc/mysql/my.cnf, bind-address [04:15] ok it shows local adress [04:15] 127.0.0.1 [04:17] should i delete it and put my wan ip ? [04:19] put the IP to listen on, the one the local machine is using [04:20] wait you lost me [04:20] LAn ip or WAN ip [04:21] you can only listen on IP addresses assigned to the local machine [04:22] I don't know what your setup is like, you have to determine what that is [04:22] ok so server is on router [04:22] you set it to where you want to accept connections from, from the perspective of the machine running the service [04:24] also, if you're accepting connections over the internet, make sure you use strong passwords on all accounts [04:24] and keep in mind that mysql doesn't have encryption [04:24] so i can connect to it from other pc across the town [04:36] New bug: #452754 in eucalyptus (main) "eucalyptus link local address should be labeled" [Undecided,New] https://launchpad.net/bugs/452754 [04:39] im trying to write a sh file that will start apache2, is this correct sudo /etc/init.d/apache2 start [04:40] it keeps saying this when i try to run it sudo: ./start.sh: command not found [04:48] baffle: 'sudo invoke-rc.d apache2 start' is more correct. [04:48] bah, he left, nvm [04:49] chmod +x being his real problem of course... [05:10] Man am I getting sick of denial ... this is a valid bug... #451405 [05:30] damn [05:30] i am sick and tired [05:30] i cant config email server [05:33] wizardslovak: "The Book of Postfix" is rather good btw. [05:34] i got postfix:the definitive guide [05:34] by o'reilly [05:35] What is it you're trying to do anyway? [05:37] well i did setup email server [05:37] when i am sending email from outside i get it [05:37] but when i am trying to send it from here to outside i cant [05:38] whats the best book for dovecot? [05:45] I create an LVM snapshot and then fsck it before mounting, to avoid noise in dmesg. [05:45] Is fsck -a or fsck -y more appropriate? [05:46] The former seems to be "safer" as far as e2fsck is concerned, but fsck(8) makes me worry if I ever have this script deal with XFS or whatever... [06:53] How do I force a fsck of the root filesystem after a reboot? [06:53] Before upstart (graah!) there was an option to reboot(8) [06:54] IIRC it just touches a file in the root directory [06:55] twb: The reboot option doesn't work anymore? [06:55] twb: the file was /forcefsck [06:56] It doesn't exist anymore AFAICT [06:56] Thanks. [06:56] huh [06:56] I mentioned this to #upstart a while back, so maybe it is back post-LTS [06:56] I'm still on 8.04 [06:58] tonyyarusso: /forcefsck worked [07:06] New bug: #307167 in nis (main) "NIS with LTSP" [Low,Incomplete] https://launchpad.net/bugs/307167 [07:11] hello i am in need of help setting up an ftp through ssh [07:11] !ftp [07:11] FTP clients: Nautilus (Places -> Connect to server), gFTP, FileZilla (for !GNOME); Konqueror, Kasablanca, KFTPGrabber (for !KDE); FireFTP (for Firefox); ftp, lftp (for !cli) - See also !FTPd [07:14] Good morning [07:15] Deaglebear: sftp maybe? Do you need a client or how to configure it as a server? [07:15] well ok heres what im trying to do [07:15] i have a counterstrike server and 3 webservers on one machine [07:15] or will have [07:15] and i wanna do an ftp for each of those [07:16] so different people can log into each one but have different passwords and such [07:16] im halfway familiar with ubuntu but i get really confused when having to do everything through command line [07:19] Deaglebear: 'sudo apt-get install openssh-server' will install the ssh server, that comes with sftp capabilities. Then create accounts for different users... [07:19] ok [07:19] how do i specify [07:20] i mean i have that [07:20] like if i want user default to access only 1 folder [07:21] or can u point me in a direction of where to learn about how to do that [07:23] google [07:23] well ya duh ive tried doing that but i cant find any specific directions half of them require me to click on things and such [07:24] http://ubuntuforums.org/showthread.php?t=1002948 [07:25] first hit on my search [07:25] well what did u search for [07:25] ubuntu sftp setting user directories [07:27] heh [07:27] i dont follow? [07:28] search for setting up sftp on ubuntu, then use those instructions for restricting users to a single dir [07:28] thats what i tried to do [07:28] err [07:28] nm [07:29] i thought i just went through this but its all good [07:29] ill just wait until someone that knows what they r doing from my friends list can do it [07:29] ty anyway [07:41] how do i search for a folders location [07:43] Deaglebear, find -type c (please look at man find) [07:43] sorry itts -d [07:44] ty [08:17] i get a permission denied on accessing a folder how can i get around that [08:18] sudo [08:19] how can i sudo through an ftp thing [08:19] is there a way to lower permissions [08:19] chmod [08:19] and chown [08:21] well i think chmod messed up things [08:21] cause not it says no directery found [08:21] can i delete a folder? [08:25] Deaglebear: rmdir emtydirectory, rm directorywithstuff -rf, if its not found its not there [08:25] ty [08:27] Deaglebear: chmod a+rwx dir, gives allusers all right, use u for users, g for group [08:53] that's a nice paper on 9.10: http://searchenterpriselinux.techtarget.com/news/article/0,289142,sid39_gci1371418,00.html === StrangeCharm_ is now known as StrangeCharm [09:11] to what extent will a system with an ext3 driver be able to read and write to an ext4 volume? [09:20] StrangeCharm: not at all, afaik [09:20] if you lack the ext4 driver, you won't be able to mount the fs [09:21] gamla_kossan, there's no backwards compatibility at all, like ext3/2? [09:22] well - I really don't know to be honest. [09:24] StrangeCharm: You can, kind of. At least if we're to belive wikipedia :) http://en.wikipedia.org/wiki/Ext4#Features [09:26] andol, that makes it sound like turning on extents for the file-system will kill any backwards compatability. is that what you read too? [09:26] hey does anyone know smt like Cancerbero http://cancerbero.sourceforge.net/ <-- but whats still on active development [09:26] New bug: #383084 in autofs (main) "autofs doesn't start on boottime and "ghost" option is being ingnored on HP machines" [Low,Confirmed] https://launchpad.net/bugs/383084 [09:27] ugh [09:27] rot in hell, autofs [09:27] StrangeCharm: That's the way I read that article to. [09:27] * andol actually rather like autofs :) [09:32] well - this is odd. ubuntu machine. dovecot contains this: "protocols = imaps", but lsof -i -P shows pop3-logi and imap-logi services listening on 110, 143, 993 and 995. how odd. [09:32] * RoyK installs windows vista on gamla_kossan's box [09:32] anyone knows what might be goingoon? [09:32] RoyK: hehehe [09:33] andol: I'm sure autofs is great and all, it's just.. well.. the times I've had to deal with it it's been behaving in a way I don't understand. [09:33] fscking eavesdropping swedes [09:33] :) [09:33] so I guess it's more of a classic "I don't understand it therefore I don't like it" ignorance thing :/ [09:33] vel, du er svensk... :D [09:33] * gamla_kossan makes a note to study up on autofs [09:34] RoyK: thanks ;) [09:34] anyway - the dovecot thing. isn't that really really odd? [09:34] erm - what dovecot thing? [09:34] dovecot is quite odd, yes [09:34] wait, it's gotta be the wrong conf file [09:34] perhaps PEBKAC? [09:35] tahnks [09:35] :D [09:35] more like, I'm a rhel/centos kind of guy f [09:35] -f [09:35] ouch [09:35] yeah, wrong conf file. [09:35] (of course, multiple conf files, why not. great idea I'm sure ;) [09:36] hehe. [09:47] what do you guys use to scan your network for port open/close changes [09:48] nmap [09:49] gamla_kossan, changes, as of diff of scan from last time [09:49] so that i could monitor some network blocks, if some port open up there i could get alarm [09:50] I think I've read about some scripts that can do that [09:50] so far i have found cancerbero [09:50] but last realease is from 2008 [09:50] check out the nmap site, I think I might've read about it tehre [09:51] okey [09:51] kwork: nmap -sT 192.168.0.