[00:05] How do I setup software raid 1, I just want to mirror a hard drive for redundancy, not performance. [00:06] Doorman352, it's done easiest at install time [00:06] in the partitioner === erichammond1 is now known as erichammond [00:06] OK, 9.10 didn't give me anything to work with..... sorry got a call. BRB [00:08] desktop installer doesn't do raid / lvm setup, IIRC. [00:08] which is too bad. [00:09] its not suited for most people... for those who wish, there is still the alternate right? [00:10] well, this is #ubuntu-server [00:10] I simply assumed that's what he was using [00:11] oh, good point. [00:11] yeah. server install it should be right there. [00:11] IIRC, it's even an option right in the menu now [00:11] but even if it isn't, you can still do it manually [00:12] yeah, it's in the partitioning setup, I used it recently. [00:15] The defaults are fairly dumb for things like stripe size, mind you, but it is there. ;) [00:18] G'day all - has anyone in here deployed buildbot on ubuntu server in here ? [00:19] I deployed it on the weekend, but it is crashing in the buildsteps ( bug #493575 ) [00:19] Yagisan: Error: Could not parse data returned by Launchpad: The read operation timed out [00:19] I was hoping someone could have a quick look at the bug and confirm or deny it's a bug [00:20] rather than user error on my behalf [00:20] * Yagisan grabs a linky https://bugs.launchpad.net/ubuntu/+source/buildbot/+bug/493575 [00:20] Yagisan: Error: Could not parse data returned by Launchpad: The read operation timed out [00:28] i have a question about the setup of a three computer mini cluster [00:28] we have Ubuntu 8.04, and we want /home on one computer [00:29] and an FTP server on one [00:29] two will be workstations === erichammond1 is now known as erichammond [00:29] we have a www server as well [00:29] how should we set it all up [00:30] that's sort of a design question depending on more factors than you've listed here... it's really up to you what makes the most sense. [00:31] I mean, generally you'd do all the serving from one system, and the workstation stuff from the other two, but it'll really depend. [00:31] bcurtiswx, that is hard to say - it's a design issue [00:31] is there a way to make a totaly fresh install of Apache? I think I've got this system so hooped it dosn't know who it is. I'm still getting the suexec wrapper errors [00:32] bcurtiswx, I can say that for _my_ setup - my server supports kvm, so I put my www server into a virtual machine on there, and other servers into different virtual machines [00:32] well, normally you'd just purge the packages and then reinstall them. but IIRC you said you had some atypical install? [00:32] unit3, Yagisan: thx.. I think the smarter decision is all outgoing stuff (apache, ftp, etc..) should be all on one computer.. leaving the other 2 for heavy lifting (code compiling/running) [00:32] bcurtiswx: that'd be my feeling, unless you have any reason to do it differently. [00:36] Yagisan: how can you do it with Virtual Machines?? would virtualbox work? [00:37] bcurtiswx, I'm using kvm and virt-manager - just set each one up as if it was a "real" machine [00:37] Yagisan: that seems overly complicated for what he wants, considering he has 3 different physical machines. [00:38] Yagisan: im going with my previous mention.. i'm just thinking about how Yagisan has that going.. thx for the reply about that [00:38] unit3, possibly - I was just giving one example of a possible setup [00:38] true. [00:39] unit3, in my case I have 6 physical machines here, and 22 virtual machines [00:39] so I have a slight bias towards sticking things into virtual machines [00:39] heheh. [00:40] yeah, I'm big on VMs too, but unfortunately (in my testing) the open source framework stuff still has a fair amount of bugs in it... so I don't advise people commit to it unless they really know what they're doing. ;) [00:40] and if I ever solve my buildbot problem, I can expect a large increase in virtual machines :D [00:40] hahaha [00:40] never played with buildbot, I probably should at some point. [00:41] I haven't used it since dapper [00:41] then it was with a subversion repo [00:41] since then buildbot has had security issues, and I switched to Git, so I thought, lets deploy it on karmic [00:42] well - I built the slaves first, then the master [00:42] and got nothing :/ [00:47] Jeeves_, sudo apt-get purge apache; sudo apt-get install apache [00:47] I think that's the right package name [00:48] oops, jeeves_Moss ^ === robbiew is now known as robbiew_ [00:48] qman`, lol. I think this server is a mess. and I'm tempted to rip out everything and start over. all I know is that this vhost is causing problems [00:55] ls [00:55] gah [00:55] * Yagisan still isn't used to this small keyboard [00:55] keep missing the tab key :/ [00:57] sorry, got a phone call. [00:58] I'm setting up a Dell PowerEdge 850 as a server, but per the advice here I used the desktop media so I can use the gui...... I'd like to setup Raid 1 on this system for redundancy. [00:59] Server does NOT have a hardware raid controller. [00:59] you would use the command mdadm [00:59] might have to apt-get install mdadm === erichammond1 is now known as erichammond [01:05] OK, read the Ubuntu How-to on mdadm and It is not clear how to mirror a drive. It looks like it has to be done before installing, but then how would I use mdadm? [01:05] Doorman352, I can't really help you with doing it on desktop, but here is a simple guide for server: http://advosys.ca/viewpoints/2007/04/setting-up-software-raid-in-ubuntu-server/ [01:06] if you want to mirror the partitions the system is installed on, then yes, it has to be done during install, at the partitioning stage === erichammond1 is now known as erichammond [01:07] I don't know who advised you to use desktop or why, precisely, but the GUI is not supported in this channel [01:08] it depends entirely on what you want to do [01:10] I asked a while ago about using a gui to build and familiarize myself with ubuntu server and was told in this channel that the distros were interchangeable and to use the desktop until I was comfortable. Sorry to have crossed the boundary here. [01:11] well, it's not a boundary, it's just use cases. the desktop installer doesn't include a bunch of server functionality, like RAID setup. [01:11] you really need to install the server version to configure these things properly, unless you really know what you're doing. [01:11] i believe you could apt-get install linux-server [01:11] yeah, it's not that big a deal [01:11] and that would give a bunch of server packages [01:11] I just meant, we don't support the GUI installer and tools here, so I can't really help with that part of it [01:12] yeah, exactly. [01:12] sorry, but I was told here to do it..... [01:13] not knowing how to accomplish raid 1 with the GUI, I'd suggest using server or alternate, and installing the GUI on top with the ubuntu-desktop package [01:13] I had that before, and tried ebox and webmin, neither worked very well at building new servers.. [01:14] I'm not fond of any of the web GUIs [01:14] webmin is not nice to debian-style conf, and ebox has a long way to go [01:14] the ubuntu-desktop package installs the same GUI that ubuntu desktop uses [01:14] yep. generally you're better off just doing work on the CLI. [01:14] but doing it taht way would allow you to install the system using the server menus and RAID functions [01:15] and then install the GUI on top [01:15] Ok, well my microsoft server experience doesn't translate well to the terminal. [01:15] Doorman352: Use a Desktop install to learn Ubuntu and play with if you want, but when it is time for a production server install, install from the server CD and ssh into it. [01:15] Thats what I'm doing. [01:16] that's very true [01:16] but all the server functions on linux are CLI-based [01:16] so even with a GUI, you still really need to learn the commands and configuration files [01:16] Doorman352: nope, unix-y OSes are *very* different from Windows. [01:16] Doorman352: cacls is pretty hardcore commandline stuff, if I remember rightly :) Theres a bunch of command line things necessary as a good Windows server admin. ntdsutil has no GUI either, does it? [01:16] jmarsden, that's right, but you only need to use those things when you have a problem [01:16] yes, but I don't have to do most things from a command prompt. [01:17] and unixy command lines are MUCH easier than windows command lines [01:17] windows is too wordy and lacks the nice features like proper tab completion [01:17] not to mention proper documentation. :P [01:17] qman`: perspective, I'm more comfortable with DOS/Windows because I've been using them for many years.... [01:18] qman`: never had a problem? So either you've never had a problem with Windows over some time (in which case, stick with it!), or you've not been a Widnows admin for very long? :) [01:18] Doorman352, I started on windows/DOS too, linux is far better [01:18] jmarsden, plenty of problems, but it usually ended up googling the microsoft site and copy/pasting some bits [01:18] no doubt, but I have to start somewhere and so far Linux isn't very easy to work with at the prompt without guides and there are some really bad ones on the web. [01:18] never bothered to actually learn windows commands like I do linux ones [01:19] Doorman352: The one you care about is the Ubuntu Server Guide. The one in the topic of this channel. [01:19] yeah [01:19] the server guide is great [01:19] Yep, read it and had a horrible time with Samab and my domain controllers. [01:20] well, there's the problem [01:20] integrating with windows domains is always a pain [01:20] +1 [01:20] no two ways about that, not until samba 4 comes out [01:20] Doorman352: How will a GUI on Ubuntu Desktop fix windows domain integration issues?? [01:20] well, I can't just throuw my WAn away and use linux yet, so I have to start somewhere. [01:21] NT4 style domains work very well [01:21] hey all, looking for some hardware advice, going to upgrade company webserver soon, and had a couple of questions. [01:21] jmarsden: the more tasks I can accomplish with ubuntu, the closer I get to replacing my wiindows servers. The Gui is a means to familiarize myself. [01:21] yeah, but full AD integration isn't possible, and the parts that are are very difficult to get working [01:22] qman`: I noticed. [01:22] it's largely due to the complete lack of documentation and standards in AD [01:22] Doorman352: Cool, so run it on a workstation or in a VM on your windows workstation, then when you are familiarized, set yup the server. [01:22] well, to be fair, AD is only meant to be "integrated" with AD [01:23] skrite, go ahead and ask [01:23] skrite: Ask your real question(s), if you want people to have a chance of answering them :) [01:23] AD works in the Microsoft world, but not so good for other things. [01:24] I'd dump AD and use an alternative, but I lack the skills to use Linux. But I keep trying. [01:24] Doorman352, while you continue to have windows clients, there isn't much of one [01:24] but samba 4 will change that [01:24] a ways off but it's coming [01:24] ok, thanks. what is more important, more cores? or higher clock speed. I am looking at a system with two quad cores at like 2.23ghz.. Just wondering how much bang i would get trying to get higher clock speed [01:25] qman`, that would depend on how he has his network set up, and what he uses from AD [01:25] skrite, for a server with threaded applications, more cores would be more valuable [01:25] qman`: I'm hoping so, but the Samba.org guide for Kerberos and LDAP is terribly wrong and breaks Domain Controllers.... [01:25] qman`, my system has a lot of different processes going on all at once. [01:26] so more cores. [01:26] thanks [01:26] skrite, have you measured the bottleneck ? [01:26] skrite: It all depends on your workload. On a fixed budget, add RAM before bumping CPU clock speeds [01:26] ok [01:27] is there much speed increase in having 5 drives in a RAID 5 over having 3 drives? they are SATA 15krpm [01:27] skrite, your read speeds will increase a bit [01:27] skrite, it's workload dependent [01:27] skrite: "It all depends on your workload" ... is the server CPU bound or I/O bound, the current server I mean? [01:28] jmarsden, i don't know. === XKismetGF is now known as KismetGFX [01:28] skrite, indeed - could it also be network bandwidth bound ? [01:28] skrite: Then measure it before you spend your dollars... :) [01:28] no, not network [01:28] ok [01:28] what kind of workload is better to have more drives? [01:29] An I/O intensive workload. [01:29] our server does more writing than reading to the db [01:29] databases/file servers [01:29] okk [01:29] ok, gotcha. [01:29] like what i am doing [01:29] speed increase very significant? [01:29] with more drives? [01:29] virtual machine hosts also hammer disks [01:30] skrite, there are diminishing returns - it depends on the system, and the type of I/O [01:30] skrite, if you need more write performance, instead of going raid 5, go raid 0+1/10 [01:30] Yagisan, ok, not doing that [01:30] skrite: First you said is was a web server... now you are saying it is a fileserver/database server? [01:30] skrite, raid5 writing is both CPU and I/O bound (need to calculate those checksums) [01:30] jmarsden, well, it is both [01:30] skrite: raid 0+1/10 increases read performance above raid 5/6 too afaik [01:31] Anyone use Ubuntu as a inter-vlan router? [01:31] skrite: Ok, so how many database transactions per second is the current hardware doing? And is that the majority of disk I/O on the machine? [01:31] we take data in from machines and show the customers all kinds of performance data, graphs, etc.. but we are writing about 8 records per second [01:31] Doorman352, no - but quagga IIRC is suitable for routing [01:32] yes, is majority of disk i/o [01:32] don't know how many transactions per second. [01:32] lots :) [01:33] we actually write more than that, because all the records get updated often as the machines change state [01:33] skrite: Then a RAID 10 setup might buy you extra speed for the database. Maybe Raid10 for the database and raid1 for the rest of the filesystem, if you can afford lots of drives... but without numbers it's very hard to really advise you. [01:33] ok, well cool [01:33] will try to benchmark out what we are doing here [01:34] exactly the bottlenecks, then will come back with numbers. [01:34] thanks all [01:34] Go for it :) You're welcome. [01:34] skrite, useful tools include iotop and top [01:34] thanks [01:34] np [01:35] Yagisan: Doesn't say it supports vlan routing.... [01:37] Doorman352: ? Surely that's more a matter of whether your NICs support VLAN tags, all Linux kernels will have an 801q module you can use... [01:37] Quagga itself does not need to directly support VLANs, as long as you can gen your NICs to do so and set up a virtual interface per VLAN that quagga can route to and from. I'm pretty sure... [01:42] New bug: #493864 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: 子进程 已安装的 post-installation 脚本 返回了错误号 1" [Undecided,New] https://launchpad.net/bugs/493864 [01:42] jmarsden: Are you describing using physical NICS for each subnet instead of trunking? I was interested in trying to use a linux server as a router for 4 VLANS with a single nic setup as a trunk. Instead of a CISCO router or layer 3 switch. Lots of chatter about it, but nothing in detail about how. [01:43] No... you can configure one NIC to be seen as multiple virtual interfaces, one per VLAN... then quagga routes between those virtual interfaces. [01:43] Doorman352, your NIC needs to support 802.1q vlan tagging, if so you can configure subinterfaces for each vlan [01:43] Doorman352, no, you'd only need to set up virtual interfaces for the vlan on one NIC [01:43] Doorman352, then you can set up a routing daemon like quagga to do the work for you [01:43] Right. It's much more about NIC choice than anything else :) [01:44] another question.. should a machine that interacts with the outside (www, ftp, etc...) also contain the data it's hosting.. or is it better for that to be hosted on another computer? [01:44] Doorman352, eg Billion does exactly that for my home ADSL router [01:44] Nice to see we're all in agreement on this :) [01:45] bcurtiswx, that depends on the amount of hardware at your disposal and how sensitive the data is [01:45] I would advise against hosting multiple services on one machine connected to the net [01:45] connected directly* [01:46] I'd also advise against running certain services together without proper chrooting [01:46] qman`, i've got three [01:46] earlier discussions make me think having outgoing stuff like www,ftp etc... on one computer [01:47] bcurtiswx: Without knowing your budget and info security plan, that might be fine, or it might be terrible :) Your question is really too broad to be easily answered here. [01:47] but it will need to have access to data.. would it be better to have that on one of the other two computers? [01:47] * Yagisan goes for the virtual machine rather than chrooting - but yes - I'd separate services if possible [01:47] bcurtiswx, the issue at hand here is contingency [01:47] should one service get compromised, you don't want that to grant access to the data for the others [01:47] ftp is a relatively insecure service [01:48] so it should be chrooted and preferrably separated from other data as much as possible [01:48] * Yagisan would ask - do you really need ftp before deploying it [01:49] ok [01:49] do you expect outsiders to upload data to your server ? [01:49] or you to remotely do so ? [01:49] we have outsiders constantly changing and updating the data (trusted people) not random [01:50] im no where near an expert, sorry if i'm not quite forming the correct information in my questions [01:51] bcurtiswx: CAn you persuade them to use something other than FTP? Like something ssh-based -- FileZilla if they need a GUI tool to upload with? [01:51] i can def talk with them about it [01:51] If you can, that's one less service to run... which is a Good Thing for your overall security [01:52] jmarsden: all good things to think about.. im gonna think through this and i'll probably have a few more questions [01:53] Thinking ahead of time is good :) [01:53] * Yagisan needs to head out now - back in a few hours. Would love it if someone could offer advice on my buildbot issue #493575 [01:54] qman`: I checked and my adapter supports 1q tagging, so how would I configure it in Ubuntu, as the Intel proset tools are windows based. [01:55] Doorman352, this should help: http://www.cyberciti.biz/tips/howto-configure-linux-virtual-local-area-network-vlan.html [01:55] it's debian-oriented, so you'll have to insert some sudos [01:56] err [01:56] shows centOS, but looks like debian? [01:56] let me find something better [01:56] Doorman352: Simple overview at https://wiki.ubuntu.com/vlan [01:57] http://ubuntuforums.org/showthread.php?t=703387 [02:00] qman`/jmarsden: Thanks, I'll try working through the guide. === MTecknology is now known as ALearing === ALearing is now known as ALearing_ === ALearing_ is now known as AdamLearing === AdamLearing is now known as MTecknology [02:24] jmarsden: whats the best way to handle backing up computers..right now we back up our /home directories and the data, but this is all over the place, no central location.. how should this be handled best? (sorry if i haven't framed the question in the right way) [02:27] Well, "best" is always subjective... a central on-site archive machine is a common approach, backup to that using rsync-based backup tools, keep multiple revisions not just