/srv/irclogs.ubuntu.com/2010/03/17/#ubuntu-server.txt

Mojo-	Perhaps I'll try a different OS.	00:03
Mojo-	Thanks for the help anyway.	00:08
Bookman	I am trying to install a printer on ttyUSB0 with a ppd file using lpadmin, but all I get back is 'No such file or directory' lpadmin -p Star -i usb:/dev/ttyUSB0?baud=9600 -P tsp651.ppd	01:05
=== erichammond1 is now known as erichammond
MTecknology	Which package provides pecl?	03:28
MTecknology	!pecl	03:29
MTecknology	!search pecl	03:30
ubottu	Found:	03:30
Pici	apt-cache search pecl reveals a few candidates.	03:30
MTecknology	Pici: thanks	03:31
MTecknology	When I try to run pecl, it things pecl and php should be in /usr/local/bin/ instead of /usr/bin/	03:39
MTecknology	any ideas why - or how to correct this? purging and reinstalling php5-dev and php-pear didn't do the trick	03:40
MTecknology	oops - logged out and back in - works now :P	03:41
drm	hello can someone assist me with a Ubuntu 9.04 lamp sever issue or point me in the direction i need to go	05:33
lifeless	perhaps, if you describe the issue ;)	05:34
drm	I am new to Linux and I am attempting to set up an Ubuntu 9.04 desktop with LAMP server to access from my other PC for testing php code	05:35
drm	I cannot access the other LINUX pc or login to the website nor FTP access	05:35
drm	it works and then it stops working and I am new to LINUX and have no idea where to even start searching for a correct answer	05:36
drm	when ever I try to go to the Linux website is says " URL is invalid and cannot be loaded"	05:39
drm	but I can access it fine from the LINUX PC	05:39
persia	what URL?	05:40
drm	on my other computer?	05:40
drm	http://ubuntu/dtm	05:41
persia	This works on one machine, and not on the other, right?	05:41
drm	this is what I use ot http://localhost/dtm	05:41
drm	works on the linux (host ) machine but not another from my network	05:41
persia	Try using the same URL in both places.	05:41
persia	I suspect it's a host name issue.	05:42
drm	already did that and same result	05:42
drm	on the Host pc it works fine	05:42
drm	other PC no good	05:42
drm	even tried http/127.0.0.1/dtm and same issue	05:42
faileas	why use the hostname while testing?	05:42
persia	OK. What kind of network do you have? Is there a network administrator? s there a router?	05:42
persia	faileas: Good point!	05:43
drm	http://127.0.0.1/dtm I mean	05:43
faileas	er.. 127.0.0.1 won't work	05:43
drm	wired network	05:43
faileas	you need the ip address of the server there, not localhost	05:43
faileas	drm: run 'ifconfig' on the server and find out its IP. then try 'http://(server ip)/drm	05:45
faileas	' on the client	05:45
drm	it normally works when I first installed it with http://ubuntu/dtm just fine and then stops. I am sure it is a configuration issue I just do not know where to start looking	05:45
faileas	urgh	05:45
faileas	don't use hostnames.	05:45
faileas	use the server's ip address.	05:45
faileas	unless you have a VERY specific setup, its going to cause more headaches ;)	05:45
drm	will try that but what would cause FTP to stop working as well when both work for a while	05:47
faileas	actually, what i don't get is how it works at all	05:48
drm	LOL well it does	05:48
drm	for a while anyways	05:48
drm	then it changes its mind and I am sure it is something I a m doing	05:49
drm	so noone can point me toward any specific configuration file or other area to start looking?	05:55
Psi-Jack	Just out of pure curiosity, does ubuntu's xen stuff allow to install debian domU's?	05:56
Psi-Jack	I notice than Ubuntu 9.10 has newer versions available for xen stuff, but in some specific cases I need debian.	05:57
drm	if I knew I would tell you but I am a newbie myself to LINUX and UBUNTU	05:57
Psi-Jack	yeah, I'm far from it. heh	05:57
drm	The URL is not valid and cannot be loaded.	05:59
larsemil	hmm go skiing fore some hours or go ice fishing for some hours...?	06:15
SandGorgon	hey guys.. I am looking into configuration management for our hosted web servers. We want to freeze a particular configuration (maybe even that website should be coming from a particular tag of svn) and if anything accidentally changes, it should revert back to the good configuration. Anyone have any opinions about Puppet, cfengine, bcfg2 ?	07:06
TeTeT	SandGorgon: if you look for something really simple, take a shot at etckeeper	07:20
Psi-Jack	Interesting. Ubuntu 9.10 Server has the whole Enterprise Cloud installation stuff.	07:47
learningclouds	:-D	07:47
learningclouds	who is a veteran on enterprise cloud?	07:49
learningclouds	anybody??	07:49
learningclouds	how do catch some body to chat in irc channal?	07:51
Psi-Jack	Maybe when people are awake? ;)	07:56
Psi-Jack	I think most everyone here is in the US, like myself. I'm just up extremely early. ;)	07:56
learningclouds	most pepole come from us?	07:56
learningclouds	oh god.you must on sleeping.	07:57
learningclouds	HI Eric. can you saw my msg ?	07:58
learningclouds	maybe irc server is so slow to transaction msg.	08:00
learningclouds	O:-)	08:02
TeTeT	learningclouds: probably just ask a question and someone will pick it up	08:07
TeTeT	ttx: do you know if there are any problems with using multiple TB for Walrus S3? Has anyone ever attempted this?	08:08
ttx	TB?	08:08
TeTeT	ttx: Tera Byte of Storage	08:08
ttx	ah :)	08:08
learningclouds	what is walrus s3?	08:08
ttx	TeTeT: I didn't try personally.	08:09
TeTeT	learningclouds: part of the Ubuntu Enterprise Cloud system, where the image file resides, and a part of persistent storage	08:09
ttx	"walrus" is the eucalyptus equivalent of Amazon S3	08:09
learningclouds	oh. very fresh to me.	08:10
TeTeT	ttx: do you know if the buckets can grow dynamically?	08:10
ttx	TeTeT: I must admit I haven't exercised Walrus so much, so no, I don't know.	08:10
TeTeT	ttx: there's a size limit in the config web UI	08:10
TeTeT	ttx: thanks anyway, will try to figure it out on my own then ...	08:10
learningclouds	who know what is the differences in private cloud and enterprise's cloud?	08:12
Psi-Jack	Oh.	08:12
Psi-Jack	Lovely.	08:12
Psi-Jack	I just installed Ubuntu Server 9.10 Enterprise Cloud, and trying to login with the initial default username/password admin/admin, doesn't work. Says, admin, not found.	08:13
learningclouds	where is a training org on ubuntu cloud in Asia?	08:15
TeTeT	learningclouds: we have a training partner in Taiwan, Geego.	08:17
TeTeT	learningclouds: not sure if there is a strict difference between private and enterprise cloud, IMO you can exchange these terms	08:18
learningclouds	where is Geego?	08:18