* [09:51] etc [09:51] man nmap [09:52] RoyK: still, that doesn't do what he wants - log changes [09:52] i dont want to reinvent the wheel with loads of bash scripts ontop of nmap [09:53] surely someone else has wanted something similar [09:53] kwork: yes - like I said, check out the nmap site =) [09:53] yepyep will do it [09:53] tnx for tip [09:54] =) np [09:54] kwork: -oN nmap-scan-$(date -I).log [09:54] jpds, that would mean to diff with by hand [09:54] diff it [09:54] Yep. [09:55] hand-diffing shouldn't be a problem [09:55] i would rather like something like cancerbero where i have web interface for overview [09:55] I have even written nagios plugins diffing [09:55] what's the easiest way to check what environment variables are set on bash' commandline? [09:55] env [09:55] mralphabet, export [09:55] kwork, I found this yesterday but not looked yet... http://www.unspecific.com/nmap/diff/ [09:56] bootsandall, tnx ill look into it [10:31] New bug: #452901 in asm2 (main) "Copyright doesn't mention INRIA + France Telecom" [Undecided,New] https://launchpad.net/bugs/452901 [10:56] New bug: #452919 in c3p0 (main) "Please enable testsuite during build" [Undecided,New] https://launchpad.net/bugs/452919 === diehaai is now known as thefish [11:21] New bug: #452949 in groovy (main) "Please run testsuite during build" [Undecided,New] https://launchpad.net/bugs/452949 [11:37] hey people. How can I change the default screen used by Ubuntu server edition for output? I have a laptop with a broken screen, so I want to modify the ubuntu server installation cd to use the external screen for output, instead of the laptop screen [11:37] I don't want to use a desktop cd for the installation because I want the ubuntu server edition installed on the laptop [12:05] SmokeyD1: simply plugging it in doesn't do the trick? [12:06] zoopster: allmost. Just figured it out. It is a powerbook with powerpc processor. It is not as straightforward there. You have to attach a usb keyboard and mouse to the machine, plugin an external monitor, powerup the powerbook and directly close the lid [12:07] if you close the lid quickly enough, the normal screen isn't used but the external one. From that point on you can use the external mouse and keyboard to start the powerbook the way I want (server install cd for instance) [12:08] SmokeyD1: rock on. [12:13] what would be the best/easiest virtualization software to install on a ubuntu-server and manage in command line? [12:14] CppIsWeird: virtualbox works for me [12:14] CppIsWeird: I don't think there's a 'best' solution, just like there are noe 'best' distros, editors, operating system, women, men etc [12:14] well, that much is a given [12:14] :P [12:15] but wbox works well [12:15] i was mostly looking for testimonials [12:15] or xen [12:15] or kvm [12:15] or anything, really [12:15] i have used virtual box on windows, you can use virtualbox fine through command line? [12:15] yes [12:15] even on windows [12:15] VBoxManage --help [12:15] :) [12:16] ok, cool. that will be where i will start out then. Thanks. :) [12:16] what's nice with vbox is that you can share clipboard [12:19] heh, theres already a new ubuntu release out. [12:19] they are fast [12:20] whee [12:20] hm. no... [12:20] 13 days to go [12:21] till? [12:21] oh, you mean 7.10 isnt out yet? [12:21] *9.10 [12:22] i just saw that they had a download for it on virtual box [12:24] how come when i ssh into my server i get the "you need updates" stuff, I've done apt-get update, and apt-get upgrade. [12:24] is there something else? [13:19] CppIsWeird: what is telling you "you need updates" [13:40] zul: i see only corosync_1.0.0-5build1 in archives [13:41] zul: https://edge.launchpad.net/ubuntu/+source/corosync [13:42] yeah what the hell am i on [13:42] crack :) [13:43] http://archive.ubuntu.com/ubuntu/pool/main/c/corosync/ [13:44] so....? :) [13:44] zul: take a coffe :) [13:45] meh [13:47] never mind [13:48] bbl [14:30] hello to all. i have a strange url calling problem with apache on the ubuntu server. for some reason it change and crop the calling url and i dont know why this happen at the moment. in the access log i have such lines here. "[16/Oct/2009:01:12:08 +0200]" "GET / HTTP/1.1" 200 2975 "http://linuxperia.ch.vu/index.php?page=about" as you can see the full url was croped to "GET /" [14:31] it should be however "GET /index.php?page=about" [14:31] why does this happen ? === erichammond1 is now known as erichammond === mrchrisadams_ is now known as mrchrisadams [15:58] kirkland, ping [15:58] yesterday you pointed me at a log of install UEC, you still have that? [15:58] err. i misplaced it. can you send again [16:01] found them, never mind [16:05] SmokeyD1: yo [16:05] smoser: [16:05] smoser: hello [16:05] hi. i got what i needed. [16:05] for anyone interested, last night represented completely untouched "automated publish to ec2" of nightly uec builds. from here on out, that should "just happen". [16:06] see http://uec-images.ubuntu.com/karmic/20091016/ [16:06] the published-ec2.txt file shows what got published. [16:07] Hi room [16:07] Does /var have to be fscked first or after / /home . I'm trying to make sense of the fstab format [16:07] one question for you kirkland [16:07] when the cluster controller asked for a group of IPs [16:07] what does it do with those ? [16:08] does it run its own dhcp server ? [16:09] smoser: are there major changes in the 1016 uec images over thr 1014 ones? [16:09] no. [16:09] actually nothing. [16:09] smoser: tyvm [16:09] there is only 2 outstanding issues with them that i'm aware of. [16:10] a.) mattiaz opened bug 451881 [16:11] Launchpad bug 451881 in ec2-init "ssh public key fingerprint not available on console in UEC environement" [High,Triaged] https://launchpad.net/bugs/451881 [16:11] b.) bug 428692 (ec2 only) [16:11] Launchpad bug 428692 in linux-ec2 "ec2 kernel needs CONFIG_BLK_DEV_LOOP=y and other config changes" [Medium,Triaged] https://launchpad.net/bugs/428692 [16:11] smoser: yes, exactly [16:11] so will its dhcp server interfeer with mine ? [16:11] smoser: it runs its own dhcp server, and serves those IPs out to the guests, as their "public" ip's [16:11] smoser: this is on of the rough edges, IMHO [16:12] smoser: you're not supposed to have another dhcp server on your network serving dynamic addresses [16:12] smoser: which is kind of a pain in my setup [16:12] smoser: and most home-setups [16:12] smoser: probably okay for real enterprise, though [16:12] i dont know that it is [16:13] kirkland, in almost all places you've got an existing dhcp server [16:13] installing a cloud controller does not indicate that you wish to install a new dhcp server [16:13] smoser: well, i agree with you, actually [16:14] smoser: euca says that you can have a dhcp server, but it can only serve up static addresses [16:14] smoser: but that's a PITA on my network [16:14] what does that mean? [16:14] my dhcp server can (and does) serve static IP addrs for known MACs [16:14] smoser: you can configure a dhcp server to always give out 192.168.1.21 to MAC address AA:BB:CC:DD:EE:FF [16:14] but i'm guessing that each new instance gets a dynamically generated MAC [16:15] smoser: in my setup, the subnet I am on does not have a dhcp server by design, so I had the dns admin reserve some public ip addresses, and I run a dhcpd3 server only on the private network [16:15] so if my dhcp server sees an un-known mac, it will hand it a new dynamic address. [16:15] kirkland: I've used MAC associated dhcp assignment in the past [16:16] my network is too flat. i'd need another router or something to do that. [16:16] kirkland: and I assumed I'd need to do it when I got a nice production setup past my small 1 front-end and 2 node system. [16:17] smoser: i really like the linksys 310n [16:17] smoser: I have the luxury of access to a university machine room and extra isolated switches laying around [16:17] smoser: however, only v1 (not v2) is compatible with ddwrt [16:17] smoser: you can get it from bestbuy, office depot, etc. [16:18] smoser: it's gigabit [16:18] hmm - I wonder if I used a router with a built-in dhcp server that might alleviate my need to run a dhcp server on my front end ... [16:18] gar.. [16:19] so i think i need to throw a little router in there and put my CC and node on a private network [16:19] is that what you all would suggest ? [16:20] smoser: I have 6 network interfaces in my CC, only using 2. One goes to the outside world, one to my private network with my nodes. [16:21] right. so the CC is providing the routing for stuff behind it. [16:21] smoser: correct [16:21] smoser: my CC is set up to be a router [16:21] yeah. [16:21] smoser: in my eucalyptus.conf I have 5 private IPs listed [16:22] heylo [16:22] smoser: when I start an instance, the CC allocates one of them to the instance as well as a private IP [16:22] "one of them" . you mean a public ip [16:23] smoser: yes [16:23] you have 5 public ips listed in eucalyptus.conf [16:23] smoser: yes [16:23] ok. (above you said private) [16:23] smoser: I'm sorry . I did. [16:23] smoser: brain flatulence [16:23] yeah [16:23] thats fine. [16:23] i'll allow it as long as you allow it for me sometimess [16:23] smoser: deal :) [16:26] is there a range of dynamic macs ? [16:26] maybe that i could tell the dhcp server to ignore === vxnick is now known as vxnick-AFK [16:34] where do I get the zlib php extention? [16:38] sorry, having lovely internet connectivity problems [16:41] aubre, do you know if there is a range of MACs that eucalyptus serves out ? [16:42] xen actually owns a range that it serves from [16:42] but i dont know if there is such a one for kvm [16:42] http://open.eucalyptus.com/wiki/EucalyptusNetworking_v1.5 just says "random" [16:44] New bug: #453129 in eucalyptus (main) "copyright file is incorrect, Eucalyptus is now licensed GPLv3" [Wishlist,Fix committed] https://launchpad.net/bugs/453129 === bc_ is now known as bc [16:51] well, if i'm reading vnetwork.c:instId2mac i think that MAC addr will start with "d0:0d" [16:52] kirkland, or aubre or anyone, can you confirm that your instance id mac's have that ? [16:52] smoser: that's funny [16:52] smoser: "dude" [16:56] smoser: d0:0d:43:20:07:c5 [16:57] kirkland, so, then if i'm also reading dnsmasq doc correctly [16:57] dhcp-host=d0:0d*,ignore [16:57] smoser: Good morning. Is the naming convention change for uec images final. Up to beta we had ubuntu-uec-karmic-$ARCH, daily image are karmic-uec-$ARCH. I need to know what to specify for documentation purposes [16:57] should allow you to have dnsmasq running and ignoring eucalyptus [16:58] nijaba, well, yes and no [16:58] :) [16:58] :P [16:59] yes its final, but it will change for released images. [16:59] I've created a developer group and added several developer users to that group. My user account's home has a "tools" folder that contains a couple of command line applications that I want other developers to be able to use. Where should I move these applications so that current and new users can use them? I'm guessing there is a proper location for such things. [16:59] ok, so dailies are karmic-* and releases are ubuntu-* ? [16:59] i think that as released images (cds) are usually named ubuntu-X.MN- [16:59] right [16:59] cool, thanks [17:00] smoser: mine also starts with that: d0:0d:38:8A:06:66 [17:01] good. then i can read. [17:11] smoser: sorry was afk, I do not know how eucalyptus assigns MACs, I assume they pick some similar to the way VMware does with NAT [17:12] its in that .c file i listed above [17:12] it prefixed with d0:0d , then based on the instance id [17:13] smoser: lol at d00d, but then there is walrus/bukkits, from I can has cheezburger [17:14] doesn't some organization assign the MAC address prefixes to various hardware manufacturers? [17:15] yeah. and they almost certainly dont'; have that [17:15] xen source has a range that are to be officially used for xen guests [17:15] i dont know if for some reason those are not allocated, but if the are not otherwise protected, a collision could occur (the d0:0d) [17:16] one thing that is slightly annoying is that when you reuse these IPs ssh gets all snotty about the keys not matching [17:16] smoser: are you tracking down bug 451881? [17:16] Launchpad bug 451881 in ec2-init "ssh public key fingerprint not available on console in UEC environement" [High,Triaged] https://launchpad.net/bugs/451881 [17:16] so I have to edit my .ssh/known_hosts file , or turn off strict checking [17:17] mathiaz, well somewhat. [17:17] installing my cloud so that i can get there. [17:17] smoser: ok - do you have enough hardware? [17:17] smoser: ie two machines? [17:17] interesting to see that because this morning when I rebooted after patching when I tried to ssh into my instances I got connection refused - however I could ping the ip [17:17] yeah. [17:21] hmmm, euca-authorize crashes when I try to authorize port 22. "Warning: failed to parse error message from AWS: :2:42: not well-formed (invalid token)" [17:22] is this known? [17:23] yet it is since yesterday [17:23] bug 452556 [17:23] Launchpad bug 452556 in eucalyptus "euca-authorize default failing" [Low,Confirmed] https://launchpad.net/bugs/452556 [17:27] kirkland, anyone know... "euca-describe-availability-zones verbose" is hanging [17:27] following http://testcases.qa.ubuntu.com/Install/ServerEConfig [17:27] ah. died with no route to host. [17:28] cause my server chnaged ips since install. [17:28] smoser: yeah, euca2ools are based on boto. if boto can't connect it will retry 5 times by default. Takes a while to time out. [17:29] so if i changed my IP of the server, any idea what i need to redo ? [17:29] i can hand edit eucarc, but figure thats likely stored elsewhere [17:29] nijaba: yes - try again [17:30] nijaba: it should work after *some* time [17:30] mathiaz: hmmm [17:30] mathiaz: that's what I have read in the bug, but is sucks [17:30] mathiaz: would a network trace help here? [17:31] nijaba: are you running the euca-* commands on the CC or from another host? [17:31] smoser:/etc/eucalyptus/eucalyptus.conf ? I know the nodes IP addresses are in there. [17:32] mathiaz: from another host [17:32] smoser: you could just edit eucarc to deal with the euca-* commands [17:32] mathiaz: and right now, no more error, just hanging [17:32] smoser: if you've changed the IP address of the server, you may have to reinstall all of eucalyptus [17:32] nijaba: right - just wait a bit [17:32] nijaba: like 2minutes [17:32] nijaba: you may get an output [17:33] nijaba: if not - CTRL-C and retry [17:33] sorry, error is back. [17:33] the first thing I do when after getting my credentials and putting them where i want them is edit eucarc [17:33] mathiaz, i changed the server, yes, i can verify that changing eucarc fixes things, but i'm afraid the IP may exist elsewhere [17:33] and change ec2 aliases to euca [17:33] smoser: yes - probably in the databas and the NC won't use the correct one [17:33] smoser: have you already registered nodes? [17:33] y [17:34] well, i just did 'discover nodes' (after the change) [17:34] smoser: and did you register nodes *before* changing the IP? [17:35] whew. after rebooting, for some reason , now I can get into my instances via ssh [17:35] i installed a node (from cd) but nothing more [17:35] HWaddr d0:0d [17:36] smoser: did you 'discover nodes' before changing the IP? [17:37] no, only after. [17:38] smoser: ok - may be it will work [17:38] smoser: try to start an instance [17:38] smoser: and watch /var/log/eucalyptus/nc.log on the NC [17:38] smoser: you'll see which IP it uses [17:42] smoser: i'm seeing that from time to time [17:42] http://pastebin.com/f1798a05d [17:42] smoser: we need to figure out how to trouble shoot that [17:42] maybe that is "you need reinstall" [17:42] smoser: nope [17:42] smoser: that means - try again [17:43] smoser: it may work after *some* time [17:43] smoser: and several retries [17:43] * smoser has warm fuzzies [17:43] I wish I had warm anything... it's getting cold here [17:45] $ euca-run-instances -k mykey $EMI -t c1.medium [17:45] FinishedVerify: Not enough resources: vm instances. [17:45] smoser: euca-describe-availability-zones verbose? [17:46] looks good [17:46] smoser: does your NC have enough ressource to run a c1.medium? [17:46] mathiaz, http://paste.ubuntu.com/294831/ is the output [17:47] smoser: free/max is set to 000/000 [17:47] smozer: you need numbers in the free/max [17:47] that node has 4G memory [17:47] smoser: means that the NC is not connected to the CC [17:47] smozer: as you connect more nc those numbers will go uo [17:47] shoot. [17:47] smoser up [17:47] IP is wrong in that output [17:47] where do I get the zlib php extention? [17:48] (its the old IP) [17:48] should i just cut loses and reisntall ? [17:48] smoser: http://paste.ubuntu.com/294832/ [17:48] smoser: yes probably [17:48] smoser: reinstall both the cluster and the node [17:48] smoser: are you using an iso install? [17:48] yeah. [17:49] smoser: also is there a dhcp server on the local network that hands out dynamc ips? [17:49] on a usb key [17:49] smoser: dynamic ips to unknown hosts? [17:49] there is. but hopefully it will ignore those starting with d0:0d [17:50] smoser: *hopefully* ? did you change a setting on the router? [17:50] Hi folks is this a good place to talk about Karmic UEC? [17:50] a great place, spydmobile [17:51] mathiaz, i changed a setting in dnsmasq.conf on the router, adding 'dhcp-host=d0:0d:*,ignore' [17:51] but haven't tested that. [17:51] smoser: oh nice :) [17:52] i'm not certain that the dnsmasq on my dd-wrt (an older build) has that option or not. [17:52] it seems to just ignore things if it doesn't [17:52] I don't seem to be having the best of luck configuring my server using the Server Guide. The Server Guide seems to be lacking in presenting the information in a logical order and providing links to relevant documentation for each task. [17:52] Super. I have setup UEC 3 times now from scratch and each and every time when I get to the step of connecting to my instance, It fails with no route to host. I followed this : http://fnords.wordpress.com/2009/10/04/run-your-own-uec-part-1/ and I tried this: http://testcases.qa.ubuntu.com/Install/ServerEConfig but to no avail. Can anyone advise? [17:52] mathiaz: I have added some info to bug #452556 coming from a traffic capture. Server is returning error 400. [17:52] Launchpad bug 452556 in eucalyptus "euca-authorize default failing" [Low,Confirmed] https://launchpad.net/bugs/452556 [17:52] anyway, now to