[00:00] <cclausen> alienseer23: wget -S the URL the content type is listed in teh headers
[00:00] <alienseer231> cclausen: duh...yes it is
[00:00]  * alienseer231 is feeling like a rockhead
[00:03] <alienseer231> cclausen: this was happening before when I would log into gallery2, so I went to do an upgrade, and now it's doing this in the middle of the upgrade process
[00:06] <alienseer231> There is an issue with gallery2.3 not being happy with the latest version of php5, I think it is messing with authentication, which killed my drupal installations using the gallery2 integration, so I upgraded to 2.3.1., and am now stuck half way through the upgrade... gallery2 and drupal are now both defunct
[00:06] <cclausen> drupal5 doesn't support php 5.2 either
[00:06] <cclausen> err, php 5.3
[00:06] <cclausen> I'm having that problem right now myself...
[00:07] <cclausen> and I will have the gallery problem soon too...
[00:07] <alienseer231> but many of the other issues I was having turned out to be the version of php-apc in the repo, so I purged it and tt-rss is go, as is a few of my other scripts
[00:07]  * alienseer231 is using drupal6
[00:09] <cclausen> is php-apc an opcode cacher?
[00:09] <cclausen> I think I'm having problems with xcache...
[00:11] <alienseer231> yeah, "alternative php cache"
[00:12] <alienseer231> i got rid of that after fixing the issues you helped me find, and a lot of my stuff just started working right along
[00:16] <cclausen> problem is if I get rid of xcache, everything starts running really slow
[00:17] <alienseer231> hrm...
[00:18] <alienseer231> I am going to be installing APC via pecl, worked fine b4
[00:21] <Kaprenakis> Does anyone know of the most simple configuration of have a local server with file storing?
[00:22] <cclausen> Kaprenakis: what do you need to be able to do?
[00:22] <cclausen> Kaprenakis: just using SSH/SFTP to copy files to and from the server is pretty simple
[00:22] <Kaprenakis> cclausen: ok i have pcs and ubuntu machines what kind of setup would you recommmend?
[00:23] <cclausen> when you say "pcs" what do you mean?
[00:23] <Kaprenakis> cclausen: Windows..
[00:23] <Kaprenakis> cclausen: sorry.
[00:23] <cclausen> ok, so you need shared storage that works on Windows and Linux
[00:24] <cclausen> have you tried samba? or some other cifs server?
[00:24] <Kaprenakis> cclausen: Samba is one that I havent messed around with but many people say its a good option
[00:25] <alienseer231> ssh is still good, just use filezilla to get to them from your windows pc?
[00:25] <Kaprenakis> alienseer231: Is filezilla like Putty? Or am I confused?
[00:27] <alienseer231> Kaprenakis: filezilla is an (s)ftp resource browser, it is in the ubuntu repo if you want to check it out
[00:27] <Kaprenakis> ok
[00:27] <alienseer231> it is a two paned browser so it's pretty easy to get fikles from one resource to the other
[00:52] <LynXnz> Hey Guys Looking at getting some help if anyone is able to :)
[00:53] <cclausen> did you read the message when you joined the channel?  "Don't ask to ask, just ask."
[00:54] <fourcolors> hi I was wondering if someone could help me with some mysql set up? for my development machine
[00:54] <cclausen> fourcolors: what problems are you having?
[00:55] <fourcolors> ccheney, well I have the newest version of ubuntu LTS and I installed mysql just fine and its working. I also downloaded the emma gui client to manage everything.....
[00:56] <fourcolors> ccheney, my question is this, I'm coming from postgreql and I am trying to understand how mysql is structured. For instance, I logged into my root mysql database then said "create database foo"
[00:56] <fourcolors> and that created a database under the mysql root database? or something like that
[00:56] <cclausen> fourcolors: there isn't a heirarchy.  it created a new database.
[00:57] <fourcolors> but don't I want to create a regular database not under the mysql root
[00:57] <fourcolors> oh
[00:57] <cclausen> you probably need to create a user account and grant access to this new database to the user you create
[00:57] <LynXnz> @fourcolours i would personally get phpmyadmin to manage the database as its easier to manage it
[00:57] <fourcolors> ok my question is then, how do I set up the correct username and password for that database and what connection should I be making etc.
[00:57] <fourcolors> oh
[00:58] <fourcolors> cclausen, when you say user account do you mean a ubuntu user or a new mysql user
[00:58] <fourcolors> if there is such a thing
[00:58] <cclausen> mysql user
[00:58] <cclausen> mysql has its own internal accounts
[00:58] <fourcolors> oooh
[00:58] <fourcolors> that's perfect. Makes a lot of sense
[00:59] <cclausen> grant all on foo.* to user 'foo'@'localhost' identified by password ... or something like that
[01:00] <fourcolors> cclausen, ok so the steps i need to take (ll look up the sql). Is Create a new user, give it a username and password etc. and then create a new database with that user .
[01:00] <cclausen> I would create the db first
[01:00] <cclausen> you can't grant permissions on something that doesn't exist yet
[01:00] <cclausen> (or at least I don't think you can)
[01:01] <cclausen> and you need to flush priv...; for teh changes to take effect
[01:01] <cclausen> LynXnz: what did you need help with?
[01:01]  * cclausen just upgraded a MySQL server to Lucid
[01:02] <LynXnz> got a call of duty 4 server running but i have a console open for it to stay running, therefor i want to run it on boot and background'ed with an init script but i have no idea where to start for writing it
[01:05] <cclausen> LynXnz: you can probably control it from inittab and have init attach it to a tty directly at bootup
[01:05] <cclausen> not sure if you want to do that or not though
[01:05] <LynXnz> i want to be able to issue a command like service cod4-1 restart or something to restart it
[01:06] <cclausen> if using inittab, you could just kill it and init would respawn it
[01:07] <cclausen> or, look into writing an upstart config file
[01:07] <cclausen> which I guess is the init in lucid now
[01:08] <LynXnz> yeah, ill look into that, do you have any good links that i can have a look at?
[01:09] <cclausen> man upstart
[01:09] <cclausen> and start reading
[01:09] <LynXnz> okay will do :)
[01:09] <cclausen> also look in /usr/share/doc/upstart
[01:09] <cclausen> and read through those
[01:10] <LynXnz> okay cheers
[01:12] <owen1> i want to run my website in a vm (vbox). both guest and host are ubuntu. anyone did that? what network should i chose? (NAT or Bridged)?
[01:13] <cclausen> a NAT sounds like a pain for a server
[01:13] <cclausen> I would use bridged
[01:13] <cclausen> do you have multiple IPs to use ?
[01:14] <lwizardl> hi
[01:14] <cclausen> lwizardl: hi
[01:15] <lwizardl> I was wondering if it would be possable to have a IPCOP firewall and a httpd server on the same machine?
[01:15] <cclausen> you can have a firewall and a webserver on teh same machine
[01:15] <owen1> cclausen: no. it's just for testing btw. i only have whatever ip the isp gives me.
[01:15] <cclausen> IPCOP appears to be its own distro though
[01:16] <cclausen> owen1: do you have a router now or are you using your one IP directly on your host system?
[01:17] <cclausen> lwizardl: I would just use the built-in linux iptables firewall instead of IPCOP.  do you have a specific reason to use IPCOP?  I think it will limit what you can do
[01:17] <owen1> cclausen: when u say router, r u talking about the box i got from my isp? if that what u mean yes. i have one.
[01:18] <Kaprenakis> owen1: thats the modem.
[01:18] <cclausen> owen1: then you have an internal non-routable IP that your computer is on? 192.168.*.* or similar?
[01:18] <lwizardl> cclausen, well IPCOP has lots of features that I like. for example if you download an update  for any os you can configure it to store the updates on the firewall server to cut down on how many times you need to download itfor other machines (which cuts down on the hosts bandwitdhs
[01:19] <lwizardl> cclausen, plus you can dissable sites and such. like block all p2p on the network
[01:19] <cclausen> lwizardl: apt-cacher does this too
[01:19] <cclausen> or you can setup a full blown http proxy like squid
[01:20] <lwizardl> cclausen, yeah but i don't think apt-cacher would work for windows and osx
[01:20] <cclausen> well, no
[01:20] <cclausen> squid would though
[01:20] <owen1> cclausen: my machine is also available with external ip (it might change my the isp though).
[01:20] <lwizardl> cclausen, i think ipcop uses aquid
[01:20] <lwizardl> err squid
[01:20] <owen1> cclausen: i can ssh from work for example.
[01:20] <cclausen> owen1: pick one and see if it works
[01:20] <cclausen> lwizardl: will IPCOP let you install a web server?  if so, you've answered your own question
[01:21] <owen1> cclausen: pick what?
[01:21] <lwizardl> cclausen, i think ipcop uses apache so yes but not sure if it uses a modded version or not
[01:21] <cclausen> owen1: NAT or bridged
[01:21] <owen1> cclausen: i am reading about bridged vbox now
[01:22] <cclausen> a network "bridge" passes data between the networks at the OSI layer 2 level
[01:22] <cclausen> e.g. at the ethernet level for the common case
[01:22] <cclausen> NAT works at layer 3 and does voodoo with IP addresses and port mappings
[01:25] <owen1> ah. memories from networking class..
[01:58] <MTecknology> Is it possible to make a duplicate partition on two servers? .. Like a RAID1 volume where the drive sits on two systems. Then each is identical and accessible to the system as a normal partition.
[01:59] <cclausen> MTecknology: like drdb?
[02:00] <cclausen> MTecknology: you can also iSCSI share a volume for two servers and mirror the data locally on the initiator server
[02:00] <MTecknology> cclausen: EXACTLY like that :D
[02:00] <cclausen> note that I'd only use drdb over a dedicated network (or a cross-over cable)
[02:01] <MTecknology> probably not very secure?
[02:01] <cclausen> nope
[02:01] <MTecknology> which makes perfect sense
[02:01] <cclausen> (unless you use a dedicated storage network)
[02:01] <cclausen> you can also IPsec wrap the connection, but that would make it slow
[02:01] <MTecknology> how much slower?
[02:02] <cclausen> depends on the CPU of the systems
[02:02] <MTecknology> if you can geustimate any number :P
[02:02] <cclausen> and if your network cards can offload IPsec transactions
[02:02] <MTecknology> We'll probably get a quad core
[02:02] <cclausen> I think single DES can be done at line speeds on 100BASE
[02:02] <MTecknology> systems weren't purchased yet
[02:02] <cclausen> not sure about anything else.  haven't looked into it at all
[02:03] <cclausen> MTecknology: I'd test the setup with VMs before buying hardware
[02:03] <MTecknology> actually.....
[02:03] <MTecknology> they'll be vm's anyway :P
[02:03] <cclausen> it says mainline in 2.6.33.  lucid has 2.6.32...
[02:03] <cclausen> MTecknology: so what is your goal here?
[02:03] <cclausen> several systems already do VM failover between hosts
[02:03] <MTecknology> lol.. seriously that far off...
[02:04] <MTecknology> My goal is to make Drupal websites fully redundant - even file uploads
[02:04] <MTecknology> I could use NFS or rsync but a lot of reasons ruled out those options
[02:05] <MTecknology> iSCSI is going to get too expensive for what we need it for
[02:05] <cclausen> you can run software iscsi
[02:06] <cclausen> iSCSI enterprise target
[02:06] <MTecknology> how much different is that from drbd?
[02:06] <cclausen> its a standard instead of some random protocol drdb invented
[02:07] <cclausen> iSCSI will work with other vendors and other products
[02:07] <cclausen> you could even use drbd on the backend to your software iSCSI
[02:07] <cclausen> so you get redundancy and standard protocols
[02:08] <cclausen> I guess the bigger question is, do you need this at the storage layer?  Or just run your VMs on ISCSI directly?
[02:09] <MTecknology> If I were to buy a server today, would I be able to easily find one with 3 nic's?
