[00:26] Last time I re-instsalled Ubuntu, grub said it was setting up hd0. But I have SCSI RAID, so my boot device is sda and its partition is sda1. Is this the boot problem I'm having? [00:46] Has anyone gotten dovecot-antispam working on 9.10, and if so, how? [01:08] Hi, how can you remove all current iptables rules === dendro-afk is now known as dendrobates [01:21] roy_: there's a flush option [01:22] iptables -F i think [01:23] I did this, its because my website says connection refused, what would cause this if its not related to iptables [01:24] it usually means it doesn't listen to that port [01:25] iptables/ufw will normally just drop the packet, not send icmp reply [01:25] I finished formatting my 18.2GB SCSI drives. They were used so I guess it isn't a great surprise that 5 out of 6 work. I think the store I got them from has a couple more. [01:26] How can i fix this === dendrobates is now known as dendro-afk [01:51] Why do you guys suggest using qemu with kvm instead of say xen? [01:54] oh - obvious answer found === dendro-afk is now known as dendrobates [02:05] ubuntu-vm-builder is deprecated and vmbuilder is taking it's place - what provides vmbuilder? [02:06] oh... found it :) [02:06] I look and look, ask, then find the answer :P [02:12] MTecknology, using Xen 4rc8 with pvops 2.6.32.10 kernel on karmic 9.10 [02:13] also without any libvirt [02:15] ChmEarl: isn't libvirt just designed to be an easy to use wrapper around virt tools like xen and kvm? === AntORG_ is now known as AntORG === dendrobates is now known as dendro-afk [02:58] Tallken, ScottK : thanks for your tip i'll try that.. [02:59] !libvirt [02:59] !kvm [02:59] kvm is the preferred virtualization approach in Ubuntu. For more information see https://help.ubuntu.com/community/KVM [03:02] I used vmbuilder to build VM's on my system. Then I realized I need to install libvirt-bin. I installed that and then ran virsh -c qemu:///system and in there ran list --all but none of the vm's I made show up. How can I make them show up in this list? [03:03] MTecknology, (in virsh shell)#define /path/toVM.xml [03:05] ChmEarl: any idea where the xml files sit? [03:06] MTecknology, you only ran the VM once when you installed it? Are any still running? [03:06] ChmEarl: I didn't run them yet, I've always started vm's from virsh [03:07] to find the xml files, do #updatedb.. then locate [03:07] hrm.. there was a run.sh file made that has exec kvm -m 768 -smp 2 -drive file=tmpOoaNco.qcow2 "$@" [03:08] there's no xml found when I do that [03:09] maybe a log file? [03:09] I used --dest /virt/images/repono [03:09] there I have run.sh and tmpxYbvEy.qcow2 [03:10] I'll try running the run.sh and see if I can find the cml [03:10] k, then start then VM via the script - while its running get the virsh shell and do #dumpxml [03:11] domain not found [03:12] ChmEarl: since I didn't do anything useful yet; would it be out of the question to delete the vm's; recreate them; but now with libvirt installed? [03:13] that is OK, but don't the scripts enter a vmname now in virsh list? [03:13] once the vm is running? [03:14] nope [03:14] ok, something is broken [03:15] Does this look ok for creating a vm? vmbuilder kvm ubuntu --dest /virt/images/incipio --mem 768 --cpus 2 --swapsize 512 --domain incipio --ip dhcp --bridge br0 [03:15] never used that builder. [03:15] it looks like ubuntu-vm-builder is being deprecated [03:16] the man page says to use that instead [03:16] I made a VM directly by qemu-kvm comdline [03:16] oh [03:17] I'll see what happens when I make this - maybe I'll have to jsut do it that way too [03:18] there are 4 or more ways to make a VM for kvm [03:18] once you have a cmdline you can convert it to domxml used by Libvirt and import/define it [03:19] ya.. I could do it with virt-install too, but I liked ubuntu-vm-builder; but that's going away so I figured now's the time to learn what's replacing it :P [03:19] I'm guessing qmail should install just fine on a default ubuntu 9.10 server? [03:20] virsh domxml-from-native xxyy [03:20] I'm getting an: qmail: Depends: ucspi-tcp but it is not installable [03:21] I didn't think qmail was available in ubuntu repos [03:21] hi guys... i installed recently the ubuntu server with cloud [03:22] ChmEarl: hurray, they're still not being found [03:22] it is normal have the system just running without any instance running in eucalyptus [03:22] with more than the 50% of ram used? === dendro-afk is now known as dendrobates [03:22] and when i use "top" to see who is sharing that ram, there's no process with huge use [03:23] ChmEarl: hrm... maybe it's because I specified kvm as the hypervisor instead of qemu.. [03:24] nope.. [03:24] VMBuilder.exception.VMBuilderUserError: No such hypervisor. Available hypervisors: vmserver esxi xen kvm vbox vmw6 [03:25] anyone with experience with cloud ? [03:25] --libvirt= - THERE [03:27] MTecknology, you have a hook into libvirt? that should do it [03:29] ChmEarl: I guess I didn't read the man page close enough [03:31] MTecknology, keep your VM's simple until you see the scheme of things... puppy linux (liveOS) is a good one [03:34] ChmEarl: hurray - virsh -c qemu:///system list --all | but it's named ubuntu :S - i guess back to man [03:35] MTecknology, export the domxml while its running [03:52] so I came up with an idea [03:52] ChmEarl: fyi - this was REALLY nice to find - vmbuilder kvm ubuntu --help [03:53] ChmEarl: thanks for the help :) [03:53] lukehasnoname: I did too, and I'm rolling it out right now [03:53] and I don't know if it's been thought of before.. so I'll throw it out there and see if it's been 'invented' already [03:53] MTecknology, feel free to chare [03:54] lukehasnoname: get a decent desktop system for all of my dev systems and isntead of gentoo use the system for work instead of constantly building the system - put ubuntu vm's on and don't break things [03:56] New bug: #556176 in openldap (main) "slapd homedir (and some enhancements...)" [Undecided,New] https://launchpad.net/bugs/556176 [03:56] what's your idea? [03:57] There are many well known, standard configuration files on a server. dhcpd, named, db.*, upstart confs, etc. Each one of these tend to have their own syntax check mechanism of sorts, even if it is when you start the service... so there should be a standard header syntax (or filename convention) that allows vi(m) to know what file you're editing, and check syntax on the fly. Kinda like what visudo does, but instead of be [03:57] ing its own program, it would be a plugin system for vi, like a profile. [03:58] This may already exist, but if it doesn't, it's pure genius. I spent hours in the past two days tracking down DNS/DHCP issues that ended up being simple config file errors. Should have been the first place I checked, but having a parser in vi would be awesome. [03:58] you can do that [03:59] check out gentoo, they do it a lot - ubuntu does it but to the extent they do it [04:01] am I crazy, or has ubuntu really customized the postfix install? [04:01] I'm trying to follow information from several different guides and it is proving difficult [04:02] it's not really a header thing when it comes to vim but I think vim just applies specific syntax hilighting to specific files - adding a header to the files would be a bad idea - especially when it comes to other editors [04:02] crazygir: It's not radically different. [04:02] I'm also not understanding what's up with master.cf, nor why main.cf is missing from /etc/postfix [04:02] amd I missing something? [04:02] It should be there. [04:02] *am I [04:02] hrm [04:02] crazygir: crazy likely comes into play as well - I know it does for me [04:02] crazygir: sudo dpkg-reconfigure postfix is a good start. [04:03] herp-aderp: I knew vim had syntax highlighting... hm. Do you know where the info or syntax profiles are stored? [04:03] lukehasnoname: no, but you could ask in #vim - they're pretty helpful [04:03] MTecknology, nvmd [04:04] w00t! thanks ScottK !! [04:04] I occasionally ask questions before I look for the answers myself... man vim [04:04] crazygir: https://help.ubuntu.com/9.10/serverguide/C/postfix.html is a maintained set of documentation on postfix setup that's specific to Ubuntu. [04:05] lukehasnoname: sometimes it's just too easy to ask hundreds of people a question at once instead ot trying to learn it yourself by looking ;) [04:05] (assuming you're on 9.10, use the version for your release) [04:05] ScottK: what's your opinion of setting up productions systems with 10.04 at this point? [04:05] Depends on what you mean by production. [04:06] I have a 'test server' that runs all the time, but I'm the only user. [04:06] I'll upgrade that soon. [04:06] development server that shouldn't go down [04:06] If by production you mean "I have customers who rely on my service", then I wouldn't. [04:08] crazygir: The biggest configuration customization for Postfix in Debian/Ubuntu is that it's chrooted by default. [04:08] Our docs cover this, but most tutorials you find on the web don't, so it is better to stick with Ubuntu specific docs. [04:08] I was just banging