[00:03] <jan247> hi guys, could someone lead me to some documentation for capacity planning for an ubuntu cloud?
[00:06] <\sh> jan247: eventually http://www.ubuntu.com/system/files/UbuntuEnterpriseCloudWP-Architecture-20090820.pdf ?
[00:07] <\sh> http://www.google.de/search?sourceid=chrome&ie=UTF-8&q=capacity+plan+for+ubuntu+enterprise+cloud <- first hit on friend google
[00:12] <chocamo> how clean are complete dist upgrades? when lucid comes out will it really be as clean and simple as a regular apt-get dist-upgrade?
[00:12] <thebwt> chocamo: ideally
[00:13] <chocamo> is it better to just backup certain config files and do a clean install with new release?
[00:13] <thebwt> how much of your servers software is fromt eh repos
[00:14] <thebwt> and what version you coming from
[00:15] <thebwt> to get a good idea first hand, start up a vm and give it a shot imo
[00:15] <thebwt> main things to watch for is non repo software that you 'installed'
[00:15] <chocamo> ya ok
[00:15] <chocamo> thanks
[01:04] <zoran119> hello, i got a problem with a ubuntu 8.04 lts running as a virtual machine on hyper v
[01:05] <zoran119> every day or two the clock gets stuck in a 5 second loop and i have to restart the vm to get it going again
[01:05] <zoran119> i have removed ntp ntpd from startup, i have also remove ntp script from cron.daily
[01:06] <zoran119> the problem always occurs at 00 minutes (so at 12:00:00, or 13:00:00 and so on)
[01:08] <zoran119> i just saw that there is a cron job that runs rdate -s every hour to sync the clock to an external rdate server... could this be causing trouble?
[01:17] <\sh> zoran119: where did you see this rdate script, /etc/cron.hourly or /etc/cron.d ?
[01:19] <twb> A cron job to run rdate is pretttty stupid.
[01:19] <zoran119> \sh: the rdate script was in root's crontab.... 'crontab -e'
[01:20] <zoran119> \sh: i have removed that cron job now
[01:21] <twb> zoran119: sounds like whoever set up your VM was a fool.
[01:22] <zoran119> twb: why is it such a bit issue?
[01:22] <twb> zoran119: because cron events are triggered based on time.
[01:22] <zoran119> twb: infinite loop possibility?
[01:22] <twb> So if you have a time event that causes the clock to be set back, it'll loop forever
[01:23] <twb> Although I guess it *ought* to work if the inetd it's talking to isn't also hokey...
[01:23] <erichammond> twb: Doesn't cron have some smarts about triggering the same job multiple times?  I believe it does the right thing on daylight savings time shifts.
[01:24] <twb> erichammond: maybe it does.
[01:24] <twb> Certainly rdate is deprecated in favour of NTP for other reasons.
[01:24] <\sh> zoran119: that's not installed by default, right? actually I don't know any package which installs something into roots crontab
[01:24] <zoran119> \sh: not by default no... it was added manualy
[01:25] <twb> Probably by whoever built the pre-built guest image, or by the equivalent of vmware-tools.
[01:25] <\sh> using ntp on our esx vms does work and doesn't crash...it helps to maintain a sane time sync on our vms
[01:26] <twb> \sh: ntp won't make large steps by default.
[01:26] <\sh> twb: iburst?
[01:26] <twb> \sh: hmm?
[01:28] <\sh> twb: you meant with "large steps" that ntp doesn't sync your time at startup of ntp, or did I miss your meaning?
[01:28] <\sh> grmpf...I hate unittest
[01:30] <lifeless> ?
[01:30] <kirkland> lifeless: hiya
[01:30] <lifeless> kirkland: hey
[01:30] <\sh> adding the keyword "iburst" on your server line in ntp.conf it syncs the time directly after startup (just like ntpdate <ntp server> ; /etc/init.d/ntp start
[01:31] <ChmEarl> !paste
[01:33] <ChmEarl> getting conflict in linux-virtual install http://paste.ubuntu.com/392171/
[01:34] <ChmEarl> linux-image-virtual refuses to copy in its kernel
[01:42] <ChmEarl> how can I cancel an install with conflicts?
[01:42] <ChmEarl> its frozen at Inst/Unpacked
[02:24] <invisime> so I accidentally toasted /var/lib on my server box. I have a bunch of stuff configured on it that I don't want to lose. I have enough space on my external to copy everything that's not toasted over prior to a reinstall. how should I proceed to minimize pain and effort? it would also help if I could minimize wailing of gnashing of teeth, but at this point I'm flexible.
[02:27] <twb> invisime: dd the entire partition is safest
[02:27]  * invisime goes to read man dd.
[02:28] <arrrghhh> so i'm having issues with rtorrent.  keeps segfaulting, and it seems to be my config.  i _swear_ nothing changed with the config file, but when i run rtorrent with the -n switch, it works fine...
[02:30] <arrrghhh> sorry, it's been a while since i've used irc!
[02:30] <twb> arrrghhh: strace it
[02:31] <arrrghhh> wow i've never used strace
[02:31] <arrrghhh> seems to dump a ton of info to the termina.l
[02:33] <arrrghhh> is there a particular way i should be running rtorrent with strace?  i see the segfault at the end, but there's an endless amount of pretty much garbage proceeding it.
[02:35] <invisime> twb: how do I tell which /dev/ entry is mounted as root?
[02:35] <arrrghhh> i think it may be the xmlrpc calls that is causing rtorrent to segfault... hrm.
[02:37] <twb> invisime: /proc/mounts, perhaps?
[02:38] <twb> invisime: if you don't know that much already, it's probably dangerous for you to be trying to do anything at all
[02:38] <invisime> twb: well, clearly. I mean I already accidentally deleted /var/lib :P
[02:39] <arrrghhh> eek
[02:40] <twb> arrrghhh: put the strace output in a file, then examine the file
[02:40] <arrrghhh> twb, i'm not sure what this output is... but perhaps it'll make sense in a file.
[02:41] <twb> arrrghhh: I expect you to at least LOOK at the manpage
[02:42] <arrrghhh> for what, strace?  ok.  the output does make more sense in a file as well, but i still don't get why it's segfaulting.
[02:43] <arrrghhh> impressive, i'm surprised i haven't heard of strace before.
[02:43] <twb> It's a log of the system calls made by the rtorrent process during its lifetime.
[02:43] <twb> Interpreting what is actually happening is a skill you'll have to pick up over time.
[02:44] <arrrghhh> i see "The SCGI socket has not been bound to any address and likely poses a security risk" - i didn't think it would cause a segfault.
[02:44] <twb> OK, so now we approach the problem from the other direction.  What release are you running?  Did you enable any third-party repos?  Did you install any software by hand (instead of via apt)?
[02:45] <arrrghhh> xml-rpc i did have to compile by hand...
[02:45] <arrrghhh> rtorrent is from the repo's
[02:45] <twb> Especially if you've done something silly like installing karmic's rtorrent into hardy, that would be a dead giveaway.
[02:45] <arrrghhh> uhm i hope not
[02:45] <arrrghhh> i'm running karmic
[02:45] <twb> How does xml-rpc fit into this?
[02:46] <arrrghhh> i'm thinking that's what is segfaulting rtorrent
[02:46] <twb> What evidence do you have of this?
[02:46] <arrrghhh> well, that error.  and when i access rtgui it *seems* to crash rtorrent.
[02:47] <twb> This is obviously something new since I last used rtorrent, when it had an ncurses GUI.
[02:47] <arrrghhh> i had to compile xml-rpc by hand because the advanced tree that fixed a bug i was having rtgui
[02:47] <arrrghhh> oh it still uses ncurses.  but it can accept xml-rpc calls so other front-ends can control it.
[02:49] <twb> What do you mean "because the advanced tree"?
[02:49] <arrrghhh> it's been a while since i went thru it, lemme find the link.  essentially any torrent over 4gb would show the incorrect size unless i used the advanced tree of xml-rpc
[02:52] <arrrghhh> well i found the directions, but not the explanation...
[02:52] <arrrghhh> i guess it has a little blurb of why in the intro
[02:52] <arrrghhh> http://code.google.com/p/rtgui/wiki/CompilingRtorrent
[02:53] <arrrghhh> "The original problem is caused by the standard version of XMLRPC-C that is shipped with Ubuntu."
[02:54] <twb> So you installed xmlrpc-c AND libtorrent AND rtorrent from source?
[02:55] <arrrghhh> i believe i just did xmlrpc-c from source.  it has been a while, but as i recall libtorrent and rtorrent came from the repo's.
[02:56] <twb> So your libtorrent and rtorrent are failing because the version of xmlrpc-c they expect isn't the version that's installed.
[02:56] <arrrghhh> that... would make sense.