[02:09] <cclausen> if not, just add NICs to it
[02:09] <MTecknology> sorry, popping thoughts - thinking about the cx cable
[02:09] <cclausen> they still make them for PCI and PCIe slots
[02:09] <cclausen> gigE is auto-cross
[02:09] <cclausen> its in the spec
[02:09] <cclausen> you could probably go 10gig for just two systems
[02:09] <MTecknology> gigE?
[02:10] <cclausen> for just the storage
[02:10] <MTecknology> oh
[02:10] <cclausen> 1000BASE - gigE = gigabit Ethernet
[02:10] <MTecknology> I like that idea
[02:10] <MTecknology> My thought is to bind the other nic's to a single interface
[02:11] <cclausen> hmm... maybe not.  like $1000 per 10gig NIC
[02:11]  * MTecknology eyes pop
[02:11] <MTecknology> maybe just a gigabit nic
[02:11] <cclausen> yeah
[02:12] <MTecknology> lol
[02:12] <cclausen> that should be like around $100 for a good one
[02:12] <MTecknology> save ~$1,800
[02:12] <MTecknology> back to the other part...
[02:13] <owen1> i have a guest ubuntu server with bridged interface. i see this in showvminfo: 'NIC 1: MAC: 0800275D70EA, Attachment: Bridged Interface 'eth0', Cable connected: on, Trace: off (file: none), Type: Am79C973, Reported speed: 0 Mbps'
[02:13] <MTecknology> My goal is to have multiple web servers. I can easily deal with thy
[02:13] <owen1> how to ssh to my guest? ssh <name><host-ip>:port ??
[02:13] <MTecknology> My goal is to have multiple web servers. I can easily deal with the sql behind it and the proxy, my biggest challenge is the changing files
[02:13] <cclausen> owen1: for the most part, yes, it should work the same way it does now
[02:14] <MTecknology> owen1: user@host
[02:14] <cclausen> MTecknology: do you want to handle planned outages?  Or scheduled outages?
[02:14] <MTecknology> -p<port>
[02:14] <owen1> cclausen: do i need to port forward on my router?
[02:14] <owen1> cclausen: and what port is my guest on?
[02:14] <cclausen> owen1: if you only have a single external IP, yes, probably
[02:14] <MTecknology> cclausen: both
[02:15] <cclausen> MTecknology: ah, ok.  I was going to suggest using openafs.  but it doesn't do read-write replication, just read-only
[02:16] <MTecknology> cclausen: My thoughts are 2 physical systems. Then on one, my primary vm's; then ont eh other, near copies. Then if somebody unplugs (or more likely, I need to reboot) the host; then everything will keep working without a hiccup.
[02:16] <MTecknology> cclausen: can I use drbd without the .33 kernel?
[02:16] <cclausen> MTecknology: probably, but you'd need to compile it in yourself
[02:17] <MTecknology> cclausen: you mean, compile module (package), then modprobe?
[02:17] <cclausen> not sure
[02:17] <cclausen> might need to be compiled into the kernel directly
[02:17] <MTecknology> if it'll work as a module..
[02:17] <cclausen> and not a module
[02:18] <MTecknology> How long until 10.05?
[02:18] <MTecknology> :P
[02:18] <cclausen> 10.04.01 will be out in July, I think
[02:18] <cclausen> but that isn't likely to have a newer kernel
[02:19] <MTecknology> what kernel does 8.04 have?
[02:19] <cclausen> actually, there is drbd0.7-module-source
[02:19] <MTecknology> I suppose there's always the upstream kernel releases too
[02:19] <cclausen> you should be able to install that
[02:19] <cclausen> err, drbd8
[02:19] <MTecknology> :CD
[02:19] <cclausen> http://packages.ubuntu.com/lucid/drbd8-source
[02:19] <MTecknology> :D *
[02:19] <cclausen> hardy has 2.6.24, I think
[02:20] <bluethundr_> my courier authlib is missing libauthmysql.so .. how do I get my grubby little paws on this one file I need to get my imap server to log me in?
[02:20] <MTecknology> I tried .34-rc5 on my laptop - it hated me
[02:20] <owen1> how to find the port my guest os is running on? showvminfo doesn't show any info about ports.
[02:20] <MTecknology> cclausen: I think I really really want to hug you right now
[02:20] <bluethundr_> MTecknology: lsof -i
[02:20] <MTecknology> owen1: did you install openssh-server in the vm?
[02:21] <lwizardl> hey guys
[02:21] <MTecknology> bluethundr_: hm?
[02:21] <bluethundr_> also netstat -tulpn
[02:21] <owen1> MTecknology: yes
[02:21] <bluethundr_> these commands will show you what ports are active on your system
[02:21] <owen1> MTecknology: i can ssh to the host
[02:21] <lwizardl> have anyone here ever used a cobolt qube 2700 ?
[02:21] <MTecknology> owen1: it's probably running on 22
[02:21] <MTecknology> bluethundr_: you answered the wrong person
[02:21] <bluethundr_> k
[02:21] <MTecknology> :P
[02:22] <bluethundr_> I see owen1 was needing help heh
[02:22] <MTecknology> owen1: check out what bluethundr_ said too
[02:22] <bluethundr_> anyone got a clue on my libauthmysql.so problem? :)
[02:22] <MTecknology> cclausen: you need to make a wiki page for yourself
[02:23] <owen1> bluethundr_: let me see
[02:23] <MTecknology> owen1: you should bridge the interface, setup your vm to grab a lan ip, then ssh into that ip
[02:23] <bluethundr_> owen1 grazi
[02:23] <cclausen> MTecknology: I have a wiki page: https://wiki.cites.uiuc.edu/wiki/display/~cclausen
[02:24] <MTecknology> owen1: if you have to ssh from outside the lan and only have one ip, then setup your router to forward a random port to 22 inside the lan
[02:24] <owen1> MTecknology: all i did so far is: VBoxManage modifyvm "ubuntu server" --nic1 bridged --bridgeadapter1 eth0.
[02:24] <MTecknology> cclausen: I meant wiki.ubuntu.com
[02:24] <MTecknology> owen1: what ip does your guest have? and what does the host have?
[02:24] <cclausen> MTecknology: I don't even have an account there...
[02:24] <MTecknology> owen1: pastebin ifconfig output from both
[02:25] <MTecknology> cclausen: your launchpad account - openid magically creates your account
[02:27] <owen1> MTecknology: my host is 72.129.82.140 but it can also be accessed from 192.168.1.2. i don't know the ip of my guest. how do i find it?
[02:27] <MTecknology> cclausen: you host is a public IP? You have no router in between?
[02:27] <MTecknology> owen1: ipconfig
[02:27] <MTecknology> owen1: your host is a public IP? You have no router in between? **
[02:28] <cclausen> MTecknology: yes.  I just have one IP and my home desktop is on it
[02:28] <cclausen> I share the connection from my desktop using internet connection sharing
[02:28] <MTecknology> cclausen: sorry, wrong person
[02:28] <MTecknology> I always use a router in between
[02:28] <owen1> MTecknology: my host was given to my by my isp. and i can access it from anywhere. does that mean it's public ip?
[02:29] <cclausen> owen1: just pastebin ipconfig -a output from both systems
[02:29] <owen1> cclausen: when u say both system, what do u mean? host and guest? i can't find a way to ssh into my guest so i can't provide you this.
[02:30] <MTecknology> owen1: .. you should probably check out kvm instead of vmware - for ubuntu it's much better supported and documented
[02:30] <owen1> i can run it from the host (i ssh into the host, start the guest vm, etc)
[02:30] <owen1> MTecknology: i use vbox
[02:30] <MTecknology> owen1: then s/vmware/vbox/
[02:31] <MTecknology> in the setup guide for kvm it specifically says how to deal with bridged interfaces, how to setup the IP's, how to get into the system if you can't ssh in, etc.
[02:32] <MTecknology> !kvm | owen1
[02:33] <owen1> MTecknology: thanks, i'll check it out after i'll feel that vbox failed me..
[02:34] <MTecknology> owen1: vbox will work but your support may be easier found in #vbox
[02:34] <MTecknology> for the issue you're having - we're going to have a hard time helping you
[02:35] <MTecknology> cclausen seems brilliant and may be able to come up with something else to help
[02:35] <owen1> here is a pastebin of my hosts's ifconfig and netstat - http://pastebin.com/zmw5y2Hs
[02:35] <owen1> reading your doc
[02:36] <MTecknology> owen1: ya... you don't even have a bridged interface - you need that
[02:38] <MTecknology> cclausen: hey... maybe you can help me with one other thing...
[02:39] <cclausen> MTecknology: maybe, what?
[02:39] <owen1> MTecknology: thanks, i found this - http://www.ubuntugeek.com/how-to-set-up-host-interface-networking-for-virtualbox-on-ubuntu.html  i hope it's what u meant.
[02:40] <MTecknology> cclausen: kvm on my host - I can't enable ufw because it kills my connection to every other system. ideally, if something is detined for the host it'll have to match the rules; otherwise it just passes through the rules into the vm's where the vm's deal with it
[02:41] <MTecknology> owen1: no - just a simple bridged interface - there's nothing vbox speficic about it
[02:41] <MTecknology> owen1: but ya, that looks about right
[02:41] <cclausen> MTecknology: you want the firewall on teh host to block for teh VMs too?
[02:42] <MTecknology> cclausen: nope, I want ti blocking for itself only - vm's have ufw and they can deal with it themselves
[02:43] <cclausen> MTecknology: ok, that should work.  I'm not sure what is being blocked, but can you run the firewall in a log-only mode first?  e.g. log what would be blocked?
[02:43]  * MTecknology upgrades production systems to 10.04 in 17min
[02:44] <MTecknology> cclausen: alrighty - once I get the production systems moved up I'll get some output and then annoy you so I don't have to run off shortly into it :)
[02:45] <cclausen> MTecknology: sounds good.  I'm watching windows 2008 do the upgrade to R2 right now..
[02:45] <MTecknology> ouch
[02:48]  * MTecknology cusses at identi.ca+jabber+bitlbee
[02:55] <MTecknology> 4min - I'll loose irc in the process :(
[03:06] <Kaprenakis> Does anyone know anything about file server + music streaming?
[03:07] <MTecknology> !anyone
[03:08] <cclausen> Kaprenakis: i know the people working on http://github.com/avuserow/amp
[03:08] <cclausen> Kaprenakis: the setup I know of reads music out of openafs as needed
[03:08] <cclausen> although its not exactly streaming
[03:09] <MTecknology> I used to have a vibe music streaming system - but iirc - it's windows only
[03:09] <cclausen> I've had good luck getting the darwin streaming server to work on multiple platforms.  worked much better than icecast
[03:10] <MTecknology> there- one production system back up and running completely
[03:10] <Kaprenakis> mmm i disconnected
[03:11] <MTecknology> Kaprenakis: 21:09 < MTecknology> I used to have a vibe music streaming system - but iirc - it's windows only    21:09 < cclausen> I've had good luck getting the darwin streaming server to work on multiple platforms.  worked much better than icecast
[03:12] <Kaprenakis> MTecknology: darwin streaming server, can you set that up on a clean install of ubuntu server 10.04 ?
[03:12] <MTecknology> cloakable: I think he meant you
[03:13] <Kaprenakis> yes sorry.
[03:13] <Kaprenakis> MTecknology Tys for the repost.
[03:14] <Kaprenakis> cclausen: Could I install Ubuntu Server 10.04. Install Samba for the file server. Then install darwin streaming server to play those files that are being hosted on the file server?
[03:15] <cclausen> Kaprenakis: that should work
[03:16] <cclausen> Kaprenakis: there are probably some much newer music streaming programs out there too.  I'd look around (or apt-cache search)
[03:16] <cclausen> Kaprenakis: do you need to stream over the internet?  Or just on the local subnet?
[03:19] <Kaprenakis> cclausen: I would like to be able to stream over the internet
[03:20] <Kaprenakis> cclausen: Also I would like to have something that would require you to log in.