my head regarding the missing files and needing to run dpkg-reconfigure [04:08] ScottK: does a chroot help security much? [04:09] MTecknology: why not? [04:09] depends on how complex maintenance is though [04:09] when officially supported like this, it is usually pretty straightforward [04:09] MTecknology: It's not a subsitute for apparmor or selinux, but it does help. [04:09] The trickiest part is getting services into the chroot and I think we have those bugs all licked. [04:11] Also, unlike rpm based systems additional run time capabilities that most people won't need are split into separate binaries (like postfix-mysql) so you don't need more installed/running than you actually need. [04:14] what is the difference between mydestinations and virtual domains? [04:22] I hate it when ssh keys don't magically work perfect [04:23] hah [04:23] always some lining up to do [04:25] crazygir: I installed a new server; mkdir .ssh; vim .ssh/authorized_keys2; (put in contents of .pub); chmod 750 .ssh; chmod 644 .ssh/*; exit; ssh 192.168.1.111 [04:25] crazygir: should work perfect just like magic, right? [04:31] I also jsut tried with ssh-copy-id [04:31] it will copy the key - but still no ssh login.... [04:34] oh... problem with ecryptfs [04:35] ScottK: how do I stop using ecryptfs for a home directory? [04:35] I do it differently, so I can't comment [04:36] check your system's manpages for ssh too, not sure about the auth_keys2 [04:36] also.. use -vvv for debugging [04:38] definteily an issue with ecryptfs [04:41] i give - time to reinstall the server and do so without ecryptfs [04:41] I don't think it's meant for servers anymore [04:44] do I need to specify configuration options such as: virtual_mailbox_base, if all I'm doing is then forwarding the emails to another domain? [04:52] virt-viewer is connected to the vnc server but all I get is a blinking cursor.. GAH! [04:54] closer anyway - sleep time [05:48] anyone knows why sound only works for root after installing alsa on lucid? [05:48] (I'm using an onboard Intel HDA card) === swift__ is now known as swift [08:15] I don't suppose anybody still cares, but Hardy's m-a borks, at least on netfilter-extensions-source, because of an implicit dependency on dpatch. [08:21] http://paste.ubuntu.com/409897/ [08:25] twb: Probably not. That version isn't supported anymore, iirc. [08:26] April 2008 plus five years makes it supported until April 2013. [08:26] twb: we do care and yes it's still supported. [08:26] (Except for all the packages in LTS that aren't considered "server" packages, sigh.) [08:26] what's m-a ? [08:26] ttx: module-assistant. [08:26] ttx: the thing before DKMS [08:26] ack [08:28] twb: how is the error in your log related to dpatch ? [08:30] ttx: that was a different error :-) [08:31] ah :) [09:11] New bug: #556285 in samba (main) "cannot change password of AD user when using pam_winbind" [Undecided,New] https://launchpad.net/bugs/556285 [09:13] <_ruben> anyone have any clue as to what could the cause of messages like this: sudo: pam_unix(sudo:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root [09:14] failed sudo commands [09:14] <_ruben> but it doesnt mention which user supposedly caused it [09:15] have a root through your logfiles :) [09:16] auth.log, I think [09:16] Hmmm [09:17] _ruben: It seems the user trying to sudo is root [09:18] <_ruben> why would root fail to sudo as root? [09:18] i've not the foggiest. [09:19] <_ruben> and i'd expect logname=root in that case [09:20] <_ruben> hrm .. the very first entry does show logname=root and its on a tty, now i know who to ask/slap [10:11] New bug: #556312 in libvirt (main) "libvirt packages should not Recommend hypervisor packages" [Undecided,New] https://launchpad.net/bugs/556312 [10:16] New bug: #556315 in libvirt (main) "problem with operations on qemu/kvm guest" [Undecided,New] https://launchpad.net/bugs/556315 [10:46] New bug: #556332 in bind9 (main) "leftover /etc/init.d/bind9.dpkg-dist on 9.10 -> 10.04" [Undecided,New] https://launchpad.net/bugs/556332 [10:56] New bug: #556342 in samba (main) "winbind pam profile doesn't get installed or removed when package is installed/removed" [Medium,In progress] https://launchpad.net/bugs/556342 [10:56] New bug: #556343 in bind9 (main) "upgrade error on 8.04 -> 10.04 " [High,New] https://launchpad.net/bugs/556343 === swift_ is now known as swift [12:00] newbie question, how on earth do you get into the grub menu now, it goes past so fast and there is no hit esc to get the menu [12:03] try searching on how to edit grub config to add a 30 second pause [12:04] its a bit late for that, [12:04] how so [12:04] i think the file wouls be in /boot [12:05] i goofed my bonding and well, the system is grindly slow has it times out trying to get the DNS entry for ldap servers [12:05] oh thank god i set a root password [12:06] why are you so thankeful about that [12:06] because i can get into the system [12:06] whats the diffrence [12:06] u cant get into the system with other usernames? [12:07] set up ldap auth, break the network config [12:07] then try logging in using a local user === swift__ is now known as swift === dendrobates is now known as dendro-afk [12:54] ttx: ping i backported mod-reqtimeout for lucid, its suppose to help against slowloris, do I need a FFE for it? [12:54] zul: is is a new source package ? [12:54] ttx: nope its a patch [12:55] slowloris as in Solaris? [12:55] twb: no slowloris as in apache dos hack [12:55] Oh. [12:55] zul: does it add new config directives ? [12:55] i got all these rootkits i dont think im ever going to use beta software again [12:56] ttx: yeah i backported it from 2.2.16 and enabled it [12:56] is it disabled by default ? [12:56] im considering going back too ubuntu 8.0.4 [12:56] nope enabled by default [12:56] I don't run fancy-pants httpds, because dynamic content is new-fangled rubbish :-) [12:56] zul: definitely FFe-worthy, I wonder if it should not be disblaed by default to ease the acceptation of it [12:56] incorrect: hold shift while booting to enter the grub2 menu [12:57] ttx: ack [12:57] zul: having someone from security comment on its desirability would definitely help [12:57] jasonmchristos: if you're really concerned about security, you might want to look at OpenBSD. [12:57] ttx: sure [12:58] jasonmchristos: rootkits? what rootkits? [12:58] thats what they said about linux when i was on microsoft then another room told me solaris is unhackable [12:58] rootkits are basically backdoors [12:58] * ttx chuckles [12:58] back orafices [12:59] I think mdeslaur's point is that you don't get a rootkit unless you're already compromised some other way. [12:59] jasonmchristos: we know what rootkits are. What rootkits doid you get "running beta software" ? [12:59] jasonmchristos: I know what a rootkit is. Please tell me what rootkit you have. [12:59] one scanner says SUCKIT the othr says Zxibit [13:00] jasonmchristos: see also #ubuntu-hardened [13:00] thanks [13:00] this was on the lucid beta [13:00] im still going to scan my server [13:00] jasonmchristos: those are probably false alerts in the scanning software you used. Could you tell me which scanners you used so I can fix the false alerts? [13:01] rkhunter and chkrootkit [13:01] by default lucid had some open port [13:01] i guess thats where the rootkit got in [13:01] <\sh> jasonmchristos, lucid beta has no rootkits by default...if you have at least one, you got it before...or the scanner is wrong [13:01] in the 6xxxx range [13:01] jasonmchristos: what open port? [13:02] jasonmchristos: did you use the rkhunter and chkrootkit packages, or did you download them? [13:02] packages [13:02] from repo [13:03] well as soon as i installed lucid it had a listening port [13:03] i installed it on a blank drive [13:03] jasonmchristos: did you install using the *server* install CD? [13:04] i dont mean to bother you guys but im actually talking about a dsktop my server is karmic going to scan and make sre it didnt creap its way over there [13:04] jasonmchristos: that's an important datum you should've mentioned up-front. [13:04] <\sh> jasonmchristos, when you tell us something about a rootkit, an open port, and "it got through this open port" we are very interested...because this would be a serious security issue...which needs to be addressed... [13:04] jasonmchristos: did nmap or netstat/ss report what process was listening on that port? [13:05] i know but i figured server is the same except with the desktop package installedd [13:05] thats what i did not know how to check [13:05] i also have a packet sniffer installed on wlan0 [13:07] jasonmchristos: is the port open right now? [13:07] let me try an check [13:07] why u want to login? [13:07] lol [13:07] * \sh just remembered the story "The Boy Who Cried Wolf" [13:08] jasonmchristos: no, so that we can (dis)prove your assertions [13:08] no im serious im not cring wolf [13:08] what u think rkhunter and chkrootkit r lying? [13:09] jasonmchristos: rkhunter detecting Xzibit is a false alert, I can reproduce it and will fix it [13:09] jasonmchristos: I think it's likely you're analysis