one, and backup anything critical offsite as well. [02:27] How fancy you get depends on the time and hardware and network bandwidth and money available :) [02:28] haha, ok [02:28] yep [02:29] and for relatively inexpensive backup media, I'd suggest hard drives for large data, and flash drives or DVDs for smaller data [02:30] bcurtiswx: Simple tools like rdiff-backup can work well, if you need more complexity look at bacula or amanda. And yes, here at home, DVD's work fine :) [02:31] hard drives are still the cheapest media per gigabyte, and building a system around them is cheap too [02:31] we have growing data amounts.. up to about 1TB so far.. and growing [02:31] all on hard disks at the moment [02:32] it's all budget permitting, but I'd suggest an active server you back up to, then copying backups to removable drives and sending them offsite if needed [02:32] how would you set the initial rdiff start?, i know rdiff would be great for a "time machine" esque app [02:33] would it be backing up the system and rdiff nightly based on current filesystem and backup? [02:37] bcurtiswx: Once you have an initial copy of each machine on the archive server, you can just do nightly updates that copy, keeping older versions around... rdiff-backup and many other similar tools do this for you. You have to decide how far back to keep incremental copies, of course. [02:38] You might want to play with rdiff-backup for a few unimprtant files and get comfortable with how it works, then start using it "for real". Same with any backup approach really! [02:38] yeah, thats how i typically do things.. testing phase first in a very basic setting === astechgeek is now known as Guest13014 [02:53] well thanks for your help all. ttyl === Guest13014 is now known as techgeek [02:55] why does apt-get upgrade don't update packets? [02:55] it writes something like "packets are keeped at current version" and the list of packets to update..but it doesn't do it [02:56] alex88: You need to provide more detailed information if you want a helpful answer. Can you pastebin the exact output so we can see it? [02:56] jmarsden: how can i output it in english? it's in italian now [02:56] alex88: LANG=C apt-get update [02:56] But I can probably read it in italian if necessary :) [02:57] np..pasting in en [02:57] http://pastebin.com/m6f1d4a2b [02:58] i've configure ubuntu 9.04 with unattened-updates as in ubuntu wiki...screen shows 10 packets to be updated but the result of apt-get upgrade is that [02:58] alex88, those packages require installing some new packages, so they are not automatically upgraded [02:58] if you want to upgrade them, do sudo apt-get dist-upgrade [02:58] You just need to do a full-upgrade to let the system update those. sudo apt-get dist-upgrade [02:58] qman beat me to it :) [02:59] oh thanks you all guys.. [02:59] that worked fine.. [03:00] You're welcome. [03:00] btw, going to sleep.. 3 am here in italy..cya tomorrow guys.. === alex88 is now known as alex88[sleep] [03:02] back to visual basic homework...*/headdesk* [03:13] hey [03:14] is there a way i could create a username on a machine such that he is just able to upload stuff with ssh, but cannot log in interactively ? [03:15] Clusty_, http://www.debian-administration.org/articles/590 [03:16] qman`: the match part is a aprt of sshd_conf file? [03:17] I'd like to turn my server into a DNS server; presumably I could Google for a tutorial, but there was a checkbox on the installer which I didn't tick. Is there a way to simply add whatever packages that checkbox would have pulled in? [03:17] Clusty_, yes [03:18] trimeta, sudo tasksel [03:18] qman`: i need to make sure i am not screwed (lock myself out). if i restart the sshd server all existing connections remain open? [03:18] Clusty_, I don't think so [03:19] make sure you only add that at the end of the file [03:19] a match block includes all code until the next match block or the end of the file [03:19] so if you just add it onto the end, users not defined in the match block won't be affected [03:21] qman`: /etc/ssh/sshd_config: line 81: Bad configuration option: ChrootDirectory [03:21] /etc/ssh/sshd_config line 81: Directive 'ChrootDirectory' is not allowed within a Match block [03:22] oh, you must be using an older version [03:22] this is a somewhat recent thing in sshd [03:22] you'll probably have to do it the old fashioned way with full jailing [03:22] qman`: on ubuntu 8.04 [03:22] yeah, it's not in 8.04 [03:23] how can i jail the user? [03:24] I've used jailkit in the past [03:24] http://olivier.sessink.nl/jailkit/howtos_jailkit_pam_chroot.html [03:25] it allows for jailed and non-jailed users side by side [03:25] the hardest part is building a working jail, but that's what jailkit helps with [03:25] ok [03:25] qman`: Thanks. [03:25] this makes it a salto mortale: 1 wrong move and I am screwed [03:25] gonna wait on the jailing for now [03:26] will update in 2 weeks to karmic [03:26] is that a good idea actually? [03:26] since it is not LTS [03:26] karmic has a recent enough version of sshd to do it the first way [03:27] qman`: i mneant if it's a good idea generally [03:27] depends on your needs, but truthfully you're probably going to upgrade to lucid in april anyway [03:27] if this machine goes down a lot of ppl will cry [03:27] :D [03:27] and it'll be a single step from both hardy and karmic [03:27] machine is NFS/LDAP/DNS/Router [03:28] well, karmic itself is plenty stable enough, it's the package versions and odd bugs you might worry about [03:28] i can imagine that [03:28] it was a little rough right at launch but most of those problems have already been sorted [03:28] i still annot change the passwords proprely: make PAM synch unix passes with LDAP ones [03:28] the other nodes are karmic [03:29] but if downtime is your main concern, running an upgrade may break you === astechgeek is now known as Guest4392 [03:29] problem is i am working remotely [03:29] if the machine is unaccesible i need to go to germany :D [03:29] in 2 weeks i am going for 4 days :D [03:29] upgrading from hardy to karmic is a three-upgrade process and could cause some problems [03:30] if you're right in front of it, it shouldn't be that big of an issue [03:30] qman`: ohh. so from 1 LTS to another is 1 step move? [03:30] yes [03:30] then it is settled [03:30] no upgrades now [03:30] so if you can wait until april that's preferred [03:30] only reason is no postgres 8.4 [03:30] but that si not a major crime [03:31] got another pg 8.4 machine === Guest4392 is now known as techgeek [03:32] qman`: for FTP