[00:03] Perhaps I'll try a different OS. [00:08] Thanks for the help anyway. [01:05] I am trying to install a printer on ttyUSB0 with a ppd file using lpadmin, but all I get back is 'No such file or directory' lpadmin -p Star -i usb:/dev/ttyUSB0?baud=9600 -P tsp651.ppd === erichammond1 is now known as erichammond [03:28] Which package provides pecl? [03:29] !pecl [03:30] !search pecl [03:30] Found: [03:30] apt-cache search pecl reveals a few candidates. [03:31] Pici: thanks [03:39] When I try to run pecl, it things pecl and php should be in /usr/local/bin/ instead of /usr/bin/ [03:40] any ideas why - or how to correct this? purging and reinstalling php5-dev and php-pear didn't do the trick [03:41] oops - logged out and back in - works now :P [05:33] hello can someone assist me with a Ubuntu 9.04 lamp sever issue or point me in the direction i need to go [05:34] perhaps, if you describe the issue ;) [05:35] I am new to Linux and I am attempting to set up an Ubuntu 9.04 desktop with LAMP server to access from my other PC for testing php code [05:35] I cannot access the other LINUX pc or login to the website nor FTP access [05:36] it works and then it stops working and I am new to LINUX and have no idea where to even start searching for a correct answer [05:39] when ever I try to go to the Linux website is says " URL is invalid and cannot be loaded" [05:39] but I can access it fine from the LINUX PC [05:40] what URL? [05:40] on my other computer? [05:41] http://ubuntu/dtm [05:41] This works on one machine, and not on the other, right? [05:41] this is what I use ot http://localhost/dtm [05:41] works on the linux (host ) machine but not another from my network [05:41] Try using the same URL in both places. [05:42] I suspect it's a host name issue. [05:42] already did that and same result [05:42] on the Host pc it works fine [05:42] other PC no good [05:42] even tried http/127.0.0.1/dtm and same issue [05:42] why use the hostname while testing? [05:42] OK. What kind of network do you have? Is there a network administrator? s there a router? [05:43] faileas: Good point! [05:43] http://127.0.0.1/dtm I mean [05:43] er.. 127.0.0.1 won't work [05:43] wired network [05:43] you need the ip address of the server there, not localhost [05:45] drm: run 'ifconfig' on the server and find out its IP. then try 'http://(server ip)/drm [05:45] ' on the client [05:45] it normally works when I first installed it with http://ubuntu/dtm just fine and then stops. I am sure it is a configuration issue I just do not know where to start looking [05:45] urgh [05:45] don't use hostnames. [05:45] use the server's ip address. [05:45] unless you have a VERY specific setup, its going to cause more headaches ;) [05:47] will try that but what would cause FTP to stop working as well when both work for a while [05:48] actually, what i don't get is how it works at all [05:48] LOL well it does [05:48] for a while anyways [05:49] then it changes its mind and I am sure it is something I a m doing [05:55] so noone can point me toward any specific configuration file or other area to start looking? [05:56] Just out of pure curiosity, does ubuntu's xen stuff allow to install debian domU's? [05:57] I notice than Ubuntu 9.10 has newer versions available for xen stuff, but in some specific cases I need debian. [05:57] if I knew I would tell you but I am a newbie myself to LINUX and UBUNTU [05:57] yeah, I'm far from it. heh [05:59] The URL is not valid and cannot be loaded. [06:15] hmm go skiing fore some hours or go ice fishing for some hours...? [07:06] hey guys.. I am looking into configuration management for our hosted web servers. We want to freeze a particular configuration (maybe even that website should be coming from a particular tag of svn) and if anything accidentally changes, it should revert back to the good configuration. Anyone have any opinions about Puppet, cfengine, bcfg2 ? [07:20] SandGorgon: if you look for something really simple, take a shot at etckeeper [07:47] Interesting. Ubuntu 9.10 Server has the whole Enterprise Cloud installation stuff. [07:47] :-D [07:49] who is a veteran on enterprise cloud? [07:49] anybody?? [07:51] how do catch some body to chat in irc channal? [07:56] Maybe when people are awake? ;) [07:56] I think most everyone here is in the US, like myself. I'm just up extremely early. ;) [07:56] most pepole come from us? [07:57] oh god.you must on sleeping. [07:58] HI Eric. can you saw my msg ? [08:00] maybe irc server is so slow to transaction msg. [08:02] O:-) [08:07] learningclouds: probably just ask a question and someone will pick it up [08:08] ttx: do you know if there are any problems with using multiple TB for Walrus S3? Has anyone ever attempted this? [08:08] TB? [08:08] ttx: Tera Byte of Storage [08:08] ah :) [08:08] what is walrus s3? [08:09] TeTeT: I didn't try personally. [08:09] learningclouds: part of the Ubuntu Enterprise Cloud system, where the image file resides, and a part of persistent storage [08:09] "walrus" is the eucalyptus equivalent of Amazon S3 [08:10] oh. very fresh to me. [08:10] ttx: do you know if the buckets can grow dynamically? [08:10] TeTeT: I must admit I haven't exercised Walrus so much, so no, I don't know. [08:10] ttx: there's a size limit in the config web UI [08:10] ttx: thanks anyway, will try to figure it out on my own then ... [08:12] who know what is the differences in private cloud and enterprise's cloud? [08:12] Oh. [08:12] Lovely. [08:13] I just installed Ubuntu Server 9.10 Enterprise Cloud, and trying to login with the initial default username/password admin/admin, doesn't work. Says, admin, not found. [08:15] where is a training org on ubuntu cloud in Asia? [08:17] learningclouds: we have a training partner in Taiwan, Geego. [08:18] learningclouds: not sure if there is a strict difference between private and enterprise cloud, IMO you can exchange these terms [08:18] where is Geego? [08:18] Psi-Jack: wait for a few minutes, then try again [08:18] Wow, sheash. [08:18] Why did it take 5-10 minutes just to be able to login? [08:19] learningclouds: http://webapps.ubuntu.com/partners/training/ [08:19] oh .thanks [08:19] Psi-Jack: it was a bug, been fixed. Did you install ubuntu-updates? [08:20] Not yet. Freshly installed system. [08:20] I did tell it to auto update security releases though. [08:21] Psi-Jack: it's not a security update, so you will have to use apt-get update; apt-get upgrade to get i [08:21] it [08:21] Understood. [08:26] Hmmm [08:26] What DOES this "Cloud" use for virtualization anyway? xen? kvm? [08:29] Psi-Jack: kvm, check the hypervisor setting in /etc/eucalyptus/eucalyptus.conf [08:31] * Psi-Jack shivers. [08:31] Okay. Bye bye Eucalyptus. [08:34] to go to Taiwan is not so convenient.i am in Mainland. [08:34] Oh wait. It has options for kvm and xen. Cool. [08:35] I might be able to live then. ;) [09:26] New bug: #540121 in openssh (main) "does not terminate at computer shutdown" [Undecided,New] https://launchpad.net/bugs/540121 [09:39] how to apply updates from cli? [09:39] bronto2: sudo apt-get update; sudo apt-get upgrade [09:40] TeTeT, thanks [09:50] another one: how do i figure out what ftpd daemon is installed? [09:52] ps -e|grep ftp [09:52] ? [09:53] is sftp-server some sort of default on 'ubuntu server' ? [09:53] or can i use pure-ftpd? [09:55] bronto2: openssh-server is the common sftp server. [09:56] persia, bingo! [09:57] Goodie. [09:57] ubuntu system's totally locked up nicely. Won't even reboot sanely. Just after a full brand new installation and apt-get upgrade [09:58] this is the first time i have to manage a system via ssh prompt only, will be a brand new experience :P [10:02] hi there... have a question.. is there some way how to set up firewall when i need to allow ssh connection from host like this? abcd*.server.net [10:03] using * mark to represent what ever symbol.. number usually [10:06] Hawkey: There are mechanisms for doing that, but I can't recommend it. Lots of people can make their IP's resolve to whatever they want. [10:08] know that.. but here's the thing.. i need to connect to my server from mobile device.. and i doubt they will gimme static ip :( [10:09] Hawkey: Consider having some bastion that accepts ssh from anywhere with a default shell of /bin/false or some such, and using ProxyCommand to tunnel connections from your mobile through the bastion into your real network. [10:10] Hawkey: That makes it even more pointless. [10:10] Hawkey: It sounds to me like you essentially want to open your server for ssh connections to anyone using the same mobile provider? [10:11] soren yes... at least for host i'm recieving when connect from mobile phone [10:12] and that host is dynamic :/ [10:12] So one wouldn't even have to spoof a PTR record, one would just have to happen to have the same mobile provider as you.. [10:12] Hawkey: I really think this is a waste of time. [10:13] Hawkey: I think you should spend more time making sure that your password policies are sound, for instance. [10:13] soren i know.. point is.. i have to have that access.. [10:13] need it.. [10:13] Hawkey: I'm not telling you to close your firewall completely. [10:13] I'm telling you to just leave it open. [10:13] well i use pretty hard password if you mean this [10:14] For most intents and purposes, that is what you will be doing anyway. Limiting access to an ISP or anyone who wants to pretend to be on the same ISP is really not adding any real amount of security. [10:15] actually, it likely reduces security because it creates the false impression that there is a meaningful filter for auditing. [10:17] * soren concurs [10:17] soren i'm aware of that... [10:18] what do you thing about changing default port number to different.. it could help little bit right? [10:18] Hawkey: Then whay are you doing it? [10:18] thinking now... [10:19] or why? [10:19] Yes, I meant "why". [10:19] to allow me to connect to different server :-D.. [10:19] which is locked on my static ip :-P [10:19] No, that's not what I meant. [10:19] Why bother with the firewall at all if you know that it's not adding any security=? [10:20] Hawkey: So, you basically have two choices. 1) follow soren's advice and make the server secure, and don't lock down the firewall, and just proceed. 2) Get extra paranoid which involves extra hardware, extra networking, etc. This doesn't make it secure, just harder to access. [10:20] Hawkey: Moving it to a different port will likely help against the odd script kiddie. Anyone with half a clue will perhaps be delayed all of 30 seconds by a stunt like that. [10:20] well because dont want to have all open.. want to restcirt it as much as possible [10:20] (where 2) is some variation on the bastion I mentioned above, perhaps requiring knocking, etc., but for most cases a waste of time and money) [10:21] I want to proxy ftp from browser through an ubuntu server. what do I need for that? [10:21] Hawkey: Ok, here's an analogy: [10:21] Hawkey: Imagine there was a way to limit access to your server only from the northern hemisphere. [10:21] a_ok: squid can also do that. There may be other choices. [10:22] soren hmmm [10:22] Hawkey: Doing so would still leave it open for half the planet. [10:22] Hawkey: ...plus anyone who has access to another system on the northern hemisphere. [10:23] plus anyone who can spoof being in the northern hemisphere [10:23] Hawkey: Which probably protects you from perhaps 30-40% of the planet... which is completely pointless. [10:23] persia: I tried ftp-proxy but I think that is a reverse proxy will check out squid. lighter is better in this case [10:24] well noone expect me has access to my server.. so i'm confused or dont understand whats your point [10:24] persia: Right. I was assuming that hemisphere detector was infallible :) [10:24] soren: Ah, right. [10:24] Hawkey: The point is that such a security measure could so trivially be bypassed that spending time adding it is pointless, and what's worse is that it will create a false sense of security. [10:25] Hawkey: Basically, since you don't know your IP, a firewall rule is pointless. The options are 1) leave it open (same level of security as a bad filter), or 2) do something expensive and complicated. [10:25] well forgot time and money.. not a value atm.. [10:25] persia in the 2nd case ... could be more specific? [10:26] What the 2nd case is specifically is not the main point. [10:26] The main point is that you are wasting your time with this firewall. [10:26] Regardless of what you do instead. [10:26] soren i just want to add to fw rule to allow connection from ip like this aaa.