is faulty. [13:09] <\sh> jasonmchristos, yes... [13:09] dont matter im going to do a fresh install karmic never produced these [13:09] someone go ahead and rn backtrack at my ip [13:10] jasonmchristos: we can't fix an issue if we can't reproduce it. [13:10] jasonmchristos: do as you wish [13:10] well what do you want me to do [13:10] u want my rkhunter and chkrootkit logs? [13:10] jasonmchristos: I just told you rkhunter is broken, it's detecting a rootkit in lucid for everyone. I'll get it fixed. [13:11] jasonmchristos: what I want you to do is answer my questions. [13:11] im looking at my netstat and there are so many ports open now i cant remember which was open after a fresh install [13:11] trying to answer you [13:12] what about the packet sniffer on wla0? [13:12] jasonmchristos: what about it? [13:12] that also a flse alarm? [13:12] !smart questions [13:12] Stupid bot [13:13] go go gadget bot [13:13] lol [13:13] !gq [13:13] Are you sure your question allows us to help you? Please read http://www.sabi.co.uk/Notes/linuxHelpAsk.html to understand how to ask a 'better' question. [13:13] jasonmchristos: please post your rkhunter and chkrootkit logs [13:13] jasonmchristos: or, alternatively, you can send them to security@ubuntu.com and I'll look at them [13:14] ok hold on just for you guys ill let u tinker for a bit but after this if you can help explain or direct me too a tut on how to inject the crypto disk key for my home directory to a fresh install those were my plans [13:14] jasonmchristos: while you're at it, the output of "sudo ss -nap" [13:15] ok im on it [13:17] where is the chkrootkit logs? [13:17] i already attached the rkhunter [13:17] ill just run it again and cut n paste [13:18] smoser, hggdh; ping me when around [13:19] funn all of this sudden it isnt detecting the SuckIT rootkit [13:20] jasonmchristos: btw, you might want to filter 8080 on the internet side unless you actually want people banging against it. [13:20] it poen? [13:20] open? [13:21] jasonmchristos: it's open at the TCP level, meaning that squid has to 401 instead of ICMP rejecting it cheaply in the kernel. [13:21] Normally I'd tell internal services to only bind to internal interfaces, but I don't know offhand how to tell squid that. [13:22] (That and a default-deny netfilter.) [13:23] twb: thats my remote manegment on my router [13:23] i figured thats better to leave open than an SSH port [13:23] but then i can always use 8080 to open my ssh port when i need it [13:25] whatever port that was it was upnp capable but its not up anymore because i dont see any upnp ports open but right after a fresh install it was in the 6xxxx range [13:25] suckit must have self destructed but rkhunter still detects zxibit [13:25] have the email ready [13:25] Isn't upnp one of those gaping-hole "features"/ [13:26] lol [13:26] i think im going to disable it [13:26] jasonmchristos: rkhunter is broken [13:26] http://en.wikipedia.org/wiki/Upnp#Lack_of_Default_Authentication [13:26] ok who wants this email with all the outputs [13:26] !pastebin [13:27] For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [13:27] its had to get voip like ekiga to work without upnp because it uses rando mports [13:28] My job is to make the network safe, not useful [13:30] http://paste.ubuntu.com/410006/ [13:30] lol good point twb [13:30] do you work for ubuntu or another company? [13:31] ubuntu isn't a company :) [13:31] canonical is, though [13:31] <\sh> twb, this would make a nice quote ;) "twbs job is to make the network safe, not useful" ;) [13:31] I work for cybersource.com.au [13:32] FSVO work = drink their coffee and use their link. [13:32] jasonmchristos: the only thing listening on a high port there is skype, which is not part of Ubuntu. [13:33] yeah it sems to have dissapeard [13:33] jasonmchristos: well, get back to us when you can reproduce the issue [13:33] the xzibit thing is there [13:34] We've already covered that [13:34] if u think its a false alarm u want to fix [13:34] thought u guys ant to fix it [13:34] jasonmchristos: I've opened bug 556455 for the false alarm, and I'll fix it today [13:34] Launchpad bug 556455 in rkhunter "rkhunter incorrectly detects Xzibit Rootkit in Lucid" [Undecided,New] https://launchpad.net/bugs/556455 [13:34] jasonmchristos: bugs that can't be reproduced can't be isolated, and thus can't be fixed. [13:35] hey folks, can anyone help with a permissions issue please? I've need to give a group rw access to a mounted network share. I've tried everything that seems relevant on https://help.ubuntu.com/community/MountWindowsSharesPermanently, but can only manage to write with the root user. The other user in the group cannot write. [13:36] psyferre: is the network share CIFS, NFSv3, NFSv4, or something else? [13:36] looks like samba [13:36] twb: I tried cifs and smbfs [13:36] Sorry, I didn't read [13:36] The machine on the other end is a netapp storevault [13:36] psyferre: smbfs is obsolete; you should only need to try cifs. [13:38] yeah but i think you need to edit the fstab [13:38] twb: okay, thanks. My current fstab has: //nas01/shares/ /network/nas01/shares cifs rw,_netdev,username=DOMAIN/user,password=password,dir_mode=775,gid=1001 0 0... does that seem right? [13:38] -ogid is how I'd do it with NTFS; and that wiki article seems to indicate the process is the same for CIFS. [13:39] psyferre: do you really have a user on the NAS called "DOMAIN\user"? [13:39] twb, well, no... I edited out the real domain and user name for security purposes [13:39] If I can do something useful by knowing your domain and username, you have BIG problems. [13:40] twb: heh, true enough. :) I'd prefer to be on the safe side though :) [13:40] Does "getent group 1001" return the correct group? [13:40] yes [13:40] i think you need to add the ,user optiojn [13:40] Is it a primary or secondary group? [13:41] secondary [13:41] Has the test user logged out and back in since you added them to that secondary group? [13:41] jasonmchristos: just tried adding ,user and there's no change [13:42] psyferre: i wrote a howto for nfs http://blog.jasonmchristos.info/search?q=nfs but i had to make it readable by something other than root so try this [13:42] just change it to cifs or whatever [13:42] twb: hmm... i've been logged in as root and then used su to switch to my other user [13:42] psyferre: do you have the other user's password? If so, best to test by switching to a getty and doing a full login. [13:42] psyferre: otherwise, at least try with "su - fred" instead of "su fred" [13:43] Is indentation important in /etc/network/interfaces ? [13:43] whatever i did in the howto made my nfs mountable bu users without sudo [13:43] MTecknology: no. [13:43] thanks, jasonmchristos, I'll check that out [13:44] twb: thanks- I musta screwed up somewhere else - I hate not being able to fix my own server because I screwed up :( [13:44] MTecknology: pastebin it [13:44] twb: hmm... thanks. I didn't know there was a difference between the two [13:44] twb: i just opened a new putty session and logged in with the second user directly, same deal [13:44] psyferre: did the mount operation give an error? [13:44] twb: no [13:44] psyferre: does dmesg contain anything suspicious? [13:45] twb: to the best of my memory - I can't touch the system until somebody fixes it for me - http://dpaste.com/179992/ [13:45] And to confirm: root can still read and write files in the share? [13:46] psyferre: after adding the user u have to reboot i think [13:46] because the fstab needs to be reloaded [13:46] mdeslaur: hey would you have some time to review a apache backport patch for me later today? [13:47] twb: Nothing seems suspicious in dmesg, root can still read and write [13:47] jasonmchristos: mount -a doesn't do that? [13:47] psyferre: pastebin the output of "ls -la" on the mountpoint. [13:47] zul: sure [13:47] mdeslaur: nifty thanks [13:48] twb: http://pastebin.com/wwgQbDhJ [13:50] psyferre: i think you just need to add the use option to fstab and reboot so it reloads fstab [13:50] That's the mountpoint's parent [13:50] *user [13:50] but tom:root looks pretty suspicious. [13:50] I'd expect it to be tom:my_cifs_group or whatever [13:50] then users other than root will be able to mount the share [13:50] twb: yeah, i agree. [13:51] psyferre: did you unmount and re-mount after editing fstab? [13:51] jasonmchristos: unfortunately, a reboot isn't a good option at the moment... one of these machines is a production database [13:51] mount -a won't notice changes to mount options in fstab [13:51] twb: AH. That's it then. [13:51] ok well i think fstab just hasnt reloaded with the , user option [13:51] * psyferre puts his head in his hands and cries softly [13:52] ttx, here [13:52] i dont know exactly how to reload fstab without a reboot [13:52] jasonmchristos: edit it, then remount the drive [13:52] twb, mount -a is made to re-read fstab [13:52] Ah [13:53] twb, mount -a causes all file systems mentioned in fstab (of the proper type and/or having or not having the proper options) to be mounted as indicated, except for those whose line contains the noauto