/srv/irclogs.ubuntu.com/2010/03/10/#ubuntu-server.txt

jan247	hi guys, could someone lead me to some documentation for capacity planning for an ubuntu cloud?	00:03
\sh	jan247: eventually http://www.ubuntu.com/system/files/UbuntuEnterpriseCloudWP-Architecture-20090820.pdf ?	00:06
\sh	http://www.google.de/search?sourceid=chrome&ie=UTF-8&q=capacity+plan+for+ubuntu+enterprise+cloud <- first hit on friend google	00:07
chocamo	how clean are complete dist upgrades? when lucid comes out will it really be as clean and simple as a regular apt-get dist-upgrade?	00:12
thebwt	chocamo: ideally	00:12
chocamo	is it better to just backup certain config files and do a clean install with new release?	00:13
thebwt	how much of your servers software is fromt eh repos	00:13
thebwt	and what version you coming from	00:14
thebwt	to get a good idea first hand, start up a vm and give it a shot imo	00:15
thebwt	main things to watch for is non repo software that you 'installed'	00:15
chocamo	ya ok	00:15
chocamo	thanks	00:15
=== robbiew is now known as robbiew_
zoran119	hello, i got a problem with a ubuntu 8.04 lts running as a virtual machine on hyper v	01:04
zoran119	every day or two the clock gets stuck in a 5 second loop and i have to restart the vm to get it going again	01:05
zoran119	i have removed ntp ntpd from startup, i have also remove ntp script from cron.daily	01:05
zoran119	the problem always occurs at 00 minutes (so at 12:00:00, or 13:00:00 and so on)	01:06
zoran119	i just saw that there is a cron job that runs rdate -s every hour to sync the clock to an external rdate server... could this be causing trouble?	01:08
\sh	zoran119: where did you see this rdate script, /etc/cron.hourly or /etc/cron.d ?	01:17
twb	A cron job to run rdate is pretttty stupid.	01:19
zoran119	\sh: the rdate script was in root's crontab.... 'crontab -e'	01:19
zoran119	\sh: i have removed that cron job now	01:20
twb	zoran119: sounds like whoever set up your VM was a fool.	01:21
zoran119	twb: why is it such a bit issue?	01:22
twb	zoran119: because cron events are triggered based on time.	01:22
zoran119	twb: infinite loop possibility?	01:22
twb	So if you have a time event that causes the clock to be set back, it'll loop forever	01:22
twb	Although I guess it ought to work if the inetd it's talking to isn't also hokey...	01:23
erichammond	twb: Doesn't cron have some smarts about triggering the same job multiple times? I believe it does the right thing on daylight savings time shifts.	01:23
twb	erichammond: maybe it does.	01:24
twb	Certainly rdate is deprecated in favour of NTP for other reasons.	01:24
\sh	zoran119: that's not installed by default, right? actually I don't know any package which installs something into roots crontab	01:24
zoran119	\sh: not by default no... it was added manualy	01:24
twb	Probably by whoever built the pre-built guest image, or by the equivalent of vmware-tools.	01:25
\sh	using ntp on our esx vms does work and doesn't crash...it helps to maintain a sane time sync on our vms	01:25
twb	\sh: ntp won't make large steps by default.	01:26
\sh	twb: iburst?	01:26
twb	\sh: hmm?	01:26
\sh	twb: you meant with "large steps" that ntp doesn't sync your time at startup of ntp, or did I miss your meaning?	01:28
\sh	grmpf...I hate unittest	01:28
lifeless	?	01:30
kirkland	lifeless: hiya	01:30
lifeless	kirkland: hey	01:30
\sh	adding the keyword "iburst" on your server line in ntp.conf it syncs the time directly after startup (just like ntpdate <ntp server> ; /etc/init.d/ntp start	01:30
ChmEarl	!paste	01:31
ubottu	For posting multi-line texts into the channel, please use http://paste.ubuntu.com \| To post !screenshots use http://tinyurl.com/imagebin \| !pastebinit to paste directly from command line \| Make sure you give us the URL for your paste - see also the channel topic.	01:31
ChmEarl	getting conflict in linux-virtual install http://paste.ubuntu.com/392171/	01:33
ChmEarl	linux-image-virtual refuses to copy in its kernel	01:34
ChmEarl	how can I cancel an install with conflicts?	01:42
ChmEarl	its frozen at Inst/Unpacked	01:42
uvirtbot	New bug: #535439 in samba (main) "Windows Network Computer are not shown" [Undecided,New] https://launchpad.net/bugs/535439	01:52
invisime	so I accidentally toasted /var/lib on my server box. I have a bunch of stuff configured on it that I don't want to lose. I have enough space on my external to copy everything that's not toasted over prior to a reinstall. how should I proceed to minimize pain and effort? it would also help if I could minimize wailing of gnashing of teeth, but at this point I'm flexible.	02:24
twb	invisime: dd the entire partition is safest	02:27
* invisime goes to read man dd.		02:27
arrrghhh	so i'm having issues with rtorrent. keeps segfaulting, and it seems to be my config. i _swear_ nothing changed with the config file, but when i run rtorrent with the -n switch, it works fine...	02:28
arrrghhh	sorry, it's been a while since i've used irc!	02:30
twb	arrrghhh: strace it	02:30
arrrghhh	wow i've never used strace	02:31
arrrghhh	seems to dump a ton of info to the termina.l	02:31
arrrghhh	is there a particular way i should be running rtorrent with strace? i see the segfault at the end, but there's an endless amount of pretty much garbage proceeding it.	02:33
invisime	twb: how do I tell which /dev/ entry is mounted as root?	02:35
arrrghhh	i think it may be the xmlrpc calls that is causing rtorrent to segfault... hrm.	02:35
twb	invisime: /proc/mounts, perhaps?	02:37
twb	invisime: if you don't know that much already, it's probably dangerous for you to be trying to do anything at all	02:38
invisime	twb: well, clearly. I mean I already accidentally deleted /var/lib :P	02:38
arrrghhh	eek	02:39
=== heynow_ is now known as heynow
twb	arrrghhh: put the strace output in a file, then examine the file	02:40
arrrghhh	twb, i'm not sure what this output is... but perhaps it'll make sense in a file.	02:40
twb	arrrghhh: I expect you to at least LOOK at the manpage	02:41
arrrghhh	for what, strace? ok. the output does make more sense in a file as well, but i still don't get why it's segfaulting.	02:42
arrrghhh	impressive, i'm surprised i haven't heard of strace before.	02:43
twb	It's a log of the system calls made by the rtorrent process during its lifetime.	02:43
twb	Interpreting what is actually happening is a skill you'll have to pick up over time.	02:43
arrrghhh	i see "The SCGI socket has not been bound to any address and likely poses a security risk" - i didn't think it would cause a segfault.	02:44
twb	OK, so now we approach the problem from the other direction. What release are you running? Did you enable any third-party repos? Did you install any software by hand (instead of via apt)?	02:44
arrrghhh	xml-rpc i did have to compile by hand...	02:45
arrrghhh	rtorrent is from the repo's	02:45
twb	Especially if you've done something silly like installing karmic's rtorrent into hardy, that would be a dead giveaway.	02:45
arrrghhh	uhm i hope not	02:45
arrrghhh	i'm running karmic	02:45
twb	How does xml-rpc fit into this?	02:45
arrrghhh	i'm thinking that's what is segfaulting rtorrent	02:46
twb	What evidence do you have of this?	02:46
arrrghhh	well, that error. and when i access rtgui it seems to crash rtorrent.	02:46
twb	This is obviously something new since I last used rtorrent, when it had an ncurses GUI.	02:47
arrrghhh	i had to compile xml-rpc by hand because the advanced tree that fixed a bug i was having rtgui	02:47
arrrghhh	oh it still uses ncurses. but it can accept xml-rpc calls so other front-ends can control it.	02:47
twb	What do you mean "because the advanced tree"?	02:49
arrrghhh	it's been a while since i went thru it, lemme find the link. essentially any torrent over 4gb would show the incorrect size unless i used the advanced tree of xml-rpc	02:49
arrrghhh	well i found the directions, but not the explanation...	02:52
arrrghhh	i guess it has a little blurb of why in the intro	02:52
arrrghhh	http://code.google.com/p/rtgui/wiki/CompilingRtorrent	02:52