[02:57] <twb> The *right* thing would be to wait for Ubuntu to fix the issue, probably in the next release, since AFAICT it's not a show-stopper.
[02:57] <twb> The next least-bad thing would be to roll a .deb for your xmlrpc-c svn snapshot, then apt-get build-dep, apt-get source --build and install libtorrent, then rtorrent.
[02:58] <arrrghhh> no, not a show-stopper.  but how do i get back to a functioning rtorrent?  i'm assuming i have to purge the custom install of xml-rpc and reinstall the one from the repos?
[02:58] <ChmEarl> getting conflict in linux-virtual install http://paste.ubuntu.com/392171/
[02:59] <twb> arrrghhh: Ideally by running "make uninstall" in the xmlrpc-c source dir and praying its uninstall code isn't completely fucked, then by running "aptitude reinstall xmprpc-c" or whatever the package name is.
[02:59] <arrrghhh> hrm.
[02:59] <arrrghhh> ok
[02:59] <twb> ChmEarl: it looks like you simply can't have both kernels installed at once.
[03:03] <chocamo> I am trying to setup wireless as a backup interface (don't ask), and I have wpa_supplicant connecting fine, but other problems: static ip doesnt work, tried dhcp but "no dhcpoffers received"
[03:04] <arrrghhh> twb, aaaaaand if the make uninstall fails?
[03:05] <ChmEarl> twb, I tried to uninstall the exiting server image, but the conflict is interfering. How can I cancel that install?
[03:05] <ChmEarl> existing
[03:06] <chocamo> i think there is a force option
[03:07] <ChmEarl> -f is force, but the apt-get always comes back and says run "apt-get install -f"
[03:07] <ChmEarl> and I'm trying to do a remove?
[03:09] <ChmEarl> nevermind mates, I got it. I put both of the depends on the line together :)
[03:09] <ChmEarl> woohoo finally
[03:10] <twb> ChmEarl: dpkg -P <package name>
[03:10] <ChmEarl> that does a cancel?
[03:10] <twb> Oh, right.
[03:10] <twb> ChmEarl: never mind, you fixed it already.
[03:10] <ChmEarl> a purge?
[03:10] <twb> Yes, -P is purge.
[03:11] <ChmEarl> I was stuck until you got me trying a diff approach, thanks
[03:13] <ChmEarl> twb- it worked.. uninstalled one, then installed the virtual type
[03:14] <ChmEarl> the initrd was lowered from 7MB->4MB
[03:14] <twb> If you care about saving 3MB, you shouldn't be running Ubuntu
[03:16] <arrrghhh> ha, seriously
[03:16] <RoAk> kirkland, i was wondering if packages that use upstart jobs commands like update-rc.d won't work as always.
[03:17] <RoAkSoAx> clear
[03:18] <arrrghhh> twb, sorry to bug you with this, especially since i caused the problem myself... but the make uninstall didn't work.  doesn't seem to exist... is there anything else i can do?
[03:48] <ChmEarl> looking in grub.cfg, the root is (hd0,5) is the 5 0-based or 1-based
[04:24] <arrrghhh> twb, so is there anything else i can do?  the make uninstall failed.
[04:25] <twb> arrrghhh: either reinstall, or put up with a messy system
[04:25] <twb> ChmEarl: depends which version of grub :-/
[04:25] <twb> ChmEarl: in GRUB Legacy, everything counts from zero.  IIRC in GRUB 2, disks count from zero and slices (partitions) count from 1.
[04:26] <arrrghhh> can i get rid of the xml-rpc stuff at least?  i have the tar i compiled it from.
[04:26] <twb> arrrghhh: shrug
[04:26] <arrrghhh> yea... i knew all this custom stuff would bite me in the end.
[04:27] <twb> arrrghhh: it's just a phase
[04:27] <twb> arrrghhh: you'll get over it
[04:28] <arrrghhh> somehow i doubt ubuntu is going to 'fix' the problem with xml-rpc anytime soon.  so a clean system will put me back to where i was before, getting sizes that were negative.
[04:29] <twb> IMO that is a Good Thing
[04:29] <sekyourbox> Hello, I accidentally broke my network somehow in my ubuntu 804 install.  I was attempting to setup a PXE server, but when i went to setup dhcpd.conf, there was some firestarter script in there.  I deleted the config, and uninstalled firestarter just in case.  I started to setup the config file, and got sidetracked, and just deleted all the options.  I restarted the dhcpd3 and everything was working fine.  When i reboote
[04:29] <sekyourbox> t I tried pinging the router, and got an error.. I checked all the regular network settings and disabled any route table, and everything looks fine.. I checked ip tables and noticed that it was set to deny all traffic.. I reset the iptables, and still no luck.. Any ideas on the next step i should take to troubleshoot? i think it has something to do with firestarter uninstall
[04:32] <arrrghhh> well then i'd just try to redo the stupid advanced tree of xml-rpc to fix the issue just to have it broken again by an update.
[04:36] <jayvee> iptables -P INPUT -j ACCEPT, maybe?
[04:36] <jayvee> can't remember the exact syntax
[04:37] <jayvee> pastebin 'iptables -L -v'
[04:57] <sekyourbox> jayvee, sorry I didnt know you were talking ...
[04:57] <sekyourbox> I did an iptables -F ; iptables --flush; and iptables-save.. When i reboot it shows the same configuration of deny all is in there.
[04:58] <sekyourbox> not sure what to check for startup scripts
[05:02] <twb> sekyourbox: pastebin the output of "find /etc/init /etc/event*/ /etc/rc?.d/ -ls".
[05:02] <sekyourbox> sorry no internet on that machine
[05:02] <sekyourbox> lol twb
[05:02] <twb> sekyourbox: I don't care how you do it.
[05:13] <sekyourbox> okay was that just me?
[05:13] <sekyourbox> or was that a netsplit from hell
[05:13] <thebwt> sekyourbox: yup
[05:14] <thebwt> sekyourbox: oh, as in just you, you were the only one that left from my PoV
[05:14] <sekyourbox> lol, are you playing with me?
[05:14] <thebwt> Netsplit *.net <-> *.split quits: sekyourbox
[05:14] <thebwt> lol
[05:15] <sekyourbox> re spawn
[05:23] <ChmEarl> finally got linux-image-virtual kernel running as PV guest in Xen
[05:24] <ChmEarl> guest is Karmic 9.10 server (root=1G) and host is Xen 4.0 on SuSE 11.2
[07:12] <mealstrom> hi. easy question. how to disable ip_v6 on some ethernet port ? say eth0
[07:34] <mealstrom> not os easy as I supposed...
[07:44] <jayvee> mealstrom, sysctl net.ipv6.conf.eth0.disable_ipv6=1
[07:45] <mealstrom> thanks
[07:45] <jayvee> but why do you want to disable ipv6?
[07:45] <mealstrom> there were some unfixed bugs with ipv6 and dhcp or something like this. just want to close external interface
[07:47] <jayvee> if I were you, I'd seriously consider deploying IPv6 for real some time.
[07:53] <Jeeves_> 'some unfixed bugs with ipv6'
[07:54] <Jeeves_> mealstrom: Disable ipv4 as well! There are various products on IPv4 that have unfixed bugs!
[07:54] <mealstrom> (:
[07:54] <mealstrom> nice idea
[07:54] <mealstrom> internal network is using ipv6 )
[07:55] <persia> Point-to-point serial connections are the only safe path to the future :)
[07:56] <persia> But more seriously, why isn't IPv6 the default for the virbr0 network in libvirt?
[08:08] <Jeeves_> persia: Because ipv6 is unfortunatly not taken very seriously by some people
[08:09] <persia> Jeeves_: Is there a technical reason we can't set up libvirt do to both IPv4 and IPv6 by default?
[08:09] <Jeeves_> You'd need some address space
[08:10] <Jeeves_> I'd think you'd need to add a /64 to the libvirt interface
[08:10] <persia> We're using something in 192.168/16 now for IPv4.  Couldn't we use something in fc00::/7 for IPv6 ?
[08:11] <persia> (or maybe fec0::/10 )
[08:11] <jayvee> persia, because the VMs can't connect to the Internet that way
[08:11] <jayvee> IPv6, unlike v4, doesn't have NAT for that sort of thing.
[08:12] <jayvee> yes, you can add global addresses as well, but it's a little sticker
[08:12] <jayvee> s/sticker/stickier/
[08:12] <persia> Ah, so we'd need to install an IPv6->IPv4 gateway by default, and that breaks people with IPv6, etc.
[08:12] <Jeeves_> persia: Uh? What?
[08:12] <Jeeves_> You just need ipv6, not an ipv6->ipv4 gateway
[08:13] <persia> Jeeves_: I either need IPv6 NAT or a gateway to let the VMs route to the internet unless I have real address space.