keyword [13:53] twb: one moment, gotta remember how to unmount..... [13:53] bogeyd6: so unmounting is not necessary in this case? [13:53] umount [13:54] that's what I thought... just umount and then the share name? [13:54] i came in halfway [13:54] ill let the other finish [13:54] bogeyd6: erm, even if they're ALREADY mounted? You're suggesting mount -a will result in a mount -oremount on my root filesystem? [13:55] smoser: looking at http://iso.qa.ubuntu.com/qatracker/test/3880, we only have the "instance run" test. I asked hggdh to add a cloud-config test, ISTR you have something for that... is there a testcase written somewhere in the testcases wiki ? [13:55] jasonmchristos: I've just uploaded a fixed rkhunter to the archive that doesn't falsely detect the rootkit anymore [13:55] jasonmchristos: in a couple of hours it should be available [13:56] cool, mdeslaur how were you sure that it was false? [13:56] smoser: could you sync with hggdh so that a test covering that is available for cloud images in general (UEC+EC2) ? [13:56] twb, im saying if you edit fstab and then mount -a it will mount the filesystem with the new options [13:56] psyferre: is it working now? [13:56] mdeslaur: will this update be available to replaice the main rkhunter package? [13:57] smoser: Also there isn't any EC2 candidate right now, so I can't see if the "single instance" test was removed (we should have "multiple instances" and "cloud-config") [13:57] jasonmchristos: because I looked at the check it was performing, and it wasn't right for lucid [13:57] jasonmchristos: yes, it will replace the one that is there [13:57] bogeyd6: you're wrong, at least on Sid. [13:57] do i get karma points for this ? [13:57] ttx, http://bazaar.launchpad.net/%7Esmoser/%2Bjunk/ec2-test/files/head%3A/user-data/ is what i have for cloud config. I put together 3 different cloud config files that excercise a fair amount of the function. (ud-* there) [13:58] ttx, well, lets make an ec2 candidate then [13:58] jasonmchristos: you get a warm fuzzy feeling of having saved some other schmuck from shaving the same yak [13:58] lol [13:58] twb, bogeyd6: I get unmount error 16 = Device or resource busy when trying to umount... do i need to stop cifs or something? [13:58] i'll start writing a test case for the user data [13:59] psyferre: ask lsof what is using that filesystem [13:59] psyferre: if you're an incurable cd-er, it's probably your shell [13:59] There's mount -f and mount -l, but those are plan B. [13:59] ttx, should i just edit http://testcases.qa.ubuntu.com/System/EC2CloudImages ? [14:00] smoser: sounds good [14:00] twb: root@prometheus02:/# lsof /network/nas01/shares lsof: WARNING: can't stat() cifs file system /network/nas01/shares Output information may be incomplete. [14:00] psyferre: ugh [14:00] if there is some duplication of info between the EC2 and the UEC tests, maybe play some include game to avoid copying [14:01] SmokeyD: ^ [14:01] smoser: ^ [14:01] arh :) [14:01] psyferre: if this host isn't important, just bounce it. It's not worth isolating. [14:01] twb: What do you mean by incurable cd-er? [14:01] im going to start banging a hammer on my kitchen cabinets [14:01] As in, you cd into whatever dir you're going to use instead of using your shell's tab completion [14:02] smoser: also on this page the "multiple instance" and "single instance" tests should be collapsed into a single test with clear instructions on what should be tested. [14:04] twb: hmm... i use tab completion anytime I know exactly where I'm headed. So, cd-ing through a directory tree is not just inefficient but somehow generates open handles? [14:08] twb: i was able to reboot this host and now my secondary user doesn't have read OR write permission [14:10] twb: did you see anything wrong with that pastebin? [14:14] MTecknology: didn't look [14:14] MTecknology: I assume you create the bridge elsewhere? [14:15] ttx, so you're wanting one page that lists tests of UEC images, and one that lists test of EC2 images ? [14:15] MTecknology: how does it know whether eth0's gateway or br0's gateway should be the default? [14:16] psyferre: what does ls -la say about the mountpoint? [14:16] smoser: not really. If some tests are applicable to both, then one is sufficient [14:16] smoser: if only part of the test applied, then include could help [14:16] hi [14:16] oh, ttx [14:16] mail [14:17] reply [14:17] New bug: #556487 in libvirt (main) "virConnectOpen chooses qemu:///session before qemu:///system" [Undecided,New] https://launchpad.net/bugs/556487 [14:17] ttx, yeah. so, for ec2, most of the test running is automated. [14:17] now [14:17] :) [14:17] i'm not sure if that works or not for euca [14:17] twb: bridge_ports eth0 [14:17] twb: http://pastebin.com/4yxs7uPT [14:17] twb: I just noticed that I should have iface eth0 inet dhcp -> iface eth0 inet manual [14:18] smoser: I'll fire up an UEC install now for the current ISo testing, so if you have anything I should play with, let me know [14:18] mdeslaur: when you get a chance http://people.canonical.com/~chucks/apache2-mod-reqtimeout.debdiff [14:21] ivoks: and you're sure now ? [14:21] ttx: yes :) [14:21] heh [14:22] zul: wow! you backported half the new version? :) [14:22] !!!! [14:22] cluster stack has been accepted in debian [14:22] now we can just sync. [14:22] mdeslaur: heh....crap... [14:22] zul: url in 206-fix-potential-memory-leaks.dpatch doesn't work [14:23] Hi, looking for suggestions to centralise /home. Using autofs but hangs are too frequent [14:24] whatever happened to the ubuntu directory server? [14:25] abssorb: I use NFS for that [14:26] incorrect: there has been something like that? [14:26] abssorb: export /home from the server, and import it on your clients. [14:27] cloakable: autofs uses NFS [14:27] kklimonda|G1, there was [14:28] abssorb: use nfs directly, cut out autofs [14:29] twb: I chowned root:zrmgroup until the path to the share looked correct http://pastebin.com/AxDMSYqS [14:29] psyferre: er, yeah... good luck with that. [14:29] cloakable: Interesting. But how do two users mount their own /home/username with their own permissions? [14:29] psyferre: those modes look pretty dodgy. [14:30] psyferre: if you umount and mount, does it all reset back to the broken state? [14:30] twb: I agree... looks like from the mount on everything went off. I can still only read and write as root, and secondary user can't even read [14:31] abssorb: /home is mounted from the server, so all home directories are available, and if you keep UID/GID constant between desktop/server, the permissions will be correct too. [14:32] twb: still can't umount... says the device is busy [14:32] abssorb: I'm just careful about adding users, myself :) [14:32] cloakable: Yes, add UID and GID match. In my experiments with plain NFS, the user mounting the volume sets the UID and the GID. So user-switching is compromised. [14:33] twb: I've just have to keep rebooting. [14:33] abssorb: if you set it in fstab, /home is mounted during bootup, and stays mounted. [14:34] abssorb: so home directory stays belonging to that user, and home directoy stays belonging to [14:35] abssorb: it's as if the partition is local, rather than on the central server. [14:35] ivoks, heya!! [14:36] RoAkSoAx: hi [14:36] ivoks, how is it going?? Where you able to review the packages I prepare? [14:36] ivoks: congrats [14:37] cloakable: Ah I see, you mean instead of mount /home, I mount /home/user1 and /home/user2. That would mean re-writing the new users creation tools on the server. OK I suppose. Before I do that, what advantage does NFS give me over Autofs, in terms of surviving hangs? [14:40] abssorb: no, put "server:/home /home nfs auto 0 0" into your fstab. And advantages? If the server goes down, it'll hang untill the server comes back up, then it'll resume working again. [14:41] zul: what about this: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/allmodules.xml?r1=917211&r2=917210&pathrev=917211 [14:41] mdeslaur: it didnt apply [14:42] abssorb: If you mount the nfs export as if it's a partition, it'll act like one. permissions and all. No user will need to mount their /home directory, because /home itself is mounted on bootup. [14:42] zul: how could it not apply... [14:42] mdeslaur: dunno it didnt [14:43] cloakable: I've tried that, it only works properly for a single user per client. [14:44] abssorb: I've never had problems with it. Are you using autofs+nfs or pure nfs? [14:44] abssorb: because when I mount from my server, all the permissions are correct. [14:44] Both [14:44] zul: the rest looks great [14:45] cloakable: They would be for the first user to log in. [14:45] mdeslaur: nifty thanks [14:45] drwxr-xr-x 63 cloakable cloakable 16384 2010-04-06 14:06 cloakable [14:45] drwxr-xr-x 3 rune rune 88 2010-03-27 18:34 rune [14:45] that's on NFS [14:46] cloakable: OK thanks, There must be another reason why it didn;t work on our setu [14:46] abssorb: yeah. Not sure about that. [14:50] cloakable: Re the advantage, about recovering when a server comes back up, autofs relies on nfs to achieve this, but it's not working. Will