| MTecknology | I have qemu+libvirt on one server; if I run ufw enable on that I lose connectionto any guests. What rule do I need to add to allow communication through the host but not to the host? | 01:25 |
|---|---|---|
| === dendrobates is now known as dendro-afk | ||
| uvirtbot | New bug: #556996 in samba (main) "winbind pam-config potentially breaks stacking with modules of lower priority in common-passwd" [Low,New] https://launchpad.net/bugs/556996 | 03:16 |
| uvirtbot | New bug: #556785 in shadow (main) "Passwd in Ubuntu Lucid has started giving errors since last update" [Undecided,New] https://launchpad.net/bugs/556785 | 03:24 |
| MTecknology | jdstrand: sorry about that | 03:25 |
| MTecknology | jdstrand: I have all vm's running over a bridged network - eth0 bridged with br0 -> vnet1 -> virtual_server_1. So do I just allow everything from anywhere to anywhere on vnet1? | 03:31 |
| MTecknology | oh.... | 03:32 |
| MTecknology | in/out | 03:32 |
| jdstrand | MTecknology: I've not done bridged networking with libvirt. however it should work how you'd expect. eg if some remote host wants to connect to your vm on port 22 on ip 1.2.3.4, then you can do: sudo ufw allow to 1.2.3.4 port ssh | 03:43 |
| jdstrand | MTecknology: keep in mind the in/out is for INPUT and OUTPUT. if you need to manipulate the forward chain, then you are going to need to add stuff to /etc/ufw/before.rule | 03:44 |
| jdstrand | s | 03:44 |
| MTecknology | jdstrand: I just want to allow any traffic for that server to go through to that server so I can use iptables on there. | 03:51 |
| MTecknology | I tried just 'ufw allow to 192.168.1.5' then ufw enable and I couldn't talk to that vm anymore | 03:52 |
| MTecknology | If I try something like 'ufw allow from any port any to 192.168.1.6 port any' I get ERROR: 'Could not find protocol' | 03:53 |
| jdstrand | MTecknology: don't use 'port any', just 'from any to any' | 03:54 |
| jdstrand | MTecknology: if ufw is blocking, you'll need to look in kern.log | 03:55 |
| cef | if you use 'port' you need to define udp or tcp (or other protocols that use ports) | 03:55 |
| MTecknology | 'ufw allow any to any' - still kills my connection when I enable it.. | 03:56 |
| MTecknology | Apr 6 21:55:50 pessum kernel: [29088.509108] [UFW BLOCK] IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=vnet3 SRC=192.168.3.6 DST=192.168.1.6 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=51033 DF PROTO=TCP SPT=47120 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 | 03:56 |
| MTecknology | This is what I have now - http://dpaste.com/180294/ | 04:04 |
| MTecknology | jdstrand: I don't know if it makes a difference - I'm on 10.04 | 04:04 |
| jdstrand | MTecknology: I think you need to read http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29 | 04:05 |
| jdstrand | MTecknology: it references a fedora bug in libvirt that is probably what is causing you trouble | 04:06 |
| jdstrand | MTecknology: I gotta head out, but I bet that is the issue | 04:06 |
| MTecknology | jdstrand: with network manager not supproting bridged interfaces? | 04:08 |
| MTecknology | oh | 04:09 |
| MTecknology | jdstrand: alrighty, thanks :) | 04:09 |
| === macrocosm_ is now known as macrocosm | ||
| === shennyg_ is now known as shennyg | ||
| maxagaz | i have installed my system using a usb key | 05:14 |
| maxagaz | but it was installed on sdb | 05:14 |
| maxagaz | and the system is sda now that the usb isn't plugged anymore | 05:14 |
| maxagaz | I guess I need to update the grub | 05:15 |
| maxagaz | can someone tell me how ? | 05:15 |
| twb | Bleh. | 05:17 |
| twb | That's why I hate grub and its stupid device.map | 05:17 |
| Psi-Jack | Heh. Seems to be a horde of people wanting to get ubuntu 10.04 beta1. ;) | 06:43 |
| AnRkey | how can i reserve a device name for my USB device so that it's always got the same /dev/devicenamehere? | 09:04 |
| alvin | AnRkey: label the partition on the USB device (so that you have /dev/disk/byu-label/ | 09:05 |
| AnRkey | it's a printer | 09:05 |
| AnRkey | two printers actually, they keep getting switched around or given ttyUSB3 or whatever | 09:06 |
| jeffesquivel | AnRkey, you can use udev for that | 09:07 |
| AnRkey | udev? | 09:08 |
| jeffesquivel | AnRkey, this article may help you: http://www.linuxjournal.com/article/7316 | 09:08 |
| * AnRkey googles it | 09:08 | |
| AnRkey | thanks for the push in the right direction | 09:08 |
| jeffesquivel | AnRkey, no problem | 09:08 |
| jeffesquivel | AnRkey, here is an example rule for a printer: http://www.reactivated.net/writing_udev_rules.html#example-printer | 09:09 |
| jeffesquivel | AnRkey, you can read that document too... but it may be to comprehensive | 09:10 |
| jeffesquivel | *too | 09:10 |
| bronto2 | i'am trying to basically setup a lil intranet wiki, and i see it does support ldap, but can ldap be easily configure to just use posix system users? | 09:56 |
| bronto2 | configured* | 09:56 |
| joschi | bronto2: usually no. but there are some scripts which you can use to convert your system users. but then again: why use ldap in the first place if you only want your system users to login? | 10:18 |
| swift | hi guys, I installed and configured MRTG to monitor one internet line.... i installed it on my ubuntu server | 11:21 |
| swift | in the index url now, I see 8 graphs related to the router being monitored | 11:22 |
| swift | each graph is of the form "Traffic Analysis for #num# -- <Router Name> | 11:22 |
| swift | any idea what these graphs are? | 11:24 |
| swift | how can I choose which graphs to remove?.. or are all of these important?... please advis | 11:24 |
| === swift_ is now known as swift | ||
| ttx | smoser: ping me when available | 12:21 |
| smoser | here now. | 12:21 |
| smoser | ttx, | 12:21 |
| ttx | Two things, I suppose you got my answer to the ramdisk email... | 12:22 |
| smoser | yeah. | 12:22 |
| ttx | What's your opinion on it ? | 12:22 |
| smoser | i would like to have no ramdisks. | 12:22 |
| ttx | How much testing did the current noramdisk things get so far ? | 12:23 |
| smoser | on my hardware, i've recreated failure with beta-1 and success on all of 2010040[1256] | 12:23 |
| smoser | i cannot seem to create failure. | 12:23 |
| smoser | i think that between reasonable test of your hardware (which was 'sometimes fail'), mine (always fail) and dustin's (always fail) and data center (always pass), we have fairly good coverage of that. | 12:24 |
| ttx | OK, I'll play a few rounds myself | 12:24 |
| ttx | and we'll take the final decision by the meeting time | 12:24 |
| ttx | in between... we need to sort out the testcases | 12:24 |
| smoser | above, the parentheses state what it was before. | 12:24 |
| ttx | http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all shows they are pretty broken | 12:24 |
| smoser | i updated http://testcases.qa.ubuntu.com/System/EC2CloudImages#preview | 12:24 |
| ttx | Do you have testcases for the EC2 and the UEC images ? | 12:25 |
| smoser | what do you mean? | 12:25 |
| ttx | I mean we need: | 12:26 |
| ttx | EC2/classic -> 2 testcases (multiple instance run, userdata/config) | 12:26 |
| ttx | EC2/EBSroot -> 2 testcases (multiple instance run, userdata/config) | 12:26 |
| smoser | i have a "test suite"read the link above and let me know if its not sufficient | 12:27 |
| smoser | i have a "test suite" that runs all those tests | 12:27 |
| ttx | UEC -> 2 testcases (instance run, userdata/config) | 12:27 |
| smoser | i'm writing userdata/config for UEC right now (copying from EC2) | 12:28 |
| ttx | ok | 12:28 |
| ttx | smoser: do you agree EBSroot should have the same tests ? | 12:28 |
| ttx | (currently they have no tests) | 12:28 |
| smoser | yeah, it should have same tests, with an additional "shut down instance" and "start instance" | 12:28 |
| smoser | (i commented on that in EC2CloudImages above) | 12:29 |
| ttx | smoser: please sync with ara when you have the links set. I updated her on #ubuntu-release a few minutes ago | 12:41 |
| cemerick | Looks like the default archive used in sources.list for canonical AMIs on ec2 is out (http://us-east-1.ec2.archive.ubuntu.com karmic/universe) | 13:10 |
| cemerick | anyone know if this is a policy change, or just an outage? | 13:11 |
| smoser | kirkland, ping | 13:29 |
| smoser | cemerick, no policy change | 13:29 |
| smoser | what do you mean by out ? | 13:29 |
| smoser | do you get errors? | 13:29 |
| smoser | i've just verified from a lucid instance that it seems functional | 13:30 |
| cemerick | smoser: well, it's unreachable :-) http://isitup.org/us-east-1.ec2.archive.ubuntu.com | 13:30 |
| binBASH | Hi is it possible to install the ubuntu enterprise cloud later on a ubuntu server? | 13:30 |
| smoser | cemerick, it is never available from outside of that region | 13:31 |
| smoser | i'm guessing that 'isitup.org' doesn't run inside us-east-1, so that would be expected | 13:31 |
| cemerick | smoser: ok; then I'm a little baffled w.r.t. the timeouts that aptitude update, et al. are yielding. | 13:32 |
| smoser | binBASH, it is possible, yes. i'm sorry that i dont have a good link for how though. maybe ttx or kirkland do | 13:32 |
| smoser | your instance is in us-east-1 region ? | 13:32 |
| dassouki | what's the best way to remove tomcat5.5 and 6 (completely remove theme) if they were installed from apt-get | 13:33 |
| cemerick | smoser: us-east-1d, yes | 13:33 |
| binBASH | smoser: At least that sounds already good ;) Because I have a root server at hetzner.de and they provide only ubuntu-server images without uec. | 13:33 |
| smoser | cemerick, can you 'apt-get update 2>&1 | tee out.log' and pastebin that ? | 13:34 |
| cemerick | smoser: sure, 1m | 13:34 |
| smoser | cemerick, i just replaced all 'lucid' with 'karmic' in my lucid instance that i have and run apt-get update successfully. | 13:35 |
| smoser | so it seems like it would be limited to your instance. maybe some networking things you've done ? | 13:35 |
| cemerick | smoser: this is a totally virgin node, started from ami-bb709dd2 FWIW | 13:36 |
| smoser | binBASH, single system UEC installation is tricky at best. i do not believe its officially supported. | 13:37 |
| binBASH | I got 6 servers atm, planning to have 150 if all works fine ;) | 13:37 |
| smoser | cemerick, firing one up, and i'll check from taht. | 13:37 |
| cemerick | smoser: FYI http://dpaste.com/180431/ | 13:38 |