*.bbb.ccc .. that was my original question... and got it.. its not possible right? [10:27] need to have exact full name [10:27] * soren gives up [10:27] no substitutions [10:27] Hawkey: Set up some server outside the firewall. Have it listen only on ssh (optionally only listen after knocks). Set up the firewall to only accept ssh from that sever. Set up a nameserver to have an internal domain. Set up the external server to know about that domain. Set up your client ssh_config to proxy stuff for that domain through the external host. [10:27] This makes it harder. It is still not secure. [10:28] Hawkey: It's the same as not locking your door, but putting a sign on your front door saying: "The door is locked". [10:29] hmm.. [10:29] The complicated solution is more like locking your door with a non-unique key. [10:29] Or locking your door, but leaving a great big window open right next to the door. [10:30] Hawkey: you can do ufw/iptables via subnets.. which would probably do what you are trying to do [10:30] Is it? I've always liked bastions, because one needs to know the internal name as well as the other auth credentials. [10:30] so only people on your ISP can connect. [10:30] Daviey: That's pointless though. [10:31] persia: I disagree it's pointless, but it does address what the chap wants to do... Doesn't it? [10:31] It does. I just agree with soren that it's pointless, because anyone can apparently be from an ISP with minimal effort. [10:31] considering most of my hacking attempts come from china and russia, limiting to a single ISP certainly decreaces the brute force potential massively. [10:31] hmm [10:32] PTR record is easy to spoof, agreed. UDP packets are easy, agreed. However, TCP - forging the from is somewhat less easy :) [10:32] Daviey: Saying "only this ISP can get in" isn't secure. Saying "everything but this ISP is sending pointless brute-force hack attempts that annoy me" is perhaps an excuse for a filter, but it's just relieving an annoyance, rather than being more secure, as such. [10:33] Daviey: No. It's as easy as signing up with that particular ISP. [10:33] soren: If you ever have time, I'd like a critique of the bastion approach, just from personal interest. No rush of any kind: months later would also be appreciated. [10:33] Daviey: Something which thousands have already done. [10:33] Oh, i entirely agree it's not as secure as some options - but does add a level of security. Coupled with something else, it should be pretty good. [10:34] Or asking someone with a botnet to give you access to a machine using that ISP. [10:34] fail2ban / denyhosts etc [10:34] I think assuming that people using the same ISP as you are less malicious than anyone else is a mistake. [10:35] Daviey: These are tools to keep the logs cleaner. They don't actually help that much against anyone actually wanting in. [10:35] persia well.. that could be prevented when that isp is using dnssec, or am i totally out of dish?:P [10:35] Well yes, but IME the majority of attempted hacks aren't targeted - just drive by pokes. Therefore limiting to subnet, coupled with something else - is a pretty good solution IMO [10:35] Hawkey: That only means it's really a machine from that ISP. Could be a malicious customer. Could be part of a botnet. [10:36] Daviey: I agree it doesn't hurt: I just don't believe it's actually more secure. [10:37] :) [10:37] I just don't want someone come in here, ask for this sort of advice, and just tell them that "yeah, put this or that in hosts.allow", have a week pass, have him be succesfully hacked, and have him go "oh, why didn't those fuckers in #ubuntu-server say that this was a problem?". [10:37] !ohmy [10:38] Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others. [10:38] But, yeah. [10:38] hey super cool dudes! [10:38] so, i have a question [10:38] soren: Agreed.. i'm saying limiting to subnet COUPLED with something else, is better than just having something else. And he did ask for that :) [10:38] lets say someone was to forgo redhat/centos and try to install oracle on ubunt server [10:39] would the experience be somewhat akin to putting ones genitals in a grinder? [10:39] O_o [10:39] or do canonical take serious business serious [10:39] !ohmy | echosystem [10:39] echosystem: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others. [10:39] echosystm: Well for the last part, you might be better to direct the question towards Canonical. [10:40] Oracle has this to say about running Oracle on Ubuntu: http://www.oracle.com/technology/tech/linux/install/xe-on-kubuntu.html [10:40] I suspect there are other guides for other products. [10:40] persia: I think the #python channel gets it right. The regulars there refuse to answer people's questions if they seem to be on the wrong track. [10:40] soren i'm aware of risk you're talking about... but i have no other option... need to connect from mobile device.. what ever risk it takes... [10:40] Hawkey: You are either not understanding at all or not paying attention. [10:41] Hawkey: I'm telling you to LEAVE THE FIREWALL OPEN! [10:41] soren: Aha. I see. Thanks. [10:41] Or not set one up at all. [10:41] It's /pointless/. [10:41] Hawkey: I'm /not/ tellling you to close it up, and not let anyone in. === Airells is now known as airells [10:41] persia bro, installing oracle xe is hardly comparable to 10g [10:42] but you say that it's like i have leave opened.... what's the difference? [10:42] Hawkey: None! [10:42] echosystm: My assertion is only that Oracle seems to have guides, not that the products are similar. [10:42] Hawkey: That's the point! [10:42] im more interested in