removing the use of autofs somehow influence this? Because that would be the only reason to stop using it (it works perfectly otherwise). [14:50] zul, may I ask what are the congrats to ivoks for? :) [14:51] RoAkSoAx: get the cluster stuff in debian, congrats to you too [14:51] zul, hehe I did little this time but thanks :) [14:52] abssorb: I'm not sure, I don't use autofs myself, it always seemed inelegant to me :) [14:56] cloakable: I does look inelegant :) But is actually an elegant way of solving some permission problems. I looked over my notes, when I tried last, a direct export of /home over plain NFS resulted in problems for users whose primary group was one other than the default. This gave problems with users getting ".dmrc wrong permissions" errors. [14:57] abssorb: Aha. I generally run a standard network :) [14:58] cloakable: You've given me lots of useful things to think about. Thanks! [15:06] ivoks, whenever you have time please review the cluster packages at ppa:andreserl/ha, to be able to copy them to the ubuntu-ha ppa and then request the sync to get them into lucid asap. I'll be off for a while, so just let me know. Thanks :) [15:07] RoAkSoAx: don't copy those [15:07] RoAkSoAx: there are some changes needed [15:07] RoAkSoAx: we'll sync from debian [15:08] zul, smoser, kirkland: I'll need each of you to cover part of the ISO tests, mathiaz won't have much time for it this time around. Expect a new server beta2 candidate in the next hours [15:08] ttx, should we call the ec2 images candidates ? [15:08] or do we need to respin? [15:09] I'd wait for the Server ISo respin, to be sure to catch the latest boot process [15:09] ttx: sure no problem [15:10] ttx: I am here, you pinged me? [15:11] hggdh: yes about the ISo testcases [15:11] hggdh: the UEC topologies look alright [15:11] New bug: #556528 in euca2ools (main) "euca2ools config file overrides environment" [Undecided,New] https://launchpad.net/bugs/556528 [15:11] hggdh: please sync with smoser about the cloud images testcases [15:12] ttx: will do [15:12] hggdh: we need "multiple instance run" and "user-data test" for EC2 cloud images, and "instance run" and "user-data test" for UEC images [15:12] hggdh: he is working on the contents [15:12] ivoks, those packages are the same as the debian-ha hg repo, including latest commits for cluster-glue (your perl changes and --disable-fatal-warnings) so in essence they are the same packages [15:13] ttx: will they be mandatory, or optional? [15:13] mandatory [15:14] roj [15:14] RoAkSoAx: ok then, i'll recheck [15:14] RoAkSoAx: i've looked at those yesterday [15:15] I'm experiencing very high loads on ubuntu-server with KVM since the latest kernel update. Any pointers as to where to search for the cause? kern.log contains "task xxxx blocked for more than 120 seconds" and a trace. Virtual machines crash randomly. The trace contains stuff with 'ext4' in it. [15:15] I'm seeing this on 3 servers now, after the update. [15:16] Oh, and libvirt is frozen. I can't give any virsh commands anymore [15:17] No destroying/rebooting the crashed servers possible. I don't like restarting libvirt, and I certainly don't like restarting the servers. They are headless and I'm certain the root device will not be found anymore. [15:19] ivoks, ok :) anyways...the only change I dont think I have in pacemaker is the commit that was done 2 hours ago, but it's easily mergeable. cluster-glue already include the changes of the commit done an hour ago. and as I said, heartbeat and cluster-agents are 7 days old in the hg repo, which are the same I already have packaged [15:19] great [15:19] Part of the logs (scroll for stack stuff): http://paste.ubuntu.com/410068/ [15:23] ttx: sure thing, i usually do a few rounds myself [15:23] ttx: i'll cover the UEC and raid ones [15:25] Whoah. I lost connection to the virtual host and all its guests... I did nothing. Server dead. [15:28] Bye, bye server :-( I'll have to drive there now [15:29] Meanwhile, two other servers are slowly crashing and I found the closest bug: bug 522014 [15:29] Launchpad bug 522014 in linux "kernel bug 2.6.31-17-server with hung_task_timeout_secs " [Undecided,New] https://launchpad.net/bugs/522014 [15:36] It could also be bug 276476 [15:37] Launchpad bug 276476 in linux "INFO: task blocked for more than 120 seconds causes system freeze" [Medium,Fix released] https://launchpad.net/bugs/276476 [15:38] ill take the hardy->lucid upgrade tests [15:38] alvin: this is server 9.10 64 bit or ? [15:39] alvin: when you say lost connection to "virtual host and all its guests" - what is the host? Surely not a VM itself? [15:40] sherr: No, the hosts are Ubuntu 9.10, amd64 (all of them). The guests are ubuntu Jaunty, Karmic and Windows. With lost connection, I mean: I have no longer access to the guests (ssh, or their services) and ssh to the host. [15:41] I can no longer ping the host either [15:42] Two other hosts here show the same: if there is heavy I/O (cp a kvm image for example), the kernel logs starts to show errors, the copy goes slow (5MB/sec) and the load goes insane. After a while things calm down and the copy speeds up again. [15:43] All machines run lvm+ext4. 2 of them have mdadm raid [15:43] the other one has hardware raid, but all show these hung_task_timeout_secs errors (for kvm, kjournald, pdflush) [15:44] alvin: hmm. The log you pasted almost looks like a bad disk or cable (ATA) ... not sure. [15:44] Ah, that was before that machine went down. I checked the RAID (mdadm status). everything was perfectly ok [15:45] I have left off ext4 until "now" (well, from now), waiting for everything to get shaken out. Especially for things like KVM etc. Who knows? [15:45] And since two other machines show the same errors, we can safely assume they are related. All those machines where rebooted this weekend, so they got the latest kernel. [15:45] It has worked well for months. Karmic has proven to be unreliable to boot, but not on the ext4 part. [15:46] Well, good luck. I hope to retry KVM sometime in the future. So far, it's not worked so well for me (performance). [15:46] Now, I don't know if ext4 is the cause. Looks more like an io_scheduling problem. [15:46] Actually, I tested performance here and it was slightly better than the same machine on VMWare (only marginally) [15:46] This is the thing with Linux/Ubuntu ... always upgrade cycle and shaking out new things (new bugs)! [15:48] Well, you can't expect users to test your sofware. That's the problem. [15:52] kirkland: if you cover the UEC, please run them manually from ISO... I want us to catch any error in the messages as well (like "bad defaults proposed") [15:53] I'll try to cover them anyway, but two looks can't hurt [15:53] (just did a "topology 1" test on amd64, works like a charm, fwiw) [16:02] has anyone tried using vmbuilder without kvm-enabled hardware? [16:02] shouldn't that work and just use qemu? [16:08] When trying to network boot, I get the following error message: Gave up waiting for root device. Common problems: ... This happens after the DHCP request is answered and the tftp sends the kernel image. I'm having trouble with the nfs. [16:08] Any suggestions? [16:08] nfs before network? [16:08] nfs before portmap? [16:08] ivok: no [16:09] ivoks: I never tried using it. [16:09] using what? [16:09] ivoks: I never tried using nfs before this. [16:10] eh, your first NFS experience is with root on NFS? [16:10] try with something easier :) [16:10] s/try/start/ [16:14] ivoks: Do you mean /etc/init.d/nfs-kernel-server start? I ran that command, and nmap shows that nfs is up and running on port 2049 and rcpbind on port 111. [16:15] and nfs-common? [16:15] ivoks: I installed it. [16:16] is there a guide you are following for seting up root on nfs? [16:16] and which version of ubuntu are you using [16:16] ? [16:16] jarray52: you should be asking rpcinfo before nmap [16:17] ivoks: it's not really done anymore. [16:17] The nearest real-world cases I can think of are LTSP5 and puppet/cfengine. [16:18] ivoks: ubuntu 9.04 and i'm following this guide https://wiki.edubuntu.org/EasyUbuntuClustering/UbuntuKerrighedClusterGuide [16:20] so, you appended this to the kernel: [16:20] root=/dev/nfs nfsroot=server_ip:/path [16:20] ? [16:20] jarray52: I don't want to confuse you, but I have seen that message a lot of times on non-NFS root servers. I then just keep rebooting until the root drive is found. It's a known bug. [16:20] You'd also need boot=nfs, IIRC [16:21] The relevant code is in the ramdisk, which is built from /usr/share/initramfs-tools/ and /etc/initramfs-tools/ [16:21] alvin: or run mount -a ; exit [16:21] alvin: Must have rebooted 20+ times. Also, try setting a rootdelay... saw a post about it. [16:21] in 9.04 there is a bug where network is up *after* nfs services are started [16:21] ivoks is right. If you wait a bit and then run mount -a, you can resume [16:21] alvin: that's not a fix, that's a workaround for not understanding your symptoms [16:21] meaning that you can't mount NFS share [16:21] That bug is still in 9.10 [16:21] sorry, not 9.04, but 9.10 [16:22] it's