TeTeT	Psi-Jack: wait for a few minutes, then try again	08:18
Psi-Jack	Wow, sheash.	08:18
Psi-Jack	Why did it take 5-10 minutes just to be able to login?	08:18
TeTeT	learningclouds: http://webapps.ubuntu.com/partners/training/	08:19
learningclouds	oh .thanks	08:19
TeTeT	Psi-Jack: it was a bug, been fixed. Did you install ubuntu-updates?	08:19
Psi-Jack	Not yet. Freshly installed system.	08:20
Psi-Jack	I did tell it to auto update security releases though.	08:20
TeTeT	Psi-Jack: it's not a security update, so you will have to use apt-get update; apt-get upgrade to get i	08:21
TeTeT	it	08:21
Psi-Jack	Understood.	08:21
Psi-Jack	Hmmm	08:26
Psi-Jack	What DOES this "Cloud" use for virtualization anyway? xen? kvm?	08:26
TeTeT	Psi-Jack: kvm, check the hypervisor setting in /etc/eucalyptus/eucalyptus.conf	08:29
* Psi-Jack shivers.		08:31
Psi-Jack	Okay. Bye bye Eucalyptus.	08:31
learningclouds	to go to Taiwan is not so convenient.i am in Mainland.	08:34
Psi-Jack	Oh wait. It has options for kvm and xen. Cool.	08:34
Psi-Jack	I might be able to live then. ;)	08:35
uvirtbot	New bug: #540121 in openssh (main) "does not terminate at computer shutdown" [Undecided,New] https://launchpad.net/bugs/540121	09:26
bronto2	how to apply updates from cli?	09:39
TeTeT	bronto2: sudo apt-get update; sudo apt-get upgrade	09:39
bronto2	TeTeT, thanks	09:40
bronto2	another one: how do i figure out what ftpd daemon is installed?	09:50
bronto2	ps -e\|grep ftp	09:52
bronto2	?	09:52
bronto2	is sftp-server some sort of default on 'ubuntu server' ?	09:53
bronto2	or can i use pure-ftpd?	09:53
persia	bronto2: openssh-server is the common sftp server.	09:55
bronto2	persia, bingo!	09:56
Psi-Jack	Goodie.	09:57
Psi-Jack	ubuntu system's totally locked up nicely. Won't even reboot sanely. Just after a full brand new installation and apt-get upgrade	09:57
bronto2	this is the first time i have to manage a system via ssh prompt only, will be a brand new experience :P	09:58
Hawkey	hi there... have a question.. is there some way how to set up firewall when i need to allow ssh connection from host like this? abcd*.server.net	10:02
Hawkey	using * mark to represent what ever symbol.. number usually	10:03
soren	Hawkey: There are mechanisms for doing that, but I can't recommend it. Lots of people can make their IP's resolve to whatever they want.	10:06
Hawkey	know that.. but here's the thing.. i need to connect to my server from mobile device.. and i doubt they will gimme static ip :(	10:08
persia	Hawkey: Consider having some bastion that accepts ssh from anywhere with a default shell of /bin/false or some such, and using ProxyCommand to tunnel connections from your mobile through the bastion into your real network.	10:09
soren	Hawkey: That makes it even more pointless.	10:10
soren	Hawkey: It sounds to me like you essentially want to open your server for ssh connections to anyone using the same mobile provider?	10:10
Hawkey	soren yes... at least for host i'm recieving when connect from mobile phone	10:11
Hawkey	and that host is dynamic :/	10:12
soren	So one wouldn't even have to spoof a PTR record, one would just have to happen to have the same mobile provider as you..	10:12
soren	Hawkey: I really think this is a waste of time.	10:12
soren	Hawkey: I think you should spend more time making sure that your password policies are sound, for instance.	10:13
Hawkey	soren i know.. point is.. i have to have that access..	10:13
Hawkey	need it..	10:13
soren	Hawkey: I'm not telling you to close your firewall completely.	10:13
soren	I'm telling you to just leave it open.	10:13
Hawkey	well i use pretty hard password if you mean this	10:13
soren	For most intents and purposes, that is what you will be doing anyway. Limiting access to an ISP or anyone who wants to pretend to be on the same ISP is really not adding any real amount of security.	10:14
persia	actually, it likely reduces security because it creates the false impression that there is a meaningful filter for auditing.	10:15
* soren concurs		10:17
Hawkey	soren i'm aware of that...	10:17
Hawkey	what do you thing about changing default port number to different.. it could help little bit right?	10:18
soren	Hawkey: Then whay are you doing it?	10:18
Hawkey	thinking now...	10:18
Hawkey	or why?	10:19
soren	Yes, I meant "why".	10:19
Hawkey	to allow me to connect to different server :-D..	10:19
Hawkey	which is locked on my static ip :-P	10:19
soren	No, that's not what I meant.	10:19
soren	Why bother with the firewall at all if you know that it's not adding any security=?	10:19
persia	Hawkey: So, you basically have two choices. 1) follow soren's advice and make the server secure, and don't lock down the firewall, and just proceed. 2) Get extra paranoid which involves extra hardware, extra networking, etc. This doesn't make it secure, just harder to access.	10:20
soren	Hawkey: Moving it to a different port will likely help against the odd script kiddie. Anyone with half a clue will perhaps be delayed all of 30 seconds by a stunt like that.	10:20
Hawkey	well because dont want to have all open.. want to restcirt it as much as possible	10:20
persia	(where 2) is some variation on the bastion I mentioned above, perhaps requiring knocking, etc., but for most cases a waste of time and money)	10:20
a_ok	I want to proxy ftp from browser through an ubuntu server. what do I need for that?	10:21
soren	Hawkey: Ok, here's an analogy:	10:21
soren	Hawkey: Imagine there was a way to limit access to your server only from the northern hemisphere.	10:21
persia	a_ok: squid can also do that. There may be other choices.	10:21
Hawkey	soren hmmm	10:22
soren	Hawkey: Doing so would still leave it open for half the planet.	10:22
soren	Hawkey: ...plus anyone who has access to another system on the northern hemisphere.	10:22
persia	plus anyone who can spoof being in the northern hemisphere	10:23
soren	Hawkey: Which probably protects you from perhaps 30-40% of the planet... which is completely pointless.	10:23
a_ok	persia: I tried ftp-proxy but I think that is a reverse proxy will check out squid. lighter is better in this case	10:23
Hawkey	well noone expect me has access to my server.. so i'm confused or dont understand whats your point	10:24
soren	persia: Right. I was assuming that hemisphere detector was infallible :)	10:24
persia	soren: Ah, right.	10:24
soren	Hawkey: The point is that such a security measure could so trivially be bypassed that spending time adding it is pointless, and what's worse is that it will create a false sense of security.	10:24