arrrghhh	"The original problem is caused by the standard version of XMLRPC-C that is shipped with Ubuntu."	02:53
twb	So you installed xmlrpc-c AND libtorrent AND rtorrent from source?	02:54
arrrghhh	i believe i just did xmlrpc-c from source. it has been a while, but as i recall libtorrent and rtorrent came from the repo's.	02:55
twb	So your libtorrent and rtorrent are failing because the version of xmlrpc-c they expect isn't the version that's installed.	02:56
arrrghhh	that... would make sense.	02:56
twb	The right thing would be to wait for Ubuntu to fix the issue, probably in the next release, since AFAICT it's not a show-stopper.	02:57
twb	The next least-bad thing would be to roll a .deb for your xmlrpc-c svn snapshot, then apt-get build-dep, apt-get source --build and install libtorrent, then rtorrent.	02:57
arrrghhh	no, not a show-stopper. but how do i get back to a functioning rtorrent? i'm assuming i have to purge the custom install of xml-rpc and reinstall the one from the repos?	02:58
ChmEarl	getting conflict in linux-virtual install http://paste.ubuntu.com/392171/	02:58
twb	arrrghhh: Ideally by running "make uninstall" in the xmlrpc-c source dir and praying its uninstall code isn't completely fucked, then by running "aptitude reinstall xmprpc-c" or whatever the package name is.	02:59
arrrghhh	hrm.	02:59
arrrghhh	ok	02:59
twb	ChmEarl: it looks like you simply can't have both kernels installed at once.	02:59
chocamo	I am trying to setup wireless as a backup interface (don't ask), and I have wpa_supplicant connecting fine, but other problems: static ip doesnt work, tried dhcp but "no dhcpoffers received"	03:03
arrrghhh	twb, aaaaaand if the make uninstall fails?	03:04
ChmEarl	twb, I tried to uninstall the exiting server image, but the conflict is interfering. How can I cancel that install?	03:05
ChmEarl	existing	03:05
chocamo	i think there is a force option	03:06
ChmEarl	-f is force, but the apt-get always comes back and says run "apt-get install -f"	03:07
ChmEarl	and I'm trying to do a remove?	03:07
ChmEarl	nevermind mates, I got it. I put both of the depends on the line together :)	03:09
ChmEarl	woohoo finally	03:09
twb	ChmEarl: dpkg -P <package name>	03:10
ChmEarl	that does a cancel?	03:10
twb	Oh, right.	03:10
twb	ChmEarl: never mind, you fixed it already.	03:10
ChmEarl	a purge?	03:10
twb	Yes, -P is purge.	03:10
ChmEarl	I was stuck until you got me trying a diff approach, thanks	03:11
ChmEarl	twb- it worked.. uninstalled one, then installed the virtual type	03:13
ChmEarl	the initrd was lowered from 7MB->4MB	03:14
twb	If you care about saving 3MB, you shouldn't be running Ubuntu	03:14
arrrghhh	ha, seriously	03:16
RoAk	kirkland, i was wondering if packages that use upstart jobs commands like update-rc.d won't work as always.	03:16
=== RoAk is now known as RoAkSoAx
RoAkSoAx	clear	03:17
arrrghhh	twb, sorry to bug you with this, especially since i caused the problem myself... but the make uninstall didn't work. doesn't seem to exist... is there anything else i can do?	03:18
=== zz_monteith is now known as monteith
ChmEarl	looking in grub.cfg, the root is (hd0,5) is the 5 0-based or 1-based	03:48
arrrghhh	twb, so is there anything else i can do? the make uninstall failed.	04:24
twb	arrrghhh: either reinstall, or put up with a messy system	04:25
twb	ChmEarl: depends which version of grub :-/	04:25
twb	ChmEarl: in GRUB Legacy, everything counts from zero. IIRC in GRUB 2, disks count from zero and slices (partitions) count from 1.	04:25
arrrghhh	can i get rid of the xml-rpc stuff at least? i have the tar i compiled it from.	04:26
twb	arrrghhh: shrug	04:26
arrrghhh	yea... i knew all this custom stuff would bite me in the end.	04:26
twb	arrrghhh: it's just a phase	04:27
twb	arrrghhh: you'll get over it	04:27
arrrghhh	somehow i doubt ubuntu is going to 'fix' the problem with xml-rpc anytime soon. so a clean system will put me back to where i was before, getting sizes that were negative.	04:28
twb	IMO that is a Good Thing	04:29
sekyourbox	Hello, I accidentally broke my network somehow in my ubuntu 804 install. I was attempting to setup a PXE server, but when i went to setup dhcpd.conf, there was some firestarter script in there. I deleted the config, and uninstalled firestarter just in case. I started to setup the config file, and got sidetracked, and just deleted all the options. I restarted the dhcpd3 and everything was working fine. When i reboote	04:29
uvirtbot	Launchpad bug 804 in eric "Bugged by pyQT api update (dup-of: 803)" [Medium,Fix released] https://launchpad.net/bugs/804	04:29
sekyourbox	t I tried pinging the router, and got an error.. I checked all the regular network settings and disabled any route table, and everything looks fine.. I checked ip tables and noticed that it was set to deny all traffic.. I reset the iptables, and still no luck.. Any ideas on the next step i should take to troubleshoot? i think it has something to do with firestarter uninstall	04:29
uvirtbot	Launchpad bug 803 in eric "Bugged by pyQT api update" [Medium,Fix released] https://launchpad.net/bugs/803	04:29
arrrghhh	well then i'd just try to redo the stupid advanced tree of xml-rpc to fix the issue just to have it broken again by an update.	04:32
jayvee	iptables -P INPUT -j ACCEPT, maybe?	04:36
jayvee	can't remember the exact syntax	04:36
jayvee	pastebin 'iptables -L -v'	04:37
sekyourbox	jayvee, sorry I didnt know you were talking ...	04:57
sekyourbox	I did an iptables -F ; iptables --flush; and iptables-save.. When i reboot it shows the same configuration of deny all is in there.	04:57
sekyourbox	not sure what to check for startup scripts	04:58
twb	sekyourbox: pastebin the output of "find /etc/init /etc/event*/ /etc/rc?.d/ -ls".	05:02
sekyourbox	sorry no internet on that machine	05:02
sekyourbox	lol twb	05:02
twb	sekyourbox: I don't care how you do it.	05:02
sekyourbox	okay was that just me?	05:13
sekyourbox	or was that a netsplit from hell	05:13
thebwt	sekyourbox: yup	05:13
thebwt	sekyourbox: oh, as in just you, you were the only one that left from my PoV	05:14
sekyourbox	lol, are you playing with me?	05:14
thebwt	Netsplit .net <-> .split quits: sekyourbox	05:14
thebwt	lol	05:14
sekyourbox	re spawn	05:15
ChmEarl	finally got linux-image-virtual kernel running as PV guest in Xen	05:23
ChmEarl	guest is Karmic 9.10 server (root=1G) and host is Xen 4.0 on SuSE 11.2	05:24
uvirtbot	New bug: #535533 in qemu-kvm (main) "gdb fails in arm chroot" [Undecided,New] https://launchpad.net/bugs/535533	06:37
mealstrom	hi. easy question. how to disable ip_v6 on some ethernet port ? say eth0	07:12
mealstrom	not os easy as I supposed...	07:34
jayvee	mealstrom, sysctl net.ipv6.conf.eth0.disable_ipv6=1	07:44
mealstrom	thanks	07:45
jayvee	but why do you want to disable ipv6?	07:45
mealstrom	there were some unfixed bugs with ipv6 and dhcp or something like this. just want to close external interface	07:45
jayvee	if I were you, I'd seriously consider deploying IPv6 for real some time.	07:47
Jeeves_	'some unfixed bugs with ipv6'	07:53
Jeeves_	mealstrom: Disable ipv4 as well! There are various products on IPv4 that have unfixed bugs!	07:54
mealstrom	(:	07:54
mealstrom	nice idea	07:54
mealstrom	internal network is using ipv6 )	07:54
persia	Point-to-point serial connections are the only safe path to the future :)	07:55
persia	But more seriously, why isn't IPv6 the default for the virbr0 network in libvirt?	07:56
Jeeves_	persia: Because ipv6 is unfortunatly not taken very seriously by some people	08:08
persia	Jeeves_: Is there a technical reason we can't set up libvirt do to both IPv4 and IPv6 by default?	08:09
Jeeves_	You'd need some address space	08:09
Jeeves_	I'd think you'd need to add a /64 to the libvirt interface	08:10
persia	We're using something in 192.168/16 now for IPv4. Couldn't we use something in fc00::/7 for IPv6 ?	08:10
persia	(or maybe fec0::/10 )	08:11
jayvee	persia, because the VMs can't connect to the Internet that way	08:11