| smoser | binBASH, and they're physical? the nodes have to be run on physical hardware.... in theory you could do nested virt if they where amd64, but thats not going to be fast :) | 13:38 |
| binBASH | smoser: Yup, physical | 13:39 |
| smoser | cemerick, well, waiting for a spot instance request to come up and then i'll test also | 13:39 |
| binBASH | smoser: Planning to run some KVM Hypervisors there :) | 13:40 |
| cemerick | OK. I'm switching over to another aws acct; I remember having some wonky network issues long, long ago that didn't replicate over to another acct (for some ungodly reason). | 13:40 |
| binBASH | smoser: http://www.hetzner.de/en/hosting/produkte_rootserver/eq6/ | 13:40 |
| cemerick | smoser: Whooo. Different aws acct, all's good there. :-( | 13:41 |
| cemerick | yikes | 13:41 |
| smoser | cemerick, if you have support, i would try using it. if not, i would try the forums. | 13:42 |
| smoser | cemerick, mine just worked (apt-get update) | 13:42 |
| cemerick | smoser: yup, heading there now. When this happened once before, a forum msg magically fixed networking on the affected acct's nodes. It's odd tho, other network access works just fine. | 13:42 |
| cemerick | thanks, sorry for the noise :-( | 13:43 |
| Am1ne | hello ! I am using ubuntu-server 8.04 as a platform of mysql server ! the problem that I have is that I can't access the server remotely ! I have commented the bind-address line to allow external connections.. but still got this error : Host '172.16.50.52' is not allowed to connect to this MySQL server | 13:44 |
| Am1ne | any suggestions plz | 13:44 |
| binBASH | smoser: I think I found it here > https://help.ubuntu.com/community/UEC/PackageInstall | 13:51 |
| ttx | binBASH: beware that's outdated (applies to karmic), so it might not work | 13:56 |
| ttx | we still need to fix the docs | 13:56 |
| kirkland | smoser: whats up | 13:58 |
| ttx | kirkland: see my comments on bug 556932, I think it's invalid -- if you agree please edit your test results so that it doesn't show failure on the tracker, please | 13:59 |
| uvirtbot | Launchpad bug 556932 in eucalyptus "Not enough resources available: addresses (try --addressing private)" [High,Invalid] https://launchpad.net/bugs/556932 | 13:59 |
| binBASH | ttx: I will try it :-) | 14:01 |
| zul | yay i ran out of disk space! | 14:03 |
| * ttx ⁵'s zul | 14:07 | |
| zul | stupid daily ppas | 14:07 |
| kirkland | ttx: ok | 14:17 |
| a_ok | is dump/restore working with ext4 now? | 14:17 |
| ttx | kirkland: thanks ! | 14:17 |
| a_ok | if not what would be a good replacement? | 14:18 |
| kirkland | ttx: doh | 14:19 |
| ttx | kirkland: :) | 14:19 |
| kirkland | ttx: yep, all my fault, sorry | 14:19 |
| kirkland | ttx: i did a lot of installs yesterday | 14:19 |
| ttx | kirkland: we need some testing of the UEC cloud image without ramdisk to assess its boot stability, if yo uhave some time before the meeting | 14:20 |
| ttx | kirkland: smoser can give you the method to test it | 14:21 |
| ttx | (I'm on it right now, but the more the merrier) | 14:21 |
| Omahn | Just noticed a mention of the auto-upgrade-tester in the LTS upgrade blueprint and a problem or something or other with moving it to a data center. Our site can provide some (free) hosting if it would be useful for running the auto upgrade tester. | 14:22 |
| Omahn | I've been planning on running a copy of it locally anyway. | 14:25 |
| uvirtbot | New bug: #557300 in tomcat6 (main) "tomcat6 package changes ownership of directories" [Undecided,New] https://launchpad.net/bugs/557300 | 14:31 |
| alvin | a_ok: I have never used it, but the man of dumpe2fs says 'ext4' | 14:32 |
| ttx | Omahn: mvo is running it, please talk to him, he might be interested | 14:33 |
| smoser | kirkland, just publish an image without a ramdisk, and see if it boots. | 14:33 |
| smoser | uec-publish-image --ramdisk=none image.tar.gz lucid-20100407-noramdisk amd64 | 14:34 |
| alvin | a_ok: Didn't even know such a program existed for linux | 14:34 |
| a_ok | alvin: ok I will just have to test it than. the changelog of the dump project mentions only preliminary ext4 support | 14:34 |
| a_ok | alvin: we have been using it for many years. dates back to ext2 | 14:34 |
| alvin | a_ok: I think most people use tar (preferably in combination with LVM snapshots) | 14:34 |
| alvin | a_ok: I have only used it for UFS | 14:35 |
| a_ok | alvin: can't use tar for that kind of backups. you will lose sertain atributes etc | 14:35 |
| alvin | Nice to know you can use it for ext too | 14:35 |
| alvin | a_ok: Very true. In that case, there's always dd :-) | 14:35 |
| a_ok | alvin: dd will mean our backups will be at least twice as large | 14:36 |
| alvin | At the least, yes | 14:36 |
| alvin | But it's a good question. | 14:36 |
| alvin | I wonder whether LVM has a way of sending a volume to a file | 14:37 |
| a_ok | fsarchiver seems a nice project but not good enough for production yet | 14:37 |
| alvin | No, on first sight (man lvm) lvm doesn't have that. | 14:38 |
| alvin | Actually, things like that are the reason I prefer ZFS for enterprise storage, wherever possible. We'll probably have to wait for BTRFS to get the good stuff in Linux too. | 14:39 |
| ttx | smoser: the no-ramdisk uec image looks good to me | 14:41 |
| Omahn | ttx: I'll drop mvo a pm, thanks. | 14:44 |
| ttx | smoser: I managed to have one instance stuck ! | 14:47 |
| smoser | what is stuck ? | 14:48 |
| ttx | doesn't boot all the way | 14:48 |
| smoser | euca-get-console-output $IID | pastebin | 14:48 |
| smoser | ? | 14:48 |
| ttx | I'm on it | 14:48 |
| LinuxAdmin | I've getting problems with nat configuration in ufw | 14:49 |
| LinuxAdmin | can't define nat chain | 14:49 |
| ttx | smoser: the end of it @ http://pastebin.ubuntu.com/410557/ | 14:49 |
| === mathiaz_ is now known as mathiaz | ||
| ttx | startedtwo in parallel | 14:50 |
| ttx | the other one worked, pasting end of console-output as well | 14:50 |
| LinuxAdmin | i put this lines in before.rules | 14:50 |
| smoser | ttx, hm... well, that hang is much different than before. | 14:50 |
| smoser | and i wouldn't think ramdisk related | 14:50 |
| smoser | see the Generating locales output | 14:50 |
| smoser | it shows that uec-init was running | 14:51 |
| LinuxAdmin | *nat | 14:51 |
| ttx | smoser: The one that worked: http://pastebin.ubuntu.com/410558/ | 14:51 |
| LinuxAdmin | :PREROUTING - [0:0] | 14:51 |
| smoser | and landscape-client also running, which runs well after. | 14:51 |
| LinuxAdmin | but it gives me error | 14:51 |
| LinuxAdmin | why can't I configure nat in before.rules file, using ufw | 14:51 |
| LinuxAdmin | I'm trying to avoid iptables, although I understand very well iptables, I'm trying to use ufw | 14:52 |
| smoser | ttx, i really have no idea where that bug can be coming from... | 14:52 |
| ttx | euca-run-instances -k mykey $EMI -t $TYPE -n 2 | 14:52 |
| ttx | trying again | 14:53 |
| LinuxAdmin | can't I define advanced rules (nat for example) using ufw? | 14:53 |
| ttx | worked | 14:53 |
| ttx | smoser: I don't think that invalidates noramdisk, just shows that we need to test test test | 14:55 |
| alvin | LinuxAdmin: just vote for bug 247455 | 14:55 |
| uvirtbot | Launchpad bug 247455 in ufw "a Nat option would be helpful for gateway systems" [Wishlist,Confirmed] https://launchpad.net/bugs/247455 | 14:55 |
| ttx | smoser: cannot reallt reproduce it | 14:55 |
| mathiaz | kirkland: what's your take on bug 556312? | 14:57 |
| uvirtbot | Launchpad bug 556312 in libvirt "libvirt packages should not Recommend hypervisor packages" [Wishlist,Won't fix] https://launchpad.net/bugs/556312 | 14:57 |
| jdstrand | LinuxAdmin: yes you can use nat rules with ufw | 15:06 |
| jdstrand | LinuxAdmin: can you paste your before.rules file? | 15:07 |
| jdstrand | LinuxAdmin: also, what Ubuntu release are you using? | 15:10 |
| LinuxAdmin | I'm using ubuntu server 9.10 | 15:10 |
| LinuxAdmin | I'll paste the text in a few seconds... | 15:10 |
| LinuxAdmin | just this two lines in beginning of the file give me an erro: | 15:12 |
| LinuxAdmin | *nat | 15:12 |
| LinuxAdmin | :PREROUTING - [0:0] | 15:12 |
| jdstrand | LinuxAdmin: please use paste.ubuntu.com | 15:12 |
| hggdh | !pastebin| LinuxAdmin | 15:13 |
| ubottu | LinuxAdmin: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. | 15:13 |
| jdstrand | LinuxAdmin: and paste the entire before.rules | 15:13 |
| LinuxAdmin | ok, just a minute | 15:13 |
| MTecknology | Any suggestions for an easy to use mailing list that will let random users sign up? I'm considering mailman - just not sure if that's the best solution. | 15:16 |
| LinuxAdmin | in paste.ubuntu.com do I have to "download as text"? | 15:19 |
| LinuxAdmin | sorry it's the first time | 15:19 |
| jdstrand | LinuxAdmin: no-- just give me the link | 15:19 |
| LinuxAdmin | ok | 15:19 |
| LinuxAdmin | http://paste.ubuntu.com/410566/ | 15:19 |
| jdstrand | LinuxAdmin: you forgot COMMIT for the nat table | 15:20 |
| jdstrand | LinuxAdmin: on the line under your -A POSTROUTING rule, add: | 15:21 |
| jdstrand | COMMIT | 15:21 |
| LinuxAdmin | ok, as I understand I have to commit before start a new chain, wright? | 15:21 |
| jdstrand | LinuxAdmin: a new table, yes | 15:21 |
| LinuxAdmin | a new table, sorry | 15:22 |
| LinuxAdmin | ok, let me try | 15:22 |
| LinuxAdmin | can i put PREROUTING and POSTROUTING in before.rules or do I have to put POSTROUTING in after.rules? | 15:24 |
| jdstrand | LinuxAdmin: it is fine as is. before.rules and after.rules are named as such for when the files are processed | 15:24 |
| jdstrand | LinuxAdmin: before* first, user* (ie, cli added rules) 2nd, and after* 3rd | 15:25 |
| LinuxAdmin | ok, thanks | 15:25 |
| LinuxAdmin | it works | 15:26 |
| jdstrand | cool | 15:26 |
| LinuxAdmin | thanks again | 15:26 |
| jdstrand | np | 15:26 |
| LinuxAdmin | let me ask you just one more question | 15:26 |
| jdstrand | shoot | 15:26 |
| LinuxAdmin | I'm curious about ufw-before-forward | 15:27 |
| LinuxAdmin | indeed, about ufw-before* | 15:27 |
| LinuxAdmin | do I have to do anything in this chains to apply port forwarding using NAT? | 15:28 |
| jdstrand | LinuxAdmin: if you want to customize the INPUT, FORWARD or OUTPUT chains beyond what the cli command can do (indeed, the cli command doesn't do FORWARD yet), you should add these rules to ufw-before* (or ufw-after* if you'd prefer, but most do in before) | 15:29 |
| LinuxAdmin | ok, thanks Jamie, you helped a lot | 15:30 |