persia	Hawkey: Basically, since you don't know your IP, a firewall rule is pointless. The options are 1) leave it open (same level of security as a bad filter), or 2) do something expensive and complicated.	10:25
Hawkey	well forgot time and money.. not a value atm..	10:25
Hawkey	persia in the 2nd case ... could be more specific?	10:25
soren	What the 2nd case is specifically is not the main point.	10:26
soren	The main point is that you are wasting your time with this firewall.	10:26
soren	Regardless of what you do instead.	10:26
Hawkey	soren i just want to add to fw rule to allow connection from ip like this aaa.*.bbb.ccc .. that was my original question... and got it.. its not possible right?	10:26
Hawkey	need to have exact full name	10:27
* soren gives up		10:27
Hawkey	no substitutions	10:27
persia	Hawkey: Set up some server outside the firewall. Have it listen only on ssh (optionally only listen after knocks). Set up the firewall to only accept ssh from that sever. Set up a nameserver to have an internal domain. Set up the external server to know about that domain. Set up your client ssh_config to proxy stuff for that domain through the external host.	10:27
persia	This makes it harder. It is still not secure.	10:27
soren	Hawkey: It's the same as not locking your door, but putting a sign on your front door saying: "The door is locked".	10:28
Hawkey	hmm..	10:29
persia	The complicated solution is more like locking your door with a non-unique key.	10:29
soren	Or locking your door, but leaving a great big window open right next to the door.	10:29
Daviey	Hawkey: you can do ufw/iptables via subnets.. which would probably do what you are trying to do	10:30
persia	Is it? I've always liked bastions, because one needs to know the internal name as well as the other auth credentials.	10:30
Daviey	so only people on your ISP can connect.	10:30
persia	Daviey: That's pointless though.	10:30
Daviey	persia: I disagree it's pointless, but it does address what the chap wants to do... Doesn't it?	10:31
persia	It does. I just agree with soren that it's pointless, because anyone can apparently be from an ISP with minimal effort.	10:31
Daviey	considering most of my hacking attempts come from china and russia, limiting to a single ISP certainly decreaces the brute force potential massively.	10:31
Daviey	hmm	10:31
Daviey	PTR record is easy to spoof, agreed. UDP packets are easy, agreed. However, TCP - forging the from is somewhat less easy :)	10:32
persia	Daviey: Saying "only this ISP can get in" isn't secure. Saying "everything but this ISP is sending pointless brute-force hack attempts that annoy me" is perhaps an excuse for a filter, but it's just relieving an annoyance, rather than being more secure, as such.	10:32
soren	Daviey: No. It's as easy as signing up with that particular ISP.	10:33
persia	soren: If you ever have time, I'd like a critique of the bastion approach, just from personal interest. No rush of any kind: months later would also be appreciated.	10:33
soren	Daviey: Something which thousands have already done.	10:33
Daviey	Oh, i entirely agree it's not as secure as some options - but does add a level of security. Coupled with something else, it should be pretty good.	10:33
persia	Or asking someone with a botnet to give you access to a machine using that ISP.	10:34
Daviey	fail2ban / denyhosts etc	10:34
soren	I think assuming that people using the same ISP as you are less malicious than anyone else is a mistake.	10:34
persia	Daviey: These are tools to keep the logs cleaner. They don't actually help that much against anyone actually wanting in.	10:35
Hawkey	persia well.. that could be prevented when that isp is using dnssec, or am i totally out of dish?:P	10:35
Daviey	Well yes, but IME the majority of attempted hacks aren't targeted - just drive by pokes. Therefore limiting to subnet, coupled with something else - is a pretty good solution IMO	10:35
persia	Hawkey: That only means it's really a machine from that ISP. Could be a malicious customer. Could be part of a botnet.	10:35
persia	Daviey: I agree it doesn't hurt: I just don't believe it's actually more secure.	10:36
Daviey	:)	10:37
soren	I just don't want someone come in here, ask for this sort of advice, and just tell them that "yeah, put this or that in hosts.allow", have a week pass, have him be succesfully hacked, and have him go "oh, why didn't those fuckers in #ubuntu-server say that this was a problem?".	10:37
persia	!ohmy	10:37
ubottu	Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.	10:38
persia	But, yeah.	10:38
echosystm	hey super cool dudes!	10:38
echosystm	so, i have a question	10:38
Daviey	soren: Agreed.. i'm saying limiting to subnet COUPLED with something else, is better than just having something else. And he did ask for that :)	10:38
echosystm	lets say someone was to forgo redhat/centos and try to install oracle on ubunt server	10:38
echosystm	would the experience be somewhat akin to putting ones genitals in a grinder?	10:39
Daviey	O_o	10:39
echosystm	or do canonical take serious business serious	10:39
persia	!ohmy \| echosystem	10:39
ubottu	echosystem: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.	10:39
Daviey	echosystm: Well for the last part, you might be better to direct the question towards Canonical.	10:39
persia	Oracle has this to say about running Oracle on Ubuntu: http://www.oracle.com/technology/tech/linux/install/xe-on-kubuntu.html	10:40
persia	I suspect there are other guides for other products.	10:40
soren	persia: I think the #python channel gets it right. The regulars there refuse to answer people's questions if they seem to be on the wrong track.	10:40
Hawkey	soren i'm aware of risk you're talking about... but i have no other option... need to connect from mobile device.. what ever risk it takes...	10:40
soren	Hawkey: You are either not understanding at all or not paying attention.	10:40
soren	Hawkey: I'm telling you to LEAVE THE FIREWALL OPEN!	10:41
persia	soren: Aha. I see. Thanks.	10:41
soren	Or not set one up at all.	10:41
soren	It's /pointless/.	10:41
soren	Hawkey: I'm /not/ tellling you to close it up, and not let anyone in.	10:41
=== Airells is now known as airells
echosystm	persia bro, installing oracle xe is hardly comparable to 10g	10:41
Hawkey	but you say that it's like i have leave opened.... what's the difference?	10:42
soren	Hawkey: None!	10:42
persia	echosystm: My assertion is only that Oracle seems to have guides, not that the products are similar.	10:42