jayvee	IPv6, unlike v4, doesn't have NAT for that sort of thing.	08:11
jayvee	yes, you can add global addresses as well, but it's a little sticker	08:12
jayvee	s/sticker/stickier/	08:12
persia	Ah, so we'd need to install an IPv6->IPv4 gateway by default, and that breaks people with IPv6, etc.	08:12
Jeeves_	persia: Uh? What?	08:12
Jeeves_	You just need ipv6, not an ipv6->ipv4 gateway	08:12
persia	Jeeves_: I either need IPv6 NAT or a gateway to let the VMs route to the internet unless I have real address space.	08:13
Jeeves_	I'm trying my best to get Canonical to offer all packages on ipv6, so you won't need ipv4 at all! :)	08:13
Jeeves_	persia: get real address space? :)	08:13
Jeeves_	Seriously, get a tunnel somewhere	08:13
Jeeves_	Or just native, but that's probably more complicated	08:14
persia	Jeeves_: What packages don't work with IPv6? Surely those can be just patched, rather than waiting for Canonical to get to it.	08:14
persia	Jeeves_: Also, while getting address space isn't that hard, it doesn't solve the "what gets shipped by default" issue.	08:14
* persia tries not to carry local patches or configuration changes, if possible, as this makes install/replication of new stuff easier		08:15
Jeeves_	persia: archive.ubuntu.com and security.ubuntu.com don't have AAAA-records	08:15
persia	Oh, so there's no IPv6 mirror. I understand. Is there anything missing in the packages, or is it just a mirror thing?	08:16
jayvee	things like Postfix don't come configured for IPv6 out of the box	08:17
jayvee	So following things like this http://www.sixxs.net/wiki/Postfix (which I wrote) becomes necessary.	08:17
persia	jayvee: Is there a known working patch to the default config that would sort that, or do we run into address space issues again?	08:17
jayvee	Well IMO it's something that should change upstream as well.	08:18
jayvee	It shouldn't require hard-coding of your IPv6 address space	08:18
persia	I'm in complete agreement with that. Is there a patch that makes sense to make to default config? (Doesn't really matter where it gets applied, once it exists)	08:19
jayvee	If you don't specify mynetworks, I believe it is automatic, so if the defaults were changed to 'all' instead of 'ipv4', it should "just work".	08:19
jayvee	Only disadvantage is that no spam DNSBLs support IPv6 yet.	08:19
jayvee	One did, but it's now defunct.	08:19
jayvee	Not sure if a patch exists.	08:19
* persia tends to find that ideas get more tractions when patches exist and are promoted		08:20
persia	But the lack of DNSBL for IPv6 makes it awkward :(	08:20
jayvee	Well DNSBLs aren't configured by default anyway, so there's one way to justify it.	08:20
persia	Good point.	08:20
jayvee	Also I haven't seen a single piece of spam or abuse on IPv6 yet.	08:21
persia	That's a sign of lack of adoption, really.	08:21
jayvee	Yeah.	08:21
jayvee	Also, avahi doesn't come configured with IPv6 turned on by default.	08:21
persia	I could once say that about Usenet :)	08:22
jayvee	One really unfortunate thing about avahi is that when you do enable IPv6 in /etc/avahi/avahi-daemon.conf, you see duplicate services.	08:22
persia	Is there a local-link address space for IPv6? I didn't think there was an equivalent to 169.254	08:22
jayvee	yes	08:22
jayvee	fe80::/12 or something	08:22
jayvee	So, for example, in the VNC client, you see two of every server that has IPv4 + IPv6	08:22
mealstrom	omg ... I've just said how to disable ipv6 on one nic :)	08:23
* jayvee looks it up		08:23
jayvee	fe80::/10	08:23
persia	mealstrom: Sure, but you've hit on a discussion that needs happening :)	08:23
jayvee	persia: http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.txt	08:23
Jeeves_	btw, Ubuntu postfix doesn't come with ipv6-enabled by default	08:23
jayvee	2000::/3 (i.e. 2000-3fff) is the "global" address space	08:24
jayvee	Jeeves_, yeah, I just said	08:24
=== Disconneu is now known as Disconnect
persia	Right. So postfix is easy: just needs a minor tweak (and some discussion on the mailing list)	08:24
jayvee	fc00::/7 is closest to the RFC 1918 addresses (e.g. 10.0.0.0/8)	08:24
persia	Well, and 172.16... and 192.168...	08:24
jayvee	yaeh	08:24
jayvee	persia: $ host www.debian.org	08:25
persia	avahi needs some way to know when we're talking to a unique machine to avoid duplicated services. Can we do something with arp to help with that?	08:25
jayvee	www.debian.org has IPv6 address 2001:388:1034:2900::26	08:25
jayvee	that's hosted in Australia. :-D	08:25
jayvee	persia: nothing to do with what you just said, but IPv6 doesn't use ARP	08:25
persia	heh. I wonder who tracks that record most closely :)	08:25
jayvee	it uses Neighbour Discovery	08:26
jayvee	you could turn off ipv4 in avahi, but that breaks compatibility with every released ubuntu to date	08:26
jayvee	not sure how OS X does it	08:26
jayvee	OS X has had full IPv6 zeroconf support since 2003	08:26
persia	Probably ignores IPv6 if names are duplicated or something.	08:26
jayvee	there is also a major flaw in the internals of glibc that prevent mdns from working with link-local (fe80::/10) addresses	08:27
persia	There's an open bug about that?	08:27
jayvee	yes	08:27
jayvee	it's been open for years and years	08:27
persia	Anyone working on it?	08:27
jayvee	doubtful	08:27
jayvee	it would break too much software	08:27
jayvee	it's more of a design flaw	08:28
jayvee	reason being is that link-local addresses also require a "scope ID"	08:28
jayvee	so I can ping a global address without a scope ID, like so:	08:28
jayvee	$ ping6 2001:44b8:1::1	08:28
jayvee	but to ping a link-local address, I need to specify the ethernet interface	08:28
jayvee	$ ping6 fe80::21b:fcff:fe25:42e7%eth0	08:28
jayvee	now that's obviously structured differently in memory	08:29
jayvee	but basically glibc doesn't have the provision to return the scope in the dns functions, from what I understand	08:29
jayvee	actually, I think that's more nss-mdns's problem than avahi	08:29
persia	Sounds it.	08:30
jayvee	so that doesn't work in an ad-hoc setting	08:30
jayvee	whereas 169.254 addresses work fine with avahi right here rightn ow	08:30
persia	OK. Reading about NDP, it won't get us information we can reliably compare with something else to determine host identity.	08:31
jayvee	the one thing that is the same is the hostname, though	08:31
persia	not necessarily, but I agree it's likely safe to assume that.	08:31
jayvee	nss-mdns also isn't enabled for ipv6 by default	08:31
persia	But I think that belongs in the avahi UIs, rather than anywhere else.	08:31
jayvee	in /etc/nssswitch.conf, you need to change 'mdns4' to 'mdns'	08:32
jayvee	in ubuntu 8.04, samba doesn't support ipv6, but in 8.10 and up, it is fully supported and interoperable with Windows Vista, which also supports SMB over IPv6	08:33
jayvee	however, LLMNR isn't supported	08:33
jayvee	which is basically the IPv6 equivalent of nmblookup that microsoft invented	08:33
persia	Right.	08:33
merlijn-	hello, I'm trying to get ubuntu to boot from an older debian kernel - I have already downgraded to grub-1 but I keep getting error 13 when trying to boot the old kernel	08:33
jayvee	LLMNR is rumoured to be supported by avahi one day	08:33
jayvee	LLMNR is not ubuntu's problem	08:33
jayvee	https://bugs.launchpad.net/ubuntu/+source/nss-mdns/+bug/94940	08:34
uvirtbot`	Launchpad bug 94940 in avahi "mdns listed in nsswitch.conf causes excessive time for dns lookups" [Undecided,Confirmed]	08:34
persia	I think there ought to be a wiki page listing known issues and referencing open bugs, etc.	08:34
persia	Looking around, I don't think one exists.	08:34
persia	There's https://wiki.ubuntu.com/IPv6Integration but that's an incomplete spec.	08:34
jayvee	http://lists.freedesktop.org/archives/avahi/2007-February/000959.html	08:34
persia	There's also https://wiki.ubuntu.com/IPv6 but that's user documentation.	08:35
persia	Would you mind creating https://wiki.ubuntu.com/IPv6/OutstandingIssues or similar?	08:35
persia	Jeeves_: Maybe you also have some useful stuff to add there?	08:35