[03:21] <cclausen> Kaprenakis: http://www.ubuntugeek.com/streaming-media-server-in-ubuntu-gnulinux-using-gnump3d.html <- check that out
[03:22] <cclausen> not sure if it has a password though...
[03:22] <cclausen> Kaprenakis: do you really need to stream across the internet?  Or can you run the player anywhere and just get to files from across the internet?
[03:23] <cclausen> I keep some of my music in openafs and just listen to it from anywhere by acessing teh file space
[03:24] <cclausen> Kaprenakis: there is also: http://www.oreillynet.com/xml/blog/2004/12/streaming_itunes_from_ubuntu.html
[03:25] <Kaprenakis> cclausen: what is openafs?
[03:25] <cclausen> Kaprenakis: openafs is a distributed filesystem -> http://www.openafs.org  its not easy to setup though
[03:27] <Kaprenakis> cclausen: yeah that doesnt look to noob friendly..
[03:29] <cclausen> Kaprenakis: the ubuntu packages actually are fairly easy to install, but you'd need an afs client on various computers that you'd use so I'm not sure if that would work or not
[03:30] <cclausen> works great for me.  secure, (encrypted) file space I can literally access from anywhere in the world.
[03:30] <Kaprenakis> cclausen: you access it from your computer correct? or any computer anywhere?
[03:30] <cclausen> any computer with an AFS client
[03:30] <Kaprenakis> cclausen: ok
[03:31] <Kaprenakis> cclausen: well then thats not exactly what I'm looking for then.
[03:31] <Kaprenakis> cclausen: I need it to be built in the browser, streaming
[03:40] <Kaprenakis> cclausen: So do you think samba server is the best to host files for local or outside access?
[03:41] <MTecknology> Commercial on the TV: "Everything that goes into your linux system is designed to save you money." - Turns out she said "Lennox"
[03:46] <cclausen> Kaprenakis: samba probably isn't good to use over the internet
[03:47] <Kaprenakis> cclausen: well i would store the files via samba but stream those files from the samba server.. does that work?
[03:47] <cclausen> maybe
[03:48] <Kaprenakis> cclausen: or should i say is it secure?
[03:51] <cclausen> its as secure as your streaming program
[04:07] <AdamDV> Is howtoforge down for anyone else
[04:08] <cclausen> appears to be, yes
[04:08] <Kaprenakis> cclausen: alrighty, so is it secure enough? or should i seek other options?
[04:12] <cclausen> Kaprenakis: go with it and see how it works
[04:13] <owen1> i followed the ubuntu docs for enabling networking for vbox (sudo modprobe vboxnetflt) and now i have br0 interface. here is my ifconfig and netstat.  what is the ip and port of my guest?
[04:14] <owen1> http://pastebin.com/ptdsvRE9
[04:15] <cclausen> can you get to the guests console?
[04:15] <cclausen> and run ifconfig there?
[04:16] <owen1> cclausen: if wish i knew the port of the guest so i could ssh to it.
[04:16] <owen1> can i get to the guest's console from the host and not from outside?
[04:17] <cclausen> I'd say virtualbox is useless if you can't get to a VM's console
[04:17] <cclausen> how do you fix network problems?
[04:17] <cclausen> yeah, it probably works by default only from the host
[04:18] <cclausen> you can also try looking in an arp cache for other IPs
[04:18] <owen1> cclausen: it's the first time i am trying it, so i can't tell if it's possible.
[04:18] <cclausen> does arp -a work on Linux systems?
[04:18] <owen1> (192.168.1.1) at 00:1b:2f:fd:17:aa [ether] on br0
[04:18] <owen1> maybe that's the ip?
[04:19] <cclausen> maybe
[04:19] <cclausen> can you ssh there?
[04:19] <owen1> let me try
[04:19] <cclausen> usually the .1 is the network's default gateway.  but if you don't have a router, I'm not sure how that works
[04:20] <owen1> cclausen: connection refused. i tried from my laptop and from the host.
[04:20] <cclausen> owen1: well, that could mean anything
[04:20] <owen1> maybe i need to add a port
[04:20] <cclausen> you need to get to the console on your VM and just run ifconfig to see what is going on
[04:21] <owen1> cclausen: yeah. what user should i ssh with? myself?
[04:21] <MTecknology> cclausen: hi :D
[04:21] <MTecknology> cclausen: data collection time
[04:21] <cclausen> if connection is refused, that isn't going to matter
[04:22] <owen1> i'll post this in vbox forum. thank you!
[04:23] <owen1> cclausen: do u use kvm for hosting websites?
[04:24] <MTecknology> cclausen: May  1 22:24:22 pessum kernel: [19981.061455] [UFW BLOCK] IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=vnet1 SRC=192.168.3.6 DST=192.168.1.5 LEN=196 TOS=0x10 PREC=0x00 TTL=63 ID=40752 DF PROTO=TCP SPT=55015 DPT=22 WINDOW=126 RES=0x00 ACK PSH URGP=0
[04:26] <cclausen> owen1: I use Microsoft Hyper-V for VMs and have Windows 2k8 IIS7 and Ubuntu 8.04 apache2 VMs right now
[04:27] <cclausen> MTecknology: looks like it is blocking ssh traffic?
[04:28] <cclausen> MTecknology: allow all IPs to send to port 22 and allow all outbound connections to port 22
[04:28] <owen1> cclausen: on the same physical box?
[04:28] <cclausen> owen1: actually, yes
[04:28] <cclausen> I just moved a production apache webserver and an iis test box to the same physical box
[04:29] <cclausen> owen1: physical box has windows 2008 r2 installed and I just upgraded the IIS install to r2 as well.
[04:29] <cclausen> owen1: the physical box just runs the VMs
[04:29] <owen1> so your guest os in windows?
[04:29] <owen1> sorry ,
[04:29] <owen1> your host
[04:29] <MTecknology> cclausen: so ufw allow from any port 22 proto tcp to any ?
[04:29] <cclausen> yes
[04:29] <MTecknology> and vise versa
[04:30] <cclausen> MTecknology: I don't know the firewall rules, sorry.  I just turn off firewalls.  I don't believe in them
[04:30] <cclausen> if I don't want to run a service, I don't run it.  and for ssh brute force attempts I have fail2ban installed
[04:31] <MTecknology> cclausen: still blocks when I add that
[04:32] <cclausen> MTecknology: you need to allow to any as well.  ssh out to port 22 and into port 22
[04:33] <MTecknology> cclausen: what I think I want is from any to any on PHYSOUT=vnet* is allowed
[04:33] <cclausen> MTecknology: and note that the client randomly gets a source port from the OS, so you can't restrict on source and destination port apirs
[04:33] <MTecknology> yup any -> 22 and 22 <- any
[04:40] <MTecknology> cclausen: I even did 'ufw allow from any to any' - still nothing
[04:41] <cclausen> MTecknology: how about setting sudo ufw default allow
[04:41] <cclausen> and then just block stuff you don't want as needed
[04:41] <cclausen> can you pastebin ufw status  ?
[04:42] <MTecknology> 'ufw enable' 'ufw default allow' 'ufw allow from any to any' - still blocks
[04:43] <MTecknology> cclausen: http://dpaste.com/189908/
[04:44] <cclausen> your default allow rules should let you in
[04:44] <cclausen> and a rule to block traffic you don't want in
[04:44] <cclausen> https://help.ubuntu.com/community/UFW
[04:44] <MTecknology> right
[04:44] <MTecknology> I normally use default deny
[04:44] <cclausen> yeah, I figured
[04:44] <MTecknology> but for this case..
[04:45] <MTecknology> everything is allowed
[04:46] <cclausen> I think you want to ufw allow 22 for all inbound ssh
[04:47] <MTecknology> that should be covered in that allow any any, right?
[04:47] <cclausen> yep
[04:47] <cclausen> if you want to do it the other way you are going to need better rules
[04:47] <MTecknology> the config in that pastebin - i enable ufw and things still block
[04:48] <cclausen> you only allowed inbound to port 22
[04:48] <MTecknology> http://dpaste.com/189908/
[04:48] <MTecknology> check the last one
[04:48] <MTecknology> 'ufw allow from any to any'
[04:48] <cclausen> yep
[04:48] <cclausen> and that blocks things?
[04:48] <MTecknology> that's not just ssh
[04:48] <MTecknology> yup
[04:48] <cclausen> hmm
[04:48] <MTecknology> I 'ufw enable' and can't do anything with my vm's
[04:49] <cclausen> I'm not sure what to tell you
[04:49] <cclausen> if it were me, I'd look at the actual iptables rules that were generated and see what is going on
[04:50] <cclausen> also, what is your goal here?  those IPs are all non-routable.  its not like you are going to have internet traffic on RFC1918 IPs
[04:50] <MTecknology> but I do have those vm's available to the world
[04:52] <cjs> Where's a good place to go get advice on routing related to a PPPoE link, a bridge, and some machines in the DMZ to which this host is routing?
[04:52] <cjs> Basically, the hosts are accessible remotely, but not from the router itself, though I do have a route for that network to br2.
[04:53] <MTecknology> cclausen: the internal nat isn't via world, but those vm's running on it are available via the world
[04:53] <cclausen> cjs: can you writeup a pastebin describing your network setup in more details?  ifconfig -a output from varous machines would be helpful
[04:54] <cclausen> MTecknology: I thought you said the VMs would block their own traffic?
[04:54] <MTecknology> cclausen: no, the host blocks it
[04:55] <MTecknology> cclausen: everything I did was on the host
[04:55] <cjs> cclausen: Sure.
[04:55] <cclausen> MTecknology: hmm.. ok.. that works differently than hyper-V.  I don't even see guest traffic registered on the host
[04:57] <MTecknology> cclausen: ideally, I could have one rule that applies to vm's that says - pass it; then I could control the rules for the system itself
[04:57] <MTecknology> cclausen: basically because ufw is absolutely amazing... :P
[04:59] <cclausen> MTecknology: ok, well, I'm not sure what is going on.  Try working with a small set of rules at once.  and basically add the rule that allows whatever shows up in your block logs and try and work at what is going on
[05:00] <MTecknology> cclausen: there is no 'rule' that's blocking it though.. ufw being enabled kills connections to the vm's
[05:00] <cjs> cclausen: http://pastebin.com/LqVYqPAp
[05:00] <MTecknology> cclausen: maybe I should show you /etc/network/interfaces
[05:00] <cclausen> MTecknology: does the firewall bind to a single network interface?  is that the problem?
[05:00] <MTecknology> cclausen: http://dpaste.com/189909/
[05:00] <MTecknology> yup
[05:00] <MTecknology> oh..
[05:01] <cclausen> cjs: you're abusing routing.  don't and I suspect you'll have better luck.  there is a reason you can't use the broadcast and network addresses
[05:02] <cjs> cclausen: Oh, yes? And what would that be?
[05:03] <cclausen> cjs: those are used for CIDR routing
[05:03] <cjs> (Not that I'm using them at the moment anyway.)
[05:03] <cjs> In what way are they used for CIDR routing? (I am familiar with CIDR.)
[05:03] <cclausen> cjs: yes and if you need to contact hosts in that space you won't be able to get to them
[05:04] <cclausen> cjs: its how the arp tables are built on the routers.  the traffic is sent to an AS for the specific network
[05:04] <MTecknology> cclausen: would 'ip addr' output help you help me any?
[05:04] <cjs> cclausen: I am aware that I cannot contact hosts in the space I allocated to myself that isn't actually routed to me. It's a trade-off I'm willing to make.
[05:04] <cclausen> MTecknology: I do not know
[05:04] <cjs> cclausen: ARP tables? For a point-to-point link?
[05:05] <cclausen> cjs: arp tables for the internet routers.  its only a point to point link for a single hop.  then its actually routed
[05:05] <cjs> What would such ARP tables map? From what to IP addresses, or IP addresses to what?