soren	Hawkey: That's the point!	10:42
echosystm	im more interested in what canoncals commercial alliances are like	10:42
soren	Hawkey: If there's no difference, don't waste your time.	10:42
persia	echosystm: For that, as Daviey said, you'd do better to contact Canonical.	10:42
echosystm	i figured someone here would have experience?	10:44
soren	Hawkey: It's very, very simple. Adding the firewall will not increase security. So don't waste time setting one up. It will make no difference, so why do it?	10:44
echosystm	vendosr will tell you all kinds of crap	10:44
Hawkey	soren well that's what i DO NOT want to.. i want to restrict it as much as possible.. not whole open... that's what i ask if there is an option to add that fckin rule...	10:45
soren	Well, I'm not going to help you.	10:45
soren	Simple as that.	10:45
Hawkey	soren lol... not increase security? what a bullshit?	10:45
soren	I've tried to explain why.	10:45
Hawkey	point was to minimalize the risk	10:45
soren	Whatever. My life is way too short for this.	10:47
* soren wanders off		10:47
Hawkey	heh	10:47
soren	persia: I also have a bastion host. It's also convenient that you don't need public IP's for everything.	10:50
persia	That too :)	10:51
Daviey	soren: If we bring home + ipv6 into the mix. I have the firewall rule of allowing my /64 to connect, but the rest of the internet blocked. Therefore my security is the same, someone could get on my LAN (wifi perhaps), and connect to the servers - but the audience of people that can attack is reduced massively.	11:05
Daviey	Same as a spamd server i run, that is firewalled off to only allow my ipv4 subnet to connect.. that is less for security, more abuse tho.	11:05
EhrN	hi all. We search a panel control for dedicate server. we have test webmin/virtualmin. Some admin here have a favorite panel ?	11:06
Daviey	EhrN: Generally all panels are sub-optimal, and we recommend against them.. what operations do you want to perform with the panel?	11:07
EhrN	My boss create and host somes websites (Magento's commerce, CMS(drupal,Joomla),ERP) + mails + ftp account for each customers	11:10
EhrN	the dedicated server is host by OVH	11:10
sherr	EhrN: are you relying on the panel to set everything up correctly and securely?	11:11
sherr	Or do you have an experienced sysadmin/person who knows how to configure servers?	11:11
=== jussi01 is now known as o1
sherr	Because a "panel" is a bad idea probably - best to have someone who knows how to configure a server set things up. Security is a big concern!	11:12
EhrN	sherr, server security is ok. the panel is just for administrate a new customer's website/mail/ftp account/dns	11:13
sherr	OK - I don't use them and do not trust them. Be careful. Maybe this is what you are after :	11:15
sherr	http://www.ispconfig.org/	11:15
sherr	Or something like that. I have no experience of it though.	11:15
=== o1 is now known as jussi01
EhrN	yes i know ispconig	11:17
EhrN	ehcp look like very nice too	11:17
soren	Daviey: That's not the same at all.	11:18
Daviey	soren: Actually, it is - you are reducing the audience that can launch an attack.	11:19
soren	Daviey: Yes. But you're doing it beyong the point at which the quantitaive difference that makes has become qualitative.	11:20
soren	s/beyong/beyond/ obviously.	11:20
soren	And s/quantitaive/quantitative/	11:20
soren	Several reasons:	11:23
soren	I don't suppose you sell access to your home network to random strangers?	11:24
soren	ISP's tend to do that. You know... To stay in business and all that.	11:24
Daviey	soren: The IPv4 address space allows ~4,294,967,296 addresses, if you restrict it to just a /8 that makes the audience that can attack down to less than 16,777,216.. this is a pretty significant drop. As i said, i'm not saying this should be the ONLY defence, but it certainly adds to the security by multiple levels.	11:24
soren	I hear you.	11:25
soren	And disagree.	11:25
Daviey	soren: I do sell access to my ipv4 allocation, and have services firewalled off to only that allocation :)	11:25
soren	Being on the same subnet as yourself (a subnet you don't control) does not make anyone more or less trustworthy.	11:25
Daviey	i didn't claim it did	11:26
soren	Then it's pointless.	11:26
* persia one had a job as a network admin where it was required to spoof addresses in order to log into management servers. Didn't stop anyone from doing it daily.		11:26
soren	All you're doing is reducing noise in your logs.	11:26
persia	s/one/once/	11:26
soren	persia: Heh :)	11:26
persia	soren: There is value in reducing that noise, as it makes it easier for folks to track goings on.	11:26
FireCrotch	persia: grep -v does that just as well	11:27
=== EhrN is now known as Ehrn_Eat
persia	FireCrotch: I don't claim otherwise.	11:27
soren	persia: Fair. I just don't think a firewall is the right tool for that job. And neither do you :)	11:28
Daviey	soren: the inverse of what i am saying is advertising a teenagers house party on facebook, and someone standing at the door asking people for tickets to get in.... Not advertising the party on facebook, would have reduced the people that turn up at the door and trying to force themselves in.	11:28
Daviey	But you still have someone checking tickets, (ie denyhosts/fail2ban) for those that know about it, but you still don't want them to force themselves in.	11:29
FireCrotch	Why would anyone in their right mind have ssh listening on a public interface to begin with?	11:30
soren	FireCrotch: To get in?	11:30
FireCrotch	Allow ssh only from the internal network, and use a VPN	11:31
soren	FireCrotch: Why would anyone in their right mind have VPN listening on a public interface to begin with?	11:31
Daviey	FireCrotch: so you have the VPN daemon listening on a public interface?	11:31
soren	(See what I just did there?)	11:31
persia	FireCrotch: That just moves the issue. from ssh auth to vpn auth.	11:31
Daviey	bah	11:31
FireCrotch	A VPN is a wayyyyy more secure way to do it	11:32
soren	Hahahahhah	11:33
soren	FireCrotch: Why is that?	11:33
* Daviey avoids this discussion. :)		11:33
persia	heh	11:33
soren	I can write a /really/ bad VPN server and a /really/ bad ssh server. Just as easily.	11:33
persia	I once had a client that implemented VPN via ssh.	11:34
soren	One could easily argue that the previously discussed bastion host is a poor man's VPN.	11:34
Daviey	persia: vpn over ssh via tap \o/	11:34
persia	Daviey: That's a lovely model!	11:35
FireCrotch	:( it's way too late at night for me to be pondering this topic	11:35