[08:13] <Jeeves_> I'm trying my best to get Canonical to offer all packages on ipv6, so you won't need ipv4 at all! :)
[08:13] <Jeeves_> persia: get real address space? :)
[08:13] <Jeeves_> Seriously, get a tunnel somewhere
[08:14] <Jeeves_> Or just native, but that's probably more complicated
[08:14] <persia> Jeeves_: What packages don't work with IPv6?  Surely those can be just patched, rather than waiting for Canonical to get to it.
[08:14] <persia> Jeeves_: Also, while getting address space isn't that hard, it doesn't solve the "what gets shipped by default" issue.
[08:15]  * persia tries not to carry local patches or configuration changes, if possible, as this makes install/replication of new stuff easier
[08:15] <Jeeves_> persia: archive.ubuntu.com and security.ubuntu.com don't have AAAA-records
[08:16] <persia> Oh, so there's no IPv6 mirror.  I understand.  Is there anything missing in the packages, or is it just a mirror thing?
[08:17] <jayvee> things like Postfix don't come configured for IPv6 out of the box
[08:17] <jayvee> So following things like this http://www.sixxs.net/wiki/Postfix (which I wrote) becomes necessary.
[08:17] <persia> jayvee: Is there a known working patch to the default config that would sort that, or do we run into address space issues again?
[08:18] <jayvee> Well IMO it's something that should change upstream as well.
[08:18] <jayvee> It shouldn't require hard-coding of your IPv6 address space
[08:19] <persia> I'm in complete agreement with that.  Is there a patch that makes sense to make to default config?  (Doesn't really matter where it gets applied, once it exists)
[08:19] <jayvee> If you don't specify mynetworks, I believe it is automatic, so if the defaults were changed to 'all' instead of 'ipv4', it should "just work".
[08:19] <jayvee> Only disadvantage is that no spam DNSBLs support IPv6 yet.
[08:19] <jayvee> One did, but it's now defunct.
[08:19] <jayvee> Not sure if a patch exists.
[08:20]  * persia tends to find that ideas get more tractions when patches exist and are promoted
[08:20] <persia> But the lack of DNSBL for IPv6 makes it awkward :(
[08:20] <jayvee> Well DNSBLs aren't configured by default anyway, so there's one way to justify it.
[08:20] <persia> Good point.
[08:21] <jayvee> Also I haven't seen a single piece of spam or abuse on IPv6 yet.
[08:21] <persia> That's a sign of lack of adoption, really.
[08:21] <jayvee> Yeah.
[08:21] <jayvee> Also, avahi doesn't come configured with IPv6 turned on by default.
[08:22] <persia> I could once say that about Usenet :)
[08:22] <jayvee> One really unfortunate thing about avahi is that when you do enable IPv6 in /etc/avahi/avahi-daemon.conf, you see duplicate services.
[08:22] <persia> Is there a local-link address space for IPv6?  I didn't think there was an equivalent to 169.254
[08:22] <jayvee> yes
[08:22] <jayvee> fe80::/12 or something
[08:22] <jayvee> So, for example, in the VNC client, you see two of every server that has IPv4 + IPv6
[08:23] <mealstrom> omg ... I've just said how to disable ipv6 on one nic :)
[08:23]  * jayvee looks it up 
[08:23] <jayvee> fe80::/10
[08:23] <persia> mealstrom: Sure, but you've hit on a discussion that needs happening :)
[08:23] <jayvee> persia: http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.txt
[08:23] <Jeeves_> btw, Ubuntu postfix doesn't come with ipv6-enabled by default
[08:24] <jayvee> 2000::/3 (i.e. 2000-3fff) is the "global" address space
[08:24] <jayvee> Jeeves_, yeah, I just said
[08:24] <persia> Right.  So postfix is easy: just needs a minor tweak (and some discussion on the mailing list)
[08:24] <jayvee> fc00::/7 is closest to the RFC 1918 addresses (e.g. 10.0.0.0/8)
[08:24] <persia> Well, and 172.16... and 192.168...
[08:24] <jayvee> yaeh
[08:25] <jayvee> persia: $ host www.debian.org
[08:25] <persia> avahi needs some way to know when we're talking to a unique machine to avoid duplicated services.  Can we do something with arp to help with that?
[08:25] <jayvee> www.debian.org has IPv6 address 2001:388:1034:2900::26
[08:25] <jayvee> that's hosted in Australia. :-D
[08:25] <jayvee> persia: nothing to do with what you just said, but IPv6 doesn't use ARP
[08:25] <persia> heh.  I wonder who tracks that record most closely :)
[08:26] <jayvee> it uses Neighbour Discovery
[08:26] <jayvee> you could turn off ipv4 in avahi, but that breaks compatibility with every released ubuntu to date
[08:26] <jayvee> not sure how OS X does it
[08:26] <jayvee> OS X has had full IPv6 zeroconf support since 2003
[08:26] <persia> Probably ignores IPv6 if names are duplicated or something.
[08:27] <jayvee> there is also a major flaw in the internals of glibc that prevent mdns from working with link-local (fe80::/10) addresses
[08:27] <persia> There's an open bug about that?
[08:27] <jayvee> yes
[08:27] <jayvee> it's been open for years and years
[08:27] <persia> Anyone working on it?
[08:27] <jayvee> doubtful
[08:27] <jayvee> it would break too much software
[08:28] <jayvee> it's more of a design flaw
[08:28] <jayvee> reason being is that link-local addresses also require a "scope ID"
[08:28] <jayvee> so I can ping a global address without a scope ID, like so:
[08:28] <jayvee> $ ping6 2001:44b8:1::1
[08:28] <jayvee> but to ping a link-local address, I need to specify the ethernet interface
[08:28] <jayvee> $ ping6 fe80::21b:fcff:fe25:42e7%eth0
[08:29] <jayvee> now that's obviously structured differently in memory
[08:29] <jayvee> but basically glibc doesn't have the provision to return the scope in the dns functions, from what I understand
[08:29] <jayvee> actually, I think that's more nss-mdns's problem than avahi
[08:30] <persia> Sounds it.
[08:30] <jayvee> so that doesn't work in an ad-hoc setting
[08:30] <jayvee> whereas 169.254 addresses work fine with avahi right here rightn ow
[08:31] <persia> OK.  Reading about NDP, it won't get us information we can reliably compare with something else to determine host identity.
[08:31] <jayvee> the one thing that is the same is the hostname, though
[08:31] <persia> not necessarily, but I agree it's likely safe to assume that.
[08:31] <jayvee> nss-mdns also isn't enabled for ipv6 by default
[08:31] <persia> But I think that belongs in the avahi UIs, rather than anywhere else.
[08:32] <jayvee> in /etc/nssswitch.conf, you need to change 'mdns4' to 'mdns'
[08:33] <jayvee> in ubuntu 8.04, samba doesn't support ipv6, but in 8.10 and up, it is fully supported and interoperable with Windows Vista, which also supports SMB over IPv6
[08:33] <jayvee> however, LLMNR isn't supported
[08:33] <jayvee> which is basically the IPv6 equivalent of nmblookup that microsoft invented
[08:33] <persia> Right.
[08:33] <merlijn-> hello, I'm trying to get ubuntu to boot from an older debian kernel - I have already downgraded to grub-1 but I keep getting error 13 when trying to boot the old kernel
[08:33] <jayvee> LLMNR is rumoured to be supported by avahi one day
[08:33] <jayvee> LLMNR is not ubuntu's problem
[08:34] <jayvee> https://bugs.launchpad.net/ubuntu/+source/nss-mdns/+bug/94940
[08:34] <uvirtbot`> Launchpad bug 94940 in avahi "mdns listed in nsswitch.conf causes excessive time  for dns lookups" [Undecided,Confirmed]
[08:34] <persia> I think there ought to be a wiki page listing known issues and referencing open bugs, etc.
[08:34] <persia> Looking around, I don't think one exists.
[08:34] <persia> There's https://wiki.ubuntu.com/IPv6Integration but that's an incomplete spec.
[08:34] <jayvee> http://lists.freedesktop.org/archives/avahi/2007-February/000959.html
[08:35] <persia> There's also https://wiki.ubuntu.com/IPv6 but that's user documentation.
[08:35] <persia> Would you mind creating https://wiki.ubuntu.com/IPv6/OutstandingIssues or similar?
[08:35] <persia> Jeeves_: Maybe you also have some useful stuff to add there?
[08:36] <persia> if we get it all in one place, I suspect we'll be well poised to get patches where they need to be to make it work.
[08:36] <FireCrotch> isn't "outstanding issues" and the like what launchpad is for?
[08:36] <Jeeves_> FireCrotch: Yes, it is
[08:36] <Jeeves_> persia: the wiki isn't a bug tracker :)
[08:36] <persia> FireCrotch: Launchpad does a great job of capturing individual issues, or plans to resolve classes of issues.  It does less well at organising them.