only in 9.10 [16:22] twb: Nobody said it's a fix, but the real bug is not located yet as far as I know [16:22] You'll get the same symptoms if the root filesystem can't be mounted at all. [16:22] alvin: it's located [16:22] alvin: and fixed in 10.04 [16:22] Those are different problems. The NFS one is mountall, the not finding a root device is unknown unless I am mistaken [16:22] ivoks: that's the kind of bug that keeps me on LTS [16:23] twb: yeah, that bug didn't exist a month before release of 9.10 :) [16:23] ivoks: but it existed before. I don't remember how long though. [16:23] karmic does feel very 'beta' [16:24] backporting the fix from 10.04 to 9.10 requires knowledge of upstart code :D [16:24] And with the current system freezes I'm experiencing, my feeling about it doesn't get better. [16:24] anyway, i'm sorry, but i have to leave now [16:24] ivoks: doesn't it require knowledge of the upstart service language, not upstart itself? [16:25] And amounting to Required-Start: $network [16:25] twb: upstart in 9.10 didn't have some features that has in 10.04 [16:25] Ugh [16:25] twb: lack of those features resulted in that bug [16:25] that and couple of others [16:25] most of them are fixed [16:25] upstart feels like such a NIH failure [16:25] but this one doesn't look easy without backporting huge part of upstart [16:26] it isn't [16:26] it's great tool [16:26] ivoks: When you're asking about root=/dev/nfs nfsroot=server_ip:/path, do you mean in /var/lib/tftpboot/pxelinux.cfg/default? [16:26] Still, that version of upstart should have been left out in Karmic. [16:26] but it's such a important part of the system that any small error results in big problems [16:26] Especially when you compare it to the simplicity of cinit or the non-invasiveness of insserv make-style booting. [16:27] jarray52: yes [16:27] don't forget, upstart isn't only 'booting' [16:28] anyway, take care... realy have to go now [16:28] Meaning that it restarts services when they die (like every post-sysv init), or meaning that it puts grubby fingers into areas that it doesn't belong (like NetworkManager)? [16:29] ivoks: Thanks for your help. [16:32] twb and alvin: I will need to do a lot of googling to follow that conversation. Do both of you believe that my problem is due to a bug? My experience has been that Ubuntu 9.10 was very buggy. Tons of crashes and random behavior. So, I rolled back to Ubuntu 9.04. For the most part, I was happy with it. [16:32] slapd seems very broken in 9.10 [16:33] incorrect: That is because it was split up and undocumented (as far as I know. I wanted to try it, but didn't know where to start) [16:33] jarray52: it wouldn't surprise me if it's a bug, but I haven't seen enough evidence to conclusively demonstrate that it's not a simple fuckup on your part [16:33] jarray52: I think it's a bug, yes. Let me see if I can point you to the right reports [16:33] alvin, apt-get install slapd? [16:33] twb: I would bet it's a simple fuckup on my part. [16:34] (Damn: those are on my virtual mailserver, but the karmic host crashed due to an io_scheduler bug...) [16:35] jarray52: Given my lack of experience, that is very likely. However, I did follow the instructions in https://wiki.edubuntu.org/EasyUbuntuClustering/UbuntuKerrighedClusterGuide pretty closely. [16:35] twm: Given my lack of experience, that is very likely. However, I did follow the instructions in https://wiki.edubuntu.org/EasyUbuntuClustering/UbuntuKerrighedClusterGuide pretty closely. [16:35] Just because it's on a wiki doesn't mean it's true [16:35] here: bug 504224 for the NFS mounts, and bug 470776. Also, bug 384347 [16:35] twb: totally agreed. [16:35] twm wouldn't be caught dead here. [16:35] Launchpad bug 504224 in mountall "NFS mounts at boot time prevent boot or print spurious errors" [Medium,Fix released] https://launchpad.net/bugs/504224 [16:35] Launchpad bug 470776 in mountall "retry remote devices when parent is ready after SIGUSR1" [Medium,Fix released] https://launchpad.net/bugs/470776 [16:35] Launchpad bug 384347 in util-linux "_netdev not working" [Undecided,Confirmed] https://launchpad.net/bugs/384347 [16:36] twb: sorry [16:36] twb: Given my lack of experience, that is very likely. However, I did follow the instructions in https://wiki.edubuntu.org/EasyUbuntuClustering/UbuntuKerrighedClusterGuide pretty closely. [16:36] that's better. [16:36] It could be totally unrelated too [16:37] better question, what trouble shooting steps can I take [16:37] ? [16:39] jarray52: I wouldn't know. If it IS a bug (or multiple ones) I'd suggest trying with an older version or another distribution as client. There are no good workarounds that you can try. [16:41] wow slapd is more broken in karmic than i thought, i am just lucky i ported my db over from jaunty [16:41] i wonder, is slapd broken in 10.4 [16:41] incorrect: please open a bug in launchpad then [16:43] zul, i've found that there are others ranting about it on launchpad [16:44] twb: Do you have any suggestions? [16:45] given that lucid is released at the end of the month, i wonder if i should upgrade my firewall to it, my firewall being a toy === kklimonda|G1 is now known as kklimonda [16:51] twb: Thanks for the rpcinfo pointer. That is useful. 3 versions of nfs are up and running. However, I think my problem is different. When running ifconfig on the node, i noticed that it lost its network connection. It doesn't seem to have maintained the ipaddress given to it by the dhcp server. [16:51] incorrect: I haven't tested it yet, but it is reported that Lucid has less critical bugs than karmic, so I'll upgrade everything I can find. [16:54] alvin, i've found a posting on how to get slapd working in karmic, but my god its painful [16:54] incorrect: I have decided to wait learning ldap until someone reports he can do it without the pain. [16:55] alvin, kvm + jaunty [16:55] incorrect: Have you tried upgrading after that? [16:55] alvin, i upgraded my ldap server from jaunty to karmic, i didn't notice how broken thinks were as i had done all the config work [16:56] i just needed to do some changes and found i couldn't get phpladpadmin to work [16:56] Aha, well, I will absolutely wait [16:56] i am tempted to upgade to lucid [16:56] I'm having enough troubles as it is booting the machines. I try not to reboot. [16:57] well i also found a huge bug that grub won't install on a software RAID setup [16:57] i cried [16:57] kirkland: fwiw, I rewrote the ISO tracker testcases for the UEC topologies, with help from hggdh. I didn't touch any UEC doc yet, though [16:57] ttx: i'd like to update the UEC docs [16:57] ttx: i was going to do that this week-ish [16:57] incorrect: On RAID0? RAID1 will work [16:58] ok this problem was only on the alternative text based installer [16:58] i pxe boot install my machines [16:58] ttx: also, i'd like to get the ISO tracker and UEC help docs to be in better sync, somehow [16:58] ttx: the duplication is painful [16:58] pxe install them, [16:58] kirkland: I think the level of detail is different for an install doc and a testcase [16:59] kirkland: but I agree with you it can be painful [16:59] ttx: obviously [16:59] incorrect: Oh, I didn't know that. I always use the cd. I should try pxe one day [17:00] I think most of the installer is self-explaining, the UEC doc shouldn't need to go into lots of detail, but rather expand on available topologies [17:00] alvin, i hope lucid has the latest kvm because that now supports booting vm's via the network, [17:00] while the testcase must include a bullet-point set of steps to not deviate from [17:00] incorrect: Cool, but it will not have the latest version [17:00] alvin, i could [17:01] it could [17:01] kvm do not release very often, iirc jaunty and karmic had the same version [17:01] incorrect: It will be 0.7.5 [17:04] seems to be up to date then [17:04] qemu is at 0.12.3 [17:07] maybe i will run up a vm for lucid [17:09] I'm using kickstart to do a hands-off intsallation on 100 machines .. How can I get rid of all the warnings the installer prompts me for ... like weak passwords and invalid nameservers and so ? [17:10] Does anyone know how to prevent the ipaddress from resetting after a kernel is loaded? [17:10] using network boot [17:14] i just use static ip addresses [17:14] jarray52, are you building servers or desktops? [17:16] incorrect, jarray52: for servers, you can also use DHCP [17:16] incorrect: I'm just playing around. Let's say I'm trying to get a server network booted. Right now, there is no disk attached. I'm able to load the OS using DHCP. [17:18] jarray52: I have no experience with that. Are you saying it works with DHCP, but not with a static address? (Can you even set a static address in that situation?) [17:19] alvin: I'm using a DHCP server to issue a static ip address. [17:19] alvin: I'm able to issue the static ip address and then use tftp to boot the OS. [17:20] Well, that's still DHCP, but ok. [17:21] Out of curiosity, is it possible to search these irc chat discussions to see if someone had a similar problem? [17:22] jarray52: There are logs, but I don't know whether