Daviey	I have been tempted to run a vpn tunnel, over ssh, which is over socks proxy, made via sshing over dns.	11:35
persia	soren: Depends on the VPN implementation. I've seen lots of places that have nice open access through the firewall to a concentrator on the internal network.	11:36
FireCrotch	or rather, way too early in the morning, now	11:36
FireCrotch	I should sleep haha	11:36
persia	Daviey: might suffer a little latency that way.	11:36
soren	persia: Sorry, what depends on the VPN implementation?	11:36
persia	soren: Whether a bastion host can be considered a poor man's VPN.	11:36
Daviey	persia: So i guess adding network conencting via packet radio wouldn't help? :)	11:37
persia	My preferred VPN implementaiton is always to bastion the concentrator, but I've seen it done other ways.	11:37
persia	Daviey: Just remember to have your radio base station uplink via satellite, and you'll never notice.	11:37
FireCrotch	what was this argument even about to begin with?	11:38
Daviey	:)	11:39
persia	FireCrotch: different viewpoints on convenient ways to pretend to be secure	11:39
Daviey	FireCrotch: soren is having a house party at his house, and he wants everyone to turn up :)	11:39
Daviey	(not true)	11:40
soren	persia: I think calling something a "poor mans something" leaves a lot of wiggle room for interpretation.	11:40
persia	soren: I guess. I just consider bastion vs. non-bastion completely separate from different classes of device usable to reroute packets inside some infrastructure. Maybe I've seen too many annoying networks.	11:41
soren	persia: You're being very specific.	11:43
soren	persia: Assuming VPN is a mechanism that allows access to internal infrastructure to authenticated users..	11:43
persia	soren: OK. In that sense, just unfirewalled ssh is also VPN.	11:44
soren	persia: ..a bastion host is an implemention of VPN. Both have many other characteristics, but with that limited definition (which for many intents and purposes is suitable, I think), it holds.	11:44
persia	I tend to think of "VPN" as some way to have an encrypted tunnel between two networks, over some other network (where one of those networks may be a /32)	11:45
soren	/32?	11:45
soren	Really?	11:45
soren	You do VPN to localhost?	11:45
persia	It's not an uncommon profile for e.g. roaming sales force needing access to intranet, etc.	11:46
persia	Tends to be limited to some DMZ.	11:46
soren	What would be the point of a loopback VPN connection?	11:46
soren	I mean..	11:46
persia	/32 isn't necessarily loopback.	11:47
soren	a VPN connection from my laptop to my laptop is not going to get me anywhere?	11:47
soren	/32 only has one host in it.	11:47
persia	No, but a vpn from 10.0.0.1/32 to 172.19.24..192/29 is useful.	11:47
persia	And for some applications, 192.168.73.43/32 to 10.101.57.34/32 might be useful.	11:48
* soren stares		11:48
soren	In that example, what is 10.0.0.1 ?	11:48
persia	My laptop	11:48
persia	Bad IP, actually.	11:48
soren	Ok. Oh, sure, that makees sense.	11:48
soren	I just got confused by the "one of those networks may be a /32" bit. One of the networks in the context was the foreign network.	11:49
persia	But that there is a tunnel is completely separable from how the concentrator is implemented.	11:49
persia	Foreign /32 was my second example.	11:50
soren	Agreed.	11:50
soren	No, no.	11:50
persia	My laptop to one single server in a trusted infrastructure.	11:50
soren	Foreign as in the network that you're crossing.	11:50
soren	(the intenret)	11:50
soren	internet.	11:50
soren	Man, typing is difficult today.	11:50
persia	Oh, the tunnel media. Yeah, that has to be larger than /32 :)	11:51
soren	Usually, yes.	11:51
persia	(assumping IPv4 : /32 is a fine tunnel media for IPv6)	11:51
soren	Sorry, didn't mean to be difficult. It was the first think I thought of and just got very confused.	11:51
soren	:)	11:51
soren	"thing"!	11:51
* soren decides to write some code instead		11:52
zul	morning	12:06
soren	Daviey: Do you have a trick for detecting the tun device on the server when you're creating tunnel using ssh?	12:16
soren	Daviey: ...or do specify a specific one to make configuration easier?	12:17
pmatulis	"specify a specific" ? ;)	12:19
soren	Err..	12:19
soren	Yes :)	12:19
MatBoy	mhh ubuntu cannot write the hosts.hfaxd file for hylafax	12:31
zul	ttx: we are suppose to be doing iso testing today right?	12:39
ttx	zul: yes	12:39
Daviey	soren: do you mean ssh+tun vpn?	12:58
Daviey	for your routing?	13:00
smoser	ttx, ping, meeting ?	13:03
ttx	smoser: meeting is at 1400 UTC, which is in one hour.	13:04
smoser	stupid time change	13:04
ttx	smoser: :P	13:04
ttx	smoser: the US should just use the same dates as the others :P	13:05
smoser	i wish i could come up with some snarky remark about why these dates are inherently better	13:05
* smoser grew up in Indianapolis, the last hold out for "lets just not decide to change the time"		13:06
andol	ttx: See you just added bug #356256 as a papercut. Plan on looking into the issue specifically in regards to slapd, or on a more general notes regarding database daemons?	13:09
uvirtbot	Launchpad bug 356256 in openldap "dist-upgrade stops slapd" [Wishlist,Triaged] https://launchpad.net/bugs/356256	13:09
ttx	andol: there was a duplicate bug that just said "this is a papercut", I unified them	13:09
ttx	andol: doesn't mean we should accept it	13:10
andol	ttx: Ahh	13:10
ttx	andol: we'll review it in one hour in the meeting -- but that doesn't seem to meet the "obvious way to fix" criteria	13:10
andol	ttx: my impression as well, even if it surely would be a nice thing to do something about	13:11
ttx	smoser: the current beta1 UEC images candidates have a ramdisk: is it a bug or a feature ?	13:14
smoser	featur	13:14
smoser	e	13:14
smoser	work around	13:14
ttx	I missed the memo, I guess	13:14
ttx	which bug ? the cloud-init / upstart thing ?	13:14
smoser	i commented in the bug... its a work around for bug 531494	13:14
uvirtbot	Launchpad bug 531494 in upstart "cloud-init job not running in eucalyptus without ramdisk" [Critical,Incomplete] https://launchpad.net/bugs/531494	13:14
* ttx looks		13:15
smoser	ttx, i think its better than a release note "uec images boot only if you're lucky"	13:15
ttx	smoser: certainly :)	13:15
smoser	the other option was to put cloud-init back later	13:15
smoser	to run later.	13:16
ttx	smoser: Note that I was ok with the no-ramdisk concept if it wasn't introducing new bugs -- I'm not opposed to drop it if that means a more stable system.	13:16
ttx	smoser: We'll have to do a final choice by beta2	13:17