what canoncals commercial alliances are like [10:42] Hawkey: If there's no difference, don't waste your time. [10:42] echosystm: For that, as Daviey said, you'd do better to contact Canonical. [10:44] i figured someone here would have experience? [10:44] Hawkey: It's very, very simple. Adding the firewall will not increase security. So don't waste time setting one up. It will make no difference, so why do it? [10:44] vendosr will tell you all kinds of crap [10:45] soren well that's what i DO NOT want to.. i want to restrict it as much as possible.. not whole open... that's what i ask if there is an option to add that fckin rule... [10:45] Well, I'm not going to help you. [10:45] Simple as that. [10:45] soren lol... not increase security? what a bullshit? [10:45] I've tried to explain why. [10:45] point was to minimalize the risk [10:47] Whatever. My life is way too short for this. [10:47] * soren wanders off [10:47] heh [10:50] persia: I also have a bastion host. It's also convenient that you don't need public IP's for everything. [10:51] That too :) [11:05] soren: If we bring home + ipv6 into the mix. I have the firewall rule of allowing my /64 to connect, but the rest of the internet blocked. Therefore my security is the same, someone could get on my LAN (wifi perhaps), and connect to the servers - but the audience of people that can attack is reduced massively. [11:05] Same as a spamd server i run, that is firewalled off to only allow my ipv4 subnet to connect.. that is less for security, more abuse tho. [11:06] hi all. We search a panel control for dedicate server. we have test webmin/virtualmin. Some admin here have a favorite panel ? [11:07] EhrN: Generally all panels are sub-optimal, and we recommend against them.. what operations do you want to perform with the panel? [11:10] My boss create and host somes websites (Magento's commerce, CMS(drupal,Joomla),ERP) + mails + ftp account for each customers [11:10] the dedicated server is host by OVH [11:11] EhrN: are you relying on the panel to set everything up correctly and securely? [11:11] Or do you have an experienced sysadmin/person who knows how to configure servers? === jussi01 is now known as o1 [11:12] Because a "panel" is a bad idea probably - best to have someone who knows how to configure a server set things up. Security is a big concern! [11:13] sherr, server security is ok. the panel is just for administrate a new customer's website/mail/ftp account/dns [11:15] OK - I don't use them and do not trust them. Be careful. Maybe this is what you are after : [11:15] http://www.ispconfig.org/ [11:15] Or something like that. I have no experience of it though. === o1 is now known as jussi01 [11:17] yes i know ispconig [11:17] ehcp look like very nice too [11:18] Daviey: That's not the same at all. [11:19] soren: Actually, it is - you are reducing the audience that can launch an attack. [11:20] Daviey: Yes. But you're doing it beyong the point at which the quantitaive difference that makes has become qualitative. [11:20] s/beyong/beyond/ obviously. [11:20] And s/quantitaive/quantitative/ [11:23] Several reasons: [11:24] I don't suppose you sell access to your home network to random strangers? [11:24] ISP's tend to do that. You know... To stay in business and all that. [11:24] soren: The IPv4 address space allows ~4,294,967,296 addresses, if you restrict it to just a /8 that makes the audience that can attack down to less than 16,777,216.. this is a pretty significant drop. As i said, i'm not saying this should be the ONLY defence, but it certainly adds to the security by multiple levels. [11:25] I hear you. [11:25] And disagree. [11:25] soren: I do sell access to my ipv4 allocation, and have services firewalled off to only that allocation :) [11:25] Being on the same subnet as yourself (a subnet you don't control) does not make anyone more or less trustworthy. [11:26] i didn't claim it did [11:26] Then it's pointless. [11:26] * persia one had a job as a network admin where it was *required* to spoof addresses in order to log into management servers. Didn't stop anyone from doing it daily. [11:26] All you're doing is reducing noise in your logs. [11:26] s/one/once/ [11:26] persia: Heh :) [11:26] soren: There is value in reducing that noise, as it makes it easier for folks to track goings on. [11:27] persia: grep -v does that just as well === EhrN is now known as Ehrn_Eat [11:27] FireCrotch: I don't claim otherwise. [11:28] persia: Fair. I just don't think a firewall is the right tool for that job. And neither do you :) [11:28] soren: the inverse of what i am saying is advertising a teenagers house party on facebook, and someone standing at the door asking people for tickets to get in.... Not advertising the party on facebook, would have reduced the people that turn up at the door and trying to force themselves in. [11:29] But you still have someone checking tickets, (ie denyhosts/fail2ban) for those that know about it, but you still don't want them to force themselves in. [11:30] Why would anyone in their right mind have ssh listening on a public interface to begin with? [11:30] FireCrotch: To get in? [11:31] Allow ssh only from the internal network, and use a VPN [11:31] FireCrotch: Why would anyone in their right mind have VPN listening on a public interface to begin with? [11:31] FireCrotch: so you have the VPN daemon listening on a public interface? [11:31] (See what I just did there?) [11:31] FireCrotch: That just moves the issue. from ssh auth to vpn auth. [11:31] bah [11:32] A VPN is a wayyyyy more secure way to do it [11:33] Hahahahhah [11:33] FireCrotch: Why is that? [11:33] * Daviey avoids this discussion. :) [11:33] heh [11:33] I can write a /really/ bad VPN server and a /really/ bad ssh server. Just as easily. [11:34] I once had a client that implemented VPN via ssh. [11:34] One could easily argue that the previously discussed bastion host is a poor man's VPN. [11:34] persia: vpn over ssh via tap \o/ [11:35] Daviey: That's a lovely model! [11:35] :( it's way too late at night for me to be pondering this topic [11:35] I have been tempted to run a vpn tunnel, over ssh, which is over socks proxy, made via sshing over dns. [11:36] soren: Depends on the VPN implementation. I've seen lots of places that have nice open access through the firewall to a concentrator on the internal network. [11:36] or rather, way too early in the morning, now [11:36] I should sleep haha [11:36] Daviey: might suffer a little latency that way. [11:36] persia: Sorry, what depends on the VPN implementation? [11:36] soren: Whether a bastion host can be considered a poor man's VPN. [11:37] persia: So i guess adding network conencting via packet radio wouldn't help? :) [11:37] My preferred VPN implementaiton is always to bastion the concentrator, but I've seen it done other ways. [11:37] Daviey: Just remember to have your radio base station uplink via satellite, and you'll never notice. [11:38] what was this argument even about to begin with? [11:39] :) [11:39] FireCrotch: different viewpoints on convenient ways to pretend to be secure [11:39] FireCrotch: soren is having a house party at his house, and he wants everyone to turn up :) [11:40] (not true) [11:40] persia: I think calling something a "poor mans something" leaves a lot of wiggle room for interpretation. [11:41] soren: I guess. I just consider bastion vs. non-bastion completely separate from different classes of device usable to reroute packets inside some infrastructure. Maybe I've seen too many annoying networks. [11:43] persia: You're being very specific. [11:43] persia: Assuming VPN is a mechanism that allows access to internal infrastructure to authenticated users.. [11:44] soren: OK. In that sense, just unfirewalled ssh is also VPN. [11:44] persia: ..a bastion host is an implemention of VPN. Both have many other characteristics, but with that limited definition (which for many intents and purposes is suitable, I think), it holds. [11:45] I tend to think of "VPN" as some way to have an encrypted tunnel between two networks, over some other network (where one of those networks may be a /32) [11:45] /32? [11:45] Really? [11:45] You do VPN to localhost? [11:46] It's not an uncommon profile for e.g. roaming sales force needing access to intranet, etc. [11:46] Tends to be limited to some DMZ. [11:46] What would be the point of a loopback VPN connection? [11:46] I mean.. [11:47] /32 isn't necessarily loopback. [11:47] a VPN connection from my laptop to my laptop is not going to get me anywhere? [11:47] /32 only has one host in it. [11:47] No, but a vpn from 10.0.0.1/32 to 172.19.24..192/29 is useful. [11:48] And for some applications, 192.168.73.43/32 to 10.101.57.34/32 might be useful. [11:48] * soren stares [11:48] In that example, what is 10.0.0.1 ? [11:48] My laptop [11:48] Bad IP, actually. [11:48] Ok. Oh, sure, that makees sense. [11:49] I just got confused by the "one of those networks may be a /32" bit. One of the networks in the context was the foreign network. [11:49] But that there *is* a tunnel is completely separable from how the concentrator is implemented. [11:50] Foreign /32 was my second example. [11:50] Agreed. [11:50] No, no. [11:50] My laptop to one single server in a trusted infrastructure. [11:50] Foreign as in the network that you're crossing. [11:50] (the intenret) [11:50] internet. [11:50] Man, typing is difficult today. [11:51] Oh, the tunnel media. Yeah, that has to be larger than /32 :) [11:51] Usually, yes. [11:51] (assumping IPv4 : /32 is a fine tunnel media for IPv6) [11:51] Sorry, didn't mean to be difficult. It was the first think I thought of and just got very confused. [11:51] :) [11:51] "thing"! [11:52] * soren decides to write some code instead [12:06] morning [12:16] Daviey: Do you have a trick for detecting the tun device on the server when you're creating tunnel using ssh? [12:17] Daviey: ...or do specify a specific one to make configuration easier? [12:19] "specify a specific" ? ;) [12:19] Err.. [12:19] Yes :) [12:31] mhh ubuntu cannot write the hosts.hfaxd file for hylafax [12:39] ttx: we are suppose to be doing iso testing today right? [12:39] zul: yes [12:58] soren: do you mean ssh+tun vpn? [13:00] for your routing? [13:03] ttx, ping, meeting ? [13:04] smoser: meeting is at 1400 UTC, which is in one hour. [13:04] stupid time change [13:04] smoser: :P [13:05] smoser: the US should just use the same dates as the others :P [13:05] i wish i could come up with some snarky remark about why these dates are inherently better [13:06] * smoser grew up in Indianapolis, the last hold out for "lets just *not* decide to change the time" [13:09] ttx: See you just added bug #356256 as a papercut. Plan on looking into the issue specifically in regards to slapd, or on a more general notes regarding database daemons? [13:09] Launchpad bug 356256 in openldap "dist-upgrade stops slapd" [Wishlist,Triaged] https://launchpad.net/bugs/356256 [13:09] andol: there was a duplicate bug that just said "this is a papercut", I unified them [13:10] andol: doesn't mean we should accept it [13:10] ttx: Ahh [13:10] andol: we'll review it in one hour in the meeting -- but that doesn't seem to meet the "obvious way to fix" criteria [13:11] ttx: my impression as well, even if it surely would be a nice thing to do something about [13:14] smoser: the current beta1 UEC images candidates have a ramdisk: is it a bug or a feature ? [13:14] featur [13:14] e [13:14] work around [13:14] I missed the memo, I guess [13:14] which bug ? the cloud-init / upstart thing ? [13:14] i commented in the bug... its a work around for bug 531494 [13:14] Launchpad bug 531494 in upstart "cloud-init job not running in eucalyptus without ramdisk" [Critical,Incomplete] https://launchpad.net/bugs/531494 [13:15] * ttx looks [13:15] ttx, i think its better than a release note "uec images boot only if you're lucky" [13:15] smoser: certainly :) [13:15] the other option was to put cloud-init back later [13:16] to run later. [13:16] smoser: Note that I was ok with the no-ramdisk concept if it wasn't introducing new bugs -- I'm not opposed to drop it if that means a more stable