you can search them. Maybe use the ubuntu-server mailinglist. [17:23] * alvin is going home. No backlog due to crashed karmic quasselcore :-( [17:25] incorrect: By playing around, I meant trying to learn how this stuff works. I'm trying to network boot a machine. [17:26] anyone know much about a deadlock with InnoDB ? [17:28] jarray52, during the install the installer app configures the network, its outside of the pxe boot getting you enough OS to boot from nic bios [17:44] has the iso been respun yet? [18:26] smoser: we don't have any EC2 image candidate yet ? [18:26] or you wait for the respin [18:26] i thought you suggested wait for respin [18:26] ack [18:27] there is a rumour that the latest one isn't running properly [18:27] so is archive in suitable state ? [18:27] smoser: not really, we would respin [18:27] latest one , where "one" is server ISO ? [18:27] no, the cloud images [18:27] the last daily cloud images would not run. [18:31] kirkland: could you test the current state of the lucid cloud images on uEC, to debunk that rumour ? [18:31] The iso testing is using the karmic image, as a reference standpoint, so the recent lucid images weren't tested [18:32] (at least by me) [18:34] smoser: I asked slangasek to ping you when the server ISO is respun, so that you can generate EC2 candidates from that [18:35] ttx, ok. i'll try a test of latest uec images. [18:35] note, i've tested successfully on ec2 === dendro-afk is now known as dendrobates [18:50] kirkland: the link to http://webapps.ubuntu.com/employment/canonical_USVD on your latest blogpost is broken [19:01] ttx: hey. seems the server iso is being rebuilt-- may I what prompted it? [19:01] s/what/ask what/ [19:02] jdstrand: possibly bug 548954? [19:02] Launchpad bug 548954 in upstart "Ubuntu servers should display information during boot by default" [High,Fix released] https://launchpad.net/bugs/548954 [19:02] jdstrand: "splash" still active on server boot, + winbind PAM profile screwing up login on samba-server task [19:03] * jdstrand guesses samba for 546874 and 556342 [19:03] k, thanks [19:03] jdstrand: bug 548954 and bug 546874 [19:03] Launchpad bug 546874 in samba "passwd - can't login, change password (pam_winbind pam-auth-update profile)" [High,Fix released] https://launchpad.net/bugs/546874 === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [19:48] kirkland: hi [19:48] kirkland: trying to run an instance on UEC [19:48] kirkland: got this error on the NC: [009416][EUCAERROR ] libvirt: internal error no supported architecture for os type 'hvm' (code=1) [19:55] if linux boxes can't see my internal linux server, do i need to edit /etc/dhcp3/dhclient.conf to send hostname or something else (windows boxes on the network have no problem seeing the box) [19:56] kirkland, did you report (ttx said someone did) that latest uec images aren't booting ? or was that mathiaz ? [19:56] if linux boxes can't see my internal linux server by its internal hostname, do i need to edit /etc/dhcp3/dhclient.conf to send hostname or something else (windows boxes on the network have no problem seeing the box) [19:56] smoser: I haven't reported anything yet [19:56] brontosaurusrex: if they are all on the same network, they should "see" each other. [19:57] brontosaurusrex: what IP address on linux server? [19:57] brontosaurusrex: what IP address on other linux box? [19:57] How can I change a username? like michae -> michael [19:57] Is there any easy way to do it system wide?... [19:57] 192.168.1.100 is the server [19:58] 192.168.1.101 is the client for example [19:58] brontosaurusrex: and netmasks? [19:58] inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 [19:59] You cannot ping .100 from 101? [19:59] ping 192.68.1.100 [19:59] its not really an issue, since 99,9% of users are windows, but i wonder whats up with that [19:59] sherr: sure i can, only hostname doesnt work [20:00] Well, how was I supposed to know it was a DNS issue only? [20:00] its accessable via ip [20:00] Put the hostnames/IP's in /etc/hosts? [20:00] on all linux boxes? [20:00] Yes - unless you want to run DNS. [20:01] Maybe look into using dnsmasq as a DHCP server. [20:01] how come windows boxes see the hostname? [20:01] samba? [20:01] Are you using Samba> [20:01] ? [20:01] its installed i think [20:01] Then WINS perhaps. [20:01] WINS != DNS [20:02] Note - dnsmasq includes a DNS server that can read from DHCP leases [20:02] i see, so i have to run dhcp client right? [20:02] The DHCP client is already used, no? This gets you an IP address. [20:02] You need "name" resolution [20:03] i.e. DNS [20:03] right [20:03] /etc/hosts is one way [20:03] anyone have much experience with what a deadlock is in mysql InnoDB tables? [20:03] If Windows clients can see each other by hostname and other systems can't, it's probably because they are using NETBIOS [20:03] sherr: ok, ty [20:06] smoser: http://people.canonical.com/~mathiaz/console.log [20:06] smoser: ^^ - tried to boot a daily UEC image on EC2 [20:07] you mena on uec? [20:07] smoser: yes *UEC* [20:07] smoser: not ec2 [20:07] ok. i've booted 20100406 several times today in ec2 [20:08] i think your metadata service is broken [20:08] and i've verified on my local UEC that 20100405 worked fine [20:10] <`blackmk4|imac> just wondering if there will be a proper fix for this 5 month old bug: http://ohioloco.ubuntuforums.org/showthread.php?t=1311112 [20:10] <`blackmk4|imac> it pretty much breaks the ability to run a server [20:10] mathiaz, ^ [20:11] `blackmk4|imac: is there a bug number? [20:11] <`blackmk4|imac> yes [20:11] smoser: it's quite possible that the meta-data is not working [20:12] smoser: as I'm running UEC on multi-network topology [20:12] smoser: how can I test if the meta-data service is working correctly? [20:12] <`blackmk4|imac> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/474930 [20:12] Launchpad bug 474930 in linux "Ubuntu 9.10 crashes when run without monitor or when monitor sleeps." [Undecided,Confirmed] [20:14] mathiaz, boot an insance, somehow get to it and then poke at the metadata service from within it :) [20:14] but its broken, thats why you're seeing those errors [20:14] `blackmk4|imac: I wonder if Lucid works? [20:15] <`blackmk4|imac> i would imagine so [20:17] `blackmk4|imac: I am not affected by this. But what I would imagine is that someone adds a comment to the bug and asks if anyone can confirm this happening in Lucid still. If not, then great. [20:17] <`blackmk4|imac> wait [20:18] <`blackmk4|imac> what is lucid, i thought you meant a person [20:18] <`blackmk4|imac> :v [20:18] Lucid Lynx a.k.a release 10.04 - current beta? [20:18] <`blackmk4|imac> ah, then I don't know if it works there [20:19] But if it is important, maybe someone can test? [20:19] <`blackmk4|imac> fair enough [20:19] If it affects you, why not comment on the bug and see if someone can test? or maybe someone already has? [20:20] <`blackmk4|imac> i commented in a few forum posts about it, I'll comment on the bug [20:20] That is, if no one has already. Check first :-) [20:22] Is that with a monitor hooked up AND X installed? Because I have karmic installations without monitor that run. None of them have X. (As long as you don't let them do something intensive like copying a large file) [20:23] Oh, and with Intel videocard [20:23] (Desktops with X and some Intel cards will crash after a little while anyway) [20:23] A comment on the forum says "no X required" IIRC. [20:24] alvin: although they should run even copying a large file :-/ [20:24] I didn't read the whole forum of 'me too'. ;-) The bug should be enough [20:25] Yes, me too ... :-) [20:25] sherr: I had 3 servers that froze today. One went down. The one that was doing the least work. It's apparently a kernel io_scheduling issue, but it's unclear where the bug should be assigned. [20:26] I'm researching this a bit. I tried to reproduce on a non-critical system with an atom cpu, but I can't reproduce it there. But take a 2xquad core machine with 32 GB ram, and rsync a 10GB file. Bam, load goed in the air and server goes down. [20:27] INFO: task kvm:22955 blocked for more than 120 seconds. (etcetera) [20:28] alvin: what's backing the guests? LVM, file? [20:28] Production servers are experiencing problems, and test servers don't :-( [20:28] File, on LVM (ext4 formatted) [20:28] I hear you. Maybe you need test servers that match production more closely ... i,e, bigger! [20:29] I do have those tomorrow. 