what ports need to be open? [03:32] 21 is enough? [03:32] nope [03:32] i know it uses 2 ports [03:32] I'm guessing you're running passive FTP [03:32] i got no ftp for now [03:33] and in that case you need port 21 and the upper port range all open/forwarded to your FTP server [03:33] and you need to allow outgoing on 20 [03:33] but it was a pain punching the right holes insde the FW [03:33] FTP is legacy and always a pain with firewalls [03:33] it was designed before firewalls existed [03:33] i set up some lame machine in the DMZ [03:33] if at all possible, you should avoid using FTP [03:34] but this is a quick patch not a proper solution [03:34] are people aware of non-FTP ways to put/get data? [03:34] most ppl give me faces when i give them WinSCP [03:34] web interfaces and SFTP [03:34] filezilla is another free SFTP-capable client [03:34] and many non-free clients like smartftp support it [03:35] but is popular? [03:35] i guess so.. === dendro-afk is now known as dendrobates [05:36] * Yagisan wanders back in [05:40] hi, i [05:41] hi, i'm planning to setup an ubuntu dns server, however we onl have 1 public ip..how would i configure my dns to work behind the router? [05:42] is it alright with this kind of setup? [05:43] jongbergs: You can open TCP and UDP ports 53 inbound through your router to the DNS server and it should work, is that what you mean? [05:43] OR do you need the DNS server go give two different answers depending on whether the client asking it is on your LAN or on the Internet?? [05:45] jmarsden: yes, can i have both roles LAN and Internet? I also wondering whether it the dns server should act as authority or cache [05:52] jmarsden: which dns funtion should i choose: caching, primary ,secondary or hybrid? [05:53] what do you want it to do ? [05:53] jongbergs: You can, it's just more work to configure it. And whether it should be authoritative or caching only depends on whether you want it to do/ [05:53] Do you have domains you need it to be authoritative for, or just to get info from other existing DNS servers out there and make that info locally available. [05:54] The first measn authoritative, the second is caching. [05:54] But if you don't already know this you could find setting up a DNS server quite difficult, I think :) [05:55] WHat are you trying to achieve by setting up this DNS server? How will it help you do something? What do you want it to *do* for you? [05:55] jmarsden: we plan to put up a campus website in which we have our own registered domain name [05:56] And the new DNS server will be authoritative for that domain? Is there another one somewhere which will be the secondary for it? [05:58] jmarsden: no dns servers yet except from our ISP [05:59] well, you need two when you register a domain, so which two did you provide to the registrar? or is the domain not set up yet? [06:00] You could try using a public (free) DNS service for the secondary and use your own as the primary authoritative server for your domain. [06:00] jmarsden: not setup yet..the domain name is in the process of approval [06:01] OK. well, somehow or other you will need there to be 2 authoritative DNS servers for it before it will "work" on the Internet. [06:01] jmarsden: you mean i need two dns servers? [06:01] Either that or you needs yours plus use someone elses for the second one, yes. [06:02] jmarsden: is it ok for now if im going to setup only one dns server to be authoritative? [06:02] jmarsden: will it work? [06:03] Yes it will work for you to test with [06:03] But I don't think you will be able to make your domain go "live" with just one DNS server. Your registrar will not allow that. [06:03] For now set up this one, then find a free secondary one and use that. [06:04] jmarsden: i was thinking of that also when i review their requirements, you need to have at least two [06:04] jmarsden: free dns like OpenDNS? [06:05] Not exactly. Free secondary DNS service. I don't know if OpenDNS offers that. Let me look for a provider for you... [06:05] jmarsden: thanks [06:06] jmarsden: i also happen to drop into www.everydns.com website it says they offer free dns service, but im not sure exactly [06:07] Could work. freedns.afraid.org may also work for you. The one I was thinking of no longer exists, it has been a while since I used a free secondary :) [06:08] jmarsden: ok i'll try that, so what's the first thing that im going to do now? [06:09] jmarsden: i have the ubuntu server already running [06:09] jmarsden: ready to be configured [06:10] I can't handhold you through all of this, it's too much. You could configure your server to be authoritative for your domain and create the zone file, and test that. Then open ports in your router, then set up the secondary to use your server as the primary for that domain, and test *that*. [06:15] Hi, I'm using Hardy and I use IPsec-tools version 0.6.7, which I want to update to the latest available. 0.7 is available in intrepid. Can I just install the .deb on hardy? [06:15] Probably not; most likely they depend on versions of other libraries that are not in Hardy either. [06:15] It's not available in the backports repo [06:16] You could try it, but no guarantees it will work :) [06:17] Will it break anything...I mean if anything goes wrong would I be able to recover easily? [06:19] If you know what you are doing with dpkg, you could recover easily enough, it's not like ipsec-tools is a system library or anything like that. BTW, latest in Ubuntu seems to be ipsec-tools | 1:0.7.1-1.5ubuntu4 | lucid | source, amd64, i386 [06:19] So if you truly need "latest", 0.7 in Intrepid is not it. [06:21] I thought that will be too bigger a jump...intrepid being after Hardy unlike Lucid which is still in dev...:) [06:22] Plus I have to get racoon as well...I'll get them from Lucid and hope it works... [06:23] Good luck... I think you'll need it :) [06:30] rags: any reason for not self compiling it? [06:30] if it follows the trivial configure/make/make install pattern and there are no crazy things being done you can even make a deb out of source directly [06:32] I do that sometimes. [06:32] Clusty_: I guess I can...but I hope it wouldn't make a dependency mess...I'll give a try then...My main concern is that it should not affect my current config...:-S [06:33] rags: can even get: apt-get build-deps [06:33] to get dependencies to build the stuff [06:34] oh...ok..I'll try that as well.. [06:34] Clusty_: what's he packaging? [06:34] hi guys. I [06:34] twb: ipsec [06:34] i never used it... [06:34] 'm having trouble logging into my enterprise