persia	if we get it all in one place, I suspect we'll be well poised to get patches where they need to be to make it work.	08:36
FireCrotch	isn't "outstanding issues" and the like what launchpad is for?	08:36
Jeeves_	FireCrotch: Yes, it is	08:36
Jeeves_	persia: the wiki isn't a bug tracker :)	08:36
persia	FireCrotch: Launchpad does a great job of capturing individual issues, or plans to resolve classes of issues. It does less well at organising them.	08:36
persia	Jeeves_: I know, but it gives us structure, so we can identify which issues block other bits, etc. and build a strategy to solve things.	08:37
persia	Jeeves_: I don't think just adding an "ipv6" tag to bugs gives us that.	08:37
jayvee	there's already the "IPv6 Task Force" in launchpad which does bugger all	08:37
Jeeves_	Indeed	08:37
persia	Maybe that team needs a refresh :)	08:38
jayvee	(excuse my Australian)	08:38
Jeeves_	persia: Feel free to join	08:38
persia	Jeeves_: I need to get a new router first :) My router doesn't support IPv6.	08:39
persia	(and I know almost nothing about the area)	08:39
jayvee	you can learn a lot even by just running a tunnel on your PC	08:39
jayvee	apt-get install gw6c	08:40
jayvee	gets you on the IPv6 internet with a single IP through an anonymous tunnel provided by freenet6	08:40
jayvee	works through NATs with no config	08:40
persia	Installed, and I'm sure I'll learn.	08:41
jayvee	persia: does http://ipv6.google.com/ work?	08:41
persia	I still think it's worth trying to organise the list of issues if we want them solved.	08:41
jayvee	I think the main issues aren't actually technical — they're political	08:42
persia	jayvee: Now that I've installed gw6c, yes.	08:42
jayvee	for example, I was disgusted when I was reading the Ubuntu Enterprise Cloud documentation	08:42
persia	I'm fairly certain the main issues are political. That's why I think it needs organisation.	08:42
jayvee	it was all IPv4	08:42
persia	Organisation is key to political discussion, and well-organised plans can easily overcome apathy.	08:43
jayvee	hmm, I guess you have more faith in bureaucracy than I do :)	08:44
persia	It's not that. I just consider bureaucracy a tool.	08:45
persia	Like any tool, one needs to use it the right way.	08:45
persia	Documentating what needs doing, and in what order it needs doing builds a plan.	08:45
persia	Having such a plan makes it easier to create the necessary patches.	08:45
persia	Getting those patches applied is just legwork on the various mailing lists, bug trackers, etc.	08:45
persia	Having a plan, and garnering support at the distribution level helps provide incentive and demonstration of testing to upstreams.	08:46
persia	Having a plan and garnering upstream support helps support applying patches at the distribution level when upstream balks.	08:46
jayvee	I'm just gonna test whether nginx supports it by default	08:47
jayvee	actually, I already have apache	08:48
jayvee	hmm, someone else want to install nginx on karmic or lucid and tell me what "netstat -64ln \| grep 80" says?	08:48
persia	jayvee: Do you need a real install, or will the result from a liveCD meet your needs?	08:50
jayvee	live CD	08:50
jayvee	hey, don't go to too much trouble	08:50
persia	Argh! kvm is coredumping on every launch for me right now. Sorry.	08:54
persia	(and worse yet, the "report a problem" bit won't complete)	08:54
jayvee	no worries at all	08:54
jayvee	I'm wiping the dust off one of my VMs	08:55
persia	When kvm isn't segfaulting, I usually find it trivially easy to instantiate a new VM from a liveCD.	08:55
persia	(and tend to recommend that procedure rather than maintaining VMs for scratch tests)	08:56
persia	A fresh install tends to avoid any yet-unfixed upgrade bugs.	08:56
jayvee	persia: well here we go: https://wiki.ubuntu.com/IPv6/OutstandingIssues	08:57
persia	Wasn't there a glibc bug?	08:58
persia	Jeeves_: Do you know of anything else outstanding?	08:58
jayvee	Actually I think that a section should be added with regards to services like archive.ubuntu.com and www.ubuntu.com not having AAAA records.	09:00
_ruben	i thought postfix posed you a question wether to listen on ipv4 or ipv6 or both .. perhaps only during reconfiguration or so	09:00
persia	_ruben: It does, but only on reconfigure.	09:01
persia	_ruben: The idea would be to change the default.	09:01
_ruben	persia: ah ok	09:02
Jeeves_	There's a bug where ssh x-forwarding doesn't work on a box where ipv6 isn't enabled, but ssh listen on ::	09:02
persia	Template: postfix/protocols	09:02
TeTeT	ttx: on bug 524147, is it true that one CC always controls exactly one Availability Zone? So you can't have an AZ with multiple CCs for redundancy within that AZ?	09:03
uvirtbot`	Launchpad bug 524147 in eucalyptus "UEC NC failed to fetch preseed.conf from CC using lucid-server-amd64-20100218" [Medium,Confirmed] https://launchpad.net/bugs/524147	09:03
ttx	TeTeT: yes it's true	09:03
ttx	TeTeT: you can't have multiple CCs for the same "cluster"	09:04
ttx	TeTeT: there is a HA module in the closed-source eucalyptus, not sure what it does though	09:04
persia	Jeeves_: How can ssh listed on :: when IPv6 is disabled?	09:05
Jeeves_	Let me rephrase that.	09:06
Jeeves_	ipv6 is enabled but there aren't any ipv6 addresses available	09:06
persia	Ah. Right.	09:07
* persia suspects that's a bug in the definition of "ipv6 is enabled"		09:07
TeTeT	ttx: ok, so you should plan your CC and CLC to be redundant when going for a production environment, only the NC can be left brittle	09:08
jayvee	persia, Jeeves_: there is also the possibility for currently working IPv6 functionality to be broken for IPv4 in the future	09:09
jayvee	Debian recently announced that bindv6only would be enabled by default	09:09
jayvee	currently, if you listen on ::, it includes the ::ffff:0.0.0.0 compabitility addresses for IPv4	09:09
jayvee	so if your server app is IPv6-enabled, it is IPv4 enabled	09:09
jayvee	so you only have to support one stack	09:10
Jeeves_	persia: There allready is a bug about that	09:10
ttx	TeTeT: CLC and Walrus are the one SPOF, CC+SC you could consider losing them and still have a few clusters running elsewhere	09:10
jayvee	and lots of servers currently depend on that behaviour, and will then lose IPv4 functionality when that option is enabled	09:10
ttx	TeTeT: depends on the SLA you want to offer with the private cloud	09:10
jayvee	reason why the option is changing is because it's not RFC-compliant, as far as I've heard	09:10
jayvee	unrelated, but CentOS has a bug in its installed. It says "neighbour advertisement" when it should say "router advertisement". and actually I think it should be saying "router discovery" in that particular instance, but I forget.	09:13
jayvee	s/installed/installer/	09:13
persia	Jeeves_: I can't find that bug. All I find for ssh ipv6 are bugs #281882 and #407173	09:14
uvirtbot`	Launchpad bug 281882 in openssh "ssh hangs in initial handshaking when using IPv6" [Undecided,Confirmed] https://launchpad.net/bugs/281882	09:14
uvirtbot`	Launchpad bug 407173 in openssh "openssh: Please set traffic class on IPv6 packets" [Wishlist,Confirmed] https://launchpad.net/bugs/407173	09:14
Jeeves_	persia: Just a sec	09:15
jayvee	there is a bug that I don't know whether it was reported or not, but if I use an SSH SOCKS proxy, I cannot access IPv6–enabled websites	09:17
jayvee	whether SSH is running over IPv4 or IPv6	09:17
jayvee	all I get is "connection denied" or something — can't remember exactly	09:17
Jeeves_	persia: 434799	09:18
persia	buf #434799	09:18
persia	bug #434799	09:18
uvirtbot`	Launchpad bug 434799 in openssh "X11 forwarding via SSH does not work after upgrade to karmic" [Low,Confirmed] https://launchpad.net/bugs/434799	09:18
persia	https://bugs.launchpad.net/ubuntu/+bugs?field.tag=ipv6 probably needs more, but I've added that.	09:19
uvirtbot`	New bug: #535583 in nut (main) "Excessive logging by apcsmart program" [Undecided,New] https://launchpad.net/bugs/535583	09:21
persia	jayvee: Were you talking abut bug #239701 earlier, or a different one in glibc ?	09:49