go reinstall. [17:53] nijaba: hm... I don't know what the problem is then [17:53] nijaba: 400 - means a bad request from the client [17:53] I don't know if it matters, but the router I use for my private network is dumb as a box of rocks and not manageable at all [17:54] and it has worked for me so far [17:54] spydmobile: has your instance booted correclty? [17:54] mathiaz: the content of the answer is more interesting Error locating information for [17:54] [17:54] spydmobile: what does euca-get-console-output say? [17:55] nijaba: yeah - I don't know - it's an issue with eucalyptus [17:55] spydmobile: can you do a route -n ? [17:55] nijaba: try again [17:55] mathiaz: well, look at the bug, it's more readable. [17:55] mathiaz: yep, euca for sure. [17:55] spydmobile: and are you running a dhcpd server? [17:55] mathiaz: been trying for the past hour, no kidding [17:55] Additionally, it seems like much of the information as documented in the Server Guide does not work as described. Since each package has been tailored to fit the distribution, it's hard to know what supporting documentation should be used to understand how it has been configured out of the box. [17:56] mathiaz: this does not look like a low prio bug to me... [17:56] ?pastbin [17:56] ?pastebin [17:56] !pastebin [17:56] pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic [17:56] mathiaz: curious ... have you ever tried to run an instance as a user besides admin? [17:56] mathiaz: this is broken right now; tryign to figure out if this is a regression or not [17:56] mathiaz: ty [17:56] kirkland: me ? no - who would do that anyway ? [17:56] mathiaz: figures... [17:56] :-/ [17:57] fark [17:57] mathiaz: users when you go into production [17:57] mathiaz: this is release critical :-/ [17:57] kirkland: I am about to go to lunch, I can try when I get back [17:57] * kirkland knew he should have taken today off [17:57] aubre: oh, it's broken [17:57] mathiaz: re console: http://paste.ubuntu.com/294837/ [17:58] aubre: on the node or the cluster? [17:58] kirkland: well let me know if you need me to test it [17:58] spydmobile: do a route -n on the cluster [17:58] aubre: I am running whatever is in UEC server and Node and on my main network the dedicated public IPS are doled ourt by dhcp yes. [17:58] aubre: thanks [17:59] aubre: route -n: http://paste.ubuntu.com/294839/ [17:59] spydmobile: how do private IPs get assigned to your nodes? [18:00] aubre: I am assuming internally by the the EUC cluster host? [18:01] spydmobile: I was under the impression that if your private network did not have a dhpcd server you'd need to set up one to give IPs to your nodes, and that's what I did [18:01] spydmobile: for example, my private IPs are in the subnet 192.168.44.0 [18:02] spydmobile: that's how I ssh into them to update my ubuntu software [18:02] aubre: well my instances are getting private IPS and Public ones. I followed this to the letter. it does not mention setting up a DHCP server: http://testcases.qa.ubuntu.com/Install/ServerEConfig [18:04] smoser, hey ... you about? [18:05] aubre: I was attempting to use the tools provided with teh server install disk only, and avoid the full on build from scrath approach which would probably work. I was hoping to provide feedback to the Server maintainers about bugs in the UEC Setup. But it seems that Karmic does not even come with ubuntu-bug installed.... [18:05] here, apw [18:05] spydmobile: ignore what I said, I checked the most up to date docs and it appears the need for a separate dhcpd server is not recommended [18:05] smoser, apparently you are thinking about whether we need to change any ec2 params before release [18:05] wondering when we might no and whether we need to start asking for permission [18:05] apparently :) [18:05] I gotta go to lunch - I'll ponder things as I go === aubre is now known as aubre_afk [18:06] aubre: one thing I noticed, if I reboot the CC service, I can then ping the address and even SSH in but then it seems to be SSHing into the server itself, weird.... [18:06] New bug: #453177 in eucalyptus "ec2-describe-instances not working for non-admin credentials" [Undecided,New] https://launchpad.net/bugs/453177 [18:06] apw, i would like other peoples input on it to be honest. [18:06] right now, the 2 things i know are different are loopback is module (rather than Y), and there is no ext4 support [18:06] i consider no ext4 support fairly significant [18:07] no ext4 at all? [18:07] right 'is not set' [18:07] does the ec2 stuff get onto any CD's ? [18:07] no [18:08] so we may upset less people if we do need to ... but we really need to know yesterday [18:08] i would like for some more kernel-knowledgeable people to take al ook at the ec2 config anda see what other significnat things there are. [18:08] and i mean the real yesterday [18:08] yeah, i really wish i would have remembered that ext4 support was lacking === zul_ is now known as zul [18:09] because the loop back support is there, just have to load the module [18:10] apw, i would guess that neither of those 2 issues is release critical. just somewhat of a wart that ec2 can't do ext4 [18:11] so you saying we don't need to fix it before release then [18:13] i can be persuaded to say that, yeah [18:13] but only if someone promises me that they'll look at this later. [18:14] apw, [18:15] i am sure someone will be looking at it yes ... as i will be hitting them [18:16] i fully accept responsibility for not bringing this up a week ago or more. [18:16] and for not testing the kernels that jjohansen put out [18:16] it may be possible to fix, i would need to ask the release team [18:17] so i'd need someone here wanting it ... as its no use to me :) [18:17] i dont thin kwe need to push on it teribly hard. but i would like to shoot for updated kernel images post-release then with more ubuntu-like configs [18:18] ok ... we can definatly look to do that [18:19] the ext4 is a bigger issue, but its not like anyone is using ext4 on ec2 right now unless they've compiled their own modules for an existing kernel [18:20] in which case they can just as well do that here. [18:21] mathiaz: problem has now disappeared.... weird!! [18:26] https://help.ubuntu.com/community/UECInstall should now be all good. Comments welcome [18:28] One thing I keep running into that doesn't seem to be well documented is OpenSSL. So many different things need to use it, but I'm not sure what the best practices are. [18:29] For example, just about every package that uses it has different instructions for generating and storing keys. Surely I don't need a new ca for each package. [18:30] Is there a common location that my keys should be stored and shared with each package? [18:31] Are keys generated with easy-rsa equal to keys generated with openssl? [18:33] Where should I look for answers? [18:33] nijaba: I followed this procedure from scratch multiple times and still end up with no route to host when I try and SSH in to the running VM instance. Any thoughts? [18:34] It seems like way to important of a topic to be taken lightly, but I'm not sure how to learn more about it. [18:35] spydmobile: so the 'public' ip of your host should be one of the ip you specified in step 2.4.2, right? [18:35] spydmobile: s/host/instance/ [18:36] nijaba: yes [18:36] spydmobile: what happens when you ping this ip? [18:36] spydmobile: bad question, ICMP is not allowed :P [18:37] What's the ip you have and what is the ip of the machine you are trying to reach it from? [18:37] nijaba: when I try to SSH in I get: ssh: connect to host 216.108.146.16 port 22: No route to host [18:38] so 216.108.146.16 is a valid ip in your local subnet, right? [18:38] spydmobile: your are not using a private address range? [18:38] the IP I gave the system to use is .16 the IP of the cluster host is .87 my terminal on the lan is .68 [18:39] nijaba yes is valid and no not private [18:39] spydmobile: ok, sorry for checking the obvious... [18:39] no thats ok, I appreciate you bieng thourough.... [18:40] spydmobile: what's the output of euca-describe-instances ? [18:40] one odd behaviour to note, if I restart CC right now, I will then be able to ping .16 and even SSH in but it will actually be the cluster host, NOT the node or my instance..... [18:41] !pastebin [18:41] pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic [18:41] spydmobile: yes, that's normal. Only the cluster host should be visible from the outside, so it will route the info to your vms [18:41] nijaba: http://paste.ubuntu.com/294854/ [18:42] nijaba: ok.... [18:42] spydmobile: what's really weird in your output is that the supposedly private address is also in the public range (the second one). [18:43] spydmobile: did you set it manually or something like that? [18:43] nijaba: .64 is the public IP of the node host where the instance is running [18:43] nijaba: it was DHCP assigned to the node