'll test there [20:29] In fact, I could reach them. There's nobody at work, so I can quitly copy a file now. Let's do it. [20:29] Can you arrange an ext3 test? Good data-point perhaps [20:30] Should be possible. There is space left [20:31] Only one of the bug reports I found talks about ext4: (bug 494476 and bug 276476) [20:31] Launchpad bug 494476 in linux ""Smbd","kjournald2" and "rsync" blocked for more than 120 seconds while using ext4." [Medium,Triaged] https://launchpad.net/bugs/494476 [20:31] Launchpad bug 276476 in linux "INFO: task blocked for more than 120 seconds causes system freeze" [Medium,Fix released] https://launchpad.net/bugs/276476 [20:31] Is it always rsync? Wit compression? maybe try a "cp", or no comp. [20:31] cp and scp too [20:32] and on the server that went down: totally unknown. Only the virtual machines where running and they not under any load [20:33] I logged in with ssh on the host because a guest (holding a miniscule db) crashed, saw the high load, checked some things and while later, everything was down. [20:33] bug 276476 - seems old. "task blocked" is quite generic perhaps - problem in KVM? [20:33] Launchpad bug 276476 in linux "INFO: task blocked for more than 120 seconds causes system freeze" [Medium,Fix released] https://launchpad.net/bugs/276476 [20:33] 2008? [20:33] sherr: Not only kvm. Task blocked is also to be seen with pdflush, kjournald, and others (rsync) [20:34] fix released is only for the message or something. I see the problem only since I rebooted after installing the latest karmic kernel [20:34] Yes - I mean it's a generic error message caused by many things maybe [20:34] Painful - and trying to figure out the cause is painful. Time/effort ... [20:34] Probably, but it's the only clue I have [20:35] Try a different kernel? .33 PPA? Or roll your own from kernel.org [20:35] The most important server is under support (Canonical), but after the first answer, they're a bit slow. I'll call tomorrow, because it halted production 2 times now. [20:36] Keep us posted anyway - good luck. Be good to hear how it goes. [20:36] Of course. I'll start a test now and see how it goes [20:46] does anyone here use snort? [20:47] http://ubuntuforums.org/showthread.php?t=919472 [20:48] i'm trying to follow this security guide, but it is suggesting i compile snort from source, only because the version in the repos doesn't enable logging to a mysql db [20:48] does this still hold true? [20:48] smoser: new server ISO is out, you can trigger the EC2 ones if not already done [20:49] i will trigger now. [20:49] ttx, started. i tested 20100405 on uec and it ran fine [20:50] smoser: thanks ! [20:50] billybigrigger: No idea. I'd look at the available package versions, and the changelogs. See if it is still true. [20:50] http://packages.ubuntu.com [20:50] zul, kirkland: the new server ISO is available, please cover the tests you can before the end of your day. [20:51] ttx, where did you hear that it wasn't functional? [20:51] ttx: my end of the day is in 9 minutes but Ill cover the tests later tonight [20:51] smoser: some internal talk on a call, probably bad rumour [20:51] zul: heh [20:52] so its either /etc/hosts or my own dns server? [20:52] brontosaurusrex: stick a few hosts/IP's in a cuple of /etc/hosts files - prove to yourself that works :-) [20:53] sherr: thats how i have it done now (for a while) [20:53] and its good enough for home use [20:54] but what to do with bigger intranets? is there a way to sniff if there are any dns servers allready running, or what is the most correct procedure, finding the admins? [20:56] brontosaurusrex: well, a sysadmin could tell you I assume. DHCP should also give out "nameservers" (go in /etc/resolv.conf) [20:56] well this home box has some ips in there and there is no dns [20:58] brontosaurusrex: IP's in where? resolv.conf? [20:58] yes [20:58] From your DHCP server? What IP's? [21:01] http://b.pastebin.com/HrUWUCE5 [21:02] this are probably external dns's [21:02] brontosaurusrex: Ah, NetworkManager ... [21:02] brontosaurusrex: and Telekom Slovenije - your ISP? [21:02] brontosaurusrex: I guess that's frm your ISP/internet modem DHCP. [21:03] Options : [21:03] a) Use /etc/hosts for your local systems [21:03] b) Setup DNS locally (maybe look at dnsmasq = DHCP + DNS and simple) === ubott2 is now known as ubottu [21:11] sherr: thanks for your time, i need some reading to do [21:12] as it seems ;) [21:26] I tried copying /var/lib/mysql/ from one server to another because it's the only backup I have for this. I setup the permissions on the new junk, copied debain.cnf from the old system (the internel structure should be exactly the same), When I do 'start mysql' it just hangs. [21:26] Any ideas what I should look for to make this work? [21:28] the only thing I get in top is an 'sh' process that hops up top some but doesn't really look active [21:31] MTecknology: all the tables copied over? [21:31] MTecknology: Try starting the server and tail the syslog in another shell i.e. [21:31] sherr: yup - I just sat there beating it a few times and I think magic/pixie_dust may have taken hold :) [21:32] /etc/init.d/mysql stop && /etc/init.d/mysql start [21:32] and "tail -f /var/log/syslog" in anoither s=hell at the same time [21:32] Oh, it's working now? magic/pixie_dust? [21:33] What version pixie_dust? :-) [21:33] 0.9 [21:33] I hear 1.0 is supposed to work out of the box [21:33] sherr: I tried what you said and it all looks clean :) [21:34] No one uses a v1.0 surely? [21:34] 0.9 .. no problem ... :-) [21:34] So, it is working? [21:34] ya [21:34] :) [21:34] now to see if the whole server is working.... [21:34] OK, great. [21:36] ttx: on it now [21:41] kirkland: hey! [21:41] kirkland: did you test eucalyptus package installations? [21:41] mathiaz: howdy [21:42] mathiaz: i'm burning to a usbstick now [21:46] hello to all. i have to execute this line here as root at boot [21:46] how can i do this ? [21:46] ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log [21:46] cjwatson: hi [21:46] cjwatson: when the installer runs the package installation in-target, is the in-target debconf database (already) loaded with the debconf database from the install environement? [21:47] xperia: maybe add to /etc/rc.local (last rc script that runs each boot) [21:47] sherr: great will test that [21:48] cjwatson: IOW if I preseed something in the installer is that value available when the packages are installed in the chroot environement? [21:48] the question is the whole script is located in my home folder. i ask me if i should remove it to some /usr/local folder maybe [21:52] xperia: couple things you can do, you can copy the script to say /var/lib/initscripts and then add it to rc.local using the entire path [21:53] you could create your own folder in /var/lib/ called scripts [21:54] KillMeNow: great thanks for the very helpfull answer. i have searched for rc.local in /etc but this file dont exist in /etc it must be some other path [21:55] xperia: yes, doesn't really matter much. As long as you know where and what it is etc. [21:56] ahh okay in this case it will work as long a file called rc.local exist in /etc. great you helped me a lot ! [22:10] ok so slapd is very broken in 10.04 [22:10] is ldap not very important any more? [22:11] incorrect: it's definitely different from hardy [22:11] incorrect: what's the problem you are having? [22:11] vmlintu, sure is, doesn't even configure a system that you can log into any more [22:12] dpkg-reconfigure slapd used to do a lot for me [22:13] incorrect: yep, it used to be easier for small setups.. [22:13] incorrect: at first I hated the new system, but it turned out to be great as my setups are so weird [22:13] incorrect: do you need help getting it working? [22:13] mathiaz: should be [22:14] mathiaz: provided the owner for the field in question is correct (i.e. the owning package, not d-i) [22:15] vmlintu, sure the documentation doesn't offer much help [22:15] incorrect: I've written some entries in blog here: http://www.opinsys.fi/setting-up-openldap-on-ubuntu-10-04-alpha2 [22:16] incorrect: the first part does pretty much the same as the old dpkg scripts [22:17] i have a 6 slapd servers in a multi-master setup, but i would have thought having dpkg do some of the heavy lift would have been a good thing? [22:18] incorrect: the dpkg scripts didn't do much good for multi-master setups [22:18] well it got you a fair bit of the way and you take it from there [22:19] incorrect: do you have the old configs in hand? [22:20] sure i have my 8.04 setup running, i even backported 2.4.15 [22:20] incorrect: if you do, you can convert them to cn=config backend with slaptest tool [22:20] How can I reinstall apache from scratch? [22:20] I screwed up the configs pretty bad [22:21] i just wanted to rebuild my home setup [22:21] just found weird bugs since i've been upgrading since jaunty [22:21] MTecknology, apt-get purge it, delete any remaining configs, then reinstall [22:21] qman__: that didn't work [22:22] aptitude purge apache2; rm -R /etc/apache2; aptitude install apache2 [22:22] how didn't it work [22:23] qman__: /etc/apache2 still doesn't exist [22:23] MTecknology: try purge apache2.2-common instead of apache2 [22:24] yeah, apache2 is a metapackage [22:24] that might have caused it [22:24] oh.. [22:24] thanks :) [22:26] Does anyone have Vmware Server 3 beta running on their server here yet? [22:27] vmlintu, will you be updating the ubuntu server docs? [22:27] dasunsrule32: I think most people in here use other tools like kvm [22:30] * MTecknology screams silently to self -why on earth do people use ruby?- === dendrobates is now known as dendro-afk [22:57] mathiaz yo === hggdh_ is now known as hggdh === dendro-afk is now known as dendrobates