smoser	ttx, agree	13:17
smoser	the scary thing to me, though, is that i don't understand why ramdisk would fix this per se	13:17
smoser	and neither does Keybuk	13:17
smoser	so i'm not convinced its not just a bandaid that reduces likelyhood of race	13:18
ttx	smoser: I suspect it introduces a timing change which means you win the race (almost) all the time	13:18
smoser	:-(	13:18
smoser	right	13:18
ttx	smoser: I tested the UEC images alright	13:18
smoser	and you were typically unlucky ?	13:18
ttx	no, lucky	13:19
smoser	before	13:19
zul	hah	13:19
smoser	you used to be unlucky until you found the ramdisk, right ?	13:19
ttx	smoser: I was unlucky when trying to start multiple instances	13:19
smoser	ok.	13:19
smoser	dustin was unlucky 90% of the time at least	13:19
ttx	I no longer am unlucky.	13:19
nucc1	hi, can anyone help? http://pastie.org/873729	13:25
jalons	nucc1: the host has sender verification disabled - ensure your DNS names are valid, i.e. the ultimate recepient of your email can resolve app.domain.com	13:29
jalons	er, sorry, sender verification enabled	13:29
jalons	alternately, white list/add to a no sender call back list on the mail daemon accepting mail for domain.com	13:29
nucc1	jalons, i can only edit the dns settings for domain.com, since it is a shared host.	13:30
jalons	then make sure the mail host can resolve app.domain.com, and welcome to sender verification hell	13:31
nucc1	jalons, or what should i do to make app.domain.com reply to sender verification requests?	13:32
nucc1	jalons, by mail host, you mean the mail server for domain.com? this means i should add an MX entry that points to app.domain.com ?	13:32
jalons	nucc1: postfix by default should respond, unless you went a little tweak happy in main.cf	13:32
nucc1	jalons, i configured it with dpkg-reconfigure	13:33
ameba23	I have just installed ubuntu server on system with two raid harddrives and one nomal scsi. i chose to install the system on the non-raid drive, but i am getting grub error 21. is it worth switching to lilo?	13:33
jalons	nucc1: is the mail from the postfix server being presented to the mail server for domain.com as app.domain.com? If the from address is not being rewritten to be from @domain.com and is coming from @app.domain.com then yes, you'll need an MX record on app.domain.com	13:34
jalons	you shouldn't, since it should make a call back as long as an A record points back to app.domain.com	13:34
jalons	but, it can't hurt	13:34
ttx	smoser: we don't have specific tests for ebs root, so you should probably test them in parallel with their instance store equivalent ?	13:35
smoser	ttx, yes, i'll just run them through the same set of tests	13:36
smoser	except that i will shut them down, and start back up	13:36
smoser	and verify they came back up	13:36
ttx	smoser: make sure we get specific AMI entries i the ISO tracker for beta2	13:36
smoser	i hate amis	13:36
smoser	anyway	13:36
ttx	smoser: what do you propose ?	13:37
smoser	nothing else. i just hate that this doubled the testing.	13:37
ttx	smoser: I'm not sure how we can consolidate tests efficiently	13:37
smoser	and have no suggestions or good arguments that it should not have	13:37
smoser	i agree completely.	13:37
smoser	it just sucks.	13:37
ttx	smoser: i'm pretty sure you will automate all that :)	13:37
smoser	sorry, sometimes i just like to complain for the sake of it.	13:37
ttx	smoser: we /could/ get rid of the i386 images	13:38
ttx	smoser: i'm not convinced they are useful	13:38
ttx	In the same vein, testing UEC/i386 just doesn't make any sense.	13:39
smoser	yeah. i'll agree on uec.	13:39
smoser	i test/use i386 all the time on ec2	13:39
ttx	smoser: so both arch have their usefulness ?	13:40
smoser	its 1/4 the price of the cheapest x86_64	13:40
ttx	ah	13:40
ttx	price :)	13:40
smoser	you rich people	13:40
smoser	:)	13:40
smoser	let them eat cake and all that	13:40
emilioeduardob	hi! im trying to add a user in a server. with useradd -s /bin/false prueba3 but it fails saying Can't create `/etc/passwd': not space left on device. I did df -h and i see i have plenty of space. any ideas why?	13:42
sherr	emilioeduardob: /etc/passwd? very worrying .... :-(	13:47
ameba23	I have just installed ubuntu server on system with two raid harddrives and one nomal scsi. i chose to install the system on the non-raid drive, but i am getting grub error 21. i there a way i can install lilo, or boot from a floppy?	13:47
emilioeduardob	sherr, yeah.. is too wierd...	13:48
sherr	Maybe running out of inodes? Try : df -i	13:48
emilioeduardob	sherr, yup.. 100% used inodes :S	13:49
emilioeduardob	sherr, tks! at least i know now wht im against :P	13:51
ameba23	I have just installed ubuntu server on system with two raid harddrives and one nomal scsi. i chose to install the system on the non-raid drive, but i am getting grub error 21. i there a way i can install lilo, or boot from a floppy?	14:01
creatorbri	Hello. Question: I have am on Ubuntu connected to a Windows network. I need to access a Windows machine by its hostname for both Filesharing and http access (i.e. intranet, svn). But my Ubuntu pc can't see the hostname at all.	14:02
creatorbri	I have samba and smb-client installed	14:03
creatorbri	er, smbclient	14:03
creatorbri	More Details: I am running Ubuntu on a VM with a Bridged connection. My host machine (a Windows 7 pc) can access the windows server just fine.	14:04
smoser	mathiaz, you have UEC rig in appropriate testing setup ?	14:06
mathiaz	smoser: I think so	14:06
mathiaz	smoser: but it may be wiped out to test the beta1 isos	14:07
ameba23	is it common for raid controllers to interfere with grub?	14:07
soren	Daviey: Yes.	14:11
soren	ttx: I still expect to upload a fix for https://bugs.launchpad.net/bugs/460398 before beta 1.	14:11
uvirtbot	Launchpad bug 460398 in server-papercuts "/etc/timezone is not set correctly" [Medium,In progress]	14:11
soren	ttx: I've just been procrastinating to see if I could fix more stuff before then.	14:11
creatorbri	Question: How can I access a Windows server by Hostname from within an Ubuntu VM? Details: I am running an Ubuntu VM on my Windows 7 laptop, which is connected to a Windows network. The Ubuntu VM is using a Bridged connection and can access the Internet fine. My laptop can access "\\server\" and "http://server/" just fine. I have samba and smbclient installed. But for some reason I can't access the windows server from my Ubuntu VM.	14:14
sherr	creatorbri: not really a #ubuntu-server relevant topic	14:16
ttx	soren: ok	14:16