at boot time [18:44] spydmobile: hmmm... I would tend to think that's where your problem is coming from. This second address should be an internal address in the 172 range, AFAIK [18:45] nijaba: After 3 days of mucking about with cluster and nodes, I started from scratch and followed this: so simple an idiot could do it, but not me ;-) LOL https://help.ubuntu.com/community/UECInstall [18:45] spydmobile: well, we've been trying to make it as simple as possible [18:45] nijaba: wrong one sorry.... [18:45] spydmobile: and I'd really like to understand where it is failing you [18:46] http://testcases.qa.ubuntu.com/Install/ServerEConfig [18:46] spydmobile: which is where the UECInstall is taken from [18:47] spydmobile: so it should really work as well. [18:47] nijaba: Well It has to be about the IPs I agree becuase everything else is on the level, perhaps when I get back from lunch I will do a complete description of the hardware, and the environment, perhaps it is something to do with that...... [18:48] spydmobile: I think so, yes. maybe your network topology is what is confusing euca [18:48] for anyone interested, it seems that ssh console install and uec (cluster server at least) are incompatible [18:48] ok, I will begin work on it and postit to pastebin after my lunch, perhaps this will provide some insight into the issue.... [18:48] booted system doesn't have an IP addr or network interfaces. [18:49] spydmobile: possibly. I may not be around much longer though, as I am in Europe and it's getting a bit late [18:51] nijaba: Well appreciate any and all help you are providing, Aubre will be coming back i think, and might be able to help some more later. Thanks again! [18:51] spydmobile: good luck. And as I told you, I'd really like to get to the bottom of it too. [18:52] nijaba: thanks mate, will do! [18:52] spydmobile: so that we can document it for others [18:52] nijaba: exactly.... === jfluhmann_ is now known as jfluhmann [18:56] nijaba: are investigating bug 452556? [18:56] Launchpad bug 452556 in eucalyptus "euca-authorize default failing" [Low,Confirmed] https://launchpad.net/bugs/452556 [18:57] smoser: I take it this is on a system you have done a normal install previously, and your network was all fine? [18:57] yeah [18:57] mathiaz: are? [18:57] nijaba: are *you* [18:57] and then just did after as well [18:57] smoser: then I am sure cjwatson would "love" to hear about that... [18:58] spydmobile, my colleague nijaba tells me you may need help with UEC. Something network-related, I hear? [18:58] mathiaz: well, I have done my best and now the problem is gone... [18:58] nijaba: yop [18:58] EtienneG: spydmobile just went for lunch. [18:58] nijaba, no prob, he will get the scrollback when he is back [18:59] EtienneG: Yes, just leaving, I will connect with you in about an hour if thats ok? [18:59] Is there a document that will take a new person through a logical progression of steps for setting up a server that includes links to relevant documentation for each step? [18:59] spydmobile, no prob, I am around for another couple of hours [18:59] nick spydmobile_lunch [18:59] EtienneG: would you like me to send you the scrollback of our discussion? [18:59] EtienneG: K thanks..... [18:59] sure, in /query === spydmobile is now known as spydmobile_lunch [19:02] kirkland: you have a fix for bug 453177? [19:02] Launchpad bug 453177 in eucalyptus "ec2-* and euca-* not working for non-admin credentials" [Critical,In progress] https://launchpad.net/bugs/453177 [19:03] kirkland: is this the ecj dependency? [19:03] mathiaz: just committed [19:03] mathiaz: see r703 [19:05] kirkland: http://paste.ubuntu.com/294871/ [19:05] kirkland: why not just change the 'version' props? [19:06] New bug: #453335 in libvirt (main) "libvirt via virt-manager tries to write to a readonly ISO image" [Low,New] https://launchpad.net/bugs/453335 [19:06] mathiaz: 1) that's what nurmi gave me [19:07] mathiaz: 2) i think we're goign to revert that one [19:07] mathiaz: 2 --> acked from nurmi [19:07] kirkland: why revert? [19:07] mathiaz: we're dropping this change [19:08] mathiaz: because if it's going to be changed we need to change it in a *bunch* of places [19:08] mathiaz: and that's very risky right now [19:08] kirkland: right [19:08] mathiaz: besides, we don't really have "1.6", we have 1.6-plus_a_bunch_of_fixes [19:08] kirkland: I can see a lot of 1.6-devel in the jar file names as well [19:09] VousDeux: You may want to try "The official Ubuntu Server Book" from Kyle Rankin. Really well done [19:09] mathiaz: right, that's my argument [19:09] If I want to let a user sftp into a specific folder of my server, but do nothing else, what is the secure way to do this? use ChrootDirectory? [19:09] mathiaz: what's the proper way to uncommit and push? [19:09] mathiaz: can I do that? [19:09] Thank you nijaba. [19:09] mathiaz: every time i uncommit and push, i end up with a screwed up tree [19:09] VousDeux: np [19:10] kirkland: why uncommit? [19:10] if I want to set up a public web/mail server, should I be using ubuntu 8.10 or 9.04? I'm not sure I understand the implications of using one or the other, and why ubuntu.com offers both for download? [19:10] mathiaz: i'd like to just drop that commit [19:10] kirkland: just revert the change and push a new revision? [19:11] okay [19:11] kirkland: you won't be judge on your commit history ;) [19:11] bventura: 8.04 is an LTS, 9.04 is the latest released version. [19:11] but what does that mean exactly? [19:12] bventura: www.ubuntu.com/server well tell you all about that [19:13] bventura: this page in particular: http://www.ubuntu.com/products/whatisubuntu/serveredition/benefits/lifecycle [19:13] cool ninja I'll read up thx for the links [19:14] bventura: however, a lot of nice work has been put in 9.04 to simplify the setup of mail+clamav+spamassin, so if you don't mind upgrading more often, I would pick 9.04 as a start. This is what I am currently using for my mail server, and am very happy with it. [19:15] * nijaba calls it a day... l8ter all [19:15] cya [19:28] man opie [19:28] Meh [19:29] * jmedina also preferes 9.04 for production mailservers [19:29] I want to set up an email server on my development machine but I don't want it to send the email. Is the a package I can install that logs the emails? [19:30] ? [19:30] kirkland, just checking ... is the eucalyptus installer integration on the beta CD the latest, or should I use a daily iso instead? [19:31] EtienneG: *definitely* use a daily [19:31] EtienneG: it still sucked at beta [19:32] ok then! [19:32] kirkland, [19:34] hi how do i sync time between servers with ntp..? [19:35] ruben the automatic way or just one shot? [19:35] ruben23: it is on official documentation: https://help.ubuntu.com/8.04/serverguide/C/NTP.html [19:36] both ways, on demand and automatic [19:36] do i just have to set the timezone same for both servers..? [19:36] of course you have to set the specific time some for each server [19:36] the quick and dirty "/usr/sbin/ntpdate -s us.pool.ntp.org"\ [19:36] i already installed both ntp on two servers, got same day and date but hte time is diferent [19:37] !timezone [19:37] Sorry, I don't know anything about timezone [19:37] !@%! [19:37] dpkg-reconfigure tzdata [19:38] ruben23: are you running some kind of virtual machine? [19:38] whoowhoo. cloud is up and running. [19:38] ) jmedina: yes both server are on vmware [19:38] that is your problem :) [19:38] ask vmware for support :) [19:38] ruben23 for automatic put in crontab for 10 * * * * /usr/sbin/ntpdate -s us.pool.ntp.org [19:39] jmedina:..why..? [19:39] ruben23 one shot is /usr/sbin/ntpdate -s us.pool.ntp.org [19:39] ruben23 change timezone with dpkg-reconfigure tzdata [19:39] probably a problem with kernel cock source [19:39] jmedina stop giving bad advice [19:40] it happens with other virtualization implementations [19:40] bogeyd6: if i do this /usr/sbin/ntpdate -s us.pool.ntp.org, im not in the US im in asia, is it ok..? [19:40] with virtualbox, xen [19:40] In vmware there is a problem with the hardware clock screwing up the clock in the operating system. [19:40] ruben23 just a sec [19:41] ruben23 dpkg-reconfigure tzdata [19:41] erpo [19:41] bogeyd6: I think keeping time with ntpdate and cron is only a workaround [19:41] ruben asia.pool.ntp.org [19:42] bogeyd6: this will do the philippine country right..? [19:42] ruben it will grab the current time, and convert to the timezone on the machine [19:43] bogeyd6: thanks [19:43] jmedina he should be updating his clock every hour anyways with a time server. [19:44] bogeyd6: thats correct, sorry probably I was bad influenced by TIA time agains ntp and utc [19:45] dovecto will die if your os time is 200 secs back [19:45] so yesterday I was looking for another solution based on TIA time [19:46] tia time [19:46] i am unfamiliar [19:46] even when ntp keep time with drift