[08:37] <persia> Jeeves_: I know, but it gives us structure, so we can identify which issues block other bits, etc. and build a strategy to solve things.
[08:37] <persia> Jeeves_: I don't think just adding an "ipv6" tag to bugs gives us that.
[08:37] <jayvee> there's already the "IPv6 Task Force" in launchpad which does bugger all
[08:37] <Jeeves_> Indeed
[08:38] <persia> Maybe that team needs a refresh :)
[08:38] <jayvee> (excuse my Australian)
[08:38] <Jeeves_> persia: Feel free to join
[08:39] <persia> Jeeves_: I need to get a new router first :)  My router doesn't support IPv6.
[08:39] <persia> (and I know almost nothing about the area)
[08:39] <jayvee> you can learn a lot even by just running a tunnel on your PC
[08:40] <jayvee> apt-get install gw6c
[08:40] <jayvee> gets you on the IPv6 internet with a single IP through an anonymous tunnel provided by freenet6
[08:40] <jayvee> works through NATs with no config
[08:41] <persia> Installed, and I'm sure I'll learn.
[08:41] <jayvee> persia: does http://ipv6.google.com/ work?
[08:41] <persia> I still think it's worth trying to organise the list of issues if we want them solved.
[08:42] <jayvee> I think the main issues aren't actually technical — they're political
[08:42] <persia> jayvee: Now that I've installed gw6c, yes.
[08:42] <jayvee> for example, I was disgusted when I was reading the Ubuntu Enterprise Cloud documentation
[08:42] <persia> I'm fairly certain the main issues are political.  That's why I think it needs organisation.
[08:42] <jayvee> it was all IPv4
[08:43] <persia> Organisation is key to political discussion, and well-organised plans can easily overcome apathy.
[08:44] <jayvee> hmm, I guess you have more faith in bureaucracy than I do :)
[08:45] <persia> It's not that.  I just consider bureaucracy a tool.
[08:45] <persia> Like any tool, one needs to use it the right way.
[08:45] <persia> Documentating what needs doing, and in what order it needs doing builds a plan.
[08:45] <persia> Having such a plan makes it easier to create the necessary patches.
[08:45] <persia> Getting those patches applied is just legwork on the various mailing lists, bug trackers, etc.
[08:46] <persia> Having a plan, and garnering support at the distribution level helps provide incentive and demonstration of testing to upstreams.
[08:46] <persia> Having a plan and garnering upstream support helps support applying patches at the distribution level when upstream balks.
[08:47] <jayvee> I'm just gonna test whether nginx supports it by default
[08:48] <jayvee> actually, I already have apache
[08:48] <jayvee> hmm, someone else want to install nginx on karmic or lucid and tell me what "netstat -64ln | grep 80" says?
[08:50] <persia> jayvee: Do you need a real install, or will the result from a liveCD meet your needs?
[08:50] <jayvee> live CD
[08:50] <jayvee> hey, don't go to too much trouble
[08:54] <persia> Argh!  kvm is coredumping on every launch for me right now.  Sorry.
[08:54] <persia> (and worse yet, the "report a problem" bit won't complete)
[08:54] <jayvee> no worries at all
[08:55] <jayvee> I'm wiping the dust off one of my VMs
[08:55] <persia> When kvm isn't segfaulting, I usually find it trivially easy to instantiate a new VM from a liveCD.
[08:56] <persia> (and tend to recommend that procedure rather than maintaining VMs for scratch tests)
[08:56] <persia> A fresh install tends to avoid any yet-unfixed upgrade bugs.
[08:57] <jayvee> persia: well here we go: https://wiki.ubuntu.com/IPv6/OutstandingIssues
[08:58] <persia> Wasn't there a glibc bug?
[08:58] <persia> Jeeves_: Do you know of anything else outstanding?
[09:00] <jayvee> Actually I think that a section should be added with regards to services like archive.ubuntu.com and www.ubuntu.com not having AAAA records.
[09:00] <_ruben> i thought postfix posed you a question wether to listen on ipv4 or ipv6 or both .. perhaps only during reconfiguration or so
[09:01] <persia> _ruben: It does, but only on reconfigure.
[09:01] <persia> _ruben: The idea would be to change the default.
[09:02] <_ruben> persia: ah ok
[09:02] <Jeeves_> There's a bug where ssh x-forwarding doesn't work on a box where ipv6 isn't enabled, but ssh listen on ::
[09:02] <persia> Template: postfix/protocols
[09:03] <TeTeT> ttx: on bug 524147, is it true that one CC always controls exactly one Availability Zone? So you can't have an AZ with multiple CCs for redundancy within that AZ?
[09:03] <uvirtbot`> Launchpad bug 524147 in eucalyptus "UEC NC failed to fetch preseed.conf from CC using lucid-server-amd64-20100218" [Medium,Confirmed] https://launchpad.net/bugs/524147
[09:03] <ttx> TeTeT: yes it's true
[09:04] <ttx> TeTeT: you can't have multiple CCs for the same "cluster"
[09:04] <ttx> TeTeT: there is a HA module in the closed-source eucalyptus, not sure what it does though
[09:05] <persia> Jeeves_: How can ssh listed on :: when IPv6 is disabled?
[09:06] <Jeeves_> Let me rephrase that.
[09:06] <Jeeves_> ipv6 is enabled but there aren't any ipv6 addresses available
[09:07] <persia> Ah.  Right.
[09:07]  * persia suspects that's a bug in the definition of "ipv6 is enabled"
[09:08] <TeTeT> ttx: ok, so you should plan your CC and CLC to be redundant when going for a production environment, only the NC can be left brittle
[09:09] <jayvee> persia, Jeeves_: there is also the possibility for currently working IPv6 functionality to be broken for IPv4 in the future
[09:09] <jayvee> Debian recently announced that bindv6only would be enabled by default
[09:09] <jayvee> currently, if you listen on ::, it includes the ::ffff:0.0.0.0 compabitility addresses for IPv4
[09:09] <jayvee> so if your server app is IPv6-enabled, it is IPv4 enabled
[09:10] <jayvee> so you only have to support one stack
[09:10] <Jeeves_> persia: There allready is a bug about that
[09:10] <ttx> TeTeT: CLC and Walrus are the one SPOF, CC+SC you could consider losing them and still have a few clusters running elsewhere
[09:10] <jayvee> and lots of servers currently depend on that behaviour, and will then lose IPv4 functionality when that option is enabled
[09:10] <ttx> TeTeT: depends on the SLA you want to offer with the private cloud
[09:10] <jayvee> reason why the option is changing is because it's not RFC-compliant, as far as I've heard
[09:13] <jayvee> unrelated, but CentOS has a bug in its installed. It says "neighbour advertisement" when it should say "router advertisement". and actually I think it should be saying "router discovery" in that particular instance, but I forget.
[09:13] <jayvee> s/installed/installer/
[09:14] <persia> Jeeves_: I can't find that bug.  All I find for ssh ipv6 are bugs #281882 and #407173
[09:14] <uvirtbot`> Launchpad bug 281882 in openssh "ssh hangs in initial handshaking when using IPv6" [Undecided,Confirmed] https://launchpad.net/bugs/281882
[09:14] <uvirtbot`> Launchpad bug 407173 in openssh "openssh: Please set traffic class on IPv6 packets" [Wishlist,Confirmed] https://launchpad.net/bugs/407173
[09:15] <Jeeves_> persia: Just a sec
[09:17] <jayvee> there is a bug that I don't know whether it was reported or not, but if I use an SSH SOCKS proxy, I cannot access IPv6–enabled websites
[09:17] <jayvee> whether SSH is running over IPv4 or IPv6
[09:17] <jayvee> all I get is "connection denied" or something — can't remember exactly
[09:18] <Jeeves_> persia: 434799
[09:18] <persia> buf #434799
[09:18] <persia> bug #434799
[09:18] <uvirtbot`> Launchpad bug 434799 in openssh "X11 forwarding via SSH does not work after upgrade to karmic" [Low,Confirmed] https://launchpad.net/bugs/434799
[09:19] <persia> https://bugs.launchpad.net/ubuntu/+bugs?field.tag=ipv6 probably needs more, but I've added that.
[09:21] <uvirtbot`> New bug: #535583 in nut (main) "Excessive logging by apcsmart program" [Undecided,New] https://launchpad.net/bugs/535583
[09:49] <persia> jayvee: Were you talking abut bug #239701 earlier, or a different one in glibc ?
[09:49] <uvirtbot`> Launchpad bug 239701 in glibc "getaddrinfo fails with numerical IPv6 values" [Undecided,New] https://launchpad.net/bugs/239701
[09:58] <jayvee> persia, nope
[09:58] <persia> Heh.  OK.
[09:59] <jayvee> I'm referring to the fact that resolving something like "rillian.local" can't return "fe80::21b:fcff:fe25:42e7%eth0". Only things like "2001:44b8:7df3:b970::23".