system. [13:17] smoser: We'll have to do a final choice by beta2 [13:17] ttx, agree [13:17] the scary thing to me, though, is that i don't understand why ramdisk would fix this per se [13:17] and neither does Keybuk [13:18] so i'm not convinced its not just a bandaid that reduces likelyhood of race [13:18] smoser: I suspect it introduces a timing change which means you win the race (almost) all the time [13:18] :-( [13:18] right [13:18] smoser: I tested the UEC images alright [13:18] and you were typically unlucky ? [13:19] no, lucky [13:19] before [13:19] hah [13:19] you used to be unlucky until you found the ramdisk, right ? [13:19] smoser: I was unlucky when trying to start multiple instances [13:19] ok. [13:19] dustin was unlucky 90% of the time at least [13:19] I no longer am unlucky. [13:25] hi, can anyone help? http://pastie.org/873729 [13:29] nucc1: the host has sender verification disabled - ensure your DNS names are valid, i.e. the ultimate recepient of your email can resolve app.domain.com [13:29] er, sorry, sender verification enabled [13:29] alternately, white list/add to a no sender call back list on the mail daemon accepting mail for domain.com [13:30] jalons, i can only edit the dns settings for domain.com, since it is a shared host. [13:31] then make sure the mail host can resolve app.domain.com, and welcome to sender verification hell [13:32] jalons, or what should i do to make app.domain.com reply to sender verification requests? [13:32] jalons, by mail host, you mean the mail server for domain.com? this means i should add an MX entry that points to app.domain.com ? [13:32] nucc1: postfix by default should respond, unless you went a little tweak happy in main.cf [13:33] jalons, i configured it with dpkg-reconfigure [13:33] I have just installed ubuntu server on system with two raid harddrives and one nomal scsi. i chose to install the system on the non-raid drive, but i am getting grub error 21. is it worth switching to lilo? [13:34] nucc1: is the mail from the postfix server being presented to the mail server for domain.com as app.domain.com? If the from address is not being rewritten to be from @domain.com and is coming from @app.domain.com then yes, you'll need an MX record on app.domain.com [13:34] you shouldn't, since it should make a call back as long as an A record points back to app.domain.com [13:34] but, it can't hurt [13:35] smoser: we don't have specific tests for ebs root, so you should probably test them in parallel with their instance store equivalent ? [13:36] ttx, yes, i'll just run them through the same set of tests [13:36] except that i will shut them down, and start back up [13:36] and verify they came back up [13:36] smoser: make sure we get specific AMI entries i the ISO tracker for beta2 [13:36] i hate amis [13:36] anyway [13:37] smoser: what do you propose ? [13:37] nothing else. i just hate that this doubled the testing. [13:37] smoser: I'm not sure how we can consolidate tests efficiently [13:37] and have no suggestions or good arguments that it should not have [13:37] i agree completely. [13:37] it just sucks. [13:37] smoser: i'm pretty sure you will automate all that :) [13:37] sorry, sometimes i just like to complain for the sake of it. [13:38] smoser: we /could/ get rid of the i386 images [13:38] smoser: i'm not convinced they are useful [13:39] In the same vein, testing UEC/i386 just doesn't make any sense. [13:39] yeah. i'll agree on uec. [13:39] i test/use i386 all the time on ec2 [13:40] smoser: so both arch have their usefulness ? [13:40] its 1/4 the price of the cheapest x86_64 [13:40] ah [13:40] price :) [13:40] you rich people [13:40] :) [13:40] let them eat cake and all that [13:42] hi! im trying to add a user in a server. with useradd -s /bin/false prueba3 but it fails saying Can't create `/etc/passwd': not space left on device. I did df -h and i see i have plenty of space. any ideas why? [13:47] emilioeduardob: /etc/passwd? very worrying .... :-( [13:47] I have just installed ubuntu server on system with two raid harddrives and one nomal scsi. i chose to install the system on the non-raid drive, but i am getting grub error 21. i there a way i can install lilo, or boot from a floppy? [13:48] sherr, yeah.. is too wierd... [13:48] Maybe running out of inodes? Try : df -i [13:49] sherr, yup.. 100% used inodes :S [13:51] sherr, tks! at least i know now wht im against :P [14:01] I have just installed ubuntu server on system with two raid harddrives and one nomal scsi. i chose to install the system on the non-raid drive, but i am getting grub error 21. i there a way i can install lilo, or boot from a floppy? [14:02] Hello. Question: I have am on Ubuntu connected to a Windows network. I need to access a Windows machine by its hostname for both Filesharing and http access (i.e. intranet, svn). But my Ubuntu pc can't see the hostname at all. [14:03] I have samba and smb-client installed [14:03] er, smbclient [14:04] More Details: I am running Ubuntu on a VM with a Bridged connection. My host machine (a Windows 7 pc) can access the windows server just fine. [14:06] mathiaz, you have UEC rig in appropriate testing setup ? [14:06] smoser: I think so [14:07] smoser: but it may be wiped out to test the beta1 isos [14:07] is it common for raid controllers to interfere with grub? [14:11] Daviey: Yes. [14:11] ttx: I still expect to upload a fix for https://bugs.launchpad.net/bugs/460398 before beta 1. [14:11] Launchpad bug 460398 in server-papercuts "/etc/timezone is not set correctly" [Medium,In progress] [14:11] ttx: I've just been procrastinating to see if I could fix more stuff before then. [14:14] Question: How can I access a Windows server by Hostname from within an Ubuntu VM? Details: I am running an Ubuntu VM on my Windows 7 laptop, which is connected to a Windows network. The Ubuntu VM is using a Bridged connection and can access the Internet fine. My laptop can access "\\server\" and "http://server/" just fine. I have samba and smbclient installed. But for some reason I can't access the windows server from my Ubuntu