uvirtbot`	Launchpad bug 239701 in glibc "getaddrinfo fails with numerical IPv6 values" [Undecided,New] https://launchpad.net/bugs/239701	09:49
jayvee	persia, nope	09:58
persia	Heh. OK.	09:58
jayvee	I'm referring to the fact that resolving something like "rillian.local" can't return "fe80::21b:fcff:fe25:42e7%eth0". Only things like "2001:44b8:7df3:b970::23".	09:59
persia	I found a bunch more "please enable ipv6" bugs. I'm not sure there is a clear solution for them yet. Added a link to the bugtracker on the page.	09:59
jayvee	On OS X, it works perfectly.	09:59
jayvee	ping6 rillian.local works both on a link-local only and a global network.	09:59
jayvee	on OS X	09:59
Jeeves_	jayvee: On osx, you're never sure wether you will use ipv4 or ipv6	10:00
persia	Right. So we need to reach feature parity :)	10:00
Jeeves_	It depends on what answer comes in first	10:00
jayvee	I'm not sure whether it's an RFC-compliance issue. Maybe OS X is breaking RFCs to provide that. But I'm not sure.	10:00
jayvee	But OS X has supported that since v10.3, which was released in 2003.	10:00
jayvee	My v10.3 Panther system supports IPv6 better than Windows 7 and Ubuntu. ;)	10:00
uvirtbot`	New bug: #325111 in ntp "ntpq output truncates IPv6 addresses" [Unknown,Confirmed] https://launchpad.net/bugs/325111	10:01
jayvee	ejabberd doesn't have IPv6 enabled by default	10:01
jayvee	is it worth talking about universe packages, or only main packages?	10:01
jayvee	I spose main is more important. ejabberd is in universe.	10:02
persia	It's worth talking about everything.	10:02
persia	The current definition of "main" is only that stuff in main builds against stuff in main. It doesn't currently correspond to translations support, upload restrictions, security support, etc.	10:03
persia	A better way to think about things is "what is available by default takes priority".	10:03
jayvee	well CUPS only listens on 127.0.0.1:631	10:06
jayvee	so http://[::1]:631/ doesn't work — not that that's a problem affected by the IPv4 apocalypse	10:06
jayvee	localhost should resolve to both ::1 and 127.0.0.1	10:07
jayvee	currently it only resolves to 127.0.0.1	10:07
jayvee	also, Second Life doesn't work if you have an IPv6 address for a nameserver in /etc/resolv.conf	10:07
jayvee	but that's offtopic — it's not in Ubuntu	10:07
jayvee	I do believe bind9 is IPv6-enabled by default.	10:09
jayvee	I think maybe some sample config in comments for IPv6 wouldn't go wrong in /etc/network/interfaces	10:10
jayvee	comments in configs are some of the best ways to learn, IMO	10:10
persia	Some of the bugs I'm encountering reference a slowness when IPv6 is enabled, and suggest disabling it.	10:12
persia	Could this be worked around by trying IPv4 first when available until the majority of folk are using IPv6?	10:12
persia	bug #374674 looks like an attempt to do that, but perhaps not in the ideal way	10:16
uvirtbot`	Launchpad bug 374674 in glibc "ipv6 link local address lookup broken" [Undecided,New] https://launchpad.net/bugs/374674	10:16
Japje	personally i would not prefer a work around that try's IPv4 before IPv6.. mainly because v6 first is expected behavior for everything .. dont think breaking that behavior is a proper solution	10:17
Japje	but thats just my humble opinion	10:18
persia	Japje: So, how do you suggest things be configured so that non-IPv6 using Desktop users don't need to wait for an ipv6 lookup timeout before starting the IPv4 lookup?	10:18
persia	I agree with the idea, but think that IPv4-before-IPv6 is better than no-IPv6	10:19
Jeeves_	persia: a NXdomain will not cause timeouts	10:19
Jeeves_	A nameserver that doesn't understand AAAA-requests will cause timeouts	10:19
Jeeves_	glibc is fixed, so that it won't ask for AAAA-requests if there is no routable ipv6 available	10:19
persia	Right, which is extremely common at the average "WiFi HotSpot"	10:19
Jeeves_	Indeed	10:20
Jeeves_	Because using a sane nameserver is very difficult! ;)	10:20
persia	And this causes complaints, and current documentation that recommends disabling IPv6.	10:20
persia	I'd like to find a (temporary) solution that helps ensure IPv6 is enabled for everyone, and then it's easier to migrate folk.	10:21
persia	Note that this may not cause hideal behaviour for IPv6 users in mixed environments by default, but surely that's better than having IPv6 just not work.	10:21
=== mks1 is now known as SchneeSchwarz
=== _ruben_ is now known as _ruben
persia	OK. Of the 68 tagged ipv6 bugs 9 have patches or branches. Those probably need a bit of testing, and coordination with appropriate folk. The rest need patches.	10:43
hemanth	hi, is there a way to keep two mysql DB's in sync in LAN?	11:15
hemanth	i'm on a Ubuntu 8.04 [LTS] server	11:16
Jeeves_	hemanth: Yes, Mysql Replication	11:22
Airells	could you tell me softs like webmin to administrate servers ? ( everything that makes job easy ) thx	11:29
_ruben	!ebox	11:29
ubottu	ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox	11:29
Airells	ubottu, thx	11:30
hemanth	Jeeves_, any package for that? i tired mysql replication, but there i need to specifically indicated each and every table.	11:30
Airells	_ruben, thx	11:31
=== Determinist_ is now known as Determinist
Jeeves_	hemanth: No you don't need to do that	11:46
Jeeves_	* is good enough	11:46
Kenjiro	good morning everyone	12:06
Kenjiro	guys, since yesterday I am trying to fix a problem on a apache server (ubuntu 9.10)	12:06
Kenjiro	I try to start apache2 and I get -> Syntax error on line 43 of /etc/apache2/sites-enabled/000-default:	12:07
Kenjiro	Unknown Authn provider: ldap	12:07
Kenjiro	however, I do have ldap.load in /etc/apache2/mods-enabled/	12:07
cjwatson	ttx: can you reproduce bug 535123? if so, how?	12:10
uvirtbot`	Launchpad bug 535123 in openssh "Lucid: Recent update to ssh mean ssh-askpass-gnome fails to recognize the correct password" [High,New] https://launchpad.net/bugs/535123	12:10
cjwatson	ttx: you were pretty definite about which version you reckoned introduced it ...	12:11
cjwatson	ttx: but there were no changes anywhere near that part of the code AFAICS	12:12
Kenjiro	ok, sorry, I think I solved that by myself. I hadn't enabled the authnz_ldap module ;)	12:16
ttx	cjwatson: haven't reproduced it (that's why I haven't marked it Confirmed), guessed version based on reporter comment	12:26
ttx	i.e. tried to translate "Recent update" to something clearer	12:27
cjwatson	more likely an upstream upgrade to 5.3p1 then	12:28
ttx	cjwatson: switched to Incomplete/Medium to reflect the fact that it's not easily reproducible	12:28
acalvo	is there any reason why two VMs in the same VM server sharing the same net behave different when accessing thru SSH? one faster and the other much slower	12:41
acalvo	how can I do some benchmarks to know the overall performance of a server?	12:41
pmatulis	!info iperf	12:42
ubottu	iperf (source: iperf): Internet Protocol bandwidth measuring tool. In component universe, is optional. Version 2.0.4-4 (karmic), package size 53 kB, installed size 200 kB	12:42
acalvo	thanks	12:43
=== pts is now known as pths
pmatulis	acalvo: are you comparing performance of the 2 VMs while both are being used?	12:50
acalvo	yes, but just to get some results	12:50
acalvo	if the connection is greater than, 100Mbits, will be fine	12:50
pmatulis	acalvo: both using virtio network driver?	12:50
pmatulis	(i'm assuming you're using KVM)	12:51
acalvo	I can't explain why SSH'ing one gets semi-stuck entering commands and the other goes fine	12:51
acalvo	pmatulis: VMWare ESXi server with VMware tools installed	12:51
acalvo	both ubuntu 9.04	12:51
pmatulis	oh	12:51
uvirtbot`	New bug: #536620 in vsftpd (main) "SEGV when using pasv_address" [Undecided,New] https://launchpad.net/bugs/536620	12:51
ogra	ttx, you i and NCommander need to talk about likewise but i'm in several calls today, will you be around in 2-3h ?	12:51
ttx	ogra: should be yes	12:52
ogra	great	12:52
acalvo	connection is fine (> 900 Mbits/sec)	12:54
acalvo	why could cause a SSH to be so slow?	12:55