[09:59] <persia> I found a bunch more "please enable ipv6" bugs.  I'm not sure there is a clear solution for them yet.  Added a link to the bugtracker on the page.
[09:59] <jayvee> On OS X, it works perfectly.
[09:59] <jayvee> ping6 rillian.local works both on a link-local only and a global network.
[09:59] <jayvee> on OS X
[10:00] <Jeeves_> jayvee: On osx, you're never sure wether you will use ipv4 or ipv6
[10:00] <persia> Right.  So we need to reach feature parity :)
[10:00] <Jeeves_> It depends on what answer comes in first
[10:00] <jayvee> I'm not sure whether it's an RFC-compliance issue. Maybe OS X is breaking RFCs to provide that. But I'm not sure.
[10:00] <jayvee> But OS X has supported that since v10.3, which was released in 2003.
[10:00] <jayvee> My v10.3 Panther system supports IPv6 better than Windows 7 and Ubuntu. ;)
[10:01] <uvirtbot`> New bug: #325111 in ntp "ntpq output truncates IPv6 addresses" [Unknown,Confirmed] https://launchpad.net/bugs/325111
[10:01] <jayvee> ejabberd doesn't have IPv6 enabled by default
[10:01] <jayvee> is it worth talking about universe packages, or only main packages?
[10:02] <jayvee> I spose main is more important. ejabberd is in universe.
[10:02] <persia> It's worth talking about everything.
[10:03] <persia> The current definition of "main" is only that stuff in main builds against stuff in main.  It doesn't currently correspond to translations support, upload restrictions, security support, etc.
[10:03] <persia> A better way to think about things is "what is available by default takes priority".
[10:06] <jayvee> well CUPS only listens on 127.0.0.1:631
[10:06] <jayvee> so http://[::1]:631/ doesn't work — not that that's a problem affected by the IPv4 apocalypse
[10:07] <jayvee> localhost should resolve to both ::1 and 127.0.0.1
[10:07] <jayvee> currently it only resolves to 127.0.0.1
[10:07] <jayvee> also, Second Life doesn't work if you have an IPv6 address for a nameserver in /etc/resolv.conf
[10:07] <jayvee> but that's offtopic — it's not in Ubuntu
[10:09] <jayvee> I do believe bind9 is IPv6-enabled by default.
[10:10] <jayvee> I think maybe some sample config in comments for IPv6 wouldn't go wrong in /etc/network/interfaces
[10:10] <jayvee> comments in configs are some of the best ways to learn, IMO
[10:12] <persia> Some of the bugs I'm encountering reference a slowness when IPv6 is enabled, and suggest disabling it.
[10:12] <persia> Could this be worked around by trying IPv4 first when available until the majority of folk are using IPv6?
[10:16] <persia> bug #374674 looks like an attempt to do that, but perhaps not in the ideal way
[10:16] <uvirtbot`> Launchpad bug 374674 in glibc "ipv6 link local address lookup broken" [Undecided,New] https://launchpad.net/bugs/374674
[10:17] <Japje> personally i would not prefer a work around that try's IPv4 before IPv6.. mainly because v6 first is expected behavior for everything .. dont think breaking that behavior is a proper solution
[10:18] <Japje> but thats just my humble opinion
[10:18] <persia> Japje: So, how do you suggest things be configured so that non-IPv6 using Desktop users don't need to wait for an ipv6 lookup timeout before starting the IPv4 lookup?
[10:19] <persia> I agree with the idea, but think that IPv4-before-IPv6 is better than no-IPv6
[10:19] <Jeeves_> persia: a NXdomain will not cause timeouts
[10:19] <Jeeves_> A nameserver that doesn't understand AAAA-requests will cause timeouts
[10:19] <Jeeves_> glibc is fixed, so that it won't ask for AAAA-requests if there is no routable ipv6 available
[10:19] <persia> Right, which is extremely common at the average "WiFi HotSpot"
[10:20] <Jeeves_> Indeed
[10:20] <Jeeves_> Because using a sane nameserver is very difficult! ;)
[10:20] <persia> And this causes complaints, and current documentation that recommends disabling IPv6.
[10:21] <persia> I'd like to find a (temporary) solution that helps ensure IPv6 is enabled for everyone, and then it's easier to migrate folk.
[10:21] <persia> Note that this may not cause hideal behaviour for IPv6 users in mixed environments by default, but surely that's better than having IPv6 just not work.
[10:43] <persia> OK.  Of the 68 tagged ipv6 bugs 9 have patches or branches.  Those probably need a bit of testing, and coordination with appropriate folk.  The rest need patches.
[11:15] <hemanth> hi, is there a way to keep two mysql DB's in sync in LAN?
[11:16] <hemanth> i'm on a Ubuntu 8.04 [LTS] server
[11:22] <Jeeves_> hemanth: Yes, Mysql Replication
[11:29] <Airells> could you tell me softs like webmin to administrate servers ? ( everything that makes job easy ) thx
[11:29] <_ruben> !ebox
[11:30] <Airells> ubottu, thx
[11:30] <hemanth> Jeeves_, any package for that? i tired mysql replication, but there  i need to specifically indicated each and every table.
[11:31] <Airells> _ruben, thx
[11:46] <Jeeves_> hemanth: No you don't need to do that
[11:46] <Jeeves_> * is good enough
[12:06] <Kenjiro> good morning everyone
[12:06] <Kenjiro> guys, since yesterday I am trying to fix a problem on a apache server (ubuntu 9.10)
[12:07] <Kenjiro> I try to start apache2 and I get -> Syntax error on line 43 of /etc/apache2/sites-enabled/000-default:
[12:07] <Kenjiro> Unknown Authn provider: ldap
[12:07] <Kenjiro> however, I do have ldap.load in /etc/apache2/mods-enabled/
[12:10] <cjwatson> ttx: can you reproduce bug 535123?  if so, how?
[12:10] <uvirtbot`> Launchpad bug 535123 in openssh "Lucid: Recent update to ssh mean ssh-askpass-gnome fails to recognize the correct password" [High,New] https://launchpad.net/bugs/535123
[12:11] <cjwatson> ttx: you were pretty definite about which version you reckoned introduced it ...
[12:12] <cjwatson> ttx: but there were no changes anywhere near that part of the code AFAICS
[12:16] <Kenjiro> ok, sorry, I think I solved that by myself. I hadn't enabled the authnz_ldap module ;)
[12:26] <ttx> cjwatson: haven't reproduced it (that's why I haven't marked it Confirmed), guessed version based on reporter comment
[12:27] <ttx> i.e. tried to translate "Recent update" to something clearer
[12:28] <cjwatson> more likely an upstream upgrade to 5.3p1 then
[12:28] <ttx> cjwatson: switched to Incomplete/Medium to reflect the fact that it's not easily reproducible
[12:41] <acalvo> is there any reason why two VMs in the same VM server sharing the same net behave different when accessing thru SSH? one faster and the other much slower
[12:41] <acalvo> how can I do some benchmarks to know the overall performance of a server?
[12:42] <pmatulis> !info iperf
[12:43] <acalvo> thanks
[12:50] <pmatulis> acalvo: are you comparing performance of the 2 VMs while both are being used?
[12:50] <acalvo> yes, but just to get some results
[12:50] <acalvo> if the connection is greater than, 100Mbits, will be fine
[12:50] <pmatulis> acalvo: both using virtio network driver?
[12:51] <pmatulis> (i'm assuming you're using KVM)
[12:51] <acalvo> I can't explain why SSH'ing one gets semi-stuck entering commands and the other goes fine
[12:51] <acalvo> pmatulis: VMWare ESXi server with VMware tools installed
[12:51] <acalvo> both ubuntu 9.04
[12:51] <pmatulis> oh
[12:51] <uvirtbot`> New bug: #536620 in vsftpd (main) "SEGV when using pasv_address" [Undecided,New] https://launchpad.net/bugs/536620
[12:51] <ogra> ttx, you i and NCommander need to talk about likewise but i'm in several calls today, will you be around in 2-3h ?
[12:52] <ttx> ogra: should be yes
[12:52] <ogra> great
[12:54] <acalvo> connection is fine (> 900 Mbits/sec)
[12:55] <acalvo> why could cause a SSH to be so slow?
[12:55] <pmatulis> acalvo: well, you'll need to describe the test that makes you come to that conclusion
[12:57] <acalvo> well, I've just tested connection status with iperf and its default configuration
[12:58] <zul> monring
[12:58] <pmatulis> morning
[13:10] <uvirtbot`> New bug: #535608 in ntp (main) "package ntp 1:4.2.4p6 dfsg-1ubuntu5.1 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 127" [Undecided,New] https://launchpad.net/bugs/535608
[13:16] <uvirtbot`> New bug: #420470 in samba (main) "winbind segfault starting up" [Medium,Triaged] https://launchpad.net/bugs/420470
[13:20] <zul> die bugs die!