| jdstrand | LinuxAdmin: specifically, for port forwarding, you will want to add them to the *filter table in ufw-before-forward | 15:31 |
| LinuxAdmin | ok | 15:31 |
| jdstrand | LinuxAdmin: see the Chains section /usr/share/doc/ufw/README.gz for more info | 15:31 |
| LinuxAdmin | ok | 15:31 |
| jdstrand | LinuxAdmin: basically, instead of doing -A FORWARD... you would do -A ufw-before-forward | 15:32 |
| Daviey | mathiaz: Could you provide a sanitised preseed file that you were using? | 15:32 |
| mathiaz | Daviey: sure | 15:33 |
| LinuxAdmin | ok | 15:33 |
| ihernandez | good morning | 15:37 |
| MTecknology | If my server will only deal with mailman as far as email is concerned - what's the best smtp server to use? | 15:54 |
| MTecknology | probably postfix? | 15:54 |
| binBASH | ttx: is there a way to reconfigure uec via the console configtool if wrong values were added by accident? | 15:56 |
| sommer | mathiaz: did you see my responses in #ubuntu-meeting? | 15:59 |
| mathiaz | sommer: yes | 15:59 |
| sommer | mathiaz: okay, just making sure heh :) | 15:59 |
| sherr | MTecknology: Postfix is good, and supported as the ubuntu mail server | 15:59 |
| mathiaz | sommer: if the server guide is up-to-date for lucid then we should not drop it from the archive | 15:59 |
| mathiaz | sommer: my proposal was done under the assumption that the server guide wasn't up-to-date | 16:00 |
| sommer | yep yep, just got confused when you replied to ttx | 16:00 |
| mathiaz | sommer: and I'd rather not ship outdated documentation for an LTS | 16:00 |
| mathiaz | sommer: as we did for karmic and ldap | 16:00 |
| sommer | mathiaz: totally agree, and the doc team SRU process I believe is better now | 16:01 |
| mathiaz | sommer: I think the content is great and you're doing a great job at it | 16:01 |
| sommer | mathiaz: thanks man :) | 16:01 |
| mathiaz | sommer: but sometimes life gets in the way - which is ok | 16:01 |
| mathiaz | sommer: and we just take decisions based on that | 16:01 |
| mathiaz | sommer: I think having a discussion about the *form* would be good at the next UDS | 16:02 |
| sommer | ya, I think that'd be a great topic... I'll be creating a blueprint this week | 16:03 |
| hggdh | hum. The corrected ISO is the 20100406.1, right? | 16:03 |
| RoAkSoAx | ttx, so what are your thoughts about the syncing the new packages | 16:06 |
| mathiaz | Daviey: bug 556833 updated with a failing preseed file | 16:06 |
| uvirtbot | Launchpad bug 556833 in eucalyptus "System fails to reboot after eucalyptus preseeded instlation" [Undecided,New] https://launchpad.net/bugs/556833 | 16:06 |
| mathiaz | hggdh: http://iso.qa.ubuntu.com/ | 16:07 |
| mathiaz | hggdh: ^^ this list the version of the ISO supposed to be tested | 16:07 |
| mathiaz | hggdh: otherwise ask in #ubuntu-release | 16:07 |
| mathiaz | smoser: do you have access to the ubuntuserver blog? | 16:09 |
| hggdh | mathiaz: indeed I could have *read* the page instead of just hitting the link | 16:10 |
| smoser | mathiaz, i do not think so. | 16:10 |
| smoser | or at least do not know so | 16:10 |
| mathiaz | smoser: yeah - confirmed you don't have access to it | 16:10 |
| mathiaz | smoser: when writting up the meeting minutes they should be published to the ubuntuserver blog | 16:11 |
| mathiaz | smoser: do you have a wordpress.com account? | 16:11 |
| mathiaz | smoser: ubuntuserver.wordpress.com is the place where the ubuntuserver blog is located | 16:11 |
| smoser | i dont know if i do or not. i will get one if not and let you know. | 16:12 |
| mathiaz | smoser: ok - let me know what email address you're using for your wordpress.com account | 16:13 |
| mathiaz | smoser: and I'll add to the list of users of the ubuntuserver blog | 16:13 |
| Daviey | mathiaz: /dev/cciss/, raises alarm bells with me.. I used to have helluva time with cciss support, but i thought that was all fixed now. | 16:17 |
| MTecknology | How far off would you say I am with getting the mailman web interface going? http://lists.kalliki.com | 16:21 |
| smoser | ttx, http://uec-images.ubuntu.com/lucid/20100407.1/ is there now. | 16:25 |
| smoser | and if you rsync, those images should get *very* good similarity to 20100407 | 16:25 |
| smoser | my sync took 3m | 16:26 |
| sherr | MTecknology: who knows! All I see is a directory index .. and I guess you want a proper mailman interface? | 16:29 |
| MTecknology | sherr: ya | 16:29 |
| sherr | MTecknology: mailman docs/setup ... it's been too long for me. But should be straightforward. | 16:29 |
| smoser | manifests are identical between 20100407 and 20100407.1 so the only change really *is* the lack of a UEC ramdisk in the .tar.gz file. | 16:30 |
| mathiaz | Daviey: right - cciss is working great now | 16:30 |
| sherr | I'd check your apache config first. | 16:30 |
| mathiaz | Daviey: the thing is: take the preseed and comment the eucalyptus-udeb line and the install will work correctly | 16:30 |
| MTecknology | sherr: I was trying to follow - http://doc.ubuntu.com/ubuntu/serverguide/C/mailman.html - I wound up with this config - http://paste.ubuntu.com/410590/ | 16:30 |
| mathiaz | Daviey: with eucalyptus-udeb, the install fails to reboot correctly | 16:31 |
| Daviey | MTecknology: You don't seem to have modpython support. | 16:33 |
| Daviey | mathiaz: that is crazy! | 16:34 |
| mathiaz | Daviey: yeah - no kidding.... welcome to my world! | 16:34 |
| sherr | MTecknology: why two ScriptAlias lines the same? | 16:35 |
| smoser | i've a question about https://help.ubuntu.com/community/Installation/NetworkConsole | 16:35 |
| smoser | anyeone know if you can set it up to start the install in a 'screen' ? and just start it without user input ? | 16:35 |
| smoser | i basically want to be able to watch an automated install of a remote machine without a.) network kvm or b.) serial console | 16:35 |
| Daviey | hmm the network console throws you into D-I over ssh | 16:36 |
| smoser | only want to poke at it if it gets hung | 16:36 |
| sherr | MTecknology: I am a little surprised you have "Indexes" on the mailman archives/public dir. | 16:36 |
| Daviey | smoser: so ignore the fact you are on a network console | 16:36 |
| smoser | Daviey, yeah, so i was hoping it would throw you into D-I over ssh in screen | 16:36 |
| smoser | :) | 16:36 |
| Daviey | if you preseed, the questions - then you get what you want :) | 16:36 |
| MTecknology | sherr: I copied it from /etc/mailman/apache.conf | 16:36 |
| smoser | so it wont' prompt at all ? | 16:36 |
| smoser | i'll have ot play with it i guess. | 16:37 |
| sherr | MTecknology: sorry, I have to pop out. I'd check the config again - maybe as per /usr/shape/doc/mailman (or whatever) - Debian readme? back later. | 16:38 |
| sherr | *share | 16:38 |
| smoser | thanks Daviey . the main interest is that i have 2 machines that i do autmated UEC install on down in the basement, but occasionally they hang (debconf question change or whatnot) and i'm so terribly lazy that i dont want to walk down there to see. i'd like to be able to ssh in an dcheck on them. | 16:38 |
| smoser | the warning about "reliable network" made me think that running the installer inside screen would be good, and then just attaching the incoming user to that | 16:39 |
| === dendro-afk is now known as dendrobates | ||
| Daviey | smoser: Yeah, it's a shame network-installer doesn't get more publicity and love. I hate working over a noisey server, so similar setup here. | 16:45 |
| alvin | is there a new policy about /etc/fstab about using UUID for LVM volumes? | 16:46 |
| * alvin will ask in ubuntu-bugs. It's probably a bug anyway. | 16:54 | |
| MTecknology | sherr: thanks, that's helped with postfix setup but not apache | 16:58 |
| MTecknology | Anybody know mailman that could help me figure out the rest of this setup? | 16:59 |
| hggdh | mathiaz: how did you get past the boot hanging on the uec rig? | 17:02 |
| smoser | stupid question: anyone have an easy command to run that takes a package, and exits failure if it is not installed ? | 17:11 |
| smoser | dpkg-query --show byobu | awk '-F\t' '$2 != "" { print $2; exit 0 } ; END { exit 1; }' | 17:13 |
| smoser | is what i have | 17:13 |
| smoser | but figured there is some way without the awk | 17:14 |
| hggdh | exit $(dpkg -l $1 | egrep -q ^ii) | 17:15 |
| === dendrobates is now known as dendro-afk | ||
| hggdh | er. missed the echo $? | 17:22 |
| binBASH | smoser: My cloud is setup, very cool ;) | 17:23 |
| hggdh | smoser: exit (dpkg -l $1 | egrep -q ^ii; echo $?) | 17:23 |
| smoser | hggdh, yeah. i saw. thanks. | 17:23 |
| smoser | ver=$(dpkg-query --show --showformat '${Version}\n' "$p") | 17:23 |
| smoser | [ -n "${ver}" ] && echo "PASS: ${p} installed (${ver})" || | 17:23 |
| smoser | echo "FAIL: $p not installed" | 17:23 |
| smoser | is what i came up with. mostly: ver=$(dpkg-query --show --showformat '${Version}\n' "$p") && [ -n "${ver}" ] | 17:24 |
| smoser | binBASH, yeah? its functioning ? | 17:24 |
| binBASH | smoser: I didn't test to start a vm yet, but instead of my former CentOS 5.4 setup I can find the nodes ;) | 17:26 |
| binBASH | so I think it's working | 17:26 |
| ttx | smoser: amd64/UEC image looking good | 17:43 |
| ttx | smoser: please fully test those by eod today | 17:43 |
| smoser | ttx, i'm trying to automate a few more of the user data tests and then will start the ec2 runs. | 17:44 |
| RoyK^ | hi all - I have a server setup with some lvm2 volumes - is it possible to attach a new disk to make ubuntu mirror them without recreating things? | 17:44 |
| ttx | smoser: and see with kirkland about validation on his setup as well | 17:44 |
| ttx | since he was hitting those issues quite steadily | 17:44 |
| kirkland | smoser: what's up? | 17:44 |
| ttx | kirkland: uec cloud images back to noramdisk, need as much testing as we can give it by eod | 17:45 |
| * ttx pauses for dinner and will be back | 17:45 | |
| kirkland | ttx: syncing now | 17:45 |
| smoser | kirkland, i was going to ask about enabling nework ssh in your installer (uec-auto). if you'd thought of that. | 17:45 |
| kirkland | smoser: so http://uec-images.ubuntu.com/lucid/current/ are ramdiskless now? | 17:48 |
| kirkland | smoser: i'm wgetting | 17:48 |
| smoser | yes. 20100417.1 | 17:48 |
| kirkland | smoser: okay, it's up and running | 18:00 |
| kirkland | smoser: well... i'm not sure, how can I make sure i have no ramdisk? | 18:00 |
| kirkland | smoser: ls /boot? | 18:00 |
| smoser | you can't tell from inside. | 18:00 |