pmatulis	acalvo: well, you'll need to describe the test that makes you come to that conclusion	12:55
acalvo	well, I've just tested connection status with iperf and its default configuration	12:57
zul	monring	12:58
pmatulis	morning	12:58
uvirtbot`	New bug: #535608 in ntp (main) "package ntp 1:4.2.4p6 dfsg-1ubuntu5.1 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 127" [Undecided,New] https://launchpad.net/bugs/535608	13:10
uvirtbot`	New bug: #420470 in samba (main) "winbind segfault starting up" [Medium,Triaged] https://launchpad.net/bugs/420470	13:16
zul	die bugs die!	13:20
=== th0mz_ is now known as th0mz
uvirtbot`	New bug: #529290 in samba (main) "logrotate script needs to be updated for Upstart conversion" [Undecided,Triaged] https://launchpad.net/bugs/529290	14:02
=== kirkland` is now known as kirkland
uvirtbot`	New bug: #514765 in samba (main) "Shared folder creation fails due to incorrect testparm path" [Low,Incomplete] https://launchpad.net/bugs/514765	14:12
mathiaz	jcastro: hi - https://bugs.edge.launchpad.net/~ubuntu-server/+patches	14:13
mathiaz	jcastro: ^^ what are bugs marked Fix Released included in the report?	14:14
diago	what replaced vol_id in 9.10 ?	14:20
diago	I used to use vol_id --uuid	14:20
diago	what replaced vol_id in 9.10 ?	14:26
persia	Asking multiple times won't get an answer faster.	14:27
persia	Asking for support in this channel when all the developers are in a meeting also is likely to cause a delay.	14:27
diago	I believe I waited the 10 minute period allotted by IRC	14:27
diago	ah, no I didn't I just saw people jumping in	14:28
* _ruben never heard of such a 10minute rule		14:29
_ruben	and the answer might be "blkid"	14:29
diago	thanks _ruben	14:30
diago	Anyone know how to get just the UUID?	14:32
persia	_ruben: The "10 minute rule" is a guideline in #ubuntu, where there's so much traffic that questions often do need repeating.	14:35
=== robbiew_ is now known as robbiew
_ruben	persia: ah ok	14:42
* Kenjiro is back		14:45
Kenjiro	I am trying to find out what I am missing. I have a ubuntu server which should authenticate, using LDAP, on another server	14:45
Kenjiro	however this ldap authentication is not working... and I don't know why :(	14:45
Kenjiro	as far as I checked, the logs don't give me a good clue :(	14:46
Kenjiro	all I get is this -> http://pastebin.ca/1831910	14:47
Kenjiro	any tips? :(	14:47
Kenjiro	I don't know which config files I should check now	14:47
Kenjiro	(ubuntu 9.10)	14:47
Kenjiro	and yes, I am FAIRLY green to ldap :(	14:48
sherr	Kenjiro: what guide are you following?	14:49
sherr	Kenjiro: Have you trid following :	14:50
sherr	http://www.howtoforge.com/install-and-configure-openldap-on-ubuntu-karmic-koala	14:50
sherr	*tried	14:50
Kenjiro	sherr: to be true... I was "given the mission" to migrate an old server to this new one. (all the services).	14:50
Kenjiro	out of the blue, short time to do it... (you might know how things work) :(	14:51
sherr	OK, well try following a guide :-) Howtoforge are normally step by step.	14:51
Kenjiro	sherr: let me check that guide of yours	14:51
Kenjiro	sherr: my problem is setting up the client	14:52
Kenjiro	the server is ok	14:52
sherr	Note - not my guide. I have not used it (or configured LDAP) - but there are lots of good resources around.	14:52
Kenjiro	(just for the record)	14:52
acalvo	Kenjiro: but where is the problem?	14:59
acalvo	Kenjiro: nss_ldap?	14:59
Kenjiro	acalvo: that's the problem... I don't know where the problem is	15:00
Kenjiro	acalvo: did you check that pastebin I pasted here?	15:00
acalvo	nope	15:00
Kenjiro	hold on	15:00
Kenjiro	http://pastebin.ca/1831910	15:00
acalvo	it just shows that a user tried to log in	15:00
acalvo	and the system does not know that user	15:00
acalvo	but what do you want to achieve?	15:00
Kenjiro	that's what I get in /var/log/auth.log when I try to login using a user from the ldap server	15:00
acalvo	relay in another server to do the auth at PAM level?	15:00
Kenjiro	acalvo: I have to migrate the services from an old ubuntu server to this new one (9.10).	15:01
acalvo	yes, but what services?	15:01
Kenjiro	almost everything is ok by now, but this login/auth thing	15:01
sherr	Kenjiro: there are command line ldap query tools - query the ldap server for the user - is the user found?	15:01
Kenjiro	on the old server I can login using a LDAP user (the ldap server is another one)	15:02
acalvo	Kenjiro: hold on	15:02
Kenjiro	on the new server I can't	15:02
Kenjiro	I started checking the config files on the old server, than changing the files on the new server	15:02
acalvo	Kenjiro: ok, look https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html for "LDAP Authentification"	15:03
Kenjiro	acalvo: holding ;)	15:03
acalvo	that's why I've set up most of my servers to auth against another LDAP server	15:03
acalvo	s/why/how	15:03
Kenjiro	let me check that then	15:03
Kenjiro	guys, first and foremost, thanks for the attention ;)	15:03
acalvo	np	15:03
acalvo	I've a server crashing randomly. I've tried to set up something to log when it crashes, but I couldn't see anything wrong	15:04
acalvo	any way to get all data before it crashes?	15:04
acalvo	it's just a web server with bind and dhcp3-server	15:04
acalvo	it had squid with NTLM auth, but I've removed both (squid and windbind)	15:05
acalvo	and now it's crashing	15:05
acalvo	I can ping it when it's "dead", but I can SSH to it nor access directly	15:05
acalvo	hard reboot to get it working again	15:05
* Kenjiro bbl		15:05
diago	acalvo: no chance for booting into recovery?	15:06
acalvo	well, I guess I can	15:06
acalvo	what's the point in rebooting into recovery?	15:07
diago	aren't you just trying to get you data off?	15:07
acalvo	nope	15:07
acalvo	I'm tryting to get it working 100%	15:07
diago	ah, maybe you can research the logs in recovery	15:08
=== koolhead17 is now known as hothead786
AnAnt	Hello, how can I set user permissions on LDAP ?	15:08
acalvo	diago: that what I've thought, but it days so early I can see nothing in the logs	15:09
acalvo	AnAnt: user permissions for what?	15:09
acalvo	AnAnt: changing something in LDAP?	15:09
acalvo	fool question: when a computer runs out of memory (physical and virtual), it gets stucked?	15:10
diago	if it doesn't it would be PAINFULLY slow	15:10
diago	I can see services shutting down easily because of that though	15:11
acalvo	yes, but it'd recover from that	15:11
acalvo	kill all memory-eater services and keep going, right?	15:11
acalvo	I'm seeing that now, when the machines is not in a peak time, swap is being used	15:11
AnAnt	acalvo: no, for machines, ie. I want users X & Y to have admin rights on machines in the network	15:12
=== hothead786 is now known as koolhead17
AnAnt	X & Y are LDAP users	15:12
acalvo	well, join them to a group that has those privileges	15:12
acalvo	is it samba based?	15:12
AnAnt	no OpenLDAP	15:12
AnAnt	acalvo: so I should go on every machine and add X & Y to admin group	15:13
AnAnt	?	15:16
acalvo	no	15:17
acalvo	but you can share LDAP groups across multiple machines	15:17
acalvo	and give rights to groups	15:18
acalvo	so every user in those groups have privileges	15:18
AnAnt	give rights to groups on each machine ?	15:18
acalvo	no	15:18
acalvo	erm	15:18
acalvo	just creat groups in LDAP and, using any method, connect your machines to LDAP so they can read all information from it	15:19
acalvo	groups, users, and so on	15:19
acalvo	this way, you just have to set up once everything	15:19
AnAnt	yes, but about permissions ?	15:19
AnAnt	I did create the users & groups	15:19
AnAnt	but the question is, I got machines: red , blue , green	15:20
AnAnt	should I go to each machine, and add the group "admins" to the sudoers for example ?	15:20
lenios	as far as i know, yes	15:21
lenios	it's the same with AD	15:21
acalvo	oh, with that kind of rights, yes	15:21
acalvo	https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html	15:22
AnAnt	acalvo: yes, I used that guide	15:22
acalvo	AnAnt: try to ask in #openldap	15:30