[05:05] <cclausen> cjs: if you don't need the ips, why do that anyway?  It just confuses things
[05:05] <MTecknology> cclausen: http://dpaste.com/189913/
[05:05] <cjs> cclausen: point-to-point is also routed.
[05:05] <cjs> cclausen: I will need the IPs. I'm just not using them yet.
[05:05] <cclausen> cjs: err, sorry. routing tables.  its not at the MAC layer, you are correct
[05:07] <cclausen> cjs: what is the "router" in your setup?
[05:07] <cjs> cclausen: Thank you. And so, given that there is no MAC layer, there's no need for broadcast or network addresses. In fact, the outside world has no idea (until it gets to my ISP) of how the network is divided anyway. And my ISP just takes anything destined for .192 or .199 and pumps it down my link, just as it does for .193 or any other address in that range. (I've tested this by the way, on this link, and I've configured things this way man
[05:07] <cjs> y, many times on various systems in the past 15 years.)
[05:07] <MTecknology> My swordfish is nearly cooked :)
[05:07] <cclausen> cjs: well, whatever, lets figure out the .192 <-> .194 problem right now.
[05:07] <cjs> The only reason I need to fake that /25 thing is due to the Linux kernel being unable to handle the idea of a "network" that doesn't have a physical layer.
[05:07] <cjs> cclausen: Great, thank-you. .193 is the router.
[05:07] <cjs> And those address and routing tables I showed are from it.
[05:08] <cclausen> cjs: what is it? a linux system?
[05:08] <cjs> Oh, sorry. (Doh!). Ubuntu 10.04 server.
[05:08] <jnss> hey hows the ubuntu server
[05:08] <cclausen> and the VM is also a linux system?
[05:08] <cjs> It is: also 10.04 server.
[05:09] <cclausen> cjs: from the .193 system, if you ping the .194 (yes, it fails) and then run arp -a, does the correct MAC show up?
[05:09] <jnss> would you recommend this ubuntu server over centos or debian
[05:10] <cclausen> jnss: over centos, yes.  debian depends.  I like the 5 year support on ubuntu
[05:10] <cjs> cclausen: Gah! Yes it does, and suddenly it's working.
[05:10] <cclausen> cjs: pings work now?
[05:10] <cjs> cclausen: Would you believe "I didn't change anything"? (No, I wouldn't either.)
[05:10] <cclausen> cjs: glad I could help :-)
[05:10] <cjs> cclausen: yes, they work now. For .193 as well. I wonder what I did.
[05:10] <cjs> cclausen: Just make sure you're around next time my networking breaks. :-)
[05:11] <cjs> cclausen: Wait. It works in one terminal (ssh login), but not another. I am using -n on ping.
[05:11] <cclausen> cjs: same system?
[05:12] <cjs> It certainly appears to be.
[05:12] <cclausen> cjs: both consoles running as root?
[05:13] <cjs> Yes.
[05:13] <jnss> got specific reasons why you would rather use ubuntu than centos? ;)
[05:13] <cjs> Another one works, too. It's just this one window. This is...interesting.
[05:13] <cclausen> using same ping binary?  which ping is same on both?
[05:14] <cjs> Yup.
[05:14] <cclausen> cjs: close it and open a new one and hope the problem goes away...
[05:14] <cjs> cclausen: Tempting. But I want to poke at this a bit. It's insane enough that it must be me, not the machine.
[05:14] <jnss> im just looking for ideas
[05:14] <cclausen> jnss: 5 year support, I know the release cycle.  RPMs make babies cry
[05:15] <cjs> Dropping back out of my sudo shell, same problem. Hmm!
[05:15] <cclausen> cjs: I could see a network capability rule applying to a specific session at login time
[05:15] <cjs> Hm. Ok, that would be plausible. Except for how the capability rule got there.
[05:16] <MTecknology> cclausen: You see anything obvious that would make it not work?
[05:16] <cclausen> cjs: selinux?  apparmor?
[05:16] <cjs> I am using apparmor. Just the default thing.
[05:16] <cjs> Oh...hmmm...doesn't apparmor apply to ping?
[05:16] <cclausen> MTecknology: sorry, got distracted.  looking now
[05:16] <MTecknology> cclausen: :P
[05:16] <cclausen> cjs: I have no idea.  I disable such things
[05:16] <cjs> No, not in my case, if /etc/apparmor.d is anything to go by.
[05:17] <MTecknology> cclausen: meanwhile I ate swordfish - first time - that was yummy
[05:17] <cclausen> MTecknology: does eth0 need its own IP?  I see you have it set to static, but didn't give it an IP
[05:18] <cclausen> err, I guess you have it set to "manual" and not "static"
[05:19] <cclausen> does the bridge device manually up it as needed?
[05:19] <cclausen> MTecknology: does ifconfig list eth0?  does ifconfig -a ?
[05:20] <MTecknology> cclausen: ifconfig shows it
[05:20] <MTecknology> http://dpaste.com/189915/
[05:21] <cclausen> MTecknology: but it doesn't have an IP assigned...  what exactly wasn't working here again?
[05:21] <cclausen> MTecknology: just the firewall rules?
[05:21] <MTecknology> ya
[05:21] <MTecknology> when I enable ufw, I can't communicate with the vm's anymore
[05:23] <cclausen> all your VM networks are in 192.168.0.0/22 space ?
[05:23] <cclausen> reduce your rules and just allow all traffic in that single CIDR block
[05:23] <MTecknology> 192.168.1.0/24
[05:23] <MTecknology> ufw allow from any to any should cover that
[05:24] <cclausen> rtue, but just to test
[05:24] <cclausen> remove all teh rules
[05:24] <MTecknology> I don't think my issue is in the rules themselves..
[05:24] <MTecknology> ok.
[05:24] <cclausen> and add just a ufs allow all from 192.168.0.0/22
[05:25] <MTecknology> you mean 192.168.1.0/24 ?
[05:25] <MTecknology> or do I want it wider like that?
[05:25] <cclausen> one of the message you posted had a 192.169.3.x IP in it, didn't uit?
[05:26] <cclausen> May  1 22:24:22 pessum kernel: [19981.061455] [UFW BLOCK] IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=vnet1 SRC=192.168.3.6 DST=192.168.1.5 LEN=196 TOS=0x10 PREC=0x00 TTL=63 ID=40752 DF PROTO=TCP SPT=55015 DPT=22 WINDOW=126 RES=0x00 ACK PSH URGP=0
[05:26] <cclausen> see the SRC=192.168.3.6  in there
[05:26] <cclausen> where is that coming from ?
[05:27] <MTecknology> oh.. sorry - I was thinking backward
[05:28] <MTecknology> the vm's are all in 1.0/24 - the 3.0/24 is my vpn ip
[05:28] <cclausen> MTecknology: does your VPN get blocked too?  Or just the VMs?
[05:28] <MTecknology> ERROR: 'Wrong number of arguments'
[05:28] <MTecknology> Client->VPN = blocked
[05:29] <cclausen> what is your client IP?  in that same range?
[05:29]  * MTecknology is 192.168.3.xxx
[05:29]  * MTecknology is 192.168.3.6
[05:29] <MTecknology> servers are 192.168.1.0/24
[05:29] <cclausen> ok
[05:30] <cclausen> pastebin iptables -L and ufw status
[05:30] <MTecknology> wireless clients 2.0/24; pptp are 4.0/24
[05:31] <MTecknology> here we go
[05:31] <MTecknology> cclausen: http://dpaste.com/189917/
[05:33] <MTecknology> cclausen: meh - I need to generate traffic to be blocked.... here's an actual sample line that I just generated - May  1 23:32:44 pessum kernel: [24082.584639] [UFW BLOCK] IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=vnet1 SRC=192.168.3.6 DST=192.168.1.5 LEN=100 TOS=0x10 PREC=0x00 TTL=63 ID=25825 DF PROTO=TCP SPT=55015 DPT=22 WINDOW=126 RES=0x00 ACK PSH URGP=0
[05:34] <cclausen> that is a lot of iptables rules...
[05:34] <cclausen> so you see anything that looks funky?
[05:34] <MTecknology> well, ufw does make a lot of rules :P
[05:35] <cclausen> hmm... I wonder if its just affecting existing connections
[05:36] <MTecknology> cclausen: line 127?
[05:36] <cclausen> its is stateful and iptables probably needs to see the connect in the TCP handshake to allow the traffic
[05:36] <MTecknology> I wish that was it...
[05:36] <MTecknology> any new connections fail
[05:36] <cclausen> MTecknology: ah, ok
[05:36] <cclausen> good to know though
[05:37] <cclausen> wait, your rule is allow in anywhere
[05:37] <cclausen> what about allow out ?
[05:37] <MTecknology> allow from any to any
[05:38] <MTecknology> that should go both ways
[05:38] <MTecknology> Default: allow (incoming), allow (outgoing)
[05:38] <MTecknology> ^ there's that too - ufw default allow
[05:38] <cclausen> can you remove your single rule
[05:38] <cclausen> and try that?
[05:38] <MTecknology> ok
[05:38] <cclausen> just enable ufs without a rule set?
[05:38] <cclausen> err, ufw
[05:39] <MTecknology> http://dpaste.com/189926/
[05:40] <cclausen> rule is still htere: Anywhere                   ALLOW IN    Anywhere
[05:40] <MTecknology> sorry... wrong pastebin
[05:41] <MTecknology> there we go - http://dpaste.com/189928/
[05:41] <cclausen> did that block stuff too?
[05:42] <cclausen> what are teh rules with 192.168.122.0/24 about ?
[05:42] <MTecknology> no idea..
[05:42] <MTecknology> hrm..
[05:43] <MTecknology> I think that's the virt network
[05:43] <MTecknology> I should try iptables -flush
[05:43] <MTecknology> maybe?
[05:44] <MTecknology> or could that likely kill me?
[05:44] <cclausen> yeah, flush the iptables rule sets
[05:44] <MTecknology> there - chains listed - but all empty
[05:44] <MTecknology> should I do ufw enable from here?
[05:44] <cclausen> take a look at this
[05:44] <cclausen> http://www.cyberciti.biz/tips/linux-iptables-how-to-flush-all-rules.html
[05:45] <cclausen> I'd try flushing all of those
[05:45] <MTecknology> I did iptables -F
[05:45] <MTecknology> oh
[05:45] <cclausen> yeah, but does that actually flush eveything?
[05:45] <cclausen> (it might, I don't know)
[05:45] <MTecknology> everything except purging the chains
[05:45] <MTecknology> which have nothing in them
[05:46] <cclausen> iptables -X just in case
[05:46] <MTecknology> ok - EVERYTHING is wiped
[05:46] <cclausen> now try ufw again
[05:46] <MTecknology> ok..
[05:46]  * MTecknology crosses fingers...
[05:47] <MTecknology> exact same thing
[05:47] <cclausen> iptables -L pastebin?
[05:47] <cclausen> e.g. is the rule set the same?  with that 192.168.122 net?
[05:48] <MTecknology> http://dpaste.com/189937/
[05:49] <cclausen> ok, well at least the 192.168 stuff is gone now
[05:50] <cclausen> try switch ufw the other way
[05:50] <cclausen> to deny by default
[05:51] <cclausen> will the same allow from any to any rule
[05:51] <cclausen> and see if it still blocks
[05:52] <MTecknology> http://dpaste.com/189941/
[05:52] <MTecknology> that's w/o allow allow
[05:52] <cclausen> if you have the text, diff the two
[05:52] <cclausen> if the only difference the ACCEPT to DROP in teh first line ?
[05:53] <MTecknology> http://dpaste.com/189943/
[05:54] <cclausen> that is the same thing, isn't it?
[05:54] <MTecknology> just with the allow everything
[05:54] <cclausen> hmm
[05:54] <cclausen> I wonder if allow everything doesn't work b/c of teh default rule sets
[05:55] <cclausen> try just allow from 192.168.0.0/16
[05:55] <MTecknology> allow from 192.168.0.0/16 to any ?