file, if you have network connections time will go back or something [19:46] http://wiki.dovecot.org/TimeMovedBackwards [19:47] I found that problem with one mail server yesterday [19:47] I was mean network connection problems [19:47] lemme have a look see [19:48] check that document: http://cr.yp.to/proto/utctai.html [19:48] I dunno if I agree with the ntpdate vs ntpd [19:50] it was TAI (International Atomic Time) [19:50] I am running Ubuntu Server 9.04 inside a virtual machine (Hyper-V). I set it up to be an FTP server using VSFTPD. I create users with the "sudo adduser " command. The issue is that if I create a user, they can log in via FTP fine. They can only write / read / create directories in their home folder, but via the CD command, they can traverse and list contents of other directories. How do I set it up so they have no ability to traverse [19:50] other directories and list their contents? [19:51] Ledif-Nieht: you need to chroot your ftp users [19:51] there is a option for vsftpd which I dont remember [19:51] jmedina: Thank you, could you provide a little more guidance on how to do that? [19:51] it is on the man page [19:51] it is just a line, look for chroot [19:51] The LDAP documentation, in the Server Guide, seems to be written with the assumption that slapd is configured to use a global config database, but that's not how it installed. How can I convert slapd to use the new global config format? [19:52] or jail Im not sure [19:52] VousDeux http://www.cyberciti.biz/tips/vsftp-chroot-users-limit-to-only-their-home-directory.html [19:52] shoot. [19:52] mathiaz, [19:52] $ wget "http://169.254.169.254" [19:52] --2009-10-16 18:52:09-- http://169.254.169.254/ [19:52] Connecting to 169.254.169.254:80... connected. [19:52] HTTP request sent, awaiting response... 500 Internal Server Error [19:52] 2009-10-16 18:52:09 ERROR 500: Internal Server Error. [19:52] pastebin plz [19:52] any idea? [19:52] jmedina: Thanks for the tip. [19:52] bogeyd6: Thanks for the link. [19:52] smoser: hmmm [19:52] or kirkland . that above is inside a guest uec instance [19:52] chroot_local_user=YES [19:52] VousDeux basically you edit vsftpd.conf and add the line chroot_local_user=YES [19:52] smoser: do you have 169.254.169.254 setup correclty on your CC? [19:53] smoser: what does ifconfig on the CC show? [19:53] !pastebin [19:53] pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic [19:53] jmedina & bogeyd6: Thank you very much, that answers my question exactly. [19:53] VousDeux: that's how slapd is configured in recent ubuntu versions right after installation: to use cn=config [19:53] smoser: hm - wait - Error 500 [19:53] Does it have to be compiled with global config support, or can I just import some ldif or something? [19:53] i get a response [19:53] smoser: that means the CC has the correct IP [19:53] (and ping responds... there *is* a 169.253.169.254) [19:54] cn=config does not appear to exist. Instead it seems to still be usig slapd.conf. [19:54] VousDeux: which slapd versin? [19:54] smoser: not sure ... i'll yield to mathiaz at the moment, as i'm tackling something else [19:54] and what ubuntu version? [19:54] jmedina: how can I look at the version? [19:55] 9.04 he said [19:55] smoser: hm don't really know [19:55] I'd look at the log files on the CC [19:55] VousDeux cat /etc/issue [19:55] smoser: in /var/log/eucalyptus/ [19:55] All I know is it is what was installed when I typed aptitude install slapd [19:56] VousDeux: are you using hardy (8.04)? [19:56] Ubuntu 8.04.3 LTS \n \l [19:56] VousDeux: right - slapd is still using slapd.conf in hardy [19:56] I thought you were asking about the version of slapd. [19:56] But the Server Guide for 8.0.4 seems to assume that the global config is being used. [19:57] smoser: try to hop on #eucalyptus and ask there === aubre_afk is now known as aubre [19:57] VousDeux: which url are you using for the server guide? [19:57] https://help.ubuntu.com/8.04/serverguide/C/index.html [19:57] jmedina & bogeyd6: Thanks again, after adding that line and restarting the server it works exactly as I wanted. Cheers! [19:58] err [19:58] services, not server. =] [19:58] When I click on the LDAP document it has me trying to execute commands that do not work because global config is not configured. [20:00] Oh wait....I somehow ended up looking at a document for 8.10...not sure how that happened. [20:01] Is changing to global config something I should be able to do fairly easily, or would it require a complete recompile of openldap? [20:03] I'm trying to integrate and migrate from Active Directory. I had 9.04 at first, but someone told me I should be using 8.04 because of LTS. It seems like 9.04 was more Active Directory friendly. [20:07] New bug: #334474 in quota (main) "Disk quotas do not work in ext4" [Undecided,Fix released] https://launchpad.net/bugs/334474 [20:07] Dangit...I just discovered that I had a Samba doc open for 8.10 too...no wonder things didn't add up. I have no idea how I got from the 8.04 index to the 8.10 document. [20:07] ...probably from mingling my effort to learn with Google. === spydmobile_lunch is now known as spydmobile [20:09] EtienneG: You still around? [20:09] I think I really need to use the global config format because the 8.04 documentation doesn't even tell how to go about extending the schema, and the OpenLDAP documentation only talks about global config. [20:09] Well, in the printed out docs I have from not long ago under Prerequisites it said "The default Eucalyptus configuration assumes that there is a DHCP server in your environment" , and before lunch it said "The default Eucalyptus configuration assumes that there is not a DHCP server in your environment" , and now there is no mention of it, so I am going to statically assign IPs to my node controllers , get rid of dhcpd and se [20:09] Do I have to use 9.04 if I want global config? [20:11] spydmobile, there I am, I think I know what your problem is [20:11] bsically, the instances private net overlap with your "public" IP range [20:11] hence it cannot work [20:12] EtienneG: Lol - Wow, I came to that conclusion when I noticed that the Private IP was from public pool handed out by DHCP. So, what do we do to the setup guide to avoid this? [20:12] spydmobile, you will have to edit /etc/eucalyptus/eucalyptus, and change VNET_SUBNET to a subnet that is not used on your network (ie, 172.16.0.0/16 or somesuch) [20:12] EtienneG: ok BRB [20:12] spydmobile, ok then, that is another problem then ... :) [20:13] spydmobile, I presume the DHCP on your network answered the instance query faster than the CC, and that the instances got an IP from it instead [20:13] EtienneG: probably [20:14] spydmobile, we just stumbled upon that recently, it is an architectural problem [20:14] EtienneG: If you meant eucalyptus.conf then it already is: see here: http://paste.ubuntu.com/294911/ [20:14] that sounds right! [20:14] spydmobile, you will not like that answer :) the solution is to have a private net between the cc and the nc [20:14] EtienneG: this is why in Managed-NOVLAN mode there should not be any dhcp server serving dynamic ips running on the network [20:14] my windows DHCP is doing it faster than internal CC! [20:15] the nc can still be on your "regular" network, but you would need to use a different one for the cc-nc traffic [20:15] EtienneG: sorry you lost me. my CC= my NC [20:15] spydmobile, here in our lab, eth0 on the nc is on the office network, and eth1 is on a separate private net [20:15] I don't have a problem with not using dhcp for the ncs themselves, because we have to register them by ip anyway [20:16] EtienneG: Doesnt it? [20:16] I don't know what to do, there don't seem to be any instructions to help me do what I need to do on 8.04, and the instructions ofr 9.04 don't seem to work. [20:16] spydmobile, you run all three services on a single machine? [20:16] I mean, the *two* services [20:16] EtienneG: server runs the Cluster install, and two others run the node installs [20:16] spydmobile, ok, that sounds good [20:17] mathiaz, kirkland: if I am not mistaken, the installer create the bridge device on the nc using the default interface. Right? [20:17] EtienneG: yes [20:17] I'm afraid that if I convert 8.04 from slapd.conf to slapd.d it will get broken by the updater or something. [20:17] (cjwatson will hate me now) [20:17] mathiaz: That problem I had where the cc.log was telling me I needed to run the interface as a bridge, maybe that was because of my dhcpd confusion? maybe I can change it back and then me able to use sc? [20:18] aubre: you don't need a bridge on the CC [20:18] aubre: you only need a bridge on the NC [20:18] mathiaz, I think we will have to ask cjwatson to rethink the nc installer bit [20:18] mathiaz, I know that, yes [20:18] EtienneG: in my case node install uses br0 and creating an instance makes vnet0 and virbr0 [20:18] aubre: so that the VMs started on the NC (ie instances) can get the IP assigned by the CC from the dhcp server running on the CC [20:18] mathiaz: that's what I thought, but I kept getting a message in the cc.log telling me my private interface needed to be a bridge for MANAGED-NOVLAN [20:19] aubre: oh well - may be the cc.log is wrong [20:19] mathiaz: on my CC [20:19] aubre: does your UEC setup work? [20:19] spydmobile, vnet0 and virbr0 are kvm/libvirt stuff ... it is all good, and not relevant to us atm [20:19] mathiaz: yes, all but SC [20:19] EtienneG: why? [20:19] aubre: you mean that EBS is not working? [20:19] aubre: yes [20:19] mathiaz: yes [20:20] mathiaz: I am setting up my NCs with static IPs [20:20] aubre: ok - file a bug then [20:20] mathiaz: then I am going to stop running dhcp3-server on my CC [20:20] aubre: that shouldn't really matter [20:20] mathiaz: ok [20:20] EtienneG: k Srry. I guess I need to know if what I am attempting is even possible at this point. to have a server running all the time and have unsed machines dual boot into becoming cloud resources on the normal lan.... [20:21] aubre: ther dhcp3 server on the CC is responsible for handing out IP to guests (instances) [20:21] I can only assume that to extend the schema for slapd.conf I just add the includes to that file. It doesn't seem to be documented anywhere I look. [20:21] mathiaz, The bridge device is created on the default interface, which (we assume) is on the "production" network. To get MANAGED-NOVLAN mode to behave, the CC-NC network need to be on a private network (weel, one that does not have a DHCP server, to be more precise). As such, using the "default" interface in the bridge device is not quite the right thing to do ... [20:21] spydmobile, sure, should be doable, hold on a min [20:21] EtienneG: right - I had to update the configuration [20:21] EtienneG: in eucalyptus.conf [20:21] mathiaz, hu oh! [20:22] EtienneG: there are two differents variables PRIVATE and PUBLIC [20:22] EtienneG: (something like that) [20:22] EtienneG: they default to eth0 [20:22] EtienneG: which is not what you wanna have for your setup [20:22] mathiaz, I can envision cjwatson's face getting prograssively more red as he read that conversation ... :D [20:22] mathiaz: I don't have to run dhcpd on my instances, eucalyptus does that for me right? [20:22] mathiaz: I mean to get IPs to my instances [20:23] aubre: nope - there is a dhcp server running on the CC [20:23] I guess I'm not even sure that the slapd.conf is even capable of supporting Samba authentication. [20:23] aubre: it will hand out private IPs to the instances [20:23] mathiaz: sweet - let me fix things up and see what happens [20:23] aubre: (as they will be connected to the LAN via the bridge on the NC) [20:24] VousDeux: you wanna use samba if you wanna support windows clients [20:24] That's right. [20:24] VousDeux: slapd alone won't be able to authenticate windows clients [20:25] mathiaz, so, in MANAGED-NOVLAN mode, VNET_PRIVINTERFACE really should be on a, erm, private network. However, we cannot really assume the machine on which the node is being installed has to interface, one of which is connected to a private network segment [20:25] I understand, that's why I need to extend the schema. [20:26] mathiaz, as such, I presume the installer (both cc and nc) should prompt for which network interface is to be used for intra-cluster communication (and, possibly, not prompt at all if there is a single interface) [20:26] that is getting hairy [20:26] When I was trying to do it on 9.04, there were clear instructions for doing exactly that, but when I ran into problems someone told me that I should be using 8.04 instead. Now that I have 8.04 I can't seem to find any supporting documentation for what I am trying to accomplish. [20:26] EtienneG: yes - it's hair [20:27] EtienneG: y [20:27] EtienneG: and some Lucid work [20:27] mathiaz, I like that answer ... :D [20:27] EtienneG: even if you setup the PRIVATE interface correclty, you'll notice that the NC is still using the public IP to download the images [20:27] When I was trying to use 9.04 I got stuck on the smbldap-populate command. [20:28] EtienneG: so I'm not sure eucalyptus supports multiple interfaces [20:28] mathiaz, yes it does, that's how I had it configured [20:29] Does anyone know if it is even possible to authenticate Samba to LDAP on 8.04? [20:30] EtienneG: and did you check it was using the correct IPs? [20:30] mathiaz, on 1.5, yes [20:30] EtienneG: what I saw was that it was using 10.X IP to connect to walrus [20:30] EtienneG: rather than the private IPs [20:30] mathiaz, which is good ... S3 needs to be globally accessible [20:30] hence a global IP [20:30] VousDeux: it's possible - I'm not sure it's covered by the server guide though [20:31] EtienneG: S3 yes - walrus as well? [20:31] Walrus == S3 [20:31] It doesn't seem to be covered in the Server Guide for 8.04, but it was covered for 9.04 until I bumped into the smbldap-populate command problem. [20:31] EtienneG: well - S3 is amazon, walrus is eucalyptus [20:32] EtienneG: but I guess you wanna access walrus from the outside when you bundle a new image [20:32] EtienneG: so it probably makes sense the use the public ip [20:32] And the current OpenLDAP documentation seems to be geared toward slapd.d instead of slapd.conf...so I'm not sure where to find the help I need. [20:34] mathiaz, exactly [20:34] so, spydmobile! [20:34] spydmobile, you have a couple options, depending on what you want to achieve [20:34] EtienneG: Ok... [20:35] spydmobile, first question: do you need network isolation for the instances? (ie, does running instances needs to be isolated from one eachh other) [20:36] EtienneG: I dont have any real requirement except to be able to set this up and make it work and understand what I did, so no in principle I do not, secondly, most of the VMs will need to work together, so it is the opposite if I get what I want... [20:36] New bug: #301508 in ntp (main) "Wish: add "-u" option to /etc/default/ntpdate" [Undecided,Incomplete] https://launchpad.net/bugs/301508 [20:36] spydmobile, I suggest you use SYSTEM networking mode then [20:37] I think I am going to have to go back to using 9.04 because that is what all of the documentation I can find was written for. [20:37] EtienneG: ok, does tha mean a reinstal or a reconfig.... I can do both [20:37] spydmobile, comment all the VNET_* directive in eucalyptus.conf, except for VNET_MODE="SYSTEM" [20:38] spydmobile, on the nc, you will need VNET_BRIDGE="br0", but you already have that anyway [20:38] There has got to be a way I can find an answer to the problem I was having with smbldap-populate. [20:38] spydmobile, reboot all machines (or start/stop all euclayptus services), and you should be done [20:38] spydmobile, from there on, the cc will not be filtering network connection of the instances anymore [20:39] ok, done, rebooting BRB [20:39] spydmobile, the instances will come up, and grab an IP on the network using DHCP [20:39] they will get whatever IP the DHCP server on your network serve, and be done with it [20:39] ok, should I reboot each node too? [20:40] EtienneG: ok, should I reboot each node too? [20:40] spydmobile, yes [20:40] spydmobile, restarting the eucalyptus-nc service would have been enough, but you can go ahead and reboot [20:41] Now I wish I had just left 9.04 installed and created a new VM for 8.04...oh well...spilled milk now. [20:42] doh [20:43] mathiaz: got rid of the bridge, now I get [Fri Oct 16 14:42:39 2009][001687][EUCAWARN ] in MANAGED-NOVLAN mode, priv interface 'eth1' must be a bridge, tunneling disabled [20:47] aubre, mathiaz is out for lunch. I have not followed your conversation too closely, but i can confirm that the interface on the NC *needs* to be a bridge, whichever mode you are using [20:48] EtienneG: this message in in cc.log on the cc [20:48] EtienneG: and it isn't a problem, except that according the nurmi_ you can't use vblade over a bridge interface [20:48] EtienneG: and also use EBS [20:49] huh? [20:49] but I did [20:49] EtienneG: hmm, you had a bridge on your CC ? [20:49] aubre, unless I am mistaken, vblade runs on the CC [20:49] oh, there it is! [20:49] EtienneG: and you used EBS? [20:50] aubre, yes, on the CC, the VNET_PRIVINTERFACE directive should indeed point to a non-bridge device [20:50] EtienneG: then why do I get that above message in the cc.log ? [20:51] aubre, and then you get the above message in cc.log? I am puzzled, and frankly mystified. That would mean you cannot use EBS in MANAGED(-NOVLAN), that cannot be [20:51] EtienneG: and, nothing works when the private interface is not a bridge [20:51] EtienneG: exactly [20:51] aubre, on the CC, I never use a bridge as the private interface ... are you running a multi-cluster setup? [20:52] EtienneG: all my eucalyptus services run on the CC, and I have 