sherr	Might be better asking on the forums or #ubuntu	14:16
sherr	ameba23: Disk order and layout can affect grub, yes. Whan you say "scsi" do you mean you have a real SCSI disk? Or do you mean SATA?	14:20
=== airells is now known as Airells
ameba23	er its SATA	14:31
uvirtbot	New bug: #540279 in apache2 (main) "package apache2.2-common 2.2.11-2ubuntu2.6 failed to install/upgrade: il sottoprocesso post-installation script ha restituito un codice di errore 1" [Undecided,New] https://launchpad.net/bugs/540279	14:32
ameba23	sherr, Ive read some responses on forums to people having grub error 21 and a lot of people seem to say lilo works better but im not sure how to change it	14:33
arch0njw	good morning all. I know it is not standard practice to install a DE on ubuntu server, but I have reason to need something relatively lightweight. A minimal install of gnome would be sufficient.	14:39
arch0njw	Any recommendations, please?	14:39
arch0njw	pm me if that is more appropriate. I don't mean this to be a poll.	14:39
faileas	arch0njw: openbox is pretty minimal	14:40
faileas	or plain old x	14:40
andol	arch0njw: In case you want a more minimal gnome you can always do an "apt-get install ubuntu-desktop --no-install-recommends"	14:40
arch0njw	andol: oh? Now there's something very new to me. Interesting.	14:41
arch0njw	faileas: Thank you. I am familiar with good ol' OB. However, I think the other person maintaining this server might find it a bit of a shock. I'd install FB if I had my way...	14:41
andol	arch0njw: As of 8.10 apt was set to also install Recommended packages by default, allowing alot of not-absolute-neccesary dependencies be moved from Dependency to Recommends.	14:42
faileas	arch0njw: or xfce, which is reasonably gnomelike	14:46
arch0njw	faileas: Pondered that too. I tried a straight xfce install once and embarassingly muddled my way through installing sufficient packages to make it usable	14:47
faileas	well, there's xubuntu desktop ;)	14:48
arch0njw	faileas: presumably I could use the --no-install-recommends there as well to get the least-most needed.	14:48
faileas	arch0njw: probably. try it on a VM first? ;p	14:57
arch0njw	faileas: indeed :D	14:58
arch0njw	faileas: andol: thank you for the advice :) I'll be applying this wisdom soon ;)	15:21
MatBoy	on ubuntu no application sees the faxes of hylafax in the queue	15:28
warmexxus	I came in here the last couple days talking about SSH and losing connection while headless... The problem has been resolved with using the boot option "nomodeset". It's a bug that affects old dell dimensions with intel video chips. Sleep mode on the monitor locks the computer up. Nomodeset works to resolve.... just a FYI to anyone who can use it... :)	15:35
Notscape	Hi, does anybody here have experience in 6.06 (server) to 8.04 (server) direct upgrade ?	15:37
Notscape	my 6.06 is a minimal LAMP instalation plus postfix, courier, squirrel, clamav, spamassassin, amavisd-new	15:37
Notscape	only was wondering if someone here had troubles or the procedure is straightforward	15:38
=== Ehrn_Eat is now known as EhrN
_ruben	Notscape: it should be straightforward	15:41
Notscape	_ruben: :p	15:41
_ruben	its a supported upgrade path .. then again, there's no guarantees for any upgrade scenario afaik	15:42
Notscape	my experience in 6.06 (desktop) to 8.04 (desktop) was very bad	15:44
Notscape	it didnt work	15:44
Notscape	lots of unresolvable libraries conflicts	15:45
Notscape	it is true that i have less chance in server as it has less number of extra packages	15:46
Notscape	less chance of failure i mean	15:47
resno	I am having a hard time getting wsgi setup, I keep getting the error that wsgidaemonprocess is mispelled or module not included.	15:50
sbeattie	Notscape: make sure to use do-release-upgrade rather than editing sources and doing apt-get dist-upgrade.	15:50
Notscape	sbeattie: yes I will go that way . . . but just looking for someone with previous experience	15:52
sbeattie	Notscape: hrm, missing libraries... maybe make sure you have universe enabled before upgrading?	15:55
sbeattie	(dapper didn't enable universe by default)	15:55
ttx	smoser: how is EC2 image testing doing so far ?	16:10
smoser	i've not started... been poking at my scripts to ebs-rootify them. i will be starting soon.	16:11
ttx	ok	16:11
ttx	smoser: we need to run "some test" soon enough to catch the kittenkiller.	16:11
smoser	yeah.	16:11
smoser	will have "some test" in next 30 minutes, promise.	16:11
ttx	zul: you cover the upgrade testing ?	16:12
resno	I am having a hard time getting wsgi setup, I keep getting the error that wsgidaemonprocess is mispelled or module not included.	16:12
zul	ttx: yep when I get to it	16:12
Notscape	see you, thanks	16:13
=== RoAk is now known as RoAkSoAx
kees	kirkland: can you point me to docs on setting up the shared screen session on ec2?	17:09
SquidNoob	hi	17:09
mathiaz	hggdh: hi!	17:26
mathiaz	hggdh: are you planning to do some uec testing today?	17:26
SquidNoob	I'm trying to set up a transparent proxy with squid, I have the latest version of iptables, which comes with the extension tproxy but I can not make it work.	17:41
SquidNoob	I'm using this rule:	17:41
SquidNoob	iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129	17:41
SquidNoob	But I've seen on some forums that instead of using "iptables-t mangle" use "iptables-t tproxy" but this does not work with the current version of IPTables, Ineed to patch iptables again with TProxy patch or this is only for older versions?	17:41
hggdh	mathiaz: yes, when can we start?	17:43
mathiaz	hggdh: whenever you want	17:43
hggdh	now?	17:43
hggdh	or is it time for lunch?	17:43
hggdh	mathiaz: ^	17:43
mathiaz	hggdh: now is a good time for me	17:44
hggdh	mathiaz: OK. What is it I am expected to do?	17:44
mathiaz	hggdh: the test cases are outlined on the wiki at http://testcases.qa.ubuntu.com/Install/ServerEConfig	17:45
hggdh	mathiaz: er. replacing karmic by lucid, correct?	17:46
mathiaz	hggdh: I've also updated the uec-testing-preseed branch with a README.testing to outline how to do the testing	17:46
mathiaz	hggdh: not really.	17:46
mathiaz	hggdh: the focus of the test cases are to test UEC itself, rather the images	17:47
mathiaz	hggdh: there are other testcases covering the images themselves (for EC2 and UEC)	17:47
hggdh	mathiaz: which machine should I use?	17:47
mathiaz	hggdh: IIRC you installed a topology yesterday	17:48
mathiaz	hggdh: the test cases should be run from the Cloud Controller	17:48
mathiaz	hggdh: (which is cempedak for most of the topologies)	17:49