[05:56] <cclausen> just ufs allow from 192.168.0.0/16
[05:56] <cclausen> the "to any" should be implied
[05:56] <MTecknology> you can't do that
[05:56] <cclausen> (at least according to the wiki page I'm reading)
[05:56] <cclausen> so this is wrong? https://help.ubuntu.com/community/UFW
[05:56] <cclausen> "sudo ufw allow from 192.168.1.0/24"
[05:56] <MTecknology> oh..
[05:56] <cclausen> its one of the examples
[05:56] <MTecknology> nifty
[05:56] <MTecknology> I'll try
[05:57] <MTecknology> same thing
[05:57] <cclausen> hmm
[05:57] <cclausen> I've got no ideas then
[05:57] <MTecknology> alrighty
[05:57] <cclausen> unless you want to try purging and reinstalling ufw and iptables
[05:58] <MTecknology> I'll just file a bug report and include this whole log :P
[05:58] <MTecknology> it happened on a fresh install
[05:58] <MTecknology> this whole setup is only a few months old with mostly all default configs
[05:59] <MTecknology> cclausen: thanks VERY much for the help :)
[05:59] <MTecknology> cclausen: sticking with it this long was impressive :)
[06:00] <MTecknology> cclausen: if you make a wiki page I'll happily add a recommendation for you if you decide you want to become an ubuntu member someday
[06:03] <MTecknology> cclausen: any objections if I include this whole log?
[06:04] <cclausen> MTecknology: none from my end.  I'm not really a firewall expert though.  maybe someone who knows what they are doing shoould take a look at it first?
[06:29] <MTecknology> cclausen: there we go - bug filed :)
[06:29] <MTecknology> cclausen: worst case I did something stupid
[06:33] <MTecknology> !kvm
[07:08] <Flam`> I opened some ports in my iptables, here's an "iptables -L" http://pastie.org/private/k6nygx4hznny241abt1whq, but when I try to connect to the ports (8484 for example) with nmap it says that it is still closed.
[07:09] <MTecknology> Flam`: ufw status verbose
[07:09] <Flam`> Also, what's the easiest way to remove the last 4 ACCEPT entries in the "chain INPUT" section... added those by mistake.
[07:09] <Flam`> k 1sec
[07:11] <Flam`> I see a lot of blocked attempts.
[07:13] <Flam`> MTecknology: What am I supposed to see?
[07:14] <MTecknology> Flam`: a verbose output of the current status of ufw
[07:15] <MTecknology> Flam`: if you're using ufw, you shouldn't be workin with iptables directly if you can help it
[07:15] <cclausen> Flam`: what does netstat -ant show?  do you actually have something listening on port 8484 ?
[07:15] <cclausen> Flam`: and do you want to allow udp or tcp?  by default, nmap only scans tcp
[07:16] <MTecknology> ya.. cclausen can help you much better..
[07:16] <cclausen> MTecknology: no, go ahead.  you actually use the commands.
[07:16] <MTecknology> cclausen: :P
[07:17] <MTecknology> Flam`: do you want to use ufw or iptables directly? you shouldn't really intermix them unless you really much up things (like me a little while ago)
[07:17] <Pirate_Hunter> has anyone managed to successfully combine any type raid with lvm in 10.04 without being directed to busybox stating "gave up waiting for root device", if so is there any fix for this bug?
[07:17] <MTecknology> s/much/muck/
[07:18] <Pirate_Hunter> I am starting to think I should go back to 8.04
[07:18] <MTecknology> Pirate_Hunter: what type of setup? do you have root on lvm?
[07:19] <MTecknology> I like keeping / and /boot off of any funky setups
[07:20] <Flam`> Thanks for the tip, I'll try not to mix and match between ufw and iptables.  I'll stick with ufw.   I just did "sudo ufw allow 8484" which im hoping enabled it for both udp/tcp from any location.  I ran my service and tried netstat -ant and nothing is even listening.
[07:20] <Flam`> :/
[07:21] <Pirate_Hunter> MTecknology, been a while i've seen you here or maybe i am the one whos been missing, well originally it was raid1 /boot raid0+lvm however that sent me to busybox, now after searching online a few have had problems with other raid combinations but no one has provided a fix. However those were either alpha or beta stages of lucid
[07:21] <cclausen> Flam`: nmap won;t show a port as open if it can't connect to it.  you can run something there to test if you want
[07:21] <MTecknology> Flam`: if you run ufw status it tells you if it's by tcp, udp, or both - i think default is it's as open as you specify it should be closed
[07:22] <Flam`> ufw status shows that it is indeed both udp/tcp from anywhere.  Thanks for the help guys it seems the problem lies in my service software itself.
[07:22] <cclausen> Flam`: easiest thing to test with is probably sshd: sudo `which sshd` -D -p 8484 and then nmap once sshd starts up
[07:22] <Flam`> hm
[07:22] <Flam`> How do I close it afterwards?
[07:22] <Pirate_Hunter> MTecknology, it takes four hours to wipe the disks I can't do that again, if no definite answer I'll go back to hardy
[07:23] <cclausen> Flam`: you can Ctrl-C it if its still running after nmap
[07:23] <cclausen> in debug mode, it will shutdown after a single connection
[07:23] <MTecknology> Pirate_Hunter: /boot should always be on the simplest system you can muster. The generic kernel has initrd which should handle booting the rest of the system on some pretty obscure setups.
[07:23] <Flam`> cclausen: it worked. Thanks
[07:24] <cclausen> Pirate_Hunter: you don;t have to completely wipe the disks.  just wiping out the parition table should work for a reinstall
[07:25] <MTecknology> Pirate_Hunter: I've been on here a lot for a long time, just always busy with other things
[07:25] <Pirate_Hunter> MTecknology, I wanted boot on both since I can run degraded, more like an insurance that boot would work if something went wrong on one of the disks, also obscure setup?
[07:26] <cclausen> Pirate_Hunter: boot shouldn't change much, just put a copy of it on each disk
[07:26] <cclausen> (you'd have to manually keep them in sync though)
[07:26] <Pirate_Hunter> MTecknology, no wonder and I show up once in a while still nice seeing you
[07:26] <MTecknology> Pirate_Hunter: nice seeing you too
[07:28] <Pirate_Hunter> cclausen, keeping in sync manually seems like more wok than it is worth while raid1 will do that for me, it actually works on 8.04 just can't understand why 10.4 is giving me so much trouble also something weird when setting up raid0 it takes a few kb and makes it unusable, something I didnt notice on the previous lts
[07:28] <Pirate_Hunter> MTecknology, :)
[07:29] <cclausen> Pirate_Hunter: can you make /boot a mirror that is not in lvm?
[07:29] <MTecknology> Pirate_Hunter: like, lvm on soft raid on hard raid with zfs on everything
[07:29] <MTecknology> Pirate_Hunter: if /boot is on a simple standard partition - it can boot that
[07:30] <MTecknology> I think so anyway..
[07:32] <Pirate_Hunter> I understand what both are saying, however, the problem is that boot is actually not finding the lvm / partition or to be correct initramfs, some say its grub2 others its something with lucid and im clueless
[07:32] <MTecknology> you can always dd if=/dev/sda1 of=/boot.img
[07:34] <cclausen> Pirate_Hunter: what is your hardware setup?
[07:34] <Kaprenakis> Hi again .
[07:35] <Pirate_Hunter> cclausen, its just a machine with two disks and 4gb ram to be as simple as possible its nothing to do with the hardware
[07:35] <MTecknology> ya.. my gf called me just so she can make me feel bad because she's crying because I didn't agree to why she was upset with me
[07:36] <Kaprenakis> Doing a install of Ubuntu 10.04 server, and was wondering for a file server/media server, with hopefully outside access. What option should i do for Partition disks?
[07:36] <Pirate_Hunter> I assume no one has encountered this or have tried  any raid setup with lvm?
[07:36] <cclausen> Pirate_Hunter: what disk controller?
[07:36] <Callum__> Umm, WHY is Ubuntu 10.04 Server's default GRUB install behaviour is to install to the first drive if there isn't any other OS on the computer?
[07:36] <Kaprenakis> use entire disk .. use entire disk and set up LVM .... use entire disk and set up encrypted LVM .... Manual set up
[07:36] <cclausen> Pirate_Hunter: can you do an install to  a single partition on a single drive?
[07:37] <Callum__> Why doesn't it install GRUB to the installed drive, like EVERY other Ubuntu derivative?
[07:37] <cclausen> Callum__: that sounds reasonable to me and is what I prefer
[07:38] <Pirate_Hunter> cclausen, nope normal ide connectors no controllers and by god I would expect to be able to pull of a single install of lucid or may something bad happen... I can install any version of ubuntu just not the setup I want, which is why I need to find out why
[07:38] <Callum__> cclausen: What if you take out the drive it installed to? Won't be able to boot the Ubuntu installation because its actually on another drive, and the bootloader is installed on the drive you took out >_>
[07:39] <Callum__> Basically, it installed the bootloader to the MBR of one of my RAID arrays (/dev/sda) when I need it installed onto a 40GB OS drive (/dev/sde)
[07:39] <Pirate_Hunter> Callum__, you can do that manually however that is soemthing google will help you with or soemone with expertise in grub2 can help you with
[07:39] <cclausen> Callum__: that is already filed as a bug it seems
[07:39] <Callum__> I know how do install GRUB manually, but it's a really annoying problem >_> and now the server is refusing to boot, great
[07:39] <cclausen> Callum__: yep, I know.  this is why I stopped trying to run dual boot systems.  its not worth the hassle
[07:40] <Callum__> This ISN'T a dual-boot system, just Ubuntu Server 10.04 on it
[07:40] <cclausen> so why is it a problem to have grub on disk 0?
[07:40] <Pirate_Hunter> Callum__, welcome to my world at least your problem is simple mine has no answer so far
[07:40] <cclausen> Pirate_Hunter: what motherboard?
[07:41] <Callum__> because I want it to boot GRUB off the 80GB drive when its booting off one of my RAID arrays >_>
[07:41] <Pirate_Hunter> cclausen, any reason why you asking about the mob?
[07:41] <cclausen> Pirate_Hunter: yes, the release notes list some specific issues on asus boards
[07:41] <cclausen> Callum__: can you make that drive appear as drive 0 ?
[07:42] <Callum__> cclausen: no
[07:42] <Callum__> well, at least I think /dev/sda is one of my RAID arrays on this, it might be the other, backup, IDE drive I have in the machine
[07:43] <Callum__> either way, don't want to reinstall this crap again, took forever
[07:43] <Pirate_Hunter> its an old generation IBM Think Centre most if not all the components are intel exact mob type not sure but since it is open I can see IBM written on it
[07:43] <Kaprenakis> Doing a install of Ubuntu 10.04 server, and was wondering for a file server/media server, with hopefully outside access. What option should i do for Partition disks?
[07:43] <Kaprenakis> use entire disk...
[07:43] <Kaprenakis> use entire disk and set up LVM ....
[07:43] <Kaprenakis> use entire disk and set up encrypted LVM ....Manual set up
[07:43] <cclausen> Pirate_Hunter: model?  I might have one of those I can test with actually...
[07:44] <cclausen> Kaprenakis: we don't know enough about your setup to answer you.  in general I;d put data and the OS on two different partitions
[07:45] <cclausen> Kaprenakis: I think lvm is just a world of pain and avoid it at all costs.  I would just create a reasonable / primary partition, a reasonable /data primary partition and a 500MB swap partition
[07:45] <Pirate_Hunter> cclausen, IBM REV: 2.1 that is all I can see printed on the mob, lspci hasn't been of much help
 Callum__: that is already filed as a bug it seems - where?
[07:46] <cclausen> Pirate_Hunter: can you install dmidecode and try and get more info from that?
[07:46] <cclausen> Callum__: bug 414996
[07:46] <Kaprenakis> cclausen: ok thanks, ok so primary is for your everyday files.. /data primary partition is for system os files?