2 NCs [20:52] EtienneG: I don't know what you mean by multi-cluster [20:53] aubre, multiple availability zones (more than one CC; but that's not your case) [20:55] aubre, I am baffled. best person to clarify is nurmi, but I see he is not around [20:55] EtienneG: ok [20:56] aubre, I would take it to #eucalyptus, other Eucalyptus dood hang out there [20:56] ok [20:56] EtienneG: ok, all seems to go as we discussed, and now the instance ahas the same public IP for both internal and external address, but when I try and SSH in I get: ssh: connect to host 216.108.146.50 port 22: Connection refused [20:56] spydmobile, whichever AMI you are using, it does not have SSH running [20:57] spydmobile, you can euca-get-console-output to see that it is indeed running, and check why ssh is not running [20:57] spydmobile, for the record (and I am a little embarassed to say that), the Canonical official AMI have a bug where ssh is not starting reliably :( [20:58] spydmobile, you could try with the example AMI Eucalyptus provides at http://open.eucalyptus.com/wiki/EucalyptusUserImageCreatorGuide_v1.5.2 [20:58] EtienneG: Ok, so I should not use that I gues, thats the one thats running..... [20:59] spydmobile, the bug might have been fixed, though, would need to check with smoser or zul [20:59] EtienneG: Ok, I wil DL the ubu image from there and try again..... [20:59] ok, gotta run, another fire to put out [20:59] spydmobile, good luck, and do not hesitate to ping if we can help [20:59] EtienneG: Hey thanks so much!!!! [21:00] spydmobile, not fixed. if you're talking about hardy. [21:00] EtienneG: What should I tell nick? combo of bugged image and? [21:00] if you're talking about karmic, they should be, and working well. [21:00] smoser: Im on karmic [21:00] spydmobile, architectural problem ... would need to file a bug really, but I am out of time this afternoon [21:01] I trust mathiaz will follow up with it [21:01] EtienneG: Ok, thanks again! [21:01] this is ec2 ? [21:01] or uec [21:02] smoser: Im on karmic UEC and my SSH does not start on the image running on an Instance, it is the same image created in the tester guide..... [21:03] smoser: Ouptu of the instance has a bunch of mount errors as per: http://paste.ubuntu.com/294936/ === spydmobile is now known as spydmobile_brb [21:12] EtienneG: I think, unfortunately, I am going to be unable to do anything much about this, and will have to ask that somebody else clear up the installer code in eucalyptus-udeb.finish-install - it should be pretty straightforward to modify for somebody who knows the requirements, but I am absolutely swamped [21:12] spydmobile_brb, can you give me more info ? [21:12] cjwatson, fair enough, it is our mistake anyway === spydmobile_brb is now known as spydmobile [21:13] smoser: what can I give you that will help? I create the instance, it gets an IP (server is configured for SYSTEM networking) the instance comes up and when I try and connect with SSH it says connection refused. [21:14] can you give more console output? [21:14] and what type of instance ? [21:17] smoser: here is all the output: http://paste.ubuntu.com/294945/ and this is a karmic UEC 32 bit (i386) as per: http://testcases.qa.ubuntu.com/Install/ServerEConfig it currently does not yet have an IP but the console output will still have all the mont errors [21:20] spydmobile, yeah, you're "waiting for metadata service" [21:20] i'm not sure why you're getting the /dev/sda2 errors that seems strange (not good) to me. i dont see them here. [21:20] but i think they're unrelated. [21:20] i dont think the metadata service is functional for you [21:20] well I have seen them on every single instance from every image [21:21] in the instance. it will hang htere all day (literaly, i think 1 day) until it finds something. [21:21] smoser: ok, can I double check its running? [21:22] i dont know how you can tell. [21:22] smoser: ok, i found something stupid, launching from elasticfox is part of the problem, so starting over again from command lines only..... [21:23] smoser: will validate that the problem occurs without elasticfox.... [21:23] how do you think launching from efox effects it? [21:23] k [21:23] i would think it would [21:23] smoser: efox does not ever seem to get an IP command line does? [21:23] i really wouldn't expect a difference there. [21:24] they're both jsut using the api. possibly efox is doing something different, though, i guess [21:24] so now, for trouble shooting sake, I set ARCH=i386 and did this exactly: http://testcases.qa.ubuntu.com/Install/ServerEConfig [21:29] smoser: so now, for trouble shooting sake, I set ARCH=i386 and did this exactly: http://testcases.qa.ubuntu.com/Install/ServerEConfig [21:29] yeah, i see. [21:29] do you understand the metadata service problem ? [21:30] smoser: instance came up and its still waiting for EC2 metadata but now has an IP [21:30] basically, the ec2 cloud provides metadata to the instance at a special url (http://169.254.169.254/latest/meta-data/) [21:30] smoser: just that it needs this and does not get it I guess? and that might be why I cannto connect via SSH? [21:30] the ec2 metadata service sometimes takes a while to come up, so ec2-init will block waiting on it. [21:31] and will block for 1 day [21:31] smoser: should this service be on the server? [21:31] and the ec2-init sets up ssh, it gets your public key from the metadata service and puts it in /home/ubuntu/.ssh/authorized_keys [21:31] New bug: #366932 in lm-sensors (main) "pwmconfic: error on test for fan START spinning pwm" [Low,Incomplete] https://launchpad.net/bugs/366932 [21:32] i'm not sure how eucalyptus implements it [21:32] but your instance isn't able to get it, so its just waiting [21:32] 2 things you could do to get insto the instance. [21:32] 1 .) change kernel command line to include ec2init=0 in it. [21:33] that wil disable ec2init [21:33] smoser: Tha makes perfect sense, but now to determine what the problem is with the metadata service - should it be on public ip? [21:33] 2.) mount the image and rm /etc/ec2-init/is-compat-env [21:33] hi waht you can recommedn to clone image the whole ubuntu server. [21:33] then rebundle [21:33] its a magic service. each instance gets its own data on that url [21:34] so i probably can't answer, i'd suggest #eucalyptus [21:34] smoser: re mounting and editing image Sorry but we just stepped out of my box of understanding, I apologize. [21:35] hi what good clone image application for ubuntu-server [21:36] ruben23: clonezilla live? [21:36] New bug: #453456 in eucalyptus (main) "excessive logs in /var/log/eucalyptus" [Undecided,New] https://launchpad.net/bugs/453456 [21:36] spydmobile, i can step you through it if youw ant [21:36] smoser: ok, sure, TY want to PM? [21:36] sure [21:36] spydmobile: what it do..? image to disc of HDD..? [21:37] ruben23: both i think, google it, it works well for me... [22:35] Uh [22:36] I just ran iptables -F thinking it was the list rules command [22:36] How screwed am I right now [22:36] (I only have remote access and it just died) [22:40] If I can access it via rescue mode, how can I restore the rules to normal? [22:47] bilge: maybe the commands are in history? [22:48] I rebooted and it seemed to fix itself bizarrely [22:48] I'm sure that isn't how you spell bizzarrerirelily [23:02] Bilge: iptables -F = flush. The rules need to be explicitly saved/restored [23:02] I use iptables-restore < /etc/iptables [23:04] * in /etc/rc.local [23:25] I'm not sure you understand what happened [23:25] I just wanted to run iptables -L to list the rules [23:25] For some reason, running -F instead caused me to lose SSH and I had to reboot [23:25] I thought I just screwed up my firewall but after a reboot it seemed nothing had changed fortunately [23:26] The help suggested that F also deleted rules besides flushing [23:26] flush means to remove everything [23:27] Why did they all suddenly come back after a reboot then? [23:27] it's nice for testing things, cron task to flush things and if you lock yourself out then you're fine :P [23:27] what you had saved was restored, you didn't save the flushed table [23:27] How would I have saved it [23:27] what do you use to edit it? [23:27] ufw [23:28] I don't touch iptables directly [23:28] (Under normal circumstances) [23:28] I don't know how ufw handles it, but I'm sure it utilizes iptables-restore and iptables-save in one of the runlevels [23:29] ufw interfaces with iptables directly [23:29] It's just a front-end for it [23:29] ya [23:29] So I imagine you'd be correct [23:29] So my flush wasn't comitted because I didn't (and couldn't) touch iptables-save? [23:29] yup [23:29] OK good [23:42] hi how do i uninstall application install form source file.. [23:43] Hello is anyone here? [23:44] apt-get is giving me unmet dependencies errors [23:44] hello [23:46] is anyone here [23:58] hey guys [23:58] anyone here?