hggdh	ok, logging in to nickel	17:51
mathiaz	hggdh: to reach cempedak, you need to go through tamarind	17:52
mathiaz	hggdh: nickel is only used for PDU	17:52
hggdh	k	17:53
mathiaz	hggdh: and control the power	17:53
hggdh	mathiaz: it does not seem I can reach cempedak from tamarind	17:55
hggdh	my ssh request seems to hang	17:56
mathiaz	hggdh: have you setup you ssh_config file as outlined in the README file in the uec-testing-preseed bzr branch?	17:56
Zider	I have a problem with cryptdisk sometimes only creates /dev/mapper/name and sometimes both that and /dev/mapper/name_unformatted.. is there a known problem with this?	17:56
mathiaz	hggdh: I can login in cempedak	17:56
mathiaz	hggdh: if you setup a local .ssh/config file you'll be able to directly ssh into cempedak from your workstation	17:57
Zider	also, how come the startup process tries to mount the maps before cryptdisk is finished creating them? :P	17:57
DrNick_	hi. is anyone here well versed in samba & Active Directory authentication using likewise-open?	17:59
hggdh	mathiaz: getting it in place	17:59
=== astechgeek is now known as Guest28893
=== Guest28893 is now known as techgeek
hggdh	mathiaz: and I am expected to login as ubuntu to cemdepak?	18:05
mathiaz	hggdh: yes	18:06
kirkland	kees: see screenbin(1)	18:43
KingMuty	coz linux channel is so CLI-ish	18:54
KingMuty	dudes	18:56
KingMuty	my network aint working	18:56
bogeyd6	oh noes KingMuty	18:56
KingMuty	so	18:56
KingMuty	anyone wanna help?	18:57
KingMuty	why do haxors sleep with each other?	18:58
KingMuty	cause they are fags that is why	18:58
bogeyd6	that was weird	19:00
jiboumans	guess he showed us...	19:02
bogeyd6	jiboumans, what was he even trying to say	19:03
jiboumans	'i am 13, hear me roar' ?	19:03
bogeyd6	perhaps	19:03
bogeyd6	sho is quiet up in this piece	19:30
_ruben	sshhh	19:33
bogeyd6	go trolling, trolling on the channel	19:33
bogeyd6	lets go trolling, lets go trolling on the channel of ubuntu	19:34
usuario_	i need help using a switch to set up a dhcp server to share internet with 6 computers any thoughts	20:01
DrNick_	usuario_: yeah - plug all the computers into your switch, dhcp server included, then set up your dhcp server. simple as that	20:04
EdT2001	Hello	20:43
EdT2001	if i set up an ubuntu media server will windows be able to map to it?	20:43
EdT2001	fu_ck you	20:45
guntbert	!language \| EdT2001	20:46
ubottu	EdT2001: Please watch your language and topic to help keep this channel family friendly.	20:46
soren	Good riddance.	20:50
jetole	hey guys. I am new to preseeding and trying it out. Does anyone know how I can have a random host name auto assigned or if there is a way to use a schema to create a random host name?	20:51
ikonia	jetole: either dhcp or a script at start up	20:58
jetole	ikonia: how do I use a script at start up?	21:02
ikonia	just write a script to take random letters (26 letters) and random numbers (0-9) pick a combination of say 12 of them and write them to /etc/host and /etc/hostname	21:03
ikonia	why you would want to do that, I don't know	21:03
jetole	ikonia: I'm planning on deploying a lot of machines and don't want to be prompted for the host name when I install	21:03
ikonia	so set profiles, or use dhcp to set the hostnames, that would be better than a script	21:04
jetole	what do you mean profiles? I'm still new to this	21:04
ikonia	profiles could be anything like, a text file with a list of hostnames that cycles through and gets the next in the list for each install, the best way would be to have dhcp offer up hostnames	21:05
jetole	ok, I will look into dhcp	21:05
ikonia	that's a good way of doing it, plus intergrates well in to future managment of the machines	21:06
ikonia	eg: dns	21:06
=== erichammond1 is now known as erichammond
jetole	ikonia: what do you recommend for an apt caching system?	21:08
=== erichammond1 is now known as erichammond
ikonia	jetole: local mirror works well,	21:09
ikonia	maybe squid hosting on a local mirror	21:09
ikonia	tons of options	21:09
jetole	Well I'm looking at items like apt-proxy, apt-cacher-ng, debproxy etc	21:09
jetole	just don't know which one I should go with	21:10
ikonia	do a little research and maybe do a proof of concept, experiement	21:10
jetole	well the POC is exactly what I am doing now before the live deployment	21:11
ikonia	great, have a play and keep in the back of your mind scalability for your target deployment	21:12
ikonia	must dash	21:12
jetole	k	21:12
=== erichammond1 is now known as erichammond
=== rberger_ is now known as rberger
=== johe_ is now known as johe
=== rberger_ is now known as rberger
=== robbiew is now known as robbiew_
uvirtbot	New bug: #540596 in qemu-kvm (main) "NX memory not simulated for ARMv7 and above CPUs" [Undecided,New] https://launchpad.net/bugs/540596	23:22
Sorell	hey guys, I'm having issues with my UEC private setup	23:40
Sorell	I have the server installed and	23:40
Sorell	have the cluster controller and the nodes setup	23:40
Sorell	I am getting an error though I and I have no idea where to go to fix it	23:41
Sorell	I am getting not enough resources available: address (try --addressing private)	23:41
Sorell	but when I try addressing private option the instance will never start	23:42
Sorell	any ideas	23:42
alex88	hi guys..can i ask here for ubuntu server lucid?	23:44
twb	alex88: sure.	23:44
alex88	ok, so..i'm trying ubuntu lucid server on virtualbox, i've tried cloud install, i've set 512mb of ram, install is fine, i've set host-attached network	23:45
alex88	host has 192.168.56.1, ubuntu cloud as guest has 192.168.56.2	23:46
alex88	on boot it says: init: eucalyptus-network main process killed by term signal	23:46
alex88	then there aren't any eucalyptus process running, and i can't access gui	23:46
alex88	via https	23:46
alex88	also there aren't any java process running	23:47
twb	alex88: I don't do EUC yet, so I can't help. Patiently wait for someone else to respond.	23:48
alex88	twb: thank you anyway..maybe there is a channel for cloud?	23:50
twb	Hmm, maybe #ubuntu-euc? /list doesn't work for me.	23:50
twb	!euc	23:50
alex88	nope..i'll wait here	23:51
Sorell	#ubuntu-cloud ;)	23:51
Sorell	no one really in there though	23:52
alex88	i've tried it..btw..i've done "service eucalyptus start"	23:54
alex88	and there are a lot of connections between 9001 port and others in localhost	23:55
alex88	oh...it's started	23:55
alex88	thank you anyway	23:55
alex88	=)	23:55
alex88	-.- username not found...	23:56
alex88	wtf..	23:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!