cloud I've just ser up. credentials I'm able to use via ssh doe not take on https [06:34] any ideas please? [06:35] only package i recompiled from sources into a package was netatalk [06:35] rags: you need ipsec 0.7 on hardy? [06:37] twb: Yes...mainly because I can't get some functions working in the current version, such as deleting individual SA's and manipulating individual tunnels... [06:37] The first thing I would normally try is adding a deb-src for (say) intrepid, and then apt-get build-dep'ing and apt-get --build source'ing ipsec/ [06:39] *bump* [06:41] twb: That's cool....That will be way simpler then getting the tar balls... [06:42] twb: Only concern, hope it does not break anything and is recoverable...:-S [06:43] rags: well, it'll be completely unsupported and unmaintained. You certainly won't automatically get any security updates that are made to intrepid's ipsec package. [06:43] But that'd be the case if you installed from the upstream source, too. [06:44] No matter....I'll keep a manual check...till I do a dist upgrade... [06:52] zz [08:33] <`jpg> Anyone got any tips on helping make Eucalyptus's control services more redundant other than running them on a HA cluster? [08:34] <`jpg> Currently I am thinking run 2 (or more) servers with heartbeat. [08:56] i have a printer/scanner plugged on a switch, the printer works well in the network, can i also use the sanner through the network or do i need to plug it to a machine first ? [09:01] only god knows [09:01] and maybe the manufacturer/manual of your printer/scanner [09:02] arj, according to the docs i'm reading, it seems i have to plug it first to a computer via usb === jiboumans is now known as jiboumans_ === jiboumans_ is now known as jiboumans [09:40] morning [10:22] New bug: #493982 in munin (main) "Munin-Node missing device files in iostat" [Undecided,New] https://launchpad.net/bugs/493982 [11:02] guys.. i'm on Hardy Server. I have a service installed that I want to disable - but NOT uninstall. How do I do that? is there a utility to do service management from cmdline ? [11:19] SandGorgon, services in Ubuntu are handled with init scripts, started and stopped with /etc/init.d/, and enabled and disabled with update-rc.d [11:19] not sure how upstart complicates things, but in hardy it still basically works like sysv-init [11:22] qman`, thanks.. i found 'sysv-rc-conf'. Looks good === alex88[sleep] is now known as alex88 [11:39] I like rcconf, but I think insserv breaks it [11:40] As a text GUI for update-rc.d, that is [12:43] wow, ec2: *Free Inbound Data Transfer (until June 30, 2010)* [12:44] morning [12:45] smoser, zul: o/ [12:45] hi [12:46] hey ttx [13:05] anyone have any suggested alternatives for buildbot ? [13:06] * Yagisan has confirmed a bug in it on 3 different versions of ubuntu, so it's not working out for me [13:06] New bug: #494015 in bind9 (main) "named warns: max open files (1024) is smaller than max sockets (4096)" [Undecided,New] https://launchpad.net/bugs/494015 === rgreening_ is now known as rgreening === dendrobates is now known as dendro-afk [13:19] I see error messages like: "Dec 8 12:58:12 AmurgDVR udevd-work[598]: pipe failed: Too many open files" and "unable to create db file '/dev/.udev/db/block:sda': Too many open files" - even though there are only ~3k open files according to lsof? - any ideas? [13:32] * zul really really needs to move to somewhere warmer [13:33] it's warm in NC :-P [13:33] sommer: newcastle? - no it isn't, lol [13:34] heh, north carolina :) [13:34] ah [13:35] sommer: 20-30 cm of snow expected tomorrow [13:36] fun fun, heeh [13:37] it's warmER in Tampa today and the sun is coming out after a foggy morning [13:38] come on down zul...plenty of room for you and the fam [13:38] meh [13:56] guys.. i'm trying to get php5-cgi and nginx working under ubuntu 8.04. I am able to see .html files properly, however for .php files I am getting constant "connection refused" errors. Any idea why ? [13:56] what does telnet say? [13:57] (to the port nginx should connect to) [13:58] arj, checkin [14:01] arj, telnet works for the port === robbiew_ is now known as robbiew [14:12] grmbl [14:12] chpasswd no longer accepts '-e' as an option [14:13] does anyone know why that is? [14:24] chpasswd uses pam now. PAM does not support providing encrypted passwords. [14:25] soren: Hmm, that sucks. I don't like putting plaintext passwords in scripts [14:25] Any clue how I can nicely work around this (imho regression)? [14:26] how can I archive a directory with all the subdirectories and files ? [14:26] Jeeves_: usermod --password [14:26] orudie_: tar? [14:30] soren: Thanks [14:30] Jeeves_: np [14:56] New bug: #494047 in bind9 (main) "package libdns53 1:9.6.1.dfsg.P1-3ubuntu0.2 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 2 zur?ck" [Undecided,New] https://launchpad.net/bugs/494047 [14:59] grmbl [14:59] those bloody germans! [14:59] :) [15:18] ttx, ping [15:18] or kir [15:18] kirkland [15:18] can one of you verify that images currectly bundled with '--arch' have that --arch represented in describe-images ? [15:18] smoser: yo [15:21] smoser: I could verify that. It would have recently changed ? [15:21] I remember checking that for karmic RCs [15:22] john pugh is seeing images loaded from the store all showing up as x86_64 [15:22] so i wanted to verify that images bundled otherwise weren't also [15:22] i dont think they are [15:22] so i think the store is incorrectly bundling [15:22] I'm using vmbuilder on karmic: if I put "bridge = br0" in the [kvm] section of my config file, will that set the $bridge in the libvirtxml.tmpl? [15:23] smoser: what is sure is that if you don't specify --arch, it does x86_64, even if you are on a i386 UEC. [15:23] i thought that it defaulted to 'uname -a' [15:24] err.. .uname -m [15:25] https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/451358 [15:25] Launchpad bug 451358 in eucalyptus "euca-describe-images reports all UEC images as x86_64" [Low,Invalid] [15:26] smoser: it defaults to x86_64. [15:27] smoser: do you still need the verification ? Or can it wait until my alpha1 tseting tomorrow ? I'm pretty sure it works (as long as you pass the -r option) [15:27] it can wait. [15:27] I see error messages like: "Dec 8 12:58:12 AmurgDVR udevd-work[598]: pipe failed: Too many open files" and "unable to create db file '/dev/.udev/db/block:sda': Too many open files" - even though there are only ~3k open files according to lsof? - any ideas? [15:27] smoser: cool. I prefer not to spin up the setup if I can avoid it. [15:28] mainly i was doing the