[14:02] <uvirtbot`> New bug: #529290 in samba (main) "logrotate script needs to be updated for Upstart conversion" [Undecided,Triaged] https://launchpad.net/bugs/529290
[14:12] <uvirtbot`> New bug: #514765 in samba (main) "Shared folder creation fails due to incorrect testparm path" [Low,Incomplete] https://launchpad.net/bugs/514765
[14:13] <mathiaz> jcastro: hi - https://bugs.edge.launchpad.net/~ubuntu-server/+patches
[14:14] <mathiaz> jcastro: ^^ what are bugs marked Fix Released included in the report?
[14:20] <diago> what replaced vol_id in 9.10 ?
[14:20] <diago> I used to use vol_id --uuid
[14:26] <diago> what replaced vol_id in 9.10 ?
[14:27] <persia> Asking multiple times won't get an answer faster.
[14:27] <persia> Asking for support in this channel when all the developers are in a meeting also is likely to cause a delay.
[14:27] <diago> I believe I waited the 10 minute period allotted by IRC
[14:28] <diago> ah, no I didn't I just saw people jumping in
[14:29]  * _ruben never heard of such a 10minute rule
[14:29] <_ruben> and the answer might be "blkid"
[14:30] <diago> thanks _ruben
[14:32] <diago> Anyone know how to get just the UUID?
[14:35] <persia> _ruben: The "10 minute rule" is a guideline in #ubuntu, where there's so much traffic that questions often do need repeating.
[14:42] <_ruben> persia: ah ok
[14:45]  * Kenjiro is back
[14:45] <Kenjiro> I am trying to find out what I am missing. I have a ubuntu server which should authenticate, using LDAP, on another server
[14:45] <Kenjiro> however this ldap authentication is not working... and I don't know why :(
[14:46] <Kenjiro> as far as I checked, the logs don't give me a good clue :(
[14:47] <Kenjiro> all I get is this -> http://pastebin.ca/1831910
[14:47] <Kenjiro> any tips? :(
[14:47] <Kenjiro> I don't know which config files I should check now
[14:47] <Kenjiro> (ubuntu 9.10)
[14:48] <Kenjiro> and yes, I am FAIRLY green to ldap :(
[14:49] <sherr> Kenjiro: what guide are you following?
[14:50] <sherr> Kenjiro: Have you trid following :
[14:50] <sherr> http://www.howtoforge.com/install-and-configure-openldap-on-ubuntu-karmic-koala
[14:50] <sherr> *tried
[14:50] <Kenjiro> sherr: to be true... I was "given the mission" to migrate an old server to this new one. (all the services).
[14:51] <Kenjiro> out of the blue, short time to do it... (you might know how things work) :(
[14:51] <sherr> OK, well try following a guide :-) Howtoforge are normally step by step.
[14:51] <Kenjiro> sherr: let me check that guide of yours
[14:52] <Kenjiro> sherr: my problem is setting up the client
[14:52] <Kenjiro> the server is ok
[14:52] <sherr> Note - not my guide. I have not used it (or configured LDAP) - but there are lots of good resources around.
[14:52] <Kenjiro> (just for the record)
[14:59] <acalvo> Kenjiro: but where is the problem?
[14:59] <acalvo> Kenjiro: nss_ldap?
[15:00] <Kenjiro> acalvo: that's the problem... I don't know where the problem is
[15:00] <Kenjiro> acalvo: did you check that pastebin I pasted here?
[15:00] <acalvo> nope
[15:00] <Kenjiro> hold on
[15:00] <Kenjiro> http://pastebin.ca/1831910
[15:00] <acalvo> it just shows that a user tried to log in
[15:00] <acalvo> and the system does not know that user
[15:00] <acalvo> but what do you want to achieve?
[15:00] <Kenjiro> that's what I get in /var/log/auth.log when I try to login using a user from the ldap server
[15:00] <acalvo> relay in another server to do the auth at PAM level?
[15:01] <Kenjiro> acalvo: I have to migrate the services from an old ubuntu server to this new one (9.10).
[15:01] <acalvo> yes, but what services?
[15:01] <Kenjiro> almost everything is ok by now, but this login/auth thing
[15:01] <sherr> Kenjiro: there are command line ldap query tools - query the ldap server for the user - is the user found?
[15:02] <Kenjiro> on the old server I can login using a LDAP user (the ldap server is another one)
[15:02] <acalvo> Kenjiro: hold on
[15:02] <Kenjiro> on the new server I can't
[15:02] <Kenjiro> I started checking the config files on the old server, than changing the files on the new server
[15:03] <acalvo> Kenjiro: ok, look https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html for "LDAP Authentification"
[15:03] <Kenjiro> acalvo: holding ;)
[15:03] <acalvo> that's why I've set up most of my servers to auth against another LDAP server
[15:03] <acalvo> s/why/how
[15:03] <Kenjiro> let me check that then
[15:03] <Kenjiro> guys, first and foremost, thanks for the attention ;)
[15:03] <acalvo> np
[15:04] <acalvo> I've a server crashing randomly. I've tried to set up something to log when it crashes, but I couldn't see anything wrong
[15:04] <acalvo> any way to get all data before it crashes?
[15:04] <acalvo> it's just a web server with bind and dhcp3-server
[15:05] <acalvo> it had squid with NTLM auth, but I've removed both (squid and windbind)
[15:05] <acalvo> and now it's crashing
[15:05] <acalvo> I can ping it when it's "dead", but I can SSH to it nor access directly
[15:05] <acalvo> hard reboot to get it working again
[15:05]  * Kenjiro bbl
[15:06] <diago> acalvo: no chance for booting into recovery?
[15:06] <acalvo> well, I guess I can
[15:07] <acalvo> what's the point in rebooting into recovery?
[15:07] <diago> aren't you just trying to get you data off?
[15:07] <acalvo> nope
[15:07] <acalvo> I'm tryting to get it working 100%
[15:08] <diago> ah, maybe you can research the logs in recovery
[15:08] <AnAnt> Hello, how can I set user permissions on LDAP ?
[15:09] <acalvo> diago: that what I've thought, but it days so early I can see nothing in the logs
[15:09] <acalvo> AnAnt: user permissions for what?
[15:09] <acalvo> AnAnt: changing something in LDAP?
[15:10] <acalvo> fool question: when a computer runs out of memory (physical and virtual), it gets stucked?
[15:10] <diago> if it doesn't it would be PAINFULLY slow
[15:11] <diago> I can see services shutting down easily because of that though
[15:11] <acalvo> yes, but it'd recover from that
[15:11] <acalvo> kill all memory-eater services and keep going, right?
[15:11] <acalvo> I'm seeing that now, when the machines is not in a peak time, swap is being used
[15:12] <AnAnt> acalvo: no, for machines, ie. I want users X & Y to have admin rights on machines in the network
[15:12] <AnAnt> X & Y are LDAP users
[15:12] <acalvo> well, join them to a group that has those privileges
[15:12] <acalvo> is it samba based?
[15:12] <AnAnt> no OpenLDAP
[15:13] <AnAnt> acalvo: so I should go on every machine and add X & Y to admin group
[15:16] <AnAnt> ?
[15:17] <acalvo> no
[15:17] <acalvo> but you can share LDAP groups across multiple machines
[15:18] <acalvo> and give rights to groups
[15:18] <acalvo> so every user in those groups have privileges
[15:18] <AnAnt> give rights to groups on each machine ?
[15:18] <acalvo> no
[15:18] <acalvo> erm
[15:19] <acalvo> just creat groups in LDAP and, using any method, connect your machines to LDAP so they can read all information from it
[15:19] <acalvo> groups, users, and so on
[15:19] <acalvo> this way, you just have to set up once everything
[15:19] <AnAnt> yes, but about permissions ?
[15:19] <AnAnt> I did create the users & groups
[15:20] <AnAnt> but the question is, I got machines: red , blue , green
[15:20] <AnAnt> should I go to each machine, and add the group "admins" to the sudoers for example ?