| smoser | euca-describe-images will not show an ari | 18:01 |
| smoser | and console output will not have ramdisk like messages | 18:01 |
| kirkland | smoser: http://pastebin.ubuntu.com/410632/ | 18:01 |
| kirkland | smoser: registration looks right | 18:01 |
| smoser | right. | 18:01 |
| kirkland | smoser: so i'm confident i registered it without a ramdisk | 18:02 |
| smoser | euca-describe-images should have 'aki-' for that image, but no 'ari-'. right. | 18:02 |
| smoser | and it boots ? | 18:02 |
| kirkland | $ euca-describe-images emi-3FCB1298 | 18:02 |
| kirkland | IMAGE emi-3FCB1298 foo/lucid-server-uec-amd64.img.manifest.xml admin available public x86_64 machine eki-66F2179C | 18:02 |
| kirkland | smoser: yep, booted | 18:02 |
| smoser | yeah, previously on your hardware we saw hang almost all the time. | 18:03 |
| smoser | and on mine 100% of the time. | 18:04 |
| smoser | mathiaz, hggdh i'd like to run this test on the data center uec if possible | 18:04 |
| smoser | as that was the place that never seemed to fail when we had no ramdisk before (everyone else generally saw failure, so *something* was different -- timeing -- and i want to test there) | 18:05 |
| hggdh | smoser give me 15 minutes | 18:10 |
| alloosh | hi guys, I am hosting a web application using ubuntu server. I have the application in English and german, the german version is not displayed right in the browser, is that a server issue? | 18:13 |
| alloosh | * I mean german characters are not displayed | 18:13 |
| kirkland | smoser: sweet, so this is resolved? | 18:14 |
| kirkland | smoser: what was the fix? | 18:14 |
| smoser | well, we hope so. | 18:14 |
| smoser | there are several changes since beta-1 in upstart, mountall, and plymouth ( i dont thikn plymouth was involved). | 18:15 |
| smoser | kirkland, one nice thing for you to do would be to verify that this fails with beta-1 | 18:15 |
| kirkland | jdstrand: are there any libvirt uploads pending? | 18:15 |
| smoser | ie, download beta1 tarball, uec-publish-tarball --ramdisk=none | 18:15 |
| smoser | that should hang like we used to see it. | 18:15 |
| smoser | (it does for me) | 18:16 |
| kirkland | jdstrand: i needed to fix a couple of minor issues in the upstart init script and the debian/control | 18:16 |
| kirkland | smoser: can you url me the beta1 download? | 18:16 |
| jdstrand | kirkland: yes, ubuntu19 is waiting to be accepted | 18:17 |
| smoser | kirkland, you are lazy | 18:17 |
| jdstrand | kirkland: (already uploaded) | 18:17 |
| kirkland | smoser: i'm doing several things right now | 18:18 |
| smoser | http://uec-images.ubuntu.com/releases/lucid/beta1/ubuntu-10.04-beta1-server-uec-amd64.tar.gz | 18:18 |
| kirkland | smoser: beautiful, thanks | 18:18 |
| smoser | no problem , i just like complaining. | 18:18 |
| kirkland | smoser: wget happening | 18:18 |
| smoser | kirkland, you *were* mirroring i think | 18:18 |
| smoser | did you stop ? | 18:18 |
| smoser | ie, you might have that local | 18:18 |
| jdstrand | kirkland: https://launchpad.net/ubuntu/lucid/+queue?queue_state=1&queue_text=libvirt | 18:18 |
| kirkland | smoser: hrmm, i think you're right, actually | 18:18 |
| kirkland | jdstrand: i'm going to run the changes by you before uploading | 18:19 |
| jdstrand | kirkland: please make on ubuntu20 based off what is in the queue | 18:19 |
| kirkland | jdstrand: pretty small, straightforward | 18:19 |
| kirkland | jdstrand: yup, just grabbed it | 18:19 |
| kirkland | jdstrand: i think 2 sets of eyes is essential now | 18:19 |
| jdstrand | kirkland: k | 18:20 |
| jdstrand | kirkland: this is for post-freeze? | 18:20 |
| kirkland | jdstrand: yes | 18:20 |
| jdstrand | ok cool | 18:20 |
| kirkland | jdstrand: post-freeze, yes | 18:20 |
| kirkland | jdstrand: just wanted to get it queued | 18:20 |
| * jdstrand nods | 18:20 | |
| kirkland | jdstrand: https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/556312 | 18:20 |
| uvirtbot | Launchpad bug 556312 in libvirt "libvirt packages should not Recommend hypervisor packages" [Wishlist,Confirmed] | 18:20 |
| kirkland | jdstrand: i'm inclined to agree with the reporter, and make the hypervisor a suggests of libvirt | 18:20 |
| jdstrand | kirkland: I agree with both you and mathiaz | 18:21 |
| jdstrand | kirkland: libvirt+qemu-kvm is the recommended/supported virtualization solutino on ubuntu | 18:21 |
| kirkland | jdstrand: agreed | 18:22 |
| jdstrand | kirkland: if you change this to Suggests, you probably will need to change documentation | 18:22 |
| jdstrand | (I'm not sure, but worth checking) | 18:22 |
| kirkland | jdstrand: what documentation? | 18:22 |
| jdstrand | splitting out virsh from libvirtd is not a bad idea | 18:22 |
| jdstrand | kirkland: anything people will read that says 'apt-get install libvirt-bin' or whatever | 18:23 |
| jdstrand | re splitting> imo not for lucid and not without debian | 18:23 |
| jdstrand | kirkland: otherwise they'll have a shiny, but useless libvirt, which will lead to confusion | 18:23 |
| jdstrand | there may be a debian bug on the libvirtd/virsh split... | 18:24 |
| kirkland | jdstrand: agreed, split virsh for maverick is a good idea (not for lucid) | 18:24 |
| kirkland | jdstrand: that documentation should read "apt-get install ubuntu-virt-server" | 18:25 |
| kirkland | jdstrand: apt-cache show ubuntu-virt-server | 18:25 |
| jdstrand | kirkland: my feeling is don't drop to Suggests, and maybe fix for maverick | 18:25 |
| kirkland | jdstrand: that's our meta-package for libvirt + kvm + ssh | 18:25 |
| kirkland | jdstrand: you say "don't drop" to suggests? | 18:25 |
| jdstrand | kirkland: sure, but I don't know what else if floating out there | 18:25 |
| kirkland | jdstrand: sorry, i thought you were agreeing with drop to suggests | 18:25 |
| jdstrand | kirkland: yeah-- keep as is, say in the bug that we are considering splitting out libvirtd, etc | 18:26 |
| jdstrand | kirkland: that's my opinion, but I don't have a strong preference | 18:26 |
| jdstrand | I understand his point, but don't agree with dropping to Suggests (mathiaz' 80/20 analogy) | 18:27 |
| kirkland | jdstrand: i'm not seeing any apt-get install libvirt-bin in the documentation (at least google isn't finding it) | 18:27 |
| kirkland | jdstrand: okay | 18:27 |
| jdstrand | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508606 | 18:28 |
| uvirtbot | Debian bug 508606 in libvirt-bin "Split virsh to separate package" [Wishlist,Open] | 18:28 |
| kirkland | jdstrand: https://help.ubuntu.com/8.04/serverguide/C/libvirt.html | 18:28 |
| kirkland | sudo apt-get install kvm libvirt-bin | 18:28 |
| kirkland | https://help.ubuntu.com/search.html?cof=FORID%3A9&cx=004599128559784038176%3Avj_p0xo-nng&ie=UTF-8&q=libvirt&sa=Search | 18:28 |
| jdstrand | kirkland: if you are comfortable that it won't confuse users, then I don't see a huge problem with dropping to Suggests, even though I don't personally agree | 18:29 |
| kirkland | jdstrand: i think we should be unanimous at this point in Lucid :-) | 18:29 |
| kirkland | jdstrand: i'm willing to capitulate | 18:29 |
| kirkland | jdstrand: i don't *think* it will confuse users, as I don't see any documentation that says 'install libvirt' and expects kvm to be there too | 18:30 |
| kirkland | jdstrand: i think that 'Suggests' is appropriate, though definitely different than the behavior we've had for a long time | 18:30 |
| soren | I'm still wondering about this... Perhaps we should reverse the recommendation? | 18:31 |
| soren | So that qemu-kvm recommends libvirt-bin. | 18:32 |
| jdstrand | kirkland: it depends on the POV: someone who just wants virsh doesn't need it. someone who wants to do virtulization on ubuntu does | 18:33 |
| soren | Using libvirt is after all our recommended way to use kvm. | 18:33 |
| jdstrand | which is which I think it is wishlist on the debian bug | 18:33 |
| jdstrand | *shrug* | 18:33 |
| soren | It would certainly fix the "I wanted libvirt, but I didn't want kvm" problem. | 18:33 |
| kirkland | jdstrand: fair enough, i'm good with deferring this for lucid, and just telling user to use --no-install-recommends | 18:33 |
| jdstrand | I've made my point. I won't complain about Suggest any more | 18:33 |
| jdstrand | soren: I think there may be a lot of kvm users who don't want libvirt | 18:34 |
| soren | jdstrand: Well, the usual phrasing in our docs is that we recommend using libvirt to manage kvm. | 18:35 |
| soren | I wonder why reversing the relationship hasn't occured to me before now. | 18:35 |
| jdstrand | soren: absolutely. I just think that practically, there are more users of kvm with libvirt than libvirt-bin users with kvm | 18:36 |
| jdstrand | err | 18:36 |
| soren | er... :) | 18:36 |
| soren | ? | 18:36 |
| jdstrand | there are more users of kvm _without_ libvirt than libvirt-bin users _without_ kvm | 18:37 |
| kirkland | jdstrand: i agree with you | 18:37 |
| hggdh | smoser: ping on the uec rig | 18:37 |
| soren | jdstrand: Probably. I'm just suggesting putting our debian/control file where our mouths are. | 18:38 |
| soren | Or something. | 18:38 |
| jdstrand | heh | 18:38 |
| smoser | hggdh, is it up? | 18:38 |
| hggdh | smoser: I cannot pressed them, they are all down | 18:39 |
| hggdh | smoser: mathiaz opened a bug on it, bug 556833 | 18:39 |
| uvirtbot | Launchpad bug 556833 in eucalyptus "System fails to reboot after eucalyptus preseeded instlation" [Undecided,New] https://launchpad.net/bugs/556833 | 18:39 |
| mathiaz | hggdh: right - I don't know how to work around that one :/ | 18:40 |
| smoser | :-( | 18:40 |
| hggdh | smoser: yes, a real killer :-( | 18:40 |
| === luis__lopez is now known as luis_lopez | ||
| hggdh | smoser: I was trying to find *where* we are being hit, but it is a very long process | 18:40 |
| hggdh | smoser: so I hoped you would know more ;-) | 18:41 |
| hggdh | ttx: the euc rig is -- right now -- down hard | 18:42 |
| smoser | oh, i have no idea on that. sorry. | 18:42 |
| hggdh | uec | 18:42 |
| mathiaz | hggdh: so the installation fails even with topo1? | 18:43 |
| hggdh | mathiaz: I went to multi | 18:46 |
| hggdh | mathiaz: hum. I will try topo1 now | 18:46 |
| mathiaz | hggdh: yeah - try topo1 | 18:46 |
| mathiaz | it may well be that only multi is broken | 18:46 |
| hggdh | mathiaz: I saved the syslog for multi, uploaded it to the bug | 18:46 |
| hggdh | smoser: so can I keep the rig for now? | 18:47 |
| smoser | hggdh, sure. | 18:48 |
| smoser | if you do bring it up i'd like to just run some instances on it. | 18:48 |