uvirtbot`	New bug: #536695 in dovecot (main) "1.2.x versions before 1.2.11 are vulnerable to DoS attack" [Undecided,Confirmed] https://launchpad.net/bugs/536695	15:31
AnAnt	ok	15:31
sherr	I have not (yet) had the pleasure of setting up a Directory Server, but have to occasionally use AD at work. Connecting to, or replacing, AD are important topics in the business use of Linux. I'm interested in asking : has anyone experience of using any other DS other than OpenLDAP? There are very interesting opensource alternatives e.g. 389 Directory Server (ex-Fedora DS), Apache DS etc. Not only very full featured, but including decent fron	15:44
sherr	http://directory.fedoraproject.org/	15:44
sherr	http://directory.apache.org/apacheds/1.5/	15:44
sherr	I'm considering LDAP for future needs - currently using NIS (+AD elsewhere) :-)	15:45
acalvo	well, I'm using Apache Directory Studio as a front-end	15:45
acalvo	and openLDAP	15:45
sherr	to OpenLDAP?	15:45
acalvo	so far so good	15:45
sherr	Directory Studios is the client/front-end. Looks good. Maybe the back-end is good as well.	15:46
acalvo	sure	15:46
sherr	My personal view is that a DS is more important for business use than a cloud service/eucalyptus.	15:47
acalvo	is where all the sensitive data relays	15:47
acalvo	in education also	15:47
sherr	sensitive data relays?	15:48
acalvo	is stored, I meant	15:48
sherr	OK. I am sceptical about the cloud strategy for Ubuntu/Canonical, but hope it works out of course.	15:50
acalvo	it seems they're working hard on it	15:50
acalvo	will see what it gets	15:50
smoser	zul, ttx, kirkland, mathiaz i will be in and out the rest of the day, if you need me, please send email.	15:54
sherr	Yes, a lot of effort on it. I hope it pays off. Again from a boring business perspective (mine), I'd rather the effort was a Debian/Ubuntu Directory server, integrating with Samba/AD/Mail. With a decent (modern) front end.	15:54
zul	smoser: kk	15:54
acalvo	sherr: agree, from an Education point of view	15:55
sherr	acalvo: Yes, of course. Similar needs in this area to a business - lots of users and machines.	15:55
acalvo	yip	15:56
acalvo	from your experience, is it work to swith to worker vs prefork?	15:59
sherr	acalvo: Mine? My sites never need to worry about it and I've never had to bother testing or switching (from prefork).	16:01
acalvo	ok	16:01
sherr	All internal, non-public and <20 users (generally).	16:01
uvirtbot`	New bug: #536736 in samba (main) "package samba-common-bin 2:3.4.0-3ubuntu5.4 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 2" [Undecided,New] https://launchpad.net/bugs/536736	16:16
uvirtbot`	New bug: #518804 in samba (main) "samba-common 3.0.28a-1ubuntu4.10 post-installation script crashes (dup-of: 460842)" [Low,Confirmed] https://launchpad.net/bugs/518804	16:21
mardok_	My question isn't directly releated to the Ubuntu server, but I was wondering how I solve a problem with AppArmor not loading a profile. I installed a xen kernel and it's says "Failure: AppArmor profiles failed to load"	16:24
uvirtbot`	New bug: #279643 in puppet (main) "puppet needs openssl" [Undecided,Fix released] https://launchpad.net/bugs/279643	16:32
=== oubiwann` is now known as oubiwann
uvirtbot`	New bug: #249783 in samba (main) "Wrong message when sharing a root-owned folder" [Wishlist,Confirmed] https://launchpad.net/bugs/249783	16:52
Kenjiro	acalvo: hello there again.	17:11
Kenjiro	acalvo: really thanks for that URL you showed me. That really helped solving my problem	17:11
Kenjiro	acalvo: Domo arigato gosaimas	17:11
cortex\|sk	hi guys why is apache automatically reloading when i install apache module(mod_proxy for example)?	17:41
GhostFreeman	I'm not seeing a ~/.gemrc file in my home dir, could this be a problem?	17:49
_ruben	no, never seen it myself either	17:52
GhostFreeman	I guess it wouldn't hurt if I made on	17:52
GhostFreeman	trying to install Rails with Passenger and Apache2	17:52
igggimin	I'm trying to configure ssh tunnel manager to create a secure tunnel to this home machine that I can use remotely. Can someone help me with this?	17:54
igggimin	For example, how do I create the Privkey?	17:54
igggimin	And will Remote Desktop work?	17:55
igggimin	And how can I also set a tunnel to this machine for private internet access?	17:55
igggimin	I'm running Ubuntu 9.10 here, and will be connecting with Kubuntu 9.10. Any advice are appreciated	17:56
=== luis__lopez is now known as luis_lopez
igggimin	lol - nobody?	18:14
igggimin	in the server channel??	18:14
Pici	igggimin: ssh tunnel manager sounds like a graphical application, and you're not likely to find support for that in the server channel.	18:15
Pici	If its not, keep in mind that not all channels are as busy as #ubuntu is.	18:16
_ruben	sigh .. one of these days again .. boot up my fileserver, its seeing all 4 disks as spares, instead of a raid5	18:17
igggimin	fair enough - yes it is graphical. I'm open to command line options too, either way. In the #ubuntu channel someone recommended I ask in here	18:18
igggimin	But I'm finding some documentation now - thanks	18:18
_ruben	weird, doing a mdadm --stop followed by a reassemble does the trick	18:19
_ruben	hmm .. doesnt see my lvm though ... sigh	18:19
andol	zul: Regarding bug #462749. In a January comment you mentioned it being a good SRU candidate. Do you mind if I pick up on that, or is it an issue you'd like to finnish yourself?	18:58
uvirtbot`	Launchpad bug 462749 in vsftpd "vsftpd-2.2.0 (currently in karmic) is affected by pasv_address regression" [Medium,Fix released] https://launchpad.net/bugs/462749	18:59
zul	andol: be my guest	18:59
uvirtbot`	New bug: #536837 in freeradius (main) "package freeradius 2.1.0 dfsg-0ubuntu4.1 failed to install/upgrade: subprocess post-installation script returned error exit status 3" [Undecided,New] https://launchpad.net/bugs/536837	19:01
RoAkSoAx	zul, was my hook ok?	19:05
zul	RoAkSoAx: yep	19:05
RoAkSoAx	zul, ok I'll attach the diff to the bug report for you to sponsor it :)	19:06
zul	RoAkSoAx: sounds good to me	19:08
=== rberger_ is now known as rberger
uvirtbot`	New bug: #536853 in freeradius (main) "can't make freeradius 2.1.8 - src/main/modules.c:1358: undefined reference to `lt__PROGRAM__LTX_preloaded_symbols'" [Undecided,New] https://launchpad.net/bugs/536853	19:26
mathiaz	kirkland: hi - could you drop the serial consoles on nickel?	19:36
kirkland	mathiaz: sure	20:04
kirkland	mathiaz: done	20:06
mathiaz	kirkland: thanks	20:11
mathiaz	cjwatson: hi - does anna-install only knows about udeb that are in main?	20:12
mathiaz	cjwatson: I'm trying to anna-install vlan-udeb from the console in the installer (started via mini.iso)	20:12
mathiaz	cjwatson: it fails with "unkown udeb vlan-udeb"	20:13
RoAkSoAx	zul, Done: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/531978	20:13
uvirtbot`	Launchpad bug 531978 in vsftpd "Apport hook for vsftpd" [Low,Confirmed]	20:13
zul	RoAkSoAx: thanks ill take a look at it	20:13
mathiaz	apw: hi - is it possible to have a kernel-module udeb provide a virtual package?	20:14
RoAkSoAx	zul, cool I'll just ping you whenever I have the others ready	20:14
mathiaz	apw: for now there is vlan-modules-2.6.32-16-generic-di	20:14
mathiaz	apw: it has the kernel version hardcoded in the package name	20:15
mathiaz	apw: I'd like to be able to make the vlan-udeb (user space) depends on vlan-modules (kernel modules) without using any kernel version. Is that possible?	20:15
SEJeff_work	Has anyone on the serverteam poked at http://fedoraproject.org/wiki/Features/Zarafa ?	20:22
bogeyd6	SEJeff_work, that costs more than zimbra :*(	20:24
SEJeff_work	bogeyd6, There is a gpl version which Fedora is using	20:24
bogeyd6	ah yes, the community version	20:25
bogeyd6	sans any outlook support	20:26
SEJeff_work	bogeyd6, Seems like something we want	20:26
SEJeff_work	Either way, there isn't anything really like it. Seems sane to work on getting it in Debian and in our repos	20:26
bogeyd6	they got a lts package too	20:26