[07:46] <Pirate_Hunter> cclausen, that may be true but it is easily achieved through the previous lts would not understand why the new lts can't do something simple like raid and lvm, I have always used it without a problem until today my opinion of Lucid is poor at this moment
[07:47] <cclausen> as far as I can tell, its not fixed in lucid either.
[07:47] <cclausen> Pirate_Hunter: did you read the release notes?
[07:48] <Pirate_Hunter> cclausen, parts of it, no not really
[07:48] <Callum__> maybe it refuses to boot because of the drive I installed it to, its caused me problems with booting before...
[07:48] <Callum__> I know that it installs to the wrong drive, but this refuses to boot at all
[07:48] <Callum__> "GRUB " then nothing
[07:49] <cclausen> Pirate_Hunter: http://www.ubuntu.com/getubuntu/releasenotes/1004 read the part about "Partition alignment changes may break some systems"
[07:50] <cclausen> so might be bug 551965
[07:50] <Callum__> So, that bug 414996 has been open and left unfixed for months?
[07:51] <Callum__> >_>
[07:51] <cclausen> I assume it isn't easy to fix
[07:51] <Callum__> doesn't sound hard to fix
[07:51] <Pirate_Hunter> cclausen, IBM / product name: 8187D1G / serial n: KKFDB8P
[07:53] <cclausen> Pirate_Hunter: ThinkCentre M50 8187-D1G
[07:53] <cclausen> do you know is that is an Intel ICH8 controller?
[07:55] <Pirate_Hunter> cclausen, it should be everything else is by intel
[07:56] <cclausen> that is the model that has the problem
[07:56] <cclausen> "If you find that you need to use the old cylinder alignment instead, then add the {{{partman/alignment=cylinder}}} boot parameter when starting the installer."
[07:58] <Pirate_Hunter> huh it is? hmmm... where would I check the exact controler type and will try that on the server cd I add that to the boot options?
[08:02] <cclausen> lspci -vvv work?
[08:03] <cclausen> yeah, add that to the boot options I think will help.
[08:03] <cclausen> at least that is what people said in the bugReport
[08:05] <Pirate_Hunter> will try my last attempt of lucid before going back to hardy which is rock solid, thanks for your help and patience, will attempt the same setup that In used to have on my server raid+lvm which is another issue in itself
[08:06] <Pirate_Hunter> cclausen, before you go is the forward slash part of the actual command or I have to choose either of those?
[08:17] <cclausen> Pirate_Hunter: I think the / is part of teh command
[08:17] <cclausen> I am not sure though
[08:18] <cclausen> I think it is an option that gets passwed to partman, so having the / makes sense
[08:18] <Pirate_Hunter> no problem will attempt and see, hopefully it will work, thanks for the help at least this might help better
[08:30] <MTecknology> cclausen: what was that link for clearing iptables?
[08:33] <cclausen> http://www.cyberciti.biz/tips/linux-iptables-how-to-flush-all-rules.html
[08:33] <MTecknology> cclausen: thanks. I can't bring my system up now..
[08:34] <MTecknology> :P
[08:35] <MTecknology> cclausen: just networking. I figure out howt o fix what was going on - rebooted, now no network - just wanted to go back over what I changed
[09:02] <MTecknology> cclausen: GAAAAAHH!
[09:03] <MTecknology> cclausen: we only screwed with iptables, right?
[09:03] <cclausen> MTecknology: and ufw
[09:04] <cclausen> but in theory, yes
[09:04] <cclausen> did you really break something?
[09:04] <MTecknology> cclausen: iptables -F and ufw disable - should ignore anything we did....
[09:04] <MTecknology> ya... I can't get networking back to this system
[09:04] <MTecknology> I have somebody else local
[09:05] <cclausen> start simple
[09:06] <cclausen> can you ping your own ip
[09:06] <cclausen> can you ping the default gateway
[09:06] <cclausen> etc.
[09:06] <MTecknology> no
[09:06] <MTecknology> own ip will work - it's a static ip
[09:09] <cclausen> if you can't ping the default gateway, that is either an interface problem or a calbe problem
[09:09] <MTecknology> it's config issue - I'm 99.999% sure
[09:15] <jdstrand> MTecknology: oh, I just thought of something before really going to bed
[09:15]  * MTecknology thinks please be the answer....
[09:16] <jdstrand> MTecknology: you have dnsmasq enabled on boot-- is it possible that it is starting and giving out an invalid ip to your host? iirc, you shouldn't be using dnsmasq with bridging VMs (you'd have to check the Ubuntu wiki for libvirt/bridging configuration)
[09:17] <MTecknology> jdstrand: that's the only system I have that uses it - I wonder how it got on there
[09:17] <MTecknology> I'm too tired to search reverse deps - or- to remember how
[09:18] <jdstrand> MTecknology: test it by moving /etc/init/libvirt-bin.conf somewhere out of /etc/init
[09:18] <MTecknology> ah..
[09:18] <jdstrand> MTecknology: dnsmasq is pulled in by libvirt
[09:20] <jdstrand> MTecknology: by moving /etc/init/libvirt-bin.conf aside, libvirt won't start on boot, and it won't start up dnsmasq. I'm hoping that is your issue
[09:20] <MTecknology> I'll try that...
[09:20] <MTecknology> jdstrand: would mv /etc/init/libvirt-bin.conf /etc/init/libvirt-bin.conf.dis work?
[09:21] <MTecknology> idk if upstart reads specific files or everything..
[09:21] <jdstrand> MTecknology: if that works, you'll have to setup libvirt with bridging using the wiki
[09:21] <MTecknology> or... if I read what you said.....
[09:21] <jdstrand> MTecknology: I think it only read *.conf-- I am not 100% sure
[09:22] <MTecknology> I'll just move it to /
[09:22] <jdstrand> MTecknology: for a quick test, that is reasonable
[09:22] <Pirate_Hunter> waaaaaaaaaaaaaaaaaaah it works its alive lucid server works
[09:23] <Pirate_Hunter> cclausen, thanks apparently it must have been the disk alignment
[09:23] <MTecknology> jdstrand: rebooting to try it out
[09:23] <jdstrand> MTecknology: "if that works, you'll have to setup libvirt with bridging using the wiki" *and* put libvirt-bin.conf back in /etc/init
[09:23] <cclausen> Pirate_Hunter: when all else fails, read the instructions
[09:24] <MTecknology> jdstrand: I followed https://help.ubuntu.com/community/KVM/Networking
[09:25] <MTecknology> jdstrand: and .... still nothing... I'm halfway considering just blowing away all configs on the thing and starting from scratch with just the old vm's - I'm completely at a loss.....
[09:25] <jdstrand> well, it was an idea
[09:26] <Pirate_Hunter> cclausen, :p, just wished I had chosen ext4 instead of ext3, but that is a minor issue
[09:26] <MTecknology> jdstrand: ya, thanks :)
[09:26] <jdstrand> MTecknology: I'd recommend checking /var/log/kern.log and /var/log/syslog and /var/log/daemon.log for reasons as to why dhcp isn't working
[09:26] <MTecknology> jdstrand: you have any other ideas at all?
[09:27] <Pirate_Hunter> cclausen, that was driving me nuts for the past two days so it isn't anything to do with lvm as some of the bug reports, those should be corrected
[09:27] <jdstrand> MTecknology: you could use a static ip on the host instead of dhcp temporarily
[09:27] <jdstrand> MTecknology: then see if it can ping your gateway, etc
[09:27] <MTecknology> I'e been doing that
[09:27] <MTecknology> it's static 192.168.1.4
[09:27] <MTecknology> br0 is static
[09:27] <MTecknology> tried dhclient eth0 and br0; nothing
[09:28] <MTecknology> reconfigured a lot of packages, nothing
[09:28] <cclausen> MTecknology: check dmesg for errors?
[09:28] <MTecknology> sm-mtp[1396]: gethostbyaddr(192.168.1.4) failed: 2
[09:28] <jpds> sudo mii-tool
[09:28] <MTecknology> does that look interesting?
[09:29] <cclausen> I had mii-diag uninstalled when I upgraded to lucid.... or is mii-tool not  the same thing?
[09:29] <Pirate_Hunter> well of to sleep my brain is drained and im happy see yah folks
[09:30] <MTecknology> sm-mtp - that doesn't matter, does it?
the guys that came up with the syntax for partman-auto in preseed files should really be forced to actually use it... argh!</rant>
[09:31] <MTecknology> jpds: I'm going to have him try it with the expectationthat you know I have low expectations, high hopes, and currently a giganticaly crushed soul
[09:31] <cclausen> joschi: the alternative is no options at all in preseed files, so I'd not say that too loudly...
[09:32] <joschi> cclausen: I'm somehow spoiled by setup-storage from FAI ;)
[09:33] <cclausen> joschi: yeah, ditto that
[09:33] <joschi> currently I'm primarily using FAI only for partitioning the machines and thought I could try it with only preseed files. well, it works but it was a pain to setup the partitioning :(
[09:33] <cclausen> well, you only need to setup it up once
[09:33] <MTecknology> $mii-tool  eth0: no link    $mii-tool br0  SIOCGMIIPHY on 'br0' failed: Operation not supported
[09:34] <MTecknology> jpds: no idea what that means - but it sounds bad
[09:34] <joschi> cclausen: yes, but that doesn't make the pain go away ;)
[09:34] <cclausen> MTecknology: /etc/init.d/networking restart and see if that helps
[09:35] <cclausen> joschi: I wish there was a do-release-upgrade for preseed files and other FAI stuff...
[09:35] <MTecknology> joschi: my pain never goes away
[09:35] <MTecknology> joschi: I live in a tub of deep despair
[09:35] <MTecknology> cclausen: nothing - no errors or anything
[09:36] <joschi> cclausen: hm, maybe through FAI softupdates? didn't look into them any further, though
[09:36] <cclausen> joschi: oh, hmm...
[09:36] <MTecknology> cclausen: any other ideas?
[09:36] <MTecknology> cclausen: if this doesn't work I'm just going to blow apart this system and start anew
[09:36] <cclausen> MTecknology: down all interfaces expect your real one and get it to work again
[09:37] <MTecknology> tried that
[09:37] <cclausen> hmm...
[09:37] <cclausen> reboot one last time and pray :-)
[09:37] <MTecknology> lol
[09:37] <MTecknology> ole #~20
[09:37] <MTecknology> or 30
[09:38] <MTecknology> I fought this puppy long and hard. I think it's time to just let'r go
[09:39] <cclausen> hmm.. did you try booting up in single user mode?
[09:39] <cclausen> or "recovery mode" as listed in grub
[09:39] <cclausen> oh well, I need to go home.  its so late its early here..
[09:40] <MTecknology> ya
[09:40] <MTecknology> cclausen: alrighty, thanks for the help
[09:40] <MTecknology> at this point, i'd have spent less time starting from scratch :P
[09:53] <MTecknology> !iso
[10:20] <cjs> !gpt
[10:21] <cjs> Does that mean, "Don't even think about talking about it"? :-)
[12:04] <TJ^> hi guys
[12:05] <TJ^> trying to setup pptp server
[12:05] <TJ^> GRE read is failing
[12:05] <TJ^> http://pastebin.com/QpNXrGaT
[12:05] <TJ^> tried everything!
[13:53] <joschi> hi, when using partman-auto with an "expert recipe" in a preseed file it always seems to generate a faulty partition table. installation eventually works and the system boots, but cfdisk and fdisk say the partition table (esp. the first partition) is incorrect
[13:54] <joschi> I used the example from https://help.ubuntu.com/9.10/installation-guide/example-preseed.txt to verify it and it also results in a faulty partition table
[13:54] <joschi> has anyone else the same problem?
[13:54] <joschi> I couldn't find a bug report for this issue
[15:04] <kim0> Hi folks, I want install ubuntu-server, and point the installation CD at an automatic preseed file. Must I use the alternate-DVD ? or can I use the normal server DVD ?