| ttx | back | 18:48 |
| hggdh | smoser: cross your fingers. And toes, just in case | 18:48 |
| smoser | done | 18:49 |
| mathiaz | smoser: please to start running | 18:49 |
| hggdh | ttx: I am having problems with the uec rig, cannot test multi | 18:49 |
| ttx | hggdh: the other topologies are alright ? | 18:55 |
| hggdh | ttx: trying now topo1, the simplest | 18:55 |
| ttx | smoser: any reason why the userdata test for UEC cloud images is truncated ? | 19:01 |
| smoser | truncated as compared to EC2 ? | 19:02 |
| ttx | yes | 19:02 |
| smoser | i'm fine if you want to put all of the tests there. | 19:02 |
| ttx | was just wondering if they were not relevant or | 19:02 |
| smoser | i onlhy shortened it to reduce the requirement. | 19:02 |
| smoser | they are relevant | 19:02 |
| ttx | I'm ok with this test right now | 19:02 |
| smoser | just time consuming | 19:02 |
| ttx | direct download of the link gives you a HTML page btw | 19:03 |
| ttx | maybe point to the "download file" link instead ? | 19:03 |
| hggdh | ok, cempedak booted with topo1. Will now load the others | 19:03 |
| smoser | my thoguht process is that we test it more completely on ec2. and then test to make that user data is generally functional on euca, the user space code should function similarly. | 19:04 |
| ttx | smoser: agreed | 19:04 |
| smoser | (mostly we're testing the metadata service :) | 19:04 |
| smoser | regarding the link, yeah, i knew it wasn't to the 'download' | 19:04 |
| smoser | the reason for not directly to download is that i wanted to give some context of where it came from | 19:05 |
| smoser | i'll add a 'direct download' link | 19:05 |
| ttx | ack | 19:05 |
| ttx | smoser: are the EC2 instance tests in progress ? | 19:12 |
| smoser | yeah | 19:12 |
| ttx | kirkland: did you try the UEC cloud images yet ? Looking good on my side | 19:20 |
| kirkland | ttx: yes, look good here too | 19:24 |
| kirkland | ttx: i did test them | 19:24 |
| mathiaz | hggdh: so it's only the multi-network topo that fails to install? | 19:25 |
| mathiaz | smoser: will the current ami number change when beta2 is released? | 19:29 |
| ttx | kirkland: cool, please register your results on the ISO tracker if appropriate | 19:30 |
| smoser | yes | 19:30 |
| smoser | mathiaz, | 19:30 |
| smoser | :-( | 19:30 |
| smoser | that is, i think, not likely to change. we publish images with names like "testing" or "daily". re-publishing as "beta-1" generates new ids | 19:31 |
| mathiaz | smoser: right - I wanted to mention the AMI number in a blog post where I use the Lucid Beta2 image | 19:31 |
| mathiaz | smoser: but that will change | 19:31 |
| mathiaz | smoser: I will point to a URL instead | 19:31 |
| smoser | what url ? | 19:32 |
| ttx | kirkland, smoser, mathiaz, zul: I'll stop my tests for today, please try to cover the gaps in http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all as well as you can, I'll fill the missing ones tomorrow morning | 19:32 |
| mathiaz | smoser: that's my next question | 19:32 |
| hggdh | adding user1/insecure as an user to the cloud at the rig, getting a message "password may not contain parts of user name | 19:33 |
| mathiaz | smoser: where will the list of Lucid Beta2 image be published? | 19:33 |
| hggdh | ins't this a bit excessive? | 19:33 |
| mathiaz | hggdh: the username is user1 and the password is insecure ? | 19:34 |
| hggdh | mathiaz: correct | 19:34 |
| mathiaz | hggdh: hm - you may have run into a bug then | 19:35 |
| smoser | well, they will appear at http://uec-images.ubuntu.com/releases/lucid/beta-2 mathiaz | 19:35 |
| mathiaz | hggdh: or the error message is wrong | 19:35 |
| mathiaz | smoser: thanks | 19:35 |
| hggdh | mathiaz: k, just wanted to be sure, will open a bug on it | 19:35 |
| mathiaz | hggdh: the letters of user1 are (almost) all in the word insecure though | 19:35 |
| hggdh | mathiaz: yes, they are. Still, it sounds excessive | 19:36 |
| smoser | well, password 'insecure' does contain parts of 'user1', the 'e', 'u', 's', 'r'. actually all but the 1 | 19:36 |
| smoser | yeah | 19:36 |
| zul | ttx: acked | 19:37 |
| smoser | such a policy would actually significantly decrease the number of pass phrases possible for some users. | 19:37 |
| mathiaz | the security team probably knows more about that - kees jdstrand mdeslaur ^^ | 19:38 |
| hggdh | will try another variation of the theme | 19:41 |
| hggdh | no, my bad -- overjumped a filed :-( | 19:41 |
| mdeslaur | huh? | 19:43 |
| mdeslaur | mathiaz: what's the issue? | 19:43 |
| mathiaz | mdeslaur: 14:33 < hggdh> adding user1/insecure as an user to the cloud at the rig, getting a message "password may not contain parts of user name | 19:43 |
| kklimonda | hmm, is it still possible to get django 1.2 into lucid if the final release is planned for 26th? on the one hand it's way too late and upstream has pushed back the schedule 3 or 4 times already + we would have to check all django rdepends for compatibility issues. on the other hand supporting 1.1 for 5 years may not be easy as the upstream have done quite a few big changes in 1.2.. | 19:43 |
| mathiaz | mdeslaur: 14:33 < hggdh> ins't this a bit excessive? | 19:44 |
| mathiaz | kklimonda: as the upstream have done quite a few big changes in 1.2... <- that's another argument to *not* ship 1.2 in an LTS release | 19:45 |
| hggdh | mdeslaur, mathiaz overshot a field in the page, my error | 19:46 |
| mathiaz | kklimonda: things will get outdated over the life time of an LTS | 19:46 |
| mdeslaur | hggdh: ok, cool. | 19:46 |
| mathiaz | kklimonda: if upstream commits for a longer maintainance window of 1.2 it may change the game | 19:46 |
| kklimonda | mathiaz: right - 1.2 is backward compatible with 1.1 which is in karmic (and both are not compatible with 0.96 from hardy anyway. I don't think developers are going to extend support over 6 months for fixes and another 6 months for security fixes. | 19:51 |
| kirkland | smoser: around? | 19:56 |
| kirkland | smoser: would you mind proofreading something for me? | 19:57 |
| smoser | of course i would | 19:57 |
| smoser | :) | 19:57 |
| smoser | sure whats up? | 19:57 |
| kirkland | smoser: http://pastebin.ubuntu.com/410683/ | 19:59 |
| kirkland | smoser: just give that a once-over | 19:59 |
| RoAkSoAx | kirkland, Howdy!! You might be able to help me. Is it possible to put each KVM instance in a different vlan? How/where to find info? | 20:09 |
| alvin | kirkland: I just read that. About the last sentence: (fully supported) Canonical told me today (in a case) they don't support graphical operating systems in virtual machines. I was pointed to this page: https://help.ubuntu.com/community/KVM where VirtualBox is listed. | 20:10 |
| alvin | It wasn't relevant for the case, but left me wondering. Virtualbox isn't in main. | 20:12 |
| MTecknology | funkyHat: hi | 20:12 |
| MTecknology | funkyHat: your choice | 20:12 |
| funkyHat | MTecknology: let's go with here, looks quite quiet | 20:13 |
| MTecknology | ok | 20:13 |
| MTecknology | funkyHat: so, there's a bunch of directories now | 20:14 |
| kirkland | Alblasco1702: thanks | 20:14 |
| kirkland | alvin: thanks | 20:15 |
| kirkland | alvin: i'll update | 20:15 |
| funkyHat | ok, so the exim conf.d dir has a bunch of other dirs in it, one for each main section of the exim config. So each folder is read in a pre-set order (main first, router last I believe, but anyway). Inside those dirs the files are named so that they go in the right order | 20:15 |
| funkyHat | That means you can put a new file in there with a number between 2 others if you want your file to be read after one but before the next | 20:15 |
| kirkland | RoAkSoAx: hrm, mathiaz knows more about vlans than I do | 20:15 |
| RoAkSoAx | kirkland, ok :) | 20:15 |
| RoAkSoAx | mathiaz, ^^ | 20:16 |
| mathiaz | RoAkSoAx: what do you wanna do exactly? | 20:16 |
| MTecknology | funkyHat: alrighty | 20:16 |
| mathiaz | RoAkSoAx: vlan are configured in the guest | 20:16 |
| MTecknology | funkyHat: btw - mailman is the only reason exim is on the server | 20:17 |
| funkyHat | MTecknology: that makes it a little simpler, but not much ⡈) | 20:17 |
| alvin | kirkland: Keep in mind that X is client/server protocol ;-) | 20:17 |
| RoAkSoAx | mathiaz, so for example, i configure in VM1 vlan1, and VM2 vlan2, the Host is connected to a switchport which is configured as a trunking port? | 20:17 |
| funkyHat | MTecknology: http://www.exim.org/howto/mailman21.html#exconf explains the bits you need to add to each section | 20:18 |
| funkyHat | MTecknology: so the bit about macro defs should go in /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs | 20:18 |
| RoAkSoAx | mathiaz, and every host I have to configure it to be able to access the trunk? | 20:20 |
| mathiaz | RoAkSoAx: IIRC a trunking port means that any vlan will go through it | 20:20 |
| mathiaz | RoAkSoAx: that being said kvm may not support the vlan tags generated by the guest | 20:21 |
| MTecknology | funkyHat: so the first part is 'Main configuration settings' | 20:21 |
| mathiaz | RoAkSoAx: and drop them when sending the packet to the switch | 20:21 |
| funkyHat | MTecknology: make a new file for the exim router. I named mine 450_local_mailman | 20:21 |
| funkyHat | MTecknology: right | 20:22 |
| funkyHat | MTecknology: actually I made a new file in the main dir for mine it seems | 20:22 |
| MTecknology | funkyHat: 'Exim Router' config goes into /etc/exim4/conf.d/router/450_local_mailman ? | 20:22 |
| mathiaz | RoAkSoAx: you also need to make sure that kvm is using a bridge as the network interface between the guests and the switch port | 20:22 |
| funkyHat | MTecknology: 04_mailman_options I called it | 20:23 |
| RoAkSoAx | mathiaz, right that's the thing. usually what I would do (in a cisco switch) "switchport access vlan 2" | 20:23 |
| RoAkSoAx | and connected to that switchport the machine | 20:23 |
| MTecknology | funkyHat: so jsut from the router config in '/etc/exim4/conf.d/router/04_mailman_options' ? | 20:24 |
| funkyHat | MTecknology: ah, sorry I was still talking about the main config | 20:24 |
| funkyHat | Got a bit behind | 20:25 |
| RoAkSoAx | mathiaz, now, given that the machine hosts many KVM's, that would mean that I should not configure the switchport to only listen to vlan 2, but would have to be configured as trunk, restricting which vlans will go through, correct? | 20:25 |
| MTecknology | funkyHat: let's start over here.. | 20:25 |