[15:21] <lenios> as far as i know, yes
[15:21] <lenios> it's the same with AD
[15:21] <acalvo> oh, with that kind of rights, yes
[15:22] <acalvo> https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html
[15:22] <AnAnt> acalvo: yes, I used that guide
[15:30] <acalvo> AnAnt: try to ask in #openldap
[15:31] <uvirtbot`> New bug: #536695 in dovecot (main) "1.2.x versions before 1.2.11 are vulnerable to DoS attack" [Undecided,Confirmed] https://launchpad.net/bugs/536695
[15:31] <AnAnt> ok
[15:44] <sherr> I have not (yet) had the pleasure of setting up a Directory Server, but have to occasionally use AD at work. Connecting to, or replacing, AD are important topics in the business use of Linux. I'm interested in asking : has anyone experience of using any other DS other than OpenLDAP? There are very interesting opensource alternatives e.g. 389 Directory Server (ex-Fedora DS), Apache DS etc. Not only very full featured, but including decent fron
[15:44] <sherr> http://directory.fedoraproject.org/
[15:44] <sherr> http://directory.apache.org/apacheds/1.5/
[15:45] <sherr> I'm considering LDAP for future needs - currently using NIS (+AD elsewhere) :-)
[15:45] <acalvo> well, I'm using Apache Directory Studio as a front-end
[15:45] <acalvo> and openLDAP
[15:45] <sherr> to OpenLDAP?
[15:45] <acalvo> so far so good
[15:46] <sherr> Directory Studios is the client/front-end. Looks good. Maybe the back-end is good as well.
[15:46] <acalvo> sure
[15:47] <sherr> My personal view is that a DS is more important for business use than a cloud service/eucalyptus.
[15:47] <acalvo> is where all the sensitive data relays
[15:47] <acalvo> in education also
[15:48] <sherr> sensitive data relays?
[15:48] <acalvo> is stored, I meant
[15:50] <sherr> OK. I am sceptical about the cloud strategy for Ubuntu/Canonical, but hope it works out of course.
[15:50] <acalvo> it seems they're working hard on it
[15:50] <acalvo> will see what it gets
[15:54] <smoser> zul, ttx, kirkland, mathiaz i will be in and out the rest of the day, if you need me, please send email.
[15:54] <sherr> Yes, a lot of effort on it. I hope it pays off. Again from a boring business perspective (mine), I'd rather the effort was a Debian/Ubuntu Directory server, integrating with Samba/AD/Mail. With a decent (modern) front end.
[15:54] <zul> smoser: kk
[15:55] <acalvo> sherr: agree, from an Education point of view
[15:55] <sherr> acalvo: Yes, of course. Similar needs in this area to a business - lots of users and machines.
[15:56] <acalvo> yip
[15:59] <acalvo> from your experience, is it work to swith to worker vs prefork?
[16:01] <sherr> acalvo: Mine? My sites never need to worry about it and I've never had to bother testing or switching (from prefork).
[16:01] <acalvo> ok
[16:01] <sherr> All internal, non-public and <20 users (generally).
[16:16] <uvirtbot`> New bug: #536736 in samba (main) "package samba-common-bin 2:3.4.0-3ubuntu5.4 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 2" [Undecided,New] https://launchpad.net/bugs/536736
[16:21] <uvirtbot`> New bug: #518804 in samba (main) "samba-common 3.0.28a-1ubuntu4.10 post-installation script crashes (dup-of: 460842)" [Low,Confirmed] https://launchpad.net/bugs/518804
[16:24] <mardok_> My question isn't directly releated to the Ubuntu server, but I was wondering how I solve a problem with AppArmor not loading a profile.  I installed a xen kernel and it's says "Failure: AppArmor profiles failed to load"
[16:32] <uvirtbot`> New bug: #279643 in puppet (main) "puppet needs openssl" [Undecided,Fix released] https://launchpad.net/bugs/279643
[16:52] <uvirtbot`> New bug: #249783 in samba (main) "Wrong message when sharing a root-owned folder" [Wishlist,Confirmed] https://launchpad.net/bugs/249783
[17:11] <Kenjiro> acalvo: hello there again.
[17:11] <Kenjiro> acalvo: really thanks for that URL you showed me. That really helped solving my problem
[17:11] <Kenjiro> acalvo: Domo arigato gosaimas
[17:41] <cortex|sk> hi guys why is apache automatically reloading when i install apache module(mod_proxy for example)?
[17:49] <GhostFreeman> I'm not seeing a ~/.gemrc file in my home dir, could this be a problem?
[17:52] <_ruben> no, never seen it myself either
[17:52] <GhostFreeman> I guess it wouldn't hurt if I made on
[17:52] <GhostFreeman> trying to install Rails with Passenger and Apache2
[17:54] <igggimin> I'm trying to configure ssh tunnel manager to create a secure tunnel to this home machine that I can use remotely. Can someone help me with this?
[17:54] <igggimin> For example, how do I create the Privkey?
[17:55] <igggimin> And will Remote Desktop work?
[17:55] <igggimin> And how can I also set a tunnel to this machine for private internet access?
[17:56] <igggimin> I'm running Ubuntu 9.10 here, and will be connecting with Kubuntu 9.10. Any advice are appreciated
[18:14] <igggimin> lol - nobody?
[18:14] <igggimin> in the server channel??
[18:15] <Pici> igggimin: ssh tunnel manager sounds like a graphical application, and you're not likely to find support for that in the server channel.
[18:16] <Pici> If its not, keep in mind that not all channels are as busy as #ubuntu is.
[18:17] <_ruben> sigh .. one of these days again .. boot up my fileserver, its seeing all 4 disks as spares, instead of a raid5
[18:18] <igggimin> fair enough - yes it is graphical. I'm open to command line options too, either way. In the #ubuntu channel someone recommended I ask in here
[18:18] <igggimin> But I'm finding some documentation now - thanks
[18:19] <_ruben> weird, doing a mdadm --stop followed by a reassemble does the trick
[18:19] <_ruben> hmm .. doesnt see my lvm though ... sigh
[18:58] <andol> zul: Regarding bug #462749. In a January comment you mentioned it being a good SRU candidate. Do you mind if I pick up on that, or is it an issue you'd like to finnish yourself?
[18:59] <uvirtbot`> Launchpad bug 462749 in vsftpd "vsftpd-2.2.0 (currently in karmic) is affected by pasv_address regression" [Medium,Fix released] https://launchpad.net/bugs/462749
[18:59] <zul> andol: be my guest
[19:01] <uvirtbot`> New bug: #536837 in freeradius (main) "package freeradius 2.1.0 dfsg-0ubuntu4.1 failed to install/upgrade: subprocess post-installation script returned error exit status 3" [Undecided,New] https://launchpad.net/bugs/536837
[19:05] <RoAkSoAx> zul, was my hook ok?
[19:05] <zul> RoAkSoAx: yep
[19:06] <RoAkSoAx> zul, ok I'll attach the diff to the bug report for you to sponsor it :)
[19:08] <zul> RoAkSoAx: sounds good to me
[19:26] <uvirtbot`> New bug: #536853 in freeradius (main) "can't make freeradius 2.1.8 - src/main/modules.c:1358: undefined reference to `lt__PROGRAM__LTX_preloaded_symbols'" [Undecided,New] https://launchpad.net/bugs/536853
[19:36] <mathiaz> kirkland: hi - could you drop the serial consoles on nickel?
[20:04] <kirkland> mathiaz: sure
[20:06] <kirkland> mathiaz: done
[20:11] <mathiaz> kirkland: thanks
[20:12] <mathiaz> cjwatson: hi - does anna-install only knows about udeb that are in main?
[20:12] <mathiaz> cjwatson: I'm trying to anna-install vlan-udeb from the console in the installer (started via mini.iso)
[20:13] <mathiaz> cjwatson: it fails with "unkown udeb vlan-udeb"
[20:13] <RoAkSoAx> zul, Done: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/531978
[20:13] <uvirtbot`> Launchpad bug 531978 in vsftpd "Apport hook for vsftpd" [Low,Confirmed]
[20:13] <zul> RoAkSoAx: thanks ill take a look at it
[20:14] <mathiaz> apw: hi - is it possible to have a kernel-module udeb provide a virtual package?
[20:14] <RoAkSoAx> zul, cool I'll just ping you whenever I have the others ready
[20:14] <mathiaz> apw: for now there is vlan-modules-2.6.32-16-generic-di
[20:15] <mathiaz> apw: it has the kernel version hardcoded in the package name
[20:15] <mathiaz> apw: I'd like to be able to make the vlan-udeb (user space) depends on vlan-modules (kernel modules) without using any kernel version. Is that possible?
[20:22] <SEJeff_work> Has anyone on the serverteam poked at http://fedoraproject.org/wiki/Features/Zarafa ?
[20:24] <bogeyd6> SEJeff_work, that costs more than zimbra :*(
[20:24] <SEJeff_work> bogeyd6, There is a gpl version which Fedora is using
[20:25] <bogeyd6> ah yes, the community version
[20:26] <bogeyd6> sans any outlook support
[20:26] <SEJeff_work> bogeyd6, Seems like something we want
[20:26] <SEJeff_work> Either way, there isn't anything really like it. Seems sane to work on getting it in Debian and in our repos
[20:26] <bogeyd6> they got a lts package too
[20:29] <bogeyd6> i think for the meantime SEJeff_work  ill still to vmwares zimbra
[20:41] <uvirtbot`> New bug: #536894 in openssh (main) "Feature request:  make ssh-agent call ssh-add automatically" [Undecided,New] https://launchpad.net/bugs/536894
[20:45] <aubre> hola, has anyone ever successfully converted a vmware image to xen for use with UEC , and if so what did you use?