[15:47] <jnss> why's 64bit downloads defaulted
[15:49] <TJ^> cos most servers these days are 64bit
[16:49] <FFF666> hi, I've installed UEC following the guide in the page. I can run images and login it via ssh, but if I terminate the instance and run it again(it has the same ip), when I tried to login it via ssh appears this problem
[16:49] <FFF666> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[16:49] <FFF666> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
[16:49] <FFF666> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[16:49] <FFF666> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
[16:49] <FFF666> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
[16:49] <FFF666> It is also possible that the RSA host key has just been changed.
[16:49] <FFF666> The fingerprint for the RSA key sent by the remote host is
[16:49] <FFF666> 72:bb:6d:43:96:1f:e9:7e:da:bf:de:a3:53:b3:fe:e2.
[16:49] <FFF666> Please contact your system administrator.
[16:49] <FFF666> Add correct host key in /root/.ssh/known_hosts to get rid of this message.
[16:49] <FFF666> Offending key in /root/.ssh/known_hosts:2
[16:49] <FFF666> RSA host key for has changed and you have requested strict checking.
[16:49] <FFF666> Host key verification failed.
[16:50] <FFF666> any ideas?
[16:53] <Kaprenaki> I'm doing a clean install of ubuntu 10.04... what % should be primany.... what % should be primary data.... what % should be swap...
[16:53] <hggdh> FFF666: first of all, please do not dump lines here; use pastebin
[16:54] <hggdh> FFF666: second, each instance you run will have a *NEW* and, consequently, most certainly different SSH key
[16:54] <FFF666> new ssh key?, so what I have to do before ssh it?
[16:55] <hggdh> FFF666: so. I am assuming you are just doing ' ssh ubuntu@1.2.3.4' . This, by default, will save the public key of 1.2.3.4 in your ~ /.ssh/known_hosts
[16:56] <hggdh> FFF666: if the instances are really ephemeral, you should either not save the public keys, or delete them after use
[16:56] <FFF666> ahhh
[16:57] <Pici> You could disable strict host key checking as well, but that may open you to other issues.
[16:57] <FFF666> what kind of issues?, I'm a student testeng cloud computing
[16:58] <FFF666> what kind off issues?, how can I do that?
[16:58] <hggdh> you can do both on the call to SSH: ssh -o UserKnownHostFile=/dev/null -o StrictHostKeyChecking=no
[16:58] <hggdh> FFF666: a real MITM attack...
[16:58] <Pici> aye.
[16:58] <FFF666> I dont care, this is for a college work
[16:59] <FFF666> I have another question.
[16:59] <hggdh> FFF666: 'I dont care' is usually a bad answer in a test ;-)
[17:00] <FFF666> haha, yes it will carry problems
[17:00] <FFF666> other
[17:00] <FFF666> I want to know how can I do to save the changes that I make to the image. For example, I run an ubuntu image and I install the mysql server, but if I turn off the image and run it again that mysql won't be there.
[17:03] <hggdh> yeah, good one, but I have not gotten that far in Euca/uec yet ;-)
[17:04] <hggdh> this would be a rebundling
[17:05] <FFF666> ahh
[17:31] <FFF666> I want to know how can I do to save the changes that I make to the image. For example, I run an ubuntu image and I install the mysql server, but if I turn off the image and run it again that mysql won't be there.
[17:45] <Kaprenaki> Are swap partitions a primary or logical partition?
[17:49] <hggdh> either, plust LVM
[17:51] <Pirate_Hunter> just bonded my interfaces and transferring large files, however I notice on my router only one of the server cards are is active yet iftop tells me transfer speed is at 40MB, how do I test whether both cards are actually working as lacp?
[18:12] <MTecknology> jdstrand: hey, you around?
[18:15] <jamesturk> is anyone running 10.04 on EC2 and seeing high load before their server is even doing anything?
[18:16] <jamesturk> tried searching and asking around before, but so far no luck and few leads
[18:20] <MTecknology> Well.. I got my landscape account. yay- now to wait for my 60day trial to be approved.
[18:22] <cjs> jamesturk: How long does that high load last? If it's only for a minute or three, perhaps just startup costs?
[18:23] <jamesturk> cjs:  17:23:08 up 1 day, 19:06,  2 users,  load average: 0.74, 0.74, 0.55
[18:23] <jamesturk> all that I have done on that server is install postgres (no databases are even created as of yet)
[18:24] <cjs> jamesturk: Hmmm. That is a little high, though not huge.
[18:24] <cjs> What does top or htop tell you?
[18:24] <jamesturk> my 9.10 and 9.04 servers idle at 0.02 (and some of those are active)
[18:24] <jamesturk> top shows Cpu(s):  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
[18:25] <jamesturk> and next to no memory used and no swap touched
[18:26] <cjs> Ok, so no CPU. What are those processes waiting on, then? Next: iostat.
[18:26] <jamesturk> avg-cpu:  %user   %nice %system %iowait  %steal   %idle
[18:26] <jamesturk>            0.00    0.00    0.00    0.01    0.00   99.98
[18:26] <cjs> BTW, do you know what that load average means?
[18:27] <storrgie> Can somebody help me bring up another network interface on my server? I have two nics, both of them connected... but the second one wont come online.
[18:28] <cjs> jamesturk: That is, typically, the number of processes waiting to run, but which cannot because there are no resources available. Clearly, the resource that's not available is not CPU.
[18:29] <cjs> So that's why I asked about iostat: you want to know what your disks are doing. (That's another common resource that starves processes.)
[18:30] <jamesturk> cjs: yes but if I'm reading iostat correctly tough 99.98% in the idle state
[18:30] <jamesturk> though*
[18:30] <cjs> jamesturk: That's CPU, not disk.
[18:30] <jamesturk> ah
[18:30] <jamesturk> just a second
[18:30] <jamesturk> Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
[18:30] <jamesturk> sda1              0.19         1.97         1.36     305458     212048
[18:30] <jamesturk> sdb               0.00         0.00         0.00        762         80
[18:31] <cjs> Try "iostat 5" and wait for an update or two (the first won't tell you anything)....
[18:31] <jamesturk> after the first read all numbers are 0
[18:31] <jamesturk> on sda1 and sdab
[18:31] <cjs> Try iostat -m 5, and see what your MB read/written is after the first display.
[18:31] <cjs> Hm. That would mean no disk I/O.
[18:32] <cjs> (The first display is since boot, averaged over time since boot.)
[18:32] <jamesturk> I also have EC2 monitoring and looking at my graph over the last day is literally a flat line on disk I/o, cpu utilization, network I/o
[18:32] <cjs> Hmmm!
[18:33] <cjs> And is anything slow?
[18:34] <cjs> I wouldn't like to say "ignore that load average number," but if your CPU, disk and network are all fine, I suppose it could be an artifact of VM stuff.
[18:35] <jamesturk> not that we've noticed. I started up this server to experiment with because we'd like to move our 9.04 machines to 10.04 -- I haven't actually gotten around to using them, in part because we noticed the load average anomaly
[18:35] <cjs> As I said, that number is supposed to be how many processes are ready to run and are yet blocked because there's a resource they're waiting on (e.g., CPU time to run, disk I/O to complete, network I/O to complete....)...
[18:36] <cjs> Well, EC3 is all VMs, so it could be they're waiting for other stuff on the "real" server that's really not affecting you. I suggesting bringing up a typical server and trying to subject it to a typical load (real or test) and see if it makes any difference.
[18:37] <cjs> Sorry, "EC2." I get ahead of myself sometimes. :-)
[18:38] <cjs> Anyway, I guess my lesson here is that, "the load average number can lie." Especially these days.
[18:38] <jamesturk> my coworker and I were close to the same conclusion, probably what we'll wind up doing Monday.  seems like something must have changed between 9.10 and 10.04 to cause the calculation to take into account activity outside the vm though as we've never seen an issue like this on any of our others
[18:38] <jamesturk> we'll just have to adjust our monitoring accordingly (usually sustained load like this would set off a minor alarm)
[18:39] <cjs> jamesturk: Well, good. Remember, it is a number that may have information for you, but is not to be confused with what actually happens.
[18:39] <cjs> jamesturk: What sort of app do you run?
[18:39] <cjs> Web-based?
[18:40] <jamesturk> yes, we run nginx and postgres
[18:40] <cjs> Anyway, see if you can't find a more direct way to test. E.g., a page that forces a DB query.
[18:40] <cjs> And then look at the response time on that.
[18:41] <cjs> Ah, with postgres you may want to try to force a write on something that may have some contention. Reads should always be pretty darn fast, unless you have an absolutely enormous DB.
[18:42] <cjs> Well, anyway, the point is, test something as close as you can get to what the user sees, and alert on that.
[18:43] <jamesturk> cjs: sound advice for sure
[18:43] <cjs> I need to run. Hope I helped!
[18:48] <jamesturk> cjs: thanks, you definitely did
[18:52] <MTecknology> Could somebody do me a favor? Just tell me if you can open staging.profarius.com ?
[18:54] <jnss> why is the 64bit recommended over the 32bit one
[18:54] <jnss> really
[18:56] <jnss> i need a netinstall
[18:56] <jnss> is that doable?
[18:56] <philgarr> MTecknology: yes
[18:56] <JanC> jnss: taht are 2 seemingly unrelated questions
[18:57] <jnss> both can be answered
[18:57] <JanC> if you want to do a netinstall: https://help.ubuntu.com/community/Installation/MinimalCD
[18:58] <JanC> well, there are other netinstall images in the same directories as those minimal isos
[19:00] <jnss> thanks
[19:00] <jnss> that may help em a lot
[19:05] <Pirate_Hunter> just bonded my interfaces and transferring large files, however I notice on my router only one of the server cards are is active yet iftop tells me transfer speed is at 40MB, how do I go about testing if both cards are actually working at the same time under mode=4?
[19:10] <philgarr> what is the cleanest way to remove the "helpful" tasksel motd?  just remove 51_update-motd?
[19:13] <philgarr> nevermind, just had to read the manpage for update-motd; answer:yes
[19:13] <ShadowTale> hi folks
[19:14] <ShadowTale> ok, so i've installed ubuntu server. it's hooked up to the internet. How do I get it to connect to the internet so that "ping google.com" works
[19:24] <ShadowTale> 'ello?
[19:43] <IanFHood> I did: mount /dev/sdf /mnt but when I try to unmount /mnt I get command not found.. so how/where do I get 'unmount' ??
[19:43] <IanFHood> using 8.04
[19:45] <stgraber> IanFHood: umount
[19:45] <IanFHood> stgraber: omg.. too easy.. thanks!!
[19:46] <stgraber> np
[20:27] <Kaprenakis> I have a 20gb hard drive. How should i split it up? Primary partition, Primary data partition and swap partition. How many gbs for each?
[20:27] <Kaprenakis> Im using a old computer and installing ubuntu 10.04 for a file server + media streming
[20:28] <RoyK> Kaprenakis: usually a single partition will work well, but it might be a good idea to use 1-2GB for the root in case the data volume fills up
[20:29] <RoyK> you don't want to end up with a full root partition
[20:34] <Kaprenakis> RoyK: So make 3 partitions one for the data and then make another (Primary?) partition for the root
[20:34] <Kaprenakis> and then a swap of like 1gb
[20:35] <Kaprenakis> RoyK: Is swap a primary or logical partition?
[20:37] <RoyK> Kaprenakis: doesn't really matter if swap is on a primary or logical partition
[20:37] <Kaprenakis> RoyK: which one would you perfer?
[20:37] <RoyK> doesn't matter
[20:38] <RoyK> the reason for using logical partitions is if you want >4 partitions
[20:38] <RoyK> nothing else
[20:38] <RoyK> also, if you're only serving files with the system, you won't need much swap
[20:38] <RoyK> probably nothing, but half a gig will probably suffer
[20:39] <RoyK> even if you set vm.swappiness = 100, linux won't use much of it if processes don't allocate a lot
[20:41] <Kaprenakis> RoyK: Alright Thanks. One more question.