bogeyd6	i think for the meantime SEJeff_work ill still to vmwares zimbra	20:29
uvirtbot`	New bug: #536894 in openssh (main) "Feature request: make ssh-agent call ssh-add automatically" [Undecided,New] https://launchpad.net/bugs/536894	20:41
aubre	hola, has anyone ever successfully converted a vmware image to xen for use with UEC , and if so what did you use?	20:45
GhostFreeman	Anyone here good with Passenger?	20:50
GhostFreeman	it's asking me to add some stuff to Apache conf, just not clear on if that should be added to apache2.conf	20:50
aubre	I'll take the silence as a no :P	20:53
sherr	GhostFreeman: No idea about Passenger, but the apache "conf" is "apache2.conf" - but actual sites are configured and enabled via /etc/apache2/sites-available, and linked in sites-enabled (to start). basically, all standard apache config.	20:56
GhostFreeman	Ok, well i'll start in apache2.conf and work recursively into other apache dirs	20:58
sherr	Server guide might help : https://help.ubuntu.com/8.04/serverguide/C/httpd.html	21:00
bogeyd6	!anyone \| GhostFreeman	21:06
ubottu	GhostFreeman: A large amount of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out?	21:06
bogeyd6	ill help you with your apache conf	21:06
GhostFreeman	Ok	21:06
bogeyd6	but i gotta know what you are trying to do	21:06
GhostFreeman	I just installed the passenger gem and I am going through the process of setting it up	21:06
bogeyd6	ok	21:07
GhostFreeman	its given me some stuff I need to add to the apache configuration. Before I go messing up all the conf files, I want to be sure the file its referring to is apache2.conf	21:07
bogeyd6	so you are at the part where you need to add something to /etc/apache2/apache2.conf on 8.0.4 lts?	21:07
GhostFreeman	9.04, and yes	21:08
bogeyd6	which version of phusion passenger?	21:08
GhostFreeman	2.2.11	21:08
bogeyd6	GhostFreeman, so we are clear is wants you to put a loadmodule passengerroot passengerruby and passengerdefault user in that apache2.conf ?	21:09
GhostFreeman	Yes	21:09
bogeyd6	ok	21:10
bogeyd6	GhostFreeman, nano /etc/apache2/apache2.conf	21:10
bogeyd6	arrow all the way down to the very end of the file	21:10
GhostFreeman	and just add them at the bottom	21:10
bogeyd6	yup	21:10
bogeyd6	just like that	21:11
bogeyd6	press cntrl + x to save it	21:11
bogeyd6	then /etc/init.d/apache2 restart	21:11
bogeyd6	well sudo of course	21:11
bogeyd6	!noroot	21:11
ubottu	We do not support having a root password set. See !root and !wfm for more information.	21:11
GhostFreeman	Much appreciated bogeyd6	21:11
malifal	how do i redirect iptables log to some logfile other than messages?	21:16
bogeyd6	malifal, change in /etc/syslog.conf	21:17
bogeyd6	unless you use syslog-ng	21:17
bogeyd6	malifal, if its not already there use "kern.warning /var/log/iptables.log"	21:18
bogeyd6	malifal, then /etc/init.d/sysklogd restart	21:18
malifal	i don't have /etc/syslog.conf	21:19
malifal	i'm running ubuntu 9.04	21:20
malifal	sorry 9.10	21:20
malifal	:)	21:21
malifal	ok it's rsyslog	21:22
malifal	isn't there another way of identifying the iptables messages other than redirecting all kernel warning to another file?	21:25
malifal	cause that's what the line is doing right? right now everything kern.* is going to /var/log/kern.log	21:26
bogeyd6	malifal, sorry got pulled away	21:28
bogeyd6	malifal, in your iptables file you put --log-level 4 at the end of the rules	21:28
malifal	watching the game ? ;)	21:28
bogeyd6	malifal, --log-prefix 'text' is also a good thing to do for quick grepping of the log file	21:29
malifal	and Man U score again	21:29
cjwatson	mathiaz: yes, it only works on main; and vlan-modules-blah Provides: vlan-modules, so you can (indeed should) just depend on vlan-modules	21:29
bogeyd6	malifal, i get the sense you are hesitant, please go here https://help.ubuntu.com/community/IptablesHowTo	21:30
bogeyd6	also	21:30
bogeyd6	!iptables \| malifal	21:30
ubottu	malifal: Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist	21:30
malifal	ok thanks bogeyd6 i'll check out the links	21:30
mathiaz	cjwatson: great -thanks - so seeding vlan-udeb somewhere should be enough to pull both packages into main	21:31
sherr	malifal: you can also try and use the syslogger that Ubuntu uses (rsyslogd) to look for some log "patterns" and put in a different log file. See the man page :	21:31
sherr	http://manpages.ubuntu.com/manpages/hardy/man5/rsyslog.conf.5.html	21:31
malifal	sherr: ok cheers, i'll consider both alternatives	21:33
bogeyd6	i keep forgetting people use rsyslog	21:33
mathiaz	cjwatson: hm - I can see that vlan-modules-*-di is already in component_mismatch	21:35
mathiaz	cjwatson: does it make sense to add vlan-udeb (vconfig userspace utility) to the installer seed in platform.lucid?	21:35
sherr	bogeyd6: I prefer syslog-ng but Ubuntu defaults to rsyslog, and I tend to leave it ... I haven't tried customisation yet.	21:43
cjwatson	mathiaz: maybe server-ship - otherwise it would end up on the alternate CD too?	21:43
mathiaz	cjwatson: ok	21:44
savid	Is there a way using apt-get or aptitude to show what would be changed if I ran "safe-upgrade" or "full-upgrade"? ie, something like a "dry run"?	21:54
sherr	savid: see : man aptitude	21:58
savid	sherr, yeah, I'm looking through it but can't find the command	21:58
sherr	Search for "simulate"	21:58
savid	Ah, thanks!	21:58
sherr	Fingers crossed! :-)	21:59
savid	Hmm..	22:00
uvirtbot`	New bug: #536930 in kerberos-configs (main) "Password changing fails when "krb5" pam-config is not first" [Undecided,New] https://launchpad.net/bugs/536930	22:01
savid	Ok, so my goal is to be able to update my ubuntu 8.10 production-level server to use python2.6, but it is not in the package repository for 8.10 (which only goes up to python 2.5). What is the best way for me to approach this?	22:01
savid	I'm scared to do a distribution upgrade (ie, upgrade to 9.10) because of what might break... I want as little downtime as possible	22:02
savid	Every time I do an upgrade on my local ubuntu box something _always_ goes wrong, so you can understand my fear ;-)	22:02
bogeyd6	savid, use a vmware image for 9.10 and test it	22:03
bogeyd6	vmware server is free	22:03
uvirtbot`	New bug: #536937 in vm-builder (universe) "-o option now broken in version 0.12.2-0ubuntu3" [Undecided,New] https://launchpad.net/bugs/536937	22:06
lifeless	are there UEC images for Lucid ?	22:14
=== RoAk is now known as RoAkSoAx
Airells	have you noticed any problems with vsftpd ( ssL ) like "initializing TLS... " in ubu 9.10 ?	22:40
uvirtbot`	New bug: #536958 in openldap (main) "slapd package configuration aborts during Hardy -> Lucid upgrade" [Undecided,New] https://launchpad.net/bugs/536958	22:41
=== rberger_ is now known as rberger
=== robbiew is now known as robbiew_
apw	mathiaz, i believe that alll of the kernel udeb Provide: their prefix, as an example:	23:07
apw	crypto-modules-2.6.33-500-omap-di_2.6.33-500.1tiomap201003101552_armel.udeb:	23:07
apw	Provides: crypto-modules	23:07
apw	mathiaz, ^^	23:07
mathiaz	apw: great - thanks	23:10
mathiaz	apw: I've uploaded a new version of the vlan-udeb that Depends: vlan-modules	23:10
FFForever	how do I resync my time?	23:23
FFForever	errr how do I set it to gmt -8, the current time is in UTC and it is messing up my script	23:24
juancri_	hi folks	23:43
hggdh	mathiaz: could you add me to the server team (so that I can get bug mail)?	23:43
juancri_	hope you're doin well. I have a question about SSH access on EC2...	23:43
juancri_	I'm able to connect trough SSH using the user "ubuntu", but I'm not sure about how to allow other users to log in	23:45
juancri_	even when I add a key to them (~/.ssh/authorized_keys)	23:45
uvirtbot`	New bug: #536993 in samba (main) "starting billard-gl locks computer" [Undecided,New] https://launchpad.net/bugs/536993	23:46
juancri_	Uhm... if I enable this "PasswordAuthentication yes", other users can log in	23:47
juancri_	but only using their passwords	23:47
juancri_	not the keypair	23:47

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!