same [15:39] if i've on eth0 2 ips, does apf firewall protect both? cause it's eth0 and eth0:0 but on apf reload says: determined (IFACE_IN) eth0 has address (IP), but nothing about the second ip [15:48] ah, answered my own question... according to docs "--bridge=BRIDGE Set up bridged network connected to BRIDGE." [16:06] how can I disallow access to all my users to use dftp except for one user ? [16:10] how can I disallow access to all my users to use vsftpd except for one user ? [16:22] orudie_: there is a user list that cannot connect to ftp [16:23] in default vsftp server install [16:24] aleks, yup I remember now, trying to find the list :) [16:30] it has something about pam auth..so search in the pam folder, you'll find the vsftp plugin with the name of the file [16:33] can i setup a machine that will only allow users on the other end of the machine to download/upload at a set rate? For example, if i had a 15MB/s internet connection, but only wanted half of my users to be allowed 5MB/s, how would i do that? i believe it is called QoS (Quality of Service) [16:38] hi [16:39] should whole discussions happen her: https://wiki.ubuntu.com/LucidServerSeeds#proposed-universe-demotions ? [16:39] marks256: you can limit the connection speed via ip-tables [16:42] Somebody here have expirience with plesk? [16:43] a little bit [16:45] alex88, server side? [16:45] yes [16:48] marks256: http://zedomax.com/blog/2008/09/25/linux-server-hack-how-to-limit-bandwidth-with-linux-tc-and-iproute2/ [16:48] alex88, that looks be be exactly what i want to do. thank you kind sir! [16:49] marks256: glad to help! =) === didrocks_ is now known as didrocks === Dragon is now known as Guest57254 [17:08] hi, I have a 32-bit computer, can I use ubuntu server 9.10? [17:10] Guest57254: Yes, just pick the x86 (32bit) version of the Ubuntu Server install CD. [17:10] ok, thanks [17:10] You're welcome. [17:11] Hi all, quick and simple question. I want my servers to send me monitoring e-mails (cron status, periodic monitoring, etc...). What package should I use? sendmail? [17:12] I would like to use 'what everybody else uses'... [17:12] arturo_on_rails: Any MTA is fine for that. Postfix is a common choice. Sendmail is relatively rare these days. [17:13] One potential source of confusion about this is that Postfix, Exim, etc all provide a binary called sendmail for compatibility purposes. [17:14] jmarsden: but isn't postfix a bit too much? I just want to execute 'sendmail' I have my own MTA in the network running postfix [17:14] Then you can use something less common; you said you wanted to use what "everyone else uses". Try ssmtp or similar for a minimal MTA if that is what you seek. [17:15] jmarsden: ScottK: Oh, so people ACTUALLY use postfix for this... [17:15] jmarsden: ScottK: no probs... ok, so for minimal, ssmtp. [17:16] Or msmtp, or one of a few other minimalist ones. But it's easier to find config help on Postfix, so there's a mild tradeoff there. [17:19] thanks guys. Bye for now... [17:22] hi [17:22] can some one here hlp me [17:23] hello [17:23] some one here¨ [17:23] hans38: You'll need to ask a question before we can help :) [17:24] Or, we just answer the question. hans38: Yes :) [17:24] Did that solve your problem so far? [17:24] no [17:24] Guess you asked the wrong thing then hehe. [17:24] how to become root user in ubuntu [17:24] Sudo? [17:24] !sudo | hans38 [17:24] hans38: sudo is a command to run programs with superuser privileges ("root"). Look at https://help.ubuntu.com/community/RootSudo for more information. For graphical applications see !gksu (Gnome, XFCE), or !kdesudo (KDE) [17:25] i try to login as root [17:25] hans38: never do that [17:25] why [17:25] Security issues.. [17:25] See it like this: You are a user on the machine.. root is not, it's just a privilege. [17:26] i want to change some files in var/www/ [17:26] and i cant write there [17:26] hans38: no problem, just use sudo in front of your commands. [17:27] hans38: The website that ubottu linked to explains why we use sudo and the proper commands for invoking it. [17:27] okay. but the problem if i sudo is that the one and only pwd i use [17:27] dont work [17:28] You're giving your own password, right? [17:28] yes [17:28] same that i'm loging in with [17:28] capslock? [17:29] can anyone help me w/ ubuntu virtualizatio (kvm) i have a kvm server on 8.10; i rebooted the machine out of frustration, i log back in and run virsh, and type 'list --all' and nothing shows up - can anyone help me? i feel panicky. [17:29] hans38: did you make another initial user when installing the machine, besides yours? [17:29] none [17:32] some thing else,, how to run xwindow ? [17:33] hans38: i have a slight feeling you haven't read any documentation at all, maybe start with that first. === kees__ is now known as kees === Clusty__ is now known as Clusty_ [18:31] Can anyone help me with ldap and tls? [18:33] atyson01: never tried ldap === nxvl_ is now known as nxvl [18:54] anyone having some experience with LVM so far? [18:59] Hi all. I'm new to Ubuntu server, but I have experience with RHEL. I'm trying to install a guest 9.10 using KVM, but I'm not following the network settings. [19:00] When I used Xen, I was able to specify a real (not private) ip address for each guest. Is this possible in ubuntu with KVM? [19:00] i installed ubuntu LAMP with openSSH, partitions are swap, / and /home. /home should be in LVM as it will expand later on second disk. but, after completing installation proces, there is nothing in fcstab about mounting /home as separate partition. I edited fcstab, but since this is the first time i use LVM, a would appreciate if someone more experience would review the file before I reboot the machine === erichammond1 is now known as erichammond === dendro-afk is now known as dendrobates [19:07] hi, i am failry new to linux, old windows man here, have 2003, xp vista and w7 boxes, now a karmic desktop too [19:08] i am wondering if the server edition has no gui? [19:08] if not can i add one? :) [19:08] it doesnt come with one by default [19:08] and yes you can add one [19:09] ok sounds great [19:10] is it good for vm-ing with say virtualbox ? or does it have its own? [19:10] depends on what you want [19:11] if you want to run a server with a bunch of virtual machines have a look at kvm [19:11] if you want graphical stuff virtualbox rocks [19:11] vm for running various windows as a support tech [19:11] then I'd go for ubuntu desktop with virtual box [19:11] works for me [19:12] i have that now, but since i know win2003 server