[20:42] <Kaprenakis> RoyK: after i make the 3 partitions do i select the 2gb root partition for the install?
[20:42] <nealmcb> Kaprenakis: if you'll be installing many packages, you want room for them and for major upgrades
[20:42] <RoyK> in the installer, select mount point /
[20:42] <RoyK> for the root partition
[20:43] <RoyK> nealmcb: a NAS setup doesn't need a lot of stuff - two gigs should suffice
[20:43] <nealmcb> the reason I usually have multiple partitions is to have two system partitions (one for when I install another release etc) and one bigger data one for /srv or /honem
[20:44] <nealmcb> ahh - I didn't hear the NAS part :)
[20:44] <RoyK> nealmcb: [21:27]  <Kaprenakis> Im using a old computer and installing ubuntu 10.04 for a file server + media streming
[20:44] <RoyK> 20 gigs for media will probably suffice for like three DVDs :)
[20:45] <Kaprenakis> ok this is very temporary i just want to mess around with this stuff
[20:45] <Kaprenakis> i know it will mainly be .mp3s and i have about 15GB that I want to access
[20:46] <RoyK> ok
[20:46] <Kaprenakis> should root be at the beginning of the available space?
[20:46] <RoyK> mostly it doesn't matter, but the outer rim of the drive, that is, the beginning, is about twice as fast as the inner part
[20:47] <RoyK> so place the swap in the outer area
[20:47] <RoyK> the root isn't much used during normal operation except for logs anyway
[20:48] <RoyK> so it hardly matters where it is
[20:49] <Kaprenakis> ok the use of the partitions: swap is going to be swap area. root should be EXt4 hournaling file system?
[20:51] <Kaprenakis> I got way to many questions...
[20:52] <CaptainTrek> RE: apache.
[20:52] <CaptainTrek> how can I set my username to be able to write to /var/www?
[20:52] <CaptainTrek> i hear it needs sudo
[20:53] <CaptainTrek> anyone?
[20:59] <nealmcb> CaptainTrek: see e.g. comment 10: http://ubuntuforums.org/showpost.php?p=2045715&postcount=10
[20:59] <CaptainTrek> but is that safe?
[20:59] <CaptainTrek> guntbert in #ubuntu says not
[20:59] <nealmcb> but note there are many issues with security and permissions to consider as noted in the link at the last comment
[21:00] <nealmcb> it all depends on exactly what you intend to do, what dynamic apps are running etc
[21:00] <CaptainTrek> i'm just wanting it to run so I can put my html pages into there without sudo
[21:00] <CaptainTrek> its a friggin pain xD
[21:02] <nealmcb> if you don't have dynamic apps, then the chmod option isn't a bad option
[21:02] <nealmcb> (and chown)
[21:02] <RoyK> Kaprenakis: doesn't really matter what filesystem you use - ext3 is rock stable, ext4 is better for large volumes, xfs or jfs are also good
[21:04] <guntbert> CaptainTrek: you know I'm just of the old school in this regard - and I was thinking several users  :-)
[21:04] <CaptainTrek> heh indeed
[21:05] <CaptainTrek> regardless, if I'm just hosting normal HTML pages, would there be any risk in changing ownership of /var/www?
[21:05] <CaptainTrek> and how could I switch it back to root if I have to?
[21:05] <nealmcb> change username to "root"
[21:05] <billybigrigger> anyone know where the 10.04 server guide is hiding?
[21:06] <CaptainTrek> nealmcb: would there be any risks by switching /var/www ownership to my user then?
[21:06] <carolija> hi
[21:06] <guntbert> billybigrigger: not out yet ?
[21:07] <billybigrigger> guntbert, can't find it
[21:07] <nealmcb> CaptainTrek: that's what I suggested, if it is just static content
[21:07] <RoyK> billybigrigger: the 8.04 guide will probably be good enough
[21:07] <billybigrigger> you'd think the server guide would be released with lucid
[21:07] <guntbert> billybigrigger: neither can I - it was an assumption not a question :-)
[21:07] <CaptainTrek> nealmcb: didnt get it, lost net connectivity srry
[21:08] <nealmcb> CaptainTrek: see e.g. comment 10: http://ubuntuforums.org/showpost.php?p=2045715&postcount=10
[21:09] <nealmcb> billybigrigger: apt-get install ubuntu-serverguide
[21:11] <CaptainTrek> nealmcb: if I chmod the thing to have +r -w permissions, only root will be able to write to /var/www, right?
[21:24] <ujjain> Ubuntu keeps asking for password after Ubuntu upgrade, despite me giving the right username/password in GNOME login window.
[21:27] <scar> has anyone been able to change the console resolution in 10.04?  i tried adding GRUB_GFXMODE=1024x768 to /etc/default/grub and running 'sudo update-grub' but that only seems to be adjusting grub's resolution but not the console
[21:32] <ujjain> Ubuntu keeps asking for password after Ubuntu upgrade, despite me giving the right username/password in GNOME login window.  NOTHING happens when I try to log in...
[21:35] <scar> ujjain, can you reboot into recovery mode and drop to a root shell? then change the password?
[21:35] <Kaprenakis> should i be encrypting my home directory if im going to be accessing my server outsite of my local network
[21:45] <scar> Kaprenakis, the encryption is good if someone steals your server
[22:14] <Kaprenakis> Scar: thats the only reason to use it?
[22:15] <cclausen> Kaprenakis: why do you think you need in the first place?
[22:15] <cclausen> Kaprenakis: I suspect it will just cause problems if you need to try and recover data later on in case of a filesystem or hard drive problem
[22:15] <scar> Kaprenakis, also if someone hacks into the server and you're not logged in, then it may help
[22:16] <cclausen> if someone hacks into the server, they can just install a keylogger and wait for you to login
[22:17] <Kaprenakis> cclausen: alrighty thanks youve been too much of a help. :P
[22:17] <Kaprenakis> cclausen: what do you do for a living?
[22:18] <cclausen> Kaprenakis: https://wiki.cites.uiuc.edu/wiki/display/~cclausen/Resume
[22:20] <Kaprenakis> cclausen: wow thats pretty good.
[22:20] <Kaprenakis> cclausen: I've really looked into going to school for network specialist, or some kind of network security not sure yet.. I'm a senior in HS.
[22:21] <cclausen> well, most of the networking classes here are kind of lame
[22:22] <cclausen> unfortunately networking and security really needs to be learned on the job
[22:22] <Kaprenakis> yeah so what would be a good area to go for if i want to eventually over time transition into that kind of job.
[22:22] <cclausen> things like SANS training can help, but there is no better way than actual problems
[22:22] <cclausen> I'd start at an IT help desk
[22:23] <cclausen> and work on learning things and try and learn on your own
[22:24] <cclausen> you can read through course materials like: http://www.cs.uiuc.edu/class/sp10/cs438/lectures.html
[22:24] <Kaprenakis> yeah everything that ive learned is all by googleing my questions and searching everything that i come across while doing server setups.
[22:25] <cclausen> yeah, me too
[22:25] <cclausen> I've just been doing in longer
[23:05] <dominicdinada> !download
[23:13] <dominicdinada> How to install server from an iso without burning it ? and no not on a thumb either. How can I mount the image to run it   ?
[23:13] <cclausen> dominicdinada: what are you installing onto?
[23:14] <cclausen> you can do a network install if you can PXE boot
[23:17] <dominicdinada> Ok someone told me to gpart the drive and use usb startup creater and write the live cd to the disk then boot into the installer
[23:17] <cclausen> I suspose you could
[23:17] <cclausen> why though?
[23:17] <cclausen> no blank CDs around?
[23:18] <dominicdinada> Because           A the server it is going into has no dvd drive   B cant wipe my thumbs as 1 is broken other is full of 3.9 gigs secure back up, C the PC is in pieces at the moment
[23:19] <cclausen> I see
[23:19] <cclausen> dominicdinada: what is the server running now?  you can upgrade from a previous ubuntu version
[23:20] <dominicdinada> There is no server now. I have an old PC that I gutted and throwing in 2 TB worth of hard drives.... The hard drive in question is a WD onetouch 750 that the housing broke so the drive was yanked so no OS
[23:21] <dominicdinada> Now it is in another external enclosure and gonna get a file system on there
[23:21] <cclausen> what are you typing this off of?
[23:21] <cclausen> you coudl try the netboot install
[23:22] <cclausen> download http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/  into your tftpboot space on another linux system on the same subnet
[23:22] <cclausen> err, oops, just get the netboot.tar.gz file
[23:23] <dominicdinada> Same for 32bit i take it just the i386 correct
[23:23] <cclausen> yeah, pretty much
[23:23] <cclausen> server not new enough to support 64-bit ?
[23:23] <dominicdinada> ok
[23:24] <cclausen> dominicdinada: do you have the ability to run your own DHCP and TFTP service briefly?
[23:24] <dominicdinada> The "Server" is just for home use it is a dell 4600c that I ripped out the mb and stuff because i got 4 HD's here and the slim doesnt allow any more drives
[23:24] <cclausen> you can't just run them in all setups
[23:24] <dominicdinada> Yes... I can do it from my router an automatically assign the ips...
[23:24] <cclausen> yeah, I have many users with Dimenions still... that lack of actual drive space is annoying...
[23:25] <cclausen> can you set a next-server parameter from your router?
[23:25] <cclausen> (its a DHCP option)
[23:25] <dominicdinada> Well like i said I got around 2 TB of drives literally sitting in my room just chillin and well... gonna throw the 4600c mb into an old Box with all the drives... IT doesnt help that i broke my keyboard also haha
[23:26] <cclausen> hmm... no keyboard is a problem
[23:26] <dominicdinada> I believe so I have seen it before
[23:26] <cclausen> some of the basic tftp and dhcp stuff is at: http://www.debian-administration.org/articles/478
[23:26] <cclausen> actually, I guess I should do this too
[23:27] <cclausen> would make lucid installs go quicker...
[23:27] <dominicdinada> I got one I can steal briefly but eventually it the server will act as a File Server, Test Webserver, Wireless Access point extender, etc... With Remote Desktop
[23:27] <cclausen> cool
[23:27] <dominicdinada> I guess
[23:28] <Kaprenakis> For a File/media streaming server what should i install? Samba file server for the files.
[23:28] <dominicdinada> If i get sick of it 2 years ago I got every version of Winblows Free from school :D
[23:28] <Kaprenakis> what is a LAMP server?
[23:29] <dominicdinada> Linux Apache Mysql PHP
[23:29] <cclausen> Kaprenakis: http://en.wikipedia.org/wiki/LAMP_(software_bundle)
[23:29] <Kaprenakis> Is a openSSH server is so you can acess your server using putty for example?
[23:29] <cclausen> Kaprenakis: yes, putty connects to an openssh server
[23:30] <Kaprenakis> does filezilla use openssh?
[23:30] <cclausen> filezilla can use ssh/sftp, yes
[23:31] <cclausen> it is also an (SSL) FTP client
[23:31] <Kaprenakis> cclausen: ok thanks again!
[23:31] <cclausen> note that SFTP through ssh and SSL FTP are not the same thing even though I've seen both called SFTP
[23:32] <Kaprenakis> ok lets say for example i want to add .mp3s to my server using filezilla what would i need to do in order for that to happen?
[23:34] <cclausen> Kaprenakis: just openssh-server on teh server side
[23:34] <cclausen> and disk space to place them in of course
[23:35] <dominicdinada> Blah
[23:37] <dominicdinada> How to Gpart the drive Management flag issue ?? Select all flags?
[23:38] <cclausen> I'm not sure what you mean
[23:39] <Kaprenakis> ccleausen: ok tys
[23:39] <Kaprenakis> is it wise to install the GRUB boot loader to the master boot record?
[23:40] <cclausen> Kaprenakis: you probably want to if you are only running one OS on the system