| funkyHat | MTecknology: so I have conf.d/main/04_mailman_options | 20:25 |
| funkyHat | I also have conf.d/router/450_mailman_router | 20:26 |
| MTecknology | alrighty, "Main configuration settings" goes into the first? | 20:26 |
| funkyHat | Yes | 20:26 |
| hggdh | smoser: I should take another 30 minutes on the rig | 20:26 |
| smoser | ok. | 20:27 |
| funkyHat | MTecknology: So you can just copy and paste from that howto page, but you might need to adjust bits like the username, group and paths | 20:27 |
| MTecknology | yup | 20:28 |
| funkyHat | MTecknology: the router and the transport you can just take as they are and put them in their own files in router/ and transport/ | 20:28 |
| funkyHat | My router is 450_mailman_router and the transport is 40_local_mailman_pipe (don't know why it's called pipe!). | 20:29 |
| funkyHat | The routers are where the order is important | 20:29 |
| mathiaz | RoAkSoAx: yes - IIRC setting a switch port to trunking means that it will not control the vlans bits in the packet | 20:29 |
| mathiaz | RoAkSoAx: note that you may loose some security here as it would be the guests that are responsible for setting the proper vlan | 20:29 |
| mathiaz | RoAkSoAx: if you compromise a guest you could switch its configuration to use another vlan | 20:30 |
| MTecknology | funkyHat: then restart exim? | 20:30 |
| funkyHat | MTecknology: yep | 20:30 |
| mathiaz | RoAkSoAx: so the proper way to do it would be in the bridge on the kvm *host* | 20:30 |
| MTecknology | hrm.. user mailman was not found | 20:30 |
| funkyHat | make sure you use the init script not sending it sighup | 20:30 |
| MTecknology | I wonder what user it installs as | 20:30 |
| funkyHat | from the repos it's list, I believe | 20:31 |
| funkyHat | you could ps aux | grep mailman | 20:31 |
| mathiaz | RoAkSoAx: I'm not familir enough with the bridge in linux to see if that's possible (I'd guess so) | 20:31 |
| mathiaz | RoAkSoAx: *familiar* | 20:31 |
| MTecknology | list | 20:31 |
| MTecknology | funkyHat: yay - no errors now - so should things work like magic? | 20:32 |
| funkyHat | Theoretically! | 20:33 |
| MTecknology | well - sent an email reminder - we'll see it it shows up.. | 20:34 |
| RoAkSoAx | mathiaz, right, so I would have to do something like this? http://paste.ubuntu.com/410694/ | 20:34 |
| RoAkSoAx | (for the guests) | 20:34 |
| funkyHat | MTecknology: you can check the exim logs to see what happened to it | 20:35 |
| MTecknology | funkyHat: doesn't look too bad | 20:37 |
| MTecknology | http://paste.ubuntu.com/410697/ | 20:37 |
| mathiaz | RoAkSoAx: http://bazaar.launchpad.net/~mathiaz/%2Bjunk/uec-testing-preseeds/annotate/head%3A/templates/preseed/lucid/uec_multi_router#L3 | 20:37 |
| mathiaz | RoAkSoAx: ^^ in the late_command I generate a complete /etc/network/interface that sets up 4 interfaces with vlans | 20:38 |
| RoAkSoAx | mathiaz, that's the KVM *host*, correct? so in the KVM guests we only assign an IP address on the same subnet as the one in the vlan? | 20:39 |
| === dendro-afk is now known as dendrobates | ||
| mathiaz | RoAkSoAx: nope - that would be the KVM guest | 20:40 |
| mathiaz | RoAkSoAx: in the kvm guest you create an eth0.2 interface | 20:40 |
| mathiaz | RoAkSoAx: where eth0 is the raw interface and 2 is the vlan | 20:40 |
| mathiaz | RoAkSoAx: and install the vlan package | 20:40 |
| mathiaz | RoAkSoAx: that's all what is required | 20:40 |
| MTecknology | How do I set the time on a system? | 20:40 |
| RoAkSoAx | mathiaz, awesome then. I'll give it a try :) | 20:41 |
| mathiaz | RoAkSoAx: the ifupdown scripts takes care of setting a vlan in the guest | 20:41 |
| mathiaz | RoAkSoAx: but you have to trust you guests | 20:41 |
| mathiaz | RoAkSoAx: but you have to trust *your* guests | 20:41 |
| MTecknology | oh.. | 20:41 |
| RoAkSoAx | mathiaz, right. Ok then I'll give it a try to see how my config goes then :). Thanks for the help | 20:42 |
| BlaDe^ | Hi I've recently moved over to linux, and I've installed apache/php and PHP doesn't have the permissions to include | 20:42 |
| mathiaz | RoAkSoAx: np | 20:42 |
| BlaDe^ | should I run apache as a different user or chmod differently? what's the recommended solution? | 20:42 |
| guntbert | MTecknology: did you see https://help.ubuntu.com/8.04/serverguide/C/NTP.html ? | 20:43 |
| funkyHat | BlaDe^: fix the permissions on your files so that www-data can read them | 20:43 |
| MTecknology | guntbert: I just rememebered dpkg-reconfigure tzdata | 20:44 |
| BlaDe^ | funkyHat, should I chmod the entire /var/www dir then ? (to 777 iirc) ? | 20:44 |
| funkyHat | BlaDe^: never ever to 777 | 20:44 |
| guntbert | MTecknology: good :) | 20:44 |
| BlaDe^ | funkyHat to what then? | 20:44 |
| MTecknology | funkyHat: this line looks interesting.. 2010-04-07 19:30:05 1Nzawv-0005yE-15 == michael@lists.kalliki.com R=dnslookup_relay_to_domains T=remote_smtp defer (111): Connection refused | 20:45 |
| sherr | BlaDe^: This is very basic unix. You need to look at file/dir permissions. | 20:45 |
| sherr | BlaDe^: man chmod | 20:45 |
| funkyHat | MTecknology: that was before you restarted exim | 20:46 |
| sherr | BlaDe^: consider read (r) perm for instance - and user/group/other perms | 20:46 |
| MTecknology | funkyHat: I cleared the log and restarted - I'll send the mail again | 20:46 |
| MTecknology | funkyHat: that pops up again right after restarting | 20:46 |
| funkyHat | MTecknology: hrm | 20:47 |
| MTecknology | funkyHat: clear log, restart - http://paste.ubuntu.com/410699/ | 20:47 |
| MTecknology | restart exim* | 20:48 |
| funkyHat | MTecknology: what about /var/log/exim4/rejectlog? | 20:48 |
| funkyHat | MTecknology: oh, we might have forgotten the bit about configuring mailman... | 20:49 |
| funkyHat | hah | 20:49 |
| funkyHat | http://www.exim.org/howto/mailman21.html#mmconf | 20:49 |
| MTecknology | I set that part | 20:49 |
| MTecknology | I think I did - h on | 20:49 |
| funkyHat | oh ok | 20:49 |
| BlaDe^ | sherr, I've read what the permissions to.. bitwise system and such but I don't knwo what I should be allowing | 20:50 |
| funkyHat | BlaDe^: basically you should only allow www-data to read. usually making the files world-readable is acceptable. so chmod -R go+rX /var/www should do nicely | 20:51 |
| guntbert | BlaDe^: never allow write access for "others" on a server! | 20:51 |
| BlaDe^ | right ok | 20:51 |
| funkyHat | That is (for group and others) add (read and "execute if it already had execute permissions") | 20:51 |
| ttx | smoser: about to call it a day, I see only 4 EC2 tests completed, is that the current situation ? | 20:53 |
| smoser | yes. | 20:53 |
| smoser | ttx, dont worry too much about it. | 20:53 |
| smoser | i ran into a snafu with the ebs images | 20:53 |
| smoser | which i'm fixing. | 20:53 |
| MTecknology | funkyHat: ok - screwed up a little | 20:53 |
| smoser | it will require new AMIs in the iso tracker | 20:53 |
| ttx | ah | 20:53 |
| ttx | smoser: ok | 20:54 |
| MTecknology | funkyHat: I restart and now all I'm getting is - 2010-04-07 14:53:56 1Nzawv-0005yE-15 == michael@lists.kalliki.com R=dnslookup_relay_to_domains T=remote_smtp defer (-53): retry time not reached for any host | 20:55 |
| MTecknology | funkyHat: any idea what that last piece to this is? | 20:58 |
| MTecknology | I'm assuming the last piece before things get simple | 20:58 |
| MTecknology | funkyHat: did you run off? | 21:03 |
| funkyHat | MTecknology: yes but I am back! | 21:03 |
| MTecknology | funkyHat: :P | 21:03 |
| MTecknology | funkyHat: could we maybe go dpkg-reconfigure exim4 step by step? I need to run up to my gf's room and I'll be right back on | 21:06 |
| funkyHat | MTecknology: sure | 21:07 |
| BlaDe^ | I've setup the mod_rewrite and it's present in the phpinfo(); however my url's aren't being re-written. Is there anything additional I need to do for .htaccess files to be read? | 21:07 |
| funkyHat | BlaDe^: in your server config you need to add AllowOverride +FileInfo | 21:09 |
| BlaDe^ | ah right ok, I'll try that | 21:09 |
| BlaDe^ | should I apply that to the root dir? | 21:10 |
| funkyHat | There should be a section for <Directory /var/www? | 21:11 |
| funkyHat | argh I can't type ???? | 21:11 |
| funkyHat | right chevron | 21:11 |
| funkyHat | > nope I was just being an idiot | 21:11 |
| MTecknology | funkyHat: alrighty - internet site | 21:12 |
| BlaDe^ | Yeah, I've just added it. However it still isn't working | 21:12 |
| MTecknology | kirkland: system mail name: lists.kalliki.com | 21:12 |
| funkyHat | MTecknology: yep | 21:12 |
| BlaDe^ | <Directory /var/www/> AllowOverride Options FileInfo </Directory> | 21:13 |
| kirkland | MTecknology: huh? | 21:13 |
| BlaDe^ | then restarted apache | 21:13 |
| MTecknology | funkyHat: IP to listen on: blank ? | 21:13 |
| funkyHat | MTecknology: yep | 21:13 |
| MTecknology | kirkland: he's halping me setup a mailman mailing list | 21:13 |
| MTecknology | kirkland: oh- sorry! | 21:13 |
| MTecknology | kirkland: didn't mean to hilighty you, k is too close to f :P | 21:14 |
| funkyHat | MTecknology: I'm wondering if setting the system mail name to lists.kalliki is getting in the way | 21:14 |
| MTecknology | funkyHat: should I set it to jsut the actual server name? | 21:15 |
| Hypnoz | whats the deal with #sysadmin? How do you get an invite to that chan? | 21:15 |
| funkyHat | MTecknology: yeah | 21:15 |
| MTecknology | funkyHat: so texo.kalliki.com or just texo? | 21:16 |
| funkyHat | MTecknology: probably doesn't matter | 21:16 |
| MTecknology | funkyHat: ? - the help part says | 21:16 |
| MTecknology | Thus, if a mail address on the local host is foo@example.org, the correct value for this option would be example.org.' | 21:16 |
| funkyHat | MTecknology: put it in as texo.kalliki.com then | 21:17 |
| MTecknology | funkyHat: ok - IP to listen on blank | 21:18 |
| funkyHat | Yep | 21:18 |
| MTecknology | funkyHat: and then in 'Other destinations for which mail is accepted:' I should add lists.kalliki.com ? | 21:19 |
| funkyHat | texo.kalliki.com doesn't resolve... | 21:19 |
| MTecknology | no | 21:19 |
| funkyHat | MTecknology: no don't put that there | 21:19 |
| MTecknology | funkyHat: it resolves internally but that's it | 21:19 |
| MTecknology | funkyHat: lists.kalliki.com goes to that server | 21:20 |
| funkyHat | Don't put lists.kalliki.com in other destinations | 21:20 |
| funkyHat | I don't think it's needed | 21:20 |
| MTecknology | ok | 21:20 |