a bit, i guess i am curious [19:13] then I'd go for ubuntu server with kvm :) [19:13] karmic desktop is really great [19:14] smoser: users on the ec2 google group complaining about the mirror being down [19:14] i have looked at redhat, fedora, slackware, knoppix and one i cant remember :) [19:14] yeah, and me resonding :) [19:14] like ubuntu best so far [19:14] smoser: oh you saw that..i have to get with th e times [19:15] * zul goes back to fibre channels [19:15] arj thanks for the advice === orudie_ is now known as oru_work === Belloto1 is now known as Belloto [19:29] i installed ubuntu LAMP with openSSH, partitions are swap, / and /home. /home should be in LVM as it will expand later on second disk. but, after completing installation proces, there is nothing in fcstab about mounting /home as separate partition. I edited fcstab, but since this is the first time i use LVM, a would appreciate if someone more experience would review the file before I reboot the machine [19:32] noobuntu: what does "df -h" reveal [19:33] can I create a software raid1 while installation of ubuntu server? [19:33] and install on it? [19:37] Aison: yes [19:38] mneptok: http://paste.ubuntu.com/337499/ [19:38] mneptok: first part is what I want to add to fcstab, second part is df -h listing [19:43] noobuntu: what is in /dev/VolGroup*/ ? [19:49] mneptok: /dev/vg01/@vg01home [19:49] noobuntu: then you should be able to add the device to fstab without issue [19:49] * RoyK uses zfs instead of lvm these days [19:50] mneptok: like stated in fcstab file I presented to you? [19:50] noobuntu: no way to tell, as i can't mind-read your UUIDs ;_ [19:50] ;) [19:51] mneptok: UUID is correct, unless copy-paste behavior changed lately :D [19:51] mneptok: i suppose i will lose everything what is now in /home ? [19:52] noobuntu: not if you make a backup onto the LVM [19:52] noobuntu: manually mount it (which will allow you to ensure the UUID info is correct) and then rsync to it [19:53] mneptok: never did manual mount in terminal [19:54] sudo mount -t ext(whatever) /dev/VolGroup(whatever)/(whatever) /path/to/a/mount/point [19:56] mneptok: thank you very, very much. I hope I will be able to return you the faver sometime in the future. I will do backup of /home first, it will not hurt :-) [19:56] faver=favor [19:56] noobuntu: my PayPal address is .... [19:56] ;) [19:56] hahahaha [19:57] I don't have paypal. what would you charge for such advice? (maybe I open it and start charging like you :D) [19:58] hmmm .... [19:58] i'd really like a golden chalice filled with the still-warm blood of my enemies. [19:58] can you do that? [19:58] depends on size of a chalice, hm [19:59] well, let's use LVM for it so you can increase its size later when you have more money. [19:59] depends on size of your enemies [20:00] mneptok you play fantasy games? [20:00] noobuntu: i'm on IRC. does that count? [20:00] mneptok always [20:01] and i like to think of myself as a golden-haired Adonis that is the envy of all who encounter him. [20:01] my wife tells me that's a fantasy game. [20:01] hahahaha, you have good sense for humor === luis__lopez is now known as luis_lopez [20:03] beside good knowledge of linux [20:05] are you guys talking about the Sacred Chalice of Reex? === dendrobates is now known as dendro-afk [20:40] hi === robbiew is now known as robbiew-afk === robbiew-afk is now known as robbiew_ === luis__lopez is now known as luis_lopez [21:08] kirkland, have you ever setup an iscsi target and initiator? I could used some examples of working setups. [21:10] rtg: google is a nice thing https://wiki.ubuntu.com/IscsiInitiator [21:10] rtg: i have [21:10] rtg: i'm a bit tied up right now at a customer/partner site [21:10] rtg: i'll see if i can find some docs for you [21:10] rtg: otherwise, mathiaz has done it too [21:11] kirkland, i've been groveling conf files and such, but can't seem to get anywhere after discovery. [21:11] I'll bug mathiaz [21:11] rtg: http://www.howtoforge.com/using-iscsi-on-ubuntu-9.04-initiator-and-target [21:11] rtg: that one looks pretty good [21:11] ah ha! [21:11] rtg: i just skimmed it [21:11] rtg: it has the key commands [21:12] cool, thanks [21:17] rtg: I do this on a daily basis with EqualLogic arrays. I can send you my email you if have specific questions that I can help with. [21:18] jsalisbury, lemme mess with it a bit. I'm just verifying that the iscsi target driver in Lucid functions [21:19] rtg: Ok [21:23] hm... http://en.wikipedia.org/w/index.php?title=Comparison_of_file_systems&oldid=209063556#Features <-- see last column :) [21:43] jsalisbury, so, the initiator/target pairing works in karmic, correct? [22:04] hi, i'm trying to boot a mac using netinstall image. My server is running dhcpd with fixed-address for the mac machine. dhcp works and i get correct ip addr. netboot doesn't; do i need to run something to server bsdp on the server? [22:33] Would this be an acceptable place to ask a question regarding mysql? [22:42] so I just upgraded a hardy machine to kvm 84, and now my guests have ata errors... and can't login using pam [22:47] say I wanted to chgrp -R /var/log from adm to something else [22:47] thats all find and good, but once logrotate created new logs, would they be owned by adm group again [22:48] /etc/logrotate.conf has nothing about the adm group, and /etc/logrotate.d/ has info for some logs, but not all [22:57] New bug: #494243 in samba (main) "package samba 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/494243 [22:57] how can i find a file in linux? [22:58] find [22:58] :) [22:58] alex88: a specific file, or just any file? :) [22:58] "find /path/of/where/to/look -name nameoffile" [22:58] alex88: if the file permissions are "right" the command locate is usually the fastes way. [22:58] it has a lot of options though [22:58] see manpage [22:58] i've found a process "afserver" running [22:59] and i what to just search recursively in / to find it [22:59] i've seen it's the afbackup server but i haven't installed it [22:59] alex88: well, if it's a binary, and it's in the path, you can always try: which afserver [23:00] it's not in the path.. [23:00] btw, searching with find [23:01] cause i have another user using this vps for a irc server, but i don't think that afserver is related with it.. [23:01] locate is much cooler! [23:01] (i just found out) [23:01] :) [23:01] no results.. find / -name afserver and also locate [23:01] sudo find [23:02] etc [23:02] i'm already root in the / dir [23:08] i think that if i can see it on netstat -tapn i can found the binary somewhere