VM. [14:16] creatorbri: not really a #ubuntu-server relevant topic [14:16] soren: ok [14:16] Might be better asking on the forums or #ubuntu [14:20] ameba23: Disk order and layout can affect grub, yes. Whan you say "scsi" do you mean you have a real SCSI disk? Or do you mean SATA? === airells is now known as Airells [14:31] er its SATA [14:32] New bug: #540279 in apache2 (main) "package apache2.2-common 2.2.11-2ubuntu2.6 failed to install/upgrade: il sottoprocesso post-installation script ha restituito un codice di errore 1" [Undecided,New] https://launchpad.net/bugs/540279 [14:33] sherr, Ive read some responses on forums to people having grub error 21 and a lot of people seem to say lilo works better but im not sure how to change it [14:39] good morning all. I know it is not standard practice to install a DE on ubuntu server, but I have reason to need something relatively lightweight. A minimal install of gnome would be sufficient. [14:39] Any recommendations, please? [14:39] pm me if that is more appropriate. I don't mean this to be a poll. [14:40] arch0njw: openbox is pretty minimal [14:40] or plain old x [14:40] arch0njw: In case you want a more minimal gnome you can always do an "apt-get install ubuntu-desktop --no-install-recommends" [14:41] andol: oh? Now there's something very new to me. Interesting. [14:41] faileas: Thank you. I am familiar with good ol' OB. However, I think the other person maintaining this server might find it a bit of a shock. I'd install FB if I had my way... [14:42] arch0njw: As of 8.10 apt was set to also install Recommended packages by default, allowing alot of not-absolute-neccesary dependencies be moved from Dependency to Recommends. [14:46] arch0njw: or xfce, which is reasonably gnomelike [14:47] faileas: Pondered that too. I tried a straight xfce install once and embarassingly muddled my way through installing sufficient packages to make it usable [14:48] well, there's xubuntu desktop ;) [14:48] faileas: presumably I could use the --no-install-recommends there as well to get the least-most needed. [14:57] arch0njw: probably. try it on a VM first? ;p [14:58] faileas: indeed :D [15:21] faileas: andol: thank you for the advice :) I'll be applying this wisdom soon ;) [15:28] on ubuntu no application sees the faxes of hylafax in the queue [15:35] I came in here the last couple days talking about SSH and losing connection while headless... The problem has been resolved with using the boot option "nomodeset". It's a bug that affects old dell dimensions with intel video chips. Sleep mode on the monitor locks the computer up. Nomodeset works to resolve.... just a FYI to anyone who can use it... :) [15:37] Hi, does anybody here have experience in 6.06 (server) to 8.04 (server) direct upgrade ? [15:37] my 6.06 is a minimal LAMP instalation plus postfix, courier, squirrel, clamav, spamassassin, amavisd-new [15:38] only was wondering if someone here had troubles or the procedure is straightforward === Ehrn_Eat is now known as EhrN [15:41] <_ruben> Notscape: it *should* be straightforward [15:41] _ruben: :p [15:42] <_ruben> its a supported upgrade path .. then again, there's no guarantees for any upgrade scenario afaik [15:44] my experience in 6.06 (desktop) to 8.04 (desktop) was very bad [15:44] it didnt work [15:45] lots of unresolvable libraries conflicts [15:46] it is true that i have less chance in server as it has less number of extra packages [15:47] less chance of failure i mean [15:50] I am having a hard time getting wsgi setup, I keep getting the error that wsgidaemonprocess is mispelled or module not included. [15:50] Notscape: make sure to use do-release-upgrade rather than editing sources and doing apt-get dist-upgrade. [15:52] sbeattie: yes I will go that way . . . but just looking for someone with previous experience [15:55] Notscape: hrm, missing libraries... maybe make sure you have universe enabled before upgrading? [15:55] (dapper didn't enable universe by default) [16:10] smoser: how is EC2 image testing doing so far ? [16:11] i've not started... been poking at my scripts to ebs-rootify them. i will be starting soon. [16:11] ok [16:11] smoser: we need to run "some test" soon enough to catch the kittenkiller. [16:11] yeah. [16:11] will have "some test" in next 30 minutes, promise. [16:12] zul: you cover the upgrade testing ? [16:12] I am having a hard time getting wsgi setup, I keep getting the error that wsgidaemonprocess is mispelled or module not included. [16:12] ttx: yep when I get to it [16:13] see you, thanks === RoAk is now known as RoAkSoAx [17:09] kirkland: can you point me to docs on setting up the shared screen session on ec2? [17:09] hi [17:26] hggdh: hi! [17:26] hggdh: are you planning to do some uec testing today? [17:41] I'm trying to set up a transparent proxy with squid, I have the latest version of iptables, which comes with the extension tproxy but I can not make it work. [17:41] I'm using this rule: [17:41] iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 [17:41] But I've seen on some forums that instead of using "iptables-t mangle" use "iptables-t tproxy" but this does not work with the current version of IPTables, Ineed to patch iptables again with TProxy patch or this is only for older versions? [17:43] mathiaz: yes, when can we start? [17:43] hggdh: whenever you want [17:43] now? [17:43] or is it time for lunch? [17:43] mathiaz: ^ [17:44] hggdh: now is a good time for me [17:44] mathiaz: OK. What is it I am expected to do? [17:45] hggdh: the test cases are outlined on the wiki at http://testcases.qa.ubuntu.com/Install/ServerEConfig [17:46] mathiaz: er. replacing karmic by lucid, correct? [17:46] hggdh: I've also updated the uec-testing-preseed branch with a README.testing to outline how to do the testing [17:46] hggdh: not really. [17:47] hggdh: the focus of the test cases are to test UEC itself, rather the images [17:47] hggdh: there are other testcases covering the images themselves (for EC2 and UEC) [17:47] mathiaz: which machine should I use? [17:48] hggdh: IIRC you installed a topology yesterday [17:48] hggdh: the test cases should be run from the Cloud Controller [17:49] hggdh: (which is cempedak for most of the topologies) [17:51] ok, logging in to nickel [17:52] hggdh: to reach cempedak, you need to go through tamarind [17:52] hggdh: nickel is only used for PDU [17:53] k [17:53] hggdh: and control the power [17:55] mathiaz: it does not seem I can reach cempedak from tamarind [17:56] my ssh request seems to hang [17:56] hggdh: have you setup you ssh_config file as outlined in the README file in the uec-testing-preseed bzr branch? [17:56] I have a problem with cryptdisk sometimes only creates /dev/mapper/name and sometimes both that and /dev/mapper/name_unformatted.. is there a known problem with this? [17:56] hggdh: I can login in cempedak [17:57] hggdh: if you setup a local .ssh/config file you'll be able to directly ssh into cempedak from your workstation [17:57] also, how come the startup process tries to mount the maps before cryptdisk is finished creating them? :P [17:59] hi. is anyone here well versed in samba & Active Directory authentication using likewise-open? [17:59] mathiaz: getting it in place === astechgeek is now known as Guest28893 === Guest28893 is now known as techgeek [18:05] mathiaz: and I am expected to login as ubuntu to cemdepak? [18:06] hggdh: yes [18:43] kees: see screenbin(1) [18:54] coz linux channel is so CLI-ish [18:56] dudes [18:56] my network aint working [18:56] oh noes KingMuty [18:56] so [18:57] anyone wanna help? [18:58] why do haxors sleep with each other? [18:58] cause they are fags that is why [19:00] that was weird [19:02] guess he showed us... [19:03] jiboumans, what was he even trying to say [19:03] 'i am 13, hear me roar' ? [19:03] perhaps [19:30] sho is quiet up in this piece [19:33] <_ruben> sshhh [19:33] go trolling, trolling on the channel [19:34] lets go trolling, lets go trolling on the channel of ubuntu [20:01] i need help using a switch to set up a dhcp server to share internet with 6 computers any thoughts [20:04] usuario_: yeah - plug all the computers into your switch, dhcp server included, then set up your dhcp server. simple as that [20:43] Hello [20:43] if i set up an ubuntu media server will windows be able to map to it? [20:45] fu_ck you [20:46] !language | EdT2001 [20:46] EdT2001: Please watch your language and topic to help keep this channel family friendly. [20:50] Good riddance. [20:51] hey guys. I am new to preseeding and trying it out. Does anyone know how I can have a random host name auto assigned or if there is a way to use a schema to create a random host name? [20:58] jetole: either dhcp or a script at start up [21:02] ikonia: how do I use a script at start up? [21:03] just write a script to take random letters (26 letters) and random numbers (0-9) pick a combination of say 12 of them and write them to /etc/host and /etc/hostname [21:03] why you would want to do that, I don't know [21:03] ikonia: I'm planning on deploying a lot of machines and don't want to be prompted for the host name when I install [21:04] so set profiles, or use dhcp to set the hostnames, that would be better than a script [21:04] what do you mean profiles? I'm still new to this [21:05] profiles could be anything like, a text file with a list of hostnames that cycles through and gets the next in the list for each install, the best way would be to have dhcp offer up hostnames [21:05] ok, I will look into dhcp [21:06] that's a good way of doing it, plus intergrates well in to future managment of the machines [21:06] eg: dns === erichammond1 is now known as erichammond [21:08] ikonia: what do you recommend for an apt caching system? === erichammond1 is now known as erichammond [21:09] jetole: local mirror works well, [21:09] maybe squid hosting on a local mirror [21:09] tons of options [21:09] Well I'm looking at items like apt-proxy, apt-cacher-ng, debproxy etc [21:10] just don't know which one I should go with [21:10] do a little research and maybe do a proof of concept, experiement [21:11] well the POC is exactly what I am doing now before the live deployment [21:12] great, have a play and keep in the back of your mind scalability for your target deployment [21:12] must dash [21:12] k === erichammond1 is now known as erichammond === rberger_ is now known as rberger === johe_ is now known as johe === rberger_ is now known as rberger === robbiew is now known as robbiew_ [23:22] New bug: #540596 in qemu-kvm (main) "NX memory not simulated for ARMv7 and above CPUs" [Undecided,New] https://launchpad.net/bugs/540596 [23:40] hey guys, I'm having issues with my UEC private setup [23:40] I have the server installed and [23:40] have the cluster controller and the nodes setup [23:41] I am getting an error though I and I have no idea where to go to fix it [23:41] I am getting not enough resources available: address (try --addressing private) [23:42] but when I try addressing private option the instance will never start [23:42] any ideas [23:44] hi guys..can i ask here for ubuntu server lucid? [23:44] alex88: sure. [23:45] ok, so..i'm trying ubuntu lucid server on virtualbox, i've tried cloud install, i've set 512mb of ram, install is fine, i've set host-attached network [23:46] host has 192.168.56.1, ubuntu cloud as guest has 192.168.56.2 [23:46] on boot it says: init: eucalyptus-network main process killed by term signal [23:46] then there aren't any eucalyptus process running, and i can't access gui [23:46] via https [23:47] also there aren't any java process running [23:48] alex88: I don't do EUC yet, so I can't help. Patiently wait for someone else to respond. [23:50] twb: thank you anyway..maybe there is a channel for cloud? [23:50] Hmm, maybe #ubuntu-euc? /list doesn't work for me. [23:50] !euc [23:51] nope..i'll wait here [23:51] #ubuntu-cloud ;) [23:52] no one really in there though [23:54] i've tried it..btw..i've done "service eucalyptus start" [23:55] and there are a lot of connections between 9001 port and others in localhost [23:55] oh...it's started [23:55] thank you anyway [23:55] =) [23:56] -.- username not found... [23:56] wtf..