[20:50] <GhostFreeman> Anyone here good with Passenger?
[20:50] <GhostFreeman> it's asking me to add some stuff to Apache conf, just not clear on if that should be added to apache2.conf
[20:53] <aubre> I'll take the silence as a no :P
[20:56] <sherr> GhostFreeman: No idea about Passenger, but the apache "conf" is "apache2.conf" - but actual sites are configured and enabled via /etc/apache2/sites-available, and linked in sites-enabled (to start). basically, all standard apache config.
[20:58] <GhostFreeman> Ok, well i'll start in apache2.conf and work recursively into other apache dirs
[21:00] <sherr> Server guide might help : https://help.ubuntu.com/8.04/serverguide/C/httpd.html
[21:06] <bogeyd6> !anyone | GhostFreeman
[21:06] <bogeyd6> ill help you with your apache conf
[21:06] <GhostFreeman> Ok
[21:06] <bogeyd6> but i gotta know what you are trying to do
[21:06] <GhostFreeman> I just installed the passenger gem and I am going through the process of setting it up
[21:07] <bogeyd6> ok
[21:07] <GhostFreeman> its given me some stuff I need to add to the apache configuration. Before I go messing up all the conf files, I want to be sure the file its referring to is apache2.conf
[21:07] <bogeyd6> so you are at the part where you need to add something to /etc/apache2/apache2.conf on 8.0.4 lts?
[21:08] <GhostFreeman> 9.04, and yes
[21:08] <bogeyd6> which version of phusion passenger?
[21:08] <GhostFreeman> 2.2.11
[21:09] <bogeyd6> GhostFreeman, so we are clear is wants you to put a loadmodule passengerroot passengerruby and passengerdefault user in that apache2.conf ?
[21:09] <GhostFreeman> Yes
[21:10] <bogeyd6> ok
[21:10] <bogeyd6> GhostFreeman, nano /etc/apache2/apache2.conf
[21:10] <bogeyd6> arrow all the way down to the very end of the file
[21:10] <GhostFreeman> and just add them at the bottom
[21:10] <bogeyd6> yup
[21:11] <bogeyd6> just like that
[21:11] <bogeyd6> press cntrl + x to save it
[21:11] <bogeyd6> then /etc/init.d/apache2 restart
[21:11] <bogeyd6> well sudo of course
[21:11] <bogeyd6> !noroot
[21:11] <GhostFreeman> Much appreciated bogeyd6
[21:16] <malifal> how do i redirect iptables log to some logfile other than messages?
[21:17] <bogeyd6> malifal, change in /etc/syslog.conf
[21:17] <bogeyd6> unless you use syslog-ng
[21:18] <bogeyd6> malifal, if its not already there use "kern.warning /var/log/iptables.log"
[21:18] <bogeyd6> malifal, then /etc/init.d/sysklogd restart
[21:19] <malifal> i don't have /etc/syslog.conf
[21:20] <malifal> i'm running ubuntu 9.04
[21:20] <malifal> sorry 9.10
[21:21] <malifal> :)
[21:22] <malifal> ok it's rsyslog
[21:25] <malifal> isn't there another way of identifying the iptables messages other than redirecting all kernel warning to another file?
[21:26] <malifal> cause that's what the line is doing right?  right now everything kern.* is going to /var/log/kern.log
[21:28] <bogeyd6> malifal, sorry got pulled away
[21:28] <bogeyd6> malifal, in your iptables file you put --log-level 4 at the end of the rules
[21:28] <malifal> watching the game ? ;)
[21:29] <bogeyd6> malifal, --log-prefix 'text' is also a good thing to do for quick grepping of the log file
[21:29] <malifal> and Man U score again
[21:29] <cjwatson> mathiaz: yes, it only works on main; and vlan-modules-blah Provides: vlan-modules, so you can (indeed should) just depend on vlan-modules
[21:30] <bogeyd6> malifal, i get the sense you are hesitant, please go here https://help.ubuntu.com/community/IptablesHowTo
[21:30] <bogeyd6> also
[21:30] <bogeyd6> !iptables | malifal
[21:30] <malifal> ok thanks bogeyd6 i'll check out the links
[21:31] <mathiaz> cjwatson: great -thanks - so seeding vlan-udeb somewhere should be enough to pull both packages into main
[21:31] <sherr> malifal: you can also try and use the syslogger that Ubuntu uses (rsyslogd) to look for some log "patterns" and put in a different log file. See the man page :
[21:31] <sherr> http://manpages.ubuntu.com/manpages/hardy/man5/rsyslog.conf.5.html
[21:33] <malifal> sherr: ok cheers, i'll consider both alternatives
[21:33] <bogeyd6> i keep forgetting people use rsyslog
[21:35] <mathiaz> cjwatson: hm - I can see that vlan-modules-*-di is already in component_mismatch
[21:35] <mathiaz> cjwatson: does it make sense to add vlan-udeb (vconfig userspace utility) to the installer seed in platform.lucid?
[21:43] <sherr> bogeyd6: I prefer syslog-ng but Ubuntu defaults to rsyslog, and I tend to leave it ... I haven't tried customisation yet.
[21:43] <cjwatson> mathiaz: maybe server-ship - otherwise it would end up on the alternate CD too?
[21:44] <mathiaz> cjwatson: ok
[21:54] <savid> Is there a way using apt-get or aptitude to show what would be changed if I ran "safe-upgrade" or "full-upgrade"?  ie, something like a "dry run"?
[21:58] <sherr> savid: see : man aptitude
[21:58] <savid> sherr, yeah, I'm looking through it but can't find the command
[21:58] <sherr> Search for  "simulate"
[21:58] <savid> Ah, thanks!
[21:59] <sherr> Fingers crossed! :-)
[22:00] <savid> Hmm..
[22:01] <uvirtbot`> New bug: #536930 in kerberos-configs (main) "Password changing fails when "krb5" pam-config is not first" [Undecided,New] https://launchpad.net/bugs/536930
[22:01] <savid> Ok,  so my goal is to be able to update my ubuntu 8.10 production-level server to use python2.6,  but it is not in the package repository for 8.10 (which only goes up to python 2.5).   What is the best way for me to approach this?
[22:02] <savid> I'm scared to do a distribution upgrade (ie, upgrade to 9.10) because of what might break...  I want as little downtime as possible
[22:02] <savid> Every time I do an upgrade on my local ubuntu box something _always_ goes wrong,  so you can understand my fear ;-)
[22:03] <bogeyd6> savid, use a vmware image for 9.10 and test it
[22:03] <bogeyd6> vmware server is free
[22:06] <uvirtbot`> New bug: #536937 in vm-builder (universe) "-o option now broken in version 0.12.2-0ubuntu3" [Undecided,New] https://launchpad.net/bugs/536937
[22:14] <lifeless> are there UEC images for Lucid ?
[22:40] <Airells> have you noticed any problems with vsftpd ( ssL ) like "initializing TLS... " in ubu 9.10  ?
[22:41] <uvirtbot`> New bug: #536958 in openldap (main) "slapd package configuration aborts during Hardy -> Lucid upgrade" [Undecided,New] https://launchpad.net/bugs/536958
[23:07] <apw> mathiaz, i believe that alll of the kernel udeb Provide: their prefix, as an example:
[23:07] <apw> crypto-modules-2.6.33-500-omap-di_2.6.33-500.1tiomap201003101552_armel.udeb:
[23:07] <apw>  Provides: crypto-modules
[23:07] <apw> mathiaz, ^^
[23:10] <mathiaz> apw: great - thanks
[23:10] <mathiaz> apw: I've uploaded a new version of the vlan-udeb that Depends: vlan-modules
[23:23] <FFForever> how do I resync my time?
[23:24] <FFForever> errr how do I set it to gmt -8, the current time is in UTC and it is messing up my script
[23:43] <juancri_> hi folks
[23:43] <hggdh> mathiaz: could you add me to the server team (so that I can get bug mail)?
[23:43] <juancri_> hope you're doin well. I have a question about SSH access on EC2...
[23:45] <juancri_> I'm able to connect trough SSH using the user "ubuntu", but I'm not sure about how to allow other users to log in
[23:45] <juancri_> even when I add a key to them (~/.ssh/authorized_keys)
[23:46] <uvirtbot`> New bug: #536993 in samba (main) "starting billard-gl locks computer" [Undecided,New] https://launchpad.net/bugs/536993
[23:47] <juancri_> Uhm... if I enable this "PasswordAuthentication yes", other users can log in
[23:47] <juancri_> but only using their passwords
[23:47] <juancri_> not the keypair