| MTecknology | the default in there is texo.texo | 21:20 |
| funkyHat | Ok just leave it like that then | 21:21 |
| MTecknology | Domains to relay mail for: ? | 21:21 |
| funkyHat | None | 21:21 |
| funkyHat | or default | 21:21 |
| MTecknology | machines to relay I'm guessing should be blank too | 21:21 |
| MTecknology | 'Keep number of DNS-queries minimal (Dial-on-Demand)?' default No - probably doesn't matter? | 21:22 |
| funkyHat | Shouldn't matter, no is better | 21:23 |
| MTecknology | yay - more intelligible errors in the logs | 21:23 |
| MTecknology | 2010-04-07 15:22:58 1Nzbm6-0006vx-OR ** root@lists.kalliki.com: Unrouteable address | 21:24 |
| funkyHat | aha! | 21:24 |
| funkyHat | What does the rejectlog say? | 21:24 |
| MTecknology | there isn't one | 21:25 |
| MTecknology | so _ I have two frozen messages _ must be getting closer now :) | 21:26 |
| MTecknology | funkyHat: nice - "Drupal Multisite in lighttpd" - I went to nginx | 21:28 |
| funkyHat | MTecknology: I'm actually still running apache, working on migrating my setup to lighttpd so I can do a proper comparison | 21:29 |
| MTecknology | funkyHat: Is there something I need to enable for rejectlog? | 21:30 |
| funkyHat | MTecknology: no, maybe that's a spamd thing | 21:31 |
| MTecknology | funkyHat: I have spamassassin installed but I commented out the line that tells mailman to use it | 21:32 |
| funkyHat | I'm trying to remember if I had any other issues... | 21:33 |
| funkyHat | MTecknology: can you pastebin /var/lib/exim4/config.autogenerated | 21:34 |
| MTecknology | funkyHat: http://paste.ubuntu.com/410718/ | 21:36 |
| hggdh | smoser: you can use the rig now | 21:38 |
| hggdh | smoser: tell me when you are done, please | 21:38 |
| smoser | hggdh, thanks... is it up and running ? | 21:38 |
| MTecknology | hggdh: sounds like fun - can I play? | 21:38 |
| hggdh | smoser: yes, it is up & running, topo1 | 21:40 |
| hggdh | MTecknology: heh | 21:40 |
| MTecknology | funkyHat: so is that just slapping together all the configs? | 21:41 |
| funkyHat | MTecknology: yeah, the split config files is a Debian thing, when the init script starts exim up it jams all of the files together and puts them there, and that's the actual config file that exim reads | 21:42 |
| smoser | hggdh, you registered the beta 1 images ? | 21:42 |
| MTecknology | funkyHat: does it look like i screwed up? | 21:42 |
| funkyHat | MTecknology: I don't think so. Still figuring it out | 21:43 |
| funkyHat | We might need to modify an acl | 21:43 |
| MTecknology | sounds exciting | 21:45 |
| MTecknology | The 'S' in 'STMP' is supposed to stand for 'Simple' right? ... I'm not seeing it. | 21:46 |
| funkyHat | MTecknology: ⡈D the protocol itself is pretty simple | 21:48 |
| funkyHat | EHLO lists.kalliki.com | 21:48 |
| funkyHat | MAIL FROM: <m@funkyhat.org> | 21:48 |
| * MTecknology votes for CTMP 'Complex' so then the servers can be Simple instead :P | 21:48 | |
| funkyHat | haha ⢁D | 21:48 |
| MTecknology | sending mail from telnet is fun through | 21:49 |
| jimbobco | anybody have experience using ubuntu as an iscsi target? | 21:49 |
| hggdh | smoser: yes, I did | 21:51 |
| hggdh | smoser: amd64 | 21:51 |
| hggdh | kirkland: 300 instances run on topo1 | 21:52 |
| hggdh | er. up to, I mean | 21:52 |
| MTecknology | funkyHat: :( | 21:53 |
| kirkland | hggdh: rocktastic! | 21:53 |
| funkyHat | MTecknology: I'm comaring our configs in meld | 21:53 |
| funkyHat | *comparing | 21:53 |
| kees | mathiaz: I'm not sure I follow; what were you curious about? | 21:54 |
| MTecknology | funkyHat: I meant that I'm sad this isn't working as easily as I hoped - I'll setup smtp on the server in the mean time | 21:54 |
| MTecknology | in the router* | 21:54 |
| mathiaz | kees: hi - hggdh run into an issue with the username and the password | 21:54 |
| kees | "the" username? | 21:54 |
| mathiaz | kees: it turned out to be a user error | 21:54 |
| kees | ah, okay | 21:55 |
| webmaven | One of my Ubuntu vmware images seems to have got itself screwed up, and now says that the file system is read only. Any ideas what went wrong, and how to fix it? | 21:55 |
| hggdh | kees, it was a real problem, between the chair and the keyboard | 21:55 |
| MTecknology | funkyHat: ok - any smtp coming in will wind up on that server | 21:55 |
| kees | hggdh: heh :) | 21:56 |
| funkyHat | MTecknology: mm, add lists.kalliki.com to the list of domains to accept mail for in dpkg-reconfigure | 21:59 |
| webmaven | No ideas, huh? | 22:00 |
| funkyHat | webmaven: fsck | 22:00 |
| funkyHat | MTecknology: I didn't notice any major differences between our configurations | 22:01 |
| webmaven | gives me a warning. | 22:01 |
| MTecknology | funkyHat: all done | 22:01 |
| MTecknology | how can I purge frozen messages? | 22:01 |
| funkyHat | I'm getting connection refused | 22:01 |
| funkyHat | MTecknology: exim4 -v -M <message ID> will try to push them through again | 22:02 |
| webmaven | WARNING!!! Running e2fsck on a mounted filesystem may cause | 22:02 |
| webmaven | SEVERE filesystem damage. | 22:02 |
| webmaven | Do you really want to continue (y/n)? | 22:02 |
| alvin | I'd say 'no' | 22:03 |
| funkyHat | webmaven: can you run from a live CD and do it without being mounted? | 22:03 |
| funkyHat | I've never had to run it manually, so there might be better advice, but that can't be a bad way to go | 22:03 |
| webmaven | funkyHat: no, it's a vmware image. | 22:05 |
| funkyHat | webmaven: live cd image? | 22:05 |
| MTecknology | funkyHat: I can telnet to localhost on it | 22:05 |
| webmaven | it doesn't have a physical CD-ROM drive to boot from. | 22:05 |
| funkyHat | Hm, there must be a boot option to force a fsck | 22:06 |
| MTecknology | funkyHat: 451 4.3.0 Temporary system failure. Please try again later. | 22:06 |
| webmaven | Hmm. That sounds like a promising idea. | 22:06 |
| MTecknology | touch /forcefsck | 22:06 |
| MTecknology | iirc | 22:06 |
| funkyHat | Bit of a problem if the FS is read only | 22:07 |
| MTecknology | funkyHat: that's right after MAIL FROM: test@lists.ubuntu.com | 22:07 |
| MTecknology | good point | 22:07 |
| funkyHat | You're trying to send mail from the list to itself | 22:07 |
| webmaven | MTecknology: that won't work, since the fs is read-only. | 22:07 |
| MTecknology | hrm - How do I cancel a telnet connection | 22:08 |
| MTecknology | Ctrl+C isn't working | 22:08 |
| webmaven | Can I unmount the fs? | 22:09 |
| funkyHat | Usually ctrl+] | 22:09 |
| MTecknology | ah.. | 22:09 |
| funkyHat | webmaven: might be able to. you're likely to have less problems if you drop to single user mode first | 22:09 |
| funkyHat | But I guess if it's alreayd read only it won't make that much difference | 22:09 |
| MTecknology | MAIL FROM: michael@kalliki.com 451 4.3.0 Temporary system failure. Please try again later. | 22:09 |
| * webmaven googles 'drop to single user mode'... | 22:10 | |
| funkyHat | runlevel 1 | 22:10 |
| funkyHat | I assume you have virtual console access | 22:11 |
| MTecknology | funkyHat: btw - this system is behind a router - I have 7 systems behind it - one public ip | 22:11 |
| funkyHat | MTecknology: that should be fine | 22:11 |
| MTecknology | it's broken and will never live again :'( | 22:12 |
| funkyHat | I still can't connect from here | 22:14 |
| MTecknology | funkyHat: I'm not sure how to tell xim to listen | 22:14 |
| MTecknology | it's not the router blocking it | 22:14 |
| webmaven | funkyHat: not convenient access. I've been acessing this vm via ssh. | 22:14 |
| MTecknology | it shouldn't be.. | 22:14 |
| funkyHat | Does it tell you it's Exim, when you connect using telnet? | 22:15 |
| funkyHat | webmaven: well if you've got filesystem problems you might have to get access to it anyway | 22:15 |
| webmaven | Hmm. | 22:15 |
| MTecknology | funkyHat: .......no | 22:15 |
| MTecknology | funkyHat: http://dpaste.com/180622/ | 22:16 |
| funkyHat | MTecknology: you're not talking to exim then | 22:16 |
| MTecknology | funkyHat: tcp6 0 0 [::]:smtp [::]:* LISTEN 29615/exim4 | 22:18 |
| MTecknology | there's also tcp 0 0 localhost:smtp *:* LISTEN 1030/sendmail: MTA: | 22:18 |
| MTecknology | hrm.. pastebin again | 22:18 |
| MTecknology | funkyHat: http://dpaste.com/180625/ | 22:18 |
| funkyHat | right, so exim isn't listening on ipv6 because sendmail is :/ | 22:18 |
| webmaven | Well, I ignored the warning, and ran fsck. Didn't find any problems. | 22:19 |
| funkyHat | huh | 22:19 |
| funkyHat | webmaven: ok, well try remounting it rw then | 22:19 |
| webmaven | fs is still read-only though | 22:19 |
| webmaven | How do I do that? | 22:19 |
| MTecknology | RoAkSoAx: for the heck of it... let's try a reboot.... | 22:20 |
| MTecknology | funkyHat: * | 22:20 |
| funkyHat | mount remount -o rw /device/name | 22:20 |
| funkyHat | that's wrong | 22:20 |
| funkyHat | mount -o rw,remount | 22:20 |
| funkyHat | MTecknology: if you want | 22:21 |
| MTecknology | funkyHat: there we go | 22:21 |
| funkyHat | I got them mixed up, exim is *only* listening on ipv6 | 22:22 |
| MTecknology | funkyHat: 220 texo.texo ESMTP Exim 4.71 Wed, 07 Apr 2010 16:21:57 -0500 :D | 22:22 |
| funkyHat | aha | 22:22 |
| MTecknology | now I try to send an email.... | 22:22 |
| MTecknology | funkyHat: probably from switching around mail servers - had a process not killed | 22:22 |
| MTecknology | :D | 22:23 |
| MTecknology | funkyHat: it showed up :D | 22:23 |
| MTecknology | funkyHat: and the two messages queued up just came through :D | 22:24 |
| funkyHat | Ooh | 22:24 |
| funkyHat | So it's working? | 22:24 |
| funkyHat | MTecknology: check that the package sendmail is not installed | 22:25 |
| MTecknology | funkyHat: it's not - but it was a few hours ago | 22:25 |
| funkyHat | Ok | 22:26 |
| MTecknology | uninstalling it didn't terminator the process because mailman was using it (my best guess - not sure) | 22:26 |
| funkyHat | yeah, that's a little weird | 22:26 |
| webmaven | mount / -o rw,remount | 22:26 |
| webmaven | mount: cannot remount block device /dev/mapper/webdev04-root read-write, is write-protected | 22:26 |
| MTecknology | it jsut replied with the subscription confirmation :) | 22:26 |
| funkyHat | webmaven: odd! | 22:27 |
| MTecknology | webmaven: umount /dev/mapper/webdev04-root; fsck -y /dev/mapper/webdev04-root ? | 22:27 |
| funkyHat | MTecknology: and I can connect via smtp now | 22:27 |
| MTecknology | try it | 22:27 |
| funkyHat | Your mail server is calling itself texo.texo though | 22:27 |
| MTecknology | ya - I'm sure that's an easy little fix | 22:28 |
| MTecknology | funkyHat: would this look like the right thing to have in /etc/hosts? 127.0.1.1 lists.kalliki.com texo | 22:29 |
| webmaven | e2fsck 1.41.9 (22-Aug-2009) | 22:29 |
| webmaven | /dev/mapper/webdev04-root: clean, 108452/1237888 files, 2873860/4948992 blocks | 22:29 |
| funkyHat | MTecknology: yep looks ok | 22:29 |
| MTecknology | funkyHat: doesn't look like the mail was received that I sent from my client though | 22:30 |
| MTecknology | funkyHat: I do see the one from you in the queue thoguh | 22:30 |
| MTecknology | funkyHat: you did that by telnet lists.kalliki.com 25 ? | 22:31 |
| funkyHat | MTecknology: yep | 22:31 |
| MTecknology | funkyHat: so now the last piece of the puzzle... | 22:32 |
| MTecknology | mail from client to list | 22:32 |
| funkyHat | here you go | 22:33 |
| smoser | hggdh, are you going to wipe the system ? | 22:34 |
| MTecknology | funkyHat: hm? | 22:34 |
| MTecknology | funkyHat: logs make it look like the message is bouncing | 22:34 |
| MTecknology | funkyHat: http://dpaste.com/180634/ | 22:34 |
| funkyHat | Yes test-bounces is ok | 22:35 |
| funkyHat | I got both of them back, so they should both be in the queue | 22:35 |
| === erichammond1 is now known as erichammond | ||
| MTecknology | funkyHat: hm? | 22:36 |
| funkyHat | MTecknology: <listname>-bounces is the "local part" used by mailman for a lot of emails it sends | 22:37 |
| MTecknology | funkyHat: hrm.. http://lists.kalliki.com/pipermail/test/ - the email I accepted from you (in admin interface) isn't showing up | 22:37 |
| smoser | hggdh, i've got to run. i have a screen session running a loop of start instances and kill instances. i'd appreciate it if it was left to run to completion and the logs saved off somewhere. | 22:37 |
| smoser | but i have to run. if you need the machine, just take it, though. | 22:38 |
| MTecknology | funkyHat: I see both of yours in my inbox | 22:38 |
| funkyHat | MTecknology: maybe the archive takes a while to catch up | 22:38 |
| MTecknology | alrighty | 22:38 |
| MTecknology | funkyHat: so- why can't I post from my mail client to send email to it? | 22:39 |
| funkyHat | MTecknology: you can't? | 22:40 |
| MTecknology | I'll try again | 22:40 |
| MTecknology | or... maybe it just got in - looking at the logs | 22:40 |
| hggdh | smoser: I will wait, and I will not wipe the system clean | 22:42 |
| hggdh | smoser: running under 'ubuntu'? I can save the directory if you want | 22:42 |
| MTecknology | funkyHat: No reason for an MX record if the address being sent to is the same ip as the smtp server, right? | 22:43 |
| funkyHat | MTecknology: I'm wondering about that myself. It doesn't seem to be a problem from here | 22:43 |
| MTecknology | funkyHat: you can send an email from your client? | 22:43 |
| funkyHat | MTecknology: my second mail was sent from gmail, which means via my own SMTP server | 22:44 |
| smoser | hggdh, yes, under ubuntu | 22:44 |
| MTecknology | funkyHat: my mail client sends through gmail | 22:44 |
| MTecknology | I'll try again | 22:44 |
| MTecknology | funkyHat: did you sign up for the list? | 22:44 |
| funkyHat | no | 22:44 |
| funkyHat | my gmail is set up to send all email through my own mail server | 22:45 |
| hggdh | smoser: I will tar the whole thing. I believe you are under ./smoser-test | 22:45 |
| MTecknology | oh | 22:45 |
| * MTecknology sends mail to test@lists.kalliki.com | 22:45 | |
| MTecknology | funkyHat: should be there - right? http://dpaste.com/180639/ | 22:48 |
| funkyHat | That's the email from mailman back to you | 22:48 |
| MTecknology | funkyHat: http://dpaste.com/180641/ | 22:49 |
| funkyHat | Yep | 22:49 |
| MTecknology | funkyHat: that looks like it should be going through correctly? | 22:51 |
| funkyHat | MTecknology: yeah it looks fine | 22:51 |
| MTecknology | funkyHat: so why am I not getting the message back in my inbox? :( | 22:52 |
| funkyHat | Could be because gmail decides not to show you it | 22:52 |
| funkyHat | If it's identical to the one you sent | 22:52 |
| funkyHat | I've just subscribed | 22:52 |
| MTecknology | good point.. | 22:52 |
| funkyHat | Oh I think I did it wrong though | 22:53 |
| MTecknology | ya, I don't see you signed up | 22:53 |
| MTecknology | funkyHat: and I'm assuming this line is you getting an email back from lists | 22:56 |
| MTecknology | s/lists/mailman/ | 22:56 |
| MTecknology | and this looks like you sent a message to the list | 22:57 |
| funkyHat | Yes | 22:58 |
| MTecknology | and I see it in my inboix | 22:58 |
| MTecknology | funkyHat: I see what you did - subject: subscribe | 22:59 |
| funkyHat | That's the one which didn't work | 23:00 |
| MTecknology | yup | 23:00 |
| MTecknology | I just looked at the mod queu | 23:00 |
| MTecknology | e | 23:00 |
| funkyHat | I should have emailed test-subscribe | 23:01 |
| MTecknology | funkyHat: so now there's 1) archives list is still empty and 2) making sure I'm not a spammers friend | 23:02 |
| funkyHat | The default exim config is pretty sane | 23:02 |
| MTecknology | cool :) | 23:02 |
| MTecknology | 550 relay not permitted | 23:03 |
| MTecknology | :D | 23:03 |
| funkyHat | tada! | 23:03 |
| webmaven | funkyHat: looks like the problem is network-related, these VMs are using a SAN, and one of our switches is bouncing. | 23:05 |
| funkyHat | webmaven: aha! | 23:05 |
| webmaven | funkyHat: I didn't even know they had set them up that way. | 23:06 |
| MTecknology | funkyHat: just had to make sure - I've seen about the worst a random user can experience from it - >1k spam per hour | 23:07 |
| uvirtbot | New bug: #557453 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,Invalid] https://launchpad.net/bugs/557453 | 23:07 |
| funkyHat | MTecknology: fair enough. You might want to enable spamassassin too ⢁) | 23:07 |
| funkyHat | Though if you're only going to run member-only lists it's probably not a concern | 23:08 |
| MTecknology | funkyHat: I have it installed, just not enabled | 23:09 |
| MTecknology | funkyHat: I'll just add GLOBAL_PIPELINE.insert(1, 'SpamAssassin') to the bottom of /etc/mailman/mm_cfg.py | 23:10 |
| MTecknology | hrm - there's a comment for it | 23:10 |
| MTecknology | funkyHat: I'll just assume that's fully magical | 23:10 |
| funkyHat | MTecknology: it probably makes more sense to enable it in exim | 23:10 |
| MTecknology | funkyHat: oh, I thought spamassassin + mailman would put the message into the moderation queue and spamassassin + exim4 would just drop the message | 23:13 |
| funkyHat | MTecknology: oh, hrm | 23:14 |
| funkyHat | spamassassin drops some mail but only if the spam score is stupidly high | 23:15 |
| funkyHat | Mostly it just adds a spam: yes header | 23:15 |
| MTecknology | oh | 23:15 |
| MTecknology | funkyHat: so - I think once the archives are showing I'll have to hug you | 23:16 |
| MTecknology | I'm holding off for now ;) | 23:16 |
| funkyHat | Maybe they aren't because it's a members only list? | 23:16 |
| MTecknology | I'm logged in to maange the list though | 23:17 |
| MTecknology | the archive is set to public | 23:17 |
| MTecknology | Archive messages? | 23:17 |
| funkyHat | That would be it | 23:17 |
| MTecknology | Archive messages? yes; Is archive file source for public or private archival? public; How often should a new archive volume be started? Monthly | 23:17 |
| smoser | hggdh, job is done. if you could copy off smoser-test dir that'd be great. then i'm done | 23:18 |
| === dendrobates is now known as dendro-afk | ||
| MTecknology | funkyHat: looks like a permissions issue | 23:26 |
| MTecknology | funkyHat: I ran a script to fix the permissions - I think it broke more now :P | 23:27 |
| funkyHat | uhoh :P | 23:27 |
| MTecknology | [Wed Apr 07 17:27:47 2010] [error] [client 192.168.1.5] Symbolic link not allowed or link target not accessible: /var/lib/mailman/archives/public/test, referer: http://lists.kalliki.com/mailman/listinfo/test | 23:27 |
| MTecknology | funkyHat: http://dpaste.com/180656/ | 23:29 |
| funkyHat | MTecknology: do you have a <directory> section for /var/lib/mailman/archives/public in your apache config? | 23:30 |
| funkyHat | Or a directory above that | 23:31 |
| funkyHat | Oh, symbolic link | 23:31 |
| funkyHat | Options +AllowSymlinks | 23:31 |
| MTecknology | funkyHat: I have <Location /> Options +FollowSymLinks </L> | 23:33 |
| MTecknology | funkyHat: since when this is installed it goes all over the system and since I'm the only admin that will muck with this system - would <Dir /> Opt +SymLink </Dir> be horrible? | 23:34 |
| funkyHat | MTecknology: well I guess if you're the only person that can log in it's not too bad, it seems awkward though :P | 23:34 |
| MTecknology | funkyHat: Still doesn't work :P | 23:35 |
| funkyHat | MTecknology: errors? | 23:36 |
| MTecknology | funkyHat: su - list; ls /var/lib/mailman/archives/public/test; shows the files in it | 23:36 |
| funkyHat | Oh so it's a permissions issue | 23:36 |
| funkyHat | What are the permissions on the dir? | 23:37 |
| MTecknology | that's what that last pastebin was for | 23:37 |
| MTecknology | hrm..... Alias /pipermail/ /var/lib/mailman/archives/public/ | 23:37 |
| MTecknology | funkyHat: http://dpaste.com/180665/ | 23:39 |
| funkyHat | MTecknology: what are the permissions on /var/lib/mailman/archives/public? | 23:40 |
| MTecknology | funkyHat: drwxrwsr-x 2 root list 4096 2010-04-07 11:30 public | 23:41 |
| funkyHat | Ok | 23:41 |
| MTecknology | funkyHat: I'm thinking it's probably an apache config issue - I don't see any permission issues... | 23:42 |
| funkyHat | MTecknology: yep looks like it | 23:42 |
| Rafael__ | I have the following question, i am very please with the help of this IRC that i have recieve since my windows cleint copies a folder into the ubuntu server every using rsync and Cron. | 23:44 |
| Rafael__ | what i would like to know if there is a way to aboid shring my wiindows fodler with everybody? | 23:45 |
| MTecknology | funkyHat: alrighty - I'll deal with it more later - thanks VERY VERY VERY much :D | 23:46 |
| MTecknology | funkyHat: I think it;s eating time.. | 23:46 |
| funkyHat | om nom nom | 23:46 |
| hggdh | bug 557110 | 23:54 |
| uvirtbot | Launchpad bug 557110 in mysql-cluster-7.0 "Dependency mismatch for mysql-cluster-*" [Undecided,Confirmed] https://launchpad.net/bugs/557110 | 23:54 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!